Distributed Internet Backup System

deadfx writes "Since disk drives are cheap, backup should be cheap too. Of course it does not help to mirror your data by adding more disks to your own computer because a fire, flood, power surge, etc. could still wipe out your local data center. Instead, you should give your files to peers (and in return store their files) so that if a catastrophe strikes your area, you can recover data from surviving peers. The Distributed Internet Backup System (DIBS) is designed to implement this vision."

Problem = bandwidth.

[caluml]

The main problem with this approach (and for that matter Freenet) is that it is slow for all but the smallest files.

Bandwidth is still the most precious commodity in computing. Once we get fibre to every house, then distributed storage will make sense.

Re:Problem = bandwidth.

[Kentamanos]

You're right. Ideally you could make one big backup of the data by hand and then start to do incrementals (assuming the diffs were small enough for your bandwidth).

Currently, couriers get paid too much money to simply enter a data center, swap out a tape, and take the tape to an offsite storage location.

Re:Problem = bandwidth.

[nano2nd]

You're right in that today's infrastructure isn't made for chuffing massive, hard-drive-sized hunks of data back and forth.

But what about incremental backups?

OK so you've got to get your base image uploaded -somehow- but after that, data changes very little on a daily basis and this level of data transfer to some secure backup repository won't be a problem at all with current bandwidth.

Re:Problem = bandwidth.

[wfrp01]

Maybe true at home, but not true for campus networks w/ Gb+ infrastructure in place.

Re:Problem = bandwidth.

[gmuslera]

For internal networks where you have a lot of fast connected servers, sparing a bit of bandwidth and disk space to have a distributed backup across the LAN could be useful, specially when you can backup servers data in workstations and so on.

Re:Problem = bandwidth.

[elgaard]

Depends how much you need to back up.
For home use it could be very useful. Especially
if you only back up changes (like rsync).

The important stuff are things like:

1. Your digital photo album.
On average it probably grows >1 MByte/day.

2. Personal email and documents.
A few 100KByte/day if you use an efficient document format
and dont receive movies as attachments.

3. System settings, list of installed software etc.
Very small updates.

By important I mean stuff you would be missing the day
your house burns down.

Re:Problem = bandwidth.

Yeah, but if you're only using it to backup your most valuable data (financial generally), this isn't really going to be that large. Plus, stuff of that sort compresses well.

Re:Problem = bandwidth.

[Kentamanos]

A redundant RAID configuration gives you about as much protection as what you're talking about though (a LAN).

People want it distributed (outside of LAN range) to combat the threat of natural disasters, fires, or any other event that can wipe out a building.

Re:Problem = bandwidth.

[gmuslera]

If an accident happens where the RAID is stored I have problems, also this looks cheaper :)

I was thinking in a not very small place, but if bombing, a plane, a meteor, whatever, wipe out an entire building or more, well, distributing the backup across internet will be better.

Re:Problem = bandwidth.

[Kentamanos]

Yeah, the natural disaster type thing is the point. In certain industries, they expect you to write a disaster recovery plan with just such things in it.

But you're right, this is cheaper for some data than RAID.

Re:Problem = bandwidth.

[mark_lybarger]

writing a disaster recover plan ... $1000

implementing procedures corporate wide ... $10,000

having that plan be effective during an actual disaster recovery ... priceless

everyone has a plan. tests it and everything. but when the email server crashes, and the backup tapes cannot be recovered and the VP stores all their email on the server (it's backed up right?), the fan starts blowing little brown chunks all around.

Re:Problem = bandwidth.

[JMan1]

"Redundant RAID" is redundant. :) Sorry.

Re:Problem = bandwidth.

[Frymaster]

Bandwidth is still the most precious commodity in computing.

never underestimate the bandwidth of a station wagon full of dlt tapes!

Re:Problem = bandwidth.

Well, if you want infrastructure for "chuffing massive, hard-drive-sized hunks of data back and forth" and *then* some,, have a look at Celion Networks IPTS.

400 Gbps of pure Ethernet across 6,000 km anyone? How about 800 Gbps across 3,000 km? Would you like SONET with that?

Re:Problem = bandwidth.

[regen]

Except, what happend when you need to do a complete restore?

You might try to counter this by saying, how often do you need to do a complete restore? Well, we are talking about offsite backup. Usually when you have to go to offsite backup to restore something it is because you had some sort of catastropic failure and need to completely restore your environment.

Re:Problem = bandwidth.

[corvi42]

There is a solution to this - it is called rsync

Re:Problem = bandwidth.

[EvlOvrLrd]

Or Corporate Enterprise Networks with 5 platforms and 5Tb+ of data.

RTO and RPO will always drive the need to actually spend money for DR.

I rather spend the cash to test and ensure reasonable recovery in my home (just as, at work), than to take a chance by sharing with the world.

If I loose my house do to fire/flood, rebuilding my LAN isn't really a priority at that point. But will have my tape backup sitting in my cubicle to restore from when I am ready to.

BTW, if drives are so cheap, then mirroring the rootvg should make perfect sense. Loose the boot drive? Just point to the mirrored backup and keep going. Instead of purchase, load, get client and fetch/install (configurations, installed apps, keys, etc).

Re:Problem = bandwidth.

[NoMoreNicksLeft]

You paypal the other guy $2, and he express mails half a dozen CD's.

Re:Problem = bandwidth.

[waynemcdougall]

Ok, what about my Outlook PST file - 600 Mb and changes every minute or so?

Re:Problem = bandwidth.

[Kentamanos]

You know what I mean :)

RAID configs that actually allow you to have a disk fail. In other words, not RAID 0...

It's not like I said FAT table ;)

Re:Problem = bandwidth.

[_ph1ux_]

Eventually bandwidth will be eliminated as a problem for Joe Intyernet (obviously there will always be bandwidth bottleneck in some area of computing)

But the real issue is security and trust.

How do you know that your files are safe?

The solution could look a bit better if it was done like this:

Those that want to participate in the scheme assign a certain amount of space on their machine for the DIBS system. A client-like applet runs on the machine of the participating user.

After the user tells the applet to allow 2GB to be used in this system - the applet registers that space with the DIBS MBDB. (mega byte data base)

The MBDB assigns a key to the applet for encrypting the data.

When you register the space that you have available to the MBDB - the MBDB allocates an amount of space equal to that which you have reserved for use by others. (If you allocate 2GB for the DIBS - you get 1GB in return - of distributed space)

When you want to use space with the system the folowing happens.

You decide that you want 500MB of space to store some files. You tell the MBDB. MBDB checks your account and verifies that you have "space credit".

It then creates a virtual route for you. The MBDB provides you with an FTP URL to itself. The MBDB only provides you with half the amount of space that you have available because the system has to ensurethat your files stripe more than one machine.

anyway - thats just a rough stab at how I'd start to implement this.....

Re:Problem = bandwidth.

[Directrix1]

Yes, because all your data obviously fits in 3Gig.

Re:Problem = bandwidth.

media + postage + labor will come out to much more than $2.

Mind you, $50 for a backup of data that would otherwise be unrecoverable might be worthwhile.

Re:Problem = bandwidth.

[kasperd]

But the real issue is security and trust.

Of course.

How do you know that your files are safe?

By the use of a redundant sharing. You could split 1MB of data into 128 chunks of 4KB, now you do a redundant coding of those into 256 chunks of 4KB. Each chunk is then numbered, signed, and encrypted. Now you have 256 chunks of each 4192 bytes that you store on 256 different computers. You need to store information about the location which could take up 4KB locally.

Of course a problem remains, where do you keep the metadata needed to find your data? The answer is to store them by similar means and thus building up a tree of nodes. You of course still need to store the root of this tree in a safe location. But the root is simply encrypted and stored in a lot of locations each containing the full data. This piece of data needs an identifier which could be computed as a hash function of your username and password.

If you allocate 2GB for the DIBS - you get 1GB in return

That is basically the idea, though I think it is a litle too optimistic. I'd expect loosing a factor of 4-5 and not just 2.

And while we are at it, please mod parent interesting, I cannot do now that I have answered him.

Re:Problem = bandwidth.

[meme_police]

Totally agree. Even just backing up 100MB of my most important files over my ADSL line is a PITA. Forget about the gigs of pr0n and music.

dang

I guess we won't be able to slashdot this server, then.. there goes that idea.

Ok, start sending me your code, Blizzard

[Quarters]

I've got my terrabyte array setup. Your, "Worlds of Warcraft" data will be completely secure on my backup node.

Go ahead, send it.

I'm waiting....

Re:Ok, start sending me your code, Blizzard

Which supercomputers are you planning on using to break the 2048 bit encryption?

Re:Ok, start sending me your code, Blizzard

[Kentamanos]

See if you can get the sourcecode to TF2 while you're at it. Maybe then it might get released some day...

Re:Ok, start sending me your code, Blizzard

[Clay+Pigeon+-TPF-VS-]

Im still waiting for that... TFC is starting to get old. Its the halflife engine for god sakes.

Re:Ok, start sending me your code, Blizzard

[nullard]

This reminds me of the old Hotline "backup servers"

Re:Ok, start sending me your code, Blizzard

[Gojira+Shipi-Taro]

I think there is already a system like this. Something like Kazoo or Cuzaa... The RIAA uses it to back up their data...

Re:Ok, start sending me your code, Blizzard

rm -rf /distributed-backup-files/

Linus?

It's like what Linus said:

"Only wimps use tape backup: real men just upload their important stuff on ftp, and let the rest of the world mirror it ;)"
-- Linus Torvalds, after his hard disk failed

M.

Re:Linus?

Unfortunatly not many people will want to mirror my stuff.
BTW where is the ftp with Linus' important stuff?
I want to mirror it

Re:Linus?

[dattaway]

I put up all my pictures on the net and let google, the wayback search engines, and everyone else in the world archive it all for me.

Been a pretty good backup plan so far.

Re:Linus?

ftp.kernel.org :)

All my data and software...

[ackthpt]

All my data and software are backed up on crackers computers.

I'm not worried. %-)

Re:All my data and software...

[BillFarber]

Are you saying you only use white-peoples' computers for backup?

Re:All my data and software...

No, he's just confessing that he 0wns Nabisco.com.

He's keeping his data there for now but soon the delicious recipes will be replaced with .... GOATSE MAN!!!

Re:All my data and software...

[BigJimSlade]

All my data and software are backed up on crackers computers.

Did you mean to say "All your backups are belong to crackers"?

do this with schools

[octalgirl]

We do this with neighbor school districts. We also backup all buildings, over the WAN and at night, to a file on the hard drive of another building. We do this in two places, so backups criss-cross. Because of the size and time it takes, this can only happen at night and only one building per night, so there is a downside. But if a building goes down, I know I have a secondary (besides the tape in that building) to fall back on.

Re:do this with schools

[pmz]

We also backup all buildings, over the WAN and at night, to a file on the hard drive of another building.

I think this is also common among universities for registrar data. At the univerisity I attended, there was a big-ass HP server at each corner of campus running replicated databases. A disaster would have to take out several square miles of land before all hope was lost for the data. This makes all but atomic or cosmic disasters survivable.

Re:do this with schools

[docbrown42]

We do this with neighbor school districts. We also backup all buildings...

Isn't that kind of difficult. I mean, where do you find all the bricks to back up an entire building, especially every night!

Re:do this with schools

[medscaper]

We also backup all buildings, over the WAN...But if a building goes down, I know I have a secondary (besides the tape in that building) to fall back on.

Ahhh. You must have figured out the quantum problems people were having in the other story. Maybe you could hop on over and let them know?

Not file sharing but could offer something to it

File sharing engines could take a lesson from this tool, in expanding the collective database. If people were forced to have data on their computer vs just having what they download, it would improve efficiency of the network and increase the number of searchable files.

I don't trust you...

to store my data. why should you trust me?

Backups are for wimps. Had to be said.

[imag0]

"Backups are for wimps. Real men upload their data to an FTP site and have everyone else mirror it."
-Linus Torvalds.

Re:Backups are for wimps. Had to be said.

[caluml]

It only works if the content of your harddrive is worth anything :((

Re:Backups are for wimps. Had to be said.

[markogogo]

Who wouldn't want porn, MP3's, and movies ?

Or...

[SonicBurst]

...just share everything on a P2P network. Then, after a crash, just fire up your favorite client and go get your invaluable porn^H^H^H^H data files!

Re:Or...

[Frymaster]

or... just seat up a drbd "lan" mirror via vpn.

the drawback to drbd is that it's not encrypted on the backup device. the advantage is that you can hook it up with something like heartbeat to have failover.

Not needed

[grub]

There are lots of .ISOs, MP3s and DivXs out there as my backup.

"Cut 'n Paste" stories

[Roarkk]

What's with all of the "cut and paste" stories lately?

One of the things I like about Slashdot is the different takes on existing news presented by user submissions. Lately, though, many stories seem to be just copied directly from the link's website.

Huh?

Why in the world would I ever put my data on someone else's machine? I spend my life keeping people out of my network.....

Re:Huh?

From the linked site:

DIBS encrypts all data transmissions so that the peers you trade files with can not access your data.

Further, from the documentation,

Security
DIBS uses Gnu Privacy Guard (GPG) to encrypt and digitally sign all transactions. Thus you can be confident that even though you are sending your files to others for backup, your data will remain private. Furthermore, by using digital signatures, DIBS prevents others from impersonating you to store files with your peers.

Re:Huh?

Not being too familiar with this and not delving too deep, is the data all on one computer, or split?

Wouldn't it be more secure to put one third of each file on twelve different computers? Then when you need it, fold all the encrypted pieces back together again. That way-- even if the do crack your code, all they have is gibberish.

Or is that how it's done?

Uhm. No... It's Been Out For Ages Already.

[Bowie+J.+Poag]

Distributed Internet Backup System = Gnutella

This is being done already

[kippy]

For all the fun files anyway.

Security?

