For anyone else who was wondering what "80 Go" means, it's 80GB.
It took me a few seconds to realize they're located in Paris and the French call their bytes "octets" -- hence, giga octets and tera octets. At first I thought it was something like "80 Go instances" where Go might be a cheap vps variant of theirs or something.
As a French, I'm ashamed at the lack of effort taken to properly translate this page. I wouldn't care so much if it was a random individual who just want to get their thing out, but here we have one of the french biggest companies in cloud offerings.
It claims lot of guaranties for your data (99,999999999% durability).
It claims to be secure against all natural and human destruction, despite being located in only one datacenter, 25 meters under the ground, in Paris, which means it could be subject to floods (directly or indirectly).
It claims to be able to handle formats that don't exist yet (for example, LTO-1 to LTO-10, the most recent version of the media being LTO-7).
It claims (with a footnote) to be able to handle "Secret Défense" data, which is extremely dubious. "Secret Défense" is the second most restricted classification in France. It's for highly sensitive information. Companies dealing with "Secret Défense" have to put many security measures in place (proper access control, separated networks, personnel habitation by the government, physical protection, tracking of every copy of every documents...) and are regularly audited by the government. The penalties for messing with that kind of data are pretty harsh, you could spend several years in prison if you publish an SD or just a CD (Confidentiel Défense) document, even accidentally.
Even if it's clearly targeting backup of state related data, it doesn't seem to have been audited by the ANSSI (french National Agency for Computer Security).
What is weird is that Online is a well established company (the parent company, Iliad is 4 billions euros in revenue).
Well, the shelter is still actually quite higher in Paris than the Seine (and quite far from it too), floods are not a concern at all in the area of this datacenter.
Regarding the LTO format, well LTO-10 seems to exist from what Google tells me (but I am no expert there to be honest ;)
As for the Secret Defense certification, this is ongoing, and, as you stated, we are part of a larger group which already have lots of relation with institutions like ANSSI
but we (Online) have also been working with them to be certified in the coming months, of course this is a long and tedious process (as every certification is sic), but we are working on it every day and we see no reason we could not get to the end of it,
we have a complete team of guys working on completing all the certifications displayed on the website and we are working with all our teams to get things done right for this.
The whole C14 infrastructure itself has been carefully designed from the beginning with people knowing all the certifications requirements to make sure nothing could get in the way to pass the certifications for it.
>> Your important data are encrypted AES-256 and replicated many times then stored in our 25 meters deep underground fallout shelter, located in Paris, with no known natural, technological and military risks.
Yeah, it's pretty silly to say "no military risk" about any single location. Yes, France is as geopolitically stable location as there is on Earth, but it's also part of NATO and NATO has rivals, like Russia and China, with whom they may go to war with in the future. France has been invaded in the past, and may be again.
If you're really concerned about possibilities like that, you should be storing your data redundantly such that it's unlikely that all the locations would be on the same side of a war. France is a good choice for one location; now choose one non-NATO superpower (China?) and one unaligned nation (Brazil? India? Egypt?).
You want to be reasonably certain that at least one location would be either neutral or the victor in any war. Only then can you say you're as close to 'no military risk' as you can get.
It works super well with NoScript, aside from the pricing calculator (obviously). The worst sites are the ones that hijack your scrollbar and use JavaScript for layout.
This looks great and seems feature-rich enough to get started with straight away! I'll definitely check it out for server backups over scp.
My only suggestion is that you have a native English speaker proofread the text on your website. There are a few grammatical and translation errors which make the service seem less professional.
The one advantage of this business nobody is mentioning so far is that they've been around since 1999. The first thing I do when I see "long-term" or "put all your data in our hands" is see if they're a recent, VC-backed company. If they're recent, then they might be inexperienced. If they have a good team, then the product and network are still new with bugs waiting to be found. If they're VC-backed, then run. The reason being they'll sell out eventually with the service and your data possibly going offline. Happens way too much.
