Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Governmental Servers Wiped? Never!

timothy posted about 9 years ago | from the but-this-is-in-australia dept.

Privacy 284

Geoff writes with a story from Australia: "Eighteen AIX servers purchased from government via auction -- none of them had data removed from them. Ticket Vending and Validation source code, Payroll, Finance, Emails and Customer complaints. All there on every server; they were even nice enough to include some old backup tapes. At ~$14USD per server, it's amazing how cheap personal information has become."

cancel ×

284 comments

Sorry! There are no comments related to the filter you selected.

Understandable . . . (5, Funny)

Gabrill (556503) | about 9 years ago | (#13206535)

They're just rushing to get rid of the things without properly preparing them. Kinda like this attempt at a firt post!

Re:Understandable . . . (2, Funny)

trollzor (858973) | about 9 years ago | (#13206557)

well I am in a rush too, I only have two weeks, so wow, those are some cheap servers, I only have two weeks and a $100 budget to set up my new project. So they will be great for me. And $14USD per server?! Sounds good for my project we only have two weeks and a $100 budget.

Re:Understandable . . . (5, Interesting)

acceber (777067) | about 9 years ago | (#13206601)

"Keep in mind that these servers came from the State Transit Authority of NSW, how is it possible and acceptable in this day of age that governmental servers be decommissioned and sold without wiping the contents of the drives?"

The STA is responsible for the operations of the Sydney Buses network which I used to rely on for travel to & from school, work, and for social events -- until I got my car. It is the most unreliable system ever, on par with the NSW Cityrail system both which has been constantly riddled with problems [smh.com.au] . It's not surprising that a blunder such as this went by unnoticed.

I would like to do my bit for the environment and use public transport as much as possible but I never get where I need to on time. I've been to Russia and even there, the buses and subway system are more reliable.

Well (1, Insightful)

Arghdee (813921) | about 9 years ago | (#13206537)

Who's going to be taken out the back and shot quietly for that one?

Re:Well (1)

Gabrill (556503) | about 9 years ago | (#13206541)

They've already got the firing papers signed. They're just looking for a name to put at the top.

I don't know what's worse... (5, Funny)

Anonymous Coward | about 9 years ago | (#13206540)

* That they have sold a bunch of servers laden with personal information for hardly any money at all, or
* Somebody out there is still running AIX

Re:I don't know what's worse... (1)

bullitB (447519) | about 9 years ago | (#13206575)

Somebody out there is still running AIX

Well, clearly they're not running it any more, that's why they sold the servers.

Actually, perhaps getting the gov't to switch away from AIX is a fair trade for losing a little privacy...

Re:I don't know what's worse... (1)

Nqdiddles (805995) | about 9 years ago | (#13206757)

What's even worse are the all-too-common stories of filing cabinets and safes being sold at auction - without even being emptied! One story that featured on the news not too long ago had a man who had purchased a safe that contained cheques (checks for you Americans) that hadn't even been cancelled. And Aussies wonder why we have a reputation for a laid back attitude to everything...

Re:I don't know what's worse... (1, Insightful)

Wakko Warner (324) | about 9 years ago | (#13206815)

I guess this post is "funny" if you consider a bunch of Dells running Fedora a "UNIX environment".

AIX is still huge once you get out of college.

Policy (5, Funny)

Anonymous Coward | about 9 years ago | (#13206545)

Why are we suddenly complaining about Government being too open?

As an Australian... (5, Funny)

PrivateDonut (802017) | about 9 years ago | (#13206546)

this is why I love living in Australia! Nobody takes anything too seriously (except beer and sport, which we take very seriously)

Re:As an Australian... (5, Funny)

trime (733350) | about 9 years ago | (#13206582)

Bruce here is head of the document security department, and is also in charge of the sheep dip.

Re:As an Australian... (2, Funny)

bmgoau (801508) | about 9 years ago | (#13206623)

I know, we Australians certainly dont care one bit of our private information is mishandled.

Australian Law says you must now wipe.. (1, Interesting)

Anonymous Coward | about 9 years ago | (#13206677)

If you have signed all usual secrecy and privacy forms before.

The best you can do is to sent STA a stiff invoice for professional data sanitation. Fix ther wagon!

If you are outraged, tell the STA Union their members details were leaked because a slack security (any excuse to strike), tell the State Auditor, tell tax, and the privacy commissioner. Butts will be kicked.

The auction mob were slack, they are meant to wipe the data, and remove all identifying stickers. But the real blame lies higher up.

Conclusions. The STA are as reliable as their timetables, and going to windows will be more risky than ever, if their admins default everything.

Re:As an Australian... (4, Funny)

strider44 (650833) | about 9 years ago | (#13206716)

Are we the only country with a leader who went swimming and never came back?

(Note that, since I have space to use up for the spam filter, there are several ironically named swimming pools named after former Prime Minister Harold Holt, as well as an American Frigate [navysite.de] .

