Droolio

Is this really much of an issue? They provide documentation and a repository of scripts for working with WG for instance. And I’ve been using this docker container for many years without issue.

Duplicacy

You maybe right about the authoritarian part, but I guarantee you they don’t know a thing about technology - evidenced by their unwillingness to listen to experts on matters like the Online Safety Act or on trying to outlaw e2ee. Starmer made Peter Kyle Secretary of State for Science, who said “For everyone thinking of using a VPN, verifying your age keeps a child safe … so let’s not try find a way around, just prove your age, make the internet safer for children.” Authoritarian certainly is an adjective to describe these people, but so also is clueless.

Nah. The monarchy absolutely is not part of our identity. More importantly, they don’t have any part in making decisions - parliament and the current govt. do.

We have some croaky institutions (the Lords) and a stupid voting system (first past the post - just like the U.S) but the monarchy is just a figurehead with some unfair land ownership laws - but the monarchy itself has no authority on this. Today’s bs comes down to heir Starmer’s cluelessness/arrogance.

Have 3x such WD Reds 3TBs with average ~100K hours power on each, 34.77 years total.

Spent most of that time in a HP Microserver N54L Windows 2012 R2 server with DrivePool, Scanner and SnapRAID. Now they’re in a custom build Proxmox in RAIDZ1. Have no intention of retiring them. :)

Device Model: WDC WD30EFRX-68AX9N0

ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x002f   200   200   051    Pre-fail  Always       -       0
  3 Spin_Up_Time            0x0027   179   178   021    Pre-fail  Always       -       6033
  4 Start_Stop_Count        0x0032   098   098   000    Old_age   Always       -       2163
  5 Reallocated_Sector_Ct   0x0033   200   200   140    Pre-fail  Always       -       0
  7 Seek_Error_Rate         0x002e   200   200   000    Old_age   Always       -       0
  9 Power_On_Hours          0x0032   001   001   000    Old_age   Always       -       110229
 10 Spin_Retry_Count        0x0032   100   100   000    Old_age   Always       -       0
 11 Calibration_Retry_Count 0x0032   100   100   000    Old_age   Always       -       0
 12 Power_Cycle_Count       0x0032   100   100   000    Old_age   Always       -       123
192 Power-Off_Retract_Count 0x0032   200   200   000    Old_age   Always       -       35
193 Load_Cycle_Count        0x0032   200   200   000    Old_age   Always       -       2127
194 Temperature_Celsius     0x0022   115   088   000    Old_age   Always       -       35
196 Reallocated_Event_Count 0x0032   200   200   000    Old_age   Always       -       0
197 Current_Pending_Sector  0x0032   200   200   000    Old_age   Always       -       0
198 Offline_Uncorrectable   0x0030   100   253   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x0032   200   200   000    Old_age   Always       -       0
200 Multi_Zone_Error_Rate   0x0008   200   200   000    Old_age   Offline      -       0

announced

What announcement? There’s been a new Personal Plus plan around for several months already - introduced without much fanfare, and simply brings the user count from 3 to 6 for a fixed small fee. Presumably this is due to feedback from personal users wanting to contribute something other than nothing.

Where do you see the free Personal plan has changed at all?

custom domain

From what I gather, this refers to the email address you sign up with.

If you use something like a non-gmail email address when signing up, it starts you off on the business plan with a trial (which you can instantly change to free). (Note: they’re gonna change this auto-detection thing with shared domains soon due to a security hole.)

I believe you can still use a custom domain (instead of the randomised *.ts.net provided one) with DNS lookups in your tailnet, on the personal (free) plan.

Dunno about Posteo or Mailbox but couldn’t really recommend a dedicated email provider as I alluded to earlier - cPanel gives me complete control, although it’s your own responsibility to set up mailboxes and configure it how you like. There’s a way to create a filter to give yourself a catch-all email (use a unique email address when signing up for things), and I turn off SpamAssassin as I prefer 100% deliverability and no false positives. If an email address ‘leaks’, I can simply blackhole it in cPanel.

Used to use Namecheap for domains but now Porkbun (much cheaper). Been using KeePass for a number of years too, but switching over to Bitwarden imminently. :)

The point is not to self-host email (not entirely anyway; you’ll always need an SMTP relay with good IP reputation, e.g. mailgun), but you can use a regular web hosting company and buy your own domain there or separately via porkbun etc… Your bank won’t have a clue what email you use, you’re just paying a web hosting co. / domain registrar.

