We Use That / Tarsnap

What startups use to get stuff done

Online backups for the truly paranoid
Posted on 13 Aug 2012 in

Who are you, and what do you do?

I am Colin Percival, founder (and 100% owner) of Tarsnap. Tarsnap is an online backup service for UNIX and UNIX-like systems with a heavy emphasis on security. I created it because during my time as FreeBSD Security Officer I wanted to have reliable backups while making sure that I would not be responsible for as-yet-unannounced security vulnerabilities being leaked.

What is your technology stack?

Tarsnap is built on C, non-blocking network I/O, C, shell scripts, C, GNU Autotools (Autoconf, Automake), and more C. I would not be surprised if Tarsnap is the most C-oriented startup around – where other people use a web framework, a scripting language and a database, I just code the dynamic parts of the Tarsnap website as CGI scripts written in C.

Underlying all the C is FreeBSD (for the systems I run) or pretty much any UNIX or UNIX-like operating system (for the client code Tarsnap users run).

The Tarsnap client code uses libarchive to generate backups, and OpenSSL for some cryptographic primitives. For deriving cryptographic keys from passphrases to protect Tarsnap’s key files, I use scrypt. The rest of the client code is all C which I wrote specifically for Tarsnap.

The Tarsnap server code is like the client code except without libarchive and with Amazon S3 (where all the data is ultimately stored).

The Tarsnap web server uses stunnel to unwrap SSL connections (I will probably switch to stud at some point), and Apache HTTPD to serve up the site.

Tarsnap’s email setup is built around qmail, with mailing lists managed by ezmlm. Mail is sent between my servers via spiped pipes.

I use djbdns for recursive DNS resolution and caching.

What software do you use to run your business?

As mentioned above, all backup data is ultimately stored on Amazon S3. Amazon SimpleDB is used for usage accounting.

I use Google Analytics to monitor traffic to the Tarsnap website, but only on the non-HTTPS side, since I don’t trust Google Analytics on my secure site.

My internal monitoring server uses Twilio to send me SMS messages and (if I don’t respond fast enough) to phone me if it notices any problems.

Tarsnap payments are processed using Paypal and Stripe.

Outgoing email is sent via sendgrid.

Tarsnap authoritative DNS is served by Amazon Route 53, while

All of the above (except the client code, of course) happens on FreeBSD instances running in the Amazon EC2 US-East region; except the monitoring system, which is in the US-West-2 region, and the web server, which is hosted by RootBSD (but will probably move to EC2 at some point – RootBSD is fantastic, but standardizing on EC2 will make it easier to keep track of everything).

What business software do you most wish existed?

I would pay for software which I could pipe cron emails into which would figure out what was “normal” and alert me to anything “abnormal”. I get a lot of emails from cron jobs, and I don’t look at them nearly as carefully as I should.