[vano2001]

What if it is sensitive data? Do you think even with all that cryptography and secure computing blabla people will trust storing their important files on other people's computers? think not. There are companies who put their backups into safes ... ask *them* to put it online on a slashdot reader's PC. See what they answer. Freenet and similar networks are only good for general [public] domain data

Re:Security?

[Dan+Ost]

I think it is safe to say that this solution is
not intended for those customers. However, there
is no reason why a large company couldn't use
something like this but limit the network to only
use machines owned by the company. There is no
reason that this solution can't limit the
computers allowed to be dumped to.

Re:Security?

You obviously didn't bother to read the link before posting. DIBS uses GPG for encryption so that remote backup nodes can't make sense of the data they are backing; assuming there aren't any bugs in DIBS's usage of crypto, it should be quite secure.

But hey, better to make an intelligent-sounding comment than to actually bother to investiage it first.

VI

NILLA 4 EVA!

Re:Security?

[Quimo]

Some companys and most goverment entities require that some data may never be in the hands of an untrusted third party. In these cases it doesn't matter how safe the encription algorithm is they just can't make use of it. However making use of the software internaly would be a good idea. Most of the bandwidth problems would be solved by using it internaly as well.

Re:Security?

[Guido69]

I agree. This may be a perfectly fine way to back up your terrabyte ogg/mp3/pr0n archive, but no way will any major corps take it seriously. Has nothing to do with how secure it really is, but more on executive perception.

Want A Backup?

[Acidic_Diarrhea]

Just copy your drive to another drive, oh say an 80 gig drive or so [make sure it's at least 80 even if you're only backing up a gig of data, this is important]. Then just ship the drive to me. I'll watch over it like a hawk. Heck, I'll even throw it into my machine so that I can monitor the drive and make sure no one is tampering with the data. Also, I'll be storing my data on there as well, but you already knew that. And this way, it's distributed! So you get to use that word! I mean, "distributed computing" is an important field of research but it's starting to get to the level of mindless buzzword because non-CS people are using it so much. Certainly it'll never be as bad as the buzzwords that the software engineering managers throw around, but it's a problem.

Hello extreme programming fans? Please leave the building.

Re:Want A Backup?

HA ha!

The funniest thing is, I experienced your nickname this morning. God DAMN!!

Who knew peanuts could create such shooting, liquid feces..

Re:Want A Backup?

ah-- peanuts.

I once ate one pound of peanuts the night before an 18k running event.

Fortuantely, they were all expelled before I got to the starting line.

Ridiculously stupid

[unterderbrucke]

How would this work? We all can't be assigned the small part of the internet, and be told to download it. Also, if the internet is down, it is most likely that we won't be able to access the internet either.

I can't see this being a go, any time soon.

[saskboy]

As has been mentioned already, [no this is not redundant, because I am writing this myself] the potential for data being stolen is too great an issue to overlook. This is not a viable option because the potential for theft is too great, and no ammount of encryption will make a difference. Encryption will always be broken.

Re:I can't see this being a go, any time soon.

[Kailden]

True, but in some lights having a backup at all is insecure. But, if you have confidential information, I would not imagine you would choose this as your solution---I would envision that this would be more for stuff along the lines of personal photographs and other nostalgia...and perhaps term papers...in other words, the set of stuff that is not confidential and is not something like videos and mp3s that everyone wants to share. I guess for truly confidential data , your best security is locking your computer in a room, and your only backup would be that USB drive you carry around your neck, under your shirt, next to your gun.

Re:I can't see this being a go, any time soon.

[Delos]

"Encryption will always be broken."

Huh? If this is the case, why aren't you spending time breaking the encyption in ssl in order to pick up some credit card numbers instead of posting stupid comments on Slashdot?

Re:I can't see this being a go, any time soon.

[Jester99]

Encryption will always be broken.

That's not neccessarily true. Algorithms can be mathematically shown to be at best brute-force crackable. With a long enough key, that could be shown to take at least as long as you're alive.

And even if all encryption can be broken.. So? My mother's a school teacher. She works for hours every night on lesson plans for her third grade class, making sure she has dittos and lessons and things. She backs up regularly, because if the harddrive went down, *months* or years of hard work would be lost.

It'd be nice to encrypt it if such data were sent over the net. But you know what? Who really cares? If my mom's lesson plans are decrypted, sure, maybe some enterprising third grader somewhere will get an advance peak at the next arithmatic test, but really, it makes no difference. Still, having off-site backups would be a *good* thing for my mom.

If your data is mission-critical and MUST be kept secret, well, then you do what you have to do -- send tapes to Iron Mountain, or whatever, but for the other 90% of us, the photos of our friends, etc, are nice to have automatically backed up to some offsite node, but it really doesn't matter if somebody sneaks a peak supposing the encryption's broken.

Re:I can't see this being a go, any time soon.

>Encryption will always be broken.

Provably untrue. Use a one-time pad* on your data beforing storing it, no-one will ever be able to access it.

*Properly.

Re:I can't see this being a go, any time soon.

>Encryption will always be broken.

Trivially, provably untrue - as you'll know if you knew anything about encryption. Use a one-time pad on your data and no-one else will ever be able to view it.

Note for pedants: This is only true if you implement/use the one-time pad system properly. Ie use truly random data, and don't reuse it.

Re:I can't see this being a go, any time soon.

[timeOday]

...and no ammount of encryption will make a difference. Encryption will always be broken.

Why do you believe that? It's entirely possible that there is no way to break strong encryption (brute-forcing is not "breaking"). There's no sound reason to assume a flaw exists.

The world's militaries and intelligence agencies are transmitting classified information through your body at this very moment (satellite downlinks, for instance).

I'm not pretending there are absolute guarantees, but IMHO your data is much more likely to be disclosed by a burglar or by an FBI raid than by some cryptographic breakthrough.

Re:I can't see this being a go, any time soon.

[42forty-two42]

Really? Let's see you brute-force a 65536-bit DSA key, then...

Re:I can't see this being a go, any time soon.

[saskboy]

If I comment further on that, I may go to jail.

So you'll just have to wonder.

Re:I can't see this being a go, any time soon.

[saskboy]

I think the Sircam virus backed up a Juan "Somekid's" report card to my email. Too bad for him, I deleted his report card along with the virus that sent it to me. Encrypted, this might not have been such a bad thing, except as it was, I had a confidential document pertaining to a kid in a state 2000km away, and no easy way for the teacher to know that I had a "backup".

Maybe implemented as effectively as Sircam was, with strong encryption, on non-confidential documents, and with an easy way to find the backups this *might* be a good idea. As it is now, I don't think so.

Re:I can't see this being a go, any time soon.

[GlobalEcho]

I agree that the sentence frament you quote is untrue. But for this particular application, one might legitimately ask:

How do you plan to back up that one-time pad?

Re:I can't see this being a go, any time soon.

If you really want access to my credit card number, I'll give it to you. You can even have all the money that's left in it. Feel free to pay off the balance and restore my credit. :)

Re:I can't see this being a go, any time soon.

[MyHair]

How do you plan to back up that one-time pad?

Simple. Use a "trusted" third party! Like maybe the U.S. government, Verisign or Paypal.

Re:I can't see this being a go, any time soon.

[dcmeserve]

> Encryption will always be broken.

Theoretically true, perhaps, but practially impossible if you use a big enough key.

But there's another concern too -- if some chunk of your data exists *only* on some random person's hard drive, how can you be assured that it'll be there when you need it? Maybe that person won't have his computer on, or the drive will have crashed, etc. You can have multiple copies of everything, but there's a better way: error-correction encoding!

This would be just like a RAID array. The data would be split up among random host machines (every Nth bit goes to host 1, N+1 goes to host 2, N+3...), with extra redundant bits added accoring to the encoding, such that the data can be recovered 2 or 3 hosts aren't accessible.

This would also render your data very difficult to steal -- unless the theif could somehow find where enough of your different bits are being stored.

Re:I can't see this being a go, any time soon.

1) brute-force a 65536-bit DSA key
2) ?
3) PROFIT!!!

Re:I can't see this being a go, any time soon.

This would also render your data very difficult to steal -- unless the theif could somehow find where enough of your different bits are being stored.

It'd be very hard for you to recover the info unless you knew where the data was. And if you can search to find it, so can anyone...

Re:I can't see this being a go, any time soon.

[dcmeserve]

Yeah, there'd have to be a server to keep track of where it is, and to keep updating it as it gets shifted around -- and if someone cracks into the server...

Re:I can't see this being a go, any time soon.

[Doomdark]

This is not a viable option because the potential for theft is too great, and no ammount of encryption will make a difference. Encryption will always be broken.

If you are saying that no encryption method can be proven to be 100% secure, sure enough. But such total proof is unnecessary, just as with all real-life encryption. Are you saying SSL (or SSH for that matter) is useless because there's a slight chance somebody somewhere someday might be able to crack such communication?

It all depends on feasability of acquiring such data from competitor (enemy, whatever), compared to other methods. With reasonable encryption being used combined with fairly simple distribution of parts of incomplete data (say, your backups split into multiple pieces of which certain number are needed to be able to recover), decryption by non-owner requires not only tons of brute force (or a new yet unknown decryption without key), but also lots of co-operation from parties that actually host backed up data.

At which point perhaps it just seems that there are better ways to steal your data than try to obtain encrypted backups and crack it open.

Re:I can't see this being a go, any time soon.

Copy the cd, stick it in a safe.

Would this work in the current [US] legal climate?

[Michalson]

What is to say that the FBI/RIAA won't come to your house, claiming you have terrorest information/stolen music stored on your harddrive? And assuming it was true, would you be legally/crimminally liable for it? This gives a whole new meaning to the excuse "well I was just holding it for a friend".

Too bad...

[citking]

I wish the article/README had more information in it about using this, how much it's been tested, if any major businesses/power users are using it, etc.

Otherwise, excpet for the lack of available, easily-accessed FAQ and documentation, this sounds like an awesome idea. How many others have this same opinion?

Roll your own

[peterdaly]

I have a shell script that sends contents of a directory on my home systems to a machine of mine at a hosting company in another state, and vis-versa. Cron runs it on a nighly basis.

I always figured it was a fairly common thing for "data conscience geeks" to do.

Of course this is aimed at users who don't have their own off-site servers.

-Pete

Re:Roll your own

[ptomblin]

As well as doing that (using ssh and rsync), I also tar and feather up /home and a few other important directories on a nightly basis, and copy them to my iPod.

And I gave a friend of mine an FTP account on my system so he can copy his files to my system.

One of these days I'll get off my ass and reinstall the DLT drive that I bought off eBay. I had it working for a year or two, but I had power and heat problems on my machine and took it out.

Re:Roll your own

Of course this is aimed at users who don't have their own off-site servers. I just use the personal web space my ISP provides (for free) as backup storage instead of a home page.

Old school warez

[azoidx]

reminds me of pre-napster warez. just "back your stuff up online" and forget to set directory permissions ...

Liability

[R2.0]

Will you be liable if someone stores kiddie porn on your drive? Maybe not ultimately, but that won't keep you from being arrested, your computer confiscated and your name trashed in the meantime.

RIAA and MPAA will love this!

[Syowr]

With this system all other P2P networks will go bye-bye
Why bother searching for files when I have my friends 200GB movies and mp3 collection backed up on my machine!
Its not copying its a Back-up! 8)

__Syo

I like the Dice.com banner ad...

[Queelix]

...when I just read on www.fu**edcompany.com that they are bankrupt.

There goes the new slashdot server I guess.

Q...

You Don't have to dummy...

[JohnnySkidmarks]

The whole point is it will be distributed. So If one jerk-off looses your encrypted data (in case that's what you mean by "trust") then there are 10-10000 other competent people to fall back on.

Don't trust them to return your files

[PepperedApple]

It's not so much that I wouldn't trust someone not to break the encryption, but what if the person who's holding your backup copies gets tired of giving up disk storage and just deletes the software from his/her computer. Or what if their computer happens to be off when you want to retrieve the backup?

Re:Don't trust them to return your files

[Salamander]

what if the person who's holding your backup copies gets tired of giving up disk storage and just deletes the software from his/her computer

That's the same as a simple failure, which the software is designed to handle anyway. What's not clear from the documentation (and I'm too pressed for time to read the code right now) is whether it does The Right Thing when a peer comes back.

Re:Don't trust them to return your files

[gottabeme]

From what I can tell, this isn't really designed for anonymous backup trading. This is for organizations, perhaps, who have computers in different places, and want to automatically backup across the Internet. Or maybe a group of online friends who have extra disk space and are willing to share it among their friends.

Re:Don't trust them to return your files

[bcrowell]

Right. The concept works fine if you control both machines, though. I use Unison, for example. It's a way of synchronizing my files on three machines (work, home, and server), and it's also a form of backup. I still make backups on DVD, but having a network backup is more convenient, and I can do it more frequently.

Bandwidth isn't such a big issue in my experience. I have a modem connection at home, but I only use Unison for synching some stuff, not everything, and it only backs up files that have changed.

i can already imagine...

the court battles, the claims that "it was meant for legal backup purposes but we can't control what our users do"... Why not just go ahead and tape a "DCMA Me" sign on it's back?

Interesting theory...

[Justen]

It's not a bad idea. The website talks more about security (PGP) and such, which would be my primary concern. (My porn, not their's...)

Seriously, though... Just as with P2P networks, it depends on a strong, diverse, and reliable mesh. Any natural disaster, bandwidth failure, or even power failure could wipe out most, if not all, of your peer backups. Tried and true remains for me.

jrbd

What we NEED is

[TerryAtWork]

affordable jukeboxes.

People should be able to burn DVDs and have a keg-refrigerator sized juke box with a few hundred of these in it hooked up as a near-line SCSI device.

You CAN get these but the cheap ones are 25 grand.

Anyone know why they're so expensive? I'd love a non-volitile terabyte or two.

Re:What we NEED is

[Dan+Ost]

Anyone know why they're so expensive? I'd love a non-volitile terabyte or two.

Probably not high-volume enough to justify mass
production.

