Need File Backup system

The simplest solution is, indeed, scheduled backups with media air-gapped after backup. Tedious, and you actually have to do it regularly; but external HDDs are cheap and nothing can scribble on a volume that isn’t even connected, much less mounted.

The lazier-but-not-as-safe approach would be to keep the backup storage(whether direct or network attached) connected at all times; but ensure that your account isn’t allowed access to it; and only root/administrator and the account that the backup program will be running in can touch it.

This is useless against ransomware that is coupled with a privilege escalation(either vulnerability or social engineering); but the whole point of ransomware is to exploit the fact that the files people care about are also the files that they own, so much(but not all) ransomware doesn’t actually try to break out of your security context and just hits everything it can reach within it. Any such non-escalated malware won’t be able to access the backup volumes, since you aren’t able to access the backup volume as ‘you’.

If you feel like going old school and exotic, Plan 9 had some pretty neat filesystems for back purposes(and, since you can use them either in a VM or via Plan 9 from userspace, this might actually be relevant even though Plan9 isn’t, alas): the ‘Fossil’ filesystem has nice built-in support for taking snapshots; and the ‘Venti’ filesystem is WORM, so the two are typically used together with snapshots from Fossil periodically being archived to Venti. Because it really doesn’t do delete/rewrite, you can run Venti on actual WORM media(which mostly means painfully expensive tape drives with firmware that enforces the write-once restrictions); but it also works on normal HDDs; and can only be overwritten by escalating privilege enough to scribble directly on the block device or nuke the entire volume.

If you aren’t going to go with the simple-but-manual option; it’d probably be a good idea not to rely on direct attached storage. Fileservers are hardly invulnerable(and any competent ransomware will enthusiastically trash any network volumes you have access to); but having the separate OS, which doesn’t routinely interact with the internet and handle all the activities that tend to lead to infection, makes it more likely that OS-enforced privilege separation will be maintained, even if your primary computer is rooted. Direct attached storage, of course, is always at the mercy of your computer, so it will be vulnerable if something unpleasant breaks out of a limited user context.

(edit: if you are of even the mildly tinkering-y persuasion, the fact that most direct-attached storage is USB and designed to be safely removable(Windows has disabled write caching for external media by default since either XP or 2000, I’m not sure which OSX versions and Linux distributions do or don’t do it by default; but it’s a good idea there as well), it would be relatively easy and safe to get all clever and modify one of the USB hubs with per-port switches, like this one no specific endorsement just an example to allow the widget of your choice; arduino, rPi, anything with GPIO, bring USB-attached disks on and offline on schedule for you, without any manual plugging and unplugging. That definitely falls into “because I can” territory; and may not be worth the effort; but it is an option. You could do the same if the HDDs you are using have power switches of their own, as most 3.5in drives do.)

Not just lying around. I actually don’t use either of those services.

[quote=“wrecksdart, post:18, topic:77041, full:true”]
although I’ve been toying with the idea of finally paying CP as a full-user.[/quote]
Every so often their family plan goes on sale for very cheap, but the window of opportunity is very short.

I use a thing called Webroot for my antivirus, and it has an integrated backup system which is free for 25GB, I use it as a third backup on critical directories (it adds no CPU/memory load to my system beyond the AV itself, which is very light usually under 5MB), but the system is a little flaky so I don’t count on it.

I used to always have a linux virtual machine running, and I did backup of the windows system using that to another linux box on the network, this pretty much eliminated any danger from Windows ransomware to the backup, but I no longer use Linux enough to justify the VirtualBox load.

I understand. Thanks. Can you suggest alternative services? I’d happily migrate today to a provider that prioritized open or free licensing. I don’t mind a learning curve either as long as there’s a community involved.

My professional work requires 24-hour word processing, file, task and event sharing, email, text and voice messaging. I use an Emperor Linux modifed Lenovo Thinkpad T450s which also dual boots Windows 7 for recalcitrant proprietors.

After years of working at it, I’m able to practice law without booting regularly into Windows. It may not sound like much to the coders in our crowd. For legal professionals with stringent document formatting requirements, it’s noteworthy to emancipate from Windows.

For my current, mostly non-legal project, my colleagues and I use a nonprofit Google Apps license for email, calendar and document sharing. I don’t have the skill set yet to migrate the shared part of the work (e.g. a complex federal grant application, conference planning, etc.) into a more open, shared service.

backuppc running on my “kitchen server” - once configured it’s automagically backupping my laptops once a day. for off-site storage a couple of external drives, every few days I rsync the home folders and all the time one of the disks sits on my desk at work.

It’s been awhile since I’ve had to mount anything in Linux but it’s not difficult to set a mount to disable write caching. At least no more difficult than manually mounting in the first place so YMMV.

Looks … annoying on Mac OS X.