Re:As an Australian... (0)

Anonymous Coward | about 9 years ago | (#13206859)

that dingo sold my server

Data Eradication / the Nuclear Option (3, Funny)

root_dev_X (100095) | about 9 years ago | (#13206548)

And what, ever since I posted to /. about finding the best way to *really* wipe a harddrive I've gotten about 45 emails telling me all kinds of ways to sort out this kind of problem (I still get emails about it, and the posting was more than three years ago). Everything from a quick thermite burn to breaking into a telco exchange for some ultra-high-current bit rearrangement.

those government types just beed to think outside the box a little more. hell, why settle for thermite - these boys have access to our nuclear arsenal!

Re:Data Eradication / the Nuclear Option (1)

flamearrows (821733) | about 9 years ago | (#13206756)

This is 'straya, mate. We don't got none of those nukelear fings, we stick wit good ol fashioned hose er down, no worries mate! option.

In other news, is there anything left that city/staterail can't screw up?

Re:Data Eradication / the Nuclear Option (0)

Anonymous Coward | about 9 years ago | (#13206763)

Australias nuclear arsenal?

In Australia... (1)

Orochi (798777) | about 9 years ago | (#13206549)

In Australia, hard disks wipe you !

Odd... (1)

Revellion (803549) | about 9 years ago | (#13206550)

Odd, this is'nt the case where i work. some of the boxes that gets decomissioned there are wiped by a low-level formatting before they're passed on. Goes to show that they don't seem to care a lot about the potentially confidential information that might be stored on em.

Re:Odd... (2, Interesting)

Lectrik (180902) | about 9 years ago | (#13206765)

I seem to recall a few years ago watching a program that mentioned how the brittish government decomissioned some of it's hard drives.
With a low level format, then a blast furnace, and then holding on to the smelted chunk of crud for a while. [this may have been only for stuff that was "sensative" though]
Of course my brain sucks for holding normal info, but it kinda stood out because we do similar stuff at work, machine dies, we take it out back with a sledge hammer and a cutting torch, someone asks us to strip the machine for parts half an hour after we're tired.

Obligatory (3, Funny)

Arghdee (813921) | about 9 years ago | (#13206554)

Interesting, that the blogs subtitle is:
If it's not on fire, then it's a software problem.

Looks like you're about to have a hardware problem :D

14 bucks? you got ripped :) (5, Interesting)

ashridah (72567) | about 9 years ago | (#13206558)

At ~$14USD per server, it's amazing how cheap personal information has become.
$14 USD? You got ripped off.

A few years back, some guy wearing a workmans uniform and holding a clipboard wandered into the (iirc) customs building here in Australia. Carted off one of the servers from a machine room, and no-one stopped them, or remembered what they looked like.
Slashdot remembers :) [slashdot.org]

Makes me proud to be an aussie sometimes :)

Re:14 bucks? you got ripped :) (1)

rock_climbing_guy (630276) | about 9 years ago | (#13206570)

Yeah, I heard a story once from the manager of a store where someone actually managed to walk out the back door carrying a cash register. I'm sure it wasn't funny for him when it happened, though ;-)

Re:14 bucks? you got ripped :) (2, Informative)

QuantumG (50515) | about 9 years ago | (#13206574)

Never underestimate the power to set office workers minds at ease by wearing blue and carrying a ladder. It's a total class issue. White collar workers think blue collar workers a beneigth them and not worth challenging.

Re:14 bucks? you got ripped :) (1, Informative)

Gob Gob (306857) | about 9 years ago | (#13206637)

Never underestimate the power to set office workers minds at ease by wearing blue and carrying a ladder. It's a total class issue. White collar workers think blue collar workers a beneigth them and not worth challenging.

Wif spilling like dat u gota oneder y!

PS: The is no class (structure) in Australia perhaps apathy, different cultures, values and amounts of cash but not class structure. Many families have blue and white collar bread winners so that kinda implies that you mean to say that within a hosehold there are two classes.

PS: My spelling and checking is crap as well :-)

Re:14 bucks? you got ripped :) (2, Informative)

stigpalm (615408) | about 9 years ago | (#13206737)

PPS who are you trying to kid Australia's got a class system just the same as any other country. Just another example of australians kidding themselves.

Buy the way no one will get fired for this they are govenment employees where you can get sacked for just about anything except incompetance..

Re:14 bucks? you got ripped :) (2, Informative)

QuantumG (50515) | about 9 years ago | (#13206767)

Not only are you an arsehole, you're delusional too. Are you trying to tell me that Kerry Packer is middle class? Brick layers, and factory workers, they take home the same as programmers do they? We may not have the impoverished underclass of the US but we still have class struggle in Australia.

Re:14 bucks? you got ripped :) (1)

lachlan76 (770870) | about 9 years ago | (#13206592)

And the best part was that it was full of intelligence data.

