324 comments

[ 4.7 ms ] story [ 273 ms ] thread
> the intersection of Catholic teaching on social justice and SaaS pricing grids,

Maybe it's just me, but I would read the _hell_ out of that blog post.

Or...How I would run an online backup service completely unrelated to Tarsnap, with different goals, different priorities, and different ideals.
Yep, I think this is basically the problem with this post, it's Dropbox with an open source client and maybe that is what he doesn't want it to be.
If you think Tarsnap is Dropbox with an open source client (but marketed differently), a) you do not understand the engineering reality of Tarsnap (or you have a very... curious understanding of Dropbox) and b) Colin, please note that your marketing is creating fans who think that Tarsnap is Dropbox with an open source client.
How about Dropbox + TrueCrypt, except easier to automate and much cheaper beyond Dropbox's free tier, in exchange for taking the risk on a one-person business?
You realise that Dropbox isn't a backup system, right?
I have a backup file there, so can confirm it does work for that purpose.
Um, no.

Delete that file on one device, it is gone from all that share it.

Put only a backup copy (not the source file) into Dropbox or Tarsnap. Don't delete the file on either system. Same boat.

Scripts can copy out from the Dropbox to both negate your issue and proliferate backup copies to many physical locations.

Dropbox preserves history of the file even after file was deleted.

Especially with Packrat feature.

https://www.dropbox.com/help/11/en

Didn't know, thanks! Also didn't know that (from Dropbox help) "Your files are stored using 256-bit AES encryption". You have to trust them with the keys though.
I meant the product described in the blog post not tarsnap as it currently is.

I'm quite aware of what tarsnap is.

I think Patrick's comment still applies if you think he described "Dropbox with an open source client." Since it's still tarsnap, it still retains all of the security benefits of tarsnap. Saying "open source client" does not capture that.
Things tarsnap would need to be anything like dropbox:

* Mobile support

* Windows support

* A web interface

* Any way of using it other than CLI

TFA left all that stuff in place. "tarsnap the software" does not change at all.

Honestly, he's put so much thought and effort into it already and seems to care a lot about it, I wonder why he doesn't just launch a competing service.

Edit: Whoa, lots of downvotes. I guess it is a bit odd to ask a person who just said "What I Would Do If I Ran Tarsnap" if they have any literal interest in running Tarsnap. Silly me.

part of the allure of Tarsnap is cperciva's security and engineering expertise. While patio11 is brilliant, that is the one part of the "business" he wouldn't be to compete with.
Couldn't he just run a marketing site that passes user data directly through to Tarsnap, but charges a 1000% markup for the flashy website?
(comment deleted)
The whole point is that cperciva has a unique competitive advantage in operating tarsnap in that he's a remarkably good at that problem set.

patio11's whole point is that he loves both tarsnap and cperciva and thinks literally everyone in this equation would be better served if cperciva made more money and by making the tarsnap user experience more sensitive to the needs of businesses who want to rely on it.

Because being on the hook for people's backups is not my idea of a fun time, because I'd be directly competing with an Internet buddy who I'd rather see successful, because I have no particular comparative advantage in backups that I don't have in a host of better product categories, because I already run three businesses and enjoy sleeping occasionally, because running services is in fact a heck of a lot harder than posting about them, etc etc.
You are assuming that Colin did not make a number of different (but similar in spirit) decisions when he set up tarsnap the way he did.

But if you espouse like this on 'what you would do if you ran tarsnap' then you probably should be doing just that, rather than to list your own set of priorities that contradict the whole premise of your well intentioned public good advice.

I read this as a public offer to do better, excuses about how you're too busy shouldn't count. If you're going to tell someone how you would run their business you should be wiling to do exactly that. Otherwise your words lose a lot of strength.

Especially because running services is a lot harder than (publicly) posting about them.

I read the article as an immensely valuable 'Business 101 For Geeks: With Current Case Study' tutorial, and wished I had more than one upvote to give it. Seriously, people pay good money for educational material of far lower quality, and we're getting it free. Demanding that the author take on another business is... an inappropriate response.
Indeed. I have paid and will continue to happily pay significant sums of money for educational material at approximately this detail level, so I'm very very happy that Patrick is willing to do it for free.
As someone who knows a little something about this business, and who has been excited and enthusiastic about tarsnap from day one, I hope Colin pays no attention to what you have written and continues to provide his service (note, I didn't say "run his business") just as he has.

I want to live in a world where tarsnap is sold for picodollars.

Well, I hope he changes the "auto deleted if you don't check your email for 14 days" and just charges my credit card accordingly. Operating on pre-payment is kind of nutty.
What happens when the CC fails? What happens when the CC fails and the customer is non-responsive? Ultimately Colin has to make a call of whether he deletes the files or not after some point of non-communication from the customer.
(comment deleted)
He will eventually have to wipe my data. However, as it is quite valuable to me, I want this to happen after actual attempts to contact me, including many emails and actual phonecalls. And at the very least no earlier than many months after payments stop. I'm okay with paying more for the service to get this.
So, why doesn't anyone set up a payment service dedicated to topping up tarsnap accounts? If this is something people want, and colin doesn't care to implement it -- just pay someone else 1.5 the price with the added (mutual) guarantee that you won't run out of funds (possibly with a max, and/or complicated rules for when payment should cease) ?

Sounds like easy money all around, and colin won't have to deal with the support fallout (nor get paid to deal with it, which is ok).

The "truly paranoid" would check backup status email more than once every fortnight. ;)
One of the benefits of a paranoid setup should be not having to constantly check on things.
There are many types of paranoia. Micro-managing is one. Eg,

> if you believe you must check on every detail, your style is symptomatic of insecurity or paranoia - http://www.adams-hall.com/micwilstrany.html

In any case, my ";)" from before stands.

