@zuphzuph Why back up a whole system image? Back up data, configs and (maybe) installers. 2FA is the sort of thing every public cloud account that handles sensitive data should have, however, that doesn't remove the need to encrypt the local/NAS copy.

It's also good practice to encrypt what you're putting into cloud storage (be that OneDrive or any backup solution, such as Backblaze, Glacier, etc). Your level of trust/care about being party to Yahoo-style mass surveillance will determine whether or not you want to take the minimal effort required to defend against that threat. (I take offence to rational concerns backed up by evidence called conspiracy theories, BTW. There are enough of those out there without vilifying legitimate threats.)

I should also point out that your ability to solve your own personal storage needs by basically saying "meh, **** it, I'll take the risk" re: backups is pretty rare. I personally have at least three non-phone devices, certainly wouldn't relish rebuilding them!

"Personal use" can also include spouse, children, etc. It doesn't take much for running a household's IT to become as complicated as running that of a small business. More pressing, perhaps, as the angry users know where you sleep.

Also..."just keep what you need in the cloud account" isn't enough for some things. That's okay for my music collection, but I'm going to want better redundancy that that for my home pictures and my tax returns.

3-2-1: Your data should be on three devices, on two different types of media with one of those copies being offsite.

If your data doesn't exist in at least two places, then it simply doesn't exist. Being in OneDrive/Dropbox/etc isn't good enough. Public cloud services have had failures and they have lost data. So if you want to use cloud as your primary storage location, make sure you back that cloud up to another, separate cloud.

Alternately, keep a local copy that is really, really unlikely to go pfffft at the same time the cloud copy has an oopsie. Given how awesome cheap NASes are at this stuff today, proper layered backups should be achievable for cheap, even for the home user.

@IRJ I'm not a conspiracy theorist. I'm advancing very real world concerns that are based on actual events.

Maybe you don't care to build in mass surveillance into your threat models, but that doesn't mean it is irrational to do so. (Personally, I think you're a fool if you don't.) A lot more matters in life than the cash in your pocket or the numbers in your bank account.

The border patrol thing is a great example. As a Canadian tech journo I need to periodically get into the US to do my job. If I am unable to do so because of data hoovered up by the US government, I've got a big problem.

I can do absolutely nothing wrong and yet still have huge roadblocks put in my way because some algorithm interpreted data poorly, or because someone who knows someone I know did something wrong. That's simply the reality of how things work today.

Can I keep the NSA out of my data if they are making a concerted effort to attack me personally? No. Targeted efforts by any state actor and 95% of non-state hacking groups would steamroller any defenses I (or any cloud/service provider) could mount. That's the cold, hard truth.

Despite this, I can take some very simple efforts to remove myself from mass surveillance trawling. In reality, I am far more likely to be negatively affected by mass surveillance (and associated Big Data analysis) than I am a targeted attack.

Targeted attacks are like meteor impacts: there isn't a heck of a lot you can do about them as an individual so you pretty much have to ignore them. (Disaster recovery is useful here, from an IT standpoint.)

But mass surveillance is a very real, very tangible threat that impacts most if not all of us. And it is something we can do something about. So why not take the steps to protect yourself?

@scottalanmiller Which I find equally insane. Unless you live in a hipster paradise and never, ever travel beyond the bounds of great wifi connected to awesome backhaul you're going to end up needing local storage to get real work done.

Hell, I can't even shitpost on Twitter without the ability to access my picture and video archive, save things I find off the web, etc. And no, life in a browser doesn't cut it. Browsers have their own problems, not the least of which is that web services tend to be "change fast and break things" to the point of being polymorphic.

I don't handle my computer not working the same as it did yesterday particularly well. It usually leads to rage.

So, assuming I feel the need to use local applications for at least some things, that means needing either local storage or 100% rock solid connectivity to a NAS. Doable for a thin client type affair that's physically in a static location with known good connectivity to said NAS, but practically impossible for mobile use.

@IRJ Wrong.

Your insurance company wants the analysis of your personal files quite badly. As do the credit agencies, banks, governments, border patrol...you name it!

Pretty much every company or agency involved in risk assessment of individuals wants access to as much of your personal data as they can legally get. If they can't legally get it, they will settle for getting "grey market" analysis of data obtained illegally. (The law is still now in on just how illegal this is, or if it is.)