Re:What we NEED is

> Anyone know why they're so expensive?

Because there's a good deal of custom-produced, high-precision robotic engineering involved in making a jukebox that doesn't occasionally scratch or break your media. High quality mechanical gear is expensive, even in these days.

Re:What we NEED is

[TerryAtWork]

Well, for $100 USD you can get a carousel 100 CD player that has most of the parts needed to do this and every bar has a CD juke box - they can't be THAT hard to make.

Seems like something some electrical engineer grad student would convert as a hobby, maybe announce it on Slashdot.

Privacy

[WPIDalamar]

I certaninly know my company would never give it's confidential data to others to backup ... and isn't that the most important type of data?

The obvious solution is to encrypt. BUT ... how long will encryption of today last? If I have plans for a product that will last 15 years, I don't want the plans out there to be decrypted in 10. Also... where do I store my decryption key? If that get's lost, I might as well have no backup at all.

And what if

[Apparition-X]

I grant that personal backup is time consuming and it is tough to find a good method without resorting to expensive tape or hundreds of CDs. But as intriguing as this approach is, there seems like a lot of problems with it.

What if the reason you need to do a recovery is because your system with internet access is toast? How long does it take to restore several hundred thousand files? What about peers that drop off the network, or that are only on sporadically (no, that never happens in peer to peer filesharing networks!).

Even aside from the issues of speed of restoration, I can't imagine too many circumstances in which you want to rely on a internet network connection as a prerequisite for a successful restore... Although perhaps as a way of complimenting existing backup methodologies (i.e. backup root and critical config information to tape or CD, and the rest of your schiznit to DIBS) this might have a place.

Re:And what if

[TheRaven64]

What about peers that drop off the network
I'm far to lazy to actually read the documentation (who read docs anyway, right?) so feel free to correct me, since what follows is entirely made up:
I assume that this system uses a varient of Shamir's alogrithm, which splits a file into n chunks, the original file can then be recreated from any m of these (where m and n can be determined at run time. In this case, the data chunks would be scattered across the network, and as long as m nodes were active, the file could be recreated.

Doesn't work.

[Rhys]

Okay so you have your data on the remote machine encrypted with your PGP key. Which you kept on your local machine, or maybe you kept it on a floppy or usb keyring by your local machine.

Disaster strikes. Byebye local machien, byebye PGP key. How exactly do you recover now?

Re:Doesn't work.

[flaez]

just hire a yogin to recite your private key as his secret mantra. we all know religious knowledge has the longest life expectancy.

OK, admit it...

You have a bot that alerts you anytime a new Slashdot story contains the word "distributed" ...

Re:OK, admit it...

[grub]

You have a bot that alerts you anytime a new Slashdot story contains the word "distributed" ...

Haha, good idea but it's not true. :)

Re:OK, admit it...

[Nugget]

grub doesn't, but I do... ]:8)

Bandwidth use could be a problem...

[vwpau227]

I think the idea behind DIBS is sound, and it's something askin to what I have done with my own networks with PCAnywhere and VNC to acess remote computers to create backup copies of sensitive data off-site.

However, the problem that I have seen with this method is bandwidth. Even standard DSL/Cable broadband (what most businesses that I am involved with use for Internet connectivity) doesn't have enough bandwidth to transfer multi-gigabyte backups in a reasonable amount of time (not to mention in the era of bandwidth caps and overuse surcharges, I am not sure if it's even worthwhile). With dial-up Internet access, it would be even worse.

Plus, in the end, taking a copy of the data off-site on a regular basis isn't that terribly hard to do, is it? It's cheap insurance.

First rate idea

[mao+che+minh]

I hereby volunteer to aid in the storage and backup duties of everyone's data that has at least three instances of the letter "x" or the string "britney" within it's file name. This is because my backup scripts only save files that satisfy these requirements. In return, could someoneplease help me store my vast collection Star Trek bloopers. It's just funny to hear Patrick Stewart cuss.

Additionally, I extend a warm hand of support to Microsoft. I will accept any request by chairman Bill Gates to store sensitive files.

Re:Would this work in the current [US] legal clima

[kryzx]

This is actually a good question. If I back up my music file on your computer, does that fall under "fair use"? Would whether you access them or not effect the legal position? Is it possible to build something like this so my files can only be accessed, or at least can only be decrypted, by me, and hence are not usable to the person providing the disk space? If so, would that change the legal implications?

This raises all sorts of interesting questions. Unfortunately the answer to all of these questions is most likely "we won't know until it goes to court and there is a ruling to estabish precedent."

So the truth is out.

[nlinecomputers]

So THAT is what happend to Duke Nuken Forever!

Re:So the truth is out.

>So THAT is what happend to Duke Nuken Forever

Clearly there is no reason for a game to be...what is it now, 6 years late? Obviously its just a joke, and the game will never come out. I wonder just how long other people are going to take to work this out. Whatever comes out now, people are going to say `it's ok, but nothing special - certainly nothing that needed that much time`.

Re:So the truth is out.

[SScorpio]

I can't really say it's 6 years late... 2 maybe 3 years sure but not 6.

On a side note Neverwinter Nights was in developement for 5 years and won best RPG of E3 for 3 years in a row.

DNF willcome out. I'm just not sure it will meet anyone's expectations with it taking so long. Think Dikaikatan.

Re:So the truth is out.

Think Dikaikatan.

I hate to correct spelling, but you really butchered "Daikatana" as bad as I've seen anything butchered :P

Use the Preview Button

[Acidic_Diarrhea]

"DCMA Me"? Should have used the preview button! Now I'll be forced to taunt you.
Let's see, DCMA could mean...
1. Dot-Com Managers Attack (me)
2. Donkeys Can Marry Anyone
3. Disney Cuts My Ass
4. Dork Courier Management Act [surprisingly, that could actually be on-topic since couriers are now being overpaid to take tape backups to offsites]
5. Don't Comment, Mod Away
I'm not feeling very witty this morning.

By the way, I'm not going to use the preview button before posting this so if my list is f'ed up, it's your fault for promoting the non-use of the preview button.

Re:Use the Preview Button

howabout "Dumb Cunt Mocks Anyone"?
i think u missed the point of his post

Re:Use the Preview Button

No, I don't think I did miss the point of his/her post. Thanks for your valuable comment though! It was, to say the least, uninspired. I appreciate your addition to the discussion. I'm sure at parties you're always that guy who nods his head a lot and says "uh, yeah." But deep inside, you've got many witty lines zinging through your head. You always keep those to yourself right? :D

Re:Use the Preview Button

[TamMan2000]

His was funnier than any of yours

Re:Use the Preview Button

so what if you're a nig?

Now everyone gets kiddie porn

Well, maybe not since those holding it wouldn't be able to identify it. But it still could be used by the peds to keep their machines free of the meterial.

Passwordless key? BAD!

[runswithd6s]

The first problem I see with this is that there is no reason to use a passwordless key. The only reason you would want to do so is to actually sign the data file. Signatures should NOT be done automatically, since they mean nothing. If you really want to sign the data file w/an automated signature, create a key just for signing, but use your 2048 bit key for encryption. Remember, you don't need a password to encrypt data.

Now, I haven't looked at the code yet, but I'm assuming that the python script is simply a wrapper around an HTTP server, a MD5 or SHA1 hashing algorithm (for the filename), tar, bzip2, and some meta database to keep an index of files backed up.

That being said, it's not a bad concept. If you have a trusted friend that will allow you to back up files on his machine, this wrapper should operate nicely. Otherwise, you can always do it by hand.

perhaps not p2p, but obviously related....

[smd4985]

"Note that DIBS is a backup system not a file sharing system like Napster, Gnutella, Kazaa, etc. In fact, DIBS encrypts all data transmissions so that the peers you trade files with can not access your data."

as much as the page says it isn't a file sharing system, it essentially is - a special-purpose, secure file-sharing system. as a p2p developer, i know that this system could be built off gnutella and benefit from some of the innovations occurring in gnutella land.

Re:Not file sharing but could offer something to i

It's called Freenet

Private Peer to Peer (PP2P)

[4/3PI*R^3]

This is just the next evolutionary change in P2P. Encrypting data and exchanging the encryption key so that only those "in the know" can exchange files and the *AA groups don't know what you are trading.

In the "Pefect Example of Talking Out of Both Sides Of Your Mouth" Department:

This is posted on the home page:
Note that DIBS is a backup system not a file sharing system like Napster, Gnutella, Kazaa, etc. In fact, DIBS encrypts all data transmissions so that the peers you trade files with can not access your data.[emphasis mine]

This is posted on the documentation page:
Make sure you give your gpg public key to any peers you want to trade files with.[emphasis mine]

Re:Private Peer to Peer (PP2P)

[Glass+of+Water]

You're absolutely right about this being the next step in p2p.

As for file trading, I figure the author is just trying to clarify that the intended use of this thing is not exchanging warez and mp3s.

It somehow seems a bit prudish to even point out that this system could be used to trade files that the [ri|mp]aa don't want you to. I mean, in the same way, a file server, a web server, and email are all tools to do that.

Re:Private Peer to Peer (PP2P)

[ssdairy]

This is posted on the documentation page: Make sure you give your gpg public key to any peers you want to trade files with.

That warning deserves to be repeated (and amplified a little). If the remote storage site has your public key, it can decrypt files encrypted with your private key. In other words, the remote storage site can read your backed-up files unless you encrypt them a second time with a different key.

The public-key encryption verifies to the remote storage site that your backed-up files came from you, and verifies to you that files you retrieve weren't modified, but it does NOTHING to protected you from a nosy remote storage site operator.

Re:Private Peer to Peer (PP2P)

[Slayne]

Wouldn't your files be encrypted with your public key so that only you could decrypt it with your private key? This is normally the way things work with public/private key encryption.

Re:Private Peer to Peer (PP2P)

[Dan+Nordquist]

First, I think you're misunderstanding the point of DIBS... a public key is required to encode, but doesn't do any good for decoding, so giving someone your public key only allows them to give you things you could decode.

I wouldn't read too much into the fact that they say you're "trading files"... because that is, after all, what you're doing, even if you can't read the files that you recieved in trade.

On the P2P thing, I'm not sure public key cryptosystems would be advantageous at all. First off, the public keys would uniquely identify the participants. On the other hand, if a P2P client were to generate its own keys, then it would be trivial for authorities to join the network and see the traffic unencrypted.

There might be interest in "private" P2P, but that kind of defeats the purpose of P2P, right? Getting files from unknown sources and searching millions of clients worldwide?

Napster would have been boring if it were just me and my friends.

Re:Private Peer to Peer (PP2P)

[ssdairy]

Ah, rats. I got it backwards. I've been doing too much GPG signing and not enough encrypting. Sorry.

Re:Private Peer to Peer (PP2P)

[Rich0]

Wouldn't your files be encrypted with your public key so that only you could decrypt it with your private key? This is normally the way things work with public/private key encryption.

Ok, I haven't gone through the source to this, but if they are smart they will:

1. Create files with backup data.
2. Encrypt said files using the public key.
3. Compute hash of encrypted file.
4. Encrypt hash with private key.
5. Send encrypted file #2 and encrypted hash #4 to recipient.

The recipient can decrypt the hash using your public key and thus verify that the file was transmitted correctly and originated from you. To detect tampering with local data by a hacker the recipient could even store the encrypted hash and periodically recompute the hash - a hacker could tamper with the encrypted data, but could not create a new hash without the private key which isn't even known to the owner of the computer he hacked into.

The recipient CAN NOT read the encrypted datafile itself as it was encrypted using the public key and can only be decrypted using the private one.

I'm wondering if a simple mechanism could be used by the recipient to prove to the owner that he still is retaining the files - so the owner could remotely test the archive integrity. Sure, the owner could just ask for a copy of the files and decrypt them, but that would require heavy bandwidth. The owner should be able to prepare a challenge which tests the integrity of the data store that the archiver can only respond to correctly if they possess the entire store.

Remember, the owner of the data should have a mechanism to ensure the data is being properly archived. Even if the archiver is trusted they could have a faulty archive because of a disk error that they are unaware of.

Re:Private Peer to Peer (PP2P)

[twemperor]

1. Create files with backup data.
2. Encrypt said files using the public key.
3. Compute hash of encrypted file.
4. Encrypt hash with private key.
5. Send encrypted file #2 and encrypted hash #4 to recipient.

I believe the idea of the poster for making this a filesharing system, was that you could share your encryption key with select individuals.

For example, say you encrypt the data with AES, you keep the AES key secret. And like above, you could digitally sign the file to verify integrity. But all you would need is another level of encryption, where your friend could send you their public key, you encrypt your secret AES key, and then voila- you can send the secret AES key and they can open the files you stored with them. This is only an evolutionary step.

As far as I can see, this scheme would readily prevent the *AA from knowing the contents of the files that you share. Unfortunately I can't see any way of indexing the files for searching that keeps the files you share private and secret.

Oh well.

Re:Private Peer to Peer (PP2P)

Host-host connections should be encrypted with something like SSL - there is no way to stop man-in-the-middle attacks without signed host keys, but this is simple. (Simple to explain, not do.) Design the protocol so that mitm attacks don't matter.

Whereas, nym-nym communications, which take place on top of the host-host layer, should be entirely unique. No-one said the participants have to present them for download, which should be anonymous at all times, or that a host can only have one nym key, or that the nym key can be matched to a host (due to forwarding).

Freenet's SSKs use a signing key, and although the author is uniquely identified as the author, no-one knows who the author is - a property known as psuedonymity (which is what we're going for in the flip side of the legit P2P field - psuedonyms and groups of psuedonyms associated with signatures can still have a reputation... making release forgeries impossible, and corruption can be reported).

As for just you and your friends, that is the great granddaddy of all "darknets", sneakernet. It's often the single best source you have, don't overlook it, as it's the one the Microsoft Research group identified as the one that's both (A) impossible to stop, no matter what and (B) terrifyingly effective, if a little slow sometimes. (Especially when combined with a LAN party or swap meet.) Windows file shares at university campuses are particular gems, though rarer now, after Nimda - open, in-the-know FTPs only open to the campus are still very common, though.

