Wikipedia:Reference desk/Archives/Computing/2007 February 18

= February 18 =

What happens during reformat that makes data retrieval difficult?
I recently copied all the files from a drive (or so I thought), reformatted to Ext3 using gparted, then went back into Windows to find that my hidden folder and contents was not copied. I went back into gparted (using liveCD version) and converted back to NTFS so that I might use a recovery program. The data lost isn't majorly important. It's a bit annoying and will hopefully serve to remind me not to be so careless in the future, but what I want to know is, since I read that data is not altered in reformatting (only the file system), how can it be that my recovery program has found none of the file-types that I told it to look for (it's been searching for 110 hours (yes, nearly five continuous days!) and is now near the end. If the data wasn't over written, it should be finding things right? I suppose fragmentation of a file would confuse the program so it wouldn't find fragmented files but what about files that aren't fragmented?

For future reference is re-reformating to NTFS (back from ext3) likely to make it worse? --Seans Potato Business 03:11, 18 February 2007 (UTC)


 * Imagine that instead of using a dewey decimal, a library used a first come, first served procedure. As in books were added to the shelves as they were published / bought. The location of all the books were stored in an index of some sought, and when you wanted a book you looked in the index and found what shelf the book was on. This is similar to NTFS and FAT.


 * In formatting the drive, you have basically gone and removed the index, now the program is going through each book on every shelf and looking at the first paragraph to find out what type of book it was. The titles (filenames) were all stored in the index and are not written on the front of the books.


 * Your retrieval will take time, and is not guaranteed to work. Fosnez 04:59, 18 February 2007 (UTC)


 * It was probably a bad idea to format it back to ntfs in the first place. You probably have a good chance of at least partially recovering your data though --⁪froth T 09:45, 18 February 2007 (UTC)


 * Thanks, but I still havn't learned anything new. I understood the function of the index and the simple removal of the index would lead me to believe that all files were retrievable, given enough time. Since none have been retrieved, it cannot be this simple. You, Fosnez say it's not guaranteed to work and you, Froth, say "chance of ... partially recovering data", so I ask what other factors are leading to data being lost? It is not fully explained by the library analogy. --Seans Potato Business 11:40, 18 February 2007 (UTC)


 * It's possible that one of the conversions has completely blanked the data area (if one of them took a somewhat long time to complete, it was that one; ext3, for instance, has a mode where it destructively scans for bad blocks, but I don't know if gparted uses it). And yes, converting back to NTFS probably made the problem much worse (ext3 and NTFS place their metadata on different places; the conversion to ext3, if it didn't use a destructive scan, would not have completely overwritten the NTFS metadata, but the conversion back to NTFS would). If your recovery program is searching for file types, I guess it's similar to PhotoRec, so it should find the unfragmented files easily (and it shouldn't take five days! Is your disk that slow? The recovery program should do a linear scan, which is the fastest way to read the whold disk...). If you aren't using PhotoRec, try it; it might help. --cesarb 13:35, 18 February 2007 (UTC)


 * Both times I formatted, it took only a couple of minutes so I don't think the drive was blanked. Thanks for the info regarding different placment of metadata. It really is taking five days but I'm not sure how much of that is attributable to interuption by GoogleDesktop. The drive is 150 GB and I think the quick format recovery option was to take about 30 hours while the full one it's on now about 120 hours. --Seans Potato Business 15:39, 18 February 2007 (UTC)

A disk containing a filesystem is a multi-level structure. The disk contains a partition table specifying multiple internal partitions or sub-disks. Each partition contains a filesystem. Each filesystem contains pointers to its root directory, and to its freelist(s). The root directory contains pointers to files, and to other directories. Each file contains a last-modification time, other metainformation, and a list of the file's blocks. Finally, those blocks contain the file's actual data. Depending on the filesystem, the information associated with a file may or may not include the file's name; if not, it's likely that the directory contains the name along with a pointer to the structure containing the rest of the file's information.

The reason that undeletion can work is that much of a file's information is not lost, and is pretty easily recoverable, when the file is deleted. For one thing, the blocks containing the file's data are not erased, but are merely returned to the free list or pool, meaning that the data is not overwritten until those blocks are allocated to another file. But that's not all.

Generally, when a file is detached from its directory, the structure that ties together the rest of the file's information (the "inode", in Unix parlance) isn't deleted, either. This makes it hugely easier to undelete a file, because if you can find that structure, it will tell you which data blocks made up the file and in which order. Without that important clue, trying to recreate a file from its component blocks potentially scattered anywhere on a hundreds-of-gigabytes partition is a real needle-in-a-haystack proposition.

It's true, neither deleting a file nor reformatting a partition generally erases everything. But resizing or reformatting a partition is quite likely to erase some of the key information which otherwise makes undeletion easy. For example, at least on a Unix-like filesystem, besides the list or pool of free blocks, there's a list or pool of free inode structures. It's through that list of free inodes that an undeletion program first looks. If that list has been damaged -- or even just if the pointer to it has been lost -- the undeletion program may not have anything to work with. And although a filesystem-level reformat does not generally erase everything, it does obviously involve rewriting the header information at the beginning of the partition, containing pointers to the root directory and free lists and such. So it's pretty easy to see why an accidental filesystem reformat, even if it doesn't erase everything, makes an undeletion utility's job much more difficult than does a simple accidental deletion. —Steve Summit (talk) 16:52, 18 February 2007 (UTC)

stupid crackers
I use Firestarter as a firewall on my GNU/Linux system. However, my router is configured to block (or, not forward) everything except for stuff that I allow. When I enable DMZ to my computer, I'm getting hundreds of random connections. I've never experienced having a PC compromised before, so is this normal?

--wj32 talk 03:52, 18 February 2007 (UTC)


 * Yes, it's normal. Most of them will just be sweeps from Windows-based worms. Some will be script kiddies scanning around for possible targets. Very few of them will be serious break-in attempts. If you're up on your updates and don't have anything insecure open to the world, you'll probably be fine. Setting up port forwarding from your router instead of using the DMZ would give you an extra layer of security and keep out many obnoxious scans, but if you have everything configured correctly I doubt you would be any more secure. -- Consumed Crustacean (talk) 03:58, 18 February 2007 (UTC)
 * Yes, it's just the normal Internet background noise. Most people don't even notice it. You will see random undirected attacks (like trying an old IIS exploit on every IP address in the world without even checking if it runs a webserver), portscans (for instance, looking for open proxies), backscatter, local network noise (ARP queries are the most common, but Windows boxes like to spew NetBIOS stuff all over the wire), and even the odd misdirected packet (sometimes from buggy nodes, sometimes from things like bit flips in transit). --cesarb 13:21, 18 February 2007 (UTC)


 * Thanks for the replies... I often get requests in my Apache logs with people trying to run a non-existent CMD.EXE... --wj32 talk 07:45, 19 February 2007 (UTC)

More memory and hard disk space
how do i clean files and add meemory on my laptop
 * Well you can try running the Disk Cleanup wizard- somewhere in Accessories I think. Delete all of your temporary internet files and TEMP files. That should give you a couple hundred megabytes. Next go to Add/Remove Programs in the Control Panel and remove large applications that you don't use anymore (hint: anything in the hundreds of MB or in the GB is large enough to be worth removing) --⁪froth T 09:43, 18 February 2007 (UTC)


 * You may also want to copy files you no longer modify to a CD or DVD then delete it from the laptop. - Akamad 10:29, 18 February 2007 (UTC)


 * Increasing memory for laptops is quite difficult, unless you are technically astute and willing to dissect your laptop. Splintercellguy 00:54, 19 February 2007 (UTC)

Job change from Services based company to a Product based company?
Hello,

Currently I am working as a software engineer at a Services based company. But frankly speaking I am not getting to do much of the coding stuff. I am really interested in coding and tech stuff. So would changing to a Product based software company be a wise decision to take? Can someone share some insights into this?


