|PyPI-Status| |PyPI-Versions| |PyPI-Downloads|
|Build-Status| |Coverage|
|LICENCE|
pyFileFixity provides a suite of open source, cross-platform, easy to use and easy to maintain (readable code) to protect and manage data for long term storage/archival, and also test the performance of any data protection algorithm.
The project is done in pure-Python to meet those criteria, although cythonized extensions are available for core routines to speed up encoding/decoding, but always with a pure python specification available so as to allow long term replication.
Here is an example of what pyFileFixity can do:
|Example|
On the left, this is the original image.
At the center, the same image but with a few symbols corrupted (only 3 in header and 2 in the rest of the file, which equals to 5 bytes corrupted in total, over 19KB which is the total file size). Only a few corrupted bytes are enough to make the image looks like totally unrecoverable, and yet we are lucky, because the image could be unreadable at all if any of the "magic bytes" were to be corrupted!
At the right, the corrupted image was repaired using pff header command of pyFileFixity.
This repaired only the image header (ie, the first part of the file), so only the first
3 corrupted bytes were repaired, not the 2 bytes in the rest of the file, but we can see
the image looks indistinguishable from the untampered original! And the best thing is that
it only costed the generation of a "ecc repair file" for the header, which size is only a
constant 3.3KB per file, regardless of the protected file's size!
This works because most files will store the most important information to read them at their beginning, also called "file's header", so repairing this part will almost always ensure the possibility to read the file (even if the rest of the file is still corrupted, if the header is safe, you can read it). This works especially well for images, compressed files, formatted documents such as DOCX and ODT, etc.
Of course, you can also protect the whole file, not only the header, using pyFileFixity's
pff whole command. You can also detect any corruption using pff hash.
.. contents:: Table of contents :backlinks: top
Runs on Python 3 up to Python 3.12-dev. PyPy 3 is also supported.
pip install --upgrade pyfilefixity
pip install --upgrade pyfilefixity==3.0.2 reedsolo==1.7.0 unireedsolomon==1.0.5
pff which provides several subcommands, to list them:pff --help
You should see:
::
usage: pff [-h]
{hash,rfigc,header,header_ecc,hecc,whole,structural_adaptive_ecc,saecc,protect,repair,recover,repair_ecc,recc,dup,replication_repair,restest,resilience_tester,filetamper,speedtest,ecc_speedtest}
...
positional arguments:
{hash,rfigc,header,header_ecc,hecc,whole,structural_adaptive_ecc,saecc,protect,repair,recover,repair_ecc,recc,dup,replication_repair,restest,resilience_tester,filetamper,speedtest,ecc_speedtest}
hash (rfigc) Check files integrity fast by hash, size, modification date or by data structure integrity.
header (header_ecc, hecc)
Protect/repair files headers with error correction codes
whole (structural_adaptive_ecc, saecc, protect, repair)
Protect/repair whole files with error correction codes
recover (repair_ecc, recc)
Utility to try to recover damaged ecc files using a failsafe mechanism, a sort of recovery
mode (note: this does NOT recover your files, only the ecc files, which may then be used to
recover your files!)
dup (replication_repair)
Repair files from multiple copies of various storage mediums using a majority vote
restest (resilience_tester)
Run tests to quantify robustness of a file protection scheme (can be used on any, not just
pyFileFixity)
filetamper Tamper files using various schemes
speedtest (ecc_speedtest)
Run error correction encoding and decoding speedtests
options:
-h, --help show this help message and exithash submodule:pff hash --help
pff hash -i "your_folder" -d "dbhash.csv" -g -f -l "log.txt"
Note: this also works for a single file, just replace "your_folder" by "your_file.ext".
--append with --remove for the latter):pff hash -i "your_folder -d "dbhash.csv" --update --append
pff hash -i "your_folder" -d "dbhash.csv" -l log.txt -s -e errors.csv
pff hash -i "your_folder" -d "dbhash.csv" -l "log.txt" -o "output_folder" --filescraping_recovery
hecc.txt:pff header -i "your_folder" -d "hecc.txt" -l "log.txt" -g -f --ecc_algo 3
output_folder:pff header -i "your_folder" -d "hecc.txt" -o "output_folder" -l "log.txt" -c -v --ecc_algo 3
ecc.txt:pff whole -i "your_folder" -d "ecc.txt" -l "log.txt" -g -f -v --ecc_algo 3
pff whole -i "your_folder" -d "ecc.txt" -o "output_folder" -l "log.txt" -c -v --ecc_algo 3
Note that header and whole can also detect corrupted files and even which blocks inside a file, but they are much slower than hash.
ecc.txt using an index file ecc.txt.idx (index file is generated automatically with ecc.txt):pff recovery -i "ecc.txt" --index "ecc.txt.idx" -o "ecc_repaired.txt" -l "log.txt" -v -f
ecc.txt without an index file (you can tweak the -t parameter from 0.0 to 1.0, 1.0 producing many false positives):pff recovery -i "ecc.txt" -o "ecc_repaired.txt" -l "log.txt" -v -f -t 0.4
pff dup -i "path/to/dir1" "path/to/dir2" "path/to/dir3" -o "path/to/output" --report "rlog.csv" -f -v
pff dup -i "path/to/dir1" "path/to/dir2" "path/to/dir3" -o "path/to/output" -d "dbhash.csv" --report "rlog.csv" -f -v
pff restest -i "your_folder" -o "test_folder" -c "resiliency_tester_config.txt" -m 3 -l "testlog.txt" -f
Internally, pff restest uses pff filetamper to tamper files with various schemes, but you can also use pff filetamper directly.
To run speedtests of encoding/decoding error correction codes on your machine:
pff speedtest
pff command does not work, it can be replaced with python -m pyFileFixity.pff .Why are data corrupted with time? One sole reason: entropy. Entropy refers to the universal tendency for systems to become less ordered over time. Data corruption is exactly that: a disorder in bits order. In other words: the Universe hates your data.
Long term storage is thus a very difficult topic: it's like fighting with death (in this case, the death of data). Indeed, because of entropy, data will eventually fade away because of various silent errors such as bit rot or cosmic rays. pyFileFixity aims to provide tools to detect any data corruption, but also fight data corruption by providing repairing tools.
The only solution is to use a principle of engineering that is long known and which makes bridges and planes safe: add some redundancy.