The sources you get the files from, arguably, should be unknown - it is the publisher of the files (via nym of course), and the integrity of the files which you want to authenticate.

Re:Private Peer to Peer (PP2P)

[Rich0]

As far as I can see, this scheme would readily prevent the *AA from knowing the contents of the files that you share. Unfortunately I can't see any way of indexing the files for searching that keeps the files you share private and secret.

At this point we're talking about practically re-inventing Freenet... It has an indexing solution, but it is anything but intuitive and easy-to-use.

If you don't have indexing, then really you could just have everyone just run an FTP server on their desktop and create accounts for their friends. That doesn't require much in the way of tech. You could just create an automated client that periodically indexes the files on every server you have access to, or which queries them all on demand. The real power of P2P though is in anonymous access. If folks only shared with their friends the *AA wouldn't care nearly as much anyway.

Re:Private Peer to Peer (PP2P)

[wfrp01]

if it were just me and my friends

And your friends friends, and their friends, etc. Google for 'web of trust'.

Real Men

[Phroggy]

"Backups are for wimps. Real men upload their data to an FTP site and have everyone else mirror it." - Linus Torvalds

Also compare rdiff-backup and duplicity

[wfrp01]

Some nice folks at Stanford are also creating a different flavor of network backup called rdiff-backup. I'll just plagiarize the description from the homepage:

rdiff-backup backs up one directory to another, possibly over a network. The target directory ends up a copy of the source directory, but extra reverse diffs are stored in a special subdirectory of that target directory, so you can still recover files lost some time ago. The idea is to combine the best features of a mirror and an incremental backup. rdiff-backup also preserves subdirectories, hard links, dev files, permissions, uid/gid ownership (if it is running as root), and modification times. Finally, rdiff-backup can operate in a bandwidth efficient manner over a pipe, like rsync. Thus you can use rdiff-backup and ssh to securely back a hard drive up to a remote location, and only the differences will be transmitted.

The homepage also links to a project called duplicity, which operates on a similar principle, but uses GnuPG to encrypt data to prevent spying/modification.

Re:Also compare rdiff-backup and duplicity

[glesga_kiss]

Some nice folks at Stanford are also creating a different flavor of network backup called rdiff-backup.

Yes, it looks like a great solution, I've been looking into this lately. The only downside is that the remote system can access and change your data as it's not encrypted. The actual communication of the data can be wrapped in SSL or through a SSH tunnel, so that part is secure.

You can only use it amongst people you trust, for non-personal data storage (unlike the linked article). I am presently trying to persude a friend to implement this, or possibly rsync to back-up my large media drive.

With rsync however, we get another advantage...we both can access and add to the data store, with confidence that the data is pretty safe. Who needs p2p when you have all your friends media available to you as well as your own? ;-) Get a new album, it gets copied across at some point during the night.

Re:Also compare rdiff-backup and duplicity

[ry4an]

I use both rdiff-backup and duplicity, and I can't speak highly enough of them. Top notch software. Easy to use, well documented, and with great functionality.

Re:Also compare rdiff-backup and duplicity

That's what 'duplicity' is for. The data is stored on the remote system as encrypted increments. To be used one must have either the password or the right private key depending on whether or not you selected symmetic or asymetric encryption.

REcord Companies

[Madcapjack]

Of course the record companies wouldn't like you to backup your legitmately bought mp3's on a p2p network.

This idea is not new

[fudgefactor7]

It's been discussed (and even tried) before, the problems were many, namely security speed, and availability. One cannot guarantee any of those three every important variables. As a result it (the idea) died a horrible death--let's hope it dies again.

Re:This idea is not new

No, be fair. I mean, whats wrong with trusting your most valuable property (ie IP) to the sort of people you've just spent thousands on firewalls to keep out of your data in the first place?! Seems reasonable to me!

Re:This idea is not new

[sootman]

I strongly disagree. No, it's not perfect for *everyone*, but what about the 400 Macs I help manage, which will all be running OS X within a year? We've got a 10/100 LAN in place that goes unused about 14hrs/day, and all these new Macs with 20 to 80 GB drives. (Today's entry-level G4 holds 60 GB; our current order is for 120s.) We've already started looking at something like this, since we've got more free disk space on the floor than total server space. So, let's se--security? check. Speed? Got it. Availability? You betcha. OK, we're ready. Here's to hoping it lives a wonderful life, rather than die a horrible death. Just because you can't back up all your DivX's over your dialup connection doesn't mean this is no good for anyone.

Re:This idea is not new

Ok, I'll take security and speed. I don't need much availability. It's a offsite backup. If my building does burn down, I can handle a delay getting the data back.

Of course I also want reliability, but you never said I couldn't have that.

Re:This idea is not new

[jc42]

Indeed it's not. Several years ago, Linus Torvalds commented that the best backup approach was to make your files so useful that others would volunteer to back them up on their machines.

He seems to have been fairly successful at implementing this scheme.

I've used it myself. I have a bunch of online stuff that has resulted in several people volunteering free login accounts on their server machines if I would mirror my stuff there. I have an rsync running right now to update one of those machines from my primary server. It's chugging along nicely, despite the 5000-km separation between the two machines.

Some of the files have nothing to do with the online stuff, but they don't seem to mind.

Re:Would this work in the current [US] legal clima

[Michalson]

Unfortunately I think it would be bad *either* way. Now since "stolen music" is somewhat debateble here on /., and most people aren't too worried about being charged with terrorism, I'll try something more clear cut: Kiddie pron. Ruling 1: You are responsible for what is on your HD Result: Someone backs up their illegal pics to your harddrive (you don't know this because it's encrypted), you (innocent) get charged for it and sent to jail. Ruling 2: You are not responsible for encrypted content that appears to have been generated by this netbackup program. Result: Every pedophiles dream has come true. They simply encrypt their stuff and spoof it to look like someone elses backup file. They are now immune from procecution because "it's someone elses". Same applies to anyone else that wants to store something illegal on a computer system. Obviously there needs to be a way to positively indentify who "owns" what content on your harddrive before a system like this could become [legally] safe.

Fault Tolerance?

[nlinecomputers]

I haven't had the chance to read the article yet. Just skimed the site. How fault tolerant is this? What happpends if I need my data and a chunk is on a member that is offline. Is the data stored redundantly?

But the risks!

[Gefiltefish11]

This sounds good, except that mirrors of my massive pr0n collection could threaten the stability of the internet...nevermind the threat of uploading mine and the millions of other pervs out there!

Distributed RAID Like Backups

[angry_beaver]

This should work a little differently.
Why not stripe your data accross many hosts with parity data being stored on serveral. A central server would maintain a list of servers containing your data. In the event of a failure, you would simply fireup the client, that would contact this server for a list of your backup "devices" and it would start pulling in, reconstructing and decrypting the data.
This would have a couple bonuses...

1) You could stripe it accross 100 machines, and have another 100 with parity data so that any 50% of the machines can be unavaliable and you can still get your data back.

2) Security - Rather than having a full copy of your data on their machine, each node only has a small subset of your data, and does not know where to find the rest of the data making reconstruction nearly impossible for the storage node. GPG would be used on top of this.

Re:Distributed RAID Like Backups

[4/3PI*R^3]

You could call this RAIN (Redundant Array of Internet Nodes)!!!

But I kind of like sticking with RAID since this is exactly what the Feds will do to every person who participates in the scheme and sends you to federal "pound you in the ass" prison.

Re:Distributed RAID Like Backups

[Chocolate+Teapot]

Yeah. this is kinda what I was alluding to in another post. Let's just pray that nobody compromises this central server - they would own us all.

Re:Distributed RAID Like Backups

[tvsjr]

Of course, what happens when a fiber gets cut and a large section of the world loses Internet connectivity (see the tunnel fire in Baltimore for more information)? I'll keep my DLT, SDLT, and LTO/Ultrim drives chugging along, thank you very much.

Re:Distributed RAID Like Backups

[morzel]

I think it's far more likely that your own uplink goes the way of the dodo, than having "half the world" losing internet access.

Re:Distributed RAID Like Backups

[corvi42]

Yes, I'd thought of this too - the down side is that in order to have an even "balance of accounts" so to speak, and make sure that everyone is contributing as much disk space as they are getting out of it, is that you'd have to provide X times more disk space than you plan on using. If you have 10 megs to back up, and that needs to be redundantly copied over 100 machines, even given efficient ways of recovering data & compression, you may need to contribute some hundred megs.

Not that this is a fatal flaw, everyone who is serious about this would simply buy a second redundant backup drive. But it does seem like you sacrifice an awful lot of space for the security of a reliable distributed backup.

Re:Distributed RAID Like Backups

[haeger]

You mean like Mnet?

It works almost exactly like you describe if I remember correctly.

Your file is split up in chunks, and distributed over a number of nodes. Then each chunk is replicated to some other nodes to provide redundancy.
I'm not sure about the parity data, but I think it's stored in the chunks so that You don't have to get all blocks. 75% or so will do.
Do check it out though. It's an interesting project. Version 0.6.0-STABLE was released a few weeks ago.

.haeger

Re:Distributed RAID Like Backups

It's also possible to make every copy be a parity copy and none be the real data. Then you can only get the real data if you have enough parity files (the same volume as the origional data). Of course it's not really called partiy then.

Re:Distributed RAID Like Backups

[emin]

This is exactly the plan I have in mind for DIBS. Currently, encryption is done via GPG. "Striping" is in the works. The plan is to use Reed-Solomon (RS) error correcting codes to generate the parity. The RS algorithm is currently written (http://www.csua.berkeley.edu/~emin/source_code/py _ecc) and will be integrated into DIBS sometime in the next few releases.

-Emin

Re:Distributed RAID Like Backups

[AtrN]

Yes but you don't do it with parity. Look for the key phrase "erasure codes" and look at systems such as Oceanstore and similar (there's a few being worked on).

Re:Distributed RAID Like Backups

[dcmeserve]

> If you have 10 megs to back up, and that needs to be redundantly copied over 100 machines

The original post wasn't referring to having an *entire* copy of your data to 100 machines -- simply that it would be *split up* among 100 machines. Though the parity bits do take up some extra space -- probably wouldn't need nearly the doubling of data that he proposed.

But still, yes, there is a matter of who takes the space vs. who gives it -- if this system is popular enough, the "excess space" will run out!

Dammit, missed the funny

[worst_name_ever]

I was going to make a funny comment on this story, but somebody else already called Dibs.

It ain't piracy - it's...

[bozo42]

...remote/off-site data back-up/storage with regular data integrity verification (wink-wink-nod-nod)

Your programs will be run, your emails will be read and your pr0n will be viewed often to make sure there is no bitrot. Send me new warez and pr0n - er, ah, um - I, uh, mean, daily back-ups to make sure your data is safe

I don't want anyone else's files

[vasqzr]

And I don't want anyone else to have mine.

What if you back up something illegal?

I can keep all my files on CD-R's, CD-RW's, or DVD-R's.

(not including MP3's movies etc stuff I can always get again)

Hell I could keep them on Zip's if it weren't for some graphics I want to save.

Just back up your data, you can reinstall your programs and OS later. tarball your project files and burn them to a CD. Most project will fit on a CD assuming you're not a photographer.

This could be really useful...

[mbone]

... to an enterprise with multiple locations.

Suppose you have corporate offices, an office on the other coast, and locations in 5 Colo's.

With this, you could set up a distributed backup so that important files are distributed over all 7 sites. Since all these sites are yours, security is not such an issue.

The biggest problem I see is that you have to put files in a specific directory to back them up. You'd have to write scripts to, say, back up a rarely changing database stored on a 15 disk RAID 10.

QUESTIONS :

1.) What level of RAID equivalent is this ?
I.e., how many sites can die and still enable you to get your data back ? (This had better be more than one _in addition to the data source_ for this to be worthwhile.)

2.) Can this be used to _mirror_ data - i.e., can I do a distributed backup and mirror the data seamlessly on another site?

3.) Does all of the bandwidth for my files come from me, or is that distributed too in a peer to peer fashion ?

I can see it now...

[g(zerofunk.org)]

...the internet ate my homework.
I wanted to turn in that report but in was going for the night and his/her computer crashed!

Granted this is only for the backup, but I can not see this being worthwhile effort without having MASSIVE amounts of bandwidth to toss around.
g

I am sorry

[sickboy_macosX]

But I am not going to be backing up to the internet, I dont want anyone else getting my pr0n I have too much valuable data to be backing up online, stuff I dont want anyone else to see. I mean this is a huge security whole, say your Bill Gates and your backing up the shource code for Windows 2009 to the internet, and someone intercepts it...that would suck for you Or what about the guy who does his bills and accounting on his home computer via quicken or somthing, watch his cedit card get hacked and he cant figure out where all the Pay Per View Charges for a Dish System he doesnt own is coming from. I dont know, i dont like it unless they can promise me some sort of new encryption that I have never seen before.

disk is not cheap compared to tape

[peter303]

Magnetic disk is always 10-20 times more expensive than archival tape or CD. The former is $1 a gigbyte (new 200GB disks) and tape is about 7 cents a GB. Both are decreasing in price in concert.

An hour of video media media is about $2 disk and 10 cents analog video tape.

Re:disk is not cheap compared to tape

Tape for 7 cents a Gig?

How do you fit so much data onto Scotch Tape?

Re:disk is not cheap compared to tape

[Sloppy]

tape is about 7 cents a GB.

?!?!

Are you sure you didn't misplace a decimal point somewhere? That's about one tenth the cost of the cheapest deal on tape that I can find.

Re:disk is not cheap compared to tape

[Cheeze]

most large corporations would probably rather you use disk for archiving, and tape for offsite storage. nothing beats the disk-to-disk copy speed when you're restoring a production server that just crashed. having to dig through tapes, and then seeking, and searching, and rewinding, and fast forwarding, and...., and...., and then not finding all of the data because some of the data was spanned to another tape can get frustrating.

The time taken to find the data should also be factored into the cost of a whole backup solution. The more expensive disk option will save in the long run, since less time is taken to backup and restore the data.

Re:Uhm. No... It's Been Out For Ages Already.

[sporty]

There's a diff between gnutella and DIRS. Gnutella is pull where-as your backup system would need to push. If I'm on Gnutella, and I want my mp3's backed up, I can't garantee that all of them will. How many people are gonna like all the music that I like.

And no, I don't like N'sync or Britney Spears.

Why not just use OpenAFS?

[rindeee]

It was designed for use in low-bandwidth envrionments. Not only do you get the benefit of a distributed backup system, but you get inherant (sp?) fault-tolerance, load-balancing, etc. Yes, over a low-bandwidth connection a file still takes a long time to copy, but OpenAFS is designed to accomodate this (not going into detail here, go to the OpenAFS site if you're curious). I am a fanatic OpenAFS user so I am somewhat biased. We have however implemented OpenAFS on a 1.4TB datastore at one of our customer sites (medical market) that has key data (a couple hundred Gig) distribted to 3 slave RO cells (again, read up on OpenAFS for answers). Rock solid reliability is an understatement.

Re:Why not just use OpenAFS?

[Speed+Racer]

Are you talking about http://www.openafs.org? I guess I'm just karma whoring with the link since you didn't include it.

Re:Why not just use OpenAFS?

... you get inherant (sp?) fault-tolerance ... key data (a couple hundred Gig) distribted to 3 slave RO cells ...

You apparently don't have a spelling checker, but why not mark *both* of your misspellings, while you're at it? :-)

Not as cheap as you might think

[pknoll]

Since disk drives are cheap, backup should be cheap too.

Ah, if only this were true. (Actually, it begs the question. =) Every time I hear "disk is cheap" I try to correct the speaker - "disk drives are cheap".

Long term storage, and and subsequent retrieval, which implies administration and a reasonable expectation of longevity on the backup medium, can be very expensive.

I don't think I'd trust anything valuable and volatile to a bunch of mirrors that I don't have service agreements with. Maintaining lots of data is costly, and I don't expect Joe Mirror to pay for it for me.

Fire, flood, pestilence?

Of course it does not help to mirror your data by adding more disks to your own computer because a fire, flood, power surge, etc. could still wipe out your local data center. Instead, you should give your files to peers (and in return store their files) so that if a catastrophe strikes your area, you can recover data from surviving peers.

If you use IBM GXP hard drives to store your data, fire, flood and pestilence may be the least of your problems

dibs vs rsync

[bromoseltzer]

I peer with another system at another institution using rsync. They rsync their files to a folder on my disk, and I rsync to a folder on theirs. No encryption, but very good performance - 128 kbs DSL upload is fine, running overnight.

This requires a lot of trust, which is OK because I'm the sysadmin at both places.

Without trust, you need DIBS-like encryption, which (probably) means no rsync-like differential backups, and you need a "safe" way to find partners.

How about "DIBS-raid" where your data is spread over many peers? If a peer blows up, you can still recover, and no one peer should have a recognizable piece of your data.

-Martin

This .sig donated to Poets Against the War.

Re:dibs vs rsync

Put your fucking sig in the sig line, shitsack.

Re:dibs vs rsync

rsync is an r__ protocol, like rsh or rcp.

It can be ssh-tunneled, like rcp (aka scp).

Re: dibs vs rsync

[Omniscient+Ferret]

If you want encryption, you can use rsync over ssh. If you need it to be automated, set up certificates for ssh.

enterprise backup strategy...

[esarjeant]

While this might not work so well in the public domain, I can see where it could be feasible in an enterprise backup scheme.

Basically, your client can take advantage of peers to discover places to backup your data. Peers can be local (onsite backup) and remote (offsite backup), and when peers come offline can redistribute their data accordingly.

The True value is internal company usage..

[Barastol]

I don't see companies using this to backup valuable/private information on the greater internet. But what about those hundreds of work stations with large hard drives that your peons are using? use the DIBS system to back up all your shared company data, it's still all on systems you own, behind your own firewalls, etc. but it gives you untold gigabytes of back up space that is at least as fast as decent tape backup system, but inherently cheaper.

the IT department could distribute the daemon to all work stations, and the users of the systems aren't even required to be aware of it.

Sounds great to me!

Here are some alternative names for this system:

[4/3PI*R^3]

Redundant Internet Archival Administration (RIAA)
Multiple Peer Access Archive (MPAA)
Duplicate Media Copy Archive (DMCA)

Please remember the Serial Numbers!

[Kaz+Riprock]

People, people, people, realize that if there is a fire in your house that takes out your local copy of "The Sims Hot Date", then it is also going to burn up your serial number. Be sure when you send me your iso's that you include a text file with your serial numbers...for archival purposes.

Re:Would this work in the current [US] legal clima

[Mainframes+ROCK!]

Not just the US too ... suppose someone from Upper Ruratania stores something on your PC that is illegal in Upper Ruratania... will you be extradited?

As long as everyone plays fair

[Chocolate+Teapot]

I love the idea of this, although I would be more comfortable knowing that data was not only encrypted but that each file was multiplexed across multiple hosts. Even if the encyption was cracked, the cracker would not have the full picture. Does anyone know if this is the case?

Security aside, I fear that we would see a similar situation to the one we encounter all too frequently on the P2P networks. Users set their download speed to the maximum possible, yet throttle back outgoing data to the absolute minimum, rendering them useless to others. I would hope that this won't happen, but I'm becoming cynical in my old age.

Re:As long as everyone plays fair

Well, the people you peer with don't have to be total strangers. Run a ethernet cable to the house next door, and make a deal.

If he throttles when the time comes that you need to restore your backup, either go kick his ass (the vinegar approach) or show up on his doorstep with a sixpack of beer (the honey approach).

Re:As long as everyone plays fair

What a genius!

Wait till you plug in that ethernet cable to both computers and you have two different grounds!

Datacenter Perspective

[Nintendork]

I'm the system (NT network) and network admin for a small startup telco (CLEC). We also have a lot of data from our data processing of payphone records for the midwest region and yet more data for the litigation we go through to fight SBC.

I have about half a terabyte of sensitive, important data that needs to be backed up and stored securely offsite every day (This data is just the important stuff. No OS files, etc.) and archives of records stored on several CD-Rs that also need to be stored offsite. The only dependable(?) solution we can commit to is tape backup. We use an Exabyte EZ17 autoloader and Veritas Backup Exec.

You guys wouldn't believe the nightmares I've gone through to get it running smoothly and keeping it there. 5 or so replaced EZ17s, 50 $80 tapes replaced, hours upon hours spent on the phone with Veritas because their software is buggy as hell and their open file option is a piece of shit written by another company (Veritas support was the one to tell me that!). My boss seems to think that we're the only ones that have issues with backups (He's the type that has no opinions. He KNOWS everything.), but I've talked with other administrators with a lot of servers and data using a plethora (Three Amigos vocabulary) of various backup products. We all agreed that backups are a pain in the ass.

Re:Datacenter Perspective

[Rommel]

Your company mades a series of bad choices.

Exabyte equipment is cheap in very sense of the word and will cause problems. I recommend something from ADIC or STK.

BackupExec sucks. An open file causes the backup job to be considered a failure. Look at something like Galaxy.

Re:Datacenter Perspective

Try Arcserve from CA - www.ca.com

Distributed computing

[thinkliberty]

How long will it take another distributed computing project to crack a GPG key from this new DIBS file on my hard drive? ;)

Wonderful idea... NOT

[t0ny]

thats smart. one barrier to theft- physical access- can be removed. All one of my 'peers' has to do is get some program that will allow them to access the backup, and they can get to all my data (or at least a chunk of it).

Fortunately, I dont keep anything critical on a computer connected to the internet, but there is definitely stuff on it I wouldnt want someone poking around to get.

Heaven forbid they steal all my pr0n!

Re:Would this work in the current [US] legal clima

[grungeKid]

Is it possible to build something like this so my files can only be accessed, or at least can only be decrypted, by me, and hence are not usable to the person providing the disk space?

If you had read the DIBS introduction on the linked page, you would have seen the following:

Note that DIBS is a backup system not a file sharing system like Napster, Gnutella, Kazaa, etc. In fact, DIBS encrypts all data transmissions so that the peers you trade files with can not access your data.

Re:Would this work in the current [US] legal clima

[acb]

Or if your anonymous backup partner turns out to be the target of a long-running international paedophile investigation, and your machine is seized as evidence. Even if you can claim you had no way of decrypting the data, the FBI still have your hard disk.

Hivecache

[Glass+of+Water]

This is similar to hivecache. I believe hivecache's in use in the wild. The difference is that hivecache seems to be specifically oriented to large enterprize.

I think that people who worry about "putting their files on other people's machines" should go over the docs once more.

Watch what you back up...

[kaptin]

So what if your entire drive is backed up across a huge distributed network. And let's say Joe User had backed up cache files, etc that contained personal info (credit numbers, child pr0n, etc). Joe User is could become one screwed individual. It's a huge risk that the average user might be making unknowingly...

Re:Watch what you back up...

[almaw]

I think you could legitimately claim that you're not in the loop. It's encrypted, and you're effectively holding something like a "cached copy". I use the quotes because I think it'd be a similar situation legally to ISP proxies, etc. You can't sue an ISP because their proxy server has some of your content on it. It's the end-user who's infringing. I think the same would hold true in this case. Mind you, IANAL, AIDWTB (And I Don't Want To Be). ;)

What bandwidth problem?

[mrjb]

The main problem with this approach (and for that matter Freenet) is that it is slow for all but the smallest files.
How much data can you *really* produce on a day? Comparing a downloaded files and installs as cached images from remote sites, most people produce mostly keystrokes and mousemoves. Last time I checked, the Internet had no problem keeping up with me. Granted, some people create multimedia content.
Cutting off external mass-input data sources, Would it be possible to have a computer on the other side of the planet keep up with all my keyboard- and mouse actions, basically allowing it to create a twin of my system?

Heartbeats and contracts

[acb]

What the system needs is the concept of a heartbeat-based contract; i.e., a line in the partner data file which says that both machines will attempt to ping each other so often (every hour perhaps, or more often if they're both always online) and that if you don't hear from each other for a certain period (say, 48 hours, a week, a month, depending on circumstances and urgency), you can assume that they're gone and nuke their data (and vice versa).

Ideally, the ping mechanism should have some sort of cryptographic handshaking so that the other party can't falsely claim that you were offline if they prematurely delete your data. (If the data is lost, there should be a mechanism for signalling this back to the data's owner so it can be replaced or the contract ended. Perhaps a reputation-based mechanism for dealing with cheats could also be useful.)

Testing your backup policies ...

[snowtigger]

Yes, I know, fire, flood etc. are the common reasons for not keeping the backups at the same location. But have you considered this one ?

You never know what can enter your server room =)

Microsoft DFS?

[NetFu]

This sounds good, but it's not exactly original. I'm doing this right now (DFS and file replication) between our servers to replace our offsite backup service. And, I can tell you firsthand that it's as easy as 1-2-3 in Windows Server 2003 (no more ".Net" in the name).

I will probably get modded as a Troll, but I have to honestly say that it has never been easy to accomplish this in Linux or even in Windows 2000. I hope Linux better supports this in the future -- it simply lost a place on five of our servers because of the pitiful support for DFS or DFS-like file replication. And I'm not talking about some custom server solution package, IT people should be able to add it easily to an existing server.

Re:Microsoft DFS?

And, I can tell you firsthand that it's as easy as 1-2-3 in Windows Server 2003

I can't get 1-2-3 to run on Windows Server 2003. My support guy said to just buy Excel.

Re:I don't want anyone else's files

[glenstar]

I could keep them on Zip's if it weren't for some graphics I want to save

*cough*Porn*cough*

Backups are for wimps. :)

[almaw]

Backups are for wimps. Real men upload their data to an FTP
site and have everyone else mirror it. -- Linus Torvalds

Split it up

[acb]

Compress it, encrypt it, split it into 1K chunks, and interleave it among backup servers indexed by hash value. Cracking the encryption and getting anything useful out of it will depend on knowing where each chunk belongs. The low-entropy compressed plaintext will also help to make cryptanalysis difficult.

Re:Split it up

[WPIDalamar]

So now I have to rely on a whole bunch of people having good backups instead of a few.

And it still doesn't address the problem of backing up the decompression key.

Re:Split it up

[JourneymanMereel]

Compress it, encrypt it, split it into 1K chunks, and interleave it among backup servers indexed by hash value.

How?

As far as I can tell, this particular piece of software is just designed to backup any files put in a specific directory (OT: Do symbolic links work?). It appears that it sends the entire encrypted content of these files to any/all peers you have configured.

What you suggest has potential, but I think it should be taken a step further. Basically what's needed is a RAID 5 version of this, but better. Ideally you set it up so you exchange data with about a dozen people (not total strangers, but someone you at least kinda know). Each individual encrypted small chunk is stored on at least 3 different machines. There would, of course, need to be some kinda of map as to what data is where, but this can be encrypted into the data itself somewhere.

What this doesn't account for (as WPIDalamar pointed out) is that you still need to rely on "old-school" backup for your private key and friend list (along w/their public keys).

NOTE: I haven't tried to use this software yet, so I don't know if my descriptions are accurate.

survival/preparedness

[zogger]

..this is exactly one of the tenets of a good personal survival/preparedness plan. You exchange with a friend or relative in another geographical area a set of "basics". Basics as in long term stored food, extra clothing, various gear, copies of important legal documents, etc, etc. whatever you consider to be important, and that is a personal variable. Then in case one of the two homes is destroyed in some manner,or you are forced to evacuate, you still have something to start over with and live on rather than losing ALL your day to day tangible wealth.

