Forgot your password?
typodupeerror

Microsoft Adds Risky System-Wide Undelete to Vista 365

Posted by Zonk
from the choose-wisely dept.
douder writes "Windows Vista will have a new 'previous versions' feature when it ships next year. According to Ars Technica, the feature is built off of the volume shadow copy technology from Windows XP and Windows Server 2003. Now turned on by default, the service stores the modified versions of a user's documents, even after they are deleted. They also report that you can browse folders from within Explorer to see snapshots of what they contained over time. It can be disabled, but this seems like a privacy concern." From the article: "Some users will find the feature objectionable because it could give the bossman a new way to check up on employees, or perhaps it could be exploited in some nefarious way by some nefarious person. Previous versions of Windows were still susceptible to undelete utilities, of course, but this new functionality makes browsing quite, quite simple. On the other hand, it should be noted that 'Previous Versions' does not store its data in the files themselves. That is, unlike Microsoft Office's 'track changes,' files protected with 'Previous Versions' will not carry their documentary history with them."
This discussion has been archived. No new comments can be posted.

Microsoft Adds Risky System-Wide Undelete to Vista

Comments Filter:
  • by Anonymous Coward on Sunday July 30, 2006 @09:45PM (#15814366)
    Dear aunt, let's set so double the killer delete select all...
  • by ShaunC (203807) on Sunday July 30, 2006 @09:48PM (#15814376)
    FTA:
    With Windows Vista, the operating system will make "shadow" (that is, backup) copies of files and folders for users who have "System Protection" enabled (the default setting).
    Sounds to me like those of us who turn "System Protection" off, which would be one of my first few post-install steps, don't have to worry about the new features. Much ado about nothing, it appears...
    • by Otter (3800) on Sunday July 30, 2006 @10:00PM (#15814438) Journal
      Incidentally, regarding "That is, unlike Microsoft Office's 'track changes,' files protected with 'Previous Versions' will not carry their documentary history with them":

      You use the Remove Hidden Data [microsoft.com] add-in to get rid of all that Office stuff. Strongly recommended before submitting a resume...

      • Strongly recommended before submitting a resume... I can just picture where this could go: "Seeking a position as a full-time BDSM instructor" in one copy, "Seeing a position as full-time kindergarten teacher," in another.
      • by Bazzargh (39195) on Monday July 31, 2006 @05:41AM (#15815819)
        That feature is seriously screwed up. Microsoft are *still* trying to sell people on the idea that its ok to share around the editable document, when in reality its hardly ever ok. All it takes is for one person to forget to remove hidden data and you're on the news.

        Look at the list of Office products it integrates with - there's one missing. Outlook. Why isn't outlook set up to prompt you to ask if it should strip the documents before sending? Why is there no feature on exchange to block emails leaving the domain with unstripped attachments? Why doesn't iis block access to unstripped files? Now those would make it a feature worth having.

        Stepping back from MS for a moment, the same problem actually exists in many other file types - even html (meta tags and comments). Its why the microformats movement thinks metadata should be presentable and parsable [microformats.org] rather than hidden in 'document properties'. Their solution isn't complete though - we need to separate the notions of 'Save As' and 'Publish'. One way to achieve this in a corporate/government environment would be for servers to require digital signatures on outgoing documents - this would introduce publication into a document lifecycle for the purpose of integrity, at which point we can hook in 'strip doc' wizards to minimize risk.

        Just thinking out loud.
        • You're right-- this problem exists in other formats. Like, say, Photoshop.

          I have a friend who decided to make a major career change from being a network administrator for a university to... a porn photographer. At the time, I was the resident Photoshop whiz around, so he asked me if I would help him make his business cards. I said I would, but I never got around to it, so he sat down and tried to figure the program out himself. After adding various nude models to his card to come up with a template f
    • by Bios_Hakr (68586) <xptical@@@gmail...com> on Sunday July 30, 2006 @10:23PM (#15814538) Homepage
      Every time MS releases a new ServicePack or OS, I find that I'll have to disable more and more shit to make it work like Win2k.

      How about MS disables the service by default. If a user right-clicks on a trackable file (I'm assuming that this won't track changes on updated game executables, my PHP/CSS templates, OpenOffice documents, etc), then have an option to start tracking. If the user selects that, then enable the appropriate services.

      Same with the Firewall and FastUserSwitching. When you connect to the internet, have a well-worded dialog box that asks me to enable the firewall service. When I select Switch User from the logoff options, popup a dialog asking if I want to enable that too.

      Turn off more shit by default. Don't just enable everything. Seriously, who the fuck needs Remote Registry, Portable Media Serial Number, TCP/IP NetBios, and all that other useless shit? Sure, you might need one or two things, but do you need 55 services starting on a default install?