There are only 2 ways to add redundancy:
Error correction can seem a bit magical, but for a reasonable intuition, it can be seen as a way to average the corruption error rate: on average, a bit will still have the same chance to be corrupted, but since you have more bits to represent the same data, you lower the overall chance to lose this bit.
The problem is that most theoretical and pratical works on error correcting codes has been done almost exclusively on channel transmission (such as 4G, internet, etc.), but not on data storage, which is very different for one reason: whereas in a channel we are in a spatial scheme (both the sender and the receiver are different entities in space but working at the same timescale), in data storage this is a temporal scheme: the sender was you storing the data on your medium at time t, and the receiver is again you but now retrieving the data at time t+x. Thus, the sender does not exist anymore, thus you cannot ask the sender to send again some data if it's too much corrupted: in data storage, if a data is corrupted, it's lost for good, whereas in channel theory, parts of the data can be submitted again if necessary.
Some attempts were made to translate channel theory and error correcting codes theory to data storage, the first being Reed-Solomon which spawned the RAID schema. Then CIRC (Cross-interleaved Reed-Solomon coding) was devised for use on optical discs to recover from scratches, which was necessary for the technology to be usable for consumers. Since then, new less-optimal but a lot faster algorithms such as LDPC, turbo-codes and fountain codes such as RaptorQ were invented (or rediscovered), but they are still marginally researched for data storage.
This project aims to, first, implement easy tools to evaluate strategies (filetamper.py) and file fixity (ie, detect if there are corruptions), and then the goal is to provide an open and easy framework to use different kinds of error correction codes to protect and repair files.
Also, the ecc file specification is made to be simple and resilient to corruption, so that you can process it by your own means if you want to, without having to study for hours how the code works (contrary to PAR2 format).
In practice, both approaches are not exclusive, and the best is to combine them: protect the most precious data with error correction codes, then duplicate them as well as less sensitive data across multiple storage mediums. Hence, this suite of data protection tools, just like any other such suite, is not sufficient to guarantee your data is protected, you must have an active (but infrequent and hence not time consuming) data curation strategy that includes regularly checking your data and replacing copies that are damaged every few years.
For a primer on storage mediums and data protection strategies, see this post I wrote <https://web.archive.org/web/20220529125543/https://superuser.com/questions/374609/what-medium-should-be-used-for-long-term-high-volume-data-storage-archival/873260>_.
RAID is clearly insufficient for long-term data storage, and in fact it was primarily meant as a cheap way to get more storage (RAID0) or more availability (RAID1) of data, not for archiving data, even on a medium timescale:
this guide <https://github.com/lrq3000/lsi_sas_hba_crossflash_guide>__ for more infos about crossflashing SAS HBA firmwares.hard drives do implement ECC codes <https://superuser.com/a/1554342/157556>__
to be resilient against bad sectors (otherwise we would lose data
all the time!), but they only have limited corrective capacity,
mainly because the ECC code is short and not configurable.On the opposite, ECC can correct n-k disks (or files). You can configure n and k however you want, so that for example you can set k = n/2, which means that you can recover all your files from only half of them! (once they are encoded with an ecc file of course).
There also are new generation RAID solutions, mainly software based, such as SnapRAID or ZFS, which allow you to configure a virtual RAID with the value n-k that you want. This is just like an ecc file (but a bit less flexible, since it's not a file but a disk mapping, so that you can't just copy it around or upload it to a cloud backup hosting). In addition to recover (n-k) disks, they can also be configured to recover from partial, sectors failures inside the disk and not just the whole disk (for a more detailed explanation, see Plank, James S., Mario Blaum, and James L. Hafner. "SD codes: erasure codes designed for how storage systems really fail." FAST. 2013.).
The other reason RAID is not adapted to long-term storage, is that it supposes you store your data on hard-drives exclusively. Hard drives aren't a good storage medium for the long term, for two reasons:
| 1- they need a regular plug to keep the internal magnetic disks electrified (else the data will just fade away when there's no residual electricity). | 2- the reading instrument is directly included and merged with the data (this is the green electronic board you see from the outside, and the internal head). This is good for quick consumer use (don't need to buy another instrument: the HDD can just be plugged and it works), but it's very bad for long term storage, because the reading instrument is bound to fail, and a lot faster than the data can fade away: this means that even if your magnetic disks inside your HDD still holds your data, if the controller board or the head doesn't work anymore, your data is just lost. And a head (and a controller board) are almost impossible to replace, even by professionals, because the pieces are VERY hard to find (different for each HDD production line) and each HDD has some small physical defects, thus it's impossible to reproduce that too (because the head is so close to the magnetic disk that if you try to do that manually you'll probably fail).
In the end, it's a lot better to just separate the storage medium of data, with the reading instrument.
We will talk later about what storage mediums can be used instead.
The pyFileFixity suite currently include the following pure-python applications:
rfigc.py (subcommand: hash), a hash auditing tool, similar to md5deep/hashdeep, to
compute a database of your files along with their metadata, so that
later you can check if they were changed/corrupted.
header_ecc.py (subcommand: header), an error correction code using Reed-Solomon
generator/corrector for files headers. The idea is to supplement
other more common redundancy tools such as PAR2 (which is quite
reliable), by adding more resiliency only on the critical parts of
the files: their headers. Using this script, you can significantly
higher the chance of recovering headers, which will allow you to at
least open the files.
structural_adaptive_ecc.py (subcommand: whole), a variable error correction rate
encoder (kind of a generalization of header_ecc.py). This script
allows to generate an ecc file for the whole content of your files,
not just the header part, using a variable resilience rate: the
header part will be the most protected, then the rest of each file
will be progressively encoded with a smaller and smaller resilience
rate. The assumption is that important information is stored first,
and then data becomes less and less informative (and thus important,
because the end of the file describes less important details). This
assumption is very true for all compressed kinds of formats, such as
JPG, ZIP, Word, ODT, etc...
repair_ecc.py (subcommand: recovery), a script to repair the structure (ie, the entry and
fields markers/separators) of an ecc file generated by header_ecc.py
or structural_adaptive_ecc.py. The goal is to enhance the
resilience of ecc files against corruption by ensuring that their
structures can be repaired (up to a certain point which is very high
if you use an index backup file, which is a companion file that is
generated along an ecc file).
filetamper.py (subcommand: filetamper) is a quickly made file corrupter, it will erase or
change characters in the specified file. This is useful for testing
your various protecting strategies and file formats (eg: is PAR2
really resilient against corruption? Are zip archives still partially
extractable after corruption or are rar archives better? etc.). Do
not underestimate the usefulness of this tool, as you should always
check the resiliency of your file formats and of your file protection
strategies before relying on them.
replication_repair.py (subcommand: dup) takes advantage of your multiple copies
(replications) of your data over several storage mediums to recover
your data in case it gets corrupted. The goal is to take advantage of
the storage of your archived files into multiple locations: you will
necessarily make replications, so why not use them for repair?
