Tarsnap – Online backups for the truly paranoid (tarsnap.com)
They look amazing. Bug bounties for everything, completely transparent architecture, data duplication and compression on the fly, they will be up even if two of Amazon's data centers die, one pays per byte and they are pretty cheap.
137 comments
[ 2.9 ms ] story [ 198 ms ] threadThey look amazing. Bug bounties for everything (including cosmetic stuff), completely transparent architecture, data deduplication and compression on the fly, they will be up even if two of Amazon's data centers fail, one pays per byte (traffic/store) and for all that they are pretty cheap.
(https://news.ycombinator.com/user?id=cperciva)
Irrelevant.
Tip: forget everything you knew about scheduling full and incremental backups, because you don't have to. Tarsnap provides logical snapshots and does all the diff magic for you.
(Hence tar ... snap)
Now, of course, if you are truly paranoid, you'll want to review their code first. I don't get why I can't simply mount a volume with encription and write there. Using code that is already on my machine (on the kernel, nonetheless) would make it a much simpler decision.
https://www.tarsnap.com/download.html
You can (and you could even use tarsnap to back up the encrypted filesystem image if you want), but writing your data to an encrypted filesystem tends to expand the amount of data changing -- in the extreme case, if you create a copy of a file you'll write that many blocks of new encrypted data which needs to be backed up, whereas tarsnap would just say "hey, I recognize all these blocks, it's those ones I backed up earlier" -- so Tarsnap's encrypted backups of a filesystem tend to be many times more efficient than backups of an encrypted filesystem.
If you want to mount an encrypted filesystem stored on S3, you might want to try ObjectiveFS. https://objectivefs.com
I find that so amazingly annoying. To me it says "yeah, I know many people might find it hard to get their head around the units I defined, but I don't really care about that because I find it cool." We have standard units for a reason, because people can immediately get the scale of something in their mind. With this, you can't. I went to their site open to what they were selling, but I'm very turned off by this.
More generally, I've always found it to be a good idea to be at least somewhat circumspect if you're going to have some kind of an asocial relationship with somebody (e.g., getting them to give you money). It's impossible to foretell what people will get annoyed by, so you might as well give them as few things to get annoyed by as possible. (I suppose this is the "better to keep quiet and be thought a fool..." principle, in a way, though obviously foolishness is not the precise issue here. Oh well. I don't claim to be original.)
If prices were listed in dollars per GB instead of picodollars per byte, it would be harder to avoid the what-is-a-GB confusion (a GB is 10^9 bytes, but some people don't understand SI prefixes). Picodollars are perfectly clear — nobody is going to think that a picodollar is 2^(-40) dollars.
Specifying prices in picodollars reinforces the point that if you have very small backups, you can pay very small amounts. Unlike some people, I don't believe in rounding up to $0.01 — the Tarsnap accounting code keeps track of everything in attodollars and when it internally converts storage prices from picodollars per month to attodollars per day it rounds the prices down.
Plus, as others have pointed out, prices are listed in standard units (dollars per GB) just below the oddball ones.
But also, you picked out only one of the three reasons he listed (http://www.tarsnap.com/picoUSD-why.html); the other two are also important:
If prices were listed in dollars per GB instead of picodollars per byte, it would be harder to avoid the what-is-a-GB confusion (a GB is 10^9 bytes, but some people don't understand SI prefixes). Picodollars are perfectly clear — nobody is going to think that a picodollar is 2^(-40) dollars.
Specifying prices in picodollars reinforces the point that if you have very small backups, you can pay very small amounts. Unlike some people, I don't believe in rounding up to $0.01 — the Tarsnap accounting code keeps track of everything in attodollars and when it internally converts storage prices from picodollars per month to attodollars per day it rounds the prices down.
And finally, the price in dollars per GB are also prominently displayed, right after the price in picodollars per byte. So really, you're just being bothered that he's having a little bit of geeky fun even though it has absolutely no effect on you.
The issue I have with Tarsnap is that the data is still at the hands of a small operation, as far as I can tell, and honestly I'm afraid we won't get our data if something happens to the guy. This is fine of course for many services, but data backup is inherently as mission critical as it gets. The whole reason for it is reliability, assurance and redundancy. It is not a nice to have, it is for many people the only place they fully trust to keep their data forever.
I wish Tarsnap had an innovation that made it possible to use it with one's (or an organization's) own AWS credentials. An on-site mode, if you will. Otherwise it has always seemed to me like a great piece of software.
EDIT: Wow, got a response in less than 5 minutes:
It's not something I'm looking at doing right now. The way the Tarsnap server side is designed, in order to keep costs low (and performance high), data is aggregated between multiple Tarsnap users and stored in S3 as large chunks; keeping each user's data segregated would add a lot of additional complexity and cost.
