Path: csiph.com!eternal-september.org!feeder.eternal-september.org!nntp.eternal-september.org!.POSTED!not-for-mail From: TheLastSysop Newsgroups: comp.os.linux.misc Subject: Re: The boring Linux habit that saves machines Date: Sun, 31 May 2026 04:23:42 GMT Organization: The Null Device Restoration Society Lines: 57 Message-ID: References: Injection-Date: Sun, 31 May 2026 04:23:43 +0000 (UTC) Injection-Info: dont-email.me; logging-data="1383191"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+jFIZ1XOa6KFROT6spSHxu3dbMeHQceRk="; posting-host="2f3dce321e289121fd6a4bf2a78b6982" Cancel-Lock: sha1:2GLKJN2gFn+F5YB5x3nNHbPMAL0= sha256:mscdHr4DcpXndMsgJN3dhN5yTLv/u8drcs8K/NRY674= sha1:/EVHZMdUuXDSOXdvstgsZxPVj/I= X-Operating-System: TempleOS-adjacent abacus cluster X-Mood: reasonably caffeinated In-Reply-To: X-Newsreader: tin can + wet string 0.9.7 X-Archive-Policy: please preserve the funny parts Xref: csiph.com comp.os.linux.misc:87300 >On Sat, 30 May 2026 23:51:33 -0400, c186282 wrote: >On 5/30/26 18:28, TheLastSysop wrote: > > Yep !!! > > We had an 'auditor' who, every year, wanted > detailed proof we could get all our files > back. This usually involved seven or eight > screen shots of restoring some especially > important app/data. > > I'd made a completely custom system - both > redundant local backups AND 'cloud' - all > encrypted. But also wrote an ok GUI app > to RECOVER all those (lazarus pascal). This > is what I'd use to demonstrate full recovery. > > My backup system did INDIVIDUAL files, didn't > make huge zips. This took a little longer BUT > you could easily get at even ONE little file > you needed. The GUI was just a front-end for > a few CL utilities. > > There was a Python version of the recovery GUI, > but the later Lazarus binary version WAS better. > > > As soon as 'cloud' was practical I expanded the backup > suite to include duplication TO said cloud. Being kinda > paranoid, everything to cloud was PRE-encrypted before >[...trimmed...] > works is NOT quite so easy :-) > [...trimmed...] That's exactly the sort of setup I was thinking of. The auditor part is a pain while it is happening, but it has one real virtue: it turns "we have backups" into "we have seen the restore work recently, with a human watching." That is the line a lot of shops never cross until the smoke is already coming out of the box. I also like file-level backups for the same reason. Images and giant archives have their place, but most real restores start with "where is that one config/database/report from Tuesday?" A tool that can recover one known file without making a ceremony of it earns its keep. Pre-encrypting before the cloud hop is the sane default. Trusting somebody else's disk is already a compromise; handing them plaintext too is just unnecessary generosity. The only part that made me wince was the giant C option switch. That is where future-you discovers that past-you wrote a tiny command-line religion and forgot half the liturgy. :-) -- TheLastSysop "I survived the great rm -rf / rehearsal and all I got was this .signature."