Indeed, it's good practice to keep several identical copies of your data
on several storage mediums, but in case a corruption happens,
usually you will just drop the corrupted copies and keep the intacts ones.
However, if all copies are partially corrupted, you're stuck. This script
aims to take advantage of these multiple copies to recover your data,
without generating a prior ecc file. It works simply by reading through all
your different copies of your data, and it casts a majority vote over each
byte: the one that is the most often occuring will be kept. In engineering,
this is a very common strategy used for very reliable systems such as
space rockets, and is called "triple-modular redundancy", because you need
at least 3 copies of your data for the majority vote to work (but the more the
better).
resiliency_tester.py (subcommand: restest) allows you to test the robustness of the
corruption correction of the scripts provided here (or any other
command-line app). You just have to copy the files you want to test inside a
folder, and then the script will copy the files into a test tree, then it
will automatically corrupt the files randomly (you can change the parameters
like block burst and others), then it will run the file repair command-lines
you supply and finally some stats about the repairing power will be
generated. This allows you to easily and objectively compare different set
of parameters, or even different file repair solutions, on the very data
that matters to you, so that you can pick the best option for you.
ecc_speedtest.py (subcommand: speedtest) is a simple error correction codes
encoder/decoder speedtest. It allows to easily change parameters for the test.
This allows to assess how fast your machine can encode/decode with the selected
parameters, which can be especially useful to plan ahead for how many files you
can reasonably plan to protect with error correction codes (which are time consuming).
DEPRECATED: easy_profiler.py is just a quick and simple profiling tool to get you started quickly on what should be optimized to get more speed, if you want to contribute to the project feel free to propose a pull request! (Cython and other optimizations are welcome as long as they are cross-platform and that an alternative pure-python implementation is also available).
Note that all tools are primarily made for command-line usage (type
pff
IMPORTANT: it is CRITICAL that you use the same parameters for correcting mode as when you generated the database/ecc files (this is true for all scripts in this bundle). Of course, some options must be changed: -g must become -c to correct, and --update is a particular case. This works this way on purpose for mainly two reasons: first because it is very hard to autodetect the parameters from a database file alone and it would produce lots of false positives, and secondly (the primary reason) is that storing parameters inside the database file is highly unresilient against corruption (if this part of the database is tampered, the whole becomes unreadable, while if they are stored outside or in your own memory, the database file is always accessible). Thus, it is advised to write down the parameters you used to generate your database directly on the storage media you will store your database file on (eg: if it's an optical disk, write the parameters on the cover or directly on the disk using a marker), or better memorize them by heart. If you forget them, don't panic, the parameters are always stored as comments in the header of the generated ecc files, but you should try to store them outside of the ecc files anyway.
Pros:
Cons:
Note that the tools were meant for data archival (protect files that you won't modify anymore), not for system's files watching nor to protect all the files on your computer. To do this, you can use a filesystem that directly integrate error correction code capacity, such as ZFS.
Recursively generate or check the integrity of files by MD5 and SHA1 hashes, size, modification date or by data structure integrity (only for images).
This script is originally meant to be used for data archival, by
allowing an easy way to check for silent file corruption. Thus, this
script uses relative paths so that you can easily compute and check the
same redundant data copied on different mediums (hard drives, optical
discs, etc.). This script is not meant for system files corruption
notification, but is more meant to be used from times-to-times to check
up on your data archives integrity (if you need this kind of application,
see avpreserve's fixity <https://github.com/avpreserve/fixity>_).
Example usage
- To generate the database (only needed once):
``pff hash -i "your_folder" -d "dbhash.csv" -g``
- To check:
``pff hash -i "your_folder" -d "dbhash.csv" -l log.txt -s``
- To update your database by appending new files:
``pff hash -i "your_folder" -d "dbhash.csv" -u -a``
- To update your database by appending new files AND removing
inexistent files:
``pff hash -i "your_folder" -d "dbhash.csv" -u -a -r``
Note that by default, the script is by default in check mode, to avoid
wrong manipulations. It will also alert you if you generate over an
already existing database file.
Arguments::
-h, --help show a help message and exit
-i /path/to/root/folder, --input /path/to/root/folder
Path to the root folder from where the scanning will occ
ur.
-d /some/folder/databasefile.csv, --database /some/folder/databasefile.csv
Path to the csv file containing the hash informations.
-l /some/folder/filename.log, --log /some/folder/filename.log
Path to the log file. (Output will be piped to both the
stdout and the log file)
-s, --structure_check
Check images structures for corruption?
-e /some/folder/errorsfile.csv, --errors_file /some/folder/errorsfile.csv
Path to the error file, where errors at checking will be
stored in CSV for further processing by other softwares (such as file repair so
ftwares).
-m, --disable_modification_date_checking
Disable modification date checking.
--skip_missing Skip missing files when checking (useful if you split yo
ur files into several mediums, for example on optical discs with limited capacit
y).
-g, --generate Generate the database? (omit this parameter to check ins
tead of generating).
-f, --force Force overwriting the database file even if it already e
xists (if --generate).
-u, --update Update database (you must also specify --append or --rem
ove).
-a, --append Append new files (if --update).
-r, --remove Remove missing files (if --update).
--filescraping_recovery Given a folder of unorganized files, compare to the database and restore the filename and directory structure into the output folder.
-o, --output Path to the output folder where to output the files reorganized after --recover_from_filescraping.This script was made to be used in combination with other more common file redundancy generators (such as PAR2, I advise MultiPar). This is an additional layer of protection for your files: by using a higher resiliency rate on the headers of your files, you ensure that you will be probably able to open them in the future, avoiding the "critical spots", also called "fracture-critical" in redundancy engineering (where if you modify just one bit, your whole file may become unreadable, usually bits residing in the headers - in other words, a single blow makes the whole thing collapse, just like non-redundant bridges).
