[ExI] Computer Backups

Eugen Leitl eugen at leitl.org
Fri Nov 30 21:20:30 UTC 2007 

On Fri, Nov 30, 2007 at 10:45:17PM +0200, Khaled Aly wrote:
> 
>    And you can always encrypt your backed-up volume to ensure its

You have either to use a server-side cryptographic filesystem,
or encrypt everything client-side and/or push it out via a VPN.

I don't really trust server-side cryptographic systems, unless
I have proof of physical security and/or it's acertained by
a tamper-proof hardware token (I have a smartcard USB dongle
in one of my servers which could hold private keys, though 
I'm currently not using it, and there's a webcam inside my 
rack which however doesn't stream offsite yet -- the luxury
of being a terrorist mole, ah).

>    security. You can also use an external storage device to do
>    incremental, differential, or complete backups of both your system and
>    your data (separation is recommended as it is easier to recover your
>    system and you wouldn't want to loose both of them simultaneously upon
>    a disk crash, I use two separate disks in my PC). Local storage cost
>    is competitive to that of online. You can backup with a

It has to be offsite, though, orelse the secondary/backup failure would
be causally entangled with whatever nuked your primary system (fire,
lightning, thieves, SWAT, etc.).

>    push-of-a-button, which I don't like since it might depend on unknown
>    software behind the button (I mean it could fail to restore when you

I much prefer known software, or at least stuff that fail-safes (I've just
hooked up a 500 GByte external volume on Time Machine, to just see what it
does -- btw, zfs write now works on Leopard bleeding edge).

>    most and only need that); or using a recognizable desktop software
>    like "Acronis" (but then you store one or more 'coded' archive files,
>    and you're only sure upon your first restoration), or just simply
>    doing a delete-copy-paste-etc. (most aggravating and disk consuming
>    but also assuring as you get to see your files). You can also backup
>    using a mass storage email service like gmail. Just protect your

On another list this caused a (temporary?) account suspension due
to violation of terms of use. Since gmail now offers you both
POP3 and IMAP I suggest y'all use it, if you use for more than
a sacrificial porn stash.

>    private data 'best' with PGP before submitting it to third parties.

Apropos of nothing, fabricating MD5 collisions at least for Adobe
Acrobat (.pdf) documents is trivial now (takes a bit 'o crunch
on a single PS3).

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the extropy-chat mailing list