←back to thread

What I Would Do If I Ran Tarsnap

(www.kalzumeus.com)
801 points tnorthcutt | 9 comments | 03 Apr 14 16:33 UTC | HN request time: 0.879s | source | bottom
1. tokenadult ◴[03 Apr 14 17:33 UTC] No.7524497[source]
Patrick notes in detail that the post is written with Colin's approval. I am not a customer of any of Patrick's services, nor am I a customer of Colin's, although perhaps I should be a customer of both. The most telling part of the post is right here, beginning with a quotation from the Tarsnap FAQ:

" >Q: What happens when my account runs out of money?

" >A: You will be sent an email when your account balance falls below 7 days worth of storage costs warning you that you should probably add more money to your account soon. If your account balance falls below zero, you will lose access to Tarsnap, an email will be sent to inform you of this, and a 7 day countdown will start; if your account balance is still below zero after 7 days, it will be deleted along with the data you have stored.

"Yes folks, Tarsnap — “backups for the truly paranoid” — will in fact rm -rf your backups if you fail to respond to two emails.

"Guess how I found out about this?"

That says it all.

replies(3): >>7524587 #>>7526074 #>>7528065 #
2. steveklabnik ◴[03 Apr 14 17:43 UTC] No.7524587[source]
I am a customer of Colin's, though I almost had a very similar scenario happen. Luckily, my understanding of crypto caught it, and Colin is quick to answer emails, so I'm good to go (for the most part...)

Here was my deal: I stupidly told my computer to upgrade libc, and only after apt completely failed and wrecked the machine to the point of `ls` not working did I realize that I had some personal data that wasn't backed up. Of course.

My plan was thus: use an Ubuntu LiveUSB, upload a copy of /home/steve to Tarsnap, then install Ubuntu, and be on my way. As I was compiling Tarsnap, I realized that my mental model of machines on Tarsnap was probably wrong: it's not that I have a Tarsnap account, with access given to a set of keys. It's that each key has its own backup. So what I _almost_ did was upload an encrypted backup of all my stuff, then wipe the drive and the key, never (hopefully!) to see my data again. :(

Even when you're technical and know about this stuff, you can screw it up, because you're still human.

replies(2): >>7524695 #>>7528093 #
3. soneca ◴[03 Apr 14 18:00 UTC] No.7524695[source]
I think that is the point for improving UI and how the service is served. The more geekie you are the less help you need for the easy stuff, but more tragic is the result when you eventually crash.

Just like the best (arguably, maybe I should say boldest) drivers are the ones who get killed on car accidents. When you are too confortable on driving at 80Mph is when you are closest to die. And it is when you need more help, more user-friendly interface, more insurance to keep you safe from your own mistakes.

Keeping all of UI difficult just to please the geekies will actually harm some of them pretty bad eventually.

Also I find interesting how a lot of people is forcing to Colin a very romanticized idea of a "not for the money" entrepreneur that just want to keep things in this raw state. Sounds to me that Patrick is closer to Colin than anyway creating this image of him.

4. Silhouette ◴[03 Apr 14 20:07 UTC] No.7526074[source]
Yes folks, Tarsnap — “backups for the truly paranoid” — will in fact rm -rf your backups if you fail to respond to two emails.

I don't think that quite says it all, because the other important factor is that you can't properly predict when the underlying conditions that would trigger those e-mails will arise. Patrick seems to have latched onto the use of picodollars as his pet hate there, but of course the real cause is the unpredictable efficiency of compression and deduplication. This problem remains even if you move to tiered dollar pricing for "up to X GB" plans.

I have multiple businesses that are definitely good candidates for using Tarsnap, but sadly that combination of unpredictability and insufficient warning/recovery mechanisms is a deal-breaker for us. No matter how great Tarsnap might be technically, from our point of view it's not offering a reliable backup with its current model, which is a shame for all concerned really. I do hope Colin will consider the various comments on this and look into fixing it.

5. atmosx ◴[03 Apr 14 23:55 UTC] No.7528065[source]
So, what exactly he should do?! Call you? Keep the data for ever and pay a visit to let you know that something bad is about to happen?!
replies(2): >>7528471 #>>7528793 #
6. atmosx ◴[03 Apr 14 23:58 UTC] No.7528093[source]
hm, the first think I do when setting up new tarsnap hosts is create the .key file and back-it-up elsewhere. Since it's a text file '1Passwd' locker is good and if I were more paranoid I'd probably had a printed copy of every key. Just like GPG :-)
7. simonw ◴[04 Apr 14 01:18 UTC] No.7528471[source]
Yes, he should call you. He should charge you enough money that it's worth his time to do that.

(I had a hosting service that my credit card started bouncing on delete some data a few years ago. I was furious. I'd paid them a bunch of money over the years, and they knew my phone number: if they'd called me after I didn't respond to their emails I'd still be their customer, and I'd still have that data).

For a backup service, I'd be perfectly happy for it to hold on to my encrypted data for a year after I stop paying, then charge me a hefty "recovery" fee (at least how much I should have paid for the time that I wasn't, and quite happily more).

8. wisty ◴[04 Apr 14 02:32 UTC] No.7528793[source]
If you run a kennel, and someone is a few days late collecting their dog, do you call them or shoot the dog?

Yes, I know the margins on pico dollar backups don't justify a call. But for a $50 / month plan, it's a lot more feasible.

replies(1): >>7530431 #
9. atmosx ◴[04 Apr 14 10:46 UTC] No.7530431{3}[source]
The comparison is flawed. Would be better to ask what if you leave your dog for 6 months in a dog-hotel and the 7th month you don't show up?

I'm sure your dog will end up dead eventually or nowhere to be found.

That said I get your point. But rolling your own notification solution shouldn't be that much of a problem for technical people or people with deep pockets. Just hire a programmer to write an application that reads picodollars and if the predefined threshold is passed the program makes a phonecall/sends 15 emails/call the local authorities?!.