CMR vs SMR

I'm building a new server. When I built Trump, I put 2 2TB drives into a Storage Spaces RAID-1 configuration.

That has worked well so I wanted to do the same in the new server.

But it got complicated.

When I started looking at 4TB drives for RAID configurations, I noticed terms that I didn't recognize in the specifications: CMR and SMR.

Then I read the reviews. I got confused. Nobody seemed to like SMR drives. What were CMR and SMR? How were they different?

Conventional Magnetic Recording (CMR) drives write data on a hard disk in tracks that do not overlap. Shingled Magnetic Recording (SMR) allows tracks to overlap, which results in higher data densities, but slower read and write times compared to CMR drives.

Huh?

Just to add to the confusion, CMR is also known as Perpendicular Magnetic Recording (PMR).

This illustration begins to explain it.

The SMR technology increases the density thereby reducing the number of platters needed for a given capacity. Less platters means less cost so you know which way the industry is going.

But the SMR recording technique is accomplished by overlapping the data from one track with the adjacent tracks. Reading one track back is OK but writing one track requires rewriting the adjacent tracks at the same time.

Think about that. To write a track, the drive has to cache the new data. Then it has to read the tracks adjacent to the track needing to be written and cache that data. Then it has to merge the old data with the new data before rewriting all the tracks.

Obviously this makes writes much slower than CMR drives with discrete tracks.

For "normal" usage, these slower writes aren't much of an issue. But in a RAID configuration, they really slow down the throughput.

So how do you know whether a given drive uses CMR or SMR?

Here's Seagate's status (archive.org). Here's Western Digital's status (archive.org). Here's Toshiba's status (archive.org).

It's not easy.

Strengthening Security

Windows Weekly is one of my favorite podcasts. Recently it has added a new co-host of Richard Campbell. He also has his own podcast at RunAsRadio. Of course, I added that to my podcast list.

Jess Dodson was a recent guest on the RunAsRadio podcast.

Here's the synopsis of the podcast:

How do you improve the security of your organization? Richard talks to Jess Dodson about the current security environment we're living in and what you can do to improve your security posture. Jess talks about how breaches happen and what you can do to detect them early before things get worse. The conversation dives into getting more resources - in most cases, improving security means having the time to work on preventative measures, like implementing multi-factor authentication, security information and event management, and setting up Just Enough Administration. And you need the time to review the activities in your network to let you stop a breach before it turns into something worse!

It's well worth your 40-odd minutes.

But Jess had a couple of points that I want to emphasize.

At 21:34 she says:

You've not backed up if you haven't tested your restore.

I hope I'm preaching to the choir on that one. Here's an earlier post of mine.

And then at 33:15 she says:

[Limit] the blast radius of what they have access to do is as restricted as I can make it without limiting business.

I think that is an excellent way to explain to management the objective.

Windows 11 Upgrade Issues

My "Trump" PC server is getting long in the tooth. It won't run Windows 11 so I set out to replace it sometime down the road.

I clearly wanted the new PC to run Windows 11 so I carefully selected a tower system that supported that. In a future post, I'll detail what all I've done.

But when I began to run through Windows Update on the new system, it consistently told me that it wasn't capable of running Windows 11. I ran "msinfo" (archive.org) and it showed that all the requirements were met. Then I ran "PC Health Check" (archive.org) and it too said that Windows 11 was supported.

So I Googled "windows update says no windows 11 but pc health check says yes" and BINGO!

I'll cover the solution later but first look at that page (archive.org). It was created 16 months ago. 421 users had said "I have the same question" AND Microsoft has locked that topic to stop new posts.

tl;dr - Ignore Windows Update. Use the Installation Assistant (archive.org) to download Windows 11.

You would think that Microsoft would fix that in a year.

But my story doesn't end there.

I ran the Installation Assistant and it churned away. Then I got this screen.

Back to Google "We couldn't update the system reserved partition." and BINGO!

I'll cover the solution later but first look at that page (archive.org). It was created almost 2 years ago. 299 users had said "I have the same question" AND Microsoft has locked that topic to stop new posts.

And worse, the problem isn't new. That page links to a Windows 10 installation page (archive.org).

Unfortunately, there is not a tl;dr solution.

Microsoft warns:

Caution: these steps are complicated, and carry some risk. This is best done by advanced users with experience using the command line. If you make an error in entering these commands, you could put your device in a no-boot situation, and possibly lose data you have stored on the device.

Here's the solution:

1. Search for cmd. Press-and-hold or right-click on Command Prompt in the results, and select Run as administrator.
2. At the command prompt, type mountvol y: /s and then hit Enter. This will add the Y: drive letter to access the System Partition.
3. Switch to the Y drive by typing Y: and press Enter. Then, navigate to the Fonts folder by typing cd EFI\Microsoft\Boot\Fonts. Once there, type del *.* to delete font files. The system may ask you if you are sure to continue, press Y and then Enter to continue.

