zlacker

It should be the case that even administrator access should not be abusable

If administrator access is equivalent to ownership, then I strongly disagree.

>>userbi+(OP)
Even as an owner, you should not be able to arbitrarily restrict the rights of future owners.

>>userbi+(OP)
As an administrator, you generally expect to be able to change your mind at some point.

Flashing data? Fine.

Permanent? Not so much.

>>adastr+Tb
Unfortunately the existence of things like efuses and OTP makes that very difficult.

>>adastr+Tb
No more hole sawing my old hard drives for me, lest I restrict rights of future owners to use the drives as storage devices.

>>ohyout+1g
Well they'd still have the right, just not the ability (this is actually a distinction US courts have made regarding arbitration clauses and legal recourse).

>>shakna+kc
This logic doesn't hold. If I choose to dban or degauss something, I don't expect I should be able to recover it later. Admins absolutely have the option to make irreversible changes, and do this quite often.

>>ang_ci+9A
Right. But degaussing isn't a "general" decision. Updating most systems is.

>>shakna+XB
Degaussing (for orgs who do it) is just as operational a task as updating. There will be an SOP that covers data storage decommissioning. It's not as frequent, but it's not any less 'normal', certainly not ad-hoc or one-off. You don't invest in a degausser "just in case".

>>ang_ci+9A
Just because some administrative decisions are permanent and destructive doesn't mean that every operation should be made permanent or destructive.

Should every software config require buying new hardware because the initial config gets permanently flashed with an e-fuse to only allow a single write? You could even make a security argument for such a setup, but good luck getting approval for your 15th motherboard this quarter because you typo'd the config.

Also, dban and degaussing is not entirely equivalent -- from a practical perspective the equivalent is hard drive shredding (because the hardware cannot be used again in the old/non-malware config -- dban and degaussing are more like factory default resets). Do some organisations need to do this? Sure. Should we design systems with the assumption that any mistake means that the hardware is destined for the shredder? I would hope not...

>>ohyout+1g
Unless you got it to saw itself via administrator access you've drifted off the intent of this conversation.

>>ang_ci+9A
What's irreversible about dban?

If you are magnetically destroying hard drives as part of decommissioning, that's not really the same thing. You're not using admin access to do it, and you're not making a change that permanently applies to all future use of the device (because there is no future use).

>>ang_ci+oC
No, that's not what I meant. I was referring to tasks you might perform regularly on the same machine.

You don't go ahead and erase the same disk once a week. Decommissioning isn't something that occurs for the same project, once a month.

Its not the same operational process.

>>Dylan1+5N
> What's irreversible about dban?

If you do it right, the data erasure.

>>ang_ci+i67
Yes but we were talking about hardware level changes and the person you responded to specifically said flashing was okay. So I thought you had something relevant to that in mind.

Anyone can delete a file. Nobody wants to ban deleting files.