      Build in the functionality. Disable it by default. When the user triggers an event that needs the service, ask him if he really wants to do that. From that point on, leave that service enabled.
      • "Turn off more shit by default. Don't just enable everything. Seriously, who the fuck needs Remote Registry, Portable Media Serial Number, TCP/IP NetBios, and all that other useless shit? Sure, you might need one or two things, but do you need 55 services starting on a default install?"

        Classic "damned if they do, damned if they don't" situation. Modern computers have the resources. The number of people using them is in the tens of millions. Guess how literate the vast majority of these users are. I'll g
      • by Sycraft-fu (314770) on Monday July 31, 2006 @01:26AM (#15815169)
        MS's job isn't to make you, the geek happy. MS's job is to make as many people as they can as happy as possible. So let's say they develop a new awesome feature that they think nromal users will really like. However, they know normal users aren't smart enough to turn it on by themselves (this is easy to prove). They have two choices:

        1) Disable it by default. This makes a few geeks who know about it and want it happy, more geeks who know aobut it but don'want it indifferent, and doesn't help normal users at all. It's almost worth just leaving out.

        2) Enable it by default. This makes some geeks who don't want it a bit annoyed, but makes everyone else happy.

        Gee, hard choice. Look, if you want an OS that does nothing by default, get a different OS. Run OpenBSD or something. You won't spend any less time configuring it than you will configuring Windows, you'll just spend that time turning things on rather than off.

        Really I fail to see the problem. If you only do it occasionally, it's just a few more minutes of system configuration. I do a hell of a lot of customization to personal systems, it doens't bother me the time I spend turning the things I don't want off. If you do it a lot, develop a system to automate it. There's plenty of ways including customized Windows installs. Don't whine because you haven't done the research to automate tasks for you.

        Because MS is an everyman based OS, they need to have the useful stuff turned on by default because normal users won't do it. It's like automatic updates. I don't like them to install on my personal system automatically because I many have something going. So I set it to wait till I give the ok. However it needs to be on by default for normal users. Why? Well otherwise they won't update it. Just today I had to update an XP system that was pre SP2 still. Why? No auto updates. Users didn't know they needed anything, just thought it should take care of itself.

        Same shit here. If you don't need file version tracking because you make your own backups, you are smart enough to know how ot turn it off. If you don't know how to turn it off, it's probably a feature you should leave on.
    • System Protection will probably include System Restore, which is pretty much an invaluable feature. It's saved my ass (and people's asses I know) more than a few times when we're working on Windows boxen. You never know when the registry is going to crap out.
  • i dont get it... (Score:5, Insightful)

    by Anonymous Coward on Sunday July 30, 2006 @09:49PM (#15814382)
    "could give the bossman a new way to check up on employees"

    Um, your work computer is the property of your employer. If you want to do something that would get you in trouble with your boss - put it on your own computer. Plus all this does is back up files that you have made, how is this a privacy concern? Even if this was happening and you never knew it and uploading all your files to a central server, it's still an option of your employer, and not an invasion of privacy, it's crappy, but the option of your boss and his/her company. Just like the fact that they can read your business email. No different, and to me even less intrusive than that since you can't control incoming mail.

    • If you want to do something that would get you in trouble with your boss - put it on your own computer.

      Nahh. Just encrypt it.
    • by mwilliamson (672411)
      Regardless of the fact it is a work-owned machine, it will indeed give micro-managers more crap to hang their otherwise good employees with. I've seen some micro-managing types over the years set up cameras, install remote desktop monitoring software and even record employee's phone calls. If you treat your employees like s*** insist on finding stuff to hang your employees with, you're going to find it. Reward a job well done give your employees enough trust and autonomy to do their jobs. If feel you ca
  • by HotNeedleOfInquiry (598897) on Sunday July 30, 2006 @09:50PM (#15814385)
    Amazing that a Good Thing gets turned into a big-brother or privacy issue just because it's Microsoft. Shadow copy has saved my ass twice in the past year and the more it's available, the better. If employees are worried about the boss checking up on them, then maybe they should just do their job.

    Keep in mind that the goal and justification of a desktop is productivity, not some vaguely defined "monitoring" issue.
    • I agree.

      It wont really affect performace since it uses 15% of the available space for the system restore including the shadow copies. That isnt too heavy (in terms of harddsik space). It shouldnt really take noticeably more time as the system doesnt really copy over the old file to a physically different location.

      Anyway if I ever use Vista I'm going to turn this off (I dont like undelete like utilities). But I think this would still be very useful feature for say, my grandma.
    • Amazing that a Good Thing gets turned into a big-brother or privacy issue just because it's Microsoft.

