Jump to content
David Heffernan

Securing your data over time

Recommended Posts

9 hours ago, haentschman said:

What if your house burns down?

It is possible to have some kind of fireproof safe. In a company I worked for, they have such a safe.

Share this post


Link to post
8 minutes ago, FPiette said:

It is possible to have some kind of fireproof safe. In a company I worked for, they have such a safe.

My wife already looks suspicious when I tell her we take the car to the mechanic and it's going to be expensive. I don't even want to imagine convincing her why I need a fireproof safe, which costs triple the amount than our car.

At home you'll quickly get bored of rotating backup mediums and locking them away. You'll want your backup equipment INSIDE the safe so it can do everything automated. As safes SHOULD act as a perfect Faraday-cage, unless they include a fireproof RJ45 socket wired from the outside in...

I'm not saying anything more. I'll trademark this stuff 😄

  • Haha 1

Share this post


Link to post
21 minutes ago, aehimself said:

Proper backup solutions require the backup area (including servers and libraries) to be physically separated to different buildings. Thus, production center burns - you still have backups and vice versa.

I also run a machine with extremely low power consumption kilometers away from my house. It's only job is to replicate the data from my prod server, when network is up.

it occurs to me that it wouldn't be hard to find a friend with internet access where you both set up a small backup server, like a Raspberry Pi 4 with some SSD on it, and physically placed them at each other's homes instead of your own. Or maybe set them up in pairs so you have one at home and one at their house, and the remote one mirrors the local one.

Share this post


Link to post
6 hours ago, dummzeuch said:

I'm not sure whether I'd care much about Delphi projects when my house burns down.

Well said. That would be my last concern too, especially since I have offsite replication of my upstream git repositories 🙂

7 hours ago, dummzeuch said:

I don't have a house, I live in a rented flat, so maybe I would care.

<OFFTOPIC>

If there are no swarm of mosquitos, it's quite pleasant to have your morning coffee / lunch / dinner outside. On the downside - a house will ALWAYS keep you busy. There is no such thing as "I'm bored" it's only "I'm lazy to do this and this" 😄

 

<EVENMOREOFFTOPIC>

I had a landlord once. She was a living creature from hell. Even though I had good relations with the neighbors and paid on time, after a couple of months I was already afraid she is going to poison my dog so I decided to cancel our contract and move out to nowhere. That was the last nail in the coffin - I do not trust people ever since and I do everything in my power not to depend on anyone.

</EVENMOREOFFTOPIC>

</OFFTOPIC>

Share this post


Link to post
12 minutes ago, David Schwartz said:

with some SSD on it

...which would immediately make it a non-ideal backup solution.

Share this post


Link to post
45 minutes ago, aehimself said:

You'll want your backup equipment INSIDE the safe so it can do everything automated.

No. You want your media isolated from anything that can damage it. That includes the backup device.

Build a lego robot if you want it automated :classic_smile:

 

A small fireproof safe isn't that expensive. 400 EUD will get you started and I'm sure they can be had for a fraction of that second hand.

  • Like 1

Share this post


Link to post
42 minutes ago, aehimself said:

...which would immediately make it a non-ideal backup solution.

It's an IDEA. Like scrambling eggs ... some people put milk or creme in them, and for those who are allergic to dairy products, well, that's a non-starter for them. That doesn't mean that they cannot eat scrambled eggs, just not with dairy in them.

 

You don't have to keep telling us here that you're allergic to anything but mag tapes. We get it. It's getting old, and you're free to use whatever kind of tape backup unit you want in place of whatever other storage is suggested. But replacing it with cloud storage kind of negates the whole idea, so don't bother to go there.

 

BTW, why is it that so many people who are allergic to paying anything for software seem to have no problem paying for cloud storage when they can roll their own using an old computer, whatever storage medium they prefer, and free software?

