Back to article
Spideroak: Secure Offsite Backups For Linux
Secure, Convenient, and Affordable?
January 22, 2009
Offsite backups are essential for important data, because we all know the perils of keeping everything in one location: fire, flood, theft, power surges, power failures, permatemps refuse to take it anymore and go berserk-- it's just wise redundancy.
But how do you implement offsite backups? I'm tired of reading headlines about how some minimum-wage "contractor" (a code word for permatemp, which is code for employee who is paid peanuts and gets no benefits) has to haul backup tapes home every night, and then they get stolen out of the poor schmuck's '68 Gremlin which hasn't had functioning locks in decades. And the tapes are not encrypted, and in fact have labels that read SECRET STUFF--DON'T LOOK!! And the poor permatemp takes the heat, but it's not his fault that his bosses are dimwits.
A Better WayThankfully there is a better way, and that is network backups to a remote location. You can swap storage space with a friend, or a branch office, or use a commercial service. The third option is the one we're reviewing today, and the vendor is Spideroak. I've been torture-testing a couple of free accounts, and had a nice conversation with the folks at Spideroak, and the short story is I give it a mostly thumbs-up.
Spideroak offers 2GB of storage for free, and $10 per month buys you 100GB. Supported clients are Windows 2000, XP and Vista, Mac OS X Tiger and Leopard, and 32 and 64 bit Linux .deb packages for Ubuntu and Debian. Clients for Fedora and other RPM-based distributions will come someday, and meanwhile you can try using alien to convert the .deb to an .rpm file.
Why Should I Trust These Strangers?That's the first question you should always ask. Your data sits on their servers, so they have control of it. I don't care how pure a life I lead, I don't want other people snooping in my stuff. There are a sizable number of online backup services that fail this test. Spideroak handles it differently-- every account has its own unique 2048 byte RSA key, and the keys themselves are encrypted. The Spideroak folks can't read your data, and if you lose your password you can't either.
What if their servers go blooey, or someone cuts a fiber optic cable and the Internet goes away? The lower-cost accounts sit in a single data center, and for a higher fee you can have geographically-distributed redundant storage. The datacenters are multi-homed to different backbones, so that takes care of any single backbone provider disappearing.
Nice FeaturesSpideroak rents you a chunk of storage space, and what you do with it is your business. You can share the same account with other people, and each one gets private storage. You can also set up public shares. You can access your account from any computer anywhere; Spideroak doesn't care and won't gouge you for the privilege.
You can use Spideroak on a headless server, though you need X for the initial account setup.
The backup process is very efficient, transmitting only changes, and if you have multiple copies of the same file only one copy will be backed up. You can set up automated backups, or hit a button when you feel like it. Restores are easy. It all feels rather rsync-ish, with improvements.
Spideroak owns their main datacenter; they don't rent from Rackspace or any other rent-a-rack datacenter.
You can back any and all file types, with one exception: hot database backups are not well-suited to this kind of service, so you'll want to backup periodic database dumps.
Their Web site is full of good useful information and is refreshingly devoid of idiotic special effects and bad scripting.
Source CodeSpideroak has not released all of their source code, but they have released a number of their development tools, and promise that eventually they will open source all of it.
The only things I can crab about are not already being 100% open source, requiring a graphical client to set up headless servers, and supporting only Debian and Ubuntu. I expect these will be resolved in time.