Makes sense to do it with data as well. On a personal level with computing, it could be as simple as snail mailing burned cd's to each other, along with sending it over the net, but you can't beat that snail mail price and effectiveness for mass quantities, especially if all you have is dialup speed access. The important part is it should be "more" than just one building over, it really needs to be at least in another city as a minimum distance.

Catch 22

[SpeedBump0619]

First of all, this seems like a reasonable thing to do in addition to other backup methods. What is it going to hurt you? lose a little bandwidth at night when no one is using it anyway? Whatever.

I do have visions of some poor soul generating a public and private key for this system and only storing the private key data on the machine being backed up:

"well, the fire took out everything, but not to worry, I've been using a distributed backup service for months now. We can just get online, download the data and decry...*dammit*"

Who is going to tell the RIAA...

[s88]

that Napster was just an implementation of this idea.

People are just helping other archive their legitimately purchased CDs.

Scott

Re:Uhm. No... It's Been Out For Ages Already.

[Bowie+J.+Poag]

How do you guarantee they all get backed up?

rename everything so it has a prefix of "porn-" on the front of the file. :)

Why not be simple?

[phorm]

Any reason why this would be better than one of the following using cron:

• Create an NFS connection between PC's and the backup host. Directly tar or copy files to the host via a simple backup script (same as a tape script, but pointing to a file on the host)
• Tar files, then securecopy (SCP) them to a remote host - or even do so directly
• You could even (in a pinch) use samba (smbd, smbclient) to connect two PC's, and run a backup script

Just wondering... I'm actually looking at implementing some of these so it would be nice to know why this project is better.

Not practical, and existing solutions.

[3am]

This is impossible for enterprises that need privacy (all of them, for the most part).

For some (any that must be HIPAA compliant), it is probably illegal.

Iron Mountain specializes in this field, and have been doing it forever. This may be a nice intellectual pursuit for a undergrad student, but it really has very little practical value. Shared directories on VPNs are pretty much functionally equivalent and easier to manage.

Who would take Pete Townsend's files?

[someguyintoronto]

Seriously, what would be the legal ramifications if illegal data was stored on someone else computer?

Would this back system, be an easy way to hide illegal content?

What if the RIAA went after someone for keeping a bunch of legal MP3s?

Too many cans... Too many worms...

Re:Who would take Pete Townsend's files?

[Doomdark]

You may want to check Freenet project for some ideas and discussion.

One way to look at it is that if (due to encryption) person who is holding the data can not (automatically) figure out what is stored, it seems that they can not be held accountable for the material (bit like if somebody buried a corpse in your backyard while you were away or such).

The way Freenet accomplishes this (if I remember correctly) is that the only way to find actual content is to try to search for documents using its key (which although not required, usually is a filepath/URL-like construct). This id is hashed and used as a key (plus used for encryption/decryption). There are no ways to do wild card or fuzzy searches. And this is also why Freenet isn't ideal for Gnutella style "sharing" of copyrighted data.

So what's the point if only person who created the document knows its id? There are lists of "well-known" ids that are published on Internet, that can be used for fetching the data. Thus, "directories" are decoupled from actual data.

In fact, it would seem to be that some of Freenet's ideas would be VERY interesting to use with the distributed backup projects as well? (for example; on top of Freenet's model, just encrypt your backups with your private key... if someone tries find your backups, they first have to figure out the id, and then try to crack it open... split the backups into multiple pieces and make tasks even more difficult)

Of course, all this data security may mean trading the actual backup feature to higher security; someone may overwrite your backups if they can figure out the id, even if they can not acces sit.

Re:Zang!

yes, you are.
keep up the good work.

or....

[radon28]

do we mind them backing up our mp3s on high quality compact discs, available for retrieval at a music store near you?

Scotch Tape.

[nlinecomputers]

Nah! Real men use duct tape.

Silly putty is good too. Press it on your data and it picks it right up!

When my HD dies, haven't I lost my key!

And when my hard drive dies, who has the key to decrypt my backups? If someone else stores that information, then it's insecure. If I write it on a piece of paper, it's bound to go through the washing machine. This seems idea just seems flawed to me.

Re:When my HD dies, haven't I lost my key!

The key is on the floppy or CD that you have stored in your deposit box that the bank.

Re:Would this work in the current [US] legal clima

[Dan+Ost]

+1 Insightful.

Wish I had mod points today.

Critical analysis. This is a bad idea.

[almaw]

Reasons why this is a truly impressively bad idea:

• Poor availability: If you're storing it on home-type machines, typical availability is probably <50%. Assuming no hardware failure, if you store your data across four machines, you have a 6.25% chance that all four machines will be down at once and you can't get the data back when you want it.
• Slow networks cause slow backup retrieval.
• Most people want to back up all their data, as sifting through it to find the bits you do or don't want to backup is difficult. Now, once you've performed the initial backup, you can do incremental backups, which cuts bandwidth requirements, but you still have to initially transfer up to multiple gigabytes over a slow internet connection.
• If a peer drops off the network, you must transfer all the data across to a new machine to maintain the same level of availability.
• If it's properly distributed, you can place no guarantees on the quality of service (i.e. the speed/reliability). Peers can go away and never come back without warning. Data would have to be massively replicated (1000 to 1 or more) for it to be considered vaguely secure. If there is implied trust between peers (i.e. two people know each other and authorise the data movement, this problem is mitigated.
• Massively prone to poor cryptography. If you use very strong cryptography, the system becomes very slow. You really need physical data separation for this.
• Requires an internet connection. Won't work from behind firewalls, etc. This is pretty obvious, but is still a factor
• Bugs are difficult to fix, as you have to maintain backwards compatibility between versions. Hardware solutions (or simple software ones like mirroring) aren't so prone to bugs. Because this is a complex software solution, there are bound to be bugs. Anything that can go wrong will. :)
• Due to the lower reliability of this system per node compared to say a RAID array, it's more expensive per megabyte. Note that it *has* to be lower - you're comparing the reliability of a HDD/tape in a normal backup scenario to a HDD+network+supporting computers.
• Prolly lots of other stuff I've missed that other people have covered.

Re:Critical analysis. This is a bad idea.

[Doomdark]

Some problems with your arguments:

• Poor availability. Doh. Of course the backups would be duplicated to degree required for reasonably statistical probability for having backups. It wouldn't be 4 machines, one 1/4 for each. It could be 100k machines, of which, say, 1000 have some part of backups, of which only small portion (say, 4, 10). Of course there's always a chance some piece is missing, but hey, chance for a total loss is very small as well.
• If a peer drops off the network... see above. For any reasonable system there shouldn't be dedicated peers (or if there are, they'd have couple of levels of secondary servers).
• Massively prone to poor cryptography. If you use very strong cryptography, the system becomes very slow.
  And I never saw any slowdown for my SSH connections? Nowadays I can guarantee it's your network bandwidth that restricts throughtput, not encryption algorithm. Slowdown is a myth, for all normal (strong enough, symmetric) real world encryption.
• RAID, lower reliability. Doh. Did you even read the article? The whole idea is that RAID that resides in same physical location as the system, has significant risk of physical damage, AT THE SAME TIME AS primary system gets damaged. That is, when the building burns down, your precious RAID system will be as dead as the system it's supposed to protect. If you need to lower risks, you will of course use both RAID and distributed system... RAID has its advantages, being local, so that restoration for actual system failure is faster and more reliable. But for true catastrophes (a plane hitting big building your data center is in, earthquake, gas explosion) non-distributed backups are useless.

I want P2P backups for my home LAN

[swillden]

Sure it wouldn't save me if my house burned down, but I'd like to find a tool that would do this easily and efficiently between machines in my house, keeping track of the free space available on each machine and deciding where to put the backup copies for me.

I have plenty of storage to keep two copies of everything that matters, but it won't all fit in one place and it's a pain to try to figure out where I can back everything up, and to rearrange it when disk space gets too low on one machine. I'm imagining a program that would run on each machine, watching the space available and the list of "local" files that have been designated as important enough to back up. Each machine could then "negotiate" with the others to make sure that everything exists on at least two hard drives, and could notify me via e-mail that I need to buy more disk whenever there's not enough room for all of the backups. The database showing what files are where would need to be on all of the machines.

Of course, this wouldn't eliminate the need for *real* backups of the important stuff (e.g. finances), but that stuff tends to be small enough that I can burn it on a CD and put it in my safe deposit box. I have plenty of other stuff that is too big for CD, not quite important enough for off-site storage, but would be a real pain to lose just because a drive went down. For example, I recently thought I might have lost my MP3/Ogg collection, and it took me a long time to rip and encode that 25GB of music. As it turned out, the music was on a partition on the second HDD on my fileserver, not the first HDD, which was toast.

It seems like this might be of significant use for small offices as well.

Does anything like this exist?

DTA - that stands for "Don't trust nobody"

[poot_rootbeer]

I can't see why anyone would entrust potentially crucial backups to entities they have no control over. The reasons for not doing this have all been brought up in the comments already.

Off-site backup is key, yes, but the only way it works RELIABLY is if you have complete ownership of your backup data. If I had mission-critical data I needed to protect, I would RAID the disk locally, and then do incremental backups to tape (stored off-site) PLUS mirror the data via the net onto another disk (or RAID), located in another one of my company's datacenters or colo facilities.

Did this in 1987

[4of12]

After a few months of working on my thesis, I started to think [I know, I should have started to think before...]

"What would happen if the building and computer burned down? My thesis on the hard drive would be lost and with it months of work! I would have to do this same damn thing all over again!"

So I .tar.Z'd it up and ftp'd it (on a typical state of the internet then 56k line) to a computer 400 miles away, just in case.

It relieved a little of the anxiety. [OTOH, if any of your data causes you that much worry, a redundant backup will still not reduce your anxiety to zero.]

Re:Problem = bandwidth. (solution?)

[rusty0101]

Most pc's come with a recovery CD. Only backup across the net stuff that isn't on the recovery CD. (globally attrib everything as backed up when the PC is installed, and do incrimental backups.)

An alternative for home built PCs, burn two CD-RW backup sets on alternate weeks, storing the previous week's collection at a buddies home, or in a safe depostit box, or some other secure location, do daily incremental backups online, with a discard option for any backup over two weeks old.

One option with the collection of CD-RW's would be if you keep them with whomever provides your storage online, the CD-RW's could be put online to download across a broadband connection. This would be faster than overnight delivery, but not as fast as a courier across town.

Just some idea's.

-Rusty

Re:First XBox

: Abe simpson: "i knew jfk's dark secrete." flashback: jfk: "ich bein ein berliner." abe: "he's a nazi! Get em."

DIBS

This project is doomed...

Insurance

[Krizhek]

a fire, flood, power surge, etc. could still wipe out your local data center. Instead, you should give your files to peers Well this sound like how insurance got started. A bunch a businesses decided to divide there stuff onto diffrent ships just in case of fire, a storm, or othere disaters. So if this idea goes on do you think that there will end up being a 'Cyber Geico' for all of your back up needs?

Simpler solution ?

[corvi42]

DIBS is a great idea, but it seems to me that a simpler solution would be to just to cook up some shell / perl scripts that use gpg and rsync.

However, if DIBS could immitate a network version of something like the RAID striping so that you could recover entire files from various portions stored on multiple hosts, and thereby increase the probability of getting all of your files back whenever you wanted them regardless of who happens to be online / accessible at the time - that would be cool! Although it seems to me that such a situation would require several times more disk space on the part of other computers, in order to store redundant copies, than the files require themselves - maybe such a system would require that you "donate" to the network 3 times more disk space than you want to use.

Re:Simpler solution ?

[mixmasta]

Umm, you do know that this is some python scripts with gpg, don't you?

Obvious flaw?

[filledwithloathing]

In order to recreate your data wouldn't the same people who you stored your data with have to be online? This might work amongst a group of friends but it wouldn't just allow anyone to connect to this network and magically upload a backup of your data to someone you don't know. That is unless you weren't that concerned about being able to restore it.

No they wouldn't.

[morzel]

The data will be encrypted with a key that you have to safeguard (CD, floppy, hardcopy, ...) before it is backed-up.
The central server only knows where the bits 'n pieces are stored of your encrypted data, but it does not ever get the key to decrypt it. The worst that could happen when the server is compromised is that somebody else could get the full encrypted datastream, which is only a bit more useful than polling /dev/random

Use google

[Richard+W.M.+Jones]

Just encrypt all your files, encode as likely looking web pages, and upload them to your website. Wait for google to cache them .. presto, instant backup.

Rich.

iFolder

[coathanger]

Sounds a lot like iFolder from Novell.
The client or "agent" normally runs on win32, but can also be run as a java plugin from a web browser.
iFolder

the UUCP file system

[marhar]

I had this idea back in the days of uucp. You don't bother with local copies of files. Instead, you just continuously uucp your files around a large bang-path back to you. When you call open(), it just waits for the file to show up. With a bit of luck the latency on open shouldn't be more than a day or two. :)

A Secure Peer-to-Peer Backup System

[campgod]

Some shameless self-promotion that addresses some of the questions that have a appeared so far. We investigated peer-to-peer backup in a class project and wrote up the results in a technical memo. The abstract:

In an effort to combine research in peer-to-peer systems with techniques for incremental backup systems, we propose pStore: a secure distributed backup system based on an adaptive peer-to-peer network. pStore exploits unused personal hard drive space attached to the Internet to provide the distributed redundancy needed for reliable and effective data backup. Experiments on a 30 node network show that 95% of the files in a 13 MB dataset can be retrieved even when 7 of the nodes have failed. On top of this reliability, pStore includes support for file encryption, replication, versioning, and sharing. Its custom versioning system permits arbitrary version retrieval similar to CVS. pStore provides this functionality at less than 10% of the network bandwidth and requires 85% less storage capacity than simpler local tape backup schemes for a representative workload.

http://www.lcs.mit.edu/publications/pubs/pdf/MIT -L CS-TM-632.pdf

@techreport{pstore:2002,
author = {Christopher Batten and Kenneth Barr and Arvind Saraf and Stanley Trepetin},
title = {{pStore}: A Secure Peer-to-Peer Backup System},
institution = {Massachusetts Institute of Technology Laboratory for Computer Science},
year = 2002,
month = {October},
type = {Technical Memo},
number = {MIT-LCS-TM-632},
}

Reminds me of 1995...

