All about Raid 5

Good day guys.

I had some recent trouble with my office server, so I decided to write about the Raid version we were using.

What is Raid?

I know everyone says its Random Array of Independent Disks / Inexpensive Disks. (Inexpensive is really not that true, but you know, compared to the data they save, the disk could be inexpensive).

OK. Let me explain what it is. RAID is a mechanism in which your data will be split amongst several disks so that there are redundant (duplicate) copies of the data. With redundant copies, the system becomes fault tolerant. Remember, I am not giving you the real techie stuff. I'm writing this for people without the IT background to understand.

Raid has several levels that starts from 0 to 10 (so far). Different levels means different ways in which the data is divided and stored into the disks.

So I will be speaking about RAID 5 here. RAID 5 is a RAID level which requires 3 Hard Disks Minimum and maximum of 8.

In layman terms, RAID 5 handles 3 disks at minimum and blocks of data are split into the three disks. First of all, Raid will take these thrree or more disks and combine it as one logical unit. When you are installing the OS, you will notice that there is only one disk consisting of the total space of two disks, the third disk is not added. This is because the third disk is considered redundant and does not add up to the total space.

So if you use three 120gb hard drives, you will have 240gb of actual usable space. If you use five 120gb hard drives, you would have 480gb of usable space. The more drives you use, the more efficient your storage space becomes without losing any redundancy.

RAID 5 offers accelerated read performance because the data stream is accessed from multiple drives at the same time. Referring to figure 1, let's say that stripe A was a single file. Normally on a single drive when you open that file, the whole thing would be streamed from the one hard drive bit by bit - thus the one hard drive's max read speed is going to become a bottleneck. BUT, with a RAID-5, that one file can be accessed in 1/3 of the time because it will be read from all 3 drives at once; block 1 has the first 1/3 of the file, block 2 has the second 1/3 section of the file, and the block 3 has the last part of the file. This, in a perfect situation, causes your read speed to be tripled - with even more performance potential in RAID-5 arrays containing additional hard drives!

Rebuilding the Drive

For easier understanding/explaining, we are only going to be working with 4-bit blocks. Actual data blocks can range from 4kb (32,768 bits) up to 256kb (2,097,152 bits), but the method is exactly the same regardless of how many consecutive bits you work with. In figure 3, the yellow blocks represent the parities for each stripe. As you may notice, the parities are distributed evenly between all drives. This provides a slight increase in performance and is what separates RAID-4 from RAID-5 (RAID 4 keeps all parities on a single drive).
Lets examine the first stripe of figure 3. To compute the parity, we must run the XOR comparison on each block of data in that stripe. You XOR the first two blocks, then take the result and XOR it against the third block (and continue this for all drives in the array - except for the block where the parity will be stored).

(Drive 1) XOR (Drive 2) = (0100) XOR (0101) = (0001)
(Result) XOR (Drive 3) = (0001) XOR (0010) = (0011)

Recovering Data
The very cool thing about XOR comparisons - and what makes RAID 5 possible - is that if one value comes up missing, you can always find the missing value by doing an XOR comparison on the remaining values! Referring back to figure 3, let's say that drive 1 fails. The user will be prompted by the raid controller and alerted that a drive has failed and must be replaced. As soon as a new drive is put in, the controller will automatically start rebuilding the lost data. Here is how we rebuild drive 1, stripe 1

(Drive 2) XOR (Drive 3) = (0101) XOR (0010) = (0111)
(Result) XOR (Drive 4) = (0111) XOR (0011) = (0100)

As you can see, the final result is 0100. Now refer back to figure 3 at drive 1, stripe 1.... sure enough, its 0100! Amazingly, right? Just for fun, let's rebuild stripe 2 as well with the assumption that it is drive 1 that has failed.

(Drive 2) XOR (Drive 3) = (0000) XOR (0110) = (0110)
(Result) XOR (Drive 4) = (0110) XOR (0100) = (0010)

The missing block was calculated as 0010. Take a look at figure 3 to verify what drive 1, stripe 2 was before the failure and see if it matches the computed value... of course it does!

How to Move or Copy Mail from One Gmail Account to Another (Using Only Gmail)

Move or Copy Mail from One Gmail Account to Another (Using Only Gmail)

To move (or, of course, merely copy) all received and sent emails from one Gmail account to another Gmail account by having the new account fetch the messages:

• Make sure all email programs or services you have configured to download mail from your old Gmail account using POP are closed or set not to check mail automatically.

