Sorry for the duplicate. I thought it was inconvenient to have to cut and paste the link.
Fellow Hackers.
The product is Hybir Backup which is a full online backup service. It is windows only for now.
The site has all of the relevant information.
Comments and Questions are encouraged.
If you would like a free trial use HACKERNEWS as the promotion code.
I have lots of exciting news I have been unable to share with community just yet. But if you are where I was a year ago. I was told "NO" so many times I thought it was my nick name. Just keep going it is well worth it.
For those of you paying attention. I posted this first under CRASCH and then again accidentally under VIPER.
I created the VIPER account a while ago when I wanted to share my successes with the community anonymously. The reason is that I really felt compelled to encourage my fellow hackers. I never ended up posting those. I must have written that post ten times though. I always ended up thinking it either felt like bragging or was not believable with the facts to back it up. Facts I still can't disclose because of NDAs.
It seems a little underhanded, but try and populate your forums with a decent number of posts before you launch. Either that, or don't launch your forums until you have a decent number of users. An empty forum has a pretty significant impact on someone who is casually looking at your site. Whether that reaction is justified or not, you still have to recognize it. You might consider a mailing list as a temporary alternative.
Also, I'm not sure how essential the user's email is to the sign up process, but if you can take that part out, I would go ahead and do it. That will encourage people to register, and you can give them an incentive to add their email later. For example, on the admin page you could tell them to enter in their email in order to receive notifications about the status of their backup, etc. That's mostly just a personal thing for me. It's not like your breaking any rules by using an email in the sign up process. In fact, it's nice not to have to deal with remembering a user name.
More advice: when you launch send a press kit complete with a company summery, personal bio, relevant media (images, video, etc), and a free registration key to all the popular tech blogs. People are inherently lazy, and if you hand an author all the tools needed to quickly write an article, plus a free premium version of your product, it's likely you can generate some good press. It also might be a good idea to include the press kit on your site for easy downloading.
No problem. The email point is the one I am least comfortable about. I'm not sure how the public in general feels about it. It may be that they like being able to sign up without an email, or it may be that they find it annoying to have to enter it later. My other points represent common knowledge and/or are not too controversial. My email point is just based on personal feeling. :)
Change or Modify "Hybir Unbelievable" to add something descriptive like "Hybir Features". When I don't see any obvious way to checkout a list of features I bail out instantly.
Also why do Signup, Login, Unbelievable and Forums each have their own font? Different colors, same font please.
Signed up ok. It seemed to have logged me in after signup - great. Then it kicked me out. Now if I try to login it says invalid credentials. Pretty sure I am using the right credentials. There's no apparent way to send a password change request either.
Your homepage is OK. The site is missing viewable screenshots of the application. The page with all the features is too long to read. Too much information that doesn't get to the point (ex : "how fast" have a text that goes "it can take 3 minutes to backup 1 Go"). In short, I'll make it more friendly for non-techies.
I like the design but the icons in the feature pages are odd-looking. The sub-menu (overview, comparison, in action...) was invisible to me.
It looks really cool though and I hope you will change the world of backups, we really need it...
I will add screen casts and screen shots to the site. I will have to look into the invisibility issue. The icons will definitely get redone once I have someone decent to do them.
I can't really say anything yet. But you may be surprised where it is and how many places it is in the next three to six months.
Press releases of your own baby creations are more than welcome. What is not welcome is press releases to other people's products and services with your affiliate/referral ID neatly tucked in the submitted URL :-)
I am currently/always looking for better user backups for our employees. We have tried multiple online solutions before (Carbonite, Mozy) and we've tried multiple local backups (rsync to a central server, Maxtor Onetouch+, Acronis Truebackup, etc)
Here are the questions I have when hitting your site. They're just my quick overview thoughts, but they might be of help-
How much does it cost?
Do you charge per user, or per GB?
"Every Hybir Backup is the equivalent of a Full Backup at the speed of an incremental. "
Do you do block level backups, or file level? Ie, is this akin to Ghost, or more akin to rsync?
"Hybir Backup leverages all the data it has ever backed up for everyone. "
This makes it seem like you do a md5 on the file, and store by that, rather than by the file itself. Do you preserve permissions, etc?
Also- What do you do if there is 1M of changes in a 100G file?
How do you handle updates to the client? Do they roll out automatically, or do users need to download and install them?