So, for anything long-term, I always recommend going with an established company with a track record for innovation. I don't know these people but they've been hosting since 1999. That means they showed up during a hard time [1] for IT then lasted and improved until 2016. I don't know if they're VC-backed or the quality of their product. Looks innovative, though, for a 90's era company. So, altogether a nice, first impression without the sell-out risk common among storage providers that show up on HN a lot.
Note: One can still use VC-backed providers so long as they're just one among many you use. That way you yourself can exit when they do without threat to operations.
No mention of what technology is backing the service, however I like the support for existing file transfer protocols (particularly SFTP), no need to wait for or build yourself an integration, existing tooling just works.
From what they explained on IRC, this is home-made hardware (not yes disclosed because of pending patent), low-level storage without a filesystem. They split the"safe" in chunks, encrypt it, calculate parity blocs, and store them all on a different hardware. They intend to disclose the software "soon", and the hardware later.
Very interesting. Aside from the slight inconvenience of not being able to use standard tools like ftp, scp and rsync... Amazon Cloud Drive's $60 a year plan (https://www.amazon.co.uk/clouddrive/) is still significantly cheaper for storing more than ~2.5TB. It's also free of charges per operation and such like.
Amazon Cloud Drive doesn't seem to have any SLAs regarding uptime and redundancy though... I'm not sure if that should worry me.
Can anyone with direct and frequent experience with Amazon Drive comment on how well the product's been working out for them overall?
I've just been playing with its interface a little bit, and although its interface is unquestionably pretty clunky (both web and desktop app), it does seem like a I could save money by moving to its $60 unlimited plan. I currently use a set of S3 buckets, which is great in that it scales with use, but I'm about to cross the $5/month threshold.
Edit: The biggest missing feature so far seems to be something akin to a folder sync. When re-uploading a directory, it seems to be able to skip files that it knows it already has, but I'm not sure if it can delete files that have subsequently been removed locally.
Interesting... If i am reading this right, to store 1TB there its costs EUR2.05 per month. uploading and downloading are "free" but only from the non vault. You upload and download from a tmp storage, which, after either 7 days or when you say, gets put into permanent storage. that move is what costs EUR0.01 per gig... hence, uploading 1TB will cost EUR10.24. uploads can use FTP, SFTP, Rsync or SCP and they also an API too... might try this out... handy for photo storage...
tl;dr: a cheap data archival solution; upload is free, storage is cheap (€0.002 / GB / mo), download is somewhat less cheap (€0.01 / GB) and not instant; rsync / sftp IS supported for upload, but an API call is needed to complete the operation.
Seems great for redundant regular backups that you hope to never restore from, but would like to keep just in case.
(EDITED: previously incorrectly stated that rsync and sftp are not supported.)
Amazon has always been extremely expensive in storage. I wanted to start a company doing online backups because every option was outrageously expensive. Like, so expensive I could just buy new disks and host them myself every 2 months for what they were trying to charge. (A disk lasts about 3 to 4 years, so that's a >2000% profit margin.)
Only Backblaze had unlimited storage for 5 dollars a month, but I wanted to upload multiple terabytes from a server and they only allowed uploading stuff through their custom, closed-source client.
I didn't have enough time to get my backup service off the ground, but prices have been getting significantly better since then (this was two or three years ago). Dropbox, Google Drive and others are now nearly reasonable and Amazon is lagging behind a bit. I'm still waiting for another price cut, and C14 seems to be doing it. Backblaze B2 is also interesting, but it has other issues again.
Their comparison section looks like an advertisement for Backblaze B2. C14 looked interesting until I got to that part. Now, I'm not sure why I would choose C14 over Backblaze.
I think there may be something missing in the comparison table.
When I look at the prices of Backblaze, https://www.backblaze.com/b2/cloud-storage-providers.html it is $0.05 for 1 mo but in the table on the website of C14, it's written "free"
It's nice that the customer actually gets to control the encryption key. I'm not too knowledgeable on secure cloud storage systems, but from what I've heard about other cloud storage systems that encrypt files, it's typically the cloud hoster who controls the keys.
