People who use HAMMER also tend to backup their filesystems using the streaming mirroring feature. You need a backup anyway, regardless. HAMMER makes it easy, and this is the recommended method for dealing with media faults on HDDs not backed by hardware RAID (and even if they are). You need to backup your data anyway, after all, regardless of the filesystem (even ZFS's 'copies' feature has its limits due to the fact that the copies are all being managed from the same machine).
FreeBSD's background fsck and mounting without an fsck (depending on softupdates) has NEVER been well vetted to ensure that it works in all situations. There have been lots of complaints about related failures over the years, mostly blamed on failed writes to disks or people not having UPS's (since UFS was never designed to work with a disk synchronization command, crashes from e.g. power failures could seriously corrupt disks above and beyond lost sectors). They can claim it works better now, but I would never trust it. Background fsck itself can render a server unusable due to lost performance. HAMMER has a 'hammer recover' command meant to be used when all else fails. It can be used directly with the bad/corrupted disk as the source and a new disk as the destination. It scans the disk, yes. A full fsck on a very large (2TB+) filled filesystem is almost as bad when it starts having to seek around. I have had numerous failed disks over the years and have never had to actually use the recover command. I always initialize a replacement from one of the several live backups I keep. HAMMER2 will have some more interesting features that flesh out the live backup mechanic a bit better, making it possible to e.g. initialize a replacement disk locally and leave the filesystem live using a remotely served backup as the replacement is reloaded from the backup. But it isn't possible with HAMMER1, sorry. -Matt Matthew Dillon <dil...@backplane.com>