> On Wed, Nov 14, 2018 at 12:52:57PM -0500, Lee wrote: >> On 11/14/18, Reco <recovery...@enotuniq.net> wrote: <.. snip ..> >> > If you're content with losing all this metadata in your backup - there >> > are rsync, cpio or tar. Or all those 'backup solutions' based on those. >> >> Do I need all that metadata? This is for me at home so it's pretty >> much a single user machine. > > That's for you to decide. I'd say you definitely need it for the backups > of / and /var and can *probably* skip it for /home, but YMMV. > > >> >> > For the encryption of this hypothetical drive (I don't use USB >> >> > drives >> >> > for these purposes) - luks only. >> >> >> >> Why don't you like USB drives for these purposes? >> > >> > Because backing up something to NFS share is easier. >> >> but leaves you open to cryptolocker ransomware & various 'oh shit!' >> moments when I do something stupid. Offline & offsite is worth a >> certain amount of inconvenience to me. > > Nope. Because: > > a) You do not do backups as a regular user.
On windows I certainly do. But if I need all the file metadata as well as the files.. yeah, probably not & I'm going to have to rethink my whole backup process. > b) You do not keep a single backup. > > Besides, avoiding all those cryptolockers is easy. You just need to > learn to distinguish a trusted software from the untrusted. A trusted > software comes to you with your OS (in this case - Debian main archive). > An untrusted software comes from elsewhere. Keep to a trusted software > and you'll be fine. Most probably. But I think using Firefox comes with a certain amount of risk - probably not all that much on debian but still a risk; as does having an all-the-time online backup. > Avoiding human mistakes is impossible indeed, hence the backups. And > filesystem snapshots, but that's a different matter. > > >> > And, I'm strong believer of 'machine works, human thinks' principle. >> > Automating backups to NFS (and replicating them from there) is simple. >> > Automating backup to USB drive - that's something that cannot be done >> > without human intervention. >> > >> >> In other words, what am I missing? > > A good backup is run by cron. A bad backup is run manually. > Simple as that. How do you check that your cron backups worked? Which is assuming you do check :) The manual backups I do are fast enough that I can watch and see that nothing went wrong. >> > Encrypted backups have their purpose, of course. For storing backups >> > offsite (whenever it's physical or cloud) encryption is invaluable. >> > >> > But, the encryption is only as secure as the management of the >> > encryption key, and the only relatively secure example of that I can >> > come up with is gpg. And utilizing gpg for unattended backups is >> > painful >> > to say the least. >> >> Which is why I liked truecrypt. Is luks roughly equivalent for >> encrypting the whole drive? > > No, it's better. More encryption algorithms, definitely more code audit > *and* virtually zero 'became superuser' vulnerabilities. OK - good to know! Thanks, Lee