On "other cloud storage systems", nothing is stopping you from encrypting your files before uploading them.
This is exactly what I do for personal files that I upload to S3/Glacier for archival purposes -- they are GPG encrypted before ever being transmitted.
You have the option with Backblaze to add an additional layer of privacy via a user-selected passphrase. This passphrase will be used to encrypt your private key. This passphrase is your responsibility to remember and safeguard. This is important: if you forget or lose this passphrase there is no way that anyone, including Backblaze, can decrypt, and thus restore, your data. When you choose to add your own passphrase there is no “forgot passphrase” mechanism as Backblaze does not know your passphrase.
If they hadn't hijacked my browser's scrollbar, I might have kept reading.
Can anyone compare the advantages of C14 to, say, S4 by Least Authority? I kind of like not having to trust my service providers for security when encryption does the job well enough.
Why is regular FTP even supported for so called secure storage?
So far it reads as secure 'because we say it is secure'? I find the whole idea of putting your data on hardware other control and still consider it 'secure' a bit strange. Though that might be just my twisted mind.
Also note they charge for internal traffic (and im not sure if you can measure these yourself to make sure the invoice is correct.):
"An operation is an action between your temporary safe-deposit box and C14 infrastructure: Archiving, Unarchiving, Destruction or Verification.
Transactions are billed according to the volume of data to be processed at a price of € 0.01 / GB"
With C14 you create a "safe", you upload your data, and once done (or after 7 days), they archive your safe. To retrieve data, you need to ask for the safe to be unarchived and you get access back to your data, for 7 days.
I tried to use B2 recently but was being forced to enter a phone number. Waiting for a response from support, but so far that's blocking me from using B2. I don't know if C14 is better or not.
Here: "A file contains a sequence of bytes. Any file on your computer can be uploaded to B2 and stored in a Cloud Storage, as long as it's not too big. Files can range in size from 0 bytes to 5 billion bytes. "
I am confused: what is the "Cost of Operation"? Is that a one-time fee? For 1.3 TB of data, they are quoting something like 2.58 per month and 12.88 "Cost of operation".
After reading the page the 'cost of operation' might be what happened before-your-download and after-your-upload, as you are dealing with its deposit-cache-storage, so I assume it means 'archive-from-deposit/unarchive-to-deposit'. This is the same as charging for download(so download is _not_ free), and nearly the same as charging for upload(unless you remove the uploaded content from deposit quickly).
For Glacier I believe the download is not free? You need pay for the retrieval of stored data.
Or, maybe the service is 4.66 times as good as Amazon S3?
Or, the 14th letter of the alphabet is N. If we swap that for 14 we get "CN", which is the top-level domain for China, which is most certainly not in France.
The conspiracy theory possibilities are endless! ;)
[+] [-] lucb1e|9 years ago|reply
It took me a few seconds to realize they're located in Paris and the French call their bytes "octets" -- hence, giga octets and tera octets. At first I thought it was something like "80 Go instances" where Go might be a cheap vps variant of theirs or something.
[+] [-] mikmak|9 years ago|reply
[+] [-] rakoo|9 years ago|reply
[+] [-] kakwa_|9 years ago|reply
It claims lot of guaranties for your data (99,999999999% durability).
It claims to be secure against all natural and human destruction, despite being located in only one datacenter, 25 meters under the ground, in Paris, which means it could be subject to floods (directly or indirectly).
It claims to be able to handle formats that don't exist yet (for example, LTO-1 to LTO-10, the most recent version of the media being LTO-7).
It claims (with a footnote) to be able to handle "Secret Défense" data, which is extremely dubious. "Secret Défense" is the second most restricted classification in France. It's for highly sensitive information. Companies dealing with "Secret Défense" have to put many security measures in place (proper access control, separated networks, personnel habitation by the government, physical protection, tracking of every copy of every documents...) and are regularly audited by the government. The penalties for messing with that kind of data are pretty harsh, you could spend several years in prison if you publish an SD or just a CD (Confidentiel Défense) document, even accidentally.