The solution worked and Windows 11 installed with no more problems.

C'mon Microsoft. You can make this simpler than this.

You Need a Side Channel

Here we Microsoft go again! There's a list of Microsoft availability problems here. Don't think I'm all doom and gloom on Microsoft. It's just that even HUGE organizations struggle with subtleties.

Microsoft's latest incident affected Azure, Teams, and Outlook for hours.

Microsoft recently released their postmortem. I applaud Microsoft for publishing this. Could your company have done such a thorough job so quickly?

As part of a planned change to update the IP address on a WAN router, a command given to the router caused it to send messages to all other routers in the WAN, which resulted in all of them recomputing their adjacency and forwarding tables. During this re-computation process, the routers were unable to correctly forward packets traversing them.

Maybe your network isn't so large that this "re-computation process" wouldn't saturate your network equipment.

Regardless there is a learning here.

Due to the WAN impact, our automated systems for maintaining the health of the WAN were paused, including the systems for identifying and removing unhealthy devices, and the traffic engineering system for optimizing the flow of data across the network.

Their network management system, including device security,  ran ACROSS their network. So when the network was impacted their network management system was ineffective. Basically, Microsoft had to watch and wait for the network to settle down.

A side channel network management solution would have mitigated that. And introduced a myriad of other problems, principally security.

Tough choices.

Password Strength Testing Tool

You've probably been following the LastPass saga. An emerging alternative is Bitwarden.

Recently Bitwarden has published a Password Strength Testing Tool here.

It's worth running your passwords through it. My day-to-day algorithm generated a rating of "Good" and an estimated time of cracking of "7 hours."

I was relatively satisfied with that until I put the password generated with my client's algorithm.

Time to revisit my algorithm.

Happy New Year 2023

The start of a new year is a good time to review a few things and make sure everything is right. Here's my list of things I think you should check once a year.

Some of the steps may be a little out of date but I think you can find your way around. If not, leave me a comment and I'll help.

Password Store

PayPal Preapproved Payments

Offline Backup

Certificate Store

Router Configuration

Guest Network for IoT

Windows Defender and Windows Defender Offline

Controlled Folder Access

System Restore

You'll sleep better.

Office Deployment Tool - Revisited

Once again I found myself with a new laptop and no Microsoft Office license. 

I found one of those gray market key vendors and bought a Office 2021 Professional Pro key for less than $20. It came promptly and even included a link to a Microsoft download site. (Don't rush to download.)

I don't need all the included Office apps. The legacy installation dialog would let me choose which application and features would be installed. I used to use that dialog to omit all the Office apps except Word, Excel, and PowerPoint.

But now Microsoft has an Office Deployment Tool that lets you customize the installation.

I recalled the solution I had found earlier and revisited my previous post.

The referenced site, MS Guides, seems to have gotten crossways with Google and probably other organizations. I used archive.org to retrieve the instructions. This post is my recap of the process and is heavily based on MS Guides.

Step 0: Uninstall all the Click-to-Run Office 365 apps that come pre-installed.

Step 1: Download the appropriate version of the Office Deployment Tool from Microsoft. Use Google to find the proper download and download it.

Step 2: Double click the download to extract the contents of this file. It will create a new folder with configuration files (xml) and setup.exe.

Step 3: Tailor the following code as needed and paste it into a new text document.

    <Configuration>

      <Add OfficeClientEdition="64">

        <Product ID="ProPlusRetail">

          <Language ID="en-us" />

        

          <ExcludeApp ID="Access" />

          <ExcludeApp ID="InfoPath" />

          <ExcludeApp ID="Lync" />

          <ExcludeApp ID="OneNote" />

          <ExcludeApp ID="Outlook" />

          <ExcludeApp ID="Project" />

          <ExcludeApp ID="Publisher" />

          <ExcludeApp ID="SharePointDesigner" />

          <ExcludeApp ID="Skype" />

          <ExcludeApp ID="Skypeforbusiness" />

          <ExcludeApp ID="Groove" />

       

        </Product>

      </Add>

      <Display Level="Full" AcceptEULA="TRUE" />

    </Configuration>

The above sample code will only install Word, Excel, and PowerPoint.

Then save this as config.xml in the folder created earlier.

Step 4: Copy the code below into a new text document file.

    @echo off

    cd /d %~dp0

    setup.exe /configure config.xml

    pause

Then save this as install.cmd in the folder created earlier.

Step 5: Double-click on the install.cmd file and it'll run. You may have to right-click on it to run it as  an administrator. I didn't have to do this.

The process will even download the required bits.

Step 6: After successfully installing Office, launch one of the apps. You'll be prompted to login OR enter a product key. Enter your new product key there.

You're done.