Off/Online library backup strategy

[Porn Library]

Backup on two harddrives. 

This right here. That's exactly what I started doing ever since the major external crash I had in 2013 where I lost a ton of stuff that i'll never get back. I also agree with the cloud thing being a bad idea...that's never guaranteed to be a lifetime thing for the reasons someone already stated.

[Greta]

Backup on two harddrives. 

This right here. That's exactly what I started doing ever since the major external crash I had in 2013 where I lost a ton of stuff that i'll never get back. I also agree with the cloud thing being a bad idea...that's never guaranteed to be a lifetime thing for the reasons someone already stated.

Same here!

[stackjackson]

Two external drives, +backup to DVD, +cloud storage. That's my setup.

I just lost my second ext drive last month, the one I use for Time Machine. This prompted me to re-consider the cloud option as an extra level of security. And I'd like to thank kpmhill for his recommendations.

[kpmhill]

There seems to be a lot of misconceptions about cloud backup services.

None of the dedicated/personal cloud backup services are vulnerable to copyright takedowns, because they are not used for public-facing shares, like Mega, etc.

Dedicated cloud backup services are completely inaccessible for anyone who doesn't have the cryptographically-protected, personal credentials. 

There are no "rules" to follow for what is stored. Your files are protected and private/inaccesible to other parties (usually incl. the backup company itself) as long as you pay for the service. If a backup company went out of business, that would be an issue, but you should have time to deal with that anyway, through your local backups, worst-case.

Also, you're never putting your entire trust in the hands of the backup company. By definition, all viable backup solutions have multiple components, that allow for failure of one backup mechanism, because you always have (at least) one complete fallback mechanism, within the window of vulnerability. Lacking that, you're not actually backed up.

Everyone will eventually find their personal backup solution (one hopes), but let's not spread bad information about supposed vulnerability of online backups.

[Psyclon]

The very definition of them being "online" (read as: Off-site) is a reason to put them far back in the list of options or als tertiary solutions. Because "on-line" means many men-in-the-middle situations. And even as KPMHILL above says, if the files are not accessible by copyright holders or investigators, there are still the terms of services. These are private companies. And I am very, VERY sure that no cloud service ever will give you a life-time, 100% guarantee that your files are accessible or that your account is there forever. And then? Sue them? "Sorry, read 14.1.2 - "We can close your account at our discretion without any further reason". You signed and agreed these terms. K, thanks, bye~~." These files are gone.

The "bad information" I brought up are all valid, everyday problems. Connectivity, accessibility, (un)responsibility of the company, iffy terms of service, man-in-the-middle (bank payments may bounce, tech support simply does not respond,...) laws and embargos... So many Damocle's Swords hovering over my files.. No, thanks. What is a cloud service doing? Giving me storage, with many catches. I can also buy storage (HDD, SD, thumb drives), with no catches.

For sharing, or for tertiary backup - good. I also stated that before. But that does not make all the drawbacks on cloud storage services go away.

[kpmhill]

The "bad information" I brought up are all valid, everyday problems.

In that case, please cite a couple real-world examples for your claims.

I’ll wait.

[likedeeler]

I seem to remember a similar discussion a while ago (which probably went down the drain in the crash last September).

I usually avoid the argument from authority, but here it may be appropriate for once. I am a computer scientist specialising in the areas of reliability, safety and accident prevention in connection with computer-controlled technical systems. Think of electric power steerings, aircraft control, power stations, robots, medical equipment, databases and the like. That said ...

Never rely on "cloud" services safeguarding your data. Ever.

The notion that these services will not disappoint you -- for whatever reason: an attack, incompetence, change of management or when they simply fold -- is, ermmm ...

Cute. Let's say it's cute.

This does not mean one should not use cloud services at all. They can be very useful in certain scenarios. But using them as a safety measure for personal data, without additional local measures (see below), must be discouraged.

Every day, companies lose vital data through internet-based attacks. This includes big corporations and governmental agencies. Frequently, large sums of money are paid by management to regain possession of their data, if they are not lost altogether. Companies are going out of business because of it. We do not usually hear about these incidents in the news because they do not become known or are not reported. They only become known to the public if they cannot be kept under wraps.

