Hacker News new | past | comments | ask | show | jobs | submit login

Rsync.net can do similar, because of their snapshot system. By default there's no way to delete a snapshot except through the schedule set up (you can write to them and ask if it's necessary for some reason). It doesn't use asymmetric crypto to do this but it's neither necessary not sufficient for the purpose of preventing accidental or malicious deletion of backups

https://www.rsync.net/resources/howto/snapshots.html




Right I've considered that. It is however limited to like 7 snapshots.

The thing is that tarsnap deduplicates over arbitrarily long time periods, letting me make arbitrarily long staggered sequences of retained archives.

Perhaps I should really reconsider if I really need such long lived archives, but it is hard to bring myself to drop them.


You can do the same with rsync, they just charge you for the extra space (the differential space, like with tarsnap) instead of providing them for free (from what I can see the limits in the web UI are like 1000 daily and weekly snapshots, 200 monthy snapshots, 100 quarterly snapshows, and 10 yearly snapshots, which I suspect are arbitrary 'good enough for most' numbers, not some hard limit based on what they can profitably provide). I personally use the direct ZFS option so I can set up the snapshots exactly how I want, but it is extra effort and doesn't provide quite as good a guarantee that they won't be overwritten (it's resilient against a compromise of the server uploading the backups because I've set up scripts that way, but it doesn't protect against compromise of the logic credentials for the VM in the same way).


Oh thanks. I did not know that. That does seem good enough.

I just now need a deduplicating asymmetrically encrypted backup program.

I've tried duplicity in the past, and maybe I should try it again. But my recollection is that duplicity will just fail to do backups at the slightest hint of any problem. Like maybe if the last backup was interrupted then no more backups for you until you attend to it.

Edit: More memories returning of having to dig out my decryption key to resync the metadata when duplicity gets unhappy, and then since my target server was append-only, duplicity was upset when it wasn't allowed overwrite any of it's incomplete metadata files. I guess the ZFS snapshot technique would alleviate the latter issue.

To be fair, if tarsnap gets confused it needs the keys to do its fsck command, but I recall this sort of thing happening regularly with duplicity and almost never with tarsnap.


No, not limited.

An rsync.net account can have any arbitrary schedule of snapshots - including days, weeks, months, quarters and years.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: