From lgj at usenix.org Mon Jul 2 09:43:04 2007 From: lgj at usenix.org (Lionel Garth Jones) Date: Mon, 02 Jul 2007 09:43:04 -0700 Subject: 16th USENIX Security Symposium Registration Now Open Message-ID: <46892B18.8030404@usenix.org> ------------------------------------------------------------- 16th USENIX Security Symposium August 6-10, 2007 Boston, MA http://www.usenix.org/sec07/proga Early Bird Registration Deadline: July 16, 2007 ------------------------------------------------------------- Dear Colleague, I'm pleased to invite you to attend the 16th USENIX Security Symposium, August 6-10, 2007, in Boston, MA. Computer security today advances at an exceptional rate, as both its operational relevance and the tension between attackers and defenders continue to grow. New services, new systems, and new networking architectures continually add new dimensions to the field and subvert previously held assumptions. This symposium offers cutting-edge research on topics that range from Web-based detection through memory performance attacks. * The Security training program can help you learn the latest on topics such as: -- TCP/IP Weapons School -- Live Forensics Experts such as Richard Bejtlich, Dan Geer, Frank Adelstein, and Golden G. Richard will give you the information, techniques, tools, and strategies you need to practice effective security today--and tomorrow. * Don't miss the keynote address by Steven Levy, a senior editor and columnist at Newsweek, on "How the iPod Shuffled the World as We Know It." * The Invited Talks cover a number of timely topics, including: -- "Windows Vista Content Protection," by Peter Gutmann, University of Auckland, New Zealand -- "Exploiting Online Games," by Gary McGraw, Cigital -- And more... * The 23 refereed papers present the best new research in a variety of subject areas, including privacy, cellular network security, and authentication. * Join colleagues with similar interests for thought-provoking discussions at the evening Birds-of-a-Feather sessions. * Share a provocative opinion, interesting preliminary work, or a cool idea that will spark discussion at the poster session. To submit a poster, please send a 1-5 page(s) proposal, in PDF or PostScript, to sec07posters at usenix.org by June 23, 2007 * Get a preview of next year's news or present your own new work and get audience feedback at the Work-in-Progress reports (WiPs). Speakers should submit a one- or two-paragraph abstract to sec07wips at usenix.org by August 8, 2007. Whether you're a researcher, a system administrator, or a policy wonk, come to the 16th USENIX Security Symposium to find out how changes in computer security are going to affect you. Please see http://www.usenix.org/sec07/proga to register today! We look forward to seeing you in Boston, August 6-10, 2007. For the Security '07 Program Committee, Niels Provos, Google Inc. Security '07 Program Chair sec07chair at usenix.org P.S. Workshops will be held in conjunction with the main conference. EVT '07 and WOOT '07 will both take place on August 6. DETER 2007 will take place August 6-7. HotSec '07 and MetriCon 2.0 will both take place on August 7. For more information, see: http://www.usenix.org/events/sec07/workshops.html ------------------------------------------------------------- 16th USENIX Security Symposium August 6-10, 2007 Boston, MA http://www.usenix.org/sec07/proga Early Bird Registration Deadline: July 16, 2007 ------------------------------------------------------------- About this mailing list: USENIX never shares, sells, rents, or exchanges email addresses of its members or conference attendees. We would like to continue sending you occasional email announcements like this one. However, if you do not wish to receive these announcements, please reply to this message and include the word REMOVE in the body. Please do not alter the subject line, as we need your ID number in order to process your request. Please use sec07chair at usenix.org to contact Niels Provos. Niels_Provos at usenix.org is for automated list management only. To change your contact information, please visit: http://www.usenix.org/membership/ If you have any questions about the mailing list, please send email to office at usenix.org. We may also be reached via postal mail at: USENIX Association 2560 9th Street, Suite 215 Berkeley CA 94710 (510) 528-8649 From david at catwhisker.org Fri Jul 6 13:53:26 2007 From: david at catwhisker.org (David Wolfskill) Date: Fri, 6 Jul 2007 13:53:26 -0700 Subject: Solaris -- can I add a SCSI target without a reconfigure reboot? Message-ID: <20070706205326.GA87424@bunrab.catwhisker.org> One of the "workhorse" machines here at hoem is a SPARCstation 5/170, running Solaris 2.6. In general, its workload is pretty stable and it basically Just Runs, so I don't have much incentive to mess with it. However, the media for the tape drives I have on it aren't adequate for my backups, so I need to add another tape drive to one of the SCSI buses. I realize that (once I have target ID & termination set properly) a "reboot -- -r" or "sudo touch /reconfigure && sudo reboot" should work well to cause the system to "see" the new device. Is there a reasonable way to accomplish that goal without a reboot? Thanks! Peace, david (who likes to minimize disruption in such things) -- David H. Wolfskill david at catwhisker.org Anything and everything is a (potential) cat toy. See http://www.catwhisker.org/~david/publickey.gpg for my public key. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available URL: From david at catwhisker.org Fri Jul 6 16:18:51 2007 From: david at catwhisker.org (David Wolfskill) Date: Fri, 6 Jul 2007 16:18:51 -0700 Subject: Solaris -- can I add a SCSI target without a reconfigure reboot? In-Reply-To: <20070706205326.GA87424@bunrab.catwhisker.org> References: <20070706205326.GA87424@bunrab.catwhisker.org> Message-ID: <20070706231851.GF87424@bunrab.catwhisker.org> On Fri, Jul 06, 2007 at 01:53:26PM -0700, David Wolfskill wrote: > ... > Is there a reasonable way to accomplish that goal without a reboot? The following sequence caused creation of new entries under /dev/rmt as well as in the kernel's device tree (as shown by "sysinfo -level all"): * Save the output of "sysinfo -level all" or "prtconf" to a file. * Ensure that termination is set properly (precisely one termination for each end of each SCSI bus) and that the SCSI target ID selected for the device does not conflict with any other SCSI target on the same SCSI bus. It also helps to use a SCSI target ID that is "usual" for the type of device. It's my understanding that SCSI IDs 4 & 5 are typically used for tape drives in Solaris; I used 4. (The only other device -- other that the SCSI host adaptor -- on this SCSI bus is a scanner; the probability that I'll be using both at the same time is negligible.) * Physically connect the new device in the chain of devices. It's right handy if nothing else on that bus is currently being used. (That was, in fact, the case for me.) * Turn the new device on. (I had overlooked this at first. Silly me.) * Issue "modinfo | grep ' st '" to determine the ID of the "st" driver. (In my case, it was 114.) If you are feeling very brave (and don't really want corroborating uinformation), use "modinfo | awk '/ st /{print $1}'". * Unload the st driver: "modunload -i `modinfo | awk '/ st /{print $1}'` (or something functionally equivalent). * drvconfig (This may take several seconds.) * devlinks * tapes * Re-run "sysinfo -level all" or "prtconf" abd save the output to a different file. * A "diff" of the two files should show the new device node(s): # diff -c pogo new *** pogo Fri Jul 6 13:36:14 2007 --- new Fri Jul 6 16:00:41 2007 *************** *** 65,71 **** Number of processors (CPUs) configured (_SC_NPROCESSORS_CONF) is 1 Number of processors (CPUs) online (_SC_NPROCESSORS_ONLN) is 1 Total number of pages of physical memory (_SC_PHYS_PAGES) is 32768 ! Number of pages of physical memory not currently in use (_SC_AVPHYS_PAGES) is 1418 Max number of I/O operations in single list I/O call (_SC_AIO_LISTIO_MAX) is 256 Max number of timer expiration overruns (_SC_DELAYTIMER_MAX) is 2147483647 Max number of open message queue descriptors per process (_SC_MQ_OPEN_MAX) is 32 --- 65,71 ---- Number of processors (CPUs) configured (_SC_NPROCESSORS_CONF) is 1 Number of processors (CPUs) online (_SC_NPROCESSORS_ONLN) is 1 Total number of pages of physical memory (_SC_PHYS_PAGES) is 32768 ! Number of pages of physical memory not currently in use (_SC_AVPHYS_PAGES) is 497 Max number of I/O operations in single list I/O call (_SC_AIO_LISTIO_MAX) is 256 Max number of timer expiration overruns (_SC_DELAYTIMER_MAX) is 2147483647 Max number of open message queue descriptors per process (_SC_MQ_OPEN_MAX) is 32 *************** *** 242,248 **** Target : 6 Connected to : esp0 ! rmt/0 (st4) is a SCSI tape drive Lun : 0 Target : 4 Connected to : esp0 --- 242,248 ---- Target : 6 Connected to : esp0 ! rmt/0 (st4) is a "HP 35470A 4mm DAT (HP HP35470A)" SCSI tape drive Lun : 0 Target : 4 Connected to : esp0 *************** *** 298,304 **** --- 298,311 ---- Interrupts : 3 Connected to : dma1 Unit : 1 + Attached Device(s) : rmt/2 + rmt/2 (st11) is a SCSI tape drive + Lun : 0 + Target : 4 + Connected to : esp1 + Unit : 11 + lebuffer0 is a "FSBE/S" Fast SCSI Buffered Ethernet/Sbus Description : Fast SCSI Buffered Ethernet/Sbus Burst Sizes : 63 # * And "ls -l /dev/rmt" should show entries that weren't there before. I'll spare you that bit of spam. :-} My thanks to Alexei Rodriguez, Robert Hajime Lanning, and Darren Dunham (in the order in which I received their replies) for their responses. Peace, david -- David H. Wolfskill david at catwhisker.org Anything and everything is a (potential) cat toy. See http://www.catwhisker.org/~david/publickey.gpg for my public key. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available URL: From rjwitte at rjwitte.com Fri Jul 6 16:57:25 2007 From: rjwitte at rjwitte.com (Russ Witte) Date: Fri, 6 Jul 2007 16:57:25 -0700 Subject: Solaris -- can I add a SCSI target without a reconfigure reboot? In-Reply-To: <20070706231851.GF87424@bunrab.catwhisker.org> Message-ID: <002f01c7c029$67309de0$6601a8c0@RJWDesktop> On a slightly different note ... I know we all brag about how long our systems stay up without a reboot, but in terms of security and/or configuration and hardware validation isn't it a good idea to reboot occasionally? Maybe no more than a couple times a year, but still ... What's the general consensus? I try to keep my Sun systems patched, maybe 2-4 times a year, so that takes care of it. What do other people do? Russ -----Original Message----- From: owner-baylisa at baylisa.org [mailto:owner-baylisa at baylisa.org] On Behalf Of David Wolfskill Sent: Friday, July 06, 2007 4:19 PM To: baylisa at baylisa.org Subject: Re: Solaris -- can I add a SCSI target without a reconfigure reboot? On Fri, Jul 06, 2007 at 01:53:26PM -0700, David Wolfskill wrote: > ... > Is there a reasonable way to accomplish that goal without a reboot? The following sequence caused creation of new entries under /dev/rmt as well as in the kernel's device tree (as shown by "sysinfo -level all"): * Save the output of "sysinfo -level all" or "prtconf" to a file. * Ensure that termination is set properly (precisely one termination for each end of each SCSI bus) and that the SCSI target ID selected for the device does not conflict with any other SCSI target on the same SCSI bus. It also helps to use a SCSI target ID that is "usual" for the type of device. It's my understanding that SCSI IDs 4 & 5 are typically used for tape drives in Solaris; I used 4. (The only other device -- other that the SCSI host adaptor -- on this SCSI bus is a scanner; the probability that I'll be using both at the same time is negligible.) * Physically connect the new device in the chain of devices. It's right handy if nothing else on that bus is currently being used. (That was, in fact, the case for me.) * Turn the new device on. (I had overlooked this at first. Silly me.) * Issue "modinfo | grep ' st '" to determine the ID of the "st" driver. (In my case, it was 114.) If you are feeling very brave (and don't really want corroborating uinformation), use "modinfo | awk '/ st /{print $1}'". * Unload the st driver: "modunload -i `modinfo | awk '/ st /{print $1}'` (or something functionally equivalent). * drvconfig (This may take several seconds.) * devlinks * tapes * Re-run "sysinfo -level all" or "prtconf" abd save the output to a different file. * A "diff" of the two files should show the new device node(s): # diff -c pogo new *** pogo Fri Jul 6 13:36:14 2007 --- new Fri Jul 6 16:00:41 2007 *************** *** 65,71 **** Number of processors (CPUs) configured (_SC_NPROCESSORS_CONF) is 1 Number of processors (CPUs) online (_SC_NPROCESSORS_ONLN) is 1 Total number of pages of physical memory (_SC_PHYS_PAGES) is 32768 ! Number of pages of physical memory not currently in use (_SC_AVPHYS_PAGES) is 1418 Max number of I/O operations in single list I/O call (_SC_AIO_LISTIO_MAX) is 256 Max number of timer expiration overruns (_SC_DELAYTIMER_MAX) is 2147483647 Max number of open message queue descriptors per process (_SC_MQ_OPEN_MAX) is 32 --- 65,71 ---- Number of processors (CPUs) configured (_SC_NPROCESSORS_CONF) is 1 Number of processors (CPUs) online (_SC_NPROCESSORS_ONLN) is 1 Total number of pages of physical memory (_SC_PHYS_PAGES) is 32768 ! Number of pages of physical memory not currently in use (_SC_AVPHYS_PAGES) is 497 Max number of I/O operations in single list I/O call (_SC_AIO_LISTIO_MAX) is 256 Max number of timer expiration overruns (_SC_DELAYTIMER_MAX) is 2147483647 Max number of open message queue descriptors per process (_SC_MQ_OPEN_MAX) is 32 *************** *** 242,248 **** Target : 6 Connected to : esp0 ! rmt/0 (st4) is a SCSI tape drive Lun : 0 Target : 4 Connected to : esp0 --- 242,248 ---- Target : 6 Connected to : esp0 ! rmt/0 (st4) is a "HP 35470A 4mm DAT (HP HP35470A)" SCSI tape drive Lun : 0 Target : 4 Connected to : esp0 *************** *** 298,304 **** --- 298,311 ---- Interrupts : 3 Connected to : dma1 Unit : 1 + Attached Device(s) : rmt/2 + rmt/2 (st11) is a SCSI tape drive + Lun : 0 + Target : 4 + Connected to : esp1 + Unit : 11 + lebuffer0 is a "FSBE/S" Fast SCSI Buffered Ethernet/Sbus Description : Fast SCSI Buffered Ethernet/Sbus Burst Sizes : 63 # * And "ls -l /dev/rmt" should show entries that weren't there before. I'll spare you that bit of spam. :-} My thanks to Alexei Rodriguez, Robert Hajime Lanning, and Darren Dunham (in the order in which I received their replies) for their responses. Peace, david -- David H. Wolfskill david at catwhisker.org Anything and everything is a (potential) cat toy. See http://www.catwhisker.org/~david/publickey.gpg for my public key. From david at catwhisker.org Fri Jul 6 17:13:44 2007 From: david at catwhisker.org (David Wolfskill) Date: Fri, 6 Jul 2007 17:13:44 -0700 Subject: Update/reboot frequencey [Was: Solaris -- can I add a SCSI target without a reconfigure reboot?] In-Reply-To: <002f01c7c029$67309de0$6601a8c0@RJWDesktop> References: <20070706231851.GF87424@bunrab.catwhisker.org> <002f01c7c029$67309de0$6601a8c0@RJWDesktop> Message-ID: <20070707001344.GH87424@bunrab.catwhisker.org> On Fri, Jul 06, 2007 at 04:57:25PM -0700, Russ Witte wrote: > On a slightly different note ... I know we all brag about how long our > systems stay up without a reboot, but in terms of security and/or > configuration and hardware validation isn't it a good idea to reboot > occasionally? Maybe no more than a couple times a year, but still ... > > What's the general consensus? I try to keep my Sun systems patched, maybe > 2-4 times a year, so that takes care of it. What do other people do? I doubt much of a concensus is likely to be reached: even among my own systems, it varies greatly; for example: * On my laptop, I keep a local private mirror of the FreeBSD CVS repository that is updatedd every night (in two steps). Every morning, I then use that CVS repository to update sourcess for FreeBSD STABLE (RELENG_6) and CURRENT (HEAD), as well as the /usr/ports tree. Every day that the STABLE /usr/src tree is updated, I rebuild FreeBSD. (It usually does change, save for maybe a dozen days per year.) I then reboot the newly-built FreeBSD STABLE and run a variation on "portupgrade -a" (to update any ports that have been modified) and update the CURRENT /usr/src (which is on a different "slice" of the disk). That done, I reboot to the CURRENT slice and rebuild FreeBSD CURRENT. (It's very rare for CURRENT to fail to change from one day to the next.) (There was a fair amount of "turbulence" involved in getting CURRENT built today. :-} That happens sometimes.) So at the moment, the machine is running: g1-18(6.2-S)[1] uname -a FreeBSD g1-18.catwhisker.org. 6.2-STABLE FreeBSD 6.2-STABLE #443: Thu Jul 5 06:16:45 PDT 2007 root at g1-18.catwhisker.org.:/common/S1/obj/usr/src/sys/CANARY i386 g1-18(6.2-S)[2] * My work desktop gets similar treatment, but only every Sunday. * When I still had a working dedicated "build machine" at home, I did the daily builds on it (as well as the laptop); on Sundays, I'd also update the ports from the build machine to my 2 "production" machines at home, and every other Sunday, I'd install the recently-built snapshot of FreeBSD-STABLE on those machines. Each of the above examples is rather more frequent change than I'd suggest for most other folks, though. :-} Peace, david -- David H. Wolfskill david at catwhisker.org Anything and everything is a (potential) cat toy. See http://www.catwhisker.org/~david/publickey.gpg for my public key. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available URL: From guy at extragalactic.net Mon Jul 9 17:31:12 2007 From: guy at extragalactic.net (Guy B. Purcell) Date: Mon, 9 Jul 2007 17:31:12 -0700 Subject: Solaris -- can I add a SCSI target without a reconfigure reboot? In-Reply-To: <002f01c7c029$67309de0$6601a8c0@RJWDesktop> References: <002f01c7c029$67309de0$6601a8c0@RJWDesktop> Message-ID: <0A627E1A-F045-4BBD-B63B-861620796754@extragalactic.net> On Jul 6, 2007, at 4:57 PM, Russ Witte wrote: > On a slightly different note ... I know we all brag about how long our > systems stay up without a reboot, but in terms of security and/or > configuration and hardware validation isn't it a good idea to reboot > occasionally? Maybe no more than a couple times a year, but still ... > > What's the general consensus? I try to keep my Sun systems patched, > maybe > 2-4 times a year, so that takes care of it. What do other people do? My rules of thumb (which apply both at work & at home) are: * Security & other important patches get scheduled when necessary, with reboots as required (some patches don't require a reboot--e.g. sendmail) * Other patches get scheduled when convenient, with reboots as required * Unless a system needs to