      This just in... It appears there is a nefarious "feature" in several versions of Windows which can allow a nefarious person to nefariously see all those files you thought you deleted. It's called the "Recycle Bin" and many people are sure that it's the NSA ('N' for Nefarious?) that's behind the addition of the feature.
    • by Registered Coward v2 (447531) on Sunday July 30, 2006 @10:33PM (#15814602)
      Amazing that a Good Thing gets turned into a big-brother or privacy issue just because it's Microsoft. Shadow copy has saved my ass twice in the past year and the more it's available, the better. If employees are worried about the boss checking up on them, then maybe they should just do their job.

      Actually, I'd be more worried about what can be discovered in a lawsuit - the raw ruminations of some employee could be very damaging - whether or not they were correct. This makes it harder to destroy working papers. In the old days, we kept all our working papers on a disk and then destroyed the disk along with our hard copy working papers - that way no one had to worry about what could be dredged up in a lawsuit.
      • talk about a terrible way to do business. Those "working" papers could save your neck as well as hang it depending on the lawsuit in question. Course the company I work for will always make an attempt to make it right before proceeding with any kind of litigation. In situations like these should a suit come to discovery we'll need every piece of information we can get our hands on. With todays patent minefield I don't think this is a bad stance to take at all.
      • by game kid (805301) on Sunday July 30, 2006 @11:47PM (#15814861) Homepage
        Actually, I'd be more worried about what can be discovered in a lawsuit - the raw ruminations of some employee could be very damaging - whether or not they were correct. This makes it harder to destroy working papers.

        In other news, Kenneth Lay's heart attack confirmed by new autopsy, found to be caused by shock from leaked secret Microsoft "undelete-feature" memo.

    • Maxtor, Seagate, Samsung, Western Digital...
    • by spagetti_code (773137) on Sunday July 30, 2006 @10:53PM (#15814683)
      This was an awesome feature in VMS,
      and a privacy concern in Vista.

      You guys **really** don't like MS do you?
      (I must be new here)
      • by MobileTatsu-NJG (946591) on Sunday July 30, 2006 @11:18PM (#15814759)
        "You guys **really** don't like MS do you?"

        Try imagining Slashdot's response to Apple announcing this feature. The one guy who claims 'privacy concern' gets modded down as Troll. Heh.
        • Nah. He'd get modded down as off topic, because the story would be about how Apple didn't give somebody a refund when he couldn't undelete the files that were 'deleted' from his hard drive when he threw his laptop down a flight of stairs, and about how he was filing a class action lawsuit against Apple for having a buggy product. The only comments that *wouldn't* be modded as off topic in that thread would be the ones saying how dumb single button mice are, and the ones saying how much cheaper a Dell would
      • by fermion (181285) * on Sunday July 30, 2006 @11:40PM (#15814843) Homepage Journal
        VMS lived in a different world. A world in which an elite controlled the computer in every respect, a world in which one often had to beg for an old tape to be put in so that one could access data. A world in which every bit data was not scrutinized by a forensic team with almost unlimited resources. A world in which data was not transmitted willy nilly to unknown parties. A world in which mysterious metadata hardly existed.

        All the flavors of DOS in the 80's were way cool because it allowed us to control our own computer. In the 90's all went to hell as we became connected and the computer started doing more and more things no one really understood. A huge concern MS has not addressed is how to protect confidential information, and more importantly help companies not expose disruptive metadata. For instance, I do not believe they have a setting in outlook to scrub MS Office files as are mailed to external addresses. Nor have the implemented the DRM that would allow firms to track users violate border policy. MS adds features that makes systems less secure, without thought of how to compensate for the breech.

        This is clearly an awesome feature. So was the command line shortcuts. But features do not exist in a vacuum. There is only so much that can be done to help careless users. If MS is to provide business class systems, and not just toys that can be used as business systems, they have to get serious about making systems that businesses need. I think that if MS would develop a core competency in business, and leave the consumer side to others, MS would be in much better shape. Imagine how wonderful Vista would be if it did not have to worry about they toys that home user need.

      • by Quintios (594318) on Monday July 31, 2006 @12:05AM (#15814914) Journal
        I miss my VAX. :cry:

        DCL pwns.
      • by SuperKendall (25149) on Monday July 31, 2006 @01:52AM (#15815224)
        This was an awesome feature in VMS,
        and a privacy concern in Vista.


        Those of us who have used versioning in filesystems or elsewhere think this is a pretty nice feature, even if we prefer other OS'es. So I would say not nearly so many people are against Microsoft on this one (or at least agree with the summary).

        Now if you really wanted to see a storm of negativity from Slashdot imagine what would happy if Sony announced this feature on the PS3!
    • You seem to be missing an important point here: most users probably wont be aware of this. It really is a great feature, I agree, but it really should be made known to the user during the install. When I delete a file, I want it to be gone, with no undelete possibility. With this undelete feature, what's to stop someone from gaining remote control over your computer via a security flaw, or just hopping on it while you take a break (not logging off), and undeleting your confidential files?

