Someone pointed out in another HN discussion that for the highest security it would be nice to have an independent service that accepted/pulled ZFS snapshot streams to apply to the backup datasets, as opposed to using ssh and risking local privilege escalations or relying entirely on ZFS user permissions.
Does anyone know of an existing service like this? Is it something rsync would consider hosting/providing? Currently to support sending encrypted ZFS snapshots to rsync.net I need to use the freebsd VM option with its own zpool.
The zfs snapshots that we make of your account are immutable (read only) from the perspective of your credentials.
So even if you publish your rsync.net credentials and Mallory wipes out your entire base account, the snapshots will still be there (until they rotate out, of course).
I use rsync.net in zfs send/receive mode, I push only encrypted snapshots and incrementals, the key has never left my local device (well I have a paper copy in a remote place).
I'll echo the praise for rsync.net and especially the "expert" plans that are very economical. I often refer to rsync.net as a "no nonsense" service which is well run by highly competent staff.
I have scripts that do both borg and rsync backups; the borg backups are for preservation and the rsync backups are to keep multiple machines at a similar data state. I also am able to do a borg backup of my website by rclone mounting the website file system and then pushing to a borg repo on rsync.net. This has saved my tail more than once. Website backup is a bit slow (compared to local backups) but it works reliably.
I certainly hope rsync.net never shuts down as there is nothing else out there even close to comparable in both quality and value.
Absolutely love your no nonsense approach to what you do. Loyal customer for years and no intention to leave. I talk about your service whenever someone will listen ;)
I just reworked my home server backup strategy to use rsync.net and it's been a great experience.
I'm using btrfs and snapper to take hourly snapshots. The snapborg[0] tool then pushes those snapshots to a borg repo on rsync.net. snapper and snapborg can be configured to keep the number of hourly/daily/weekly/monthly/yearly snapshots you want and can automatically prune them.
I published my scripts[0] and notes[1] about doing append-only backups with Borg on rsync.net since at the time rclone studio wasn't supported. My strategy is to do Restic backups to a backup server at my house and Borg backups to rsync.net as my offsite backup, so the scripts handle both.
The post I linked above also outlines how I handle expiring old backups (requires either manual action with your privileged key, or a suitably isolated host that has the ability to purge the backups automatically.). You really don't want to fill up your disk (or hit your hard quota) with Borg. Recovering -- even deleting existing backups -- requires a bit of extra space unless you want to rm -rf.
As free advertisement to rsync.net, I also like the service and support.
I have not deleted any of my daily borg backups for many years, covering my laptop and some servers. Borg has an equivalent `borg serve` feature as detailed in the article.
I use borg mount every other week. After the initial config, you can just type:
$ borg mount :: borg/
...and browse the full archive lazily. Most of the time I'm looking at the last entry, but I've done some historical searching once or twice.
Even though I count the rsync.net backup only once in the 3-2-1 backup rule, its geo-distributed under the hood, so there's also that.
I forgot to update the payment credit card once and got a few months of grace with periodic notices, but no service cut and excellent customer support.
We’re happy customers of rsync.net and totally recommend them. We love how simple and clear everything is — no fluff, just honest, practical service. It just works: reliable, functional, and easy to use. Perfect if you want something straightforward and trustworthy.
Did everybody arrive on this page from rsync.net's newsletter? I can't find this thread anywhere on the HN frontpage, I checked until position 800 before I gave up. We (newsletter subscribers, customers) might all be talking to ourselves here without reaching anybody outside that bubble.
I have "Require password after screen saver begins" turned on.
I realized that because of this, when my screensaver is on, ssh keys with passphrases (stored in my Keychain) would not work, which would lead rsync to fail.
I ended up using a dedicated passphrase-less ssh key for rsync. Not ideal.
Are there workarounds to have backups run while my computer is "idle'ing"? Thnaks!
just another happy customer, from so long ago I can't find my signup email anymore. very glad there are still companies who just do a thing well without trying to tie me up with them further or cross-sell or sell themselves or make the product worse.
Someone pointed out in another HN discussion that for the highest security it would be nice to have an independent service that accepted/pulled ZFS snapshot streams to apply to the backup datasets, as opposed to using ssh and risking local privilege escalations or relying entirely on ZFS user permissions.
Does anyone know of an existing service like this? Is it something rsync would consider hosting/providing? Currently to support sending encrypted ZFS snapshots to rsync.net I need to use the freebsd VM option with its own zpool.
We already provide this.
The zfs snapshots that we make of your account are immutable (read only) from the perspective of your credentials.
So even if you publish your rsync.net credentials and Mallory wipes out your entire base account, the snapshots will still be there (until they rotate out, of course).
