Earlier this week we asked what drives you to refresh or replace your PC and laptop estates and whether your projects involve simply the replacement of existing machines with new hardware and software or if you might be looking at implementing some form of desktop virtualisation. Now in all such refresh projects it is quite …
Part by Part
Home wise, I replace individual parts when they die, usually a motherboard death will entail a new CPU type (depends on the length of the board) and last time for me a graphics card (AGP>PCIE).
Case, drives etc last on until I want to change.
So mostly, mine is controlled by the life of the motherboard.
if you do business with Del, they have this taken care of
Dell Asset Recovery.
Disks are wiped or - if damaged or sensitive - removed for the customer's disposal.
They remove the asset and give you cash back for anything with value on the used market. Simple, really.
pick up a penguin
Corporate-license Windows, so we can't give that away, nor most of the other software that's installed. So nuke them to Linux. Easy-peasy if your O/S wants to be copied.
boot a stand-alone linux disk
overwrite the whole disk with zeros - we don't have any really sensitive data, so this suffices.
# dd if=/dev/zero of=/dev/sda
Google DBAN if you need a more secure erase.
install a free linux system image
# mkdir x
# mount server:/images ./x
# cat x/linux.img.gz | gzip -d -c | dd of=/dev/sda bs=1M
shutdown, reboot, redeploy as an X-terminal, casual browser terminal, or give the system away. (Get a signed acknowlegement, just in case the new owner dumps it and the PC is traced back to us). They'd also be perfectly good thin clients if we had virtualized desktop systems in our datacentre.
If the recipient wants Windows, the linux install at least shows that the hardware is OK, and how he re-installs Windows is not our responsibility. But with a bit of luck he plays with Linux a bit first, and discovers that he really doesn't want Windows at all.
Linux runs quite happily on old-ish PCs with 512Mb RAM (or even just 256Mb) that were struggling with XP SP3 and which are totally useless for Vista or 7.
In the company i work for we try and keep the estate as its called quite young as an average of 3-4 years. lately this has slumped to about 5 as some machines are purely ancient due to systems being out there that still need to be supported. Some such systems are WFWG 3.1, and some so old that vendor ID's are long since in the dust just like the companies that built them..
We generally rent all our kit which makes things easier. when something fails it just gets replaced with something new. If a machine generates a hardware or software fault that would require pulling it from service for a period of tiume to rebuild it or replace faulty hardware then it just gets refreshed if its over 2.5 years old. Often the warranties of the machines are just as long. We do purchase some kit as its more cost effective and this rarely gets refreshed as we talking about desktops with dual gfx cards, dual quad core xeons and 8gig of ram and the like. By doing this it keeps the age related faults down, though sometimes it generates its own faults when after a few days the user realises some bit of pedantic software is missing.
The machines are then ripped apart, memory is frazzled and HDD's are subject to certain stress relieving tests to ensure they are dead before they go off to be metled down :) thats the most satisfying part of it all :)
When a machine is refreshed the old one is usually kept for at least a few dayys if not a week or two incase any data needs pulling off it again but as the drives are quite tiny compared to newer machines i often find it easier to rip the data off them into the new machine and just dump it into a folder with only admin access called OLD MACHINE so the user cant fubar it up and makes diving back in time easier as well :-)
"recover data from wiped or even formatted disks."
That's utterly baseless FUD.
Of course, formatting does nothing, just replaces the "table of contents". But wiping implies overwriting the bits with zeroes, something you cannot show any recovery software for -- we're speaking scanning electron microscopes to get each bit with a .56 chance (.50 would be pure guessing).
There's also the sport consisting of multiple overwriting, sanctioned by the NSA, with 7x being a numerologically favourable choice, but based on less than nothing.
Wiped, eventually recycled.
We have an ancient boot disk (floppy) with a wipe program on. Insert disk, come back an hour or so later (depending on machine age and disk size) and stick a 'wiped' sticker on the case.
We used to just store them but our auditors pointed out the inherent software licensing problems.
Also we have recently begun an arrangement with a partner organisation who recycle PCs. They will be taking the old, wiped PCs.
Everybody Pays... maybe not directy.
My last refresh used a Government fraemework contract (HP) that included disposal - easy...
For ad-hoc, I have a contract with a WEEE disposal firm I call off as required.
