Posts Tagged ‘spideroak’

SpiderOak Backup Bouncer tests

Wednesday, July 21st, 2010

I really want to like SpiderOak, especially when you consider the following features:

  • Whole cloud de-duplication – All of the data you backup to spideroak, regardless of the source is de-duplicated
  • The ability to share files in your cloud with others
  • ‘Zero-knowledge’ encryption
  • Cross platform client
  • Support of open source

However, I keep finding problems that prevent me from using it as my primary backup software. As with BackBlaze I did some testing with Backup Bouncer v0.2.0 to see how the latest version of SpiderOak (v3.6.9680) fairs with the meta-data that Mac OS X generates. Results follow.

sh-3.2# ./bbouncer verify -d /Volumes/Src ../Dst
Verifying:    basic-permissions ... FAIL (Critical)
Verifying:           timestamps ... FAIL (Critical)
Verifying:             symlinks ...
    stat: ./symlink1: stat: No such file or directory
    FAIL (Critical)
Verifying:    symlink-ownership ... FAIL 
Verifying:            hardlinks ... FAIL (Important)
Verifying:       resource-forks ... 
   Sub-test:             on files ... FAIL (Critical)
   Sub-test:  on hardlinked files ... FAIL (Important)
Verifying:         finder-flags ... FAIL (Critical)
Verifying:         finder-locks ... FAIL 
Verifying:        creation-date ... FAIL 
Verifying:            bsd-flags ... FAIL 
Verifying:       extended-attrs ... 
   Sub-test:             on files ... FAIL (Important)
   Sub-test:       on directories ... FAIL (Important)
   Sub-test:          on symlinks ... FAIL 
Verifying: access-control-lists ... 
   Sub-test:             on files ... FAIL (Important)
   Sub-test:              on dirs ... FAIL (Important)
Verifying:                 fifo ... FAIL 
Verifying:              devices ... FAIL 
Verifying:          combo-tests ... 
   Sub-test:  xattrs + rsrc forks ... FAIL 
   Sub-test:     lots of metadata ... FAIL 

As you can see, SpiderOak fails all of the backup-bouncer tests. Combine this with the password issues I’ve mentioned previously and it looks like SpiderOak still has a ways to go before I can seriously consider using it to house my data.

Linux Backups

Sunday, March 14th, 2010

As I covered in a previous post, I use an online backup service as part of my backup strategy for my laptop. When I wrote that post I was having horrible problems with Mozy and decided to evaluate other options.

After considering a number of factors I decided on Backblaze and so far it has worked exactly as promised without excessive resource and CPU usage like the old mozy client. However, the problem is that now only my laptop is protected from dataloss. I still have a linux machine (Debian) that needs to be backed up and I have been searching for a product that would allow for unlimited storage and secure backup.

Enter SpiderOak. As I mentioned in my older post, I looked at spideroak and thought it looked like a really good solution. I mean who wouldn’t like true zero knowledge privacy (unlike Mozy) and clients for Windows, Mac and Linux?

While doing some more testing tonight I realized that the SpiderOak client does not verify that you know your current password when you go to change it. What does this mean? Well, if someone steals your computer and wants access to your data on SpiderOaks servers, all they have to do is change your password and they are in. In addition to this, you don’t have to know the current password to restore files from any computer in your “network”. What does this mean? Anyone with physical access to your computer has access to everything you have backed up with SpiderOak. No thanks, until this glaring security hole is fixed I’m not going to be using SpiderOak for anything sensitive.

So what am I using to backup my Linux box? Duplicity+S3. Duplicity has it’s own issues, primarily that it requires a large number of arguments and has no graphical restore functionality, but it’s working well for me.