be rebooted (due to a patch or HW repair), don't reboot it; HW & SW/configs are validated by the system performing as desired (and that behavior is monitored to alert me to any deviations): power-cycling components to see whether or not they'll break strikes me as silly :^) Most of the boxen I deal with are Solaris systems, and I can do quite a bit to them without rebooting nowadays (even most HW replacement on SPARC systems). In David's case, I would have powered down to attach the new hardware (those older systems could suffer damage to the various devices on the chain if devices were added/removed hot), rendering the question of how to force Solaris to recognize it moot. -Guy From lgj at usenix.org Fri Jul 13 13:57:43 2007 From: lgj at usenix.org (Lionel Garth Jones) Date: Fri, 13 Jul 2007 13:57:43 -0700 Subject: Security '07 Early Bird Registration Deadline Approaching Message-ID: <4697E747.90008@usenix.org> ------------------------------------------------------------- 16th USENIX Security Symposium August 6-10, 2007 Boston, MA http://www.usenix.org/sec07/progb Early Bird Registration Deadline: July 16, 2007 ------------------------------------------------------------- Dear Colleague, The Early Bird Registration Deadline for the 16th USENIX Security Symposium is Monday, July, 16, 2007. Register today to save. USENIX Security '07, taking place August 6-10, 2007, in Boston, MA, will help you stay ahead of the game by offering cutting-edge research on topics that range from Web-based detection through memory performance attacks. * The USENIX Security training program can help you learn the latest on topics such as: -- TCP/IP Weapons School -- Live Forensics Experts such as Richard Bejtlich, Dan Geer, Frank Adelstein, and Golden G. Richard will give you the information, techniques, tools, and strategies you need to practice effective security today--and tomorrow. * Don't miss the keynote address by Steven Levy, a senior editor and columnist at Newsweek, on "How the iPod Shuffled the World as We Know It." * The Invited Talks cover a number of timely topics, including: -- "Windows Vista Content Protection," by Peter Gutmann, University of Auckland, New Zealand -- "Exploiting Online Games," by Gary McGraw, Cigital -- And more... * The 23 refereed papers present the best new research in a variety of subject areas, including privacy, cellular network security, and authentication. * Join colleagues with similar interests for thought-provoking discussions at the evening Birds-of-a-Feather sessions. * Share a provocative opinion, interesting preliminary work, or a cool idea that will spark discussion at the poster session. * Get a preview of next year's news or present your own new work and get audience feedback at the Work-in-Progress reports (WiPs). Speakers should submit a one- or two-paragraph abstract to sec07wips at usenix.org by August 8, 2007. Whether you're a researcher, a system administrator, or a policy wonk, come to the 16th USENIX Security Symposium to find out how changes in computer security are going to affect you. Please see http://www.usenix.org/sec07/progb to register today! We look forward to seeing you in Boston, August 6-10, 2007. For the Security '07 Program Committee, Niels Provos, Google Inc. Security '07 Program Chair sec07chair at usenix.org P.S. Workshops will be held in conjunction with the main conference. EVT '07 and WOOT '07 will both take place on August 6. DETER 2007 will take place August 6-7. HotSec '07 and MetriCon 2.0 will both take place on August 7. For more information, see: http://www.usenix.org/events/sec07/workshops.html ------------------------------------------------------------- 16th USENIX Security Symposium August 6-10, 2007 Boston, MA http://www.usenix.org/sec07/progb Early Bird Registration Deadline: July 16, 2007 ------------------------------------------------------------- From ahorn at deorth.org Tue Jul 17 17:45:02 2007 From: ahorn at deorth.org (Alan Horn) Date: Tue, 17 Jul 2007 17:45:02 -0700 (PDT) Subject: BayLISA July general meeting - July 19th @Yahoo In-Reply-To: <20070611170335.P63359@slick.sigje.org> References: <20070611170335.P63359@slick.sigje.org> Message-ID: <20070717173635.Q63359@slick.sigje.org> Our general meeting for the month of July will be held in our usual location at Yahoo, Sunnyvale. In Bldg E, classroom 9 We have two companies speaking this month: MobiTV ~~~~~~ Kevin Quaintance - Sr. Manager, NOC. Aaron Nichols - Manager, System Engineering. VMWare ~~~~~~ Mostafa Khalil - Sr. Product Support Engineer MobiTV will be giving an overall view of their company and products and how it all works on a technical level. VMWare will be presenting the new features in their "Virtual Infrastructure 