We pull all hard drives (yep, laptop and server too) and they get shredded - physically, no kidding - so no data leakage.
Since we sweat our assets for 5 to 6 years, there's no real intrinsic value left unless the kit is really specialist (SUN servers may qualify...). But even then we don't bother trying to flog it, as Government disposal rules mean we pay for the flogging exercise, have to ensure WEEE, and then have to hand the (minute amounts) of gains straight back to the Government.
Nothing like an incentive... no, really!
DBAN and Ubuntu
[QUOTE]So how do you handle the end of life of your PCs and laptops, at least those neither lost nor stolen? Do you recycle yourself, use a third party, give them away or format and dump? Do you attempt to get the vendors to take them back? And is it a profitable exercise? Can you make money reselling old kit on the second hand market?[/QUOTE]
I work at a large surplus department at a US University, in the computer department. University departments are to send all computers here; we also get most other stuff (furniture, equipment, and odd stuff like impounded bicycles, slate, etc.). We have a large university hospital that also sends machines in, which greatly increases our number of systems compared to a typical University. We've been getting around 8,000 machines per year.
We pull all hard drives, hook them up to a wiping system (which is in fact 8 or so PCs with IDE, SATA, and power cables jutting out the side running DBAN. We intend to soon use esata, with sata to IDE adaptors.) 3-pass DOD wipe with a verification pass. We modified our CD so it does NOT stop or prompt at all, it goes directly into a 3-pass wipe of all attached drives (so we do not have to have keyboards attached.) We take data disposal seriously, all incoming drives are scanned into a computer and a bar code sticker is affixed to the drive. This is scanned in "wiped" and a wiped sticker affixed after wiping. Finally, the sticker is attached to the PC if it's installed in a PC (it has blanks for writing a CPU speed, RAM, etc. so it's used to write the PC's specs), and this sticker is scanned out "sold" when the PC or bare hard drive is sold. If a drive has wipe errors or just plain errors out, the drive is red tagged for disposal, put in a disposal box, and this box of drives is scanned out "recycled" when it's taken up for disposal.
Anything below a P4 is also tagged for disposal. I personally know a P3 is still useable for some purposes, but in practice they are unsellable.
We put wiped drives back into machines, (checking for blown caps and such at this point) hook them up to a network, and install Ubuntu on them. The install's fully automated, just PXE boots (we use gpxe from rom-o-matic.net for the few machines that don't support PXE..), the ubuntu installer runs and is all preseeded and automated, after about 15 minutes the install is done. This is also effectively a burn-in test on the machine, a machine that runs but is flakey due to weak caps, weak power supply, CPU got a little burnt at some point, etc., fail in the first 2 or 3 minutes . The 8.04 install has drivers out-of-the-box for everything I've thrown at it from a P2 through a Core 2 Duo, versus the horrors of trying to find XP drivers for every model (let alone licensing, which is impossible -- since the U has an enterprise license anyway, the savvier departments ordered numerous P4s with 98, 2000, and even NT4, licenses to save the bucks over ordering with XP licenses they wouldn't use.)
Hard drives, I take up personally in a box, they scan the barcodes on their end and I get a printout I take back (auditors periodicially check our operation to make sure drives are properly tracked.) These have the top popped off and platters removed, then are taken for metal recycling. Computers (and junk printers, CRTs, broken LCDs, etc.), the recycler brings a truck down and picks up 12 pallets at a time. They seperate metals, plastics, etc. on-site and take those to recyclers; any usable cards, RAM, etc., they seperate on site; anything new enough to sell, they refurbish and sell on site. They have an on-site lead smelter. They truly recycle, they don't just take our stuff and ship it overseas.
Vendors do not take our stuff back, this is the US so basically if it's out of warranty the vendor has no obligation, with one exception -- the university gets a discount for any old networking kit they turn in, so I hardly see any of that come in.
Profitable? Our department as a whole is in the red by about $100,000 a year, but that is a lower cost than recycling everything or even throwing it in the bin. The computer operation itself has VERY little staff, and almost certainly turns a profit. Resellers do buy machines bulk here, mark them up, and make profits too, one confided he was making about $100,000 a year a few years ago. This is not pure profit, the resellers do provide some tech support and warranty that we do not.