An interesting benefit of this approach is that it has a low storage (and computational) overhead that scales linearly to the number of files, whatever their size is: for example, if we have a set of 40k files for a total size of 60 GB, with a resiliency_rate of 30% and header_size of 1KB (we limit to the first 1K bytes/characters = our file header), then, without counting the hash per block and other meta-data, the final ECC file will be about 2 * resiliency_rate * number_of_files * header_size = 24.5 MB. This size can be lower if there are many files smaller than 1KB. This is a pretty low storage overhead to backup the headers of such a big number of files.
The script is pure-python as are its dependencies: it is thus completely
cross-platform and open source. The default ecc algo
(eccalgo=3 uses reedsolo <https://github.com/tomerfiliba-org/reedsolomon>)
also provides a speed-optimized C-compiled implementation (creedsolo) that will be used
if available for the user's platform, so pyFileFixity should be fast by default.
Alternatively, it's possible to use a JIT compiler such as PyPy,
although this means that creedsolo will not be useable, so PyPy
may accelerate other functions but slower ecc encoding/decoding.
This script implements a variable error correction rate encoder: each file is ecc encoded using a variable resiliency rate -- using a high constant resiliency rate for the header part (resiliency rate stage 1, high), then a variable resiliency rate is applied to the rest of the file's content, with a higher rate near the beginning of the file (resiliency rate stage 2, medium) which progressively decreases until the end of file (resiliency rate stage 3, the lowest).
The idea is that the critical parts of files usually are placed at the top, and data becomes less and less critical along the file. What is meant by critical is both the critical spots (eg: if you tamper only one character of a file's header you have good chances of losing your entire file, ie, you cannot even open it) and critically encoded information (eg: archive formats usually encode compressed symbols as they go along the file, which means that the first occurrence is encoded, and then the archive simply writes a reference to the symbol. Thus, the first occurrence is encoded at the top, and subsequent encoding of this same data pattern will just be one symbol, and thus it matters less as long as the original symbol is correctly encoded and its information preserved, we can always try to restore the reference symbols later). Moreover, really redundant data will be placed at the top because they can be reused a lot, while data that cannot be too much compressed will be placed later, and thus, corruption of this less compressed data is a lot less critical because only a few characters will be changed in the uncompressed file (since the data is less compressed, a character change on the not-so-much compressed data won't have very significant impact on the uncompressed data).
This variable error correction rate should allow to protect more the critical parts of a file (the header and the beginning of a file, for example in compressed file formats such as zip or jpg this is where the most importantly strings are encoded) for the same amount of storage as a standard constant error correction rate.
Of course, you can set the resiliency rate for each stage to the values you want, so that you can even do the opposite: setting a higher resiliency rate for stage 3 than stage 2 will produce an ecc that is greater towards the end of the contents of your files.
Furthermore, the currently designed format of the ecc file would allow two things that are not available in all current file ecc generators such as PAR2:
it allows to partially repair a file, even if not all the blocks can be corrected (in PAR2, a file is repaired only if all blocks can be repaired, which is a shame because there are still other blocks that could be repaired and thus produce a less corrupted file) ;
the ecc file format is quite simple and readable, easy to process by any script, which would allow other softwares to also work on it (and it was also done in this way to be more resilient against error corruptions, so that even if an entry is corrupted, other entries are independent and can maybe be used, thus the ecc is very error tolerant. This idea was implemented in repair_ecc.py but it could be extended, especially if you know the pattern of the corruption).
The script structural-adaptive-ecc.py implements this idea, which can be seen as an extension of header-ecc.py (and in fact the idea was the other way around: structural-adaptive-ecc.py was conceived first but was too complicated, then header-ecc.py was implemented as a working lessened implementation only for headers, and then structural-adaptive-ecc.py was finished using header-ecc.py code progress). It works, it was a quite well tested for my own needs on datasets of hundred of GB, but it's not foolproof so make sure you test the script by yourself to see if it's robust enough for your needs (any feedback about this would be greatly appreciated!).
You can specify different ecc algorithms using the --ecc_algo switch.
For the moment, only Reed-Solomon is implemented, but it's universal so you can modify its parameters in lib/eccman.py.
Two Reed-Solomon codecs are available, they are functionally equivalent and thoroughly unit tested.
--ecc_algo 1: use the first Reed-Solomon codec in galois field 2^8 of root 3 with fcr=1.
This is the slowest implementation (but also the most easy code to understand).--ecc_algo 2: same as algo 1 but with a faster functions.--ecc_algo 3: use the second codec, which is the fastest.
The generated ECC will be compatible with algo 1 and 2.--ecc_algo 4: also use the second, fastest RS codec, but
with different parameters (US FAA ADSB UAT RS FEC norm),
thus the generated ECC won't be compatible with algo 1 to 3.
But do not be scared, the ECC will work just the same.Note about speed: Also, use a smaller --max_block_size to greatly speedup the operations! That's the trick used to compute very quickly RS ECC on optical discs. You give up a bit of resiliency of course (because blocks are smaller, thus you protect a smaller number of characters per ECC. In the end, this should not change much about real resiliency, but in case you get a big bit error burst on a contiguous block, you may lose a whole block at once. That's why using RS255 is better, but it's very time consuming. However, the resiliency ratios still hold, so for any other case of bit-flipping with average-sized bursts, this should not be a problem as long as the size of the bursts is smaller than an ecc block.)
TODO: write more here
In case of a catastrophic event of your data due to the failure of your storage media (eg: your hard drive crashed), then follow the following steps:
1- use dd_rescue to make a full bit-per-bit verbatim copy of your drive before it dies. The nice thing with dd_rescue is that the copy is exact, and also that it can retries or skip in case of bad sectors (it won't crash on your suddenly at half the process).
2- Use testdisk to restore partition or to copy files based on partition filesystem informations.
3- If you could not recover your files, you can try file scraping using
photorec <http://www.cgsecurity.org/wiki/PhotoRec> or
plaso <http://plaso.kiddaland.net/> other similar tools as
a last resort to extract data based only from files content (no filename,
often uncorrect filetype, file boundaries may be wrong so some data
may be cut off, etc.).