Is it possible to have one master account have access to all sub accounts? I'd rather not have them all have the same username+password, so that users can't download eachother's files.. All the same, I don't want to have to keep a spreadsheet with XXX passwords.
"Security a bank would envy"
SSL security is great for it getting to you. I'm not worried about that. What about isolation from other customers? Can we encrypt our backups with a private key, so that you compare block-changes against OUR files, but not against others in your datacenter?
"Full Backup"
You're backing up the MBR, etc. Is there a way to restore this if it's broken (a boot cd or similar?). If not, what good is it? (Honest question.)
"We may use your PII to contact you in connection with offers, responses to your inquiries, information on new services and features, and in connection with administering and offering our services."
I'd really like to see the privacy policy clarified with regards to the difference between Personal Information (Our name, etc), and the data we upload.
"The Software may be installed and used solely on one standalone, un-networked desktop or laptop computer identified by Customer when subscribing to the Services, and the Services may be used solely for such standalone computer."
This terms of use sounds like it's written for a commercial program, not a service - We want to install on many computers, that's the point ;)
"3.3 Hybir retains the right, but not the obligation, to retain copies of obsolete or deleted files, subject solely to its obligations of confidentiality hereunder."
This makes me nervous, FWIW.
Overall, it looks like a good product, in a very, very crowded market.
It is mixed we backup the MBR in raw blocks. We back up files in Blocks or as a whole depending on the likely hood the file will be changed and the size of the file.
Yes we preserve permissions and ACLs for files.
What do we do if there are 1M changes in 100GB? It depends on where the changes are. We take a snapshot and any changes will be picked up in blocks of various sizes and only those changes are unloaded. So if most of the changes happened in 5GB then only 5GB would be uploaded. If they are spread out across the 100GB the whole 100GB could have to be uploaded.
We perform automatic updates. This is an option you can choose to opt out of.
Each user currently is its own account. We may offer group account management in the future.
We currently do not offer private key encryption. It offers no additional protection. Here it is from the website to save some typing "Private Key Encryption is a good way to protect sensitive data. In online Backup solutions not so much. There are many secure private key encryption programs some of which are open source and some that are free or both. What is wrong with Private key encryption in online backup solutions? When it is built in to online backup it defeats the purpose. You are giving the key to those intrusted (the online Backup provider) with encrypting and storing your data. This gives the uninformed a false sense of security. This is analogous to using a safe in your hotel room. You choose the combination (The password) and write it down on the safe for the cleaning staff (The backup program) to gather your valuables and place in the safe. They lock it and promise they haven't looked at the password. Most of us would never think of using a safe in a hotel room with that arangement. If you have ultra sensitive information on your PC we recommend that you use a third party application. If you have data that would cause you significant pain if it fell into the wrong hands, you should be encrypting it because unfortunately your PC could get stolen."
The technology does not do block compares. The only access to your data is through your account.
Yes, although it is not available for download yet. There is a windows pre-installation environment iso that you can use to restore or repair a disk.
Great catches on the privacy policy and terms. Those are definitely off from what I want in those documents. I will have those revised.
I think your homepage needs to say why "Hybir reinvents backup". Once I read your features page, I was sold, but the homepage doesn't do enough to draw people in. You need to mention at least one unique selling point. Maybe something like: "Genuine full PC, zero configuration backup with unparalleled performance". A screenshot on the home page would definitely help too.
Minor issue: from the forums, I can't find an obvious link back to your home page.
The site says "We currently do not offer private key encryption," and adds "You are giving the key to those intrusted (the online Backup provider) with encrypting and storing your data."
But it isn't true that online backup requires giving the key to the backup provider.
There are two main security models: (1) All data is encrypted on the user's machine with a password known ONLY to the user that never leaves the user's machine, and the encrypted data is transmitted and written to backup exactly that way; on restores, the encrypted data is returned and then decrypted on the user's machine (Connected Online Backup from Iron Mountain and some ways of using JungleDisk work this way). Or (2) the data is transmitted securely, decrypted at the backup server, encrypted there with a key known to the backup service and saved; on restores, the data is decrypted at the backup server using the service's key, then returned securely to the user's machine (most other online backup services work this way).
The second model is, as you say, insecure--which is why it is a big competitive disadvantage.
The first model can be smart, of course, and employ the user's private encryption key which never leaves the client PC only for personal files, and use some other method on Windows system files, commercial application executables, and other files which are duplicated on millions of machines (identified on the client before encryption).
FWIW, Connected Online Backup does both incremental backups by changed file blocks and also does identification of files it already has seen and so doesn't need to send again (at all), while keeping the encryption key only on the client PC. You're right about the current price--Connected wants $995/yr for 50GB. Obviously that price level can't last much longer.
Do you know it doesn't leave the users machine?
(I'm not asking that to be smart or anything.)
My point is that you are trusting the backup providers that it doesn't.
My main point is that you are trying to protect your data from the backup providers or their sloppy security. You aren't trusting them on one hand yet trusting them on the other that they don't store or save the key on their servers.
One popular online backup product can recover the key if you use their generated key. Which of course means they store it on their servers.
Honestly implementing private key encryption is trivial. My hesitation is that it only adds a level of security if the backup providers are trustworthy. The lack of trust of the backup providers is kind of why it is there.
Here is the scenario I envisioned that made me question it.
Let's say client X performs backups of their computer using service Y.
Service Y provides private key encryption. Client X types in his secret phrase and thinks that his/her data is secure.
Service Y must either require the secret phrase to be typed in each time the software is run or must store the key locally. They store it locally.
Someone comes with a court order demanding every reasonable effort to release the data to the court. Service Y may WANT to comply to catch bad guy client X. Or they may just not want to be held in contempt of court and get fined etc. Can they reasonably recover the key? My answer is yes service Y can reasonably recover the key. I don't believe the answer is yes if it is encrypted with a third party tool.
There are of course holes in the above scenario. You might need to automatically update the software to upload the key for that user etc. Perhaps they don't do automatic updates. They could also require an update just for that users account to function. My main point again is you are back to trusting the backup provider.
I found it highly ironic to be writing code to protect my potential customers to gain their trust without disclosing the inherent holes in that process.
My hesitation to adding private key encryption was purely on the side of NOT wanting to pretend that backup software with private key encryption protects their data against all scenarios.
But having written this post and explaining it frequently. I think I probably should just add it in.
I thought, what would I want to be told if I was the customer?
1) The truth that there are holes in the process and here is a better solution if you need it.
or
2) That it is super secure unbreakable private key encryption.
I chose "1". I'll still stick to the story line but I will implement it in the next release.
Well, FWIW, I backup my machine every night via both of Connected Online Backup ($995/yr) and JungleDisk, (about $350 a year to Amazon) and I won't use any of their competitors who can recover their own keys--so the story of enhanced security sells me. (I do trust these vendors not to transmit my password from their client applications to their servers, that's easy; I don't trust them to secure my unencrypted data on lots of machines for decades, that's much harder.)
39 comments
[ 2.7 ms ] story [ 79.1 ms ] threadFellow Hackers.
The product is Hybir Backup which is a full online backup service. It is windows only for now.
The site has all of the relevant information.
Comments and Questions are encouraged.
If you would like a free trial use HACKERNEWS as the promotion code.
I have lots of exciting news I have been unable to share with community just yet. But if you are where I was a year ago. I was told "NO" so many times I thought it was my nick name. Just keep going it is well worth it.
Thanks,
Rasch (Hacking Founder)
Direct link: http://www.hybir.com/HybirBackup.html
I created the VIPER account a while ago when I wanted to share my successes with the community anonymously. The reason is that I really felt compelled to encourage my fellow hackers. I never ended up posting those. I must have written that post ten times though. I always ended up thinking it either felt like bragging or was not believable with the facts to back it up. Facts I still can't disclose because of NDAs.
Rasch
Also, I'm not sure how essential the user's email is to the sign up process, but if you can take that part out, I would go ahead and do it. That will encourage people to register, and you can give them an incentive to add their email later. For example, on the admin page you could tell them to enter in their email in order to receive notifications about the status of their backup, etc. That's mostly just a personal thing for me. It's not like your breaking any rules by using an email in the sign up process. In fact, it's nice not to have to deal with remembering a user name.
More advice: when you launch send a press kit complete with a company summery, personal bio, relevant media (images, video, etc), and a free registration key to all the popular tech blogs. People are inherently lazy, and if you hand an author all the tools needed to quickly write an article, plus a free premium version of your product, it's likely you can generate some good press. It also might be a good idea to include the press kit on your site for easy downloading.
You are correct on the email and in fact you can use any unused user name. I should make that clear. It will save them a step.
I will prepare a press kit as you are suggesting.
Thanks again!
Also why do Signup, Login, Unbelievable and Forums each have their own font? Different colors, same font please.
I will fix the font issue too!
I love this community! I should post more often.
Again thanks for your help everyone.
In the mean time can you create another account or email support@hybir.com with your user_id and request a password reset?
Thanks,
Rasch
I like the design but the icons in the feature pages are odd-looking. The sub-menu (overview, comparison, in action...) was invisible to me.
It looks really cool though and I hope you will change the world of backups, we really need it...
I can't really say anything yet. But you may be surprised where it is and how many places it is in the next three to six months.
Thanks!
No Value Proposition. No Call to Action. No Immediate Offer.
No idea what you sell?
Online, Offline, Come hold my hand and teach me?
Do I have to be a nerd to use this?
Is there phone support.
How much does it cost.
How do you secure it so that I can be assured no one else can get it.
And I roll my eyes when I see hyper claims like
"Reinvents Backup"
You have 15 seconds. You lost me at 3....
And black makes me feel dead...
This is your public launch.
I am currently/always looking for better user backups for our employees. We have tried multiple online solutions before (Carbonite, Mozy) and we've tried multiple local backups (rsync to a central server, Maxtor Onetouch+, Acronis Truebackup, etc)
Here are the questions I have when hitting your site. They're just my quick overview thoughts, but they might be of help-
How much does it cost? Do you charge per user, or per GB?
"Every Hybir Backup is the equivalent of a Full Backup at the speed of an incremental. " Do you do block level backups, or file level? Ie, is this akin to Ghost, or more akin to rsync?
"Hybir Backup leverages all the data it has ever backed up for everyone. "
This makes it seem like you do a md5 on the file, and store by that, rather than by the file itself. Do you preserve permissions, etc?
Also- What do you do if there is 1M of changes in a 100G file?
How do you handle updates to the client? Do they roll out automatically, or do users need to download and install them?
Is it possible to have one master account have access to all sub accounts? I'd rather not have them all have the same username+password, so that users can't download eachother's files.. All the same, I don't want to have to keep a spreadsheet with XXX passwords.
"Security a bank would envy" SSL security is great for it getting to you. I'm not worried about that. What about isolation from other customers? Can we encrypt our backups with a private key, so that you compare block-changes against OUR files, but not against others in your datacenter?
"Full Backup" You're backing up the MBR, etc. Is there a way to restore this if it's broken (a boot cd or similar?). If not, what good is it? (Honest question.)
"We may use your PII to contact you in connection with offers, responses to your inquiries, information on new services and features, and in connection with administering and offering our services."
I'd really like to see the privacy policy clarified with regards to the difference between Personal Information (Our name, etc), and the data we upload.
"The Software may be installed and used solely on one standalone, un-networked desktop or laptop computer identified by Customer when subscribing to the Services, and the Services may be used solely for such standalone computer."
This terms of use sounds like it's written for a commercial program, not a service - We want to install on many computers, that's the point ;)
"3.3 Hybir retains the right, but not the obligation, to retain copies of obsolete or deleted files, subject solely to its obligations of confidentiality hereunder."
This makes me nervous, FWIW.
Overall, it looks like a good product, in a very, very crowded market.
It is mixed we backup the MBR in raw blocks. We back up files in Blocks or as a whole depending on the likely hood the file will be changed and the size of the file.
Yes we preserve permissions and ACLs for files.
What do we do if there are 1M changes in 100GB? It depends on where the changes are. We take a snapshot and any changes will be picked up in blocks of various sizes and only those changes are unloaded. So if most of the changes happened in 5GB then only 5GB would be uploaded. If they are spread out across the 100GB the whole 100GB could have to be uploaded.
We perform automatic updates. This is an option you can choose to opt out of.
Each user currently is its own account. We may offer group account management in the future.
We currently do not offer private key encryption. It offers no additional protection. Here it is from the website to save some typing "Private Key Encryption is a good way to protect sensitive data. In online Backup solutions not so much. There are many secure private key encryption programs some of which are open source and some that are free or both. What is wrong with Private key encryption in online backup solutions? When it is built in to online backup it defeats the purpose. You are giving the key to those intrusted (the online Backup provider) with encrypting and storing your data. This gives the uninformed a false sense of security. This is analogous to using a safe in your hotel room. You choose the combination (The password) and write it down on the safe for the cleaning staff (The backup program) to gather your valuables and place in the safe. They lock it and promise they haven't looked at the password. Most of us would never think of using a safe in a hotel room with that arangement. If you have ultra sensitive information on your PC we recommend that you use a third party application. If you have data that would cause you significant pain if it fell into the wrong hands, you should be encrypting it because unfortunately your PC could get stolen."
The technology does not do block compares. The only access to your data is through your account.
Yes, although it is not available for download yet. There is a windows pre-installation environment iso that you can use to restore or repair a disk.
Great catches on the privacy policy and terms. Those are definitely off from what I want in those documents. I will have those revised.
Thanks for the detailed post!
Rasch
Actually, re-reading the page, you might want to get someone to give the whole page a once-over. There are quite a few improvements to make...
Apart from that, good luck!
I have some editing to do tonight!
Minor issue: from the forums, I can't find an obvious link back to your home page.
But it isn't true that online backup requires giving the key to the backup provider.
There are two main security models: (1) All data is encrypted on the user's machine with a password known ONLY to the user that never leaves the user's machine, and the encrypted data is transmitted and written to backup exactly that way; on restores, the encrypted data is returned and then decrypted on the user's machine (Connected Online Backup from Iron Mountain and some ways of using JungleDisk work this way). Or (2) the data is transmitted securely, decrypted at the backup server, encrypted there with a key known to the backup service and saved; on restores, the data is decrypted at the backup server using the service's key, then returned securely to the user's machine (most other online backup services work this way).
The second model is, as you say, insecure--which is why it is a big competitive disadvantage.
The first model can be smart, of course, and employ the user's private encryption key which never leaves the client PC only for personal files, and use some other method on Windows system files, commercial application executables, and other files which are duplicated on millions of machines (identified on the client before encryption).
FWIW, Connected Online Backup does both incremental backups by changed file blocks and also does identification of files it already has seen and so doesn't need to send again (at all), while keeping the encryption key only on the client PC. You're right about the current price--Connected wants $995/yr for 50GB. Obviously that price level can't last much longer.
My main point is that you are trying to protect your data from the backup providers or their sloppy security. You aren't trusting them on one hand yet trusting them on the other that they don't store or save the key on their servers.
One popular online backup product can recover the key if you use their generated key. Which of course means they store it on their servers.
Honestly implementing private key encryption is trivial. My hesitation is that it only adds a level of security if the backup providers are trustworthy. The lack of trust of the backup providers is kind of why it is there.
Here is the scenario I envisioned that made me question it. Let's say client X performs backups of their computer using service Y. Service Y provides private key encryption. Client X types in his secret phrase and thinks that his/her data is secure. Service Y must either require the secret phrase to be typed in each time the software is run or must store the key locally. They store it locally. Someone comes with a court order demanding every reasonable effort to release the data to the court. Service Y may WANT to comply to catch bad guy client X. Or they may just not want to be held in contempt of court and get fined etc. Can they reasonably recover the key? My answer is yes service Y can reasonably recover the key. I don't believe the answer is yes if it is encrypted with a third party tool.
There are of course holes in the above scenario. You might need to automatically update the software to upload the key for that user etc. Perhaps they don't do automatic updates. They could also require an update just for that users account to function. My main point again is you are back to trusting the backup provider.
I found it highly ironic to be writing code to protect my potential customers to gain their trust without disclosing the inherent holes in that process.
My hesitation to adding private key encryption was purely on the side of NOT wanting to pretend that backup software with private key encryption protects their data against all scenarios.
But having written this post and explaining it frequently. I think I probably should just add it in.
Thanks,
Rasch
I thought, what would I want to be told if I was the customer?
1) The truth that there are holes in the process and here is a better solution if you need it. or 2) That it is super secure unbreakable private key encryption.
I chose "1". I'll still stick to the story line but I will implement it in the next release.
BTW I really appreciate taking the time to share your point of view.
Yes that is a limitation I will remove shortly. You can use any user name you want. I didn't make that clear either.
I have lots of work to do thanks to all the good feedback from everyone thanks again!