I share your pride ;)

Aussie Aussie Aussie! (0, Offtopic)

felonius maximus (601940) | about 9 years ago | (#13206612)

Anyone?

Re:Aussie Aussie Aussie! (1)

Inverted Pilot (879306) | about 9 years ago | (#13206659)

Oi Oi Oi!

Re:14 bucks? you got ripped :) (4, Interesting)

dbIII (701233) | about 9 years ago | (#13206626)

customs building here in Australia. Carted off one of the servers from a machine room, and no-one stopped them, or remembered what they looked like.
There was the first "middle eastern appearance" conclusion that was jumped to, but it appears that was only fed the the press and the internal investigation showed that there wasn't even that clue.

There was also the incident a couple of years back when large quantites of backup tapes for three government departments were stored in wheeled garbage bins - as anyone who read this can expect the tapes ended up being dumped and lost forever, and the contractor (Telstra, the half government owned telecomunications company) was not even rapped over the knuckles for it.

It's not just the government - I picked up an old Sun E250 for parts at an auction. To see if it worked I booted off an install CD, plugged in a serial terminal, edited a couple of files with ed (/etc/passwd and /etc/shadow I think, was a while back) to get root on reboot and was very surprised to find a lot of stuff apart from the OS still on the disks. I wasn't curious enough to find out whose it was and what was there - peril lies that way for no gain, so I just did what should have been done and repartitioned the thing.

The opposite extreme is the clueless accountant taking to a retired server with a hammer - saying something about traces being left in the RAM - but he probably hated the thing or just wanted to smash things. If it was me there was a perfectly good 200 ton hydraulic press that could have been used in the same place, a small heat treatment furnace to get all the data off that drive by going beyond the curie temperature, a large array of machine tools and an impact testing rig.

Blatant theivery. (2, Insightful)

felonius maximus (601940) | about 9 years ago | (#13206638)

some guy wearing a workmans uniform and holding a clipboard ... Carted off one of the servers from a machine room

I have heard a similar story about two guys in blue overalls walking out of David Jones (or some other department store) carrying a big-screen TV, and noone stopped them either.

Makes me proud to be an aussie

Y'know, it's interesting to note that all our greatest heroes are thieves [ironoutlaw.com] and brigands [nedkellysworld.com.au] . Go Aussie!

...really bad impersonation of Rolf Harris... (4, Funny)

jd (1658) | about 9 years ago | (#13206738)

"...And he sang as he laughed as he carted off the server rack - you'll come a-waltzing Matilda with me!"

Re:Blatant theivery. (0)

Anonymous Coward | about 9 years ago | (#13206766)

AUSSIE AUSSIE AUSSIE
OY OY OY

Not trivial though (2, Interesting)

baldvin (267689) | about 9 years ago | (#13206568)

Its kind of hard to get rid of your data on a hard drive. You are lucky if it works, then you can try 'dd if=/dev/zero of=/dev/xxx'. However, if first thay laid off their aix staff, employed some windows engineers, then they decided to sell those aix boxes... Well, well :)

Your task is even harder if you have a hard drive that ceased operating. There exists companies like http://www.kurt.hu/ [www.kurt.hu] that have state of the art technology to retrieve data from damaged hard drives. If you need your data: good for you. If you'd like to get rid of it for sure: better take good care of it...

Re:Not trivial though (1)

Punboy (737239) | about 9 years ago | (#13206586)

Works better if you use /dev/urandom

Re:Not trivial though (1, Interesting)

Anonymous Coward | about 9 years ago | (#13206643)

Nope, much slower and not a bit more secure. It doesn't matter what you overwrite a bit with. The remaining magnetization is different when you overwrite a 1 with a 0, a 1 with a 1, a 0 with a 0 or a 0 with a 1. If the residual magnetization from the previous content is stronger than the noise floor of your reader, then you can reconstruct the erased data, regardless of the overwrite pattern.

If there is a reasonable chance that someone might want your data bad enough to attempt reconstruction of overwritten data, then you should a) never store unencrypted data and b) still never sell the harddrive.

Otherwise overwriting with zeroes is sufficient.

Possibly the best reason to encrypt data from day1 (2, Informative)

anti-NAT (709310) | about 9 years ago | (#13206596)

At least then you know that if the drive dies and you don't physically destroy it, for somebody to copy the data they'll have to do more than just get the drive going again.

PCB board failures are the problem. The drive won't work, yet the data on the platters is likely to still be good. PCB failures are also fairly easy to recover from - just go to ebay to buy a second hand drive of the same model, and swap the PCBs over. If it is easy for you to do, it is also easy for your adversaries.

Even if you sell a working drive, as long as you don't provide the customer with the passphrase for the encrypted filesystem where your important data resides (I'm sure I don't have to point out how stupid doing that would be), you can be sure that the above story is unlikely to happen to you.

