Why doesn't delete mean delete?

[Victor_Charlie]

gazpacho:

So delete does not mean gone forever in most computer contexts and hasn’t for a very very long time.

Cntl-Z is an intentional action, like removing something from the trash bin before the collector takes it away. If you don’t cntl-z, once you close the program those deleted items don’t hang around until something else eventually overwrites them, they are gone forever.

[gazpacho]

Lukeinva:

Some computer contexts. On the big mainframes (MVS) when a dataset is deleted it is gone. And it is not retrievable; there is no undelete or ctrl-z end of story. The only way to recover it is to restore it, and the source is from a backup which is intentionally taken (usually nightly). This is the only way to restore a dataset practically.

In fact, with RAID 5 (or 6 I forget which) it is almost impossible to ‘go to the disk’ and recover the tracks in raw format because the tracks are written in segments across 5 (or 6) disks in the array which only DFP keeps track of, or the internals of the machine. In the days of real 3390s retrieving data from one of the disks was probably something that could be accomplished but I never saw it.

In practice when you issue a delete command your data is gone. Unless you have some such undelete or unerase utility, and a lot of luck that nothing else was written to the disk before attempting a recover. Disassembling a hard drive to recover data is ridiculously hard and incredibly impractical that it isn’t a solution for nearly every computer user.

This is what made the Windows recycle bin a very nice invention.

If we want to bring things out of the home computer era it starts to get really hard to reliably erase a file. Where I work the unix computers have a huge set of backups. There are hourly backups that are captured 1, 2 and 3 hours ago, three sets of daily backups and three sets on monthly backups. People invest a lot of time and money into not deleting files.

[jtur88]

Is this something like the difference between “junk” and “trash” in my e-mail program?

And if I go back to edit this post, what is the difference between “delete” and “cancel”?

[fumster]

Victor_Charlie:

Again, what happens when you highlight text and hit the delete button? Don’t pretend this isn’t relevant with respect to how the average computer user interprets the word.

It removes the word from view unless you hit “un-do”. Similar to the recycle bin, no?

[fumster]

It seem like people are conflating three things:

1. Removing a file from the file system. For efficiency, this is done just writing as little as possible to disk. Depending on the implementation, you might have to write to just a few disk blocks to have all the blocks in the file placed on an unused block queue. Individual data blocks are still readable. Whole files might be retrievable , but it is non-trivial and depends on luck and knowledge of the underlying file system.

2. Modern “delete” which takes the file and moves it to the recycle directory . Recovery is trivial.

3. Writing over the contents of disk blocks so that there is no way of recovering data.

[RaftPeople]

Victor_Charlie:

The OP clearly relates to the elimination of files from a computer hard drive,…

And it is exactly where the OP makes a mistake.

From the OS perspective, the term “delete” refers to the LOGICAL view of the system, not the physical view. A deleted object is no longer available to be referenced or acted upon (typically) by the functions provided, but it says nothing about how the system stores data.

Thinking that you can infer from a logical action what the underlying physical implementation looks like is a mistake, certainly a natural one for non-computer scientists, but still a mistake.

[Dog80]

Lukeinva:

:dubious:

Undelete is part of the PC-Tools command set; it’s not an original PC- or MS-DOS command. And yes we all know that the operating system simply marks the sector of disk as available but that is knowledge that everyday users don’t know.

I am quite sure undelete was included from MS-DOS 5.0 and onwards

[Measure_for_Measure]

MS-DOS 5.0 was released in May 1990 and was the first DOS version to include undelete. Microsoft licensed the technology from Central Point Software PC Tools. MS DOS 1.0 was released with the IBM PC in 1982.

The window for MS-DOS 5.0 was short: Windows 3.1 was released in March 1992 and the buggier Windows 3.0 was introduced in 1990. Those versions of Windows were built on top of DOS admittedly.

[TonySinclair]

I have the opposite problem as the OP. I cannot understand why there are still programs, like Winrar, that do not give you the option to use the Recycle Bin when they delete files. I mean, it’s right there. You don’t have to make it the default, but at least give us the option.

[fumster]

Victor_Charlie:

Well, the problem, obviously, comes from the fact that the majority of regular people don’t know all the distinctions, nor should they be expected to. Maybe this means that early programmers should’ve come up with a command that didn’t leave the impression that a file was gone forever.

Maybe they should have called it *remove *and abbreviated it to “rm”.

[Victor_Charlie]

fumster:

Maybe they should have called it *remove *and abbreviated it to “rm”.

That’s a fine suggestion.

[Victor_Charlie]

fumster:

It removes the word from view unless you hit “un-do”. Similar to the recycle bin, no?

Yes, but once you close a program the cached words are gone for good, there’s no undoing. Plus, there’s a limit on the number of “undos” stored in cache. Files will hold in the bin indefinitely until you delete them from there.

[Victor_Charlie]

RaftPeople:

And it is exactly where the OP makes a mistake.