What happens if I get in an accident and get in a coma for longer than 14 days? What if I get arrested? What if I go on my honeymoon and simply forget about the backup? What if ... truly paranoid people are paranoid about that possibility, too.

I know I am and that this 14 days clause is the only reason why I am not using tarsnap.

"What-if"s are fun! (Still operating under the ";)" from earlier.)

What if auto-renew were added, but you're robbed and knocked into a coma for 2 months. In the meanwhile, the credit card company notices the suspicious transactions, can't get a hold of you, and cancels the card. Auto-renew occurs 3 days later, but the card number on file doesn't work. Colin Percival calls your phone number, and gets no answer for a month. Then what?

If you're truly paranoid, you might have to consider that possibility as well.

With every scenario and solution you can come up with which require intervention, I can double down on and think of a worse-case scenario where your solution won't work and you'll lose your data. A possible non-intervention solution could work, which is to front-load the account to the limits of your paranoia.

What if the payments were taken out of an account automatically and you could load up a reserve with money. This would allow for calculations on your usage:money without it being a major factor on immediate loss of service.
Or... you could just put 1 year's worth of funds in your tarnsnap account, and check it every season to top it off.
There are two kinds of paranoia here:

1) Paranoid that you will lose your data.

2) Paranoid that your data will fall into the wrong hands.

It seems to me that Tarsnap values preventing #2 over preventing #1.

To follow on your example, what if the authorities who arrested you want to get their mitts on the data in your tarsnap account? Won't you be happy that your data is irrevocably deleted?

What is google just decided to filter those e-mails into my spam folder and I miss both? That seems like a very possible thing to happen.
Why haven't you white-listed them? The problem with the "delete after 14 days" is that it can be hard to predict on your side how long it will take to exhaust credit. But here what you're asking them is to work around a possible misconfiguration on your side. That's a different class of error.

If tarsnap is really a G2G business, then it makes sense to assume you know how to white-list an email address.

How many other misconfigurations should they deal with? What if the battery is dead on your cell phone when they try to call you after several missed the emails? (Or you're out hiking where there's no reception, or on a cruise, or in another country and didn't want to pay high roaming charges, or ...)

(comment deleted)
"Operating on pre-payment is kind of nutty."

Not if you reconsider "backup for the truly paranoid" and ponder about who actually IS the paranoid and what he is paranoid about. Could it be him being paranoid about not wanting to run after his customers money for a service that already has been provided?

He could just not stress about running after his customers and chalk it up to breakage. Probably not a good use of his time to be chasing after them for a couple of dollars.
rm -rf after 14 days is a bit severe. There is a middle ground where you deny access to the service, but don't delete the data. Note that this is a timeline not set by the customer's "delete if you haven't heard from me by X", but by a billing system set up around unpredictable costings.

Besides, even the truly paranoid don't know when they're going to lose access to emails for two weeks. Sudden hospitalisation? Travelling in an internet poor area, and your hotel that promised access was 'down'? Temporary incarceration for something you never did? Death of a loved one that puts you out of your normal life procedures? Or just fat-fingering a command because you're human, and missing out on the email from an accidental bulk delete (or similar). Perhaps change it to an opt-in for the truly paranoid: "If you're uncontactable for two weeks and our billing system decides you're out, delete my data rather than merely revoke access".

After all, if you're really after a 'dead-man switch', then that should be a feature on it's own, not something to do with billing. "If I haven't logged in for -foo- weeks, delete my data". That's clearly a dead-man switch, not a proxy analogue conducted via "we've consumed what's left on your account". Plus the user could set the number of weeks, rather than just "some unpredictable future time".

What about 28 days? :-)
I feel like so many people consider it to be some sort of moral imperative that every company care deeply about growth and market positioning and enterprise-readiness. What happened to "build the company you want to build and have fun with it"?
(comment deleted)
Wouldn't the best response to Patrick's post be to start a non-Geek brand [a B2B brand] for Tarsnap [under a different name] and sell it that way?
Or (to play devil's advocate) for someone else to start a slick B2B brand that used tarsnap as a backend, and took all the surplus out of the middle...
I'd rather the original creator be talked into a 'premium' B2B brand where he nets the profits. Then again, if refuses, I suppose there is nothing unethical with someone doing that.
I completely agree : But many people (including, possibly the original creator) would feel differently if (a) they chose not to take the advice, and everything remains the same ("I don't need that money"); and (b) someone else took all that surplus instead ("How dare they steal from me!"). Either way, the original creator's bottom-line is the same (probably higher in case (b) due to volume).

Another possibility would be for there to be an 'authorized' premium B2B version - where the original author gets a certain X% ownership, and the slick-marketing type does all the fluff/flashy stuff that adds value for that set of customers.

Well you are free to go ask :)
Wait, I thought you ran rsync.net, right?

Wouldn't that make you one of Colin's most serious competitors? I thought you made most of your money from the enterprise market. The same market Patio is suggesting Colin enter!

It makes me happy that tarsnap exists, just like it makes me happy that things like prgmr.com or FreeBSD exist. The world is a more interesting place.
His advice re: paid articles/guides is basically what DigitalOcean is doing at a larger scale, and with great success.
I'm still reading and just looking at the screenshots and I have to say I very much prefer the Tarsnap design not the cheap template one which doesn't really look very trustworthy to me and is probably more suited for an online pharmacy.
Coudn't agree more. The current design of tarsnap is much better. It shows that tarsnap is serious about technology and security.
For geeks. Not for business people who have to make the decision to pay for it.