 * Well if you're currently fielding support for products then you're definately going to get more coding work in developing products --⁪froth T 09:41, 18 February 2007 (UTC)

Windows apps similar to Delicious Library.
right|200px There's a terrific app for Mac OS X called Delicious Library that keeps track of your movies, TV boxsets, games, books and albums in a very aesthetically appealing way, while showing data from Amazon. Is there any app similar to this for Windows XP? It doesn't need to have the barcode feature, just the aesthetic appeal. Things like DVD Profiler are too ugly. Cheers. Pesapluvo 13:00, 18 February 2007 (UTC)

Portscan
I recently saw a message like this:

Intrusion attempt blocked Intrusion:Portscan Intruder:218.xx.xxx.xxx(xserver(6000))

Can someone say what was being attempted here. Thanks87.102.13.148 13:03, 18 February 2007 (UTC)


 * It means that the computer (or other device) at IP address 218.xxx.xxx.xxx (I assume the software gave you that actual IP, which you've blanked here) attempted to connect to your PC on port 6000. According to the msg above, and List of TCP and UDP port numbers, Port 6000 is used by X11 for connections between an X-client and X-server (note that an X-client is the PC on which the application runs, not the PC on which it is displayed as you might expect).  This could be for a number of reasons:
 * You have attemped to run an X11 application on a remote computer, with the display on yours, but have not configured your firewall to allow it. If you don't know what this means, then this isn't the cause :-)
 * Someone is attempting to exploit a security hole by connecting to your PC on this port, but your firewall has prevented this
 * Your computer's IP address is dynamically allocated (see DHCP) by your ISP (a quick WHOIS shows that your IP is in the "Karoo ADSL pools") it is possible that until recently the same address was allocated to a different PC, a remote computer was attempting to connect to this other PC at what is now your address, this is still an unwanted connection (as above), but without malicious intent
 * In short, if its the first one, then you'll know, as something you expected to work won't; if its the 2nd or 3rd, there's no need to worry, as your firewall has prevented it.   Davidprior 15:21, 18 February 2007 (UTC)

Thanks
 * I'll second most of what Davidprior said, with one additional note. The format of the message you received looks like it was from Norton Internet Security or Norton Person Firewall.  NIS/NPF have port scan thresholds that will trigger if enough connection attempts are made within a certain period of time.  It's very unlikely that simply running an X-client/server session would trigger this, that just happens to be the last port hit before NIS/NPF said "now wait a minute...".  Like Davidprior said, you're not in any danger because you have the firewall, and it's just telling you that it's doing its job.  Machines connected directly to the internet are under constant attacks like this, so keep your AV and OS patched appropriately and don't run any strange programs you get in email and whatnot, and you should probably be fine. - C HAIRBOY  (☎) 15:47, 18 February 2007 (UTC)

Imaging software recommendation asked
Would someone recomend an imaging software for a WindowsMe OS? I need to make some maps. I need an easy one as I have never done this before and am not very swift technically. Thanks! Mattisse 13:38, 18 February 2007 (UTC)


 * I hate to be a troll about it, but Windows ME is no longer supported by Microsoft and is the worst Windows release ever. Windows 2000 or Windows XP are vastly superior.  That said, if you can get .NET to install, try out Paint.net - its great. 68.15.208.73 14:41, 18 February 2007 (UTC)


 * For mapping-specific software, see List of GIS software - i don't know enough about this specific type of software, but a quick look at the GRASS GIS article suggests it means business. For general-purpose image editors see  and  - without knowing how complex your needs are, its hard to make a specific recommendation, but if I had to, I'd go with Inkscape.    Hope this is of some help, Davidprior 14:53, 18 February 2007 (UTC)