I know that Apple hates ‘disk utility’ almost as much as they hate finder; but that’s honestly a trifle surprising. Not caching writes on removable devices is just such an obvious safety feature, and yet it’s only doable under OSX because they’ve merely hidden the BSD stuff, not actually eliminated it? Good thing it’s ready for the desktop, or I’d have my doubts.

The BSD stuff is mostly not that hidden. Hidden enough that if you’re never tempted to open terminal or install open source apps, you’ll never notice it. (I wrote a bit more but decided it was too far adrift of the topic.)

I wish I could be more helpful in that department, but I really don’t use consumer cloud services for anything. That’s not to say anything against them. I just have my own infrastructure and choose to manage it myself. I’m sure there are others on here that would have suggestions though if you opened it up as a general question.

Speaking to ditching Windows, my last job required me to access a lot of government websites. Most of them were designed as if Internet Explorer was the only browser on the planet. I kept a Windows VM that I used for little more than accessing those sites and running VSphere client.

My backup system backs up my documents and some code repositories to a NAS with RAID, and I do offsite backups by transferring media physically. My requirements for backup are a bit different.

You have skills I don’t. If I could, I’d configure a community shared LAMP server to pilot a local project, like a farmers market for an economically distressed community with an after school tech class to teach kids how to use the server to run communuty projects.

That’s not happening tomorrow. (The server part isn’t.) For now, I make backups on external storage devices, stored offsite. For Google, I wait and hope because I’m not going to compound my dependency on that system, and I don’t have good alternatives yet.

I totally 100% agree, but also offer the compromise that I use: I bought a 90 lbs, fireproof/waterproof safe which sits in the basement and only holds non-valuable-to-others stuff like papers and the extra external backup hard drive.

All too complicated… I just send a FOIA request to the NSA any time that my data gets corrupted/deleted.

I tried that but the data came back redacted.

only wimps use tape backup: _real_ men just upload their important stuff on ftp, and let the rest of the world mirror it

(Linus Torvalds)

I just realize that I overlooked a potentially viable option sufficiently obvious that I’m baffled as to why I forgot it in the first place:

After a period of being effectively useless for backups because of advances in HDD size that they couldn’t match, optical media are somewhat viable again.

This is totally non-viable if you are talking a really substantial chunk of storage; but blu-ray burners are at the $50-60 mark now; and 25GB BD-R disks are pretty cheap in spindles of 50.

Simply too tedious if you are dealing with a large amount of data, HDDs are much denser; but far cheaper than LTO(even used-and-probably-untrustworthy fleabay pulls); and intrinsically write-once. If your files are precious but not actually all that huge, definitely worth considering. If they are that huge, almost certainly not worth the bother until you get to the scale where a robotic disk silo becomes an option.

I actually kind of have to recommend against blu-ray or other optical media. They are comparatively inexpensive but in real world conditions they tend to have relatively short shelf life.

If you are going to use them, keep them out of sunlight. Can’t tell you how many I’ve destroyed just from keeping them in room that got sun at all ever.

That is definitely true. Allegedly BD-Rs are supposed to be more durable than CD and DVD-Rs(scratch resistance is mandated in the spec, dye/phase change material permanence is a…marketing matter…); but if you are going optical you’ll want storage in (reasonably) controlled conditions; and duplicates, ideally in different locations.

Their only real edge, in reliability terms, is that their tiny per-unit cost provides a much lower barrier to having multiple redundant copies(sure, HDDs are better per GB; but have held quite steady at the “a hard drive always costs at least $40” mark for some time now. The size of that $40 HDD has improved substantially, time was when it was a 20-40GB unit, now it’s a 320 or a 500GB; but the price of adding a redundant HDD or storing a backup in a different location is largely fixed, though cost/GB is superb in the larger sizes); and both their cheapness and their WORM status makes writing them and filing them away in cold storage very practical; unlike hard drives, where the per unit cost usually causes you to frequently handle and reuse backup disks, a practice that both reduces their life expectancy(dropping a backup HDD while inserting it for a restore is soul crushing. Never do it.) and makes storing them offsite annoying.

Flash drives have superior per-unit costs compared to HDDs; but cost/GB can get unpleasant; and NAND has troubling data retention issues of its own to contend with, so that isn’t as safe as the lack of moving parts would suggest.

Your point about keeping them out of the sun is certainly valid, though. Even the really fancy ‘archival’ disks will die horribly if they get a bit overheated(though, for artistic effect, ‘slumping’ a disk over a form produces a really cool shiny plastic structure and some probably-endocrine-disrupting fumes, so do it outside); and el-cheapo disks may die just because they feel like it(or because some of my badass colleagues just feel like it.)

If properly stored, the better grade of BD-Rs are allegedly fairly durable(RW less so, since the medium has to be easy to state-change back in order to rewrite, so there’s more risk of backsliding over time); but improper storage can kill even good disks within months(hours to minutes if thermal deformation kicks in); and not all disks are good.

This topic was automatically closed after 302 days. New replies are no longer allowed.