3" (VI3). This includes all products (e.g. ESX, VC, VCB, Converter...) Pizza and soda as usual. Doors open at 7, talks to start at 7:30. Directions to Yahoo see http://yhoo.client.shareholder.com/press/address.cfm and turn left into Bldg E, rather than right into Bldg. D. Details also at http://www.baylisa.org From asheesh at asheesh.org Tue Jul 17 18:23:37 2007 From: asheesh at asheesh.org (Asheesh Laroia) Date: Tue, 17 Jul 2007 18:23:37 -0700 (PDT) Subject: Hard drive recovery recommendations Message-ID: I have two hard drives (160GB SATA Hitachi Deskstars) that just failed on me. They were pairs in a RAID1 set, and one failed 36 hours after the other. Summary: There's nothing I can do other than pay thousands of dollars; can anyone suggest such a place? (-: The symptoms are if you try to hot-add them, Linux eventually says: [79893.436435] ata2: port failed to respond (30 secs, Status 0x80) It seems to be giving link on the SATA bus, but it does not seem to be responding to requests for data. They also cause the BIOS to hang on detection; the Promise card they came from simply won't proceed unless you unplug them, and the Dell Core 2 Duo I just tried times out and doesn't detect the disks. (I've been trying them one at a time, but they have identical symptoms.) So I figured I could experiment a little with the first one that died, because no matter what I tried I could send the other one to an expensive disk recovery place. I froze the disk, to no avail; I waited three days, just in case it would work by magic, to no avail; finally, I just replaced the logic board from a replacement I bought from eBay, also to no avail! The second one that died I've kept in as pristine shape possible to maxmize the chance that a recovery vendor can restore data from it. So now it's time to try expensive disk recovery places. Unfortunately this is personal data, so I can't just expense account it. Can anyone recommend a data recovery place or tell a personal story of how much a disk cost to recover, and how good the vendor seems to be? I'm willing to pay thousands of dollars, but obviously if a $2000 place is as good as a $3000 place then I'd like to know that. (-: Thanks a million! -- Asheesh. P.S. I've been saying to *others*, "RAID 1 is NOT backup!" for years, I just never actually followed my own advice well enough to do backup. Now I'm backing up everything.... From cerise at armory.com Tue Jul 17 18:32:26 2007 From: cerise at armory.com (cerise at armory.com) Date: Tue, 17 Jul 2007 18:32:26 -0700 Subject: Hard drive recovery recommendations In-Reply-To: References: Message-ID: <20070718013226.GR13163@boogeyman> I have a similar problem -- and have for a few months, though it's really just laziness that's keeping me from doing anything. I've found that pretty much every place I've gone to wants you to fill out a web form and specify what OS and filesystem it was -- even when "filesystem" isn't really a meaningful descriptor in a situation like a RAID1 and "OS" is hopelessly irrelevent. I had http://www.drivesavers.com/ recommended to me on this list when I asked and they seemed to be the most solid of my minimal reference checking. -Phil/CERisE On Tue, Jul 17, 2007 at 06:23:37PM -0700, Asheesh Laroia wrote: > I have two hard drives (160GB SATA Hitachi Deskstars) that just failed on > me. They were pairs in a RAID1 set, and one failed 36 hours after the > other. Summary: There's nothing I can do other than pay thousands of > dollars; can anyone suggest such a place? (-: > > The symptoms are if you try to hot-add them, Linux eventually says: > > [79893.436435] ata2: port failed to respond (30 secs, Status 0x80) > > It seems to be giving link on the SATA bus, but it does not seem to be > responding to requests for data. They also cause the BIOS to hang on > detection; the Promise card they came from simply won't proceed unless you > unplug them, and the Dell Core 2 Duo I just tried times out and doesn't > detect the disks. (I've been trying them one at a time, but they have > identical symptoms.) > > So I figured I could experiment a little with the first one that died, > because no matter what I tried I could send the other one to an expensive > disk recovery place. I froze the disk, to no avail; I waited three days, > just in case it would work by magic, to no avail; finally, I just replaced > the logic board from a replacement I bought from eBay, also to no avail! > The second one that died I've kept in as pristine shape possible to > maxmize the chance that a recovery vendor can restore data from it. > > So now it's time to try expensive disk recovery places. Unfortunately > this is personal data, so I can't just expense account it. Can anyone > recommend a data recovery