From the OS perspective, the term “delete” refers to the LOGICAL view of the system, not the physical view. A deleted object is no longer available to be referenced or acted upon (typically) by the functions provided, but it says nothing about how the system stores data.

Thinking that you can infer from a logical action what the underlying physical implementation looks like is a mistake, certainly a natural one for non-computer scientists, but still a mistake.

Yes, from the OS perspective. From most users’ perspective, delete doesn’t mean it’s been made unavailable. It means it’s gone. That’s the viewpoint taken by the OP.

[fumster]

Victor_Charlie:

Yes, but once you close a program the cached words are gone for good, there’s no undoing. Plus, there’s a limit on the number of “undos” stored in cache. Files will hold in the bin indefinitely until you delete them from there.

In windows and many other programs the paste buffer is available after the program closes.

You should also take a look sometime at the metadata that word processing programs store in a file. There may be a list of all the revisions made to the file, who created the file, etc. There is also metadata stored in pictures taken with your digital camera. This may include the date, time, and geo-coordinates of where it was taken.

And BTW, Microsoft Paint doesn’t use real paint.

[Unintentionally_Blank]

It’s both better and worse than y’all have stated thusfar in the thread.

Example the first:

1. Your iPhone’s flash storage is encrypted by default. Good encryption as a rule, is indistinguishable from random noise. Lose the decryption key and the data is lost. Due to the design of the phone, EVEN IF you restored a PERFECT image of that data, PLUS KEY to another iPhone, it would be unrecoverable as aspects of the encryption rely on aspects of that particular phone.

2. There is, curiously enough, No such thing as a DoD wipe. (See Data Sanitization, here: National Industrial Security Program - Wikipedia ) As of the June 2007 edition of the DSS C&SM, overwriting is no longer acceptable for sanitization of magnetic media; only degaussing or physical destruction is acceptable.

3. last week I was able to boot a RAID 5 server with deleted files and successfully restore them…at the OS level the files were still recoverable.

4. At the same time, the ‘clean room’ recovery techniques really aren’t feasable any more. Areal density is just too high if there isn’t any residual disk structure information to go on. A single wipe of zeros will effectively make it forensically useless.

[clairobscur]

BigT:

Deletion takes time. Why would you want to waste time deleting something rather than just write on top of it when the time comes?.

At first I thought the same but then I’m remembering my recent attempt to recover an accidentally deleted file, with the computer throwing at me 35 000 recovered files. If I actually overwrote deleted files once in a while, I maybe would have had, say, 1000 or 2000 files to go through and might actually have found the file I was searching for.

Or maybe I could find a tool better at sorting out recovered files…

[DrCube]

Victor_Charlie:

[QUOTE=fumster]
Maybe they should have called it remove and abbreviated it to “rm”.

That’s a fine suggestion.
[/QUOTE]

:smack:

Unix

rm (Unix)

srm (Unix)

[Steve_MB]

Lemur866:

Bottom line is that normal deletion of your information would be enough to stop 99% of all attempts to recover that data, simply because nobody cares about your data. But if someone is willing to spend hundreds of thousands of dollars to recover your data, then physical destruction of your media is the only possible standard.

Not exactly, if by “normal deletion” you mean “select the file and hit the delete key”. Data deleted that way can usually be recovered easily with fairly simple software tools if that part of the disk hasn’t happened to get overwritten by something else. The bottom line is that if you keep anything on your computer that could cost you money or embarrassment if somebody dug it up, it’s worth doing a secure delete. That said, a simple write-over-everything-once secure delete (as opposed to one of the high-level multi-stage overwrite protocols) will protect the data from anyone who isn’t willing to spend thousands of dollars or the equivalent in in-house resources.

[yoyodyne]

Steve_MB:

Not exactly, if by “normal deletion” you mean “select the file and hit the delete key”. Data deleted that way can usually be recovered easily with fairly simple software tools if that part of the disk hasn’t happened to get overwritten by something else. The bottom line is that if you keep anything on your computer that could cost you money or embarrassment if somebody dug it up, it’s worth doing a secure delete. That said, a simple write-over-everything-once secure delete (as opposed to one of the high-level multi-stage overwrite protocols) will protect the data from anyone who isn’t willing to spend thousands of dollars or the equivalent in in-house resources.

If you have a solid-state drive, overwrite isn’t effective. The data has to have been encrypted with a key that is no longer available, or the entire drive wiped with the ATA secure erase command.

[sid_manny]

Hi,

 There is one software that can be used to delete the files permanently from the storage device. A couple of days ago I was able to [shred files from SD card](http://www.myfileshredder.com/shred-files-from-sd-card) by using this software. With this software it is possible permanently delete the files from hard drive, memory card, external hard drive and pen drive. You can also [download](http://www.myfileshredder.com/demo/fileshredder.exe) the demo tool from the internet and test the software.