4- If you used pyFileFixity before the failure of your storage media, you can then use your pre-computed databases to check that files are intact (rfigc.py) and if they aren't, you can recover them (using header_ecc.py and structural_adaptive_ecc.py). It can also help if you recovered your files via data scraping, because your files will be totally unorganized, but you can use a previously generated database file to recover the full names and directory tree structure using rfigc.py --filescraping_recover.
Also, you can try to fix some of your files using specialized repairing tools (but remember that such tool cannot guarantee you the same recovering capacity as an error correction code - and in addition, error correction code can tell you when it has recovered successfully). For example:
fixtar <https://github.com/BestSolution-at/fixtar>.
Similar tools (but older): tarfix <http://www.dmst.aueb.gr/dds/sw/unix/tarfix/>
and tar-repair <https://www.datanumen.com/tar-repair/>_.Carpenter <https://pypi.python.org/pypi/Carpenter/>_.ddrescue-ffile <https://github.com/Salamek/ddrescue-ffile>_One main current limitation of pyFileFixity is that it cannot protect the directory tree meta-data. This means that in the worst case, if a silent error happens on the inode pointing to the root directory that you protected with an ecc, the whole directory will vanish, and all the files inside too. In less worst cases, sub-directories can vanish, but it's still pretty bad, and since the ecc file doesn't store any information about inodes, you can't recover the full path.
The inability to store these meta-data is because of two choices in the design:
portability: we want the ecc file to work even if we move the root directory to another place or another storage medium (and of course, the inode would change),
cross-platform compatibility: there's no way to get and store directory meta-data for all platforms, but of course we could implement specific instructions for each main platform, so this point is not really a problem.
To workaround this issue (directory meta-data are critical spots), other
softwares use a one-time storage medium (ie, writing your data along
with generating and writing the ecc). This way, they can access at
the bit level the inode info, and they are guaranted that the inodes
won't ever change. This is the approach taken by DVDisaster: by using
optical mediums, it can compute inodes that will be permanent, and thus
also encode that info in the ecc file. Another approach is to create a
virtual filesystem specifically to store just your files, so that you
manage the inode yourself, and you can then copy the whole filesystem
around (which is really just a file, just like a zip file - which can
also be considered as a mini virtual file system in fact) like
rsbep <http://users.softlab.ntua.gr/~ttsiod/rsbep.html>_.
Here the portability principle of pyFileFixity prevents this approach. But you can mimic this workaround on your hard drive for pyFileFixity to work: you just need to package all your files into one file. This way, you sort of create a virtual file system: inside the archive, files and directories have meta-data just like in a filesystem, but from the outside it's just one file, composed of bytes that we can just encode to generate an ecc file - in other words, we removed the inodes portability problem, since this meta-data is stored relatively inside the archive, the archive manage it, and we can just encode this info like any other stream of data! The usual way to make an archive from several files is to use TAR, but this will generate a solid archive which will prevent partial recovery. An alternative is to use DAR, which is a non-solid archive version of TAR, with lots of other features too. If you also want to compress, you can just use ZIP (with DEFLATE algorithm) your files (this also generates a non-solid archive). You can then use pyFileFixity to generate an ecc file on your DAR or ZIP archive, which will then protect both your files just like before and the directories meta-data too now.
Since hard drives have a relatively short timespan (5-10 years, often less) and require regular plugging to an electrical outlet to keep the magnetic plates from decaying, other solutions are more advisable.
The medium I used to advise was optical disks (whether it's BluRay, DVD - not CDs!),
because the reading instrument is distinct from the storage medium, and
the technology (laser reflecting on bumps and/or pits) is kind of universal,
so that even if the technology is lost one day (deprecated by newer technologies,
so that you can't find the reading instrument anymore because it's not sold anymore),
you can probably emulate a laser using some software to read your optical disk,
just like what the CAMiLEON project did to recover data from the
LaserDiscs of the BBC Domesday Project (see Wikipedia). BluRays have an estimated
lifespan of 20-50 years depending on if they are "gold archival grade", whereas
DVD should live up from 10-30 years. CDs are only required to live a minimum of 1 year
up to 10 years max, hence are not fit for archival. Archival optimized optical discs
such as M-Discs boast about being able to live up to 100 years, but there is no
independent scientific backing of these claims currently. For more details, you can read
a longer explanation I wrote with references on
StackOverflow <https://web.archive.org/web/20230424112000/https://superuser.com/questions/374609/what-medium-should-be-used-for-long-term-high-volume-data-storage-archival/873260>__.
However, limitations of optical discs include their limited storage space, low transfer speed, and limited rewriteability.
A more convenient solution is to use magnetic tape, especially with an open standard
such as Linear Tape Open (LTO) <https://en.wikipedia.org/wiki/Linear_Tape-Open>__,
which ensures interoperability between manufacturers
and hence also reduces cost because of competition. LTO works as a two components
system: the tape drive, and the cartridges (with the magnetic bands). There
are lots of versions of LTO, each generation improving on the previous one.
LTO cartridges have a shorter lifespan than optical discs, being 15-30 years on average,
but they are much more convenient to use:
inexpensive and readily available <https://www.quora.com/I-have-an-old-LTO-tape-Can-I-recover-its-data-and-save-it-into-a-hard-drive>,
whereas recovering the magnetic signal from failed hard drives costs
thousands of euros/dollars <https://www.quora.com/Is-there-any-way-of-recovering-data-from-dead-hard-disk>.
LTO tapes are also fully compatible with DAR archives, improving chances of recovery with error correction codes
and non-solid archives that can be partially recovered.Sounds perfect, right? Well, nothing is, LTO also has several disadvantages:
Given all the above characteristics, LTO>=5 appears to be the best practical solution for long term archival, if coupled with an active (but infrequent) curation process.
There is however one exception: if you need to cold store the medium in a non temperate environment (outside of 10-40°C), then using optical discs may be more resilient, although LTO cartridges should also be able to sustain a wider range of temperature but you need to wait while they "warm up" in the environment where the reader is before reading, so that the magnetic elements have time to stabilize at normal temperature.
To get started with LTO tape drives and which one to choose and how to make your own
rig, Matthew Millman made an excellent tutorial <https://www.mattmillman.com/attaching-lto-tape-drives-via-usb-or-thunderbolt/>__
on which we build upon below, so you should read this tutorial and then read the instructions below.