Of course, you don't make the change if you don't want to become the B2B mega secure backup business that patrick is pitching. But if you do want to grow into that then you have to re-brand into something a clueless supervisor is going to be able to authorize. That won't happen often with the current design.

If Colin doesn't want to make a big B2B business, which I'm sure we all believe to be true, then you can keep the old design and be happy. But if he wants to have a "real" business, then he should absolutely go with a standard bootstap theme.

edit: four to for. duh

Out of curiosity, what's the biggest P&L you've had responsibility for in your career?
I don't think that's out of curiosity.
It is. I'm curious because I'm interested in someone who has managed a large P&L but nevertheless thinks Tarsnap is the way to go for their org.

I am also curious because I believe most of the comments here on HN amount to not liking this article because it doesn't appeal to them as a customer without regard to what it means for Tarsnap as a business.

So Patrick says in so many words that

"Customers like typical HNers might like Tarsnap the way it is, but Colin should instead market to [such and such businesses] using [lots of specific and actionable advice] because [lots of reasons explained in excruciating detail]".

HNers:

"Oh, I like Tarsnap the way it is."

Doesn't change the fact that his redesign looks identical to the 100 generic free wordpress themes you see on lots of non-technical and spammy sites around the web.

Colin could spend one day and come up with something that didn't look super generic. My idea would be something dark and simple, like this: https://useiconic.com/

Patrick's actual advice was: "Here’s what I’d tell a contract designer hired to re-do the Tarsnap CSS and HTML [...] a visual redesign will probably cost Colin four to low five figures."

Then he supplemented this with: " let’s hypothetically assume it isn’t in the budget. In that case, we go to Themeforest and buy any SaaS template which isn’t totally hideous."

So don't complain that it looks identical to 100 generic free wordpress themes -- that was Patrick's point, and his actual advice was exactly what you call for: spending a day to come up with something.

It's not just HNers, I would say that a lot of people who are involved with designing/building websites will tell you that this is not a great way to redesign the website (It's probably just a quick draft). I don't say the current design is great but it's better than the one he's proposing in my opinion.

And just by looking at his personal site he's probably not the first person to ask for advice on how to design your website. I'm not trying to offend the writer but there's a reason why there are web designers and UX people dedicated to the task.

I realise that this redesign is just a small unimportant part of all these suggestions (and I agree with some of them) but if he puts it out there it's worth giving feedback on.

Yes, but you have to admit it does need a call-to-action link that's actually a button.
It shows that Tarsnap is a very serious open source project, of a vaguely FreeBSD lineage. Since that's not actually what Tarsnap is, the site design is doing him an obvious disservice.
Exactly. The last thing you want is your website to look like a WordPress template when your target audience is the paranoid.
Note that the whole essay retargets tarsnap as a secure backup business. Not paranoid geeks.
I feel the same way. It reminds me a lot of https://www.nearlyfreespeech.net/ where they pretty much say that they are server guys and suck at design. I respect that.

And the redesign in the article looks like someone grabbed a free theme and swopped some text and a image.

Nearlyfreespeech's homepage is infinitely more attractive and professional looking than tarsnap's.

And, no, the redesign in the article looks exactly like someone grabbed a $20 theme and didn't bother to swap in the image.

But patio11's redesign would actually appeal to the executives in suits who make the purchasing decisions, while you HNers would still trust it because it's run by cperciva.
This is the way to do criticism on the internet.
I'm reminded of this post by lionhearted: http://sebastianmarshall.com/the-genius-and-tragedy-of-patri...
For any that don't know better, Patrick has since made a lot more than $60k a year since he started consulting and running Appointment Reminder.
That would be a more apt comparison if this blog post hadn't been part of an ongoing conversation Patrick and I had been having with Colin, not all of which HN is aware of.
> an ongoing conversation Patrick and I had been having with Colin, not all of which HN is aware of

The knowledge that there's missing context, which was provided in some sort of back room inside-baseball hn-elites secret discussion to which I was not a party and will never be granted access, kind of makes me wish the article had never been posted in the first place.

"Here's my article - which you'll never understand, because you weren't there, because you're not cool enough". Great.

Oh FFS, there's enough good info in the article to just think about that, without getting all butt-hurt about in-groups and out-groups.
What patio11 doesn't get, is that part of the reason why HN crowd considers tarsnap "the best backup software" is exactly because Colin Percival is what patio11 calls "bad at business" (and what I would call "motivated not only by money").

BTW, that is the same reason for the backlash over Oculus acquisition: people are upset that it will no longer be run by "bad at business" engineers like John Carmack, but instead by "very good at business" Mark Zuckerberg.

The presumption here is palpable. There do exist factors other than the financial -- whole categories of them -- that people take into account when making value judgments like this.

Maybe some people view the Oculus acquisition through that myopic lens, but many do not, and your generalizations do your point of view no justice while simultaneously misrepresenting many of theirs.

Exactly. What patio11 calls "Geek to Geek" business and suggests Colin move away from. Any new user who sees the suggested standard three tier pricing scheme is going to immediately recognize a traditional business. And there goes the entire g2g market. Which I suppose patio11 doesn't care about given that he's suggesting a move away from that.

But without g2g, Colin is going to be competing in a huge market with a bunch of other players. He's also likely to enjoy his business a whole lot less.

Right, because geeks never buy services from traditional businesses.

Oh, wait.

>>Colin is going to be competing in a huge market with a bunch of other players. He's also likely to enjoy his business a whole lot less.

Also painfully incorrect. When you have a unique selling proposition, it's easy to compete in a huge market with a bunch of other players. It's also enjoyable.