 * Thanks! That was very helpful. Plus I am very unhappy with WindowsMe and wish my computer would die! Thanks again. Mattisse 16:48, 18 February 2007 (UTC)

Bootable Linux setup
I have a specific Linux question. The idea is that someone who is a bit of a technophobe sits down at a PC, attaches a USB key and places a CD/DVD in the drive, then reboots. The computer boots off the CD/DVD, and loads the configuration files on the USB drive automatically. They are then after everything is loaded presented with a screen where ideally they don't have to login, rather they now have a working computer connected to the Wi-Fi router nearby and are online. They then either click on the Linux equivalent of Start/Programs/Mozilla Firefox/Firefox or type "Firefox" at the prompt which is visible with no user intervention.

Now they have a fresh copy of Firefox running, with no history, cache, cookies etc.

So the question is: is this technically possible? Linux would have to look for the configuration files by itself, do bootable distributions do this? The bootable CD/DVD would be considered "fresh", ie has had no fiddling with it, it is your standard image downloadable from the usual distribution sites.

Also, how long would it take for someone to actually set this up? I suppose the Wi-Fi would be the hardest to do. I intend to pay someone to do this, and I'm curious about the cost. So, the big question is is it possible? Thanks. Mjm1964 14:46, 18 February 2007 (UTC)
 * I have a friend at a private school who has to do this to teach Linux, since MS is a sponsor, and all the computers must be windows. They are now using 4 Gb flash sticks, with the whole Linux development system.  There's no need for a cd!  --Zeizmic 15:34, 18 February 2007 (UTC)
 * I think Knoppix can save its configuration to a flash drive (as it can to a disk partition), but I do not know if it looks for it automatically. You might want to take a look. --cesarb 17:26, 18 February 2007 (UTC)
 * I know its possible, the BSD-based distro I use for a router runs only using a livecd, and a floppy to store configuration data (in XML fomat), the next version (currently in beta) will support using USB drives to store config data. Cyraan 20:08, 18 February 2007 (UTC)
 * Live distro May have some more information. Vespine 22:57, 18 February 2007 (UTC)
 * Assuming the computer boots from the CDR/CDRW, then the linux system on the CD is controlling things. The distro would need to read your specialized config files from the CDR or the USB key.  The obvious thing to do is remaster the image, rather than using a stock one.172.146.58.73 07:34, 26 February 2007 (UTC)

Online Poll
If I wanted to set up an online poll, where I ask questions and gather the anonymous responses, how would a noob like me go about doing it? I have the webspace, just not the knowledge of what code to use. --Russoc4 19:45, 18 February 2007 (UTC)


 * What you're wanting requires you to write HTML form, for displaying the poll choices, and a CGI script to process the incoming data of the form. If you're wanting a premade solution, try looking here: CGI poll script— Mitaphane  ? 22:32, 18 February 2007 (UTC)
 * phpbb is online forum which has inbuilt poll capability, it is primarily a forum do the poll part is pretty light weight, just like what you'd see in a forum, but if that's all you need might be the easiest way to do it. Vespine 00:19, 19 February 2007 (UTC)


 * You'll also need a website to put the poll on. --Kainaw (talk) 00:26, 19 February 2007 (UTC)


 * I have the webspace to put my .htmls on. I'll see what I can code. Thanks. --Russoc4 04:19, 19 February 2007 (UTC)


 * Check to see your webspace allows CGIs or not though, because many don't, for security reasons. --Wirbelwind ヴィルヴェルヴィント (talk) 07:58, 19 February 2007 (UTC)
 * You don't really have to do it yourself. There are various free online polling services:       --TotoBaggins 16:15, 19 February 2007 (UTC)
 * hmmm.. maybe I'll use one of those^. Poll monkey looks interesting. THanks! --Russoc4 17:17, 19 February 2007 (UTC)