The process is as follows: first find a second-hand/refurbished LTO drive with the highest revision you can for your budget, then find a server of a similar generation, or make an eGPU + SAS card of the highest speed the tape drive can support. Generally, you can aim for a LTO drive 3-4 generations older than the latest one (eg, if current is LTO9, you can expect cheap - 150-300 dollars per drive) for a LTO5 or LTO6). Aim only for LTO5+, because only LTFS did not exist before LTO5, but keep in mind some LTO5 drives need a firmware update to support LTFS, whereas all LTO6 drives support out of the box.
Once you find a second-hand LTO drive, consult its user manual beforehand to see
what SAS or fibre cable (FC) you need (if SAS, any version should work, even greater versions, but older
versions will just limit the read/write speed performance). For example, here is the manual for the
HP LTO6 drive <https://docs.oracle.com/cd/E38452_01/en/LTO6_Vol1_E1_D7/LTO6_Vol1_E1_D7.pdf>__.
All LTO drives are compatible with all computers provided you have the adequate connectivity (a SAS or FC adapter).
Once you have a LTO drive, then you can look for a computer to plug your LTO to. Essentially, you just need a computer that supports SAS. If not, then at least a free PCIe or mini-PCIe slot to be able to connect a SAS adapter.
The general outline is that you just need to have a computer with a PCIe slot, and get a SAS or FC adapter (depending on whether your LTO drive is SAS or FC) so that you can plug your LTO drive. There is currently no SAS to USB adapter, and only one manufacturer makes LTO drives with USB ports but they are super expensive, so just stick with internal SAS or FC drives (usually you want SAS, FC are better for long range connections, whereas SAS is compatible with SATA and SCSI drives, so you can also plug all your other hard drives plus the LTO tape drive on the same SAS adapter with this protocol).
In practice, there are 2 different available cost-effective approaches:
If you have an external tape drive, then the best is to get a (second-hand) eGPU casing, and a PCIe SAS adapter, that you will plug in the eGPU casing instead of a GPU card. The eGPU casing should support Thunderbolt so this is how you will connect to the SAS and hence to your tape drive: you connect your laptop to the eGPU casing, and the eGPU casing to the external tape drive via the SAS adapter in the eGPU casing. This usually costs about 150-200 euros/dollars as of 2023.
EXP GDC <https://wiki.geekworm.com/GDC>__ produces, which essentially replaces the eGPU casing. The disadvantage is that your PCIe SAS adapter will be exposed, but this can be more cost effective (especially in second hand, you can get them at 20-40 euros/dollars instead of 120-150 euros/dollars brand new). But remember you also need to buy a power supply unit!If you got an internal tape drive, which are usually cheaper than external ones, then the approach is different: instead of configuring a sort of SAS-to-Thunderbolt bridge, here you get a standalone computer with either a motherboard that natively supports SAS (which is usually the case of computers meant to be servers), or at least a motherboard with a PCIe slot to buy separately a PCIe SAS adapter, and you plug your internal drive inside. So you will not be able to connect your laptop directly to the tape drive, you will have to pilot the server (which is just a standard desktop computer). Given these requirements, you can either make such a server yourself, but then keep in mind you have to build the whole computer, with a motherboard, a power supply, RAM, CPU, network, etc. Or, the easiest and usually cheapest route, is to just buy an old server with SAS hard drives second-hand (and every other components already in it), of a similar or later generation than your tape drive. Indeed, if the server has SAS hard drives, then it means you can connect your SAS tape drive too, no need for an adapter! Usually you can get them for cheap, for example if you get a 3-4 previous gen tape drive (eg, LTO-6 when current is LTO-9), then you can easily get a server computer of a similar generation for 100-250 euros/dollars, and everything is ready for you. Just make sure not to get a rack/blade computer, get one in tower form, easier to manipulate. Search on second hand websites: "server sas", then check that the SAS speed is on par with what your tape drive can accept, but if lower or higher, no biggie, it will just be slower, but it should work nevertheless. May also have to buy the right connectors but not an issue, just check the manual of your tape drive. Note: avoid HP Enterprise (HPE) servers, as there is a suspicion of programmed obsolescence in the Smart Array's Smart Storage Battery <https://www.youtube.com/watch?v=6jxdGXA0RYk>__.
The consumables, the tapes, can also be easily found second-hand and usually are very cheap, eg, LTO6 tapes are sold at 10-20 euros/dollars one, for a storage space of 3TB to 6.25TB per tape.
With both approaches, expect at the cheapest a total cost of about 500 euros/dollars for the tape drive and attachment system (eGPU casing or dedicated server) as of 2023, which is very good and amortizable very fast with just a few tapes, even compared to the cheapest hard drives!
If you are just starting with professional servers setups, the YouTube channel Art of Server <https://www.youtube.com/channel/UCKHE9DEep52XlmwLbZUKvyw> is highly recommended, providing very helpful tutorials such as the 13 Reasons Why your drives are not showing up in your LSI HBA <https://www.youtube.com/watch?v=1dCd6IepB5s>. To identify SAS cables and connectors, see this guide <https://www.tape-drive-repair.com/sas-connector-guide/>__
Note there is a ltfs software package available on FreeBSD, and it may be better to flash the SAS HBA controller firmware to the latest version and to IT mode to allow the OS to more easily manage the drive, see this guide <https://github.com/lrq3000/lsi_sas_hba_crossflash_guide>__ for more info on how to crossflash HBA firmwares. Flashing a recent firmware may also be necessary if drives bigger than 2TB are not detected. Indeed, SAS drives are usually inexpensive on the 2nd hand market, and they are easily swappable using servers racks, so they can also be a nice additional online backup method (and you can even make a simple home cloud that autobackups your phone's data using Syncthing for example, and sync multiple backup copies using Freefilesync).
Here is an example curation strategy, which is accessible to individuals and not just big data centers:
Get a LTO>=5 drive. Essentially, the idea with LTO is that you can just dump a copy of your whole hard drives, since the cartridges are big and inexpensive. And you can regularly reformat and overwrite the previous copy with a newer one. Store some LTO cartridges out of side to be robust against fires.
If you want additional protection, especially by adding error-correction codes,
DAR can be used to compress the data with PAR2 and is
compatible <https://superuser.com/questions/963246/how-to-read-an-dar-archive-via-lto-6-tape>__
with LTO. Alternatively, pyFileFixity can also be used to generate ECC codes, that can
either be stored on the same cartridge alongside the files or on a separate cartridge depending
on your threat model.