How "painfully" self-centered. It's not about whether you consider it to be enjoyable or easy. It's about what Colin is likely to experience. And given his past reluctance to listen to similar Tarsnap related business advice thrown his way numerous times over the years, one conclusion we can draw is that he fully understands what the options are and he simply doesn't believe he would enjoy the change. There are other possibilities for his lack of change, but I didn't hear you suggest any.
Well, I would not assume to guess what Colin would enjoy, or how he would enjoy it.

However I agree, it does depend on Colin's motivations. If Colin doesn't want more users, and doesn't want more money (for even the same amount of work), then your viewpoint is possibly accurate and has merit.

Other possibilities for his lack of change are clear - we do not always act in our best interests for a garden variety of reasons(negative mindsets, backgrounds, etc etc). This can be very frustrating to our friends, who might have experience and insight into our situation, and want the best for us.

Oculus was never run by anyone who is bad at business.

John Carmack came on relatively late as CTO, not CEO, and Palmer was the owner of some valuable IP, not the one running the business.

HN is wrong about why Tarsnap is the best backup software, and that's partly because Colin is falsely modest about what Tarsnap is. Tarsnap is the best backup software because it is the most technically credible secure backup service on the Internet.

One way you can gauge just how wrong HN is about this point is to compare Tarsnap's business to that of any well-known backup provider, virtually all of which could (presuming, perhaps unfairly, that Colin is rational) buy Tarsnap with pocket change.

Backup is a huge business, and enterprise/business backup is an especially lucrative segment of that business. Colin has the most technically credible offering for that segment. But he captures only a tiny fraction of it, and regularly finds himself on HN explaining to HN people why Tarsnap costs so much given how cheap AWS storage is. Q.E.D.

It’s kind of amazing that some people here believe its modest price to be Tarsnap’s main value proposition.
This sort of misunderstanding is encouraged by using one's limited supply of the customer's time and attention to highlight "picodollars" as opposed to "Considering online backups? You get to choose between a) you can retrieve your backups, b) other people can't retrieve your backups, c) a and b, but only if you won the Putnam."
In the 90's Microsoft could (presuming, perhaps unfairly, that Linus is/was rational) have bought Linux kernel for pocket change.

The community values when money/power is not the only/main driver for people creating technology. And for a good reason, I think. When we ask ourselves "why we can't have nice things", more often than not the answer is that "people in charge" are motivated by making more money, not making better stuff.

Yes, there is some naivete in this mindset. But I think some of that innocence is a good thing. FWIW, I liked patio11 more when he was excitingly writing how he earned $30k on Bingo cards then the new incarnation that is proud of using a shitty ThemeForest template because A/B tests well.

No, they could not have, because the Linux kernel is open source software. But I understand the confusion, because Colin does his level best to market Tarsnap as if that was what it was.

I am unclear on what you think the purpose of a commercial website is, given your objection to the idea of suggestions that make them perform better.

I don't really have any objections, or really any opinion on whether Colin should or should not charge more.

I was just pointing out that it is a good thing that there are smart people who are "bad at business", who are "irrational" as you put it. Many good things we have came from such irrational people (that was the point about Linux parallel) and many ugly things come from people who are only following the bottom line.

While the main post was interesting enough, and has already garnered responses, I'm genuinely amazed that people pay for that level of "cron monitoring".

Looking around I see at least three services ("probyapp.com", "deadmanssnitch.com", and "cronwat.ch" - the latter of which has an expired SSL certificate).

FWIW one of the main reasons I've never used tarsnap is the pricing and the picodollars, it never felt "real" enough, although obviously it is completely transparent.

It's in gigabytes right on the home page conveniently converted. How does $0.25 / GB - month feel less real than....anything else?
(comment deleted)
(comment deleted)
> This page would literally be 1/5th the size of this blog post or less and take less than an hour to write, and would probably double Tarsnap’s sales by itself.

cperciva: Pretty please try this first and measure the effect? Would be super interesting!

The negative reaction to Patrick's design template is so meta.

It completely proves his point the power of "wrong" design.

Everybody forgot all the brilliant things Patrick said because they didn't like the design.

And that's his point!

Send a non-technical guy who's ass is truly on the line to Tarsnap and, sorry, he's going to have a negative "blink" gut reaction.

If you've ever built a SAAS to any scale, you'll know that is true. Sad. But 100% accurate.

Stripe's original UX to me was a better example of where Tarsnap could go (vs. even the current stripe site):

https://web.archive.org/web/20111007130738/https://stripe.co...

Headline, button, 5 relevant "benefits"

Then a link to start, documentation, and get help.

Almost exactly what Patrick illustrates before he loses us with a rushed design.

so what? my impression is that colin is happy with things as they are. why should he change his business, which makes him happy, because someone else thinks it should be different?

the aim of life is to be happy, not to meet someone else's expectations.

I'm intentionally value-agnostic about whatever makes Colin happy in the post. As long as operating businesses suboptimally is not in fact his terminal value, there exists a transition between Tarsnap and Tarsnap' which makes him even happier. Everybody wins, especially Colin, which strikes me as a happy outcome because I like seeing when geeks are suitably rewarded for creating substantial improvements to the world, which Colin has done.

If running Tarsnap as a free public utility is the light he wants to bring to the world, the outlined Tarsnap' is better at that than his Tarsnap is. Charge businesses more, invest in better UX, subsidize non-business users straight to "free." If he wants to lay on a beach sipping iced cocoa, this is more beach and more cocoa. If he wants more time with his family and less time in the inbox, this is a trivial modification away from that. ("Make money, buy your way out of inbox.")

maybe he needs someone else to show him how to be happy.

shrug. in my experience, people telling me how to live my life tend to be a pain in the arse. but maybe i am projecting.