So, in our case, profit is questionable (if it was a private business and not a university with it's overhead I think we'd be profitable overall....), but it's still less costly than even throwing the stuff out. It ensures better security. In short, DBAN and Ubuntu. No worries about data security, no worries about licensing. We DO sell Dell XP CDs for $25 as an option for any Dell purchase. We make it CLEAR there's no support though -- 1) People wanted help installing. Not our problem, hire someone to install the OS if you don't know how, we shipped the box with a working OS. 2) People were trying to cheat and install it on Gateways, etc. -- WGA check fails. Also not our problem, the licensing restrictions XP had all along are now actually enforced. I tell people to take it up with Microsoft.
Wiped and moved on
Most of the places I've worked for in the past 20-odd years have one of two policies for whole systems (ie. working desktop machines). First option, they start by wiping the hard drives, such as with DBAN, then they're either sold to staff (typically with income going to a local charity). Second option, they're donated to a PCs-for-third-world charity who have an audited hard disk wiping policy.
For working peripherals and components (except hard drives), they usually sit around in a cardboard box somewhere in IT, staff can help themselves, and once every so often the box gets emptied and the contents taken for WEEE recycling. Typical examples include network switches and graphics cards.
For removed hard drives, they usually get taken apart and then the platters destroyed (with a vice and hammer, or with a dedicated platter-destroying tool), then the remains go to WEEE.
At the end of it's service life for the company, there are two possible fates for a past-warranty system I control. It all depends on the motherboard. If the mobo is dead, the system is torn apart, individual components qualified as “known good” and they go into a drawer somewhere as “spare parts.” If the mobo is still alive and kicking, that system will be refurbished (at this point, this will be the second time in its life,) and given away to a staff member. (Or the friend of a staff member, etc.)
We have a process set up whereby as part of "testing systems for certification" we perform "data-destructive tests" on hard drives, thus we aren't all that worried about sensitive data. RAM is memtested, the CPU runs BOINC for a night, and we 3dmark the video card on a loop to make sure it won't pull an nVidia on us. (The Magic Blue Smoke is supposed to stay INSIDE the chip.)
Since we have a dedicated body to doing hardware, it’s not really that big a deal. He mostly deals with servers that have died or re-qualifying spare systems after they return from RMA. If a system has failed in the field post-warranty, he will use his vast store of spare parts to try to repair it. In his downtime, however, he is tasked with taking any fully decommissioned systems we have lying around, and making them as useful as possible, so we can gift them on to staffs etc. who want them.
The hardest part is NOT repairing the computers. The hardest part is dealing with the tax law and accounting about what is a “taxable benefit.” If we build up a supply of these systems and no staff want them, they get donated to a local charity, or eventually wind up at the local eco-station, where they perform metal recovery.
We use HM Government approved methods:
PCs - Sell them in bulk to that dodgy-looking guy with the stall at the local car boot sale.
Laptops, notebooks and memory devices - Leave them in the back of a taxi
Software, manuals and printer cartridges - Pile randomly in a large cupboard in case they're needed later.
Well worth the money we paid to those consultants...
We throw our old hardware in the canal down the road.
We find it's more environmentally sound than setting fire to it, or taking it down the local dump, where it would inevitably start it's long journey only to end up in a TV documentary featuring 5 year olds inhaling poisonous chemicals on a slag-heap in outer-mongolia.
It's a well know fact that canal water renders hard drives inoperable to the point where only the FBI or a Linux geek could retrieve data. Besides, we delete all the data and empty the recycle bin first.
Before we do a canal run, we shove all obselete hardware in a massive cupboard and leave it to gather dust for an undetermined amount of time. When it's ready, we pile it in the back of the van and at midnight, set off down the country lane to the canal. Copious amounts of cheap cider are consumed as we haul the obselete dusty hardware off the bridge. Prizes are awarded for anyone who hits a duck/swan/fish/angler/cyclist.
The ducks and swans don't mind too much - in fact, they use the wires for nesting material.
Badgers line thier sets with circuit boards and fish use the empty PC cases to hide from anglers.
It's a win-win solution.
At my work (gov't related business), we're not allowed to have any hard drives/data storage devices leave our premises. We have a big old grinder that eats hard drives, ram, disks, etc. The rest of the kit; local public school system gets first pick and then the rest gets sold at auction. Frequently, the schools pass and you can find some nice bargains at auction. Last year, I picked up 2 G5 towers and two 23" monitors (Apple display adapter ones) for $600.00. There was no RAM or hard drive but they both had DVD super drives, video cards, logic board. These made some nice movie players, streaming ripped DVD's from my Mac Mini server.