place or tell a personal story of how much a > disk cost to recover, and how good the vendor seems to be? I'm willing to > pay thousands of dollars, but obviously if a $2000 place is as good as a > $3000 place then I'd like to know that. (-: > > Thanks a million! > > -- Asheesh. > > P.S. I've been saying to *others*, "RAID 1 is NOT backup!" for years, I > just never actually followed my own advice well enough to do backup. Now > I'm backing up everything.... From rob.markovic at gmail.com Wed Jul 18 10:55:00 2007 From: rob.markovic at gmail.com (Robi) Date: Wed, 18 Jul 2007 10:55:00 -0700 Subject: Hard drive recovery recommendations In-Reply-To: References: Message-ID: <97a9d8c80707181055o78f7255ckfce3f36b293f07fe@mail.gmail.com> You may want to try a firewire or USB enclosure and see if the drive will read any from it. Another option is contacting some forensic techs who have the HD imagers.. they have various means of getting data off drives w/o modifing the contents. Other than that.. there's the ontrack guys and hopefully you'll find other more local places. -- Rob From cerise at armory.com Wed Jul 18 12:29:42 2007 From: cerise at armory.com (cerise at armory.com) Date: Wed, 18 Jul 2007 12:29:42 -0700 Subject: Hard drive recovery recommendations In-Reply-To: <97a9d8c80707181055o78f7255ckfce3f36b293f07fe@mail.gmail.com> References: <97a9d8c80707181055o78f7255ckfce3f36b293f07fe@mail.gmail.com> Message-ID: <20070718192942.GW13163@boogeyman> On Wed, Jul 18, 2007 at 10:55:00AM -0700, Robi wrote: > Other than that.. there's the ontrack guys and hopefully you'll find > other more local places. For what it's worth, it's my experience that there are almost no local places. Most were places elsewhere in the country that held offices for drop offs and shipped the disk for processing. Whether or not that matters is up to you. -Phil/CERisE From guy at extragalactic.net Wed Jul 18 15:48:28 2007 From: guy at extragalactic.net (Guy B. Purcell) Date: Wed, 18 Jul 2007 15:48:28 -0700 Subject: Hard drive recovery recommendations In-Reply-To: <20070718192942.GW13163@boogeyman> References: <97a9d8c80707181055o78f7255ckfce3f36b293f07fe@mail.gmail.com> <20070718192942.GW13163@boogeyman> Message-ID: <72A0DA93-F521-495D-BEB5-2C1A97EB40BD@extragalactic.net> On Jul 18, 2007, at 12:29 PM, cerise at armory.com wrote: > On Wed, Jul 18, 2007 at 10:55:00AM -0700, Robi wrote: >> Other than that.. there's the ontrack guys and hopefully you'll find >> other more local places. > > For what it's worth, it's my experience that there are almost no > local places. Fortunately, your top recommendation *is* local: ;^) -Guy From marco at escape.org Thu Jul 19 12:12:23 2007 From: marco at escape.org (Marco Nicosia) Date: Thu, 19 Jul 2007 12:12:23 -0700 Subject: [baylisa] Re: Hard drive recovery recommendations In-Reply-To: <72A0DA93-F521-495D-BEB5-2C1A97EB40BD@extragalactic.net>; from guy@extragalactic.net on Wed, Jul 18, 2007 at 03:48:28PM -0700 References: <97a9d8c80707181055o78f7255ckfce3f36b293f07fe@mail.gmail.com> <20070718192942.GW13163@boogeyman> <72A0DA93-F521-495D-BEB5-2C1A97EB40BD@extragalactic.net> Message-ID: <20070719121223.T736@escape.org> Guy B. Purcell (guy at extragalactic.net) wrote: > > On Jul 18, 2007, at 12:29 PM, cerise at armory.com wrote: > > > For what it's worth, it's my experience that there are almost no > > local places. > > Fortunately, your top recommendation *is* local: www.drivesavers.com/contact.html> ;^) Once in the past, I used Lazarus Data Recovery in San Francisco. My drive was hopelessly toasted, but I felt that they were competent, and gave me good value for my money. Anything else, and I wouldn't bother mentioning them here. LAZARUS DATA RECOVERY 379 Clementina Street San Francisco, CA 94103 http://www.lazarus.com/ > -Guy _______________________________________________________________________ Marco E. Nicosia | http://www.escape.org/~marco/ | marco at escape.org From lgj at usenix.org Mon Jul 23 09:22:54 2007 From: lgj at usenix.org (Lionel Garth Jones) Date: Mon, 23 Jul 2007 09:22:54 -0700 Subject: USENIX Annual Tech '08 Call For Papers Now Available Message-ID: <46A4D5DE.6000406@usenix.org> --------------------------------------- Call for Papers 2008 USENIX Annual Technical Conference June 22-27, 2008, Boston, MA Paper Submissions Deadline: January 7, 2008, 11:59 p.m. PST http://www.usenix.org/usenix08/cfpa/ --------------------------------------- Dear Colleague, On behalf of the 2008 USENIX Annual Technical Conference program committee, we request your ideas, proposals, and papers for tutorials, refereed papers, and posters. Authors are invited to submit original and innovative papers to the Refereed Papers Track of the 2008 USENIX Annual Technical