←back to thread

What I Would Do If I Ran Tarsnap

(www.kalzumeus.com)
801 points tnorthcutt | 4 comments | 03 Apr 14 16:33 UTC | HN request time: 0s | source
Show context
Nanzikambe ◴[03 Apr 14 18:06 UTC] No.7524756[source]
Interesting article. I'd actually not heard of Tarsnap before, one question (to those who use it), why would a geek use it over:

  tar -cf - / --exclude='/proc/*' --exclude='/dev/*' [..] | \
      xz -z | \
      openssl enc -aes-256-cbc -e -salt | \
      > /mnt/your/networked/google/drive/backup.$(hostname -a).$(date "+%Y%m%d-%H%M%S").aes.tar.xz
I spent a while going through https://www.tarsnap.com/ and I didn't find any flexibility tarsnap offers over it. To make it work unattended, it's trivial to generate a unique key per backup for openssl (use a tmpfs) and then gpg encrypt the key and email it to sys admins or whatever mailing list before killing the tmpfs.

I could understand the appeal to less tech savvy users if there were a gui, or it featured cross platform support beyond those supported by tar, <insert compression tool>, openssl/aespipe/gpg/<insert encryption tool>, or the storage was super cheap.

So what's the value proposition here?

replies(5): >>7524774 #>>7524790 #>>7524804 #>>7524909 #>>7525099 #
tomp ◴[03 Apr 14 18:09 UTC] No.7524774[source]
Data deduplication, incremental backups.
replies(3): >>7524873 #>>7525132 #>>7525307 #
tptacek ◴[03 Apr 14 19:14 UTC] No.7525307[source]
HEAD-DESK.

Deduplication and incremental backups are table-stakes for backup software.

The reason a business would use Tarsnap rather than some other backup service is the level of confidence that Colin can provide that Tarsnap will reliably protect their data from attackers, including compelled insiders at Tarsnap.

In other words, Tarsnap can offer an enterprise an offsite backup service that is demonstrably as safe as backup data that the enterprise retains direct custody of.

That is not an offering other backup providers can reliably duplicate.

replies(1): >>7525642 #
1. tomp ◴[03 Apr 14 19:34 UTC] No.7525642[source]
That's right, I was just answering the parent what advantages Tarsnap it has compared to a OSS, bash-pipe-made, tar+encrypt solution.
replies(1): >>7525740 #
2. tptacek ◴[03 Apr 14 19:42 UTC] No.7525740[source]
Security remains the most important difference between those two options.
replies(1): >>7526231 #
3. robryk ◴[03 Apr 14 20:20 UTC] No.7526231[source]
I assume you refer to all the seemingly nitty problems with the pipeline above (from what I can see, there is no way to verify that the archive wasn't tampered with).

Would you say the same about a solution that signs and encrypts the archive with gpg (signs with a machine's key and encrypts it to the owner's key). If so, can you elaborate on some examples of security problems that solution could have?

replies(1): >>7526274 #
4. tptacek ◴[03 Apr 14 20:24 UTC] No.7526274{3}[source]
Are you asking if I could design you a secure backup system?

I could, and it might asymptotically approach the quality of Colin's.

I don't think you're comfortable with the amount of money I'd charge for that service.

You're better off paying Colin cost-plus for AWS storage, since that's all he seems to want to charge. :)