Backups
Version control for horrible data
January 3, 2015 — January 5, 2022
Backups. Because SSDs do not last forever.
Listing demonstrably encrypted backup systems only, because I am not crazy. In practice I do place much emphasis on backups these days; Almost all my media is stored in a replicated swarm via file synchronisation. My code is not only stored but versioned in git.
There is still a role for backups, in restoring old versions of things that are not stored in git, and backing up OS-specific config data.
1 Auditioning
- Amanda - Open Source Network Backup for Linux, Windows, UNIX and OS X.
- Attic - Deduplicating backup program written in Python.
- Bacula - Manage backups, recovery, and verification of computer data across a network of computers of different kinds.
- BorgBackup - Significantly improved fork of Attic.
- duply - Easily create GPG encrypted, compressed backups of any data almost anywhere.
- mysqldump-secure - Secure mysqldump script with encryption, compression, logging, blacklisting and Nagios monitoring integration.
- Restic - Fast, secure, efficient backup program.
2 Restic
Windows, macOS, Linux.
*Choose this if… You don’t have a compelling reason to choose something else, and don’t mind a some effort in setting up the software.
Took me a while to decide Restic
was a contender because its marketing is limp. However a helpful ycombinator post explains some upsides and points out how simple it is. It looks to be a sharp and simple tool. I like those. It’s also easy to install and minimal, which refreshes me.
3 Tarsnap
*Choose this if… You want to spend no effort at all on setup, but would still like a reputably paranoid service at a competitive price.
Linux, macOS, BSD etc. tarsnap
is another unixy one. The client source code is public (although not open) but not the server code. Comes with a server for USD0.25/GB/month:
Tarsnap is a secure, efficient online backup service…
Tarsnap runs on UNIX-like operating systems (BSD, Linux, macOS X, Cygwin, etc)
NB all its data is stored in the USA, which is … probably ok security wise, if you trust their encryption design and server implementation and such? But also it means you can’t reduce bandwidth costs by using a local server and possibly exposes you to the wacky US legal system shutting you down if they decide to suddenly classify something you are doing as fishy.
4 Duplicity
*Choose this if… You want a simple no-frills backup system for macos or linux. This is the default backup system of Ubuntu and you might find yourself using it per default.
Duplicity
backs directories by producing encrypted tar-format volumes and uploading them to a remote or local file server. Because duplicity uses librsync, the incremental archives are space efficient and only record the parts of files that have changed since the last backup. Because duplicity uses GnuPG to encrypt and/or sign these archives, they will be safe from spying and/or modification by the server.
It comes with a friendly front-end called Déjà Dup. For advanced usage, try you want to use duplicity raw. There are many howtos for which are less opaque than the manual, e.g. by Daniel Hynk.
5 duplicati
Choose this if… You want paranoid backup that also works on Windows natively, possibly at the cost of being tedious on other platforms. Windows, macOS, Linux.
Duplicati
works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon Cloud Drive / S3, Google Drive, box.com, Mega, hubiC and many others.Features:
- Backup files and folders with strong AES-256 encryption. Save space with incremental backups and data deduplication.
- Run backups on any machine through the web-based interface or via command line interface.
- Duplicati has a built-in scheduler and auto-updater.
The full list of backends is lengthy. Looks OK but it has hefty installation requirements, being built on .NET, and I got bored trying to install .NET on macOS so this project fizzled out.
6 Backing up mobile devices
TBD
7 Others I’ve seen about the place
zbackup, borgbackup, attic, obnam, arq.