USB Creator does not warn or ask user to confirm before formatting disks

Bug #443330 reported by karlrt on 2009-10-05
94
This bug affects 15 people
Affects Status Importance Assigned to Milestone
usb-creator (Ubuntu)
High
Unassigned
Nominated for Karmic by karlrt
Nominated for Lucid by komputes

Bug Description

Binary package hint: usb-creator

Something horrible happened to me today, but with testdisk and quick reaction i got all my files back.

If you have usb-stick and a removable harddisk attached, and you dont look at it at 100 % (difference between /dev/sdc and sdb) you can format your harddisk without beeing asked again, just with one click!

I consider myself as an experienced user, but this happened to me today (totaly my own fault) But still, it would be great if before formatting the stick you ask again:

"Are you shure you want do format /dev/sdx &PARTITIONDESCRIPTIONS this will delete all your data at this drive"

thats a typical thing you suspect to be asked before really formatting a drive. Hope you consider this.

ProblemType: Bug
Architecture: amd64
Date: Mon Oct 5 19:40:00 2009
DistroRelease: Ubuntu 9.10
Package: usb-creator-common 0.2.9
PackageArchitecture: all
ProcEnviron:
 LANG=de_AT.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-11.38-generic
SourcePackage: usb-creator
Uname: Linux 2.6.31-11-generic x86_64

Related branches

karlrt (karlrt) wrote :
Evan (ev) on 2009-10-21
Changed in usb-creator (Ubuntu):
importance: Undecided → High
status: New → Confirmed
John Ward (automail) wrote :

I will back this completely, I did do format today of the correct volume no doubt, but was really surprised the way it did it so instantly without any warning.

komputes (komputes) on 2009-12-23
summary: - USB Creator doesnt ask before formatting disks
+ USB Creator does not warn or ask user to confirm before formatting disks

Yes this is a problem! I too accidently formatted my removable harddrive. Right now it's a bit to easy to do...

komputes (komputes) wrote :

We need to issue at least one warning before performing any destructive operations. This high priority bug causes accidental data loss and should be fixed for Lucid.

Ideally, when warning that a device will be formatted, we need to present the Current Drive Name/Label, and request a New Name/Label and warn "Please make sure you have backed up all data off this drive. $CURRENTNAME will be formatted to $NEWNAME".

komputes (komputes) wrote :

It seems lp:~flimm/usb-creator/warn-before-format was added as a fix to this issue. Evan, can you review this proposed change. Thank you.

Daniel Richard G. (skunk) wrote :

I'm not sure about requesting a new drive name / label---what exactly do you mean by "drive name," anyway?---but at least a dialog that can't be clicked through unthinkingly/accidentally would be good. Maybe something like an EULA dialog, where you have the dialog text, an appropriately-labeled checkbox, and a "Format" button that is greyed out until the checkbox is marked.

komputes (komputes) wrote :

Hi Daniel,

By "drive name" I mean the name of the drive that (should) show up when you pop it in. This is a recognizable human readablename such as "My Passport" or "AwesomenessDrive". When using FAT this is achieved in the back end using "sudo mlabel -i <device> ::<label>"

ex.
$ sudo mlabel -i /dev/sdb1 ::AwesomenessDrive

The reason I think any formating tool should request a drive name/label is because we currently mount unlabeled drives to something like ex. (FAT32) /media/F8EB-024G or (ext3) /media/4532f2cd-0110-4dd5-a5d2-2b4d547d84e5. This was introduced in Karmic and is explained in detail in Bug #390304.

Therefore it is good practice that *any* tool which can format a disk, ask for a drive/partition label. This adds to security and intuitiveness by removing the stress brought on bu device paths. The standard response from a user being: "Uh, well... I don't know, not too sure, which drive i should format, /dev/sd...". Very unsafe and leads to data loss.

There is no reason, to show an End User License Agreement when formating a disk. A confirmation pop-up window with the following informative warning should be sufficient (I have expanded my previous suggestion):

"Please make sure you have backed up all data off this drive. $DEVICEPATH $CURRENTLABEL (on $CURRENTMOUNTPOINT/Not mounted) will be formatted to $NEWLABEL".

Daniel Richard G. (skunk) wrote :

Oh, okay, so "drive name" and "label" are really synonyms. ("Label" would be the better term... by "drive name," I thought you might have been referring to the lsusb device name. Besides, this is what would appear in /dev/disk/by-label/, or be used in e.g. root=LABEL=home)

I agree that encouraging the use of labels is a good idea; device nodes and UUIDs tend to look all the same after a while. But I'd like to make sure you don't have the assumption that, when formatting an existing filesystem, that the label will necessarily be different. With usb-creator, my original intention had been to format the partition as a quicker alternative to deleting all the files therein, in any event keeping the same label and filesystem type.