Two kinds of archival plans are possible:
either only use LTO cartridges, then try to use cartridges of different brands (to avoid them failing at the same time - cartridges produced by the same industrial line will tend to include the same defects and similar lifespan) and store your data on at least 3 different copies/cartridges, per the redundancy principle (ie, "either bring one compass or three, but never two, because you will never know which one is correct").
either use LTO cartridges as ONE archival medium, and use other kinds of storage for the additional 2 copies you need: one can be an external hard drive, and the last one a cloud backup solution such as SpiderOak. The advantage of this solution is that it is more convenient: use your external hard drive to frequently backup, then also use your cloud backup to auto backup your most critical data online (off-site), and finally from time to time update your last copy on a LTO cartridge by mirroring your external hard drive.
Curation strategy is then the same for all plans:
Every 5 years, the "small checkup": check your 3 copies, either by scanning sectors or by your own
precomputed hashes (pyFileFixity's hash command).
If there is an error, assume the whole medium is dead and needs to be replaced
and your data needs to be recovered: first using your error correction codes if you have,
and then using pyFileFixity dup command to use a majority vote to reconstruct one valid copy out of the 3 copies.
Every 10 years, the "big checkup": even if the mediums did not fail, replace them by newer ones: mirror the old hard drive to a new one, the old LTO cartridge to a new one (it can be on a newer LTO version, so that you keep pace with the technology), etc.
With the above strategy, you should be able to preserve your data for as long as you can actively curate it. In case you want more robustness against accidents or the risk that 2 copies get corrupted under 5 years, then you can make more copies, preferably as LTO cartridges, but it can be other hard drives.
For more information on how to cold store LTO drives, read pp32-33 "Caring for Cartridges" instruction of this
user manual <https://docs.oracle.com/cd/E38452_01/en/LTO6_Vol1_E1_D7/LTO6_Vol1_E1_D7.pdf>. For HP LTO6 drives,
Matthew Millman made an open-source commandline tool to do advanced LTO manipulations on Windows:
ltfscmd <https://github.com/inaxeon/ltfscmd>.
In case you cannot afford a LTO drive, you can replace these by external hard drives, as they are less expensive to start with, but then your curation strategy should be done more frequently (ie, every 2-3 years a small checkup, and every 5 years, a big checkup).
Here are some tools with a similar philosophy to pyFileFixity, which you can use if they better fit your needs, either as a replacement of pyFileFixity or as a complement (pyFileFixity can always be used to generate an ecc file):
DAR (Disk ARchive) <http://dar.linux.free.fr/>__: similar to tar
but non-solid thus allows for partial recovery and per-file access,
plus it saves the directory tree meta-data -- see catalog isolation
-- plus it can handle error correction natively using PAR2 and
encryption. Also supports incremental backup, thus it's a very nice
versatile tool. Crossplatform and opensource. Compatible with
Linear Tape Open (LTO) <https://en.wikipedia.org/wiki/Linear_Tape-Open>
magnetic bands storage (see instructions
here <https://superuser.com/questions/963246/how-to-read-an-dar-archive-via-lto-6-tape>)DVDisaster <https://github.com/speed47/dvdisaster>__: error correction at the bit
level for optical mediums (CD, DVD and BD / BluRay Discs). Very good,
it also protects directory tree meta-data and is resilient to
corruption (v2 still has some critical spots but v3 won't have any).
The big advantage is that not only does it do burst errors protection,
it also interleaves the error correction codes, so that it increases
resilience against scratches (ie, numerically equivalent to lots of consecutive errors).rsbep modification by Thanassis Tsiodras <http://users.softlab.ntua.gr/~ttsiod/rsbep.html>__:
enhanced rsbep to avoid critical spots and faster speed. Also
includes a "freeze" script to encode your files into a virtual
filesystem (using Python/FUSE) so that even meta-data such as
directory tree are fully protected by the ecc. Great script, but not
maintained, it needs some intensive testing by someone knowledgeable
to guarantee this script is reliable enough for production.fast implementation with enhanced compression is available in pure Go <https://github.com/klauspost/compress>__
(good for long storage).SnapRAID <http://snapraid.sourceforge.net/>__par2ools <https://github.com/jmoiron/par2ools>__: a set of
additional tools to manage par2 archivesCheckm <https://pypi.python.org/pypi/Checkm/0.4>__: a tool similar
to rfigc.pyBagIt <https://en.wikipedia.org/wiki/BagIt> with two python
implementations here <https://pypi.python.org/pypi/pybagit/> and
here <https://pypi.python.org/pypi/bagit/>__: this is a file
packaging format for sharing and storing archives for long term
preservation, it just formalizes a few common procedures and meta
data that are usually added to files for long term archival (such as
MD5 digest).RSArmor <https://github.com/jap/rsarm>__ a tool based on
Reed-Solomon to encode binary data files into hexadecimal, so that
you can print the characters on paper. May be interesting for small
datasets (below 100 MB).Ent <https://github.com/lsauer/entropy>__ a tool to analyze the
entropy of your files. Can be very interesting to optimize the error
correction algorithm, or your compression tools.HashFS <https://pypi.python.org/pypi/hashfs/>_ is a non-redundant,
duplication free filesystem, in Python. Data deduplication is very
important for large scale long term storage: since you want your data
to be redundant, this means you will use an additional storage space
for your redundant copies that will be proportional to your original data.
Having duplicated data will consume more storage and more processing
time, for no benefit. That's why it's a good idea to deduplicate your data
prior to create redundant copies: this will be faster and save you money.