I use rsync.net in zfs send/receive mode, I push only encrypted snapshots and incrementals, the key has never left my local device (well I have a paper copy in a remote place).
Happy to discuss any aspect of the Q4 notes, or previous notes[1] throughout the day today.
[1] https://www.rsync.net/resources/notes/
I'll echo the praise for rsync.net and especially the "expert" plans that are very economical. I often refer to rsync.net as a "no nonsense" service which is well run by highly competent staff.
I have scripts that do both borg and rsync backups; the borg backups are for preservation and the rsync backups are to keep multiple machines at a similar data state. I also am able to do a borg backup of my website by rclone mounting the website file system and then pushing to a borg repo on rsync.net. This has saved my tail more than once. Website backup is a bit slow (compared to local backups) but it works reliably.
I certainly hope rsync.net never shuts down as there is nothing else out there even close to comparable in both quality and value.
Absolutely love your no nonsense approach to what you do. Loyal customer for years and no intention to leave. I talk about your service whenever someone will listen ;)
I just reworked my home server backup strategy to use rsync.net and it's been a great experience.
I'm using btrfs and snapper to take hourly snapshots. The snapborg[0] tool then pushes those snapshots to a borg repo on rsync.net. snapper and snapborg can be configured to keep the number of hourly/daily/weekly/monthly/yearly snapshots you want and can automatically prune them.
[0] https://github.com/enzingerm/snapborg
I’m another happy customer. I use them to backup all of my wife’s work, and all of our personal files and pictures.
I recommend them to everyone who asks me about backups.
The utter simplicity of just having ssh and zfs as a service is killer! I can connect anything I want to it to back however I like.
And it just works.
Another happy rsync.net customer.
I published my scripts[0] and notes[1] about doing append-only backups with Borg on rsync.net since at the time rclone studio wasn't supported. My strategy is to do Restic backups to a backup server at my house and Borg backups to rsync.net as my offsite backup, so the scripts handle both.
The post I linked above also outlines how I handle expiring old backups (requires either manual action with your privileged key, or a suitably isolated host that has the ability to purge the backups automatically.). You really don't want to fill up your disk (or hit your hard quota) with Borg. Recovering -- even deleting existing backups -- requires a bit of extra space unless you want to rm -rf.
0 - https://marcusb.org/hacks/backuptools.html
1 - https://marcusb.org/posts/2024/07/ransomware-resistant-backu...
As free advertisement to rsync.net, I also like the service and support.
I have not deleted any of my daily borg backups for many years, covering my laptop and some servers. Borg has an equivalent `borg serve` feature as detailed in the article.
I use borg mount every other week. After the initial config, you can just type:
...and browse the full archive lazily. Most of the time I'm looking at the last entry, but I've done some historical searching once or twice.Even though I count the rsync.net backup only once in the 3-2-1 backup rule, its geo-distributed under the hood, so there's also that.
I forgot to update the payment credit card once and got a few months of grace with periodic notices, but no service cut and excellent customer support.
I'm also fond of their stance on pretend standards, like PCI compliance: https://www.rsync.net/resources/regulatory/pci.html
IIRC I created the account for use as a git-annex remote, but I've used it for archival and sshfs, which is very convenient.
We’re happy customers of rsync.net and totally recommend them. We love how simple and clear everything is — no fluff, just honest, practical service. It just works: reliable, functional, and easy to use. Perfect if you want something straightforward and trustworthy.
Radek (https://www.mydreams.cz)
Did everybody arrive on this page from rsync.net's newsletter? I can't find this thread anywhere on the HN frontpage, I checked until position 800 before I gave up. We (newsletter subscribers, customers) might all be talking to ourselves here without reaching anybody outside that bubble.
That’s fine.
We don’t have our own forum so this is as good of a place as any to discuss anything that’s on your mind.
AMA.
I love rsync.net. Have been using them for some time now. Though I'm quite a small fish and only use a few hundred GB on the borg plan.
That restic workflow is very cool. Nice work! Happy customer.
Another very happy rsync.net customer!
A note/question to other macOS users:
I have "Require password after screen saver begins" turned on.
I realized that because of this, when my screensaver is on, ssh keys with passphrases (stored in my Keychain) would not work, which would lead rsync to fail.
I ended up using a dedicated passphrase-less ssh key for rsync. Not ideal.
Are there workarounds to have backups run while my computer is "idle'ing"? Thnaks!
just another happy customer, from so long ago I can't find my signup email anymore. very glad there are still companies who just do a thing well without trying to tie me up with them further or cross-sell or sell themselves or make the product worse.
keep up the good work!
100%