You can also create a write-only key. If you run tarsnap from a server which gets pwned, the attackers can't touch the existing backups. Don't be the next Astalavista[1].
[1] http://joncraton.org/blog/49/analyzing-the-astalavista-hack
He also has a bug bounty http://www.tarsnap.com/bugbounty.html, and several substantial security bugs have been found and fixed due to the bug bounty (http://www.tarsnap.com/bounty-winners.html). In fact, the first of those, the AES CTR nonce bug, was found before he had offered the bounty program; the bounty program was inspired by that bug, and has since led to the discovery of several other more minor issues.
So, the source is available, and there's a bounty out for discovering bugs ranging from cosmetic issues to major security issues. Feel free to review it and submit any bugs you find!
If you're paranoid about it being closed source, you can make a quick script to encrypt sensitive data, copy it to another folder, then sync that encrypted folder online. I do something similar with a small % of my data.
As far as server backups, it's trivial to script a copy to your local machine then let Crashplan sync that.
So far as I know, nobody else has done that.
In practice tarsnap is cheaper than everything else because of the dedupe.
Crashplan does dedupe and compression but has UNLIMITED storage/bandwidth for one price.
This one is Colin Percival's project.
Glad to see you on the front page.
http://www.haystacksoftware.com/arq/
Time Machine and Backblaze know how Mac OS is architectured and backup everything but useful files (logs mainly).
Coinbase comes close -- the only thing they don't do is allow me to specify at run-time how many USD I want; for some odd reason they need you to "create a button" with an API call before displaying that button on your site, which is a pain to deal with when you have variable payment amounts.
Not leaking metadata on credit card statements that allows to infer that valuable data is stored at Tarsnap (and approximately how much), would be a practical increase in security: Such a leak might prompt an attacker to allocate more resources towards compromising the Tarsnap user's client computer.
If your opponent uses geographic profiling, you want to pick a point far away from you and then go to stores far away from that point -- then they'll identify that far-away point as being your origin. If your opponent is a game theoretician, on the other hand, you want to pick stores to visit completely at random, in order to avoid providing any information.
I just signed up and used it on two servers like 30 minutes ago, but I don't see anything in the account activity except the payment info. I'm quite sure my servers sent stuff because I monitored b/w usage
The documentation is thorough, and Colin (the owner/operator/author) responds quickly to emails.
Finally, compression and deduplication is amazing:
Yep, I've backed up 350GB of data, but since most of it is duplicated, I pay for storing 6.3GB. Win.One word of caution though - this isn't a mainstream consumer backup service. If you lose your keys you lose your data. No chance of recovery. So make sure you back those up properly too, ideally in a different geography.
You're using the --snaptime option, right? It's necessary when you're backing up a filesystem snapshot in order to work around a race condition with them -- if a file is modified, the filesystem snapshot is created, and then the file is modified again, all within a single time quantum, it can trick Tarsnap into thinking that the file hasn't been modified later (which triggers an optimization of "this must be the same blocks as it was last time" in place of the usual "read the file and split it into blocks" behaviour).
Finally, compression and deduplication is amazing:
Well, if we're going to be posting statistics here...
That's 269 TB of data backed up from my laptop, deduplicated and compressed down to 72 GB. This is what I get for taking a backup of my entire home directory every hour...Yep, emailed you about this in fact, and appreciated your detailed response.
Tarsnap uses variable blocks (in such a way that inserting into the middle of a file creates minimal differences). If a new block is detected during a backup, it only needs to send that block, as the rest are already stored on the server. It also means that new archives can refer to the old blocks stored, allowing each archive to be independent, and unused blocks removed when the last archive using it is deleted. Before sending, blocks are compressed then encrypted, so compression can't really help since you might not have all the old data locally.
You can also deal with backups using a master and incremental diffs. This doesn't work well with the tarsnap model, as archives are no longer independent.
I don't have the option to know for sure by analyzing the source code myself so I'll have to trust the popular opionion of Very Smart People here on HN (well, I suppose I could if I spent a non-trivial chunk of the coming year reading up on crypto stuff).
The bar you're setting, though, is impossibly high. Can you absolutely, positively, definitely trust that your machine is not rooted and some nefarious entity isn't quietly collecting your every keystroke and snickering in the dark while stroking a white cat?
At that level of paranoia, you're probably best off using a device personally soldered together with hand-selected transistors that XORs all your backups with the white noise collected from your tv (while disconnected from cable, of course).
Did he win the Putnam?
spoilers: https://news.ycombinator.com/item?id=35083
(400GB is not an absurd amount, either. I personally would ideally have about that much in my off-site backup.)
The query that suxnoll responded to supposed that you have 400 GB of data with small deltas. But that's only possible if you're filling your harddrive with files created from random noise from /dev/random and updating all your files monthly by more random noise.
Actually, combining crypto and dedupe in such a way that the server can never tell what's on the client computer but the client can still reliably pick what's changed and dedupe it?
That's honest-to-goodness computer science. And Colin is the guy who invented this stuff.
More recently we'd been trying to get to the bottom of some unusably slow macs (mountain lion). Turns out that the BackBlaze filelist service (that watches for changes to files) is very poorly behaved. Initially we discovered that it fights with apple's mds. Even once we'd fixed that (by stopping mds from watching a load of folders) it still ignores the scheduled backup times so it runs all day. BackBlaze support acknowledged the issue but the only workaround we've found is to have a cron job unload the BackBlaze daemon during the day to stop it destroying performance.
[0] http://www.haystacksoftware.com/arq/
That's really disturbing, does it misbehave and interact with /dev/fsevents directly instead of using the public fsevents api? If so somebody needs to get flogged over that choice.
The behaviour we saw was a constant scanning of all the metadata of all the files on the filesystem - not just things that were changing. It seemed that instead of being notified about changes it was relying on comparing to its cache by polling. There were huge folders with years of photos in that hadn't been touched in months being scanned again and again all day.
To be honest, my business partner contacted BB about it and they didn't seem as concerned as we were. It was at that point that for the first time in a couple of years I found myself with the desire to investigate backup services again. It's a shame because BB has been good when I've needed them. A drive died recently with a lot of important data on it (years of photos and music) and they had a replacement to me in a matter of days.
I'm still running their backups at the moment but I also started Arq running last night. It seems to fit my use-case perfectly.
Edit: I just ran it a again to check. The bzfilelist process does an lstat on every file in the system one by one.
Wow, so it doesn't even listen for fsevents? What a terrible design, I understand running a full scan every now and then to ensure you haven't missed anything while the filesystem has been offline (in case it's mounted on another machine), but holy crap.
https://www.tarsnap.com/legal-why.html#PRIVACYLAW
This situation has never arisen, but if I'm confronted by a police officer and enough evidence that I'm sure they could get a court order, I'd rather be cooperative than force them to go through the courts. This doesn't mean that I'd give them any more data than they would get from a court order -- in fact, quite the opposite, since police tend to err on the side of requesting more than they need when going through the courts, and cooperating could change "seize a server" into "get a copy of the required data".
Beyond that, it's a judgement call. Lots of countries have agreements to assist each others' police forces in obtaining evidence.
If swedish police comes to you directly, you don't have to comply, but if they go through the proper channels, the request to you, comes from canadian police.
Seriously though, it is on my list of issues which needs to be addressed. Bringing in someone else and getting them up to speed on how to run everything is an expensive prospect, though.
Otoh, I am just speculating :-)
Either way, it might be worth looking into even just the "private" Tarsnap on AWS business direction as a way of growing revenue in a way that isn't tied strictly to data storage volume.
One way to go about this is to ask some of your larger business users if they would be interested in such a "private for them" self hosted Tarsnap variant. I think many of them would love a way to help you have revenues sufficient to support having an additional engineer (or two) working with you, which isn't possible for them to do with your current usage based revenue model.
Point being, theres probably an "enterprise" business model that stays true to your quality goals, but gives you more ahead of time revenue by a substantial amount. For some of your customers, there might be more value in supporting you being able to hire some engineers than there is in the cost savings element of the current revenue model. This can be an ancillary product that isn't the core one, but which still helps you have more resources to make the core better.
Talk with your larger customers, they're probably happy to chat with you given the chance.
Pretty morbid (but necessary) talking about what will happen if you're rendered inoperative.
Sometimes it takes more than 3 hours to restore a customer's 40MB directory.
If we were to have a full HD failure and had to restore the whole 1TB, that would probably take days. Days of downtime for us.
So depending on your situation, this might not be ideal.
I contacted Colin about this a few months ago and he mentioned that he is working on a faster version.
It's a decent tool. I encrypt with a separate gpg key, do mostly incremental backups, and a full one every few months. Incremental backups take under a minute on my desktop (100K files, 11G). Full ones are kind of slow (which is why I set it to only do it every few months).
I haven't used the S3 support.
see https://news.ycombinator.com/item?id=820705 and https://news.ycombinator.com/item?id=1639277, e.g.
Paranoia means encrypting everything which might be sensitive, even if you can't see any way for it to be abused.