      This really shou
    • by 1u3hr (530656) on Sunday July 30, 2006 @11:35PM (#15814821)
      Amazing that a Good Thing gets turned into a big-brother or privacy issue just because it's Microsoft.

      Much as I distrust MS, in this case I see nothing to be concerned about. The headline "Microsoft Adds Risky System-Wide Undelete to Vista" is just flamebait. A while ago I used Roxio Goback, which seems to have similar functionality; very useful for recovering from some software that spontaneously corrupted data. Now bought by Symantec, so I can't feel great sympathy for them though MS is stealing their lunch.

  • by dexomn (147950)
    If I get my hands on a beta of vista I can undelete things that I won't create for years?
  • Just more overhead (Score:5, Insightful)

    by gasmonso (929871) on Sunday July 30, 2006 @09:51PM (#15814390) Homepage

    As with System Restore, Windows Firewall, Remote Assistance, etc... just disable, delete and install better applications to provide the same functionality. MS should just focus on security, stability, and releasing the damn thing.

    http://religiousfreaks.com/ [religiousfreaks.com]
    • MS DOS and Undelete (Score:5, Interesting)

      by Prien715 (251944) <agnosticpope@nOspAm.gmail.com> on Sunday July 30, 2006 @10:10PM (#15814476) Homepage Journal
      Just out of curiousity, the ability to effectively undelete things ought to rely on the filesystem. In the old days of MS dos, the first chars of the filename were simply changed to a reserved character, which was actually faster than going through and deleting the whole file. When the file system wanted to create a new file, it might use the nodes marked with the "it's ok to delete me flag". That's why MS Dos 6.22 and its brethren required you to type in the first char of the filename when you undeleted a file. So actually no, there's actually no overhead in creating a comprehensive file undelete system. Any 3rd party which implemented the same thing, might cause it to be slower.

      If they could be fast in MS DOS 6.22, I don't see why XP would make the feature inherently slower.
      • by Sycraft-fu (314770) on Sunday July 30, 2006 @10:25PM (#15814551)
        It doesn't actually delete your data, just flag the space as free. The problem is that undeletion in that matter is unrelaible at best. A fiel is at any time subject to partial or complete overwrite, even if there's ample free space on the drive. When it's flagged as free the OS sees it as free period. There's no prioritisng the free space to not overwrite newley delete files (DOS was the same way).

        This gives you more reliability. The files are stored and aren't messed with until the space is needed. So if you delete something and still have 500GB free, it'll keep the file since you can afford the space and it'll be marked as allocated and thus not overwritten. Also, it looks like it does version tracking too. If you overrote a file on a FAT or NTFS volume, it writes it to the same space it occupies before, makes sense to do it that way. However that means if you mess up and make a change you didn't want to, there's no undo. You replaced the bytes, it's too late. This will go and keep a copy prior to the change you can roll back to.

        Basically it's similar to how NetApp units work. It provides storage that's reliable even against user faults. Things like RAID are great, but they protect only against hardware falure. You can still fuck your data up. There's a market, and MS seems to think the home desktop includes it, for systems that are resiliant against that. You decided to delete 5 paragraphs of that paper and save it, and then deleted it form the disk but now want it? Ok no problem, not only do we have the deleted version, we have the pre modificaiton version.

        We use a NetApp FAS 270 at work for home directories for this reason. We aren't really concerned about disk reliability, though it's excellent for that too, and we go to tape nightly. We want to be able to save people from themselves. When they screw something up, we want to be able to get a non-screwed up copy.

        MS wants to bring that to home computers. Will it be worth the performance impact? Guess that's too be seen. However it's certianly a good idea in general. What most users really need and want, even if they don't know it, is protection from their own mistakes.
      • All modern day file systems use this technique already. When you delete files in NTFS (or do a "quick format") all it's doing is changing the writeover bits in the file allocation table. The data is then free to be written over when the OS chooses. You can, in theory, restore files by scanning for table, doing a comparison to what's on the disk and seeing if the data has been written over. This is how 3rd-party recovery utilities work on XP.

        The trouble is a UI issue, not a technical one. Many users in
  • Typo? (Score:5, Funny)

    by TubeSteak (669689) on Sunday July 30, 2006 @09:52PM (#15814399) Journal
    On our test system in the lab we were able to browse the "Documents" folder through Explorer as it appeared several days ago, making note of what had and had not changed. This means that Joe User won't necessarily escape his new overloads merely by deleting his "Dangerous Thoughts" folder or using a "wipe" utility to overwrite the file. It is also not possible to delete the files from within Explorer when viewing archived data.
    Don't they mean Overlords?

    /I for one welcome the Previous Versions of our new Overlords.

  • Looks cool (Score:5, Insightful)

    by Sloppy (14984) on Sunday July 30, 2006 @09:52PM (#15814401) Homepage Journal

    I don't get the privacy concern. If someone gains physical access to your machine, then the contents are vulnerable unless you take active steps to prevent it. People have known forever that stuff may not be lost forever just because it's deleted. This feature doesn't change that.

    The issue is that this makes it "easier" but I can't help but see that as a neat feature.

    The really silly part is this:

    Some users will find the feature objectionable because .. perhaps it could be exploited in some nefarious way by some nefarious person.
    If that's what keeps you up at night, then you better give up on all technology, not just this.
  • by mytrip (940886) on Sunday July 30, 2006 @09:55PM (#15814418) Homepage Journal
    If you have windows 2003 r2 or sharepoint, you already have this feature. I enabled it on our network and people like it. there is a previous versions tab when right clicking a file in xp and selecting properties and then "previous versions". You tell windows 2003 r2 how much space you want to allocation for previous versions and then how often you want it to index versions of changed documents. It has saved me a lot of trouble restoring from backup when someone saves a change they didnt mean to make.
    • Shadow copy actually shipped with Windows 2003 at launch. You have to install the shadow copy client on your XP machines to add the previous versions tab, which I'm sure is the same with R2.

      Incidentally, a similar capability was available in NetWare at least as far back as 4.11 (which is what, 10 years ago?). Windows Shadow Copy doesn't create restore files as efficiently as NetWare did (Windows Shadow copy runs as a scheduled task, Netware's salvage created restorable copies whenever a file was changed o

  • Translation: (Score:4, Insightful)

    by Ayanami Rei (621112) * <rayanami@g[ ]l.com ['mai' in gap]> on Sunday July 30, 2006 @10:03PM (#15814448) Journal
    Vista comes with the Previous Version Explorer extension installed by default, and System Restore now watches the whole disk.

    Ok. So what? This feature has been around for awhile, and if you have privacy issues, well just disable system restore (or whatever the equivalent option will be in Vista).

    Never mind that as you make new versions of a file, the old ones are still hanging around in your drives' free space for a long time (about the same amount of time the previous-versions feature would keep them). So basically you're making the distinction between being able to access the deleted files explictly, vs. having to use a drive recovery tool.

    If you're security concious, you disable the old restore points, fill the drive with a big file full of random data, then delete it. This isn't going to change...

    • Re:Translation: (Score:3, Insightful)

      by grcumb (781340)

      "Ok. So what? This feature has been around for awhile, and if you have privacy issues, well just disable system restore (or whatever the equivalent option will be in Vista)."

      I think that's a fair enough response. But nonetheless, I think it's also fair to question the design philosophy which MS is following here, and to challenge it on its merits. Personally, I think enabling extra features on the principle that they might be useful to a subset of users is a questionable practice. I'm especially leery of

      • Ahh. (Score:4, Insightful)

        by Ayanami Rei (621112) * <rayanami@g[ ]l.com ['mai' in gap]> on Sunday July 30, 2006 @11:36PM (#15814825) Journal
        I see your point.
        However I will submit the following counterpoints:

                * It works across the entire file system, which creates questions about its efficiency:
        A disk-wide snapshotting system will be less resource intensive that a system that has to make multiple, discrete metadata updates per write transaction. Since system restore is enabled by default on XP and I haven't heard much complaint about it performance-wise, I think this is a non-issue. (An exception might be systems that have very slow disks and limited RAM, like a palmtop).
                * Its 'all or nothing' implementation does create significant liability in places like law offices, as other have already noted;

        Enabling this system doesn't make you or your data more or less at risk. The reality is that old copies of files will stick around on disk for about as long as the Restore feature will keep old versioned copies. The difference between enabling and disabling the feature is whether you want to be able to _definitively_ access an old file or attempt a recovery with a tool booted from CD-ROM, which has to operate with less definitive metadata, and may only be able to give you a corrupted or incomplete copy.
        Keep in mind that if you are concerned about hackers accessing your deleted files and you don't feel the need to use this service for recovery, the hacker will probably be able to resurrect enough of the files anyway for it to be moot.
        That is, if you get penetrated by a hacker, the issue is moot. You are already in trouble. The real issue is whether you would like a safety net for legitimate recovery. Since the additional resources consumed are neglible, I would posit it would be foolish not to take advantage of it.