 

I mean, that's basically what I'm suggesting here -- save yourself $100/yr in cloud storage fees by using free stuff and things you're already paying for. Dropbox charges $10/mo or $100/yr for 2TB of cloud storage. So build a couple of boxes with 2TB of storage; set one up at your home and the other up at a friend's house, and have the remote one mirror the local one. Problem solved. And if your cloud vendor suddenly shuts down or gets raided or hackers suck all of the data out of it and expose your secrets ... well ... where does that leave you?

 

Edited by David Schwartz

Share this post


Link to post
1 minute ago, Anders Melander said:

A small fireproof safe isn't that expensive. 400 EUD will get you started and I'm sure they can be had for a fraction of that second hand.

I see this as a rather silly discussion. The chance of being burglarized is far higher than having your entire house burned to the ground.

 

Safes are used to contain valuables. Fireproof safes are perceived as containing really HIGH-VALUE things (like wads of cash). So thieves might be more inclined to grab a safe than a nondescript box on a wall in the back of a closet with a bunch of random wires coming out of it. For all they know, it's from the cable company and is useless if stolen. Maybe put some verbiage to that effect on it to throw them off...

 

Don't forget that it's going to be pretty useless if a burglar can pick up your fireproof safe and walk off with it. So add in some way to secure it sufficiently that it can't be carried off. Keep in mind there are folks who actually steal entire ATMs to crack into later and extract the funds in them. 

 

 

Share this post


Link to post
8 minutes ago, David Schwartz said:

I see this as a rather silly discussion

 

Me too. Also funny one. Especially that you don't understand why would one use an online service to make a complementary/secondary cold-backup in a different geographical location, then you answer your own question in 2 minutes with the burglars.

 

image.png.d384f1c6ba9c8ad9e5a3a9d08d26037b.png

Edited by Attila Kovacs
  • Haha 4

Share this post


Link to post
1 minute ago, David Schwartz said:

You don't have to keep telling us here that you're allergic to anything but mag tapes

I'm not. I'm not even using mag tapes, they (and the drives + libraries) are too expensive for a hobby. I'm just accepting the opinion of smarter people than me, who still describe the ONLY valid (local) backup medium as tapes. I'm not that good in physics, but the industry standard have its tests.

I'm only strictly against calling flash-based devices as backup. They are not that reliable. End of story.

6 minutes ago, David Schwartz said:

But replacing it with cloud storage kind of negates the whole idea, so don't bother to go there.

Never said that. Cloud backup is a valid option. I never did - and will never - discourage people of Cloud-based backup. I just have trust issues, but that's my own business.

8 minutes ago, David Schwartz said:

BTW, why is it that so many people who are allergic to paying anything for software seem to have no problem paying for cloud storage when they can roll their own using an old computer, whatever storage medium they prefer, and free software?

I mean, that's basically what I'm suggesting here -- save yourself $100/yr in cloud storage fees by using free stuff and things you're already paying for.

I'll bet almost anything that at least half of the people here (and majority of IT geeks around the globe) do this. We are happy to spend the price of a house on a backup server for our company but private life is different - if it is still a hobby.

People usually pay because they need GUARANTEE. What happens if your house and your friends house catches fire at the same time?

Share this post


Link to post
15 minutes ago, Anders Melander said:

No. You want your media isolated from anything that can damage it.

That is a really valid point. So you need 2 fireproof safes. 1 for the library, 1 for the server 🙂

15 minutes ago, Anders Melander said:

That includes the backup device.

That is not possible. How are you writing data on a media, which is not physically in a drive?

Again, I am strictly talking about home-use "hacky" but safe-enough solutions.

17 minutes ago, Anders Melander said:

400 EUD will get you started and I'm sure they can be had for a fraction of that second hand.

I have trust issues. I'll not buy critical equipment (like a fire extinguisher or car tires) second hand. If I want my data safe - brand new safe. If not - no safe at all.

400 EUR is a bit off the hobby limit in my opinion. But then again - how much one is willing to and how much one can spend on their hobby is a subjective factor.

