Stuff Yaron Finds Interesting

Technology, Politics, Food, Finance, etc.

Articles related to software I run on or use with my PC

How do I securely wipe my hard drive?

Ever since Gutmann published his original paper [3] in 1996 there has been an assumption amongst security types that to 'securely' delete a hard drive one had to overwrite it many times. While it's not entirely clear that this claim was true when Gutmann made it, nevertheless, changes in magnetic hard drive technology appear to have made the need for multiple overwrites completely unnecessary. As explained in gory detail in [1] there is no economical way known to recover data that has been overwritten just once from a modern magnetic hard drive. So a single pass writing zeros should more than handle things.
As explored in the Wikipedia article on data remanence it is possible for bad sectors to potentially be recovered because the zero pass wouldn't touch them. But keep in mind that no matter how many times one wipes a drive those bad sectors won't be written to. So if bad sectors are an issue then one will probably need to degauss, physically destroy the drive or use whole disk encryption.
Where things get more fun is with solid state drives (SSDs). As explained in [2] there are real problems with securely deleting SSDs. Right now there is really no good way for a normal person (e.g. someone who isn't a storage expert) to really know if they have successfully deleted everything off a SSD. Tricks like filling up the drive with data won't work because the drives have more capacity than they advertise and since flash cells fade the drive may have taken cells (with data) offline. The drives do support entire disk delete commands but as [2] points out, those commands aren't always appropriately implemented. Overwriting sometimes works but sometimes not and using a pattern of zeros is particularly problematic because some SSDs compress contents.
So if one wants to securely dispose of a SSD I suspect the only reasonable approach is software based disk encryption. Yes, some SSDs do implement hardware level encryption but given the lack of easy validation of the logic and updates when there are issues I wouldn't personally trust that approach. Of course this reduces the security of a 'wipe' to someone not being able to crack the password on the key file stored in the SSD. Personally I'd still do two wipes, at least one using some kind of random data, before disposing of a SSD just to be especially paranoid. Perhaps the only reasonable alternative with SSDs is physical destruction.


[1] Dave Kleiman Craig Wright. Overwriting Hard Drive Data: The Great Wiping Controversy. 2008. URL

[2] Laura M. Grupp Michael Wei. Reliably Erasing Data From Flash-Based Solid State Drives. 2011. URL

[3] Peter Gutmann. Secure Deletion of Data from Magnetic and Solid-State Memory. 1996. URL

A mac fail? Please Help me with remote desktop

I want to get a mac laptop for my wife but I want to be able to use it as a remote terminal for my iMac upstairs.

There doesn’t appear to be a decent solution for this problem on the mac. VNC is a joke. It will just take my 24 inch iMac screen and shrink it down to the laptop’s screen size. And yes I have played around with smart zoom but it’s really painful.

Isn’t there an equivalent for the mac to Microsoft’s outstanding Remote Desktop Connection application and RDP protocol?

For what it’s worth I signed up to be notified when AquaConnect releases their mac remote desktop product which is based on RDP but they aren’t even announcing dates.

Any ideas or am I just out of luck?

Apple Machine Support Sucks

The minimum system requirements for iLife '08 requires either a Power Mac G5 dual 2.0Ghz or iMac G5 1.9 Ghz. My machine is a Power Mac G5 dual 1.8Ghz and my wife's iMac is a G5 1.8 Ghz. I bought my machine in 4/2004 so after just 3 years and 4 months the machine is, in so far as Apple is concerned, obsolete. We bought my wife her iMac in 6/2005 so in her case it only took 2 years and 2 months for her machine to be declared obsolete by Apple. I think that is insane. Apple takes thousands of dollars and gives us just over 2 years before declaring our machines obsolete? I am not a happy Apple customer.

And yes, I know, it is possible to run iLife '08 on these machines but we wouldn't have any official support and if there is a problem we can't even return the software since, it is my understanding, that Apple won't take back open software boxes. So we're screwed. I typically upgrade my computers every four years or so, so I was planning on upgrading my box in 2008 but even then I can't move to iLive '08 because we won't be upgrading my wife's machine until 2009 and we share iPhoto by file synching (as in, my wife's machine is the 'master' and I synch off her drive). And no, terminal serving in to my machine from her machine won't work. The whole reason we got my wife a Mac is to make her life simpler, not more complex. Besides, she downloads the pictures to her machine, not mine.

Normally Apple makes me really happy but I feel seriously screwed by iLive '08. Obsoleting a main line machine in under 3 years is just wrong.

