Tyler MacDonald wrote:

[snip]
You are effectively using a BCH code with a Hamming distance of 2. This
same distance can be achieved with only three copies. Now, if you have
a way to know which copy got corrupted (IOW, you have three states
for any given bit: 0, 1, missing, as opposed to just 0, 1) then your
method is better, because correcting mising bits takes less information
than corrected corrupted bits. But if you have no way to detect missing
bits, then you are doing effectively no better than you could with just
three discs.

[snip]

Mike

Thereby ensuring that the entire backup depends on the survivability of
the private GPG keys of the owners of the servers. If they lose their
keys, the entire backup system is worthless. How are the keys backed
up?

-- hendrik

good point and one I hadn't thought of, though its obvious now that
you mention it. I'm thinking of moldy floppies and aging cd's that
definitely fall apart over time with probably less of the typical
bathtub shape and more of a slippery slope...
:)
absolutely right.
That's why I'm hoping the universe is circular. I can catch the
broadcast on the way back ;-)

A

ps. Mike, I got one of those bounces the other day and the whois
pointed to US DOD servers. heh.

Speaking pedantically, if the probability of error is greater than 50%,
you can complement every bit and gte a probability less than 50%.

-- hendrik

You are the only one who can answer this question. AFAIK, tape systems
have *not* been using FEC. The systems I've used have implemented
ED, but not EDAC.
I can't help that.

How about stating some measureable goals in the form of requirements
instead of just complaining that some systems don't meeet your needs?
Then perhaps some of us could suggest possible solutions. At present,
I feel like whatever I suggest is going to be met with another objection
that an as-yet-unstated requirement is not being met.

You seem to have just added a requirement that what you use be something
which was used on tape before 1991.

Mike

Hi Ron,

I'm hoping someone who can remember computer history prior to 1991 can
give some perspective.

It think (__please__ correct me if I'm wrong) that the tape systems had
the ECC as part of the hardware. Write a plain datastream to the drive
and the drive did the ECC part transparent to the user. Read the data
and a bad block gets fixed by the hardware ECC.

I'm told that modern hard drives also do ECC but I can't find out how
that is implemented. I'm told that if a block starts to fail (whatever
that means) then the data is transferred to a new unallocated block,
transparent to the rest of the computer. Only if the drive runs out of
unallocated blocks does it give errors.

The question is, if a block is sucessfully written now, if the drive is
not used for 5 years then a read is attempted, is the drive able to
retreive that data using ECC (as a tape drive could)?

Since I don't __know__ that it can, I'm assuming that it can't. I'm
playing my own devils advocate and trying to find out how to plan to be
able to read successfully off a drive with bad blocks after years of
sitting on a shelf.

I'm focusing on the one-drive issue because this is one drive sitting in
a bank vault. This is __archive__ (just like tape). I have backup
procedures as a separate issue. One of the places that backup data goes
to is the bank vault archive.

In the absence of an all-in-one archive format, I'll use tar (which can
detect errors just not fix them) to take care of names, owners,
permissions, etc. Then that tar needs to be made ECC and compressed.
If I want to throw in a monkey, I'll consider encryption.

Yes tape drives do that. Its probably why they cost so much. Hard
drives are much cheaper and are supposed to be able to hang on to their
data (Seagate gives a 5 year warranty). But having seagate give me a
new drive when I can't get my data off after 4 years is cold comfort.

The other problem with tapes is their fragility. Drop a DLT and I'm
told that its toast. Put that tape in the drive and I'm told it can
damage the drive. A laptop drive in a ruggedized enclosure is much more
robust and has a wider environmental range.

Perhaps what I'm looking for doesn't exist. If it doesn't, I'll start
work on it.

As far as computer history prior to 1991, I could never get the hang of
C. I'll stick with fortran77.

Doug.

[snip]
15% to do what?

I have designed some BCH FEC codes for a few systems, so I think I
have a reasonable feel for what is involved.

