upvote

points

by avian9 hours ago |
comments
upvoteby privatelypublic9 hours ago|
next
[-]
Sounds like it's just a worse Glacier setup then?

Amazon has Pre-Pay in a semi-open beta.

CloudFront has 1TB/month free- knocking a large chunk of a restore's cost. (Note- you should have either encrypted your stuff yourself and/or S3 authorization/access control still works over CF)

At what seems to be <$2/mo per TB ($1/TB glacier Deep archive + 9cent/gb for metadata on S3 frequent access), no other solution comes close. The big issue is the lump cost of a restore. Which, is quickly worn down by being > $5/TiB/mo cheaper than anybody else.

reply
upvoteby amluto8 hours ago|
parent|
[-]
Tarsnap has a nice security model, and it’s quite a challenge to convince any open-source tool to match it.
reply
upvoteby dividuum8 hours ago|
parent|
[-]
restic is basically identical and you can choose where you store your data.
reply
upvoteby amluto7 hours ago|
parent|
[-]
restic can supposedly be set up to prevent a corrupted / compromised client from destroying old data using S3 versioning policy, but this doesn’t appear to be a well-supported feature with clearly-described security properties.

Tarsnap, in contrast, has an explicit first-class ability to prevent a compromised client from damaging old backups.

reply
upvoteby placardloop6 hours ago|
parent|
next
[-]
That’s because restic is not opinionated about where and how you store your backups. Restic provides a nice interface to create the backups, and then lets you choose where you want to store them (and how access to them is managed), be it locally or via SFTP or S3 or many other backends. Any security properties related to S3 are not in the scope of what restic is meant to do.

It’s pretty simple to enable versioning and object lock on your S3 bucket, but it is another step if you’re using restic. Sure, if you just want all of that taken care of for you, you can use tarsnap, but you’re paying a 5x+ premium for it.

The other nice thing about restic is that since it’s just the client-side interface, it allows others to provide managed storage. Borgbase.com is a storage backend that is supported by Restic that supports append-only backups, and is cheaper than tarsnap.

reply
upvoteby amluto5 hours ago|
parent|
[-]
I disagree, strongly. Here are the relevant docs:

https://restic.readthedocs.io/en/stable/030_preparing_a_new_...

I would like to see an explicit discussion of what permissions are needed for what operation. I would also like to see a clearly specified model in which backups can be created in a bucket with less than full permissions and, even after active attack by an agent with those same permissions, one can enumerate all valid backups in the bucket and be guaranteed to be able to correctly restore any backup as long as one can figure out which backup one wants to restore.

Instead there are random guides on medium.com describing a configuration that may or may not have the desired effect.

reply
upvoteby placardloop18 minutes ago|
parent|
[-]
Again, this isn’t at all in the scope of restic’s docs. If you’re using S3 as the storage, it’s on you to understand how S3 works and what permissions are needed, just like it’s on you to understand how your local file system works and file permissions work if you use the local file system as a backend.

If you don’t understand S3 or don’t want to learn, then that’s fine, and you can pay the premium to tarsnap for simplifying it for you. But that’s your choice, not an issue with restic.

If you think differently, have you submitted a PR to restic’s docs to add the information you think should be there?

reply
upvoteby dividuum3 hours ago|
parent|
prev|
[-]
Fair enough. Personally I use an ssh target with zfs file system with its own automatic snapshots. The restic snapshots don’t directly correspond to the zfs snapshots, but I can live with that.
reply
upvoteby kunley9 hours ago|
prev|
[-]
I found restic is a prety cool alternative. (No hosting though, I am sending restic backups to a private server/vps)
reply
upvoteby pbowyer4 hours ago|
parent|
next
[-]
Same but with rustic because I found it used significantly less memory.

https://rustic.cli.rs/

reply
upvoteby muyuu8 hours ago|
parent|
prev|
next
[-]
yep it's what i'm using right now

restic, and my own computers and storage, and the occasional rented device (VPS or similar, typically)

i find that the hassle of setting up my stuff is still preferable than having to worry about managing bills, subscriptions, and third parties just changing their policies

reply
upvoteby porridgeraisin7 hours ago|
parent|
prev|
[-]
+1 for restic

Restic + rclone is a very nice combo. Works really well.

reply
upvoteby pa7ch4 hours ago|
parent|
[-]
Curious why use both? I use restic directly with B2 backblaze, whats rclone doing for you here?
reply
upvoteby maw21 minutes ago|
parent|
[-]
I use restic + rclone to back up to onedrive, where I have 1TB space included with my subscription.

My main backups are on rsync.net, though.

reply