[Scorchio]

..when I was working in a cash-strapped code shop. Doing backups required either your own personal supply of floppy disks, or tracking down the company DAT drive. Floppies soon became far too small. Using the DAT drive was time consuming, and - as was found when someone actually tried to restore a backup - was in fact broken. One of the programmers had a fairly new pc with a huuuuge 2Gb hard drive, however, and I found it easier to use our string and plastic cup network to copy all my stuff into a subdirectory in the depths of his c:\windows directory. It was six months before he discovered where his HD space was disappearing to...

Use ISP web space with this and you're there!

[MS_leases_my_soul]

Break the data you want to backup into "stripes" like a RAID array. Encrypt these stripes. Swap stripes with other users. Host these files at any URL you have control over -- your PC, the free web space your ISP gives you, a FTP site, whatever.

Give the user the option of only backing up data stripes with a select group of users (people they know and trust) or with any random user. Let the user control the ratio per user (this guy I trade with one for one, but a stranger must host 3 of my files for every one I host for him).

You send the encrypted data, you get a received confirmation with the URL, you check the URL to make sure its there. The confirmation has a leased until date just like your IP address from a DHCP server. The program either renews the lease when it is almost up or finds a new home for your data.

Whenever you need your data, you hit those URLs and reassemble the data for the encrypted stripes.

Re:I don't want anyone else's files

[soupdevil]

assuming you're not a photographer

Or musician, or film maker, or sound designer, or graphic designer, or 3D animator...

Another Problem

[brandonsr]

Security? Goodness, it's because of plans like this that we need backup in the first place. ;) If you put your snesitive files on someone elses drive, bad things will happen.

Won't scale

[casmithva]

Let's see. The hard drives in the computers here add up to about 250 GB. About 85 GB of that is being used right now. Backing up 85 GB for a level 0 backup over an ADSL 1.5 Mbps/384Kbps connection would take, oh, 3 - 4 weeks to complete. Ummmm, no thanks, that's okay, I'll pass. Some folks would say that this is perhaps an unrealistic example, but let's consider the Mac G4 with its 120 GB hard drive currently at 33% capacity. That'd take almost two weeks to back up. The incrementals wouldn't be so bad, but those initial and subsequent full backups would truly bite.

My backup solution right now might be a bit involved, but it works. The public server can be restored at the drop of a hat with a kickstart CD, so that one's taken care of. The Macs are backed up via Retrospect Workgroup to one central Mac, and the contents are dumped to DDS4 tape. The internal Linux server's backed up to DDS4 tape. The Mac and Linux full backups are done twice. One copy stays here, the other goes into a safe deposit box at a bank a ways from here. Incrementals are done automatically every night and stashed in the safe -- more for fire protection than thief protection.

It's not fullproof (there are no fullproof methods with computing), but I've used the same method for about three years now, and it's gotten me through some disasters with little or no data loss. Now, if the house safe and bank's vault are both destroyed by fire, earthquake, or nuclear explosion, then I'm screwed. 'Course, I'd probably have bigger concerns on my mind at the time...

Disk space

[Mr_Silver]

One thing no-one seems to have pointed out is this:

If I want to backup 50 gig's of stuff, then with a convential system, I just back it up onto a tape and i'm done.

With a distributed internet job, I'd back it up onto several machines on the internet, but in return I'd have to take someone elses backup.

So, at the most I'd be expected to have 50 gig's worth of other peoples data on my hard-drive.

If I have a small hard drive, this might not be possible. How does the space used get limited? If users can limit it, whats to stop them setting it at 0 (or some other equally low number) and effectivily "leeching" off others?

DIBS?

[Gothmolly]

You mean you've got DIBS on my data? How fscking (in)secure is this? Yeah, I'll store my personal stuff on some box I've never seen....

hi

can slashdot stop featuring vanity-projects from
idiots? .. is that too fucking much to ask? ..
please?

Two tems not in their dictionary

I guess "security" and "limited bandwidth" don't exist in their world. Wonder what would happen if I tried to back up my terabyte database....

Security's no problem

[Shade,+The]

Since only you should have access to your data, you wouldn't need assymetrical encryption for this (i.e. not RSA, PGP, etc). You could just stuff your files through some traditional encryption scheme, and you'd have tonnes of security. A 1024 bit key, for instance, would stop anything short of a quantum computer for the next few decades, at the very least.

lock box?

[Black_Logic]

I wonder if running a back-up fileserver inside one of those fire-proof safes would work for sitations like these. A company could probably afford to have it modified so that a couple holes for cat5, power cables, and air flow. Then maybe a sensor that detects extreme heat and closes holes (destroying cables, a patch and power cord aren't expensive)

Encryption will always be broken.

[pizza_milkshake]

yes, that's true, but it's the time it takes to break it that is important. in n years, everything becomes less important.

by the time you broke the encryption on my database of credit cards, they'd all be expired (assuming i used a tried-and-true algorithm and a long enough key). encryption isn't perfect, but it doesn't have to be. just good enough.

I no longer use tape

[krray]

I ditched using tape a couple of years ago after comparing tape libraries, tape drives, and hard drive costs.

Setting up the systems to all dump to a remote ftp client is trivial -- and most actual backup programs such as Retrospect do just that. I just happen to prefer a 3DES/Blowfish tar gzip'd file myself (maybe not in that order :).

The only odd ball util I'm using is the encryption program which is located across all backup systems. Easily compiles under the Linux's, BSD, and OS X [today]. Other needed tools such as gzip, tar, and ftp are readily available...

Fortunately I don't see the need to backup entire computers -- I'm just after the data. Rebuilding a Linux box from scratch _with_ all the configuration files is trivial -- heck, I just did it to rebuild a needed Netware 3.12 server (!) [so I *know* my backups _are_ working :-]

Stuffing a couple of 120G (or bigger) IDE into any old whatever computer is trivial. This I've done locally at the office. In transit is the portable firewire Lacie drive (30G). In my basement is another RAID-1 system matching the one at the office which is where the transit info become transferred. I've even added ANOTHER remote system for just another copy of a copy of a copy. Because I can.

Delete the oldest days backup. Daily backup. Repeat.

For everything I'm at about 4G for data. Replacing the 120G drives will happen when I see +250G versions or as needed. Of course this entails a little data management as well.

Larger file collection which quickly go stale are offloaded to CD/DVD (x2). Pictures for some job in 1998 for example. File and catalog CD's as required. Sure I also personally have gig's worth of movies, sounds, etc that I need to backup @ home. Ok, reverse the process...

Movies are the worst for size. Offload to DVD. I do have a 45G "temp" partition for a reason... It is also TEMPORARY. Songs are my worst next enemy and keeping/backing 10G is trivial. I know people that have 80G worth of stolen MP3's (the 10G comes from CD's I *own* :) and are scared to lose it, can't back it up, yet don't even know/listen to half the garbage anyway. But I digress...

I only need to keep a months worth of live backups. I used to do a 20 tape library rotation covering the last four weeks. Tapes aren't cheap. Add to that a +$3K tape drive (x2 -- one onsite and one off) and maintenance costs it gets expensive. For even my trivial needs DLT would be the right option with DAT's potentially requiring 2 tapes daily.

I can copy sustained ~10M/sec using RAID-1 drives which is all the network can do anyway (for me right now :). The cost is a couple to few hundred dollars per drive (x4 or 6).

Of course this is all to really backup SCSI systems (ranging from 2 to 3 to 160) with RAID-5 and redundant everything (CPU, NIC, power, fans, memory, etc :). The one that did finally recently die off was a decade old (with uptime to match shy of 3 days).

Nobody I know saves their data locally to their Windows box anymore. On a smaller scale I'm happy to take anybodies old PC which can't run Windows anymore and stuff a couple hard drives in it and setup a quick/easy home network. They all are amazed when their email just appears to flow rather _instantly_. Broadband users really enjoy such a setup actually -- even if _they_ feel they must use Windows for whatever reason. I do this setup with many Mac users as well with no problem (myself for example :).

Bill Gates *should* be very worried actually... No licensing costs required and I can be in and out for usually under a couple of hundred dollars. Even recently I'm having people calling for help with their new Lindows box and trying to learn it. It's becoming a Unix'y world, eh?

Use your own remote host! Be your own peer!

[rbook]

You can partly get around this by using your own computer at another location.

For example, get an account on some trusted friend's box, or at freeshell.org. It's not perfect, but better than storing on a stranger's box.

My plan is better...

[micq]

I encrypt all my important save files, then rename them into modern pop culture hit songs.

I distribute them onto Kazaa... my taxes are floating around as "Oops, I did it again - Britney Spears - 3:28", that big report I did for work, floating around as "Lose Yourself - Eminem - 8 Mile Soundtrack - 01"... It's not hard to recover them, as people all over the place have copies of my "songs" up there on their servers right next to the RIAA hacked version of Limp Bizkit's latest...

Then I just keep a sheet about what name equals what file/version...

DIBS or DISH?

[IDigUNIX]

I would suggest that in reality it would be more like Distributed Internet Security Hole unless they're very carefull in the design/implementation.

I like the name...

[dasmegabyte]

Is the archival process going to become a big thing with the type of bandwagon internet nerds that made SETI and distributed.net such impressive projects?

I hope so. I can't wait to see it turn into a contest to see who gets the quickest archive of a piece of submitted data.

"First DIBS!"

(it took me SO long to set up that pun.)

Checkout OceanStore

[charnov]

OceanStore is the UC Berkely project to do something like this, except a little more generalized. I run a freenet node and it isn't THAT slow. After the index built (had to leave it up for three days straight), the access are much quicker (prolly most of the data is local, now...ha). The slowdowns with FreeNet is in the Onion Routing and the encryption. Also, GNU has a project called GNUNet that has aims similar to FreeNets.

HiveCache: distirbuted backups for the enterprise

[Jim+McCoy]

If you want to see what a system like this looks like when it is applied to the proper environment (like across PCs within the enterprise) then check out HiveCache.

DIBS?

[djcatnip]

as in "I got dibs on your data!" ?

This is silly for a datacenter environment

I like the idea of this for small amounts of data. (i.e. your personal home PC) However, datacenters usually are associated withlarge amounts of data. Many people make the mistake of focusing in the backup, but not the restore. In a disaster (and I have been through one) it is the RESTORE TIME that is key. Nothing beats a modern, high-performance tape drive, especially when you have a systematic vaulting system for your tapes. Tape drives might be for wimps, but at least this wimp is still employed.

Its called HiveCache

[Jim+McCoy]

The system you describe already exists. Check out HiveCache for a system that does what you describe and adds nice features like strong encryption to stored data, error-correction to create a distributed RAID across the PCs on the LAN, and efficient storage by only keeping enough copies of redundant files (e.g. word.exe, windows DLLs, etc.) to ensure reliable recovery.

response from DIBS author

[emin]

A lot of people have pointed out issues related to security, bandwidth, efficiency, etc. My vision is that DIBS will be designed to take things into account.

For example, DIBS uses GPG to encrypt and sign all communications so that peers can't read the data they are storing for you and so that other people can't pretend to be you and store their files with your peers.

Also, my vision is to include state-of-the-art erasure correction codes so DIBS uses redundancy efficiently. (Erasure correction codes are a generlaization of parity checks used by RAID). In fact, I have already written a python implementation of Reed-Solomon codes available at www.csua.berkeley.edu/~emin/source_code/py_ecc. I haven't had time to put this into DIBS yet since I'm currently working on my PhD at MIT and that keeps me pretty busy.

Incremental backup is another feature I'm planning to add. There are some issues with how incremental backup interacts with encryption and erasure correction. I think resolving these issues may take a little more thought so I might have to wait until I graduate, become a professor and get some grad students of my own to help me.

A Slashdot post isn't the place to go into all the arguments for or against DIBS. However, I think distributed backup is a viable idea. While there are some serious issues, I believe that through clever engineering, we can solve them and create a cheap, simple, efficient, and secure backup system usable by anyone with a network connection.

I decided to start writing a distributed backup prototype like DIBS in order to find out what the major issues are and how to address them. Sure, currently DIBS has some flaws, but it is a prototype written by a grad student. With more feedback from the community and some more development effort I believe DIBS can become a valuable tool. If you agree, I invite you to join the development effort, or try it out and tell me how you think it could be improved, or even take whatever parts you find useful and make something better. The project page is at sourceforge.

Re:response from DIBS author

[emin]

People have pointed out some other issues which I'd like to respond to:

* Why not just use some rsync/gpg/perl scripts to backup files from one machine onto another?

-- What if you only have one machine? Using DIBS, you can trade (automatically encrypted) files with peers without having a user account on anyone else's machine or owning multiple machines.

* What if you are behind a firewall?

-- As stated in the manual, DIBS has a number of different communication modes to allow things to work if one peer is on the Internet and another is behind a firewall. There is even a way to make things work if both peers are behind firewalls, but this is kind of kludgy at the moment.

* Why not use Gnutella/Napster/Kazaa?

-- While these file-sharing networks are terrific, they are not back-up networks. Who is going to want to store the pictures from your summer vacation? Probably nobody if you are talking about Gnuetall/Napster/etc. On the other hand, you can store your stuff on my machine if you let me store stuff on your machine.

* What if your peers have varying connectivity to the network?

-- The idea is that DIBS will store your data on multiple peers so if some of the are unavailable, then you get your data from somewhere else. Also, the plan for later versions of DIBS is to have your client periodically probe peers to measure how responsive they are. Once you have this information, your client will automatically prefer trading with more reliable peers.

