24 May 2018

How to securely wipe an NVMe drive

NVMe drives are great: they are fast and they are huge. That huge size, however, can be a pain when it comes to securely erasing data. Old-school commands like wipe are simply not up to the task; and even if they were, they work on assumptions that do not map properly to a solid-state world. Writing random data over and over is going to dramatically reduce the lifespan of a solid-state drive, and it's pointless when all NVMe disks already have built-in tools that can take care of this task quickly and safely.

So what do you do when you want to wipe a NVMe drive?
  1. Download a recent Linux distribution. I would recommend Debian/Ubuntu or one of their smaller derivatives (like Knoppix). Burn it on a cdrom or USB drive and boot the system from it.
  2. Make sure your package manager is up-to-date (under Debian/Ubuntu, sudo apt-get update), then install nvme-cli (sudo apt-get install nvme-cli)
  3. If your drive is a Samsung, it now has to be put to sleep (you can do that with sudo systemctl suspend) and then woken up. This is a weird bug that Samsung doesn't seem in any hurry to fix.
  4. Now you can securely wipe the disk: sudo nvme format -s1 /dev/nvme0n1
For the curious: the -s option triggers Secure Erase mode, which can be set to 1 (wipe) or 2 (delete encryption keys for encrypted data). 1 looks like the safest option, because it will automatically do what 2 does if it detects that all data is encrypted. Reference here.

The latest NVMe specification adds other commands, to scrub every nook and cranny (bus caches etc), but as far as I know they have not been implemented yet.

15 May 2018

New Beginnings

So, after 7 intense years at Infratects (now Inlumi), it's time for me to move on.

I have a few ideas about what to do next, but nothing set in stone yet. My LinkedIn profile could do with more details, but it's a decent primer for what I do for a living - Hyperion/EPM, Python, Java, Weblogic and thereabout.

I was a web developer in a previous life, so I enjoy hacking and automating everything, getting dirty with infrastructure and the cloud; and in 13 years working on Hyperion products, I've absorbed a pretty good amount of knowledge related to financial processes (consolidation rules, metadata, cube performance and so on) as well as a deep understanding of the innards of the EPM suite. I can tweak your database, hack your Weblogic, integrate your cloud-based authentication, script your exports and migrations, and so on; and if there is something the tools won't do... I'll build you a new tool! That's where I make the difference: at the intersection of technology and Finance, boosting the productivity of accountants.

If this sounds interesting, ping me on LinkedIn and we can have a chat.