/Mine's the one with the old Newton in the pocket
We probably could regain money by selling old equipment, but frankly it would take up more in our IT admin's waged time than we would regain.
We send ours to enviro-PC (at cost to us, but not much) who securely dispose of data and reuse machines where possible - in schools and third world countries, as far as I know. Duff equipment is disposed of responsibly. I don't really care what happens to it all, or if they make a profit on it, as long as it doesn't a) end up all in the ground or b) end up contaminating poor scrapheap workers in China or India.
I think it's a shame so many people think hard drives should have their platters destroyed - any disposal company worth it's salt will know how to securely destroy data without physically destroying the disk. The only reason people need to see the physical effect is for evidence.
(recycling icon plz :)
Wipe, reinstall, auction
A part of my job is to wipe old machines (full format - multi-pass-random if they are from finance or records) and re-install whatever OS version they are stickered for (internally we have a standard version site licensed) before the things are boxed up and shipped off to auction. The returns are barely more than shipping costs but covering disposal costs is enough.
If the machine is unbootable, the HDD is removed and destroyed creatively (I have permission to dis-assemble them on-site then take them home and make sculptures of the parts).
External vendors by the large...
I work for a tribal entity that has a large amount of compliance and regulatory oversight. in the US.
We have a defined asset recovery process in place, and use licensed vendors for equipment disposal that certifies data destruction and responsible equipment recycling/destruction.
As far as data destruction goes, our vendor handles the bulk of our desktops. We do perform wiping in house (using DBAN and a multipass PNRG stream) on certain machines with locally stored sensitive data on them and on our servers.
Posted anon... well..
@marvin - Recover data from wiped disk
It's not at all impossible to recover data froma wiped disk, if you are an espionage agency or are willing to throw six figure sums at the task. However, if you are only worried about someone poking around using a PC and operating system (typical cracker or criminal activities) you are safe enough after you have written the whole disk to zero or random.
The first problem is that there will be some data left un-erased on the (few?) sectors which the disk decided were dodgy and relocated. Someone with knowledge of the firmware or manufacturer-diagnostic commands can doubtless read those blocks.
The second, bigger, problem is that on the physical platters, overwritten blocks have magnetic fringes down the sides that are not fully over-written. It may be possible to retrieve (some) data from these fringes using special firmware and the drive's own read/write heads. It's certainly possible by dismantling the drive in a clean-room and using a much smaller read-only head or probe to explicitly examine the fringes.
DBAN / DoD multi-pass erase patterns are designed to minimize this risk by repeatedly writing, with patterns that maximise the degree of erasure. Nevertheless, alignment of the heads with the magnetic tracks changes with age and temperature, and so erasure cannot be guaranteed.
If the data on the disk is worth five figures or more to anyone, your best bet is physical destruction. I'm told that at a certain defense establisment, the hda first has holes drilled in it, is then pounded by a big man with a sledgehammer, and ends its days in a vat of ferric chloride solution, which will rapidly dissolve any bits left on the broken bits of disk platter.
We don't have a fast turnover as we tend to keep stuff till it dies. We also sometimes get gifted redundant stock from our customers.
Hard drives are wiped and stored. Any less than 10G have DOS put on them - we have a lot of customers still using DOS software on CNC machines etc.
Floppy drives are carefully cleaned and stored - 40 track single-sided especially! Motherboards are kept if they are working and have at least 2 ISA slots on them - everything else goes to the scrappie chappie.
Pass on to staff.
We tend to pass on old equipment to staff for a very small fee.
But ALL hard disks are removed. We have a pretty sure fire way of making disks un readable.
We drill 4 10mm holes through the hard disk.
Trust me, after drilling 4 holes through a disk you do not want to power it on. We tried, it nearly flew across the IT workshop on its own.
This was also the method we used to use in the MoD.
- One HUNDRED FAMOUS LADIES exposed NUDE online
- Google flushes out users of old browsers by serving up CLUNKY, AGED version of search
- China: You, Microsoft. Office-Windows 'compatibility'. You have 20 days to explain
- Twitter: La la la, we have not heard of any NUDE JLaw, Upton SELFIES
- GCHQ protesters stick it to British spooks ... by drinking urine