What you describe is correct only if each bit has only three values:
0, 1, and missing. If the transmission channel can only change a bit
from 0 to missing, or 1 to missing, but no other values, then 100%
redundancy is adequate for single error correction. If other types of
damage may occur, then 100% redundancy is not adequate. A distance 2
code is adequate if the only changes the channel introduces is missing
bits. But if not all bits may be distinguished as damaged, then at least
a distance 3 code is required, which needs more than 100% redundancy.
Wherever they get stored is irrelevant, except insofar as it may aid
the code in burst detection and correction.
FEC = Forward Error Correction. When a transmission channel makes
error detection with request for retransmission infeasible (like
with space missions, or when the data are recorded, and no other
copy exists to use as a retransmission source, for examples) then
one uses some form of FEC. ECC = Error Correcting Code, which refers
to the code itself, not the technique. EDAC = Error Detection And
Correction, which refers to any number of techniques which may
include error detection with request for retransmit, or FEC,
for examples.
Then the information in the check and data bits is used to correct them.

In a properly designed code the check bits are themselves part of the
correctable data, so that errors in them are correctable. The check bits
are not treated any diffferently from any other bits. They are all just
data. If the total number of bits which are damaged does not exceed
the ability of the code to correct, then they are all recovered.
How well does the disc work with bad blocks? If you have errors which
the disc itself cannot correct, then you are going to have to do
very low level recovery, indeed. That is why I suggested not doing that,
but rather use your own FEC, by having redundant copies of the entire
disc. In this wise, you don't have to go about trying to recover
whatever high level information may be on the disc, and fixing the
data storage format itself. If you do that, then it doesn't matter
whether there is a file system present, and if it is present whether
it can recover from corrupted blocks. You do the low level recovery,
then whatever data were on the discs it is recovered.

To put it another way, if the disc is unable to read its platters,
then it can't and you aren't going to get data, anyway, for those
sectors. It's better then, not to try to layer on top of something
that is going to lose large blocks by trying to do it on the
same device, but rather to rely on a separate device. To get data
for those sectors, you'd have to issue low level commands to the
controller, instructing it to do long-reads and ignore errors.

I've done that once with 360K floppies, and recovered data that
way, but I wouldn't want to go through learning how to do that
again for whatever hard disc I might have. For one thing, modern
discs do sector remapping, and I'd have to go through all that
rigamarole of finding out (if the manufacturer would even disclose)
how that takes place, and how to instruct the disc to ignore it,
and what the FEC code used on the sectors is, etc.

An added benefit of this is that it essentially creates a code which
has the ability to correct bursts as long as the whole disc, which is
quite long, indeed.

To put it another way, suppose we use CDROMs to store our information
in ISO format, and make three copies. Suppose that we get read errors
on the discs later. The easy way to handle this is to rip the ISO
images from the three discs, errors and all. Then we use the majority
rule to examine each bit. If two of the images agree that a bit is
a 1, then we put out a 1. If two of the images agree that a bit is
a 0, then we put out a 0. When we are through, then if there are
not any double errors, we have a correct ISO image which may be
mounted, or written to new media or whatever. It doesn't matter
whether the data form a file system, nor whether the file system
have any ability to correct errors. What matters is that, whatever
the format of the data on the storage medium, we can recover it.
We don't try to repair the file system, we repair the underlying bits.
Repairing the file system is too laborious.

If we can't recover an ISO image (or other file system image), then we
can't recover raw data written to disc, either. If we can recover a raw
disc write, then we can also recover an ISO image, or any other file
system format. It's all just bits recorded on a single long spiral on
the disc. To the bits themselves, it makes no difference if they got
there to make up a file system, or got there as a raw image. They are
all raw images, in the end. It's just a matter of a raw image of what.
A raw image of a file system is still just bits.

So, ISTM that whether any file system be used for storage is irrelevant,
so one might as well go ahead and use a file system for ease of mount
and read, unless the overhead of the directory entries is something
one wants to avoid. But in that case, one is going to lose permissions,
and dates, etc.

OTOH, if you want to save space, then a raw image of a compressed
archive file like a tarball will be smaller. But that is a separate
issue from data recovery.

Mike

[Mike wrote]
If p = 0.01, then (1-p) = 0.99, and (1-p)(1-p) = 0.9801, so that
1 - (1-p)(1-p) = 0.0199 exactly.
If the probability of the first one failing is 60% and the probability
of the second one failing is 60%, then I suppose you believe that the
probability of one or the other or both failing is 120%.