David D Lowe (flimm) wrote :

Hi. I'm the author of the proposed patch in lp:~flimm/usb-creator/warn-before-format

When the user tries to format a drive with just one partition on it, this message would be displayed:

Formatting the drive will erase it in its entirety.
Make a backup copy of any valuable data on $GNOME_PARTITION_NAME (/dev/devicename) before continuing.
   |Cancel| |Format entire drive|

When the user tries to format a drive with several partitions on it, this message would be displayed:

Formatting the drive will erase it in its entirety.
Make a backup copy of any valuable data on $GNOME_DRIVE_NAME (/dev/devicename) before continuing.
The following partitions will be deleted:
  /dev/devicename LABEL1
  /dev/devicename LABEL2 (etc)
   |Cancel| |Format entire drive|

I haven't added the name of the new partition because I don't think USB creator labels the new partition. Correct me if I am wrong.

komputes (komputes) wrote :

That's right, the technical term is Label (assigned to a partition).

The user can name the partition as they would like, even the same name, or no name.

Formatting the partition instead of deleting the file - Yes, this need to be standardized take a look at Bug# 296160 in which a standard (foolproof) way of formatting is being requested to avoid issues.

Cheers!

komputes (komputes) wrote :

Hi David, thank you so much for the proposed changes. usb-creator does not name a drive when it formats it (yet). This would be an added feature to avoid confusion.

ex. if you have a label on the disk, it will be gone when formatting it. Any program offering to format should allow the user to enter an optional label.

If it's not too complicated do you think you could implement this feature as well?

Thanks again for all your help!

Moreover, I had several partitions on my usb drive. I selected the one I wanted to install on. Then I clicked the format button thinking it would format the selected partition. But it formatted the entire drive ! An alert saying "Caution, this will format the *entire* drive /dev/sdb1" would have certainly saved me. Formatting the selected partition only should be the right thing to do though (with an alert popup too).

David D Lowe (flimm) wrote :

Hi komputes, I think I could do that, I just can't seem to think of a good way to input the label of the new partition. Should a new dialog be displayed just for that? Any good designers here?

Daniel Richard G. (skunk) wrote :

If there's a separate dialog, it could give the warning/confirmation people have been asking for, in addition to the widget for entering the new label. Two birds with one stone.

Laurens (laurenssss) wrote :

See also
https://bugs.launchpad.net/bugs/484252
Comment #5
(Format the *entire* drive instead of partition.)
Three birds with one stone ;)

komputes (komputes) wrote :

I am not a graphical interface designer but this is a simple mock up of what I had in mind, please comment.

komputes (komputes) wrote :
komputes (komputes) wrote :
komputes (komputes) wrote :
komputes (komputes) wrote :
komputes (komputes) wrote :
Daniel Richard G. (skunk) wrote :

So, you're thinking of a wizard-type approach.

I think dialogs 1 and 2 should be merged; having them separate seems like just an excuse to require another click. I like dialog 3b better than 3a, but then that means you're combining the format and install operations (which wouldn't be a bad idea, just a little out of scope here).

Dialog 1 and/or 2 should additionally show the device form factor (e.g. "Secure Digital flash memory card") along with a large icon, as well as the USB device name (e.g. "JD Firefly") and the size of the device as a whole. For each partition, show the label (if present), the size, the and the filesystem type and/or partition type. In other words, show as much as possible about the disk that is about to get wiped!

komputes (komputes) wrote :

@Daniel, yeah, I'm not that great at UI design, this is basically my starting point playing around with glade dialog presets. Not even sure that this is compatible with the current usb-creator project, just wantd to make a mock up.

I agree with you:
+1 on merging 1/2 ito a single screen
+1 on disk type icon
+0 for the labels, this is already done in image 2 (DiskLabel, AwesomenessDrive, Kingston)

Daniel Richard G. (skunk) wrote :

Not only should the labels be shown, however; the dialog should also indicate that each one is a "label" (perhaps even being more specific with "filesystem label"). It wasn't clear what the identifiers were in dialog 2---especially "Kingston", which struck me as a USB device name.

    Hello, I had also met this bug and had lost my valuable data.

    As I think (Perhaps not precisely... Forgive my poor English ;) ), the discussion above indicates that till now the program will format the WHOLE DISK into one partition. However, we can choose ont partition on the disk (and of course not click the horrible "Format" button) and make it a bootable partition with ubuntu within it; on the other hand, tools such as gparted can easily format ONLY ONE SELECTED PARTITION without effecting other partitions, and I think it might be not difficult to implement a similar feature in usb-creator.
    Therefore, can we make usb-creator able to format only one partition after we click the "Format" button? It must be very nice to all users of usb-creator.