The biggest fault with this is the assumption that the geek market isn't big enough to do serious business in. I wouldn't alienate existing customers by an enterprisey makeover.

Even when it comes to B2B, it is better for a service like this to get into enterprise via their geeks than try to appeal to their suits, because Tarsnap's strengths mean nothing to a suit.

How about serving both geek market and B2B market? As Patrick noted, Tarsnap Basic will still exist for all geeks to pay pico dollars by usage.

I do consulting for hedge funds in NYC. Most of them use an accounting system called 'Advent Geneva'. This particular software solution has a Unix component where the actual accounting data lives. My clients would like to back up this database securely and reliably. Security is extremely important as for a given hedge fund, their trades and positions are extremely sensitive information. Tarsnap is exactly the backup solution these clients would want to use. As a consultant, I don't think I will ever be able to sell Tarsnap in its existing form to these clients. Keeping aside pricing, these clients would want an SLA (and other legal stuff mentioned in the article) for the backup service. These clients are more than willing to pay costs associated with this higher level of service and will benefit tremendously from using Tarsnap.

I do not know any backup solution which is better than Tarsnap and it's unfair that businesses will have to use less-than-ideal technical solutions ONLY BECAUSE Colin doesn't want to adjust 'business side' of his product offering.

Or just sell the same product through two different channels. Call it "Tarsnap" and make it work via a CLI and low-fi Web site for the geeks who appreciate such things, and call it "Super Secure Backup Pro XP" (or whatever name appeals to normals) with a GUI and a lickable Web site for the non-geek population.

Underneath it can all be the same product, just packaged differently depending on who the potential customer is.

(comment deleted)
>Or just sell the same product through two different channels. Call it "Tarsnap" and make it work via a CLI and low-fi Web site for the geeks who appreciate such things, and call it "Super Secure Backup Pro XP" (or whatever name appeals to normals) with a GUI and a lickable Web site for the non-geek population.

See, this is something I have thought a lot about. I can understand the value of the 'enterprise' pricing tiers (and yeah, if I have to do a bunch of paperwork, it's totally fair for me to charge you more.) So I can see where pricing tiers could be a good thing.

However... the bit I'm questioning here is how far you distance your 'enterprise' product from your 'geek' product- Especially if you have a strong 'geek' following already, I would argue that you don't want to start over in the 'enterprise' space. You want to carry over the name. Either, as Patrick suggested, move the 'geek' product to a less-accessible URL and professionalize your primary brand, or build a "tarsnap enterprise business edition" url.

Either way, there is a whole lot of value in a brand valued by nerds. I agree that brand needs to change some (and the product needs to change more) to be marketable to the enterprise, but... the boss basically respects his or her geeks... enough to pay them a lot of money. Sometimes I even find the business folks emulating the geeks when dealing with computers. A MBA where I worked saw how paranoid I was about ESD and asked for one of my wrist straps. He used it while he was typing emails on his mac. The "business edition" of the thing his geeks say is awesome is going to have a lot more pull than just some random new brand.

But how much does "Tarsnap" as a brand buy you in the enterprise space, really? Enterprise buyers won't get what it means -- to them "tar" is sticky black goop, not an archiving format. That by itself is no big deal -- if you spend enough, you can get people to remember anything -- but there's no evidence that Tarsnap has that kind of "brand awareness" among that crowd, is there?

I normally would agree, don't throw away a perfectly good brand if you can avoid it. But if the customer has never heard of your brand, and wouldn't understand it if they did hear of it, that's one of the few cases where coming up with a new one could make sense.

>But if the customer has never heard of your brand,

If they've never heard of the brand, you are right. A good name that your customer hasn't heard is better than a bad name your customer hasn't heard.

But, my belief is that there are a lot of semi-technical "enterprise" or at least "SMB" types on places like hacker news, who likely have heard of tarsnap. And even if not, as I said, management listens to their technical help, often more closely than it seems.

Hell, I've had a few 'enterprise' type companies coming to me, by recommendation of their technical folks. The deal usually falls through because I am not equipped to deal with that sort of thing, but the opportunity was there, because a non-management technical person knew my name. Colin is way closer to being able to support those sorts of customers than I am, and I think he has a much larger technical userbase than I do, too.

>and wouldn't understand it if they did hear of it

I'm a firm believer that how recognized your name is matters a whole lot more than how "good" or "meaningful" your name is. A bad name that your customer has heard before is worth a lot more than a good name that your customer has not heard of.

What does conviva mean? what does akamai mean? Avocent? Cisco? To your average English-speaking monoglot, these are just random strings of letters. Much like 'tarsnap' is a random string of letters to people who aren't crusty sysadmins. The names of companies gain meaning through use.

I'm a little embarrassed that I never got the word play in "tarsnap" until just now...
Super Secure Backup Pro XP -- Built on Tarsnap.
But what you described is a total pain in the buttocks. I think it's unfair to pin that on Colin's "unwillingness to adjust".
The suits have some requirements as well, and it's not "just because" but sometimes because of legal/organizational requirements.

The geeks may love it, but the business needs an invoice. No invoice, no purchase.

Getting an invoice is not that hard. Tell Colin once and you get a automated invoice the first of every month...
"Even when it comes to B2B, it is better for a service like this to get into enterprise via their geeks than try to appeal to their suits, because Tarsnap's strengths mean nothing to a suit."

This is very explicitly talked about in the article.

