Comment by neilv
6 hours ago
> That's how it found out that the last "new" drive I bought on Amazon was actually a used Backblaze drive. It contained terabytes of customer data, and a shit ton of cleartext files. SMART, of course, reported it was a brand new drive with zero hours. Cleartext logs on the drive showed many thousands of hours of runtime.
This sounds like it could be a big problem for Backblaze customers, and consequently for Backblaze.
Can you alert the Backblaze CEO about their insufficiently-decommissioned drives leaking out like this?
Backblaze customers also need to know, but I would give Backblaze the first shot at figuring out how to notify, whom, of what.
Backblaze erasure-codes customer data across 17 (I think) servers, so customer data is probably not accessible. Yes, it would be better if they zeroed the drive, but Google says that will take 14-30 hours for a 10TB drive.
For drives that implement an internal encryption key, it's faster (instantaneous) to reset the encryption key. It won't give you a zeroed drive, but one filled with garbage.
In many erasure coding systems, the first X sets of code are simply cleartext chunks.
This is also more efficient in the happy path since then no computation is needed to decode the data. It can be DMA'd straight from the drive to the network adapter with super low CPU utilisation even for Gbps of network traffic.
The earlier description is ambiguous (i.e., is it data of or about customers, and is that data cleartext), but it seems they believe they have a drive from Backblaze with a lot of cleartext files on it, and something involving customers.
> It contained terabytes of customer data, and a shit ton of cleartext files.