• Log in to the account from which you want to import.
• Click the Settings gear in your Gmail's toolbar.
• Select Settings from the menu that comes up.
• Go to the Forwarding and POP/IMAP tab.
• Make sure Enable POP for all mail (even mail that's already been downloaded) is selected underPOP Download: irrespective of the current status under Status:.
  • You do not have to move messages to the old account's inbox for the new account to pick them up. Archived mail will be fetched.
• You can select archive Gmail's copy under When messages are accessed with POP to have your old account's inbox cleared or delete Gmail's copy to move mail instead of copying it; you can also choose keep Gmail's copy in the Inbox (unread) or mark Gmail's copy as read, of course.
• Click Save Changes.
• Click your picture (or the icon) in Gmail's top right corner.
• Select Sign out from the menu that appears.

• Log in to the Gmail account to which you want to move the messages.
• Click the Settings gear.
• Select Settings from the menu that shows up.
• Go to the Accounts and Import tab.
• Click Add a POP3 mail account you own under Check mail from other accounts (using POP3):.
• Enter the email address of the Gmail account from which you want to import under Email address:.
• Click Next Step ».
• Verify the desired Gmail account's user name is entered under Username:.
• Type the Gmail account's password under Password:.
• Make sure pop.gmail.com is selected under POP Server:.
• Make sure 995 is selected under Port:.
• Now make sure Leave a copy of retrieved messages on the server. is not checked.
• Verify Always use a secure connection (SSL) when retrieving mail. is checked.
• Optionally, check Label incoming messages: and pick the label corresponding to the old Gmail account's email address, an existing label or New label… for a new label.
• Optionally, check Archive incoming messages (Skip the Inbox) so imported emails do not show up (or clutter) your new Gmail account's inbox.
• Click Add Account ».
  • If you are presented an access error, you may have to authorize Gmail to access itself.
• Typically, select Yes, I want to be able to send mail as ___@gmail.com. under Would you also like to be able to send mail as ___@gmail.com?.
  • Having your old address set up as a sending address in the new account lets Gmail recognize your old sent messages and place them in the Sent Mail label.
  • You can choose No, of course; you can always add your old address as a sending address later.
    If you select No for Would you also like to be able to send mail as ___@gmail.com?, clickFinish and skip the upcoming steps.
• Click Next Step ».
• Enter your name under Name:.
• Click Next Step ».
• Leave Treat as an alias. checked.
• Click Next Step ».
• Now click Send Verification.
• Click Close window.
• Click your icon in the top right corner of Gmail.
• Select Sign out from the sheet that comes up.
• Log in to Gmail using the address from which you import.
• Open the message from Gmail Team with the subject Gmail Confirmation - Send Mail as ___@gmail.com.
• Highlight and copy the numeral confirmation code under Confirmation code:.
  • Do not follow the verification link.
• Again, click your account's icon in the top right corner.
• Select Sign out.
• Log in to Gmail again, this time with the account to which you import.
• Click the Settings gear.
• Select Settings from the menu that comes up.
• Open the Accounts and Import tab.
• Click Verify for the old Gmail account's address under Send mail as:.
• Paste the verification code under Enter and verify the confirmation code.
• Click Verify.
  • As an alternative to this somewhat convoluted process, you can try waiting for Gmail to import the verification message and follow the confirmation link right from inside the new Gmail account.

Gmail will not fetch all messages in one go. It will download mail from the old account in batches of approximately 100–200 emails at a time instead. Typically, importing will start with the oldest mail.

Gmail will download messages in your old Gmail account's Sent Mail label in addition to messages you have received. If you have set up the address from which you imported as a sending address in the new account, sent mail will appear under the new account's Sent Maillabel, too. <

Stop Continued Importing of Mail from the Source Gmail Account (and Prevent Duplicates)

To stop Gmail from continuing to import new messages from the old account (or import everything anew if you ever reset the POP access status for the old account to offering all messages):

• Click the Settings gear in the new Gmail account.
• Choose Settings from the menu that comes up.
• Go to the Accounts and Import category.
• Click delete for the Gmail account from which you imported under Check mail from other accounts (using POP3).
• Click OK under Are you sure you want to delete this mail account?.

Unlock Gmail for a New Email Program or Service

To allow a new email program that Gmail has blocked as suspicious access to your account:

• Have the email program or service that has failed to access your Gmail account ready.
• Visit the Allow a new application to access your account page at Google.
  • Log in to the desired Gmail account if prompted.
• Click Continue.
• Within 10 minutes, have the previously blocked email service or program check for new messages.

