New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Digital Ocean private data leak
FYI: http://www.wired.com/wiredenterprise/2013/04/digitalocean/?cid=co6834744
Maybe better not host anything sensitive on DO for now... 
Edit: Seems fixed already: https://www.digitalocean.com/blog_posts/resolved-lvm-data-issue
Comments
AFAIK most providers don't actually write zeroes to the disk when a VM is deleted, they just destroy the LV.
There was a similar article about this and Rackspace a couple years ago.
IMHO if you are expecting anything different when using these platforms you should be encrypting the disk etc.
Hmm so if you delete a volume that's supposedly on SSDs, doesn't the LVM layer send TRIM to the SSDs for the freed space? Or maybe the RAID card doesn't pass the TRIM to the SSDs, who knows.
You can bet they weren't doing this intentionally to try to save the SSD life.
I can't wait to see what happens in a year or so when all of the DO SSD's go read only en masse-
Fail, why i am not suprised?
TRIM doesn't write 0s either?
@unused Even worse, some SSDs just die after too many writes:
http://www.xtremesystems.org/forums/showthread.php?271063-SSD-Write-Endurance-25nm-Vs-34nm
@kryps nice overview -- definitely going to be interesting, considering the DO workload has to 10-20x casual use.
@kryps SSDs have 3 year warranty, so compared to RAID Controllers, I love em'
Ahh, seems they deployed a fix already:
https://www.digitalocean.com/blog_posts/resolved-lvm-data-issue
Perhaps, but I doubt manufacturers imagine the usage scenario in a flashcache or cachecade.
From here
http://www.lowendtalk.com/discussion/9401/digital-ocean-sharing-customer-data
Honestly... what a yellow title ¬_¬ ffs
BYOD. Want to see if anybody interested in sending a hard drive to their provider.
Digital Ocean continues to crap in it's pants.
There are have too many DO issues lately or perception of issues to even go near them.
How do vps providers handle this?
Not ideal but then it's not exactly a leak and not as if someone just released their entire solusvm database on the net either.
Oh it's a leak alright.
To fix this sort of leak, providers should overwrite the former customer volume file with fake 0-1 writes and re-writes.
cat /dev/vda | strings > /dev/shm/dump.txtI just ran that code on one of my VPS's (I think it's OpenVZ) and got a 400mb file. It's mostly junk, but I can see some log's of someone initially setting up the box.
That's most likely just a file on your VPS. I'm fairly sure that this trick only works with LVM-based setups.
EDIT: Yes, you can use OpenVZ with LVM.
strings /dev/vda >/dev/shm/dump.txt