And as Patrick says there - a "geek" will NOT manage to get most businesses to use Tarsnap. For lack of many features, but also because of the "terrible" design (terrible at convincing businesses to use Tarsnap).

Unless I skimmed over part of the post, tarsnap is still run by crontab on a unix/linux box. So, still pretty geeky. And the idea that "affordable encrypted backup" can't be understood by "a suit" is silly.
Patrick notes in detail that the post is written with Colin's approval. I am not a customer of any of Patrick's services, nor am I a customer of Colin's, although perhaps I should be a customer of both. The most telling part of the post is right here, beginning with a quotation from the Tarsnap FAQ:

" >Q: What happens when my account runs out of money?

" >A: You will be sent an email when your account balance falls below 7 days worth of storage costs warning you that you should probably add more money to your account soon. If your account balance falls below zero, you will lose access to Tarsnap, an email will be sent to inform you of this, and a 7 day countdown will start; if your account balance is still below zero after 7 days, it will be deleted along with the data you have stored.

"Yes folks, Tarsnap — “backups for the truly paranoid” — will in fact rm -rf your backups if you fail to respond to two emails.

"Guess how I found out about this?"

That says it all.

I am a customer of Colin's, though I almost had a very similar scenario happen. Luckily, my understanding of crypto caught it, and Colin is quick to answer emails, so I'm good to go (for the most part...)

Here was my deal: I stupidly told my computer to upgrade libc, and only after apt completely failed and wrecked the machine to the point of `ls` not working did I realize that I had some personal data that wasn't backed up. Of course.

My plan was thus: use an Ubuntu LiveUSB, upload a copy of /home/steve to Tarsnap, then install Ubuntu, and be on my way. As I was compiling Tarsnap, I realized that my mental model of machines on Tarsnap was probably wrong: it's not that I have a Tarsnap account, with access given to a set of keys. It's that each key has its own backup. So what I _almost_ did was upload an encrypted backup of all my stuff, then wipe the drive and the key, never (hopefully!) to see my data again. :(

Even when you're technical and know about this stuff, you can screw it up, because you're still human.

I think that is the point for improving UI and how the service is served. The more geekie you are the less help you need for the easy stuff, but more tragic is the result when you eventually crash.

Just like the best (arguably, maybe I should say boldest) drivers are the ones who get killed on car accidents. When you are too confortable on driving at 80Mph is when you are closest to die. And it is when you need more help, more user-friendly interface, more insurance to keep you safe from your own mistakes.

Keeping all of UI difficult just to please the geekies will actually harm some of them pretty bad eventually.

Also I find interesting how a lot of people is forcing to Colin a very romanticized idea of a "not for the money" entrepreneur that just want to keep things in this raw state. Sounds to me that Patrick is closer to Colin than anyway creating this image of him.

hm, the first think I do when setting up new tarsnap hosts is create the .key file and back-it-up elsewhere. Since it's a text file '1Passwd' locker is good and if I were more paranoid I'd probably had a printed copy of every key. Just like GPG :-)
Yes folks, Tarsnap — “backups for the truly paranoid” — will in fact rm -rf your backups if you fail to respond to two emails.

I don't think that quite says it all, because the other important factor is that you can't properly predict when the underlying conditions that would trigger those e-mails will arise. Patrick seems to have latched onto the use of picodollars as his pet hate there, but of course the real cause is the unpredictable efficiency of compression and deduplication. This problem remains even if you move to tiered dollar pricing for "up to X GB" plans.

I have multiple businesses that are definitely good candidates for using Tarsnap, but sadly that combination of unpredictability and insufficient warning/recovery mechanisms is a deal-breaker for us. No matter how great Tarsnap might be technically, from our point of view it's not offering a reliable backup with its current model, which is a shame for all concerned really. I do hope Colin will consider the various comments on this and look into fixing it.

So, what exactly he should do?! Call you? Keep the data for ever and pay a visit to let you know that something bad is about to happen?!
Yes, he should call you. He should charge you enough money that it's worth his time to do that.

(I had a hosting service that my credit card started bouncing on delete some data a few years ago. I was furious. I'd paid them a bunch of money over the years, and they knew my phone number: if they'd called me after I didn't respond to their emails I'd still be their customer, and I'd still have that data).

For a backup service, I'd be perfectly happy for it to hold on to my encrypted data for a year after I stop paying, then charge me a hefty "recovery" fee (at least how much I should have paid for the time that I wasn't, and quite happily more).

If you run a kennel, and someone is a few days late collecting their dog, do you call them or shoot the dog?

Yes, I know the margins on pico dollar backups don't justify a call. But for a $50 / month plan, it's a lot more feasible.

The comparison is flawed. Would be better to ask what if you leave your dog for 6 months in a dog-hotel and the 7th month you don't show up?

I'm sure your dog will end up dead eventually or nowhere to be found.

That said I get your point. But rolling your own notification solution shouldn't be that much of a problem for technical people or people with deep pockets. Just hire a programmer to write an application that reads picodollars and if the predefined threshold is passed the program makes a phonecall/sends 15 emails/call the local authorities?!.

First of all Epic post from patio11. Lots of great advice that can be used by others.

I think the main thing is that all the things that Patrick is mentioning is overhead that Colin likely doesn't want.

He's running this as a lifestyle business and not a company that wants to make millions. I agree that certain changes can be made that allow better value for users (the auto-payment ability being very important) but all these things add overhead that Colin doesn't seem to want. Each change has a multiplier of time, and extra stress.

Heck, he doesn't want to waste his time on fixing his logo to be sharper.