Once again, I don't mean to imply that there are absolutely no issues with distributed backup and I welcome more comments on potential problems. However, I think these problems can be solved and that is why I'm working on DIBS.

Thanks again for all the feedback,
-Emin Martinian

DELTA backups

most good backup software doest byte level backups, which is great for off site backing up.

Already been done

[FJ]

A similan product Bacula performs a similar function.

Re:Already been done

[emin]

Bacula looks like a nice project but designed for a different purpose. After looking through the manual, I didn't see any discussion of peer-to-peer capabilities. That is, if we both install Bacula, how do I set up my Bacula client to backup my data to your machine given that I don't trust you all that much?

-Emin

One step away from truly "free" internet.

[109+97+116+116]

I've long wondered why nobody has basically done exactly this with wireless capability, allowing free access into a separate drive or partition or even a separate firewalled "server" PC within wireless range.

Imagine universities or dorms or apartment complexes or even neighborhoods all with this wireless short to medium range peer to peer connectivity.

I'm not a networking expert or anything, so perhaps this has been done or is possible with current technology.

I'm also not fully knowledgeable in any laws that might come into play, but still I think it would revolutionize everything.

Tape

[Dukebytes]

A lot of good points here about security and pipe etc...

But, you will never make backups "cheap" - because you can not get away from a tape backup.

And tape backups will never become cheap because the don't have to make tape drives, librarys, and media cheap. Period.

This would be neat for a "hot" backup - as many of us already do. But you go tell the boss that you are shutting down the backup server (the one with the AIT3 - 180 slot - 6 drive library attached to it) because you setup a server at your house and one at your friends and will be doing backup to those now... They won't think of security, location, or how slow it would be - right away. The boss will think MY GOD you can't just quit making backup tapes - are you crazy - what happens if the server crashes??? Thats what they will think :)

It would be hard to replace a backup tape system that keeps 3 + months of history, lasts a very long time, is fairly fast and can be stored off site. Thats why backups will never be cheap.

Duke

Well, if that happens...

[BurKaZoiD]

IMHO, if a fire, flood, or other disaster wipes out my data center and any/all backups, I pretty much think thats God's way of saying I didn't need all of that shit.

Back-ups need *reliability*

[Kjella]

Security is no problem, current encryption is strong enough.

But reliability? Other people could just delete my stuff, remove the program, or their computer might crash or whatnot, or they're running w98 and need a reinstall ever so often.

And if I need to have security in numbers, that means I'll need to give up say 5mb of my disk to store 1mb of private data. That also goes for bandwidth speed to upload it to others.

Seriously, I'd much rather just send those encrypted files to a nearby friend (or rather just walk over with a cd or two). Then I can collect them (in real world too) should I need it. And run a ftp or whatever to keep the backup "in synch".

Kjella

Back up plan

[The_K4]

1) Burn of CDs/DVDs of important data. 2) Put CDs/DVDs in plastic ziplock bag 3) Put in another in plastic ziplock bag 4) Put in Freezer. 5) Data is safe. better then 95% of the time the contents of your standard home freezer are undamaged after a fire. Data back up isn't that hard, beside most /.er could always just re-download their porn later :)

Is this a stupid question?

[sllim]

Someone help me out here.
I join the network and accept incoming data to be backed up on my machine. For the sake of argument lets just say that I never take advantage of backing up any of my data over the network, I am just allowing my machine to act as a backup server cause I am some sort of a green- tree-hugging-long-haired-hippy type.

I do this for 6 months and I have an always on, steady reliable connection. My machine is constantly and heavily used.

Then one day I decide to format all of my hard drives.

Exactly how f*!ked are all the users that had data on my machine?

Too expensive for professional use

[stefanb]

The basic proposition sounds good.

However, if you pay for your bandwidth, this could be quite expensive. As a sysadmin for a small company in Europe, with two offices, we have about 500 GB online that need backup. Let's assume a daily change rate of about 50 MB, one full backup per week, and the necessity to have at least two backups (in case one of the peers go down), we're looking at something like 4 TB volume a month. This is assuming a "classic" backup schedule, and would not only require above-average Internet connectivity, but also a lot of money.

Alternatively, let's assume the system allows us to eliminate the need for a recurring full backup, by being able to store all files individually in this distributed system, so we only need to update the backup for files that have changed. Thas still leaves us with at least 2 GB per month (50 MB * 20 days * 2 destinations); we pay 20 EUR per gig, and we only have a 2Mbit/s line.

40 EUR per month is not that expensive, but if there are massive changes (we add a new system), the volume increases steeply.

Also, one very important feature is not available: easy archive copies. For various reasons, we need to archive old projects, email, and financial data. With a tape backup, you just retire a tape set offsite.

Re:Problem = bandwidth. (solution?)

[racermd]

Ideally, you should be able to make your computer fail *COMPLETELY* and still be able to recover completely. The distributed backup plan seems to have different specific advantages for two specific groups of home users, but has the same overall beneficial results.

For the average Joe with only one computer running that ancient copy of Windows98 on a P133, the massive ammount of data-cruft is bound to be the weakest point of upgrading or even backing up. I've found that most families only have that one computer, and only have the option of backing up onto floppies. Usually their data can fit on one or two CDR/CDRW discs, but their system is also usually too old to get a cd burner to work reliably. In addition, they're just too stingy with the purse-strings to shell out the $100 or so for a decent, middle-of-the-pack drive, anyway. Sending critical data over the internet might be a better option, if a bit more time-consuming (no broadband, only 56k modem). Frequent backups like this has the potential to be substantially more reliable, not to mention scores easier, than a pile of floppies as you're ideally only sending the new data. I can't tell you how often I wished for something like this when working on a friend's/family's system across town and away from my own network.

And that brings me to my second group that can really take advantage of something like this: Power-users with a small network running at home. My network has a file-server that stores *EVERYTHING* on it for backup purposes. It's got ISO's of all my software and OS's, drivers, stand-alone programs, documents, and media files. Currently, there's about 80GB of data on there. Backing up that data is a Travan-5 drive (10GB/tape, native) and 9 cartridges. At about 3 hours per tape, backing up to 9 TR-5 tapes takes days, not hours. There's two additional tapes for backup of the server's OS and configuration and it easily fits on one tape. But if there are any significant changes to the system, I rotate the tape so that there's always a working copy in case things go terribly wrong. That's a total of 11 tapes. They're not exactly cheap, but it's probably the least expensive backup I can find right now without going to removable HDs (I'm avoiding that solution as HDs are, in my opinion, less reliable and durable than tapes). Using this distributed backup plan would allow me to recover my server's OS from the single tape and retrieve the data from the network when I have time.

The 2 desktops and 2 laptops can be fully recovered with an OS or system recovery cd and the rest is available on the server. In fact, I usually have one of each type of computer down at any given time for something-or-other. Having the data on the server allows me to blow away any of the systems I run at any time and completely recover the system to a working state in just over an hour.

Actually, I had been setting up a distributed backup plan for my own server with some of my friends so we'd all have each others' server's backup. More accurately, the plan was to merge the changes between all the servers' data and share it between all of us in a manner similar to CVS. There's only 3 of us, but we're located all over the state and we all have broadband. 80GB of data is a large ammount to initially transfer. Really, though, all we'd be transmitting is the changes we've made which would limit the total bandwidth used. We'd probably only set it up for once per week in automatic mode to further decrease the load with an option to manually update. In the event of a complete failure of one of the systems, there should be a copy from one of the other two servers that's no older than 1 week. As the storage requirements grow, each server can be updated with additional storage in sequence so that it recovers in a manner similar to how a RAID5 array rebuilds the data on a replaced drive.

Unfortunately, neither of my two friends in question have the resources to afford the hardware and set up their own server to the reliability standards that I'm requiring, so it kind of fell through for now. I'm working with them on how to get everything running, and I may just maintain it for them from a remote console. They'll still host the server on their network and have access to it, of course. But the responsibility of maintaining the system may just have to lie with me.

In short, it's not terribly difficult to implement a solution like this, but there are serious bandwidth concerns. If you're only doing this amongst your friends/peers, it's possible to mitigate the bandwidth issue by using a single removable hard disk to sneakernet the data to a fresh server. This allows for a much more reliable home network for power-users, and gives some peace-of-mind to the average user (and their power-user friends who fix their computer for them)

Interesting idea . . .

[Eric+Damron]

Distributed backup... That's an interesting idea... I know some guys in Singapore who would be willing to backup your credit card information.

I thought I was downloading pr0n but......

[Figz]

.....instead I got:

• Little Tommy's assignments, ASS1.doc & ASS2.doc
• The fire chief's safety plan, PROJ_BACKDOOR.ppt
• The Aussie's autobiography, BUSH_COUNTRY.doc

I don't think storing my "important" files on other people's computers is such a good idea.

Hivecache addresses this

[billstewart]

Hivecache is a P2P distributed backup system that grew out of Mojo Nation. Files are encrypted and shredded into multiple RAID-like pieces, so no individual piece can be used to reconstruct the original data. You don't know what's on there, and you can't find out, because you don't have the information to do it, which provides you some protection as well as providing protection to the people whose data you're storing.

Also HiveCache

[billstewart]

Hivecache is an outgrowth of the Mojo Nation P2P project. Mojo was mainly a file sharing environment; Hivecache is pointed towards business data backup environments (partly because Mojo didn't reach the ...5 Profit!!! stage...)

reinventing the wheel

[erc]

Sounds like rsync to me. Why reinvent the wheel?

prior work

[jkuroda]

http://oceanstore.CS.Berkeley.EDU/ This project from UC Berkeley CS has been tackling the issues many of you raise about this sort of global storage system, including data integrity, data locality, and data availability. They have spent a number of years working out how to deal with some of the nastier complications in such a system.

Good Idea, but...

[aes12]

As many others have clearly pointed out, there are significant problems with this system as an anonymous p2p, internet backup. Primarily, your data is scattered out there, and there's no way to know if you can get it back, and you can be sure that it will take a long-ass time to download 200Gb when you need to restore. Also consider that someone will have to provide enough space. This would be very useful for smaller quantities of critical data (Say, 100MB) Reserve 400MB on your drive, for other people's stuff, and store yours on four people's drives. You'd have added insurance that you'd be able to get it back, and with the smaller investment of space, potentially more users. The storage algorithm would be fairly complex, involving a mad amount of handshaking with the remote storage computers, to be sure that your stuff is still out there, but I think it could be done.

worms

Suppose the bandwidth problem is solved. Suppose that the data only leaves your computer encripted. Suppose a worm wipe out all servers with your data, ops...

I will not give up to offline data backup anytime soon. A backup tape carried away from your site is still the best protection for some time to come.

what the difference between this and netnews?

[iritant]

Heck, just post bits of your file system encrypted in a public key, and keep posting them. That way altavista can become your backup system.

Redundant....

[EmagGeek]

I'm sure this has been said, but I didn't feel like reading through all the posts to make sure..

but, this is simply the next iteration of p2p filesharing. The encryption is there to try to keep RIAA/MPAA off their backs, but I'll bet that this will be bastardized into a secure encrypted p2p network where snooping eyes will not be able to gather proof-of-crime...

This is my setup. It wasn't cheap.

[rice_burners_suck]

I live in Indiana. My mother lives in Georgia. My father lives in Arizona. My grandmother lives in Quebec. My aunt lives in Brazil. My brother lives in France. I have put together a datacenter in a closet in each of their houses. Each datacenter consists of two OpenBSD boxes serving as a multihost firewall and six FreeBSD boxes running the services I require. All of my data is mirrored daily to all of these centers. Most of my files are managed with CVS, too. Thus, I am confident that even in a disaster of biblical proportions, such as my toilet overflowing and damaging the hard drive, my data will be safe.

Wow. What a dumb idea!

[El+Camino+SS]

Scenario 1: "Yes, let everyone else have my backup data, they certainly wouldn't tamper with that!"

Scenario 2: "Look, someone invented a worm that infests everyone's remote backup files. This should be really easy to remove!"

Scenario 3: "No one can get into my distributed backup files. It's 128 encrypted!"

This is just a terrible idea all around. The reason why I don't hand out my personal or config files is the same reason I don't give my wallet and turn my back to the cashier every time I pay for something.

Encryption

[whereiswaldo]

Until somebody comes up with never-breakable encryption, this is a dream.
You need trusted backup sources, otherwise the temptation is too great to see someone else's data (and maybe even with trusted sources).

Imagine there's a Slashdot article saying "2048 bit encryption broken in 48 hours" and you have your data spread throughout the world... imagine the horror! scrambling around trying to delete everything and hoping nobody took separate backups that you don't have access to.

That actually brings up another point that there's nothing stopping someone from copying your encrypted data and throwing several supercomputers or large P2P compute farms against it.

moot

[Dr.Ruud]

See also www.m-o-o-t.org

<quote> m-o-o-t will consist of one CD which will boot on as many computers as possible. There will be a suite of email, w/p, spreadsheet, graphics etc programs on the CD. Access to local storage (hard drives etc.) will be disabled, and the system will shut down if the CD is removed. Data and mail will be transmitted and stored in encrypted form split between off-shore data havens. </quote>

all your data are belong to us!

[lavalamp70]

all your data are belong to us!

Distributed hash tables

[acb]

One idea may be to use distributed hash tables, where there is no central server but one or more machines have stewardship of each area of space in a hash table; when machines drop out, their hashes are reassigned.

One system which works like this is The Circle; though it doesn't split files into chunks or encrypt files. It's intended as a file-sharing/messaging system rather than a secure redundant backup system. Though something like this could be built on top of it.

Last Post!

[alpg]

I do hate sums. There is no greater mistake than to call arithmetic an
exact science. There are permutations and aberrations discernible to minds
entirely noble like mine; subtle variations which ordinary accountants fail
to discover; hidden laws of number which it requires a mind like mine to
perceive. For instance, if you add a sum from the bottom up, and then again
from the top down, the result is always different.
-- Mrs. La Touche

- this post brought to you by the Automated Last Post Generator...