        Furthermore, when deleting files, if you don't want anyone to get at them ever, then whether you use this system or not is irrelevant. Once you delete a file, you need to use a secure undelete facility to make sure all non-allocated space on your system is overwritten. Even with this undelete feature operational, such a tool will invalidate and overwrite ALL the restore points as well as free space. (That is because the facility gives up restore points when disk space gets tight, and the tool operates by attempting to fill up the entire disk with random data, thus it will demand-release all undeleted files, which will then be overwritten).
        I would recommend you DISABLE the versioning feature before wiping a machine, to ensure all undeleted files are irrecoverable.

                * It encourages laxness in data management; yet
                * It doesn't seem to be rich enough to support proper change management processes.

        That's not what this tool is for. You still need to have change management processes in place. The tool is for recovering files you didn't know were important! (Otherwise, why would a user delete it? If it were important he or she would have checked it into the Subversion repository, right? :-D ) It's to cover corner cases and disastrous events outside the data management model. It's less invasive than a recovery from backup too.

        But it would be foolish to rely on this facility alone. Just as it is foolish to rely on RAID alone for data security on the server side.
  • Such a great idea (Score:5, Insightful)

    by xeos (174989) on Sunday July 30, 2006 @10:06PM (#15814462) Homepage
    Yes, other people have thought of it before, but kudos to Microsoft for implementing it. Disks are cheap, whereas the documents I create are not. Anything which helps protect those documents from mistakes is going to be a good thing.
  • Policing (Score:2, Informative)

    by Nutsquasher (543657)
    Some users will find the feature objectionable because it could give the bossman a new way to check up on employees
    It does stink when you can be held accountable for your actions, doesn't it? In all reality, most legitimate companies aren't wasting their time "policing" employees. Rather, their IT department has locked things down to a manageable state, which has had versioning enabled for some time now on file shares.
  • by dfn5 (524972) on Sunday July 30, 2006 @10:12PM (#15814483) Journal
    This sounds similar to the file versioning on VMS which I have never heard anyone complain about (other than being wicked annoying). If anything, I would think that people (and by people I mean the techno commoners) would like this feature. I think most people still believe that when you delete a file that it is really gone. Maybe this feature will show people that without wiping the free space on your hard drive things that you thought were gone are still around. I can't see how anyone could think of this as a privacy concern except maybe law enfourcement who end up finding that people are better at permanently deleting files.
  • by bersl2 (689221) on Sunday July 30, 2006 @10:12PM (#15814484) Journal
    I wonder, could an existing open filesystem be modified so that a file marked with some attribute will store its contents as a log, rather than as a working copy, able to be rolled back and forward (probably by some utility) until squashed, yet have the current copy be worked with transparently, without making (invasive) changes to the VFS? Does something like this already exist? Maybe something using FUSE?
  • by cmason (53054) on Sunday July 30, 2006 @10:12PM (#15814485) Homepage
    I still don't understand how a non-transactional interface such as a filesystem can be used to record what is essentially a transaction: a version. In other words: how does the filesystem know to record a version? Presumably this operates without modifying the application (which would be necessary to provide a true transactional versioning system, such that provided by the "track changes" feature). Does this thing assume that file closes are transactions? Do users get presented with a slew of "versions" of files based on when the file was closed (assuming applications even close the file on "save")? Are these "versions" actually valid files? Can someone explain how this works?

    We toyed for a while with implementing something like this in our scientific data management application and decided in the end that it just wasn't possible because the (instrument vendor provided) applications would have to be modified to deliver information about when to create a "version" of a file. Instead, we require users to provide us with this information manually.

    -c

    • Windows Volume Shadow Copy operates using a periodic interval (say, 1 day between snapshots).
      It makes a whole-filesystem snapshot. It doesn't care if files are open, if that was the case across a snapshot then those files are invalid for that snapshot.
      Typically you schedule a snapshot for after-hours so you have a reasonable guarantee that user files are closed and consistant.

      The nice thing about a time-based snapshot system is that it doesn't need to store much between the snapshots if nothing changed (thi
    • OMG, read the freaking man [microsoft.com] pages, n00b.
  • Sounds kind of like (Score:5, Interesting)

    by ZorbaTHut (126196) on Sunday July 30, 2006 @10:14PM (#15814493) Homepage
    a built-in versioning system. Want to roll back to a previous version? Bam, done. Want to fork? Just make a copy of the "old version" and move on.

    I'd like directory-by-directory control over this, some way of controlling when the old versions "go away" (I don't want mass-id3'ing of my MP3 collection to clobber my old documents, for example), as well as efficient move operations. But, as many are saying, this sounds like basically a good thing.