Share this post


Link to post
16 minutes ago, Attila Kovacs said:

Me too. Also funny one. Especially that you don't understand why would one use an online service to make a complementary/secondary cold-backup in a different geographical location, then you answer your own question in 2 minutes with the burglars.

You obviously haven't had cloud services you subscribed to that were supposedly "secure" and said to be on solid financial footing, go belly up one night.

 

I have.

 

Nor have you had servers you were paying to be "secured" get raided by law enforcement just because they were co-located near someone who they were investigating for criminal activity and so they were able to get search warrants for every machine inside the "secured" area -- as if all of that equipment was owned and/or operated by the crooks they were after. They seized ALL of the equipment in that "secured" area and hauled it all away. For weeks.

 

I have.

 

But burglars ... they don't know much about tech. They go after TVs, stereos, microwaves, and stuff that looks familiar to them. Things they see at Best Buy with big price tags on them. If you have specific valuables in the house, and they know they're there, they'll head for them. If you're gone for a while and they can spend the time to toss your entire place, then a safe isn't going to be very "safe". But things that look like cable boxes and modems that can be bought at Goodwill for $5 aren't worth their time. 

 

They'll steal a Bluetooth speaker worth $50 and not even think twice about your $10,000 Marantz 6-tube stereo amp and FM receiver that look like something their grandparents used.

 

If you had one of those big old computer tape drives in a rack that was spinning and had lots of blinking lights, they'd take that before much else.

 

Sometimes "security" is more about "playing the odds" than building a better Cheyenne Mountain.

Edited by David Schwartz

Share this post


Link to post
17 minutes ago, David Schwartz said:

I see this as a rather silly discussion. The chance of being burglarized is far higher than having your entire house burned to the ground.

What are you on about?

There's a difference between a fireproof safe which is primarily a safe and a fireproof safe which is primarily fireproof. Guess which one you should use to protect your backup media against fire? The reason it's "a safe" is that if you're going to build a big steel box then you can just as well put a lock on it and call it a safe.

 

If you are afraid that someone are going to steal your safe then close the door but don't lock it. Jeez.

Share this post


Link to post
On 8/31/2020 at 2:53 AM, Anders Melander said:

Oh, and another reason why this is wrong is that it's better for HDDs to run continuously. It's the power cycles that kills them (thermal wear).

Thermal wear, yes, but not because of power cycles, which are indeed another stress. The best thing for a drive which runs 24/7 is to remove heat from it. Airflow can be part of the solution, but a more useful approach is to mount your drives between relatively thick aluminum plates. You might also use thermal paste where the drives contact the aluminum plates. I used that approach years ago in video servers where the SCSI drives were rated for 150F max, and if left in free air on a non-conductive bench, reached 149F from their own operation. With the use of aluminum plates and intelligent airflow -- drawn out, not blown in -- we kept things at 105F with no difficulty. 

Share this post


Link to post
15 minutes ago, aehimself said:

That is not possible. How are you writing data on a media, which is not physically in a drive?

Again, I am strictly talking about home-use "hacky" but safe-enough solutions.

I of course meant that the two should be separate after the backup has been made. Not during.

 

At home I'm doing rotating backups to disk. The disks are stored in a non-fireproof cabinet in another building. I'm betting that both buildings don't burn down (or are towed away by "burglers") at the same time. I live in a thatched house so it's not like I'm fireproof in any way.

Share this post


Link to post
Just now, Anders Melander said:

At home I'm doing rotating backups to disk. The disks are stored in a non-fireproof cabinet in another building.

If you mean you physically remove and transport disks between houses on a regular basis for years, you have my highest possible admiration. I'm just too lazy to do that, I give up after a month or two.

I still have so much to learn 😞

Share this post


Link to post
19 minutes ago, aehimself said:

People usually pay because they need GUARANTEE. What happens if your house and your friends house catches fire at the same time?

No matter what solution can be put forth, you can always come up with a scenario that invalidates it.

 

That only leaves you stuck where you are with very little interest in anything. It's the ultimate demotivator.

 

Apple started out as a hobby. Only instead of listening to Woz' arguments about why nobody would by even 10 of his 6502-based home-brew computer boards, Jobs said, "Let's build 100 of them!"

 

I'm not interested in all the reasons you can find not to embrace anything at all. I have stuff stored in my garage that by all accounts should be totally unreadable today. You know what? Everything I've tried to read that wasn't so brittle that it shattered ... worked fine. It'll outlive me. But according to your view of the world, none of it would be here because all the "experts" say it would not survive this long.

 

These "experts" base their opinions on statistical data based on accelerated environmental testing with known limitations.

 

Once I had a contract to help some guys show how so-called commercial off-the-shelf (COTS) hardware fared against similar mil-spec equipment that cost 3 orders of magnitude more for the same (or worse) functionality. The guys doing the testing put both sets of hardware through the most severe shake-and-bake testing they had, and the fully-ruggedized mil-spec hardware had a 50% greater failure rate than the COTS hardware.

 

So I don't put a lot of stock in what statisticians say when it comes to the longevity of electronic components. The stuff tends to fail early within 90 days; or it starts dying at around it's projected MTBF. But fully half of it will last 3-5x it's rated MTBF. That's statistics for you.

 

Of course, you can always pull out that Joker card and argue that no matter what the MTBF is, there's always a scenario they didn't account for that will kill it off immediately.

 

And don't forget that a meteor could fall out of the sky and kill you right where you are ... any time of the day or night, wherever you are on the planet. Even if you're driving down the road, flying, or whatever you're doing. 

 

You could also spontaneously combust. 

Share this post


Link to post
8 minutes ago, Bill Meyer said:

Thermal wear, yes, but not because of power cycles, which are indeed another stress.

What I meant was wear from thermal expansion and contraction.

There are lots of other factors to consider but it's kinda pointless to explain in detail when you're up against SDs and Raspberry Pis.

Share this post


Link to post
4 minutes ago, aehimself said:

physically remove and transport disks between houses on a regular basis for years

I'm doing incremental backup and I rotate media every one or two weeks so it's not that bad. The "other house" is right next to the main building and the cabinet is in my workshop, right next to where I keep the beer, so it's nice to have an excuse to "go file the backup".

  • Like 1
  • Haha 1

Share this post


Link to post
1 minute ago, Anders Melander said:

I'm doing incremental backup and I rotate media every one or two weeks so it's not that bad. The "other house" is right next to the main building and the cabinet is in my workshop, right next to where I keep the beer, so it's nice to have an excuse to "go file the backup".

Damn it. First of all, have the highest possible levels of my admiration.

As for the location... damn it again. I should re-structure my IT equipment at home.

Share this post


Link to post
10 minutes ago, David Schwartz said:

The stuff tends to fail early within 90 days; or it starts dying at around it's projected MTBF. But fully half of it will last 3-5x it's rated MTBF. That's statistics for you.

Are you aware what the M in MTBF stands for?

 

And it's not the statisticians that are making these claims we are talking about. It's the companies producing the devices, based on their tests, and it's the people that have the experience to back the claims. And yes, they're "experts". Because they know what they're talking about. Like Wozniak. Unlike Jobs.

  • Like 1

Share this post


Link to post
9 hours ago, David Schwartz said:

You obviously haven't had cloud services you subscribed to that were supposedly "secure" and said to be on solid financial footing, go belly up one night.

 

I have.

 

That can happen with any service you subscribe to. 

I'd pick two large ones that have operations internationally.  

DropBox, Google Drive, Microsoft OneDrive, Apple iCloud, Amazon, Oracle to mention the obvious ones.

Box, IDrive and SugarSync as runners up.  

Norwegian alternative: https://www.jottacloud.com/en/ - which has some of the best integration solutions that I've seen, and it operates under Norwegian law, which has stringent privacy rules.

 

Don't trust any of these to not look at your data?

Encrypt the shit out of it.

Just don't place your bet on SD cards that unavoidably will go dead.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×