rsync...is not a backup strategy, being exactly as vulnerable to ransomware are as your local file. Unless you pair it with something else, but then that's not exactly 'rsync for backup'
I thought about this exact problem a month ago when I got paranoid (I'm on Windows) , and my solution involved setting up a separate cheap Linux node in my home and attaching my backup drive to it.
The server is locally SSHable, but only authenticates via password that I have to type in during each backup. Key authentication is disabled. I use borg backup so I don't even have to give shell access to this particular account (there are hardened borg configs available online).
If you're more paranoid about security, you can enable 2FA over SSH, or make sure the backup server itself creates a periodic offline backup of the backup repository, without the SSH account having permissions to that of course.
Honestly though as long as you're not doing something stupid like mounting NFS to your vulnerable device to make backups, you should be mostly fine.
Yep, agreed. Most of this advice is useful even if you're just building an open source project that you're passionate about, and your post helps a lot.
Nobody wants to build a product in vaccum that has no users, no matter how brilliant the idea.
My other two cofounders are building an open source tool - https://www.chatwoot.com/. I'm sure they have used a lot of wisdom from this experience too.
Do it. I have a cheap Linux server (non pi) running in my home, and it's immeasurably useful. It functions as a combination of a backup server (with an attached 8tb drive), Plex server (another 2 Tb media drive), PiHole host and MITmproxy etc.
Today I figured that I need to setup periodic email backups from my Gmail, and guess where that cron is going! I use Windows + WSL as my home machine so having a pure Linux machine locally SSHable is a godsend.
I though of getting a Pi but I'm just doing too much with the server.
I'm thinking it would be a great little all in one for making my gradual transition to linux from windows. For 100 bucks, I'm sure I could buy an OLD laptop, but I like the RPi route!
I was about to buy a rpi-zero-w with a KVM or remote into it but tbh the more powerful rpi4 sounds like a better option. It has the gpio headers and keyboard built in!
After years of programming professionally, these little things still excite me. :)
The funny (er, scary) thing is I was actually thinking of switching to Google registrar for my domain after namecheap messed up their CNAME records and dropped a few days of emails (I already use GSuite). Google reliability, the promise of fair pricing and a free WHOIS protection was very attractive to me.
After this, fuck that.
Google has so many services that you could lead a reasonably diverse online life without going to another provider, without the accountability that typically comes with that sort of power. They really need to be checked.
