Posts Tagged ‘backup’

SpiderOak Backup Bouncer tests

Wednesday, July 21st, 2010

I really want to like SpiderOak, especially when you consider the following features:

  • Whole cloud de-duplication – All of the data you backup to spideroak, regardless of the source is de-duplicated
  • The ability to share files in your cloud with others
  • ‘Zero-knowledge’ encryption
  • Cross platform client
  • Support of open source

However, I keep finding problems that prevent me from using it as my primary backup software. As with BackBlaze I did some testing with Backup Bouncer v0.2.0 to see how the latest version of SpiderOak (v3.6.9680) fairs with the meta-data that Mac OS X generates. Results follow.

sh-3.2# ./bbouncer verify -d /Volumes/Src ../Dst
Verifying:    basic-permissions ... FAIL (Critical)
Verifying:           timestamps ... FAIL (Critical)
Verifying:             symlinks ...
    stat: ./symlink1: stat: No such file or directory
    FAIL (Critical)
Verifying:    symlink-ownership ... FAIL 
Verifying:            hardlinks ... FAIL (Important)
Verifying:       resource-forks ... 
   Sub-test:             on files ... FAIL (Critical)
   Sub-test:  on hardlinked files ... FAIL (Important)
Verifying:         finder-flags ... FAIL (Critical)
Verifying:         finder-locks ... FAIL 
Verifying:        creation-date ... FAIL 
Verifying:            bsd-flags ... FAIL 
Verifying:       extended-attrs ... 
   Sub-test:             on files ... FAIL (Important)
   Sub-test:       on directories ... FAIL (Important)
   Sub-test:          on symlinks ... FAIL 
Verifying: access-control-lists ... 
   Sub-test:             on files ... FAIL (Important)
   Sub-test:              on dirs ... FAIL (Important)
Verifying:                 fifo ... FAIL 
Verifying:              devices ... FAIL 
Verifying:          combo-tests ... 
   Sub-test:  xattrs + rsrc forks ... FAIL 
   Sub-test:     lots of metadata ... FAIL 

As you can see, SpiderOak fails all of the backup-bouncer tests. Combine this with the password issues I’ve mentioned previously and it looks like SpiderOak still has a ways to go before I can seriously consider using it to house my data.

BackBlaze and metadata

Monday, March 22nd, 2010

Last night I did some testing on BackBlaze with backup-bouncer v0.2.0 to see how well it was preserving the extra meta-data HFS+ is capable of storing. The results were rather shocking:

./bbouncer verify -d /Volumes/Src ~volz/Downloads/Src
Verifying:    basic-permissions ... FAIL (Critical)
Verifying:           timestamps ... FAIL (Critical)
Verifying:             symlinks ... 
    stat: ./symlink1: stat: No such file or directory
    FAIL (Critical)
Verifying:    symlink-ownership ... FAIL 
Verifying:            hardlinks ... FAIL (Important)
Verifying:       resource-forks ... 
   Sub-test:             on files ... ok (Critical)
   Sub-test:  on hardlinked files ... FAIL (Important)
Verifying:         finder-flags ... FAIL (Critical)
Verifying:         finder-locks ... FAIL 
Verifying:        creation-date ... FAIL 
Verifying:            bsd-flags ... 
    stat: ./dir-with-flags: stat: No such file or directory
    FAIL 
Verifying:       extended-attrs ... 
   Sub-test:             on files ... FAIL (Important)
   Sub-test:       on directories ... FAIL (Important)
   Sub-test:          on symlinks ... FAIL 
Verifying: access-control-lists ... 
   Sub-test:             on files ... FAIL (Important)
ls: ./acl-test-dir: No such file or directory
   Sub-test:              on dirs ... FAIL (Important)
Test dir '/Users/volz/Downloads/Src/90-fifo' does not exist
Test dir '/Users/volz/Downloads/Src/95-devices' does not exist
Verifying:          combo-tests ... 
   Sub-test:  xattrs + rsrc forks ... FAIL 
   Sub-test:     lots of metadata ... FAIL

No basic permissions? No timestamps? And no extended attributes? Wow, this means restores from BackBlaze will only get your data back and that you loose all of the hidden data on your files… What does this mean? Well, for example if you have a file that is locked and you restore it, the new file won’t be locked. Examples of other things that get lost: whether or not a file extension is hidden, creation dates, modify dates, symlinks, if a downloaded file hasn’t been opened yet (quarantined), finder comments and where you downloaded an item from. What is the logic here? Is it really that much effort to back this up? Too much space used if you back this up? I wonder how Mozy fares in this test.

Linux Backups

Sunday, March 14th, 2010

As I covered in a previous post, I use an online backup service as part of my backup strategy for my laptop. When I wrote that post I was having horrible problems with Mozy and decided to evaluate other options.

After considering a number of factors I decided on Backblaze and so far it has worked exactly as promised without excessive resource and CPU usage like the old mozy client. However, the problem is that now only my laptop is protected from dataloss. I still have a linux machine (Debian) that needs to be backed up and I have been searching for a product that would allow for unlimited storage and secure backup.

Enter SpiderOak. As I mentioned in my older post, I looked at spideroak and thought it looked like a really good solution. I mean who wouldn’t like true zero knowledge privacy (unlike Mozy) and clients for Windows, Mac and Linux?

While doing some more testing tonight I realized that the SpiderOak client does not verify that you know your current password when you go to change it. What does this mean? Well, if someone steals your computer and wants access to your data on SpiderOaks servers, all they have to do is change your password and they are in. In addition to this, you don’t have to know the current password to restore files from any computer in your “network”. What does this mean? Anyone with physical access to your computer has access to everything you have backed up with SpiderOak. No thanks, until this glaring security hole is fixed I’m not going to be using SpiderOak for anything sensitive.

So what am I using to backup my Linux box? Duplicity+S3. Duplicity has it’s own issues, primarily that it requires a large number of arguments and has no graphical restore functionality, but it’s working well for me.