Conference. Authors are required to submit full papers by 11:59 p.m. PST, Monday, January 7, 2008. We seek high-quality submissions that further the knowledge and understanding of modern computing systems, with an emphasis on implementations and experimental results. We encourage papers that break new ground or present insightful results based on practical experience. The USENIX conference has a broad scope; specific topics of interest include but are not limited to: * Architectural interaction * Deployment experience * Distributed and parallel systems * Embedded systems * Energy/power management * File and storage systems * Networking and network services * Operating systems * Reliability, availability, and scalability * Security, privacy, and trust * System and network management and troubleshooting * Usage studies and workload characterization * Virtualization * Web technology * Wireless, sensor, and mobile systems More information on these and other submission guidelines is available on our Web site: http://www.usenix.org/usenix08/cfpa/ IMPORTANT DATES: Paper submissions due: Monday, January 7, 2008, 11:59 p.m. PST Notification to authors: Wednesday, March 12, 2008 Final papers due: Tuesday, April 29, 2008 Please note that January 7 is a hard deadline; no extensions will be given. We look forward to your submissions. On behalf of the Annual Tech '08 Conference Organizers, Rebecca Isaacs, Microsoft Research Yuanyuan Zhou, University of Illinois at Urbana-Champaign 2008 USENIX Annual Technical Conference Program Co-Chairs usenix08chairs at usenix.org From asheesh at asheesh.org Sun Jul 29 13:31:38 2007 From: asheesh at asheesh.org (Asheesh Laroia) Date: Sun, 29 Jul 2007 13:31:38 -0700 (PDT) Subject: [baylisa] Re: Hard drive recovery recommendations In-Reply-To: <20070719121223.T736@escape.org> References: <97a9d8c80707181055o78f7255ckfce3f36b293f07fe@mail.gmail.com> <20070718192942.GW13163@boogeyman> <72A0DA93-F521-495D-BEB5-2C1A97EB40BD@extragalactic.net> <20070719121223.T736@escape.org> Message-ID: On Thu, 19 Jul 2007, Marco Nicosia wrote: > Guy B. Purcell (guy at extragalactic.net) wrote: >> >> On Jul 18, 2007, at 12:29 PM, cerise at armory.com wrote: >> >>> For what it's worth, it's my experience that there are almost no >>> local places. >> >> Fortunately, your top recommendation *is* local: > www.drivesavers.com/contact.html> ;^) > > Once in the past, I used Lazarus Data Recovery in San Francisco. > My drive was hopelessly toasted, but I felt that they were competent, > and gave me good value for my money. Anything else, and I wouldn't > bother mentioning them here. > > LAZARUS DATA RECOVERY > 379 Clementina Street > San Francisco, CA 94103 > http://www.lazarus.com/ Wow, that was extremely local. I literally walked from work to the place during lunch to give them my drives. I talked with the guys there, and they knew what they were talking about as well as had much more sane prices. For a recovery of the RAID-1 set that used to store my personal data, $3800 that DriveSavers wanted to charge me sure gave me pause. Another thing to note is that William Chang at Lazarus used to work at DriveSavers; he used the phrase "I built that company up". Now he says he belives in karma and doesn't think that charging the DriveSavers prices is the way to go. The first price quote at Lazarus was $1600, which was astonishingly low by comparison (but not implausible like the $350 from places that just run Norton Disk Doctor). So far they've had to do mechanical work in a clean room to get my drive to start going again and told me they're succeeding so far. I don't mean to count my eggs before they've hatched, but I do feel pretty confident that whatever data Lazarus gets back, they'll get back as much as the best in the business can. Also, he complimented me on the amateur work I did: replacing the logic board and putting the drive in the freezer in an anti-static bag. That was nice to hear. (-: So I wanted to leave this public positive note about them, and deeply thank Marco for mentioning them. If you search the Web for Lazarus Data Recovery, you'll discover that Apple Computer now recommends people talk to them too. Knowing that gave me more confidence in trusting a small local shop like them. As a note for the others, too, if you don't have much money (like me, less than a month into my first job out of college), tell them that; they may find ways to give you a discount. For example, DriveSavers took 30% off for me when I said I could wait an extra two business days as compared to their regular "economy" service. -- Asheesh. -- I think that I shall never see A billboard lovely as a tree. Indeed, unless the billboards fall I'll never see a tree at all. -- Ogden Nash