Re:Possibly the best reason to encrypt data from d (1)

baldvin (267689) | about 9 years ago | (#13206616)

they'll have to do more than just get the drive going again

People also mistakenly think that it is a lot more. No. That's why I mentioned http://www.kurt.hu./ [www.kurt.hu] Not very cheap, but not exclusive either. And they get out the bare disks in their laboratory, and read the data without even the mechanics working in the drive.

Re:Not trivial though (5, Funny)

John Seminal (698722) | about 9 years ago | (#13206617)

Its kind of hard to get rid of your data on a hard drive.

I found running a magnet over it is a good first step. Unscrewing it and opening it is a good second step. Taking a hammer to the internal parts is step 3. And putting the parts over a fire won't hurt. For a final step, I like to throw the hard drive in the lake of acid.

I also pee on the hard drive. Just incase someone is smart enough to fuck me and find out what was on the hard drive, I can have the last laugh knowing they touched my pee.

Oh, but you want to sell the hard drive, sans data? Now that gets tricky.

Here is what I have done in the past when I wanted to sell or give away a hard drive, but did not want anything to be retrievable off the hard drive.

I start with a format using a windows 98 floppy that will write a FAT table. I then load windows 98 on it and go to malware, spyware and those kinds of websites. When I get to 90% CPU in usage while doing nothing, I know I have enough spyware and viruses. I let them go to town on the hard drive. I delete files, and let the viruses rewrite them.

Step 2 is putting a Debian CD in the cd-rom and reformatting the hard drive and installing Debian. I then go to websites with huge mpegs and download them until the hard drive is full of data. I delete all this data and do it all over again.

Next is a Windows 2000 install, in NTFS. I go back to virus and malware websites, and let the hard drive get infected again.

My final step is a simple FAT format, and the sale. If someone tries to recreate what was one the drive, they might recreate a virus. I toss the debian and large file step in the middle to over write what was written the first time. It is another layer to the cake.

Oh, I am delusional and paranoid too. People tell me I get fanatical about shit like privacy. You might not need to go through all the steps. A simple format might be all you need, unless you suspect the person buying the hard drive has thousands of dollars in equipment and training to recreate your deleted data (like the National Security Agency in conjunction with the CIA and colonel sanders from KFC. Why would a military grade officer be selling chicken? To get closer to YOU!).

Re:Not trivial though (2, Insightful)

baldvin (267689) | about 9 years ago | (#13206640)

has thousands of dollars in equipment and training to recreate your deleted data (like the National Security Agency in conjunction with the CIA


Wrong. See my previous post. You don't need the personnel, neither the equipment. The service is commercially and easily available.

This is similar how most people that used only gui mail clients think that the From: header cannot be faked. They think that you need to be CIA to do that. However, you only need a telnet and some knowledge of an rfc...

You are right only in that they must spying on you to do any steps, and this is definitely not something to consider as a small company. But I expect organizations like the IRS to really take care of my data. Or if they do not, I want to be able to decide what I tell them and what I don't...

Re:Not trivial though (1)

hankwang (413283) | about 9 years ago | (#13206711)

Wrong. See my previous post. You don't need the personnel, neither the equipment. The service is commercially and easily available

You two seem to be talking about different things. The Hungarian company you mention does not claim that it can recover overwritten data. However, it can recover deleted files, similar to Norton's and PC-Tools' undelete tool under DOS in the old days. Moreover, they can recover data from drives that are electronically or mechanically defective.

The grandparent (which is funny rather than troll) was suggesting that the physically overwritten 1s and 0s can be recovered provided you have a few 100.000 dollars of equipment. The latter never been demonstrated possible for a modern hard disk.

Re:Not trivial though (1)

baldvin (267689) | about 9 years ago | (#13206836)

The Hungarian company you mention does not claim that it can recover overwritten data. However, it can recover deleted files, similar to Norton's and PC-Tools' undelete tool under DOS in the old days. Moreover, they can recover data from drives that are electronically or mechanically defective.


Just because they do claim at the first page that they "undelete" your files if you like, it does not mean that they don't do something else if needed -- and yes, paid for. But not the price that you should if you made it yourself.

They are a bunch of people who were originally trained to create a hard drive manufactury with adequate research capabilities. The manufactury was never built, but the research experts groupped together.

Actually, they get orders from all over the world, sometimes hard drives come with dedicated private airplanes :)

So, I think, if it is possible, they will collect the data, because they do have everything that is needed...

Re:Not trivial though (1)

putko (753330) | about 9 years ago | (#13206689)

Odd that you god modded "Troll" for what is such a funny post.

I just throw it in a lake of acid, and leave it at that. I can't figure out why more people don't just do this.

Re:Not trivial though (0)

Anonymous Coward | about 9 years ago | (#13206712)

May I ask where you live that you can just throw your stuff into a lake of acid? Don't you have environment protection laws? Around here the government would never allow me to pollute acid lakes like that.

