/tech/ - Technology★

>>917677 (OP)

TarSnap. Open source client, incremental compression before storage. Encrypted client side.

https://www.tarsnap.com/

>>917680

>client

Not interested in a client. Does TarSnap offer a web-based API?

>>917690

Oh thought you meant like a remote rest api not a html interface.

>>917690

Why do you want a web API when you can have the open source (heavily audited) client do the encrypted deduplication and etc for you

>>917691

>>917693

I am writing my own backup program that backs up to local drives and FTP. I want to include support for cloud services as well. I want to handle my own encryption.

No third-party software is safe. Look at what happened to TrueCrypt. It's always better to roll your own if at all possible.

>>917707

>It's always better to roll your own if at all possible.

Yes i'm sure if every person wrote their own programs that would somehow cause less critical errors

Anyways the answer is obvious. Amazon S3 buckets. Very simple API, cheap, replicated, etc.

>rent VPS

>archive w/ password what you need

>(optional) use cron to manage schedules

>mirror archive /w rsync to VPS

>>917711

As a software engineer, rolling my own solutions is a common thing for me. I wouldn't recommend everyone do it. All I want to do is stream-pre-encrypted bytes to an endpoint. This way, I lknow that I am in complete cpmtrp; pf ,u dya

>>917721

>rolling my own solutions is a common thing for me

Then you are a bad engineer wasting peoples time.

>>917725

Not really. There are plenty of consumers will to use third party software. There will always be people like me who roll their own solutions. Plus. it has to integrate well with the other mechanics of my program like scheduling, version tracking, multiple back destinations, multiple configurable settings from which file nodes deeper in the file system hierarchy are inherited. It's a pretty nice program i have here. Just need to work on the UI with tree views and whatnot

>>917721

>As a software engineer

javascript webshit retard "dev" detected

>wants to roll his own solutions for everything

>still wants to rely on some proprietary (((cloud services))) where your account can get terminated instantly without notice, because you didn't suck enough of its tranny CEOs dick

cloud is the normalfaggot equivalent of just renting your own server and managing it on your own, basically what >>917718 said

but I guess that's out of the question for some braindead monkey nigger like you

>>917729

>needs an UI for something that basically amounts to a shell script with rsync and some encryption tool sprinkled in

wew lad

>>917731

>javascript webshit retard "dev" detected

I am a .NET developer. I do not see your point of contention with what I previously said.

>>917731

>>wants to roll his own solutions for everything

>>still wants to rely on some proprietary (((cloud services))) where your account can get terminated instantly without notice, because you didn't suck enough of its tranny CEOs dick

That's a leap you went on there. If I can find a reputable service. the chances that the tranny CEO will request a dick suck would be minimal and I'd just move to another service.

>>917733

>>needs an UI for something that basically amounts to a shell script with rsync and some encryption tool sprinkled in

>wew lad

Yes, I will build a UI for it. Make it easy to check boxes at any node in the file tree to customize settings for that node. Supports node inheritance where settings from parent nods flow down and are used by all child nodes unless one of the nosed wants to override a bit of inheritance

>>917734

>I am a .NET developer. I do not see your point of contention with what I previously said.

Hello pajeet.

>>917718

>rent VPS

and http://duplicity.nongnu.org/

>>917734

>I am a .NET developer

install gentoo or gtfo

>tar archives

>gpg

wew lad, you guys never heard of transparent encryption filesystems?

OP, go rent a cheap storage VPS in Europe. No "free" service will serve you truly free because they need money, ether paid directly or datamined through their web analytics web client and proprietary clients, yes some of them are even cli-based and support unix pipes but still proprietary.

https://www.cryfs.org/ and nextcloud on a VPS

rsync.net sounds like what you want.

SSH/SFTP/SCP is how you talk to it.

It gives you storage on a ZFS Z3 vol and nothing else.

I've been very happy with it personally.

>>917690

TarSnap really is a good option to fall back on, it is heavily audited by BSD and security devs.

>>917677 (OP)

all of them. just scrap if you have to. the problem is if they require government ID such as phone number

Op here. Let me clarify something. I actually am fine with 3rd party software (earlier I said 8 wasn't), but I do not want a client as I am building my own client that backs up to local drives and ftp. I want to add support for additional support for additional destinations, hence why I was asking about a web service that I could just POST or PUT a filestream to. However, if any of these third party applications have local DLLs that I can reference in my code and access their apis directly then that would work as well.

>>917693

tarsnap last I looked at it was a security joke. Most people are using it in a configuration where breaking into the system being backed up lets you delete the backups (I bet those of you using it are using it this way, be honest). The documentation points you towards setting it up like this as the standard way of using the system! It's only when you question what would happen that you might start looking deeper into the documentation for how such an attack would be prevented. To make it more secure you need a separate server that can handle pruning which means the effort and complexity of setting up a second server and keeping it secure since it's going to be running with elevated privileges nightly rather than in a much more secure design where the backups are immutable but limited so you don't have to frequently risk the use of elevated privileges. Since this is a task you only need run for a few minutes a night but has to be run on a highly secure system people look for a solution that doesn't involve wasting an entire machine and often script something up with EC2 to instantiate a VM nighty which exposes their keys to shared cloud servers running on Jewtel processors that have a new exploit every day.