So, these are the examples. Their number is legion.

What can be done instead, or additionally?

(1) Always use a local RAID with redundance for your important data. Do not use single hard drives. If you do, your data are as good as gone. It may happen in five years or it may happen tomorrow. It is remarkable how many people still use nothing but single discs for their data. They are going to regret it. I did.

(2) If possible, have an additional backup (which can be on single drives because you already have a RAID).

(3) Do not use DVDs or -- worse -- CDs as a backup solution. They degrade quickly, are slow to read from and still slower to write to, and they are also much more expensive than hard drives.

(4) For editable documents use a versioning system, with the repository located on the RAID. I recommend Subversion (on Windows it can be used together with TortoiseSVN for greater convenience). There is also Git, but if you aren't a software developer you will not need the additional complexity.

Only after you've observed points 1 to 3 should you be considering cloud services as a fallback. Not before. Avoid "free" or very cheap offers. Read the terms and conditions attentively.

What does my own desktop system (at home) look like?

-- I have a standard desktop computer with two internal SSD, one for the operating system, one for data. It is necessary that the OS should reside on its own drive, in this way the data are not affected if the OS fucks up, I cannot access the drive anymore and need to make a clean install. IMPORTANT: Windows needs to be told to move the standard folders (Desktop, Documents, Pictures, Videos etc) to the data drive, otherwise they will remain on the OS drive, which is bad. Some programs, Outlook for example, also need to be explicitly configured so that their database is on the data drive. Programs themselves are installed on the OS drive (usually called C: if it's Windows).

-- I use a NAS that is configured as RAID 5 for data storage and is connected through WLAN via the router to the computer. With 4 x 4TB discs this gives me about 11 TB of storage space that is immune to the failure of one disc. The NAS is inaccessible from the internet except for the manufacturer to update the operating system from time to time.

-- I bought four discs of the same model at four different shops. In this way the likelihood of getting discs that were produced on the same day, by the same people, using the same machine -- potentially making the same mistakes -- is reduced, which in turn reduces the likelihood of them failing together. RAID 5 cannot tolerate the simultaneous failure of two discs. In the future, I will probably switch to a RAID 6 system. RAID 6 does tolerate the failure of two discs but is also more expensive. Before the RAID 5 system I had a NAS with RAID 1 and two discs, which was cheaper. This is a good entry level for RAID beginners I think.

-- Important folders (Desktop, Documents, Pictures, but not Downloads) on the data drive are configured as working copies of the repository on the NAS. If I have edited something, say, a Word document or a PDF, I simply commit it to the repository. In this way, it's safely stored in the RAID, and I still have a working copy on the internal data drive that in effect is the backup.

-- The main music storage is on the NAS, and  there is a dedicated external HDD, directly connected to the computer with USB, that backs up my music. Whenver I have new music I put it on the NAS and then run Robocopy to mirror the audio folders there to the HDD backup. Usually I play music from the backup, not from the NAS.

-- Videos and other less important files that I rarely need only reside on the NAS, I do not back them up. Files that I do not mind to lose at all remain just on the internal drives of the computer.

I hope these explanations are perspicuous. If something has remained unclear, don't hesitate to ask.

[kpmhill]

Never rely on "cloud" services safeguarding your data. Ever.

You're making a fundamental conceptual error.

The general philosophy/raison d'ętre of backup is that you don't "rely" on one particular system … for anything. And the idea that cloud services must always disappoint … is risible.

You *are* correct in saying that "Every day, companies lose vital data through internet-based attacks." What you're missing is that these attacks also target local/enterprise-hosted storage, just as they might target 3rd-party storage online. In fact, more often. You don’t see script kiddies going after AWS or Azure, and you can’t buy pre-packaged ransomware exploits for them either. There's nothing magically secure about local storage — especially when it's maintained by non-professionals.

I don't see you mentioning off-site backup, either. Perhaps I missed something. I think the idea that one's physical facility is not subject to fire, flood, theft, etc. would have to be, to use your term … “cute.”