    It's a feature, and a pretty cool one. I wouldn't mind this in Linux. This is not a bad thing.
  • guess what (Score:2, Insightful)

    by Cinquero (174242)
    I have a little and simple rsync-backup script that does basically the same: runs every day, uses locate to search for .rsync-backup files and then stores the directories containing these files. Simple. Elegant. Transparent. Efficient. No need to mess around with system-internals.
    • I have a little and simple rsync-backup script that does basically the same: runs every day,

      What Microsoft has here, assuming that it is implemented well, doesn't need to 'run' to backup stuff, its implemented at the filesystem level and instead of backuping it simply doesn't overwrite old stuff, so you end up having *full* versioning of all your writes, not just every 1h, every 24h or every week, eveything you ever writen gets a versioned copy and be it just one second apart.

      Simple. Elegant. Transparent.

  • Eventually, you'll probably see most operating systems implementing this, or this being implemented in a virtual machine. If you're concerned about privacy, you should be using crypography anyway (now, the question being, how do you isolate the entered passwords to unlock your keyring from the snapshots taken by a virtual machine hosting your operating system).

    At any rate, there is more good to this than bad, and since this isn't even a real snapshotting mechanism (snapshotting your system memory) your cry
  • File versioning (Score:3, Interesting)

    by SiliconEntity (448450) on Sunday July 30, 2006 @10:15PM (#15814501)
    I used an OS back in the 70s, Twenex from Digital Equipment Corp, that had file versioning. Every time you wrote out a file it kept the previous N versions, typically 5. It wasn't oriented towards deletion so much as recovering old versions after you screwed one up. It was a pretty nice feature, although it tended to fill up disk space which was in short supply in those days.

    Today, I thought undeleting was what the trash can was for. With today's big disks you shouldn't have to Empty Trash very often.
  • by chill (34294)
    Every once in a while I see a comment here or there about how great it would be to put your entire /home in CVS (or SVN, or pick your favorite) to be able to keep a revision history on everything you do.

    How is this different? It sounds like a fabulous idea to me -- being a sysadming -- and a great timesaver when it comes to "I just deleted these files, do you hvave the backup tapes?"
  • What kind of reasonable privacy expectations should people have on a work computer? When I was working at JPL, all systems were required by law to show a message indicating that all use was being tracked, as it was a secure government facility. (this could not be turned off even when it was interfering with the functioning of certain scripts)

    I didn't have a problem with this - if you really want to have a private conversation or IM, use a cell phone that you own. AFAIK, they can't monitor that.
  • by SilentChris (452960) on Sunday July 30, 2006 @10:26PM (#15814558) Homepage
    Truely, MS is damned if they do, damned if they don't.

    How many times has your mother/father/other family member called you over because they deleted "that one file" they never backed up (it's usually never just "that one file", but that's the typical excuse)? So you head over and, sure enough, the thing is gone. The only recourse is to buy some overpriced Norton Utilities or whatnot (that will probably slow down the system to crawl) and cross fingers.

    So, Microsoft enables a feature that's been built-in to the OS for a while and the reaction is instantly negative? Never mind that, daily, petabytes upon petabytes are backed up using VSS around the world, as almost all decent backup software uses it on Windows. Never mind that, if "privacy concerns" get in the way, you can always remove versions in VSS or disable it entirely.

    Seems much ado about nothing, personally. Don't like it? Turn it off.

    And if you're in a company, well, you don't get a choice. I'm not really sure I understand the "bossman" comments -- in most big companies, the "bossman" has been backing up every file you create, every site you visit, etc. for decades. Granted, 99.99% of it will never be looked at, but in these post-SOX days, you're pretty much mandated to catch that 0.01%. And if you don't like it, well, I guess you can always start a company with your own rules.

    Personally, I think this thing is going to be a tremendous blessing. When a relative calls me still using Windows (I've been trying to push them all to Mac), and says "My god, I deleted this crumb cake recipe! I'm doomed!" I'll be able to get it back after a couple clicks. Sounds great to me.
    • And before I get comments, yes, I said "the 'bossman' has been backing up every file you create, every site you visit, etc. for decades". I should have probably said "the 'bossman' has been looking at every site you visit for years and backing up every file you've created for decades".

      Because Slashdot's way is to debunk several paragraphs of text based on one sentence. :P
  • Now I'll never be able to get rid of my ....uh... research.
  • Why the negative spin? I kind-of like the idea of someone calling me in a panic having deleted an important file and me being able to recover it easily and get on to more interesting tasks.

    If it is such a burden being unable to hide incriminating files, add a shred option to the recycle bin or context menu which will force the removal of previous versions as well. If anything, get rid of confirmation on deleting files if recovery is easy, and save the confirmation dialog for when someone right clicks a file
  • If you're concerned, TURN IT OFF. If you're not, then it doesn't matter now does it?
  • About as much as VMS, CVS, Subversion, or any other (file) system which tracks revisions. Look, people, not everything is a privacy concern. Chill out. This is actually something useful. It formalizes the fact that deletion does not (and never did) actually remove data. It all comes down to the level of protect you want. If you do not want others to recover your data, use encryption. Same yesterday, today, and tomorrow.

