[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Help! Accidentally started deleting /usr

Well it sounds like this might get to the stage where we should just
"agree to disagree", but for now I'll throw in a few more thoughts...

Joe 'Zonker' Brockmeier [jbrockmeier@earthlink.net] wrote:
> > > Good lord, please NO. Having an "undelete," IMHO, leads to very
> > > sloppy practices - better to learn to make backups of important
> > > data - and to use the root account with care. 
> > 
> > That kind of argument is like saying you shouldn't bring life-jackets
> > when you go sailing, because that encourages bad sailing practices!
> Wrong - to use a tired cliche, you're mixing apples and oranges.
> People have been using *nix systems for years, and not one *nix
> variant has a system undelete feature. Has that crossed your mind?

I think it is actually an appropriate analogy, but let's not argue
about it and instead move to the real issues.

As for other unixes not having undelete... unix has a lot of good
things going for it, but that doesn't mean it's perfect.  Novell
Netware is also regarded as a good and quite widely used operating
system, and they saw fit to add this feature.  In any case, let's move
to the actual issues...

> > Of course it's good to be careful (and generally I am), but
> > occasionally everyone slips up and if a feature could be added which
> > would save the day under that kind of circumstance ___and___ if it
> > doesn't cause any problems or inefficiencies itself, then why not add
> > it??
> The thing is, a system undelete would likely cause problems or
> inefficiencies. 

Okay, this is the core of our argument I think.  I do not see why a
well designed undelete would cause problems or inefficiencies.
Perhaps it's just that there are issues I am not aware of, but as it
stands I can't see them.

All that an undelete would involve (as I currently see it) is:

1. Have rm move files to a "waste basket" instead of deleting them

2. After files have been in the waste basket a certain length of time,
say 5 days, automatically delete them.

The only issue with this I can think of, is when the disk becomes near
to full.  Here files should be removed from the waste basket on a
first-in-first-out basis.  It would probably also be good to have a
warning message in this situation.  Something like:

	The disk is close to full meaning this operation will
	prematurely purge files from the wastebasket.  Do you wish to

And that's about all that would be needed I think.

Indeed, this is basically the approach other people have recently
suggested for implementing my own undelete.  Perhaps this is why
unix hasn't got an undelete --- because people have created their

> > You are right that it's good not to be sloppy.  Even when you're not
> > root it's good not to be sloppy.  If we __really__ wanted to encourage
> > users not to be sloppy we would make people run as root all the time
> > (much like MS Windows)!  Because then people would know that any
> > mistake would have serious consequences which would be good motivation
> > to be less sloppy.  The point is, that sloppiness is related to risk
> > factor.  The more risk, the more care you need to take.  By itself, I
> > don't think it is a good argument to say we should not reduce the risk
> > because people may take less care.  If the risk is lowered, less care
> > is needed!  
> My main concern here is: where does the hand-holding end? If we
> decide that the average user is too stupid to make backups and
> protect their own data, then why not have a double-confirm for
> deletion like some inane operating systems? How about having to
> type the root password every time you want to delete a file? Or
> having a big flashing red screen appear that tells you "DANGER

Well obviously a judgement needs to be made about where the
"hand-holding" ends.  I think a significant factor in answering this
is: does the proposed "feature" obstruct ease of use?  For example
"double-confirm" would be a real pain, as would be flashing red
screens! :-) Undelete would not be a pain however.  There is no
confirm to worry about, indeed the user would not notice anything
except when the disk was almost full.

> Let's be serious here - you've had one minor incident with deleting
> something, and instead of learning from the experience you're saying
> that the Debian team should whip up an undelete to protect you from
> yourself, instead of being responsible for your own backups. 

I think you're misrepresenting things a bit here.  If undelete is a
good idea, then there's no reason why someone shouldn't "whip it up",
and I'm willing to help with this if needed.  Backups are important of
course, but that is not to say an undelete facility cannot play an
important role in a risk-management strategy.

> What if the undelete doesn't work properly? The more complex a system
> is, the more danger or failure. Then when you've stopped making backups,
> and your undelete doesn't work - what will you do then? 

Who said anything about stopping backups?  If both are done then
you've dramatically decreased your risks.  I could ask you "What if
your backup doesn't work properly - what will you do then?"  By having
both safeguards in place, you have a safety net if either one or the
other fails.

The other point is that I don't really think an undelete function
would be that complicated --- certainly no more complicated than much
of the other software on a debian system.

> Unfortunately, I have enough experience with Windows and MS-DOS to
> know that undelete features do not always work.

What I am proposing is a little different from the Windows version of
undelete --- but I would be interested to hear how the Windows
undelete can fail.

> Also, what about the occasion where you delete a file without
> realizing it? Or when you have a total system crash and, since you
> have this wonderful undelete feature, you've never bothered to make
> backups?

I am not suggesting undelete would be an answer to everything.  It
should be used as one plank in a risk-management strategy.

> But seriously, backups aren't just "a good idea," they're absolutely
> critical if your data is at all important.


> > It's not just stupidity, we all slip occasionally.  I had been working
> > on the computer all day and my brain was a bit tired when it made me
> > mistakenly type "usr" when I meant to type "tmp".
> Yes, most people do make mistakes. I still think it's infinitely
> more productive to learn to make backups than rely on more complex
> systems to protect me from myself.

Backups weren't the main issue here.  I was always going to be able to
recover.  It is more a question of time needed to recover.  An
undelete function would have made recovery almost instantaneous.  As
it was it took me about 5 hours.  If I'd made a backup of my entire
disk (not just /etc and /home) I probably could have recovered a bit
more quickly --- but still more slowly than undelete would have taken.
The other issue is that a restore from backup still only takes me back
to where I was when I last backed up.  Even if I had backed up the
night before, I had done a lot that day, and I would have lost it all.
So I'm not sure doing a restore from backup would have been any better
than what I did.

Basically undelete would have done a much better job in this
circumstance, and I do not believe it would be that complex to

> > I don't have the luxury of a CD burner.  I backup to the hard drive of
> > another machine.  I don't have room to do a full backup, but a backup
> > of the important bits should be enough to recover --- just that it
> > might take a little longer.  An undelete feature would mean a
> > reduction in the number of circumstances where this "longer
> > restoration effort" was required.
> If your data is important, then a CD burner or tape drive isn't
> a luxury - it's a requirement. And I wouldn't trust my files to
> an undelete feature - and neither should you!

But is a CD burner etc really a requirement?  The essential things
that need backing up are /etc and /home.  These are small enough to be
backed up to the hard drive of another machine I have on my network.
With this kind of backup, the worst-case scenario is that I need to do
an install from scratch and then copy across my data and config files.
Making backups of my entire root partition would perhaps speed this
process a bit, but would cost more --- ie buying a CD burner.
Hopefully this kind of event is rare enough that I can do without the
burner.  Having undelete functionality would make the situation where
backups are needed, even rarer still.

> And, you seem to be arguing from the position that you're going
> to be screwing up a lot - how many times in the next year do you
> intend to delete important files accidentally? Every other week?

Not at all.

> Seriously, it may be "a pain" but you'd be better off learning
> how to use the system instead of trying to argue that it should
> be changed to meet your habits.

I don't think I'd be the only one who would appreciate undelete
functionality, just as I am not the only one who appreciates backup
functionality.  Undelete should not be thought of as in competition
with backups, but rather, as complimentary in a risk-management



        "They told me I was gullible ... and I believed them!" 

Reply to: