" >Q: What happens when my account runs out of money?
" >A: You will be sent an email when your account balance falls below 7 days worth of storage costs warning you that you should probably add more money to your account soon. If your account balance falls below zero, you will lose access to Tarsnap, an email will be sent to inform you of this, and a 7 day countdown will start; if your account balance is still below zero after 7 days, it will be deleted along with the data you have stored.
"Yes folks, Tarsnap — “backups for the truly paranoid” — will in fact rm -rf your backups if you fail to respond to two emails.
"Guess how I found out about this?"
That says it all.
Here was my deal: I stupidly told my computer to upgrade libc, and only after apt completely failed and wrecked the machine to the point of `ls` not working did I realize that I had some personal data that wasn't backed up. Of course.
My plan was thus: use an Ubuntu LiveUSB, upload a copy of /home/steve to Tarsnap, then install Ubuntu, and be on my way. As I was compiling Tarsnap, I realized that my mental model of machines on Tarsnap was probably wrong: it's not that I have a Tarsnap account, with access given to a set of keys. It's that each key has its own backup. So what I _almost_ did was upload an encrypted backup of all my stuff, then wipe the drive and the key, never (hopefully!) to see my data again. :(
Even when you're technical and know about this stuff, you can screw it up, because you're still human.
Just like the best (arguably, maybe I should say boldest) drivers are the ones who get killed on car accidents. When you are too confortable on driving at 80Mph is when you are closest to die. And it is when you need more help, more user-friendly interface, more insurance to keep you safe from your own mistakes.
Keeping all of UI difficult just to please the geekies will actually harm some of them pretty bad eventually.
Also I find interesting how a lot of people is forcing to Colin a very romanticized idea of a "not for the money" entrepreneur that just want to keep things in this raw state. Sounds to me that Patrick is closer to Colin than anyway creating this image of him.
I don't think that quite says it all, because the other important factor is that you can't properly predict when the underlying conditions that would trigger those e-mails will arise. Patrick seems to have latched onto the use of picodollars as his pet hate there, but of course the real cause is the unpredictable efficiency of compression and deduplication. This problem remains even if you move to tiered dollar pricing for "up to X GB" plans.
I have multiple businesses that are definitely good candidates for using Tarsnap, but sadly that combination of unpredictability and insufficient warning/recovery mechanisms is a deal-breaker for us. No matter how great Tarsnap might be technically, from our point of view it's not offering a reliable backup with its current model, which is a shame for all concerned really. I do hope Colin will consider the various comments on this and look into fixing it.
(I had a hosting service that my credit card started bouncing on delete some data a few years ago. I was furious. I'd paid them a bunch of money over the years, and they knew my phone number: if they'd called me after I didn't respond to their emails I'd still be their customer, and I'd still have that data).
For a backup service, I'd be perfectly happy for it to hold on to my encrypted data for a year after I stop paying, then charge me a hefty "recovery" fee (at least how much I should have paid for the time that I wasn't, and quite happily more).
Yes, I know the margins on pico dollar backups don't justify a call. But for a $50 / month plan, it's a lot more feasible.
I'm sure your dog will end up dead eventually or nowhere to be found.
That said I get your point. But rolling your own notification solution shouldn't be that much of a problem for technical people or people with deep pockets. Just hire a programmer to write an application that reads picodollars and if the predefined threshold is passed the program makes a phonecall/sends 15 emails/call the local authorities?!.
Now I'm certain that the owner of the place knows he can charge more and rebrand to the mass audience. But I'd like to think it is a point of pride that his successful peers enjoy his services and that trumps any desire to change from the status quo.
He is happy being Chef2Chef and I'm glad Colin is happy being Geek2Geek.
- What do you do?
- Right now I'm not doing anything; sometimes I fish.
- So you're a fisherman?
- If you want to call it that.
- Why aren't you fishing now?
- As I'm sure you'd put it, I have reached my daily quota.
- What's your quota?
- One fish a day. At most. Some days I don't catch any.
- One. Fish. A. Day?? You can't make a living with one fish per day! Where do you even go to sell just one fish??!?
- I don't sell it. I eat it.
The businessman stays silent for a while, watching the man watching the sea. Then he says
- Listen, I'm a businessman. Don't you want to hear some advice about how to grow your business?
- First, you should make it your goal to catch as much fish as possible, every day. There must be a market somewhere on this island where you could sell it?
- There is. 2 miles from here.
- Okay, great. You catch a lot of fish, you walk to the market, you sell the fish, keeping some for your own consumption if you wish.
- And then?
- And then, with the money you buy a net. A net will let you catch so much more fish at once.
- And then you catch more fish, you sell more fish, you make more money. With the money, you can buy a better boat.
- Better in what sense?
- Bigger, nicer -- better looking! And with that boat you'll be able to catch even more fish.
- Oh. And then what?
- Then you make even more money, and you can save it.
- Save it?
- After your expenses are paid, you keep the extra money; after a while you'll have lots of money.
- And what do I do with that money?
- Once you have enough money, you'll be able to retire! You won't have to work anymore!
Now it's time for the fisherman to think. He stares at his feet for a while and says
- But I'm not working right now.
Here's a follow-up and slightly different take on that story: http://blog.figuringshitout.com/the-parable-of-the-fisherman...
Here's an HN discussion about it: https://news.ycombinator.com/item?id=6602351
You know what he could do with the millions Tarsnap could make him? DONATE IT TO FREEBSD. How about that being Geek2Geek? How much more better off would the world be if Colin donated $500,000.00 of his surplus income from the business to the FreeBSD foundation? Or the Python foundation? Or THE FSF?
It's infuriating how blind many intelligent people are to how much better the world would be if they allowed more money. I don't care if that ends up being them buying a new house or donating it or building another amazing business or having the money to live while they write more amazing open source software.
What if by making more money Colin is able to start another business that does unknown and amazing things for cryptography! The possibilities are endless and makes me SO ANGRY that people with such amazing knowledge and skill that is so much more than mine are SQUANDERING IT BY THINKING THEY ARE DOING THE WORLD JUSTICE BY NOT CHARGING MORE MONEY!
Do I donate money to certain projects of mine? Sure. When did I donate the most money? When I billed a private equity firm $300.00 per hour for development work and had a surplus of $15,000.00 dollars. I gave quite a bit to the FSF and others.
Do you really think that by charging the PE firm $50.00 per hour I would be enabling them to donate to the FSF? FreeBSD Foundation? Haskell? GNU? Do you even think they would or care? I certainly wouldn't have enough money to do so at that rate, but I did at $300.00 per hour.
Highly naive my friend. I'm sorry to be offensive but I'm sick of my intelligent peers (sometimes even more intelligent) squandering what is, a massive opportunity sitting in front of them that is being ignored for a totally ridiculous noble cause when their "noble causes" could be enhanced so much more without an iota of evil behavior.
Tarsnap isn't going to become an big evil corporation by charging more. It might if he decides to sell it, but I doubt that. It would be enabling him to do even more amazing things for software, geeks, the world, whatever. Those amazing things could be donations to enable OTHER brilliant people or it could be a new business, or new features that make backups a better experience, or it could be starting an R&D lab for crypto that pumps out purely Open Source research on cryptography that makes its way back into Tarsnap or different business.
But that value is for that service, not a charity. It will never get redirected otherwise. So getting a business to happily pay a large sum for a cheap service is a fantastic way to ensure you now have the money to donate, and likely an order of magnitude more.
This is also the reason he says to charge $500 a month, but to give away the service to them that need it. Because the business is effectively subsidizing the needy here, while itself provably working in it's own interest. This is pretty win-win if anything.
Or does it just mean that the business can't deduct it from its earnings for tax reasons? In that case, why doesn't the business just pay the extra tax? In my eyes, there's nothing wrong with paying tax.
I just cannot understand why anyone would make a rule against such a thing.
(Note: as you probably already understand, I do not run a business.)
It's not like it would have to stop being tarsnap. Most of these suggestions are simple common sense. I'm a fucking nerd and need something like tarsnap and the thought of "picodollars" means I'll never give him my money (even if he reprices) because it means I can't rely on his business to not do completely nonsensical things.
A lot of people here are ~saying "maybe cperciva isn't motivated by money". OK. I get that.
Here's the thing - I honestly believe that Tarsnap is the best backup solution. I believe this because I hang around HN, I'm a technologist, and I trust tptacek and patio11, among others, when they say it.
I am right on the edge of someone who would actually use Tarsnap - I'm a geek, but I also run a business, the money it would cost me is less than peanuts (if I could figure out how much it would cost me, that is - see the article). I'm probably not going to use Tarsnap because of a few missing but critical features that patio11 mentioned, like auto-recharging money (do I really need another bullet on my todo list, or to worry about my backups disappearing?).
But there's a whole world of people out there. People who could really, really use Tarsnap. People who have my user data on their systems, and who I wish would use a service as good as Tarsnap. These people will never, ever use Tarsnap, because of all the reasons patio11 mentioned, and because they will never hear of it or know that it's better than everything else.
What I said above has nothing to do with moral philosophy. It is a fact about the world that, if cperciva doesn't play the "marketing game" (or the "make your software useable by normal people" game), less people will use Tarsnap.
And the world will be worse off. Is this a tragedy? Sure. cperciva doesn't owe the world or anyone in it anything. It isn't a moral absolute that giving cperciva more resources, to make Tarsnap that much better, is the right thing to happen.
But I hate to see a whole forum full of people who actually think that what cperciva is doing is somehow more "noble" and less "greedy" because he doesn't care about money. *
* I have no problem with cperciva acting however he wants in this regard, and absolutely do not mean any disrespect. I honestly don't think cperciva owes anyone anything. But I do think that it's an empirical fact that the world will be worse off for less people having used a good backup solution, and I honestly believe that living ina world with more people using Tarsnap, and incidentally cperciva having more money, is a better world. If you really want - donate all that money to GiveWell, and the world will be even better off.
It is not about the money. I can guess that his original motivation for creating Tarsnap was to create the most secure backup solution for people who care about their data. The natural progression to this goal would be to let more and more people know about this solution and get them to use it so that data is protected.
Imagine this contrived scenario. Think about all the hospitals storing important health records for patients. Currently, they are not using Tarsnap not because it is technically lacking, but lacking 'business-y' things which are important. What if Colin's hospital mismanages their backup and all records become available to the public.
The irony is that the Colin has solved the hard problem (technical solution) but doesn't want to address the easy problem (business requirements). I sincerely wish Colin would implement these suggestions.
I am seriously thinking of asking to collaborate with him and letting me re-brand Tarsnap and create a backup solution which businesses could buy.
I think the negative reactions stem more from an attraction to the Tarsnap brand as a G2G service combined with cperciva's cavalier attitude toward's increasing his income by charging his customers more. Regardless of patio11's thoughts, the current 'brand' would take a hit by losing the 'geek to geek' luster.
The OP maintains two separate brands for separate products. Maintaining a 'premium B2B' brand for Tarsnap would bypass any negative reaction, I think.
I'm not sure why the majority of the people [OP included] think a single B2B or G2G brand is the 'best option'.
I think patio11 went too far towards the "only appealing to non-geeks" end of the spectrum, partly because he just wanted to show how big of a spectrum there is. It's absolutely possible to have a optimized pricing system, and a well-designed (not talking just visuals) homepage without being anti-geek. For evidence of that just look at Stripe or GitHub. It actually seems like an incredibly rewarding task if cperciva finds the right geek-oriented designer.
And does anyone honestly think the world would be better if git was less widespread?
The majority of my coworkers are GitHub's target audience [programmers that do not really want to truly understand how Git works] and they have no active desire to use GitHub. I'm literally the only person that works here with a GitHub account which I barely use because I run a private instance of GitLab instead.
So, while it is a perfect 'mainstream' example, in your eyes...it is also a prime example that there is a significant market that wouldn't use GitHub professionally.
I was trying to explain that there is two markets for backups/Tarsnap and trying to shoe-horn it into the GitHub comparison led to confusion.
GitHub sounds like it is a SPoF for you is the only reason I'm adding this part of the comment:
If you can't 'imagine' a suitable replacement, I'd try GitLab. They are similar enough I think you'll be surprised how easy it is to replace GitHub in your workflow.
I'm not suggesting you actually replace GitHub, I'm just suggesting you expand your options so you have a backup plan in case GitHub disappears one day.
Why... Same reason companies pick any other software... Same reason companies pick RHEL over Cent... etc
Support, Security, and outsourced management
If your team has the time to manage your GitLab installation, update it, fix it if/when it breaks, etc. Great. Other organization choose to outsource that to GitLab...
Same thing here with backups... People that want to roll their own inhouse solution would not be TarSnaps target.
You can buy on premise support from GitLab or GitHub for their respective products.
So, it isn't rolling your own...or even being on your own [unless you choose to be].
The confusion is probably my fault, I'm not the clearest of posters.
The Tarsnap -> Patio11's Idea is being approximated as equivalent to Git -> GitHub.
So, in this context, the people I've dealt with that would want Patio11's Idea of Tarsnap are people who don't want to take the effort to understand what they are dealing with.
GitHub has a larger audience that has nothing to do with development. Social features, simplifying things for non-developers, etc. but I do not feel that portion of the 'product' is relevant in this context.
The people I know IRL that prefer a GitHub-type interface over doing things with Git via the command line are the type that need me to fix the issues they run into for them. The fact I'm basically git support for other IT folk leads me to that conclusion.
And frankly, I'm not a Git guru. I'm a very, very average software developer who acts as the sysadmin for Dev at $DAY_JOB.
I fully believe other people have different experiences but I've implemented Git workflows at 2 companies now and I've seen a consistent pattern.
Please do understand, I'm not saying they should or need to learn Git. It is better they focus on the domain expertise they bring to the table [e.g. Web Design, Email Design, Data Science]. I'm just saying it is a different audience than Tarsnap's current one.
But I think Tarsnap -> Patio11's Idea is like Git -> GitHub. I think there are two separate audiences there with different needs.
At least in my opinion.
But I know people fix bugs that GitHub won't fix in their enterprise product by patching the Ruby source after each new update.
Is that even possible? ;)
I also believe that was the intent of Patrick posting this publicly - to stimulate Colin into realizing what people really fucking want and that someone may actually go build a better tarsnap using tarsnap if he doesn't.
I'm sick of Tarsnap's complete disregard for its users; charge more money, listen to your users, improve the product!
WITH ALL OF YOUR SURPLUS MONEY, INSTEAD OF BUYING A $2MILLION DOLLAR MANSION, DONATE IT TO THE FREEBSD FOUNDATION.
Holy shit! What could HE DO FOR FREEBSD with the personal surplus in income from properly implementing Tarsnap as a business!?!?! IT'S FUCKING MIND BOGGLING.
You also mis-characterized what I said. Completely. But whatever, pretty typical Hacker News. It's actually really an interesting dichotomy: there are so many brilliant hackers on here that believe asking for a lot of money for a valuable product and service is evil and yet they're all participating on a forum built and hosted by an organization that specializes in smacking hackers with a fish until they realize the deep and fundamental mistake in that way of thinking.
My argument was that many different kinds of good can be had from the availability of resources and casting resource acquisition in a stigmatic light is cutting innovation off at the knees. All because some less enlightened people figured out how to acquire a lot of resources and use them in non-society friendly ways.
Do you really believe Elon Musk could have turned Tesla into such an awesome company by being Geek2Geek? Fuck no. Elon understands the value of charging for value and how much more value he can usher into the world - so do other amazing entrepreneurs.
I would rather see cperciva acquiring a lot of resources than many other people in the world. I would rather see a lot of people on Hacker News be wealthy people instead the alternatives out there - but they never will be until money and the having of it is no longer stigmatized by them.
For many businesses, $1,500.00 per month to feel secure is pennies. I would rather see Tarsnap, an actually secure service, pulling in that revenue than other "secure" offerings that actually aren't.
If there are people willing to pay that much for that, what and who do you think exists out there that would pay 5x that amount to make sure a $25Million class action lawsuit is launched against them? Or to protect hundreds of millions in assets?
If the assets I'm backing up are worth millions to me (tangibly), spending $20,000.00 per month for highly secure and reliable backups is easy.
I guess lawyers could argue about whether reselling the service fell under 'using'.
(I don't mean this to be hostile to the licensing, I just think that it is a big thing getting in the way of it being very possible to do as you say)
The spirit being, that someone WILL fill this gap in the market. Someone. I would rather it be Tarsnap and Colin; though.
But none is going to roll their own replacement because they are involved elsewhere - I see a gap in the reasoning not in the market :-)
It completely proves his point the power of "wrong" design.
Everybody forgot all the brilliant things Patrick said because they didn't like the design.
And that's his point!
Send a non-technical guy who's ass is truly on the line to Tarsnap and, sorry, he's going to have a negative "blink" gut reaction.
If you've ever built a SAAS to any scale, you'll know that is true. Sad. But 100% accurate.
Stripe's original UX to me was a better example of where Tarsnap could go (vs. even the current stripe site):
Headline, button, 5 relevant "benefits"
Then a link to start, documentation, and get help.
Almost exactly what Patrick illustrates before he loses us with a rushed design.
They could do things like offering a flat $100 rate for what is probably $2.60 of services and then roll around in the money. Or donate some of it to Tarsnap so it will keep running.
Hmm... in many ways, it's actually not a bad idea. Especially if you partnered with Tarsnap so you could effectively do referrals to each other: send the geeks to bare-bones Tarsnap and they'd send the PHBs to you.
This way, Colin can keep things his way, Patrick his way, and they both profit.
> Because being on the hook for people's backups is not my idea of a fun time, because I'd be directly competing with an Internet buddy who I'd rather see successful, because I have no particular comparative advantage in backups that I don't have in a host of better product categories, because I already run three businesses and enjoy sleeping occasionally, because running services is in fact a heck of a lot harder than posting about them, etc etc.
To some extent other concerns about sleep and worrying about other people's backups is also something that Colin would take care of in my dream collaborative scenario.
But sure, it does sound like there's room for what you describe -- even more so if Colin doesn't jump on it.
If Colin does not accept, start giving the profits to the OpenBSD foundation.
I don't know tarsnap well enough to compare encryption models with Arq or anything, but I'm not invested enough to dig into it either. Arq works for me as a customer, and I'm not really in the tarsnap market.
I want to live in a world where tarsnap is sold for picodollars.
Not if you reconsider "backup for the truly paranoid" and ponder about who actually IS the paranoid and what he is paranoid about. Could it be him being paranoid about not wanting to run after his customers money for a service that already has been provided?
Besides, even the truly paranoid don't know when they're going to lose access to emails for two weeks. Sudden hospitalisation? Travelling in an internet poor area, and your hotel that promised access was 'down'? Temporary incarceration for something you never did? Death of a loved one that puts you out of your normal life procedures? Or just fat-fingering a command because you're human, and missing out on the email from an accidental bulk delete (or similar). Perhaps change it to an opt-in for the truly paranoid: "If you're uncontactable for two weeks and our billing system decides you're out, delete my data rather than merely revoke access".
After all, if you're really after a 'dead-man switch', then that should be a feature on it's own, not something to do with billing. "If I haven't logged in for -foo- weeks, delete my data". That's clearly a dead-man switch, not a proxy analogue conducted via "we've consumed what's left on your account". Plus the user could set the number of weeks, rather than just "some unpredictable future time".
I know I am and that this 14 days clause is the only reason why I am not using tarsnap.
What if auto-renew were added, but you're robbed and knocked into a coma for 2 months. In the meanwhile, the credit card company notices the suspicious transactions, can't get a hold of you, and cancels the card. Auto-renew occurs 3 days later, but the card number on file doesn't work. Colin Percival calls your phone number, and gets no answer for a month. Then what?
If you're truly paranoid, you might have to consider that possibility as well.
With every scenario and solution you can come up with which require intervention, I can double down on and think of a worse-case scenario where your solution won't work and you'll lose your data. A possible non-intervention solution could work, which is to front-load the account to the limits of your paranoia.
1) Paranoid that you will lose your data.
2) Paranoid that your data will fall into the wrong hands.
It seems to me that Tarsnap values preventing #2 over preventing #1.
To follow on your example, what if the authorities who arrested you want to get their mitts on the data in your tarsnap account? Won't you be happy that your data is irrevocably deleted?
> if you believe you must check on every detail, your style is symptomatic of insecurity or paranoia - http://www.adams-hall.com/micwilstrany.html
In any case, my ";)" from before stands.
If tarsnap is really a G2G business, then it makes sense to assume you know how to white-list an email address.
How many other misconfigurations should they deal with? What if the battery is dead on your cell phone when they try to call you after several missed the emails? (Or you're out hiking where there's no reception, or on a cruise, or in another country and didn't want to pay high roaming charges, or ...)
Sounds like easy money all around, and colin won't have to deal with the support fallout (nor get paid to deal with it, which is ok).
Wouldn't that make you one of Colin's most serious competitors? I thought you made most of your money from the enterprise market. The same market Patio is suggesting Colin enter!
Another possibility would be for there to be an 'authorized' premium B2B version - where the original author gets a certain X% ownership, and the slick-marketing type does all the fluff/flashy stuff that adds value for that set of customers.
BTW, that is the same reason for the backlash over Oculus acquisition: people are upset that it will no longer be run by "bad at business" engineers like John Carmack, but instead by "very good at business" Mark Zuckerberg.
One way you can gauge just how wrong HN is about this point is to compare Tarsnap's business to that of any well-known backup provider, virtually all of which could (presuming, perhaps unfairly, that Colin is rational) buy Tarsnap with pocket change.
Backup is a huge business, and enterprise/business backup is an especially lucrative segment of that business. Colin has the most technically credible offering for that segment. But he captures only a tiny fraction of it, and regularly finds himself on HN explaining to HN people why Tarsnap costs so much given how cheap AWS storage is. Q.E.D.
The community values when money/power is not the only/main driver for people creating technology. And for a good reason, I think. When we ask ourselves "why we can't have nice things", more often than not the answer is that "people in charge" are motivated by making more money, not making better stuff.
Yes, there is some naivete in this mindset. But I think some of that innocence is a good thing. FWIW, I liked patio11 more when he was excitingly writing how he earned $30k on Bingo cards then the new incarnation that is proud of using a shitty ThemeForest template because A/B tests well.
I am unclear on what you think the purpose of a commercial website is, given your objection to the idea of suggestions that make them perform better.
I was just pointing out that it is a good thing that there are smart people who are "bad at business", who are "irrational" as you put it. Many good things we have came from such irrational people (that was the point about Linux parallel) and many ugly things come from people who are only following the bottom line.
But without g2g, Colin is going to be competing in a huge market with a bunch of other players. He's also likely to enjoy his business a whole lot less.
>>Colin is going to be competing in a huge market with a bunch of other players. He's also likely to enjoy his business a whole lot less.
Also painfully incorrect. When you have a unique selling proposition, it's easy to compete in a huge market with a bunch of other players. It's also enjoyable.
However I agree, it does depend on Colin's motivations. If Colin doesn't want more users, and doesn't want more money (for even the same amount of work), then your viewpoint is possibly accurate and has merit.
Other possibilities for his lack of change are clear - we do not always act in our best interests for a garden variety of reasons(negative mindsets, backgrounds, etc etc). This can be very frustrating to our friends, who might have experience and insight into our situation, and want the best for us.
John Carmack came on relatively late as CTO, not CEO, and Palmer was the owner of some valuable IP, not the one running the business.
Maybe some people view the Oculus acquisition through that myopic lens, but many do not, and your generalizations do your point of view no justice while simultaneously misrepresenting many of theirs.
If you stick to low margin / cost plus pricing, it effectively poisons the well for your competitors.
The "poison the well" strategy has worked very well for Craigslist, and the Siracha hot sauce guy.
I'd do everything patrick suggested, but stick to the cost plus pricing and not worry about extracting consumer surplus for the value you create.
Once you have a $500/month enterprise plan that is popular, you are going to have competitors that offer more for $400/month, and VC's will be plowing them with money to hire salespeople to go after these $40,000 LTV customers. All the sudden, your product will no longer be the best solution for your own customers.
And most of your $500/month clients won't move. You won't get so many new clients, but your existing clients have 'something that works' and 'we're doing something else now'.
An enterprise-level client - one that the article characterises as being able to employ lawyers, and specifically not the cheap ones - isn't going to change from a vendor with a working system to a new vendor just to save $100/month.
From the sounds of it, Tarsnap isn't trying to own everyone's backups and expand at the speed of light. It's been a 'take me or leave me' product whose income currently satisfies the owner. Not getting new customers because of undercutting competitors will only happen when the level of income is much higher than it is now, and one assumes the owner won't have a problem with that given pricing history.
I wish all businesses operated on tiny margins. That's how capitalism is supposed to work: competition eats up surplus.
Jeff Bezos and Craig Newmark are both "providing maximum value" and "poisoning the well of competitors". I'd say both ended up in the same place yet have completely different business philosophies.
When discussing the merits of different pricing strategies, it is best if the argument stands without being clouded by notions of altruism.
> Open source doesn't just mean access to the source code. The distribution terms of open-source software must comply with the following criteria:
Tarsnap also doesn't claim to be open source: http://www.tarsnap.com/about.html
> While the Tarsnap code is not distributed under an open source license,
The knowledge that there's missing context, which was provided in some sort of back room inside-baseball hn-elites secret discussion to which I was not a party and will never be granted access, kind of makes me wish the article had never been posted in the first place.
"Here's my article - which you'll never understand, because you weren't there, because you're not cool enough". Great.
And the redesign in the article looks like someone grabbed a free theme and swopped some text and a image.
And, no, the redesign in the article looks exactly like someone grabbed a $20 theme and didn't bother to swap in the image.
"Customers like typical HNers might like Tarsnap the way it is, but Colin should instead market to [such and such businesses] using [lots of specific and actionable advice] because [lots of reasons explained in excruciating detail]".
"Oh, I like Tarsnap the way it is."
And just by looking at his personal site he's probably not the first person to ask for advice on how to design your website. I'm not trying to offend the writer but there's a reason why there are web designers and UX people dedicated to the task.
I realise that this redesign is just a small unimportant part of all these suggestions (and I agree with some of them) but if he puts it out there it's worth giving feedback on.
Colin could spend one day and come up with something that didn't look super generic. My idea would be something dark and simple, like this: https://useiconic.com/
Then he supplemented this with: " let’s hypothetically assume it isn’t in the budget. In that case, we go to Themeforest and buy any SaaS template which isn’t totally hideous."
So don't complain that it looks identical to 100 generic free wordpress themes -- that was Patrick's point, and his actual advice was exactly what you call for: spending a day to come up with something.
Of course, you don't make the change if you don't want to become the B2B mega secure backup business that patrick is pitching. But if you do want to grow into that then you have to re-brand into something a clueless supervisor is going to be able to authorize. That won't happen often with the current design.
If Colin doesn't want to make a big B2B business, which I'm sure we all believe to be true, then you can keep the old design and be happy. But if he wants to have a "real" business, then he should absolutely go with a standard bootstap theme.
edit: four to for. duh
I am also curious because I believe most of the comments here on HN amount to not liking this article because it doesn't appeal to them as a customer without regard to what it means for Tarsnap as a business.
I feel like we should strive to destroy the enterprise, not enable it. I am sure that Patrick's approach would be more profitable, but how many people would be put off by this "professional-oriented" position? Yeah, I'm the guy who would rather go through the trouble of installing/maintaining my own GitLab server than paying a dime to Github/Bitbucket. It doesn't make sense economically? I don't give a shit. I feel like there must be something in this life that I should be able to do by myself. I will give as much time needed to someone who needs help to install/setup Ubuntu on their laptops, but to hell with them if they ask for help to setup their printer on Windows or Mac.
Also, I know that Colin gave the go-ahead to write this piece, but reading the thing it amazed me how it works only as a way to push Patrick's agenda, but none of Colin's. The template that it took only 20 minutes to put together? Put it on a git repo and make it public domain, let other people build upon it. Tell people that those who are genuinely focused on tarsnap success that they can contribute, and even educate other users. This piece works only to show that Patrick can tell people what they should do, but there is nothing Patrick has done to actively improve things.
And it's less about 'catering to the enterprise', and more about doing business on your own terms.
>>Yeah, I'm the guy who would rather go through the trouble of installing/maintaining my own GitLab server than paying a dime to Github/Bitbucket.
Then please note you're not really suited to participate in a discussion about optimally pricing SaaS to businesses. It will be painful for you, and the people involved.
>>it amazed me how it works only as a way to push Patrick's agenda, but none of Colin's.
Patrick and Colin are friends. Patrick wrote this post to help a friend. Patrick's agenda is Colin's success.
>>there is nothing Patrick has done to actively improve things
Patrick has spent hours thinking about and distilling his thinking into a blog post, designed to help Colin. Patrick is regularly paid Large Sums of Money for his experience and capability in this exact, specific area. What should Patrick have done? Fly from Japan to where Colin lives, push him aside, and implement all the work he suggested, against Colin's will?
> Patrick's agenda is Colin's success.
Sorry, but this is bullshit. Read the blog post again. I would doubt very much that Colin feels like Tarsnap is a failure of some kind - quite the opposite. Patrick's agenda is keeping the idea that what he does is worth "Large Sums of Money". This might work with the marketing people, but it disappoints me to no end to see this becoming the prevailing view of "Hacker News".
> What should Patrick have done?
A much shorter blog post:
"Do you know Tarsnap? It's this amazing backup solution, created and run by Colin Percival. I wished I could tell everyone to use, but I understand that most people get put off by it's lack of marketing polish. This is understandable if you know that Colin is a genius who (like most other geniuses) do not realize how things that seem simple to him might be harder for the common folk.
I am not such a genius, so I can not contribute to tarsnap itself. But I can contribute to ancillary things that Colin is too smart to even bother doing. So I put together this website (http://link_to_repo) and also this wiki (http://link_to_wiki) where people can discuss things and/or come together to improve the product in ways they think it's relevant. This way we can have Colin doing the things he is already happy doing at a such an affordable price, we can get rid of these small annoyances and get to have more arguments to convince Grandma to use Tarsnap. Most importantly, everyone can be sure that Tarsnap will be around for a much longer time.
Now, this would be pushing Colin's agenda. This would be allowing Colin to do business on his own terms. Patrick's post just reads as a self-marketing piece.
Can you think of a utility or service that serves the needs of a wide range of businesses, from freelancers all the way up to enterprise? Electricity? Github? Dropbox? Internet connectivity? These services have found ways to charge all businesses of all sizes appropriately at fair rates, without "pushing out smaller fish".
>> I would doubt very much that Colin feels like Tarsnap is a failure of some kind - quite the opposite.
Much like the opposite of love is not hate (it's apathy), the opposite of success is not always failure (it's flat-lining). Growth keeps living things alive, including businesses. Patrick's suggestions are a bunch of ideas focused on helping Tarsnap grow.
>> Patrick's agenda is keeping the idea that what he does is worth "Large Sums of Money".
I do not know a better method to value something that is worth "Large Sums of Money" than people paying "Large Sums of Money" for it. In fact, that is the very definition of value. This is not limited to marketing people. It is the definition of a 'market'. Patrick has a track record of people paying large sums of money for his services, when he was actively consulting.
>> A much shorter blog post: "Do you know Tarsnap? It's this amazing backup solution, created and run by Colin Percival."
Lets imagine you have the experience and ability to 10x or 100x software companies, as Patrick does. When Patrick looks at Tarsnap, he sees a series of simple, straightforward actions that could 10x or 100x it, that does not necessarily require any more work than what Colin is currently doing. With that in mind, it would be impossible for Patrick to credibly and authentically write that kind of boring-ass sales-shill blog post, that would have reached a tiny audience of disinterested people.
>> This would be allowing Colin to do business on his own terms.
Colin is fully free and allowed to do business on his own terms. Patrick is also free and allowed to have and express opinions on how Colin does business. In fact, Patrick even received Colin's consent to write that blog post.
>>Patrick's post just reads as a self-marketing piece.
Having known Patrick for years, and considering him a close friend, this is the furthest statement from the truth I have read on the internet. At least, since I last reloaded the comment thread on this post.
First of all, I do not share the idea that growth is the only to measure success. In fact I strongly disagree with it. Colin's idea of success could as well be "What is the state of art when it comes to secure backup software? When Tarsnap is the answer, that will be considered a success".
Second, you seem to be too hung up on the idea of keeping the business alive. I was semi-serious when I was talking about the post-scarcity world. In my ideal world, Colin would be out of work, just like me and everyone else. I want secure-backups to be a commodity infinitely cheap, not something that I may get for free only if someone else is subsidizing some artificially larger cost. I want Colin to work on things he cares about, out of his own personal interest, not for this SV fucked up measure of success.
Third, I know my blog post is boring. That would be the whole point, actually. Don't forget we are talking about fucking BACKUPS here. They are not supposed to be exciting or deserve all this ink we are spilling over it. The point what I am trying to make is that, what I would see as an actual contribution worth of praise (and even value) would be if Patrick went through the boring parts and muck and said "Hey Colin, I know this is now what you want to focus on, but it's important as an user of the product, so here you go."
Was that we got? No. What we got was some blog post from someone "highly trusted in the community", which works only to establish that he "knows what he is talking about". And yes, there are people willing to pay large amounts of cash for this. I wouldn't, and it disappoints me that so many people here do.
Lastly, this is not an attack on Patrick, but rather on this mentality that is so widespread and so exposed on the blog post.
I believe that's called consulting.
I think the main thing is that all the things that Patrick is mentioning is overhead that Colin likely doesn't want.
He's running this as a lifestyle business and not a company that wants to make millions. I agree that certain changes can be made that allow better value for users (the auto-payment ability being very important) but all these things add overhead that Colin doesn't seem to want. Each change has a multiplier of time, and extra stress.
Heck, he doesn't want to waste his time on fixing his logo to be sharper.
I find Colin's approach refreshing. It's rare to see someone (especially one so gifted intellectually) be so in tune with what they want out of life. Having freedom to do what he wants, enough money to enjoy life and save for retirement and providing an important contribution to the world is what Tarsnap provides.
I'm sure Colin will make changes to make it more useful but I think it will be in the context of what's the best for the users and not what's the best for his pocket.
I've encountered Tarsnap half a dozen times over the last ~two years, but I was always thrown off by something ("what is this?", "backblaze is easier to use", "that pricing model is way too high - I'd be paying over a thousand dollars a year", etc.). Patrick's post systematically affirmed that I have a clear and pressing need for this, that it's severely underpriced, and a clear path of implementation.
For my own needs I can't use it because I can't tolerate the casual backup obliteration policy.
The message I got out of patio11's work was that there are show stopping issues that are not fundamental to excellence of the product. Lose them. Help more people.
Bill me monthly. Don't obliterate the backups I'm counting on. You can have my business, my recommendations, and my thanks.
(And by all means he should, get a person or a service to take care of all that billing nuisance. Don't let it bring him down. I contract people to collect the money I don't enjoy collecting. That person needs a job too.)
Even when it comes to B2B, it is better for a service like this to get into enterprise via their geeks than try to appeal to their suits, because Tarsnap's strengths mean nothing to a suit.
I do consulting for hedge funds in NYC. Most of them use an accounting system called 'Advent Geneva'. This particular software solution has a Unix component where the actual accounting data lives. My clients would like to back up this database securely and reliably. Security is extremely important as for a given hedge fund, their trades and positions are extremely sensitive information. Tarsnap is exactly the backup solution these clients would want to use. As a consultant, I don't think I will ever be able to sell Tarsnap in its existing form to these clients. Keeping aside pricing, these clients would want an SLA (and other legal stuff mentioned in the article) for the backup service. These clients are more than willing to pay costs associated with this higher level of service and will benefit tremendously from using Tarsnap.
I do not know any backup solution which is better than Tarsnap and it's unfair that businesses will have to use less-than-ideal technical solutions ONLY BECAUSE Colin doesn't want to adjust 'business side' of his product offering.
Underneath it can all be the same product, just packaged differently depending on who the potential customer is.
See, this is something I have thought a lot about. I can understand the value of the 'enterprise' pricing tiers (and yeah, if I have to do a bunch of paperwork, it's totally fair for me to charge you more.) So I can see where pricing tiers could be a good thing.
However... the bit I'm questioning here is how far you distance your 'enterprise' product from your 'geek' product- Especially if you have a strong 'geek' following already, I would argue that you don't want to start over in the 'enterprise' space. You want to carry over the name. Either, as Patrick suggested, move the 'geek' product to a less-accessible URL and professionalize your primary brand, or build a "tarsnap enterprise business edition" url.
Either way, there is a whole lot of value in a brand valued by nerds. I agree that brand needs to change some (and the product needs to change more) to be marketable to the enterprise, but... the boss basically respects his or her geeks... enough to pay them a lot of money. Sometimes I even find the business folks emulating the geeks when dealing with computers. A MBA where I worked saw how paranoid I was about ESD and asked for one of my wrist straps. He used it while he was typing emails on his mac. The "business edition" of the thing his geeks say is awesome is going to have a lot more pull than just some random new brand.
I normally would agree, don't throw away a perfectly good brand if you can avoid it. But if the customer has never heard of your brand, and wouldn't understand it if they did hear of it, that's one of the few cases where coming up with a new one could make sense.
If they've never heard of the brand, you are right. A good name that your customer hasn't heard is better than a bad name your customer hasn't heard.
But, my belief is that there are a lot of semi-technical "enterprise" or at least "SMB" types on places like hacker news, who likely have heard of tarsnap. And even if not, as I said, management listens to their technical help, often more closely than it seems.
Hell, I've had a few 'enterprise' type companies coming to me, by recommendation of their technical folks. The deal usually falls through because I am not equipped to deal with that sort of thing, but the opportunity was there, because a non-management technical person knew my name. Colin is way closer to being able to support those sorts of customers than I am, and I think he has a much larger technical userbase than I do, too.
>and wouldn't understand it if they did hear of it
I'm a firm believer that how recognized your name is matters a whole lot more than how "good" or "meaningful" your name is. A bad name that your customer has heard before is worth a lot more than a good name that your customer has not heard of.
What does conviva mean? what does akamai mean? Avocent? Cisco? To your average English-speaking monoglot, these are just random strings of letters. Much like 'tarsnap' is a random string of letters to people who aren't crusty sysadmins. The names of companies gain meaning through use.
This is very explicitly talked about in the article.
And as Patrick says there - a "geek" will NOT manage to get most businesses to use Tarsnap. For lack of many features, but also because of the "terrible" design (terrible at convincing businesses to use Tarsnap).
The geeks may love it, but the business needs an invoice. No invoice, no purchase.
If cperciva wants to keep metered pricing, maybe offering a free 3-day trial or something so users can get an idea of how much their particular backup situation would cost before committing would be a good idea.
I'm not sure what's difficult with these calculations?
The dedup (as I understand it) is mostly relevant for incremental backups "adding up" -- so that you can (mostly) run weekly backups without worrying too much about storage cost ballooning out of control.
Note: I'm not affiliated with tarsnap, nor am I a customer -- partly because I'm in a similar position: The data (emails etc) that I can afford to backup in a similar fashion to tarsnap (I use backupninja as a front-end for duplicity) is almost trivial to backup -- the rest (photos, media) I cannot currently afford to backup to the cloud (nor do I have the upstream bandwidth for it).
An external, USB powered, 5400RPM 1TB drive can be bought for $60 last I checked. An online backup service is nice to have, but for $250/month, you could buy a new 1TB disk every week, format it with TrueCrypt, copy your stuff to it, and email it to a random acquaintance/family member (or a known wrong address in Hawaii, so it comes back to you with "wrong address" a few weeks later). It's not as convenient as tarsnap, but way more resilient, not to mention that downloading 1TB back is going to take more than mailing the disk back to you -- or in most cases, taking a return flight to retrieve the disk yourself.
I'm not so sure about that. In either case loosing your encryption keys is a single point of failure, but tarsnap is backed by regular s3, so it should take a pretty cataclysmic event for the data to disappear -- contrast that with dropping your hd 1 meter and loosing the data.