I find Colin's approach refreshing. It's rare to see someone (especially one so gifted intellectually) be so in tune with what they want out of life. Having freedom to do what he wants, enough money to enjoy life and save for retirement and providing an important contribution to the world is what Tarsnap provides.

I'm sure Colin will make changes to make it more useful but I think it will be in the context of what's the best for the users and not what's the best for his pocket.

The article seems to derive its consequences from the unwritten assumption that the goal of tarsnap is to earn as much money as possible, or to attract as many customers as possible, or at least to attract those users who would benefit from tarsnap.

Maybe this isn't cperciva's goal? Maybe he is just running the service as he wants it to be?

Maybe we as geeks would be even better served if Colin was taking the money he's currently leaving on the table from business that aren't us geeks directly, but we have technical input in? Because currently he's missing out on those customers, and I know for a fact (I tried) that where I work would use tarsnap if Colin implemented what was shown here, they'd give him $500 a month, and us geeks continue using it with pico dollars (that doesn't go away!) and Colin gets more money and time to improve the service.

Seems good to me.

> Unlimited storage, up to 500 GB of media

> ...

> Unlimited storage, up to 1 TB of media

No. That's not unlimited.

I stumbled over that initially too, but the subsequent paragraphs explain: unlimited storage of data except for media files, and limited storage for media files, trusting the user to be honest about it. The intent is to focus on storing things other than photos / videos / music.
Oh thanks, now I finally understand that too. Had the same thought as you and the post you're replying to.
If Tarsnap added recurring billing and (much) better documentation with examples, I think Colin would do just fine. He doesn't need to rethink his marketing, there's enough geeks to keep him fed.
Lacking good counter-arguments to the article, I'll just vote with my wallet and sign up for the current tarsnap today. To be fair, I had been contemplating it for a while, but this just pushed me over the edge. I feel manipulated. :D
I'll follow you, although I actually deposited money like half a year ago but have yet to start testing it :P
I agree with most everything he says except, I really love "Online backups for the truly paranoid." It resonates with me on a primal level and professionals want security that is above and beyond utterly reliable.
Someone mentioned charging a 1000% markup for a flashy marketing site, but couldn't it be more like a heroku/aws type deal?

Use tarsnap as the backend, but add a more user friendly interface to it. And be up front about it, don't pretend you're doing something you're not. Colin could keep doing what he likes, and basically someone else will be handling the marketing side of things, and interface development, customer support etc...

Is there some reason that a guy who made a bingo card creator has any real authority here? That probably sounds harsh, but I don't really understand why he feels he is in a position to criticize a very good product.
This sort of comment really annoys me.

First of all, the post is full of constructive, actionable advice. Does the advice seem good? Then that's all that matters! The post stands by itself even without knowing who patio11 is.

Personal attacks like this literally add nothing while at the same time actively stifling future discussions. You should never have a personal attack unless there is a very good, concrete reason for it to be relevant and you're still polite about it. Anything else is simply both rude and unconstructive.

Second of all, he's somebody who both has a successful business in a vaguely similar niche and used to be a successful consultant optimizing others businesses. That is, he was a professional doing exactly this sort of criticism! And people were paying him for it. Because it's extremely useful.

Nothing about my post is a personal attack.

I legitimately have no idea what business he has talking about tarsnap this way. I clicked his "about" link and it said he made bingo card creator software.

He has a ton of HN karma, so I expected downvotes, but I'm still puzzled as to why he would make this post.

You're saying he's had success in something similar to online backups? What was it?

That is exactly the point. Judge on his words, not on who he is.

FWIW, he is probably the most well-known CRO expert there has ever been. He has exactly the authority needed to write this post.

[edit: "CRO expert" is too strong, as noted below. I was thinking something "SaaSy". Basically, in this community, he is the expert in some forms of SaaS marketing/pricing.]

Just FYI for everybody here who might have a budding consultancy inside of them and is wondering if there still exists demand for it (YES!), there exist quite a few people who do CRO who a) are much better at it than I am, b) do quite well for themselves, and c) have, quite reasonably, never even heard my name.

If we add a lot of constrains like "Software! No wait, B2B software! For geeks!", for each constraint you add the pool of talent gets rather sharply smaller and my confidence that there exist lots of better options than me accordingly decreases.

This is also how Ph.D.s work.
One of his other businesses sells an 'appointment reminder' service to businesses. It's wildly successful.

One could argue that perhaps that gives him some insight into the B2B sales process, which is a large content of the article.

I'm nobody in particular. Nobody ever anointed me the designated software sales and marketing consultant. I sort of fell backwards into consulting after the bingo card thing. My shtick was mostly "I make software companies money by applying engineering tactics to marketing goals."

I do not have a page specifically bragging about that partly because I hate bragging, partly because I hung up my consulting spurs last year, and partly because c.f. XKCD 125. Some of my clients are fairly well-known. Some of them are pretty technical. You have no particular reason to trust this representation, but "I've been involved in engagements which resulted in millions of dollars of improvement to businesses selling things approximately as technical as backup software" is a true statement.

Why I made this post? I wanted to help Colin out, I really enjoy making and selling software, and oh my goodness does that picodollar thing do it for me. Seriously, I have known my wife for less time than I have known the Tarsnap pricing strategy. Every year, like clockwork, it causes me to erupt volcanically. It is my Moby Dick. I will hunt it forever until it dies.

It doesn't seem like you spent even an ounce of energy trying to understand who patio is and why the post might resonate with the HN audience. Downvoting warranted.
Interesting article. I'd actually not heard of Tarsnap before, one question (to those who use it), why would a geek use it over:

  tar -cf - / --exclude='/proc/*' --exclude='/dev/*' [..] | \
      xz -z | \
      openssl enc -aes-256-cbc -e -salt | \
      > /mnt/your/networked/google/drive/backup.$(hostname -a).$(date "+%Y%m%d-%H%M%S").aes.tar.xz
I spent a while going through https://www.tarsnap.com/ and I didn't find any flexibility tarsnap offers over it. To make it work unattended, it's trivial to generate a unique key per backup for openssl (use a tmpfs) and then gpg encrypt the key and email it to sys admins or whatever mailing list before killing the tmpfs.

I could understand the appeal to less tech savvy users if there were a gui, or it featured cross platform support beyond those supported by tar, <insert compression tool>, openssl/aespipe/gpg/<insert encryption tool>, or the storage was super cheap.

So what's the value proposition here?

Data deduplication, incremental backups.
Heh apologies, my fault for trying to be clever, the mechanism I actually use is incremental and deduplicated. I substituted it for tar to simplify.

I actually use ZFS (filesystem), so my backup flow is closer to:

  TSTAMP="backup-$(date "+%Y%m%d-%H%M%S")"
  zfs snapshot -r $TSTAMP
  zfs send $TSTAMP | \
      xz -z | \
      openssl enc -aes-256-cbc -e -salt | \
      > /mnt/your/networked/google/drive/backup.$(hostname -a).$TSTAMP.aes.tar.xz
The underyling ZFS filesystem is deduplicated at filesystem level, and snapshots are incremental. THere're a few other minor differences (the dest is another ZFS host which syncs to Google drive, and I nuke the local snapshot after send because RAID 1+0 space is more expensive than RAID1 .. )
To answer my own question: deduplication :)

I had not considered multiple backup sources, mine is deduplicated per host, am I to understand tarsnap is deduplicated across all hosts sharing a set of keys?

I think that's the case.

Note: https://github.com/bup/bup does that too (though it does not encrypt), and http://liw.fi/obnam/ does too (and it does encrypt).

What tarsnap gives you that obnam doesn't is (a) managed cloud storage, (b) tarsnap's history and reputation, and (c) Colin's personal reputation. That's a lot, and it costs money above the S3 storage costs (which you could point obnam at).

Also, easier restore and snapshot deletion.

Consider how you would restore using incremental ZFS snapshots. You'd have to pull all the snaphots, unpack the base snapshot and then sequentially unpack each incremental snapshot.

In tarsnap, the server will compute the 'snapshot' you want for you, and will only send you the data blocks that belong to that snapshot.

In tarsnap, you can also delete any snapshot you want, and only blocks belonging exclusively to that snapshot will be deleted. In your system, deleting a snapshot means you lose all snapshots from that one until the next full snapshot.

Also, in ZFS you're limited to backing up complete datasets, but with tarsnap you can backup any set of files you want.

I would like to do something similar with BTRFS.

How are your snapshots incremental? In BTRFS you would need to specify a base snapshot.

What is the restore process? You init a zfs file systems and then zfs receive the backups in chronological order? How are the dependencies between snapshots managed?

The 'zfs send' command will send an incremental snapshot if you specify '-i snap1 snap2'.

To restore, of course, you'll have to have snap1, and then you can apply the increment.

That's what I thought. I wanted to know if the OP had some way to manage the dependencies between snapshots.
(comment deleted)
HEAD-DESK.

Deduplication and incremental backups are table-stakes for backup software.

The reason a business would use Tarsnap rather than some other backup service is the level of confidence that Colin can provide that Tarsnap will reliably protect their data from attackers, including compelled insiders at Tarsnap.

In other words, Tarsnap can offer an enterprise an offsite backup service that is demonstrably as safe as backup data that the enterprise retains direct custody of.

That is not an offering other backup providers can reliably duplicate.

That's right, I was just answering the parent what advantages Tarsnap it has compared to a OSS, bash-pipe-made, tar+encrypt solution.
Security remains the most important difference between those two options.
I assume you refer to all the seemingly nitty problems with the pipeline above (from what I can see, there is no way to verify that the archive wasn't tampered with).

Would you say the same about a solution that signs and encrypts the archive with gpg (signs with a machine's key and encrypts it to the owner's key). If so, can you elaborate on some examples of security problems that solution could have?

Are you asking if I could design you a secure backup system?

I could, and it might asymptotically approach the quality of Colin's.

I don't think you're comfortable with the amount of money I'd charge for that service.

You're better off paying Colin cost-plus for AWS storage, since that's all he seems to want to charge. :)

Not sure if you are deduping there.

He uses scrypt, not openssl/aes-256-cbc.

A few differences.

scrypt is a key derivation function, not an encryption algorithm. Tarsnap still uses AES-256 CTR mode for encryption.
See my response to tomp - it is deduplicated.

Colin may be a crypto genius and his code extensively reviewed, but I'd wager more eyes have been cast over the openssl codebase than tarsnap.

(comment deleted)
(comment deleted)
Deduplication. And like any other SaaS or cloud model, not hosting it yourself.
The example I cited uses Google drive
No (geek) love for Duplicity around here?

When I moved away from being a Mac only to a Mac & Debian user a while back and consequently looked around for a non platform dependent backup strategy (to replace JungleDisc), I did almost opt for Tarsnap but was ultimately put off by these two show-stoppers:

1: The data is stored on Colin's servers, not mine.

2: Seriously. What does happen if Colin walks under a bus?

In the end I went for Duplicity backing up to my own Amazon S3 storage. No harder than Tarsnap to set up –if you interface with it via Duply, storage costs are miniscule and a corporation the size of Amazon wouldn't fit under a bus!

http://duply.net/

(comment deleted)