• Saik0
    link
    fedilink
    English
    6
    edit-2
    1 month ago

    Congrats? DBAN was made prior to 2006… IT people existed before 2006. What’s your point? You think that people just spawned into existence in 2006 with decades of IT knowledge? So like I said… “It WAS my default for a very long time because I simply defaulted to it for COMPLIANCE reasons”… eg. my contracts at the time required it and I ran boatloads of wipes.

    Regardless… DOD 5220.22-M now states

    The National Industrial Security Program Operating Manual (NISPOM) is now Part 117 of Title 32, Code of Federal Regulations.

    So let’s go look at the NISPOM stuff which says… NOTHING! So what you end up with is companies referencing the old DOD 5220.22-M because old government contracts will actually say that specific document in contracts as something that must be adhered to for a long long time. So even though it “died” on 2006, contracts may not be renewed for some time after that which still keeps the document alive.

    Now DOD 5220.22-M actually specified and defines short wipes (3 pass) and long wipes (7 pass). And in theory, could be superceded by NIST 800-88 (and probably is the default on modern contracts). And regardless of all of that… DoD internally has it’s own standards, which after wipe often requires degaussing or outright destruction of the disk, I remember having a dedicated device for it that would document serials and stuff. I’d have to pull up my army documents to remember which specific rules required that type of stuff, but I’m not going to dig out shit from 2010 just to argue with someone on lemmy.

    So I guess this boils down to… The world didn’t spawn into existence in 2006. People are older than 2006 and are allowed to talk about their experiences from before the “old times”.

    Edit: And in current contracts… all our shit is NVMe and secure erase. But I’m willing to bet muscle memory would still kick in for me if I saw the DBAN screen.

    • @[email protected]
      link
      fedilink
      English
      2
      edit-2
      1 month ago

      And honestly, if you’re going to do a single pass, might as well do multiple. It doesn’t take any more of my time for 1 pass vs 7, assuming I only have a handful to do. I’ll probably just start one before I leave for the day, swap to another when I come in, and repeat until the pile is cleared.

      If something is worth doing, and overdoing doesn’t take any extra effort, I’ll overdo it.

      • Saik0
        link
        fedilink
        English
        31 month ago

        That was basically the workflow. On smaller drives you could do one when you get in, one at lunch and one before you left. Eventually drives got large enough that it was just once in the morning and once before leaving.

        I’ll overdo it.

        Half the contracts you didn’t know if they wanted the short wipes or long wipes. So you just do long wipes to cover your ass. It’s not like there was a rush, it was a simply menial task that became a second nature set of bashing the keyboard. Like typing some of my passwords and pins… I have no fucking clue what they are anymore… but put in front of the keyboard and I can type them by muscle memory.

        • @[email protected]
          link
          fedilink
          English
          130 days ago

          Yup.

          I didn’t do this all that much for a job, but I did work in IT tech support for a couple years and helped out w/ some decommissioning in a dev role, and I would usually put it on a higher setting. Why? Idk, why not? Best case scenario, I prevent a scandal from some really motivated attacker, worst case, I check on it and it’s not quite done, so I check on it later.

    • @[email protected]
      link
      fedilink
      English
      1
      edit-2
      1 month ago

      I’m discussing this comment :

      https://sopuli.xyz/comment/13141026

      the one that you initially replied to talking about recent Spanish court case where the defendants used a 7x wipe on some drives that were required to be retained as evidence.

      Im well aware sysadmins existed before 2006, and also don’t see how that’s relevant in context. Security practices change over the course of 18 years in IT, as they have for secure wiping data.

      • Saik0
        link
        fedilink
        English
        21 month ago

        So am I. I’m not sure what you think wasn’t relevant. It’s a literal DoD spec. Yes that spec is outdated, but it’s still in Dban.

        You coming out of nowhere talking about how the DoD spec itself is “dead” doesn’t change the fact that it’s available and probably still used by many people out there. I’m willing to be that several companies have the old DoD spec embedded in their own SOPs. And I was always talking in the context of the contract work I did long ago which WAS to the old DoD spec regardless.