Deduplication can either be done manually (by using duplicates removers)
or systematically and automatically using specific filesystems such as
zfs (with deduplication enabled) or hashfs.Paper key <http://en.wikipedia.org/wiki/Paper_key>,
Paperbak <http://www.ollydbg.de/Paperbak/index.html>,
Optar <http://ronja.twibright.com/optar/>,
dpaper <https://github.com/penma/dpaper>,
QR Backup <http://blog.liw.fi/posts/qr-backup/>,
QR Backup (another) <http://blog.shuningbian.net/2009/10/qrbackup.php>,
QR Backup (again another) <http://git.pictorii.com/index.php?p=qrbackup.git&a=summary>,
QR Backup (again) <http://hansmi.ch/software/qrbackup>,
and finally a related paper <http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.303.3101&rep=rep1&type=pdf>_.fixity <https://github.com/avpreserve/fixity>
to monitor for file changes (similarly to rfigc, but actively as a daemon)
and interstitial <https://github.com/avpreserve/interstitial> to detect
interstitial errors in audio digitization workflows (great to ensure you
correctly digitized a whole audio file into WAV without any error).DataLad <https://www.datalad.org/> or git-annex <https://git-annex.branchable.com/>
to index datasets of big files, or to collaboratively make such datasets.As a rule of thumb, you should ALWAYS keep your ecc file in clear text, so under no compression nor encryption. This is because in case the ecc file gets corrupted, if compressed/encrypted, the decompression/decrypting of the corrupted parts may completely flaw the whole structure of the ecc file.
Your data files, that you want to protect, should remain in clear text, but you may choose to compress them if it drastically reduces the size of your files, and if you raise the resilience rate of your ecc file (so compression may be a good option if you have an opportunity to trade the file size reduction for more ecc file resilience). Also, make sure to choose a non-solid compression algorithm like DEFLATE (zip) so that you can still decode correct parts even if some are corrupted (else with a solid archive, if one byte is corrupted, the whole archive may become unreadable).
However, in the case that you compress your files, you should generate the ecc file only after compression, so that the ecc file applies to the compressed archive instead of the uncompressed files, else you risk being unable to correct your files because the uncompression of corrupted parts may output gibberish, and length extended corrupted parts (and if the size is different, Reed-Solomon will just freak out).
NEVER encrypt your ecc file, this is totally useless and counterproductive.
You can encrypt your data files, but choose a non-solid algorithm (like AES if I'm not mistaken) so that corrupted parts do not prevent the decoding of subsequent correct parts. Of course, you're lowering a bit your chances of recovering your data files by encrypting them (the best chance to keep data for the long term is to keep them in clear text), but if it's really necessary, using a non-solid encrypting scheme is a good compromise.
You can generate an ecc file on your encrypted data files, thus after encryption, and keep the ecc file in clear text (never encrypt nor compress it). This is not a security risk at all since the ecc file does not give any information on the content inside your encrypted files, but rather just redundant info to correct corrupted bytes (however if you generate the ecc file on the data files before encryption, then it's clearly a security risk, and someone could recover your data without your permission).
The details are long and a bit complicated (I may write a complete article about it in the future), but the tl;dr answer is that you should use optical disks, because it decouples the storage medium and the reading hardware (eg, at the opposite we have hard drives, which contains both the reading hardware and the storage medium, so if one fails, you lose both) and because it's most likely future-proof (you only need a laser, which is universal, the laser's parameters can always be tweaked).
From scientific studies, it seems that, at the time of writing this (2015), BluRay HTL disks are the most resilient against environmental degradation. To raise the duration, you can also put optical disks in completely opaque boxes (to avoid light degradation) and in addition you can put any storage medium (not only optical disks, but also hard drives and anything really) in completely air-tight and water-tight bags or box and put in a fridge or a freezer. This is a law of nature: lower the temperature, lower will be the entropy, in other words lower will be the degradation over time. It works the same with digital data.
It's difficult to advise a specific format. What we can do is advise the characteristics of a good file format:
There are a few studies about the most resilient file formats, such as:
"Just one bit in a million: On the effects of data corruption in files" by Volker Heydegger <http://lekythos.library.ucy.ac.cy/bitstream/handle/10797/13919/ECDL038.pdf?sequence=1>_."Analysing the impact of file formats on data integrity" by Volker Heydegger <http://old.hki.uni-koeln.de/people/herrmann/forschung/heydegger_archiving2008_40.pdf>_."A guide to formats", by The UK national archives <http://www.nationalarchives.gov.uk/documents/information-management/guide-to-formats.pdf>_ (you want to look at the Recoverability entry in each table).If you have any question about Reed-Solomon codes, the best place to ask is probably here (with the incredible Dilip Sarwate): http://www.dsprelated.com/groups/comp.dsp/1.php?searchfor=reed%20solomon
Also, you may want to read the following resources:
Reed-Solomon codes for coders <https://en.wikiversity.org/wiki/Reed%E2%80%93Solomon_codes_for_coders>_", free practical beginner's tutorial with Python code examples on WikiVersity. Partially written by one of the authors of the present software.Readable online on Google Books <https://books.google.fr/books?id=eQs2i-R9-oYC&lpg=PR11&ots=atCPQJm3OJ&dq=%22Algebraic%20codes%20for%20data%20transmission%22%2C%20Blahut%2C%20Richard%20E.%2C%202003%2C%20Cambridge%20university%20press.&lr&hl=fr&pg=PA193#v=onepage&q=%22Algebraic%20codes%20for%20data%20transmission%22,%20Blahut,%20Richard%20E.,%202003,%20Cambridge%20university%20press.&f=false>_... |Example| image:: https://raw.githubusercontent.com/lrq3000/pyFileFixity/master/tux-example.jpg :scale: 60 % :alt: Image corruption and repair example .. |PyPI-Status| image:: https://img.shields.io/pypi/v/pyfilefixity.svg :target: https://pypi.org/project/pyfilefixity .. |PyPI-Versions| image:: https://img.shields.io/pypi/pyversions/pyfilefixity.svg?logo=python&logoColor=white :target: https://pypi.org/project/pyfilefixity .. |PyPI-Downloads| image:: https://img.shields.io/pypi/dm/pyfilefixity.svg?label=pypi%20downloads&logo=python&logoColor=white :target: https://pypi.org/project/pyfilefixity .. |Build-Status| image:: https://github.com/lrq3000/pyFileFixity/actions/workflows/ci-build.yml/badge.svg?event=push :target: https://github.com/lrq3000/pyFileFixity/actions/workflows/ci-build.yml .. |Coverage| image:: https://codecov.io/github/lrq3000/pyFileFixity/coverage.svg?branch=master :target: https://codecov.io/github/lrq3000/pyFileFixity?branch=master .. |LICENCE| image:: https://img.shields.io/pypi/l/pyfilefixity.svg :target: https://raw.githubusercontent.com/lrq3000/pyfilefixity/master/LICENCE