this post was submitted on 28 Aug 2023
9 points (100.0% liked)
NotAwfulTech
364 readers
1 users here now
a community for posting cool tech news you don’t want to sneer at
non-awfulness of tech is not required or else we wouldn’t have any posts
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I have currently settled on borg for backups personally, combined with some gruesome ssh hackery to let me do pull backups of external machines using ssh tunnelled sockets back to a backup server which is not reachable from the wider internet. These days I might just use tailscale to set up a VPN & pipe the backup straight over that without all the ssh shenanigans but the system I have works. You can also use borg to talk directly to rsync.net at special nerd rates: https://www.rsync.net/products/borg.html Bring your own support!
NB. Last time I looked at this, borg’s cryptography was somewhat suspect. Not actually broken, but definitely not using best practices. Restic is better, but at the time I was looking restic didn’t compress backups so it was a non-starter for me. These days restic does compression as well so is probably the right default choice. Borg2 has a rewritten encryption layer which supposedly fixes all the problems pointed out by cryptographers with Borg1, but it hasn’t hit a release version yet & is still in beta.
Oh, look a Borg CVE has just landed in my Debian security inbox.