Making LY X Produce Decent Hyperlinked HTML & PDF Files

As someone who writes for a living I have used a whole slew of word processors and generally haven't been all that happy with any of them. When I write I want to focus on the content, not the presentation. So the whole WYSIWYG generation of word processors left me cold. In fact, I spend most of my time in outline mode in Word. LyX takes a different approach. It focuses on What You See Is What You Mean (WYSIWYM). In other words, it doesn't worry about formating, just content.

When I first reviewed LY X a year ago I decided it was good enough to use (and have done so regularly since) but still painful. With the 1.5.1 release I can revise that review to say that it's only minorly irritating to use LY X but it's good points are so numerous that it's more than worth the pain if you need to deal with large documents, with math formulas or with large bibliographies. And thanks to the efforts of folks like Dr. Richard G. Heck (who has my undying gratitude for fixing HTML generation in LY X) LY X is substantially better at generating HTML.

LY X does have a learning curve and one is well advised to at least read the tutorial (Help->Tutorial). But I believe that the modern versions of LY X have vastly improved over their predecessors and the learning curve is well worth the effort.

Read More

Running a J2SE 1.5/J2SE 5.0/Java 5.0/whatever Program From Command Line Under OS X

The good news is that J2SE 1.5 is available for OS X. Last I checked it was available here. For whatever reason Apple decided to keep the default version of Java on OS X as 1.4.2. So when I try to run Java programs directly from Terminal using "Java -Jar X.Jar" the program will be run under 1.4.2. But the goodies in J2SE 1.5 (like generics and enums and iterators) are just too yummy to give up so all my Java code is in 1.5 which means it won't run on Terminal. To fix this problem I found a script (details available here). Once I downloaded the script and saved it as java_functions_bashrc, I then opened terminal, navigated to the directory with the file and executed "source java_functions_bashrc". This changes the command prompt to indicate that the file is running and I then ran "setJava 1.5". At this point any Jar files I run will be run under J2SE 1.5. I tend now to write little scripts that wrap my Jar files to load up Java 1.5.

Creating Executable Jar Files That Contain Jar Files

Naive Java user that I am when I built a Java program that contains Jar files for Xerces and MySQL and such I assumed that Eclipse would be able to create a Jar file for my program that contains these other Jar files. That part was right, Eclipse can do that, what Eclipse can't do is set up the class paths correctly so my custom generated Jar file can't find the classes it needs. Thankfully, One-Jar came to the rescue.

Read More

Tor & Why You May Have Something to Hide

[Updated to include instructions on how to configure web browsers to only use Tor for some websites but not others.]

Tor is an EFF supported open source software project that makes it difficult for anyone to figure out who a Tor user is talking to on the Internet. For example, someone using Tor can pretty effectively hide which websites they visit, where they download content from, who they are sending e-mail to, etc. As I explain below, Tor is a tool everyone should be interested in, even those who don't think they have anything to hide.

Unfortunately Tor's performance can be quite slow. But using proxy configuration files (pac files) it is possible to configure browsers to use Privoxy/Tor for some websites but not others. This is not a perfect solution since, as I explain below, there are some trivial ways to get around this technique but it is better than nothing.

Read More

Working Around iTunes Problems

I really like iTunes. In general it is easy to use. Unfortunately it does have some short comings and my experience with Magnatune showed some of them. Specifically, iTunes handles m3u play lists badly and it can't handle FLAC files. But thankfully there are somewhat reasonable work arounds.

Read More

Does Anyone Know of a Good Quality USB KVM?

And now, dear readers, I ask a favor. I have a PC (for work) and a Mac (for life) in my home and they share the same keyboard, mouse and monitor. I have an old PS/2 KVM box that works really well so when I bought the Mac I wanted to hook it in to the KVM. The problem is that the Mac only uses USB peripherals. So I made the mistake of buying the Y-Mouse, an adapter that converts PS/2 connections into USB connections. As I explain here, the Y-Mouse does not work very well for me. So what I'd really like to do is buy a USB KVM. I actually don't care about the "M" (e.g. Monitor) part, I have a HP 2335 and use its built in monitor switch (which guarantees me the absolute best image possible). So what I really need is a USB Keyboard/Mouse switch.

I did some research and all I could find were complaints about USB KVMs, the main issue being switching time. It seems that switching between machines can take several seconds. Does anyone know of a good quality USB KVM that can switch really fast? If so please drop a comment on this article. Thanks!

N.B. I am aware of Synergy. But Synergy has never worked very well on Mac's and my PC is actually running a VPN which ends up meaning that the keyboard and mouse commands would have to be routed over the open Internet, this is both a security and a performance nightmare.