HomeAboutMailing ListList Chatter /0/0 216.73.216.5

Software for encrypted backups?

2025-10-02 by: Dan Lyke via chugalug 
From: Dan Lyke via chugalug 
------------------------------------------------------
I'm currently using the AWS cli to push backups of things like my image
folders to some s3 compatible stores. Some recent events have shown me that
I need to update and organize my backup game, but... I want to be
encrypting my backups, and I don't necessarily want to be pushing big ol'
tarballs off-site every time a single file in my Documents folder changes.

How are people managing off-site encrypted backups?


===============================================================
From: Mike Kite via chugalug 
------------------------------------------------------
I rsync to an encrypted external drive and use sneakernet for big/critical
offsite backups.
Old-skul I know, but it works.

On Thu, Oct 2, 2025 at 12:50=E2=80=AFPM Dan Lyke via chugalug 
wrote:

at
.



===============================================================
From: Michael Harrison via chugalug 
------------------------------------------------------
rsync via SSH as transport.. to physical drives at multiple locations.
Usually to a USB3 attached drive.

I used to assume the things I have "hosted" are moderately secure. But only
moderately.
Linode/Aikamai has interesting options:
https://www.linode.com/docs/guides/security/encryption/
and a lot of buzzwords like "post quantum".

All useful, but the base OS's (at all larger providers) all include a
backdoor / maintenance bot that allows them to reset passwords, force
shutdowns, mount drives, manage networks..... etc. etc..

Want secure? Your hardware at a data center that answers the door with a
shotgun and face recognition by an intelligent human. Jim Wells at Networks
Inc slammed the door on a client of mine that tried to access his place to
see the server we ran for them while saying "You're not Mike...[slam]" They
were impressed. And yeah, I've done the same.

Paranoid mode:
There is "probably" a LEO interface that gives them a snapshot of any
server at a major provider, probably with an optional "search warrant"
field.
Secure enough under the current DOJ, unless you're a "person of color"
including the rainbow spectrum, or associated with either group, or
suspected of being associated with them, or "ANTIFA". Oh yeah, that means
all of us. But then, as I type this into a web interface using a web
browser, I contend Google already snarfed the good parts for an AI LLM
feed.









On Thu, Oct 2, 2025 at 12:50=E2=80=AFPM Dan Lyke via chugalug 
wrote:

at
.



===============================================================
From: Ed King via chugalug 
------------------------------------------------------
Safe deposit box

On Thursday, October 2, 2025, Dan Lyke via chugalug 
wrote:




===============================================================
From: Michael Harrison via chugalug 
------------------------------------------------------
Safe deposit box.... is safe until a warrant shows up. But it does mean
trusted non-techies on the access list can get to it... in case.

But if I pop by Ed's for a beer every couple of months, and bury/rebury a
small drive in a sealed box when he's "not looking"... he knows nothing,
and neither does anyone else.
We just talk about Nova's, arcane computers and Linux while I help with
gardening.. right? 1tb+ USB drives are cheap.

Note to LEO's: I'm joking, This is all a theoretical intellectual exercise
for humor / sature purposes and to expose the issues with paranoid
thinking. Once you go down that rabbit hole, there you are, living in a
rabbit hole with stashed encrypted backups of Linux ISO's and RFC
documentation.