  • by bblboy54 (926265) on Sunday July 30, 2006 @11:58PM (#15814900) Homepage
    Being a sysadmin, I deal with end-users. About 6 months ago I got an email that said "Bob, I forgot to save an unedited copy of this form and overwrote the file with my data. Is there a way to retrieve the old file?" ... It happens and this previous version feature could be a great tool for us sysadmins if it's deployed correctly. OTOH, I can definately understand the privacy issues -- especially if the user doesnt realize this is going on. A home user types their credit card data into a word document to save it temporarily and then deletes it when they are done with it and they think its gone, but its not. What I dont understand is why Windows doesnt ask some of these questions on install (or on windows setup when you buy a name-brand computer and plug it in for the first time). It would seem that asking whether the user wants windows to do this for them would be a great compromise.
  • by DavidD_CA (750156) on Monday July 31, 2006 @12:26AM (#15814997) Homepage
    For the benefit of future article submissions, I've predicted a few headlines from the coming future and offer the required Slashdot twist:

    Windows 2010 Ships with IPv6 as Default
        - becomes -
    Windows 2010 Foresakes Legacy IPs

    Microsoft Office 2009 Ships with Photoshop Competitor
        - becomes -
    Microsoft Cheats Adobe Out of Millions, Again

    Microsoft Ergonomic Mouse Helps Corrects Carpal Syndrome
        - becomes -
    Microsoft Mouse Locks Out Porn

    Asheron's Call VII Goes Alpha
        - becomes -
    700 Bugs Detected in Asheron's Call VII

    Please add your own.
  • by ajs318 (655362) <sd_resp2@NOspAm.earthshod.co.uk> on Monday July 31, 2006 @05:43AM (#15815822)
    I remember VAX/VMS having version control. Filenames were in the form of FILENAME.EXT;nn where nn was a number from 1 to 99 {initially; later versions upped it to 32767} and you could {theoretically at least, though nobody ever did in practice; everyone just ran with the default settings} set on a file-by-file or directory-by-directory basis how many versions to retain. You could PURGE out old versions {essential when we had a disk quota of 5MB, even with a default version_limit of 3} and reset the counter back to 1.

    This definitely has got the potential to bite some unsuspecting person in the arse. But so have most things.
  • This is retarded. (Score:5, Insightful)

    by Wakko Warner (324) * on Monday July 31, 2006 @10:36AM (#15817098) Homepage Journal
    "System-wide undelete", also known as filesystem snapshotting, has been available for years in various incarnations, both native to Linux (and other operating systems) and as part of NAS storage devices.

    Why the hell is it suddenly bad when Microsoft does it? (Hint: it isn't.) What the hell are you doing on your PC at work that could get you fired if your boss found out?

    FUD indeed.
  • by theolein (316044) on Monday July 31, 2006 @01:04PM (#15818232) Journal
    Combining this with Speech Recognition:
    user:"Undelete this file"
    vista:"unknown command undulate, no wi in fi"
    user:"restore old version"
    vista:"Going to MS online store. No new olsen twins tracks"
    user:"fucking dammit, give me the file from yesterday"
    vista:"This system has parental controls enabled. Please contact your parents"
    user:"@#ç$!&%".....

    Seriously, though, this is a nice feature, but I can see it chomping through users' 250GB disks like a hummer goes through gas.
  • Hardly a feature (Score:3, Informative)

    by HermMunster (972336) on Monday July 31, 2006 @04:05PM (#15820008)
    Microsoft has taken so much out of Vista basically making it XP with a new interface. So far, it is hardly worth the update. No sense paying Microsoft all that money for a copy of a DRM infested product. If you think spying is bad now it is only going to get worse under Vista.

    But all in all, it is a pretty attractive interface. The beta is extremely buggy. Virtually all features have serious problems. Accessing a SATA drive from allegedly support drivers/chipsets can still take you 30 seconds or longer to open a directory you were previously in but move away from and want to move back into. The network 100mb transfer rate is extremely slow. The same machine with XP works flawlessly at a nice speed. Wireless is essentially non-functional on most of my machines. The Aero interface is only working a the highest end 128mb cards when it should easily work on any card with 128mb of video ram. That 128mb requirement is more than some games for a simple interface.

    But, aside from all that Vista has been trashed so badly with components being removed that Microsoft has felt that they need to insert features to make it seem so less bare-bones.

    Even so, that feature is poorly implemented and weak and will fill people's drives with unwanted overhead and make a storage facility for spyware/adware/malware to hide--just like system restore.

    It is essentially a non-feature for an OS lacking any real feature updates.

What is worth doing is worth the trouble of asking somebody to do.

Working...