I kinda wish more people would look beyond the big email providers that rely on proprietary apps and tech. Email is a set of open protocols but it was never designed to be secure and never will be. Proton et al can only offer e2ee within its boundary (GPG works just as well if you really need it) - for everything else (most stuff), it’s pretty pointless to try harden that.

For the last 26+ years, I’ve been hosting my email on simple cPanel, with my own domain name, 100% managed by myself. I have a catch-all / wildcard mailbox, get almost no spam (and can blackhole any address that leaks, as they inevitably do), and can access it in my own way (Roundcube, Thunderbird ftw.)

Right now, I use old-fashioned POP3 (so it’s deleted off the server), but could if I wanted, set up a local IMAP server with something like fetchmail and chain it together for more privacy and convenience. (Remember, you’re never gonna approach ee2e levels unless it’s in a proprietary system.) The most important thing; since the hosting company is responsible for email delivery, they use reliable third parties (think mailgun, sendgrid, brevo etc.) as part of the package.

Total control, cheap, and don’t ever have to rely on a big tech company (or a CEO getting political).

Do ignore me then, I assumed you might know the reference and only I mean’t it in good humour. :) (Without spoiling anything - in the unlikely event you might some day watch it - Mr Milchick is a character that uses ‘big words’. Your choice of words struck a chord.) I will say though, you’re seriously missing out. The cinematography alone is brilliant and the acting exceptional.

As you were, Mr Milchick.

More than just a traditional VPN. @[email protected] was concerned about security and it being always-on. Tailscale is an overlay network that links devices directly, deals with authentication, punching holes through NAT.

You’re limiting yourself somewhat if you’re not able to plug in multiple drives at the same time. Otherwise, I might suggest mergerfs for basic JBOD. You won’t be able to use a single ZFS to avoid bit rot - only detect it. SnapRAID - ideal for offline setups - would be the next step up if you could dedicate one of your drives to parity.

In your position, I’d do Duplicacy backups split/spanned over multiple backup drives (however you connect them).

It has a pretty cool Erasure Coding feature that protects individual chunks from bit rot and possibly even bad sectors, plus the whole database-less architecture makes it very robust. De-duplication, high levels of compress, and encryption. Plus you can keep historic snapshots, so you can avoid the risk of accidentally sync’ing ransomware over the top.

Edit: the CLI is free for personal use, and is source-available. Written in Go and extremely performant.

my dad and I both have hypervisors. Any suggestions on how to share backups without a vpn?

Just use Tailscale on the devices instead of VPN. Secure and no faffing around with port forwarding.

Crazy. Though I suspect the copy protection is done by the third party Termly, which hosts the policy.

To select the text (in Firefox), first right-click This Frame > Show Only This Frame. Press F12, expand <head>, find the second <style> block, right click it and Delete Note.

Multiple backups may be kept.

Nice work, but if I may suggest - it lacks hardlink support, so’s quite wasteful in terms of disk space - the number of ‘tags’ (snapshots) will be extremely limited.

At least two robust solutions that use rsync+hardlinks already exist: rsnapshot.org and dirvish.org (both written in perl). There’s definitely room for backup tools that produce plain copies, instead of packed chunk data like restic and Duplicacy, and a python or even bash-based tool might be nice, so keep at it.

However, I liken backup software to encryption - extreme care must be taken when rolling and using your own. Whatever tool you use, test test test the backups. :)

There’s no point doing anything fancy like that - wireguard over Tailscale is pretty pointless, as Tailscale is literally wireguard with NAT traversal and authentication bolted on. Unless you enable subnetting, it can’t get more secure than that.

And even if you do enable subnetting (which you might wanna do if you need access to absolutely everything), you can use Tailscale ACLs to keep tighter control - say, from specific (tagged) devices.

Won’t take that long before the enshittification is complete.

100% this. OP, whatever solution you come up with, strongly consider disentangling your backup ‘storage’ from the platform or software, so you’re not ‘locked in’.

IMO, you want to have something universal, that works with both local and ‘cloud’ (ideally off-site on a own/family/friend’s NAS; far less expensive in the long run). Trust me, as someone who came from CrashPlan and moved to Duplicacy 8 years ago, I no longer worry about how robust my backups are, as I can practice 3-2-1 on my own terms.