How To Restrict Access To Drives In My Computer In Windows

How To Restrict Access To Drives In My Computer In Windows

If you have a shared or public computer that several people use, you might want to restrict access to it’s drives to prevent users from deleting important data. Today we look at restricting access to some or all drives on the machine using Local Group Policy.

Note: This method uses Local Group Policy Editor which is not available on home versions of Windows 7 or Vista

First type gpedit.msc in the search box of the Start Menu and hit Enter.

Now navigate to User Configuration \ Administrative Templates \ Windows Components \ Windows Explorer. Then on the right side under Setting, double click on Prevent access to drives from My Computer.

Select Enable then under Options from the drop down menu you can restrict a certain drive, a combination of drives, or restrict them all. The main drive you would probably want to restrict is the C:\ drive or which ever lettered drive Windows is installed on. Restricting all drives means they can’t access the CD or DVD drive, and cannot use a flash drive if they need to get files from it.

Note: This setting won’t prevent users from using programs that access the local drives.

The restrictions take effect immediately, no restart is required. When a user opens up My Computer they’ll be able to see which drives are listed, but when they try to access a restricted drive, they’ll get the following error message.

 

For the screenshots in this tutorial we used Windows 7 Ultimate, but this process also works with XP Professional and Vista (not in Home versions) the screens just look different.

Local Group Policy allows you to customize several settings for how you want to administer your machine. Restricting access to certain drives in addition to other security and access measures, can help  keep a shared computer stable and secure.

Source: http://www.howtogeek.com/howto/8035/how-to-restrict-access-to-drive-in-my-computer-on-windows/

"Your Java version is insecure" error

Some notes from Joe in the comments …

Got some bad news. If you start messing with your system date and set it to 5/16/13, even if you use the suggestions here of baseline.versions folder instead of files, you’ll get prompted. This all appears to be due to the JRE_EXPIRATION_DATE value that is hard coded to that date in 7.17. I tested it with 7.21 which has the variable set to 7/18/13 and it starts prompting you on 7/18 as expected (I mispoke in my post above 7/18 is correct). So I don’t know of any way to beat this.

I’m using this to push anyone with a JRE related app to demand from the vendor to move away from it. What a joke. 3 billion devices and counting … we’ll see about that Oracle.

Java, I do not like you!

Well, I am sure almost everyone is aware of the (in)famous Java updating mechanism within Java 1.7. 

Here’s the scenario if you haven’t already witnessed the madness with Java 1.7.x.  At the time of this writing, Java 1.7 update 15 was the latest version.  We package it up just like any other version, disabling auto-updates, and everything looks fine.  Then, we fast forward a few months and update 17 comes out.  No big deal, right?  Our package was set to turn Java auto-update off.  I wish it were so.  Once a user hits a webpage that uses Java, they will most likely see the following prompt.  The scary part – you’d never even know this was a problem until it’s too late.  If you deployed the latest version you wouldn’t see any error messages at all.  It’s only when a new version of Java is released that the messages start arriving. 

Your Java version is insecure.  Click Update to install the recommended secure version.  Click Block to stop Java content in your browser or Later to continue and be reminded again later.

Unreal.  So let’s go thru the options here. 

Update:  Since 90% of corporate users are not local admins – that won’t work.  Result:  Service Desk Call

Block:  Block the app from running?  That’s why they are at this webpage to start with.  Result:  Service Desk Call

Later:  Well, this one kind of works.  This will at least get rid of the warning but only bring you to another!  Result:  Service Desk Call

Let’s assume a user clicks “later”  They will then see this additional popup message.  

Do you want to run this application?  Your version of Java is insecure and an application from the location below is requesting permission to run. 

 This particular site is just a Java tester site

 So here’s our new options.

Run:  This will actually run the Java app.  Result:  No Service Desk Call (hopefully)

Update:  Another attempt to update Java to the latest version (remember, Java auto-update is turned off, right??)  Again, no local admin on most corporate machines.  Result:  Service Desk Call

Cancel:  Stops the app from running.  Result:  Service Desk Call

As you can see, sending this to an enterprise-wide distribution is not an option.  This would generate enormous amounts of Service Desk calls and very unhappy users.  This completely blows my mind.  I thought Adobe Flash was bad but now Oracle has topped the list.  I could go on for hours on why Oracle should disable this “feature”.  Until they do, we need a workaround.  Here’s my solution.  Not perfect by any means.  It seems to get rid of *most* of the popups.