It's a very OpenBSD type of "security" where it's unsafe by design, takes a huge amount of effort to make it safe, and security issues get blamed on the user for not writing half of the backup solution they're supposed to be paying for.

>>917711

>S3 buckets

Consider one-zone-infrequent-access class (twice cheaper, but pay per access and less availability)

>>917721

>As a software engineer

>As a

Go back to reddit, rails "engineer".

>>917707

> I want to handle my own encryption

Good goy.

>>917753

Your hosting company would be able to read your "encrypted" files though.

>.NET "developer"

>needs web UI for something that can be handled by file manager and local OS

>tarsnap

>BSD Security™

>GnuPG for encryption

>spoiling file metadata by encrypting files individually

>AWS shilling

what the fuck is this thread

>>917994

Yes goy encryption is bad just use dropbox

>>918279

>encrypting filesystem with GnuPG

>thinking it's something good

you glow in the dark

A filesystem should be encrypted transparently thus mitigating file size and directory structure metadata, like LUKS partitions. Everything suggested in this thread aside from cryfs fucking glows in the dark 10 miles away.

>>918290

>A filesystem should be encrypted transparently

Hes backing up files you idiot not encrypting his drive.

>>918290

You don't have access to the box that it's on though. This means that it's possible to dump the decryption key from the machine. The encryption needs to be done locally.

>>918371

You will remember this post when FBI comes after you after scanning your backed up "encrypted" files that look like this: /home/documents/loli.jpg.tar.gpg

>>918371

You blind moron or what? This is exactly what transparent encryption is.

>>918384

Did you not comprehend that OP wanted to back his stuff up on a remote server?

>/home/documents/loli.jpg.tar.gpg

They can't prove what's inside. It's not illegal to name files things. You also could just use a generic name.

>>918386

They don't care what's legal or what is not, it's still a metadata leak. Why use sub-par hacked-together amateur tools when you can mount remote encrypted partitions that don't leak file metadata.

fuck that

why the fuck would i give some company ALL my data if its already problem to share your private data

>>918388

>that don't leak file metadata

Unless the hosting company decides to dump the encryption / decryption key. Then you are leaking the whole file. Would you rather leak metadata or both the metaiata and the file itself.

>>917746

Nice, didn't know about it.

It's basically what I said

>encrypted tar-format volumes and uploading them to a remote or local file server

>>918388

You're a fucking moron. Remotely mounting a block device exposes access patterns regardless of if it's encrypted. It'd leak all sorts of details about what software you were using and what sites you were visiting and could be used to prove you were visiting a honeypot via time and size of writes. Please kill yourself before you spread your bad ideas to others.

>>917707

>No third-party software is safe. Look at what happened to TrueCrypt.

Something tells me you don't understand what happened to Truecrypt. There's no evidence it was ever compromised.

>>918422

>the hosting company decides to dump the encryption / decryption key

>>918432

>It'd leak all sorts of details about what sites you were visiting

Oh no, [s]it's retarded[/s] summer is starting

>>918442

On average what this thread full of braindead cuckchanners suggests, it would look like this:

>/gentoo/gay_porn/bigfile.tar.gpg

>/gentoo/configs/smallfile.tar.gpg

If you mean to pack all your files into one big archive and then send them to a remote server, you're double retarded. And it would look like this:

/backups/veryhugeassniggerfilegoodluckwithincrementallyupdatingit.tar.gpg

>>918498

>/backupveryhugeassniggerfilegoodluckwithincrementallyupdatingit.tar.gpg

http://duplicity.nongnu.org/

Because duplicity uses librsync, the incremental archives are space efficient and only record the parts of files that have changed since the last backup. Because duplicity uses GnuPG to encrypt and/or sign these archives, they will be safe from spying and/or modification by the server.

>>918498

>the hosting company decides to dump the encryption / decryption key

If you are using a VPS the host machine can take a memory dump of your server at anytime without your knowledge. For a dedicated server it will be much more secure against this, though the methods of doing so are more intrusive.

>>918596

If mounted locally, what's wrong with that?

>>918662

>the host machine can take a memory dump of your server

You have no clue what you are talking about, or it seems that previous poster did not elaborate more eloquently.

>>918631

Well, I've read duplicity documentation and it appears to be similar to cryfs mentioned above, butt their project webpage has broken tls certificate (scares off normies) and according to my own tests, newest created tar archives spoil filesize metadata.

Although, it appears to be what is called deja dup in n00buntu. Shittiest piece of software I've dealt with back in those days of bliss ignorance.

>>917677 (OP)

https://askubuntu.com/questions/2596/comparison-of-backup-tools

>>918758

>If mounted locally, what's wrong with that?

That has been explained above

>>918002

Even better: run Tor router with stealth hidden service address only your Tor router can read the descriptor. Stealth onions are not public so the chances of break-in are minimized. Saves you from relying on dyndns and adds a layer of security.