    Hope to be helping, thanks :)

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package usb-creator - 0.2.19

---------------
usb-creator (0.2.19) lucid; urgency=low

  [ Mario Limonciello ]
  * Don't force select a source unless the list is empty.
  * Reverse the order of the populating ISOs and command line option --iso
    again so that --iso always trumps others.
  * Hide the source_vbox again when --iso is used.

  [ Evan Dandrea ]
  * Get rid of the needs-format warning for now. It was always shown
    for parent block devices and the confusing resulting from that was
    quite bad.
  * Rework partition mounting so that it doesn't fail if the partition
    was mounted between dbus calls.
  * Somewhat fix progress reporting.
  * Don't write usb-creator-helper's log to /root (LP: #461064).
  * Provide a format confirmation dialog (LP: #443330).
  * Error out of formatting if we're unable to unmount all of the
    partitions (LP: #507420).
  * Provide feedback via a spinning cursor and disabled format button
    while formatting (LP: #457737).
  * Only call gtk.main_quit if we're in a mainloop.
  * Don't try to unmount a partition in usb-creator-helper unless it
    actually is mounted.
  * Unmount the partition at the end of install using
    usb-creator-helper rather than umount as a regular user.
  * Handle device changes by synthesizing a remove and add.
  * Pulse the progress bar while flushing changes to disk.
  * Pulse when installing the bootloader.
 -- Evan Dandrea <email address hidden> Wed, 24 Mar 2010 18:34:35 +0000

Changed in usb-creator (Ubuntu):
status: Confirmed → Fix Released
Laurens (laurenssss) wrote :

On updated lucid I experienced that the following part of this bug was not fixed:
usb-creator formats the whole disk instead of one partition.
This is mentioned in comment #12 as well in the following bug reports which were marked as duplicates:
https://bugs.launchpad.net/bugs/446891
https://bugs.launchpad.net/bugs/533663
And in this one I marked some code which might be the source of the problem:
https://bugs.launchpad.net/bugs/484252

Changed in usb-creator (Ubuntu):
status: Fix Released → Confirmed
Changed in usb-creator (Ubuntu):
status: Confirmed → Fix Released

Laurens, Changing back to fix released as the original bug report was for issuing a warning dialog, which has been corrected.

Bug #484252 should not be a duplicate of this (which I have corrected). Please continue your reporting on that other bug.

Joe Carey (joecarey) wrote :

I lost an entire 500GB hard drive because of this. All my photos from since I moved to Japan, my wedding, my first born child are gone. Testdisk hasn't found anything. I feel like crying. If anyone reads this please help. <email address hidden>

David D Lowe (flimm) wrote :

Hello Joe. I really feel for you. Losing personal memories like that can be heart-wrenching. There may be ways to recover your data, although there are no guarantees (unless you have a back-up). If I were you, I would seek help on any of the official or community support channels of Ubuntu.

http://www.ubuntu.com/support

I would recommend ubuntuforums.org, askubuntu.com and the #ubuntu IRC channel.

Since this bug has been fixed in the latest versions of USB Startup Disk Creator, you're unlikely to find help in this bug tracker.

Joe Carey (joecarey) wrote :

I've been looking at some options.
I've since discovered that the files are indeed there, but recovery will take hours and hours and probably the purchase of another external hard drive. I was able to lift a few mp3s out using photorec and I'm sure I can get the rest, minus the filenames that is. So, for music it might mean downloading everything. And with the new draconian law in Japan... well. We'll see. For convenience sake, I have a recovery program running off my old xp based laptop. At the very least, I know the data is there.

I appreciate your kind words.

-Joe

Joe Carey (joecarey) wrote :

Photorec is indeed recovering all the photos, thanks! Pain in the ass to sort it all, but better than losing it.

While I agree that this bug is severe, losing person's most important data is the fault of this person itself. It is irresponsible beyond imagination to keep all such important things just in one place. There are loads of things that could happen to that drive beyond formatting it by mistake; most of all, drives just brake from time to time. Keeping two copies is an absolute minimum and I personally tend to keep my really most important data at least in 3 places, one of which is not the drive I keep at home.

It amazes me that so many people are still making this very same huge mistake.

David D Lowe (flimm) wrote :

This is a bug tracker, folks. Comments #29, #30, #31, #32, #33 and #34 don't belong here, they're just spam wasting valuable developer time.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers