April 03, 2014
Tarsnap is the world’s best secure online backup service. It’s run by Colin Percival, Security Officer Emeritus at FreeBSD, a truly gifted cryptographer and programmer. I use it extensively in my company, recommend it to clients doing Serious Business (TM) all the time, and love seeing it successful.
It’s because I am such a fan of Tarsnap and Colin that it frustrates me to death. Colin is not a great engineer who is bad at business and thus compromising the financial rewards he could get from running his software company. No, Colin is in fact a great engineer who is so bad at business that it actively is compromising his engineering objectives. (About which, more later.) He’s got a gleeful masochistic streak about it, too, so much so that Thomas Ptacek and I have been promising for years to do an intervention. That sentiment boiled over for me recently (why?), so I took a day off of working on my business and spent it on Colin’s instead.
Tarsnap (the software) is a very serious backup product which is designed to be used by serious people who are seriously concerned about the security and availability of their data. It has OSS peer-reviewed software written by a world-renowned expert in the problem domain. You think your backup software is written by a genius? Did they win a Putnam? Colin won the Putnam. Tarsnap is used at places like Stripe to store wildly sensitive financial information.
Tarsnap (the business) is run with less seriousness than a 6 year old’s first lemonade stand.
That’s a pretty robust accusation. I could point to numerous pieces of evidence — the fact that it is priced in picodollars (“What?” Oh, don’t worry, we will come back to the picodollars), or the fact that for years it required you to check a box certifying that you were not a Canadian because Colin (who lives in Canada) thought sales taxes were too burdensome to file (thankfully fixed these days), but let me give you one FAQ item which is the problem in a nutshell.
Q: What happens when my account runs out of money?
A: You will be sent an email when your account balance falls below 7 days worth of storage costs warning you that you should probably add more money to your account soon. If your account balance falls below zero, you will lose access to Tarsnap, an email will be sent to inform you of this, and a 7 day countdown will start; if your account balance is still below zero after 7 days, it will be deleted along with the data you have stored.
Yes folks, Tarsnap — “backups for the truly paranoid” — will in fact rm -rf your backups if you fail to respond to two emails. //
The darkly comic thing about this is I might even be wrong. It’s possible Colin is, in fact, not accurately stating his own policies. It is possible that, as a statement about engineering reality, the backups are actually retained after the shot clock expires e.g. until Colin personally authorizes their deletion after receiving customer authorization to do so. But even if this were true, the fact that I — the customer — am suddenly wondering whether Tarsnap — the robust built-for-paranoids backup provider — will periodically shoot all my backups in the head just to keep things interesting makes choosing Tarsnap a more difficult decision than it needed to be. (If Colin does, in fact, exercise discretion about shooting backups in the head, that should be post-haste added to the site. If he doesn’t and there is in fact a heartless cronjob deleting people’s backups if they miss two emails that should be fixed immediately.)
