undefined | Better HN

0 pointsstigz2y ago0 comments

The service is a layer on top of S3 if that helps answer things.

https://www.tarsnap.com/faq.html#is-tarsnap-reliable

0 comments

Then the obvious question is "why would I use this instead of something else over S3" (ex. rclone), to which I think the answer is ease of use (don't need to deal with AWS yourself, encryption/deduplication/compression handled for you, nice interface), which isn't everything to everyone but is certainly useful.

alanfranz2y ago

You need a remote service that keeps backup readonly. You’re not covering attack scenarios if you just use raw object storage from your client machine.

I have written about this some time ago if you’re interested: https://www.franzoni.eu/ransomware-resistant-backups/

yjftsjthsd-h2y ago

I'd classify that under "ease of use" - you can do it with S3 yourself (your post is a pretty good explanation of the how, from a quick skim), or you can just use tarsnap and not worry about it.

alanfranz2y ago

You can see from my post that doing that _properly_ is quite convoluted and requires a good deal of technical skills.

So it's not just ease of use. It's actual _functionality_ to me - getting from raw object storage to a fully working, attack-resistant backup strategy, is not trivial; hence, comparing tarsnap (or rsync.net, or borgbase, or whatever) to B2 or S3 makes little to no sense.

You _could_ compare it to crashplan or backblaze personal backup if you like, but IIRC those don't work for *nix systems, only for Win and Mac.

ilyt2y ago

How tarsnap keeps backups readonly ? Just having service being a barrier is not enough

catiopatio2y ago

It supports distinct authentication keys with read, write, and/or delete permissions for the same data protected by a given encryption key.

Those restrictions are enforced by the service.

1 more reply

mekster2y ago

Learning to use some backup tool that does same things sounds way better than paying 10 times more for the storage cost that lasts.

There's also a service like rsync.net where you can just rsync to the destination and they do the versioning and so on for less than 10th of the cost of tarsnap.

yjftsjthsd-h2y ago

Eh, cost/benefit; some people are backing up 100MB of documents and don't care, some people are backing up terabytes of media and have the time.

RockRobotRock2y ago

Thank you.

j / k navigate · click thread line to collapse

0 comments

yjftsjthsd-h2y ago

alanfranz2y ago

You need a remote service that keeps backup readonly. You’re not covering attack scenarios if you just use raw object storage from your client machine.

I have written about this some time ago if you’re interested: https://www.franzoni.eu/ransomware-resistant-backups/

yjftsjthsd-h2y ago

I'd classify that under "ease of use" - you can do it with S3 yourself (your post is a pretty good explanation of the how, from a quick skim), or you can just use tarsnap and not worry about it.

alanfranz2y ago

You can see from my post that doing that _properly_ is quite convoluted and requires a good deal of technical skills.

You _could_ compare it to crashplan or backblaze personal backup if you like, but IIRC those don't work for *nix systems, only for Win and Mac.

ilyt2y ago

How tarsnap keeps backups readonly ? Just having service being a barrier is not enough

catiopatio2y ago

It supports distinct authentication keys with read, write, and/or delete permissions for the same data protected by a given encryption key.

Those restrictions are enforced by the service.

1 more reply

mekster2y ago

Learning to use some backup tool that does same things sounds way better than paying 10 times more for the storage cost that lasts.

There's also a service like rsync.net where you can just rsync to the destination and they do the versioning and so on for less than 10th of the cost of tarsnap.

yjftsjthsd-h2y ago

Eh, cost/benefit; some people are backing up 100MB of documents and don't care, some people are backing up terabytes of media and have the time.

RockRobotRock2y ago

Thank you.

j / k navigate · click thread line to collapse