Re:Not trivial though (1)

ghoda_x (808190) | about 9 years ago | (#13206724)

...and colonel sanders from KFC. Why would a military grade officer be selling chicken? To get closer to YOU!).

See, that's why I never eat at KFC anymore. It just seemed a little fishy to me...

Re:Not trivial though (1)

Antony-Kyre (807195) | about 9 years ago | (#13206725)

I never realized there is an actual use for viruses and such. That would be fun though. I'd probably cut down the steps to just two.

1) Format hard drive and reinstall Windows.

2) Using Google, search xxx and click on all those pornography sites. I'm sure that will load you with some viruses.

Re:Not trivial though (0)

Anonymous Coward | about 9 years ago | (#13206656)

Kind of hard? it's intensely trivial.

We've always burnt ours. Nothing a small boiler furnace won't take care of. I don't care what kind of tinfoil hat you all wear, but nothing will get the bits off the molten aluminium or glass that flows out of drives after 10 minutes inside one of those.

10 minutes. It is trivial.

Re:Not trivial though (1)

baldvin (267689) | about 9 years ago | (#13206663)

10 minutes. It is trivial.

Hey, then you lose those 14 bucks, since you can't sell your machines anymore!!! :)

Re:Not trivial though (2, Insightful)

Wakko Warner (324) | about 9 years ago | (#13206824)

Its kind of hard to get rid of your data on a hard drive.

In AIX, you just insert the System Diagnostics CD and tell it to scrub the disk. This is actually apparently US DOD-compliant, so it should probably suffice. Overwriting the disk about a dozen times with various patterns of data is apparently enough to render old data inaccessible.

Government (5, Interesting)

Anonymous Coward | about 9 years ago | (#13206569)

Makes you wonder how many governmental organizations even know how important properly disposing of a computer can be.

Or if the government really cares. Who's going to arrest them? There's no risk of punishment here.

Re:Government (2, Interesting)

mistfall (459736) | about 9 years ago | (#13206694)

Given the number of governments that flirt with the concept of ID cards (especially when the bombs go off) aren't you glad they practise such strong safeguards when it comes to data?

You understand that... (5, Insightful)

PrivateDonut (802017) | about 9 years ago | (#13206572)

if this guy planned on doing anything with the data, he probably wouldn't have blogged about it. He would copy the data, wipe the disks and pretend that he had seen nothing.

Then at a later date, he could do his evil work using that data.

Therefore, this particular blunder is nothing to get worked up about, but the potential for future blunders is.

Re:You understand that... (0)

Anonymous Coward | about 9 years ago | (#13206774)

He might not plan to use it for nefarious purposes, but I don't for one second buy his claim that he didn't poke around the databases.

Re:You understand that... (1)

QuantumG (50515) | about 9 years ago | (#13206775)

Or previous blunders where the people who bought the computers immediately called their mate Tony to call his mate Ivan to get in touch with his uncle in the russian mafia to sell this stuff to spammers.

What you *should* be worried about.... (4, Insightful)

brunes69 (86786) | about 9 years ago | (#13206858)

... is the more likely scenario - that, for every one of these incidents that are reported, there are 10 that are not.

This would never happen in the UK.! (2, Informative)

matthew.thompson (44814) | about 9 years ago | (#13206573)

Because we have rules which force government agencies to keep data for a certain amount of time. To get around this much of the data that was to be covered by this was wiped before the rules came into force :)

regulations won't help (1)

xmodem_and_rommon (884879) | about 9 years ago | (#13206636)

You really thing that the government is going to let a couple of pissy little regulations get in the way of accidentally distributing personal information? I don't think so.

Re:This would never happen in the UK.! (1)

Ingolfke (515826) | about 9 years ago | (#13206665)

I could be wrong, but don't the regulations apply to how long you have to keep the information, not where you have to keep it? So in this case, if the government had consolidated all of this information onto a new server, thereby still keeping it, they would have been in compliance with the regulations, but still managed to release all of the personal information.

Negligence? (1)

John Seminal (698722) | about 9 years ago | (#13206589)

How is this not negligence? The only problem is how can a person know if their personal information was on one of those servers? I got a feeling everyone will deny, deny, deny everything.

Secondly, where the hell can anyone get a server for $14. Even if this is a dual p200 pro, that can still make a good home email server. At one point and time, that server was probably the best available. It is just a matter of finding old enough software to use.

And since we are talking servers, maybe someone can give me adivce. I want to start an on-line forum. I expect a maximum load of 100 people at the same time maximum, with an avarage load of 15-25 people. I was looking and Dell has some servers that are around $400 for a P4. But someone told me for a database you NEED a dual Xeon or the database will be super slow. So I looked on ebay, and found some dual Xeon 650's with 1 gig for $400-600 (most come with 3 scsi hard drives in raid). This beats the $1600+ that Dell wants for a dual Xeon 2.2ghz. On ebay, I even found a quad Xeon 550 with 1 gig memory and 5 9.1 scsi cheeta hard drives for less than half of the Dell Xeon. But I don't have any OS that will use 4 CPU's.