You are kidding yourself if you think, for example, that the US border patrol doesn't want every single personal file of every single foreigner in the world to be fed through a gigantic Big Data engine so that they can determine if you're a risk. You could be a terrorist, a petty criminal or - far, far worse - someone who is trying to do business without claiming so, or claiming to do business in the wrong category.

Sorry man, but everyone wants your data. They don't want to stare at your dick pics, but they absolutely want to know how many dick pics you have, how frequently to take them, who you send them to and what those dick pics reveal about your health, etc.

If you don't understand that threat model, you're not ready to be a sysadmin in today's brave new world.

@scottalanmiller Maybe. But bigger than I'm willing to worry about here. Specific issue was "is SimpliVity a bucket of assbutts". Answer: "no, they're not."

The rest of this is to existential to worry about for me right now.

@scottalanmiller Hey, I like definitions, that's great! I don't actually care whose terms are used, or why. All that I care about is that we're using the same terms, so that when we all argue, we're arguing about the same thing, and not past eachother.

"This is SMB" or "this is not SMB" is a really pointless bit of chest-thumping nonsense unless we're all using the same definitions of these extremely fluid-to-the-point-of-almost-meaninglessness terms.

@scottalanmiller Okay. shrug. This is your clique man. I've said my piece, I've defined my terms, and I've linked to the statistics and rationale behind choosing those terms. I don't care what anyone else in any of the other cliques wants to call things. Anyone who cares to consider what I have said can use the definitions as I have listed them to understand what I said. That's all that matters to me.

The rest is just ook, ook ooooooooooooooooooooooooooooooooooooooooooooooook

@scottalanmiller I should also point out here that in Canada, which is a fairly advanced economy, only %0.14 of businesses are larger than 500 employees. If your definition of the market is that SMB is < 500 seats, the midmarket is > 500 seats and the enterprise starts north of 1000 (or 5000) seats, then you're shrinking "enterprise" down below a fraction of a percent of all businesses.

Which, when you consider that basically every "thought leader", salesdroid, marketdroid and CEO dismisses non-enterprises as "irrelevant" makes me want to start punching things.

It's bad enough for only %0.14 of businesses to be "relevant". I am a strong advocate of not shrinking the number of "relevant" businesses, if possible. If only so that I don't feel even less like a mote of dust in an uncaring and actively hostile universe.

@scottalanmiller Which is my point: there is a massive disconnect between what vendors and pretty much anyone else means when they say "SMB", especially

1. If they ARE an small business
2. If they aren't American

Which is why I point to https://www.ic.gc.ca/eic/site/061.nsf/eng/02804.html as my definition of terms. Because it's an official source, with statistics that can be discussed and is relevant to me, personally, as a Canadian.

So based off of the definition of "small" contained in that source, I stand firm on my statement that SimpliVity doesn't have - and won't for quite some time - an SMB play. If you want to use an IBM definition of SMB, they sure they do.

But maybe, for the sake of sanity, we should all agree to the definition of terms if we're going to have a poo-flinging contest over who is priced right, or using the right pricing approaches for a given market segment.

Otherwise, we might as well just shred some dictionaries and throw the confetti at eachother whilst screeching incoherently and beating our chests.

Ook, ook, ooooooooooooooook!

@scottalanmiller Then SimpliVity needs to be kicked for it. Twenty lashes with a wet noodle and no internet for a week!

SME? Yes. SMB? No. SimpliVity doesn't play down at my level, except for my very largest clients.

Let me be perfectly clear: SimpliVity started with a MIDMARKET focus and moved up channel.

Now, we could have debates about what is SMB, what is Midmarket and what is Enterprise, but I have actual definitions to use for this: https://www.ic.gc.ca/eic/site/061.nsf/eng/02804.html

The midmarket is defined by the Canadian government as 100+ employees. And that's about right for where SimpliVity starts to be a real consideration. I'm going to say whomever believes that is "SMB" is out of touch with the real mass market and what SMB means, especially outside the USA.

And maybe that's the kicker. US definitions and "pretty much the rest of the world" differ a lot here. Important to consider.