Be Paranoid About Your Data

Last week wasn’t a very good week.  Over the weekend the hard drive on my iMac failed and by failing Mac OS X said it couldn’t repair the drive so it came up read only mode.  So I did the sensible thing and copied the entire contents to my external Drobo (essentially striped RAID).

Then Monday morning the Drobo wouldn’t boot up.  It would just do a continuous boot and restart.  Not good, but at the end of the day all of our most important stuff, the source code for projects, is stored on a commercial source code hosting service.  In case of theft or disaster of my equipment I’m only down as long as it takes me to buy a new computer and download the repositories.

The Mac hard drive was replaced by Monday night and by Monday afternoon Drobo tech support had the Drobo back up and running.  They didn’t give a reason but I suspect that because the Mac had hard crashed a few times (due to the bad drive) it got into a state that it didn’t know how to recover from.  But it works and I didn’t lose any data.

Tuesday when things started to go back to normal we couldn’t reach our source code hosting service, Code Spaces.  On Twitter they said they were experiencing a DDOS attack and I didn’t worry to much about it.  They’re the experts, right?

By Wednesday they still weren’t back up.  A little concerned I went to their website and found the message that you never want to hear.  They accounts had been hacked and ALL of their repositories had been deleted.  Oh, and pretty much immediately they are ceasing operations as a company.  You can read more about it at http://www.codespaces.com and http://www.electronista.com/articles/14/06/18/hosting.company.returning.what.data.it.has.left.financially.crippled.by.attack/

So much for the offsite backups.  The fact that the backups could be accessed through their Amazon Web Services account should give anyone pause for concern.  Is your web services company really paranoid enough to protect your data?

I know more than a few people have given Xojo some grief that their security for Xojo Cloud is over the top.  Maybe it is, but then you hear stories like this and you start to wonder if maybe being overly paranoid is a good thing.

So here is my advice.  Have multiple sources of backups.  Keep one source in a safety deposit box and update it regularly.  Use a commercial host that you trust.  There’s no guarantee they they won’t be the next Code Spaces and get hacked but hopefully this incident was a warning to them to be more paranoid and strengthen their security procedures.

I know of developers that backup everything to a thumb drive on their keyring.  I’m not sure that’s entirely secure but if that makes them feel better so be it.  At least their source code is always with them.

While last week was not a good week at least I’m learning to be even more paranoid about my data.  Being paranoid about your data is a good thing.

4 thoughts on “Be Paranoid About Your Data

  1. [quote]I know of developers that backup everything to a thumb drive on their keyring[/quote]

    I am one of those people. I keep a TruCrypt backup on a flash drive that is always with me in addition to a three location backup. Having a disaster recovery flash drive is a cheap last ditch recovery that I hope to never need.

  2. Sorry to hear you had a rough go last week. A few months ago my Drobo FS died without notice & I had to buy a replacement (the much improved Drobo 5N). While I felt hobbled, I was only down 1 backup source & any movies not in the cloud, including years of WWDC videos.

    I’ve been a big fan of CrashPlan for backups. Instead of Time Machines, I use them for incremental backups to my Drobo NAS locally as well as off site. All of my source code is also stored in a Dropbox sub folder which is cloned to their servers. Additionally, I use Carbon Copy Cloner to clone my boot drive to a Firewire 800 drive. That drive is partitioned into 3 logical drives: last stable OS update (currently 10.9.2), nightly clone (currently 10.9.3), and future OS (currently 10.10). For additional source code repositories I have them split up between GitHub, BitBucket, and my own private server.

Comments are closed.