What do I need?

Re:Negligence? (1)

Vellmont (569020) | about 9 years ago | (#13206608)


What do I need?

You need to do some actual measurements of the performance load you're going to put on the server. Depending on the queries you're doing a Dual Xeon could be extreme overkill, or not nearly enough.

Re:Negligence? (1)

khellendros1984 (792761) | about 9 years ago | (#13206618)

*BSD and Linux both support multiproc SMP, and with a price of free....

Re:Negligence? (2, Insightful)

nmos (25822) | about 9 years ago | (#13206622)

On ebay, I even found a quad Xeon 550 with 1 gig memory and 5 9.1 scsi cheeta hard drives for less than half of the Dell Xeon. But I don't have any OS that will use 4 CPU's.

What do I need?


Any major Linux Distro will handle 4 CPUs just fine.

Re:Negligence? (1)

MaineCoon (12585) | about 9 years ago | (#13206634)

If it's just a forum, you can probably get away with very low specs... say, a 300 mhz machine and 10 gig drive. Especially with those requirements. 100 people aren't going to be reading 100 messages a second. Unless you are running a heavy utilization database, which a 100-people-at-a-time forum doesn't get close to, you don't need to worry about performance. There are other things you can do too, such as caching. Consider upgrading when you hit 1000 or more people at a time.

I host about a dozen websites off such a machine, some with forums. The hardware is between 5 and 9 years old (newer 9 gig SCSI HD, a 270 mhz G3 CPU upgrade card... it's an old Power Computing machine).

CPU usage averages 5%, and that's because of all the friggin spam it gets, for hosting a few 7-10 year old domains and email addresses that haven't changed for years (mine alone pulls in 2000-3000 spam/day).

Bandwidth and dedicated connection will be your real concern. Go for the cheapest reliable system you can get, put Linux on it, install something like phpbb or the like.

Re:Negligence? (1)

John Seminal (698722) | about 9 years ago | (#13206651)

it's just a forum, you can probably get away with very low specs... say, a 300 mhz machine and 10 gig drive

That sounds awfully underpowered for a forum because of the database.

I want a multi processor unit. I know the database will need that extra CPU.

My problem is trying convince myself that I don't need a new Dell Xeon 2.2ghz machine, that I can get by with a dual Xeon 600 from ebay.

If the forum grows, what I will do is put the web host on one dual Xeon and the database on a second dual Xeon. I don't like the idea of having the database on the same system as the web server.

Re:Negligence? (2, Insightful)

ocelotbob (173602) | about 9 years ago | (#13206672)

Really, a database machine needs more RAM than CPU speed. The more RAM you have, the larger the dataset it can keep in cache, and the less it has to go to the hard drive to pick up information. You'd be fine with a single proc machine; save the money and get a good uniproc motherboard that can accept 4 1 gig sticks of RAM instead.

Re:Negligence? (0)

Anonymous Coward | about 9 years ago | (#13206743)

I have some issues understanding how a forum can possibly be so tough on the database server...
I mean 300 Mhz is not at all that slow, especially if you index it properly. It's actually all in the database design. For example, i just (for testing purposes) made a select-statement on a table with over 1 million records and a couple of joins. 100 ms. Indices are the thang.

It sounds more than a little bit to me that you just want a multiprocessor server for the (not very) fun of it.

Re:Negligence? (1)

ozmanjusri (601766) | about 9 years ago | (#13206646)

Secondly, where the hell can anyone get a server for $14. Even if this is a dual p200 pro, that can still make a good home email server.

If you RTFA, you'll see these are RS/6000 E20 boxes. They're most likely running single 133mhz 603e PPC processors. You could use them as a home server, but since you can get ex-gov P3/450 wintel machines for not much more, why would you bother?

Re:Negligence? (1)

jericho4.0 (565125) | about 9 years ago | (#13206648)

A good hosting service.

server specs (1)

xmodem_and_rommon (884879) | about 9 years ago | (#13206650)

that stuff about database performance is pure BS. I use my 700mhz p3 256MB RAM laptop for web (php) development, and I run a mysql database on it. Stress testing shows that it can handle over 20 requests per second without breaking into a sweat I'd say you need a masimum of 1ghz with 512mb of RAM

Re:Negligence? (1)

Keruo (771880) | about 9 years ago | (#13206739)

I ran something similar on uniproc 1,6gig sempron with 512 memory.
The server had ~300 active users at peak hours and processed something like 50-100 queries/second.(daily average)
The server load never exceeded 30% and performance was snappy enough.