Even if it's clearly targeting backup of state related data, it doesn't seem to have been audited by the ANSSI (french National Agency for Computer Security).
What is weird is that Online is a well established company (the parent company, Iliad is 4 billions euros in revenue).
[+] [-] mikmak|9 years ago|reply
Regarding the LTO format, well LTO-10 seems to exist from what Google tells me (but I am no expert there to be honest ;)
As for the Secret Defense certification, this is ongoing, and, as you stated, we are part of a larger group which already have lots of relation with institutions like ANSSI but we (Online) have also been working with them to be certified in the coming months, of course this is a long and tedious process (as every certification is sic), but we are working on it every day and we see no reason we could not get to the end of it, we have a complete team of guys working on completing all the certifications displayed on the website and we are working with all our teams to get things done right for this.
The whole C14 infrastructure itself has been carefully designed from the beginning with people knowing all the certifications requirements to make sure nothing could get in the way to pass the certifications for it.
Hope this clears a bit your worries,
Mik (Online.net network)
[+] [-] bluedino|9 years ago|reply
So, only one location.
[+] [-] a-priori|9 years ago|reply
If you're really concerned about possibilities like that, you should be storing your data redundantly such that it's unlikely that all the locations would be on the same side of a war. France is a good choice for one location; now choose one non-NATO superpower (China?) and one unaligned nation (Brazil? India? Egypt?).
You want to be reasonably certain that at least one location would be either neutral or the victor in any war. Only then can you say you're as close to 'no military risk' as you can get.
[+] [-] ris|9 years ago|reply
[+] [-] Etheryte|9 years ago|reply
[+] [-] PeCaN|9 years ago|reply
[+] [-] kentt|9 years ago|reply
[+] [-] hoahluke|9 years ago|reply
My only suggestion is that you have a native English speaker proofread the text on your website. There are a few grammatical and translation errors which make the service seem less professional.
[+] [-] lucb1e|9 years ago|reply
[+] [-] nickpsecurity|9 years ago|reply
So, for anything long-term, I always recommend going with an established company with a track record for innovation. I don't know these people but they've been hosting since 1999. That means they showed up during a hard time [1] for IT then lasted and improved until 2016. I don't know if they're VC-backed or the quality of their product. Looks innovative, though, for a 90's era company. So, altogether a nice, first impression without the sell-out risk common among storage providers that show up on HN a lot.
Note: One can still use VC-backed providers so long as they're just one among many you use. That way you yourself can exit when they do without threat to operations.
[1] https://en.wikipedia.org/wiki/Dot-com_bubble
[+] [-] jamescun|9 years ago|reply
[+] [-] renchap|9 years ago|reply
[+] [-] mwambua|9 years ago|reply
Amazon Cloud Drive doesn't seem to have any SLAs regarding uptime and redundancy though... I'm not sure if that should worry me.
[+] [-] brandur|9 years ago|reply
I've just been playing with its interface a little bit, and although its interface is unquestionably pretty clunky (both web and desktop app), it does seem like a I could save money by moving to its $60 unlimited plan. I currently use a set of S3 buckets, which is great in that it scales with use, but I'm about to cross the $5/month threshold.
Edit: The biggest missing feature so far seems to be something akin to a folder sync. When re-uploading a directory, it seems to be able to skip files that it knows it already has, but I'm not sure if it can delete files that have subsequently been removed locally.
[+] [-] dorfsmay|9 years ago|reply
The use of standards (rsync, sftp, etc...) makes C14 very attractive.
[+] [-] tiernano|9 years ago|reply
[+] [-] nine_k|9 years ago|reply
Seems great for redundant regular backups that you hope to never restore from, but would like to keep just in case.
(EDITED: previously incorrectly stated that rsync and sftp are not supported.)
[+] [-] RubyPinch|9 years ago|reply
and upload and download are both free, operations (archiving/unarchiving?, et al) are not
Unless they changed it in the space of 16 minutes, I think you might of wanted to give a closer look for making your tl;dr
[+] [-] cm2187|9 years ago|reply
[+] [-] lucb1e|9 years ago|reply
Only Backblaze had unlimited storage for 5 dollars a month, but I wanted to upload multiple terabytes from a server and they only allowed uploading stuff through their custom, closed-source client.
I didn't have enough time to get my backup service off the ground, but prices have been getting significantly better since then (this was two or three years ago). Dropbox, Google Drive and others are now nearly reasonable and Amazon is lagging behind a bit. I'm still waiting for another price cut, and C14 seems to be doing it. Backblaze B2 is also interesting, but it has other issues again.
[+] [-] runako|9 years ago|reply
[+] [-] programLyrique|9 years ago|reply
[+] [-] ianleeclark|9 years ago|reply
[+] [-] jlgaddis|9 years ago|reply
This is exactly what I do for personal files that I upload to S3/Glacier for archival purposes -- they are GPG encrypted before ever being transmitted.
[+] [-] kakwa_|9 years ago|reply
You have the option with Backblaze to add an additional layer of privacy via a user-selected passphrase. This passphrase will be used to encrypt your private key. This passphrase is your responsibility to remember and safeguard. This is important: if you forget or lose this passphrase there is no way that anyone, including Backblaze, can decrypt, and thus restore, your data. When you choose to add your own passphrase there is no “forgot passphrase” mechanism as Backblaze does not know your passphrase.
https://www.backblaze.com/backup-encryption.html
[+] [-] CiPHPerCoder|9 years ago|reply
Can anyone compare the advantages of C14 to, say, S4 by Least Authority? I kind of like not having to trust my service providers for security when encryption does the job well enough.
[+] [-] thinkMOAR|9 years ago|reply
So far it reads as secure 'because we say it is secure'? I find the whole idea of putting your data on hardware other control and still consider it 'secure' a bit strange. Though that might be just my twisted mind.
Also note they charge for internal traffic (and im not sure if you can measure these yourself to make sure the invoice is correct.):
"An operation is an action between your temporary safe-deposit box and C14 infrastructure: Archiving, Unarchiving, Destruction or Verification. Transactions are billed according to the volume of data to be processed at a price of € 0.01 / GB"
Do your math before simply signing up, my penny.
[+] [-] mikmak|9 years ago|reply
Mik (Online.net staff)
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] leetbulb|9 years ago|reply
[+] [-] renchap|9 years ago|reply
[+] [-] lucb1e|9 years ago|reply
[+] [-] chrisper|9 years ago|reply
What's with the downvotes?
Here: "A file contains a sequence of bytes. Any file on your computer can be uploaded to B2 and stored in a Cloud Storage, as long as it's not too big. Files can range in size from 0 bytes to 5 billion bytes. "
https://www.backblaze.com/b2/docs/files.html
[+] [-] IgorPartola|9 years ago|reply
Also, can I use this with duplicity?
[+] [-] ausjke|9 years ago|reply
For Glacier I believe the download is not free? You need pay for the retrieval of stored data.
[+] [-] lucb1e|9 years ago|reply
Edit: this seems to be it: https://news.ycombinator.com/item?id=11969786
[+] [-] rdebeasi|9 years ago|reply
Or, maybe the service is 4.66 times as good as Amazon S3?
Or, the 14th letter of the alphabet is N. If we swap that for 14 we get "CN", which is the top-level domain for China, which is most certainly not in France.
The conspiracy theory possibilities are endless! ;)
[+] [-] advisedwang|9 years ago|reply
I wonder what the details of the SLA are. I can't find them on the page.
[+] [-] mikmak|9 years ago|reply
[+] [-] anc84|9 years ago|reply
[+] [-] Algent|9 years ago|reply
https://documentation.online.net/en/c14/offers
[+] [-] renchap|9 years ago|reply