The probability in this case works out to 1-(0.4)(0.4) = 0.84.

The way to think of it is that it is 1 - Pr(none fails).
This extends to any number of independent events.
The problem with trying to add those probabilities is that
the events are not disjoint, so the probabilities do not add.

You can however decompose it into events A, B, and C which are
disjoint, as A = {disc one fails, but disc two does not},
B = {disc two fails, but disc A one does not} and
C = {both discs fail}. This is all the ways one or more discs
fail, and the events are disjoint.

Pr(A) = p(1-p)
Pr(B) = (1-p)p
Pr(C) = p^2

So, Pr(at least one disc fails) = p - p^2 + p - p^2 + p^2
= 2p - p^2

This technique gets more complicated as the number of events
increases.

NB: 1 - (1-p)^2 = 1 - (1 - 2p + p^2) = 2p - p^2, as computed
above.

[snip]
:-)

Mike

It's very easy. Suppose we have events E1, E2, E3, ... En. Suppose that
the occur independently. Suppose that Pr(Ek) = Pk. Then the probability
that at least one of the Ek occurs is

1 - (1-P1)(1-P2)(1-P3)...(1-Pn)

If the probabilites are all the same, Pk = p for all k, then it is

1 - (1-p)^n

In the case we just discussed where p = 0.01 and using n = 3 per your
request, we get

Pr(one or more of three discs fails) = 1 - 0.99^3 = 0.029701
Depends on how "partially" it fails. It may be "partially" failed so
that some sectors are readable, and others are not.

I'm not a Linux expert, so I don't know the answer to your question.
Umm,

RAID 0 striping, results in speedy access only, not true RAID
RAID 1 writes redundant copies of data to two (or more) discs
RAID 3 writes redundant data to three (or more) discs reserves
one disc as "parity"; requires at least four discs

I've implemented a RAID 1 system in a fully redundant system (dual
discs, dual controllers, each controller able to control each
disc, both controllers connected to independent computers with
separate power supplies). That's the way I did it. Writes went
to both discs, and did not return to the requesting app until
both writes were complete unless a no wait I/O was requested,
in which case I provided notification when the write completed.

Reads simply used the disc on the same side using the controller
on the same side as the requesting CPU, unless one disc failed.
If I got read error reports, then I used a leaky bucket. If the
leaky bucket overflowed, then I placed the suspect disc out of
service, asserted a frame alarm, issued an Information or Problem
Report (IPR) and continued with just one disc. When the disc
got replaced, then I'd format it, and start equalizing. I started
at the bottom of disc, and kept a high water mark. Any writes
below the high water mark were done redundantly, while writes
above the high water mark were done simplex. When the high
water mark reached the top of disc, then it was put back into
service, and the alarm was abated.

I did the same sort of thing with the controllers, placing
one out of service if it was deemed to be failing, and all
reads and writes took place through the still functioning
controller, until the failing one got replaced.

For more information, I suggest that you consult
http://www.sohoconsult.ch/raid/raid.html
for some information on how the various level of RAID work.

Mike

Right, but for a disconnected drive sitting on a shelf? Also, during
those scary messages, do I still get all the data (in effect the drive
is fully function just complaining), or are some blocks unreadable. If
the former, that counts as atomic.
Right but a tape media has a mechanical aspect to it. They also have a
narrow environmental storage range compared to disks.
Of of a third hard drive.
Personal data. Design archive size is 80 GB but want it to scale well.

What I've found is that for the same money as a DLT tape, I can get a
2.5" seagate hard drive. A ruggedized enclosure is $30 (Addonics
Jupiter). The only cost that corresponds to a tape drive unit is the
interface cable to connect the drive enclosure. I can keep a USB cable
in the bank with the archive so that I can use it with any computer, and
an eSATA cable here (eSATA will _eventually_ be hot plug I hope).
When I say raid1, I'm referring to having the archive drive added to a
raid1 array while it syncs then removed from the array and put into
storage. Out of the array it can function as an independant drive if
need be, but can also be used to recreate the array if the origional
array drives are destroyed.

Besides, virtual tape storage units seem to use raid.

So the question is, do I use a filesystem like JFS on the drive or use
tar.bz2 with par2 files appended directly to the drive.

If the drives are atomic, then I may as well use a filesystem for
convenience. If failures after storage are likely to show up as some
unreadable and unrecoverable blocks, then looking at some redundancy in
the data stream itself may be useful.

Thanks,

Doug.

RAID was not designed for archives. I can see no reason why
it wouldn't work for that. RAID 1, for example, is simply
making two (or more) copies of the data. Are you saying that
making more than one copy of a backup is not a reasonable
approach?

I see no reason why RAID 5 could not be used when data
span multiple CDROMs, for example. Let's consider the
case where the data span two CDROMs, and one wants
some assurance that if one of the media fails, the
data will still be recoverable. Then one can write the
two CDROMs, and then write another which is the bitwise
XOR of the other two CDROMs. If any one of them fails,
all data are recoverable. This only takes 1.5x as many
discs, whereas making two copies would take 2x.

Essentially, with RAID 5, one uses some version of a
systematic BCH code with the check bits stored across
the additional drives. Then, if one or more of the drives
should fail, the data on the others could be used to
reconstruct the data. I see no reason why this could not
be applied to CDROMs, or any other archive medium.

The main advantages would be that one would essentially
have burst error correction of the size of the disc
(this being, with the FEC on the disc, if any, an
interleaved code in effect), which is enormous, indeed,
and economy in storage over using multiple copies, as
illustrated above.

Mike

Thanks Hendrik,

I understand what you mean about compression and that seems to be the
consesus not just here but in general: without error correction, don't
compress so that recovery is possible; with error correction, compress
to save space.

I was 4 years old in 1970. However, later (forget the year) I had a
Timex/Sinclair 1000. The programs I wrote in Basic can and have
sometimes been ported to my Sharp PC-1401's Baisc, and later ported to
python on linux. The facilitator as always is well documented
non-cryptic code. However, the OS I made for the first computer I made
from scratch was written in Z-80 machine code in hex so isn't any good
for anything else. Anything I write now is either in python or
fortran77. I strive to keep everyting portable and minimize the use of
add-ons. Pure fortran77 should always be able to be compiled on pretty
much anything. If a python interpreter goes out of style, at least the
souce forms a great prototype for a new port. I don't do C or perl and
I only program sh like a dos bat file (if flow-control is needed I
switch to python) which I suppose makes me an oddity on *NIX.

That's why I was looking for an existing archive format with built-in FEC.
Anything I cobble together would have to be backed up separatly so that
restoration would be possible. I __really__ wish that FEC was a
standard option of tar, cpio, or afio being readily available. Par2 is
available as a package but will it always be? If I just archive its
executable, it may not work with whatever the libs-de-jure so I may try
to learn how to compile if from souce statically linked.

All I really want is an archive media (and format) as robust as
pigment-on-parchment, that can store 80 Gb in about 300 cubic
centremeters (the data density of a 2.5" drive in a ruggedized
enclosure). I guess this is the holy grail of data storage and is
both the bread and butter of the big specialized companies and the
reason that banks still print everything out somewhere.

I wonder what NASA did for their deep-space probes like Voyager? The
recent stuff seems to be disposable (e.g. how long will this one last?),
but Voyager was meant to keep on running. They used some sort of gold
pressed record for ETI to read but I wonder what they used for the
computer's OS and data-storage in-between downloads?

Thanks

Doug.

[snip]
That's why you write such s/w in generic ANSI C. (I presume there's
some "strict" switch in g77, too.)
Shame on you for not writing in a portable language. Go COBOL!!!

- --
Ron Johnson, Jr.
Jefferson LA USA

Is "common sense" really valid?
For example, it is "common sense" to white-power racists that
whites are superior to blacks, and that those with brown skins
are mud people.
However, that "common sense" is obviously wrong.

Even with FEC uncompressed may be better. OTOH, fewer bits to fail
is an advantage.
I wrote some machine language programs for the IBM 1401 in 1969.
Does that count as programs that can't be run any more?

Mike