My advice, don't throw away thousands of dollars if you can get away with less to start with.
Try running the forum and database on lower end machine first, and if you want, you can try stress-testing it with load generators to see wether it performs well enough.
If it can't handle the load, upgrade.

You should be happy (3, Funny)

Sloppy (14984) | about 9 years ago | (#13206591)

It's .. um .. transparent government. Yeah, that's it.

This is a CLM (1)

Bunyip Redgum (641801) | about 9 years ago | (#13206600)

This is a Career Limiting Move for someone!

eek (1)

dysprosia (661648) | about 9 years ago | (#13206604)

for sale at an government auction for ~$20 AUD a server

To me, a more serious problem is why I didn't make a bid myself...$20 for a server!...

About that $20 per server (2, Informative)

BBCWatcher (900486) | about 9 years ago | (#13206735)

The E20 would be a 32-bit PowerPC-based (604) server of the 100 MHz to 233 MHz variety (probably 100 MHz). Hard disk sizes would likely be in the 9 GB per disk range. Memory would be around 256 MB or perhaps more if upgraded. But the real limiting factor is that AIX support for the 32-bit hardware is coming to a close. (The 64-bit hardware has been available for quite some time now, and the latest AIX doesn't even run on 32-bit hardware.)

These servers could be nicely rehabilitated with Linux, however. In fact, they might make excellent testbeds for developers who wish to compile for Linux on POWER (in lowest common denominator fashion). And IBM hardware is deservedly respected for its quality, and these are server-class machines (unlike, say, a PowerPC 604-based Macintosh). So the buyer did very well, IMHO.

32-Bit AIX (1)

BBCWatcher (900486) | about 9 years ago | (#13206777)

Ooops, I take that back. AIX 5.3 supports a 32-bit multiprocessor kernel that is compatible with all CHRP systems, including uniprocessor models. I misread that. So it looks like the buyer did even better than I thought.

Debian [debian.org] runs on CHRP systems, so the E20 would make a pretty good Debian Linux system.

Re:32-Bit AIX (1)

BBCWatcher (900486) | about 9 years ago | (#13206838)

Let's try this again... :-) The E20 is not a CHRP system (evidently) but should be PReP. Thus it will run AIX up through 5.1 (but not 5.2 or 5.3), and so its support days are at best limited. Debian Linux *does* support the PReP systems.

Just to give you an idea of the age of this server, the E20 debuted in 1995 (at 100 MHz). There were some processor upgrade options released later. Maximum system memory is 512 MB, I believe.

Does he have a license to the source now? (5, Interesting)

mveloso (325617) | about 9 years ago | (#13206605)

Just wondering. He bought the computer and its contents from the government, so does he have rights to the source on the box?

Goverment? (4, Funny)

Stuart Gibson (544632) | about 9 years ago | (#13206619)

Govermental Servers Wiped? Never!

"Eighteen AIX servers purchased from goverment via auction"
So, is this genuinely how government is spelt in Australia, or are the editors too lazy to pick up on a glaringly obvious spelling mistake...

Twice.

Stuart

Re:Goverment? (1)

Fortyseven (240736) | about 9 years ago | (#13206714)

Funny, I didn't even notice that until you pointed it out. That whole thing where the brain does real-time error correction while reading kicked in, I suppose. You know, where the first and last letters are right, but the middle junk is scrambled and you can still read it as the right word when reading fast?

goevrnemnt

Weird. :)

Still sloppy, though.

Re:Goverment? (0)

Anonymous Coward | about 9 years ago | (#13206729)

But I thought it's spelled gov'mint.

Re:Goverment? (1)

Nqdiddles (805995) | about 9 years ago | (#13206781)

No, that's not how we spell it. But if we're too lazy to wipe our severs, why would we bother with correct spelling? Long live the typically Aussie laconic attitude!

Reminds me of when I worked for US government... (5, Interesting)

Anti-Trend (857000) | about 9 years ago | (#13206620)

I used to work for city government here in SoCal, USA. In contrast to our Aussie friends, they were super paranoid about data leakage. When there was actually a situation where the red tape was momentarily pierced and we were authorized to give away outdated equipment to schools, they made us do a multiple-pass low-level format on each and every HDD that left the building. A royal pain-in-the-ass more than a security consideration -- none of those machines had anything which would be of much interest to anybody. If you ask me, the most damning piece of information one could gleam from those systems wasn't in the HDD at all. Rather, it's the glaring question of why there were gaming-class video and sound cards in all of the upper-management's old PCs, and nothing but cheap Trident cards in the CAD workstations of the time...

-AT

Re:Reminds me of when I worked for US government.. (1)

QuaZar666 (164830) | about 9 years ago | (#13206802)

You have to ask that question? No matter where I have worked upper management always gets high end computers that they will never use, and at the same time the person that needs the system gets a system that is rather underpowered for what he/she needs.

-Qua

In my department... (1, Interesting)

Anonymous Coward | about 9 years ago | (#13206629)

...we don't let a hard drive out the door. All storage media(disks, tapes, CD/DVD, etc) remain in the buildings unless encrypted(laptops) or we are certain they contain no protected data - such as educational CDROMs, etc. Everything else is dismantled and destroyed. For example, CDs and HDD platters are sanded, tape is shredded.

Anything that goes to auction is diskless, and we cannot return a drive under warranty as it's impossible to securely erase a faulty drive, or, for that matter, a good drive - think bad sector remapping.

We're Federal Government, not State, BTW.

I would like to place a bid on that (1)

jurt1235 (834677) | about 9 years ago | (#13206657)

$14 for an AIX server, shipping and handling costs more, carrying them to the trashbin costs more. This is really a good deal, even for really old machines.

Anyway, if you do not want anybody to get the data, format the disks, low level if possible, remove the disks, open them up and use sanding paper on the platters before destroying them by bending or cutting them in two. Should do the trick.

same thing happened to me (2, Informative)

webdwarf (903475) | about 9 years ago | (#13206676)

We bought a second hand server from ebay which was from someone that buys ex govt stuff from auctions and it had a backup tape in it from the Brisbane Magistrates Court (Australia)

rub their noses in it (0)

Anonymous Coward | about 9 years ago | (#13206679)

it's good to know that in this cold mechanical corporate world, humans still some times make mistakes. obviously the best thing to do was rub their noses in it, and maybe even get someone fired. Hey it got you hits. what happened to mateship? would it have been so ethically wrong, to contact the seller, say they may have made a mistake, and took steps to rectify the situation? sure it's negligent, but c'mon, we are still human

Cheaper ways... (5, Insightful)

pimpimpim (811140) | about 9 years ago | (#13206695)

There was a case in the Netherlands where a state prosecutor just put his personal pc at the trash when it didn't work anymore due to spyware:

http://www.expatica.com/source/site_article.asp?su bchannel_id=19&story_id=13469&name=The+Dutch+news+ in+October+2004 [expatica.com]
see october 7th 2004

Some taxi-driver found it, discovered that it had very sensitive information about some current open cases on it, and a lot of personal stuff that could make the prosecutor vulnerable for blackmail etc. when in the wrong hands.

These things just show that some state organisations (or the people working there) have really too little awareness of handling computer data the right way. Actually this year we had a case in the netherlands where some secret state report ended up in an upload filesharing folder of the person working on it, and thereby just could spread all over. I think people working at such positions really should be instructed on safe computing, especially at home or using laptops, the risks are pretty high that data can get stolen.

you know they could have just.... (5, Informative)

thegoogler (792786) | about 9 years ago | (#13206720)

used dban [sourceforge.net] , its not rocket science. just put the disk in and hit ok

o wait, this is the goverment, nevermind

Re:you know they could have just.... (0)

Anonymous Coward | about 9 years ago | (#13206825)

Right, because you can just pop dban into an AIX-based PowerPC system and it'll work right off the bat. Or not.

The government should know better, but it's not as trivial as it sounds for the technically-disinclined. Heck, the dept responsible for auctioning off the computers may not know a thing about them.

This is normal here in Italy (1)

asbesto (519505) | about 9 years ago | (#13206723)

it's normal here to recover servers from public administration sites, having them perfectly working with all data inside :)

Civil servants are generally bludgers (1)

threaded (89367) | about 9 years ago | (#13206728)

Would be too much aggro to do the job right.

Data Protection? (3, Insightful)

HugePedlar (900427) | about 9 years ago | (#13206732)

The UK's Data Protection Act, especially as it pertains to medical data, is remarkably strict.

Nonetheless, it came as no surprise to me that, when I worked at a medical centre and they upgraded all their machines, the old ones were merely dumped in the attic before being carted off by the local Council's binmen.

I asked about this (not in terms of security, but because I wanted the machines). Apparently UK companies have to PAY the Council to removed old computers, as part of some enviromental legislation. I offered to take them away for free, naturally.

The only reason I didn't get any "protected" data along with them was because I'd previously wiped it off. But even that was little more than a standard "empty recycle-bin" - it likely wouldn't stop anyone who knew what they were doing.


It's all very well having data protection policies, but unless you tell officials HOW to erase data, it won't be done.

Shoulda used... (2, Informative)

Mechcozmo (871146) | about 9 years ago | (#13206792)

http://www.killdisk.com/ [killdisk.com]

I've only used the free demo but its a great floppy. And it runs FreeDOS too.

Re:Shoulda used... (1)

goingtohell (904010) | about 9 years ago | (#13206829)

windows NT scandisk/checkdisk

Easy Get-Rich-Quick Scheme! (1)

zaguar (881743) | about 9 years ago | (#13206837)

1:Buy decommisioned high-level government servers.
2:Find confidential data on said servers.
3:Sell said information to interested parties
4:??????
5:Profit!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>