You may have to tweak some things depending on your corporate policy/application requirements/etc. 

Remove all older versions of Java (at least 1.7 versions).  My testing with 1.6.x version has been a little strange but I realize application requirement may prevent this from happening. 

• Verify C:\WINDOWS\sun\java\deployment directory is empty.  If not, have your install script delete this full directory.
• You need to now create 2 text files, deployment.config and deployment.properties.  These files basically replace the command line switches in the java install.  Here are the contents of deployment.config

deployment.system.config=file\:C\:/WINDOWS/Sun/Java/Deployment/deployment.properties
deployment.system.config.mandatory=true

The top line basically tells the system where your deployment.properties file is located.  For simplicity I just stuck it in the default location but could also reside on the network.  The second line tells the system if this is mandatory.  I don’t know much more about this setting.  Just set it to “true”.

Here are the contents to put into deployment.properties

deployment.expiration.decision=NEVER
deployment.expiration.decision.suppression=TRUE
deployment.version=7.0
deployment.security.level=MEDIUM
deployment.security.mixcode=DISABLE
deployment.insecure.jres=ALWAYS
deployment.javaws.autodownload=NEVER

The key settings above are: 

deployment.expiration.decision=NEVER 

deployment.expiration.decision.suppression=TRUE

These settings suppresses the “Later” button so you are never prompted. 

deployment.security.level=MEDIUM

This is a big one also.  Still not 100% on this one yet.  The default in the Java install is “HIGH” so I hate to set this lower.  The MEDIUM setting seems to get rid of most of the popups.  The only setting I could find that completely suppresses all warning popup is “LOW” but I can’t imagine security departments allowing this.  May as well stick with the older versions of Java.

deployment.insecure.jres=ALWAYS

This setting suppresses the second popup that warns about running the Java application.  Set to ALWAYS

These 2 files need to be copied to the C:\WINDOWS\sun\java\deployment directory.  Have your script create the directory after you delete it. 

Update 3/8/2013 – NEW STEP

• Create the folder C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\security before installing Java
• Create 2 files – baseline.timestamp and baseline.versions

Contents of baseline.timestamp is just a period ( . )

Contents of baseline.versions shows up like this.  I believe this is telling Java what the current version is for each (1.8, 1.7, 1.6, etc).  I figured out that when you are prompted it creates this file and the registry shown below.  It defaults to 1.7.0_17.  I changed that setting to 1.7.0_13 to trick it into thinking its current.   Another option to get this file is to break it intentionally and go edit this file.  Crossing my fingers…. seems to work! 

It also shows up in the registy like this.

To automate this, you’ll need to create a script to walk the directory tree and add this to each users profile.   You can also use group policy which may be a bit easier. 

**Make sure these 2 files are present before installing Java. **

• Install Java 1.7 with only a /qb or /qn switch.  No need to add any other switches since your files are now in the correct place. 
• TEST TEST TEST!  Again, this is a far from perfect solution and differences will apply between corporations.  I am not a Java expert by any means – so let’s discuss any other options or repercussions! 

Also, a tip on locking the Java settings after deployment from the comments of Rafal below

Just a comment about config and properties file
if you want to prevent users from changing Java control properties you will need to place .locked on property you are changing in the properties mark
therefore
deployment.security.level=MEDIUM
deployment.security.level.locked
will effectivelly lockout/greyout the setting for the user

Hope this helps!

**Update 4/24***

Well, I managed to blow up my environment when Update 21 was released.  My group policy workaround for the files was set to update, not replace.  So if the files were already there and Java overwrote them, group policy didn’t care and saw it as compliant.  TONS of calls.  Ugh Java.

Read thru all the comments below as there are some other ideas that may work.  I think I may have thrown the white flag up and may just do some extensive end user training.  Just don’t hit the “update” button!!!

This is obviously a HUGE issue.  The blog has seen 25K hits just on this page since written.  Hopefully we can still figure it out eventually

Possible workaround – from Morgan in comments.  Worth trying.  Update 5/17

I created the following until Oracle gets there act together. It’s an AutoIT script that looks for the update window and then selects the ideal combination for the user. You can deploy it in the startup folder for users and there is very little CPU impact. Feel free to use and modify as you like.

http://www.autoitscript.com/site/autoit/

CODE HERE—- javafix.txt