I don't expect to have a hopelessly slow and asymmetrical 10-20/1-2 mbs Internet connection forever, so at some point personal backup to the cloud is likely to become more viable (technically I could get ~gps upload at my university right now). The only remaining obstacle would be price -- and while backing up servers via tarsnap sounds great, if all you want is off-site ~1TB storage with the bandwidth to use it you could just get a dedicated server somewhere. Not as redundant, but assuming you have on-site backup on disk, and a live copy on your server, you'd have to be pretty unlucky to loose any data.
FWIW I don't think tarsnap aims to be a personal backup solution (for multimedia) -- and for now neither is S3/glacier. If it were, there'd be no reason for Backblaze to have their storage pods.
Note that tarsnap prices are comparable to 1 new drive per week. After a year, you'll have 52 fully independent snapshots. If the 4 latest ones fall from 1m height, you still have 48 copies (losing most recent month, but having access to all of last year).
And it doesn't take a cataclysmic event - if Colin can't pay amazon e.g. Because the Canadian FBI might have a gag order instructing him to back door he service ... Or else ... I know he can't, but I am not sure that will stop them from disrupting the service. Same goes for any cloud backup, by the way.
Maybe it's just me, but I would read the _hell_ out of that blog post.
tar -cf - / --exclude='/proc/*' --exclude='/dev/*' [..] | \
xz -z | \
openssl enc -aes-256-cbc -e -salt | \
> /mnt/your/networked/google/drive/backup.$(hostname -a).$(date "+%Y%m%d-%H%M%S").aes.tar.xz
I could understand the appeal to less tech savvy users if there were a gui, or it featured cross platform support beyond those supported by tar, <insert compression tool>, openssl/aespipe/gpg/<insert encryption tool>, or the storage was super cheap.
So what's the value proposition here?
When I moved away from being a Mac only to a Mac & Debian user a while back and consequently looked around for a non platform dependent backup strategy (to replace JungleDisc), I did almost opt for Tarsnap but was ultimately put off by these two show-stoppers:
1: The data is stored on Colin's servers, not mine.
2: Seriously. What does happen if Colin walks under a bus?
In the end I went for Duplicity backing up to my own Amazon S3 storage. No harder than Tarsnap to set up –if you interface with it via Duply, storage costs are miniscule and a corporation the size of Amazon wouldn't fit under a bus!
Deduplication and incremental backups are table-stakes for backup software.
The reason a business would use Tarsnap rather than some other backup service is the level of confidence that Colin can provide that Tarsnap will reliably protect their data from attackers, including compelled insiders at Tarsnap.
In other words, Tarsnap can offer an enterprise an offsite backup service that is demonstrably as safe as backup data that the enterprise retains direct custody of.
That is not an offering other backup providers can reliably duplicate.
Would you say the same about a solution that signs and encrypts the archive with gpg (signs with a machine's key and encrypts it to the owner's key). If so, can you elaborate on some examples of security problems that solution could have?
I could, and it might asymptotically approach the quality of Colin's.
I don't think you're comfortable with the amount of money I'd charge for that service.
You're better off paying Colin cost-plus for AWS storage, since that's all he seems to want to charge. :)
I actually use ZFS (filesystem), so my backup flow is closer to:
zfs snapshot -r $TSTAMP
zfs send $TSTAMP | \
xz -z | \
openssl enc -aes-256-cbc -e -salt | \
> /mnt/your/networked/google/drive/backup.$(hostname -a).$TSTAMP.aes.tar.xz
I had not considered multiple backup sources, mine is deduplicated per host, am I to understand tarsnap is deduplicated across all hosts sharing a set of keys?
Consider how you would restore using incremental ZFS snapshots. You'd have to pull all the snaphots, unpack the base snapshot and then sequentially unpack each incremental snapshot.
In tarsnap, the server will compute the 'snapshot' you want for you, and will only send you the data blocks that belong to that snapshot.
In tarsnap, you can also delete any snapshot you want, and only blocks belonging exclusively to that snapshot will be deleted. In your system, deleting a snapshot means you lose all snapshots from that one until the next full snapshot.
Also, in ZFS you're limited to backing up complete datasets, but with tarsnap you can backup any set of files you want.
Note: https://github.com/bup/bup does that too (though it does not encrypt), and http://liw.fi/obnam/ does too (and it does encrypt).
What tarsnap gives you that obnam doesn't is (a) managed cloud storage, (b) tarsnap's history and reputation, and (c) Colin's personal reputation. That's a lot, and it costs money above the S3 storage costs (which you could point obnam at).
How are your snapshots incremental? In BTRFS you would need to specify a base snapshot.
What is the restore process? You init a zfs file systems and then zfs receive the backups in chronological order? How are the dependencies between snapshots managed?
To restore, of course, you'll have to have snap1, and then you can apply the increment.
He uses scrypt, not openssl/aes-256-cbc.
A few differences.
Colin may be a crypto genius and his code extensively reviewed, but I'd wager more eyes have been cast over the openssl codebase than tarsnap.
Edit: Whoa, lots of downvotes. I guess it is a bit odd to ask a person who just said "What I Would Do If I Ran Tarsnap" if they have any literal interest in running Tarsnap. Silly me.
But if you espouse like this on 'what you would do if you ran tarsnap' then you probably should be doing just that, rather than to list your own set of priorities that contradict the whole premise of your well intentioned public good advice.
I read this as a public offer to do better, excuses about how you're too busy shouldn't count. If you're going to tell someone how you would run their business you should be wiling to do exactly that. Otherwise your words lose a lot of strength.
Especially because running services is a lot harder than (publicly) posting about them.
patio11's whole point is that he loves both tarsnap and cperciva and thinks literally everyone in this equation would be better served if cperciva made more money and by making the tarsnap user experience more sensitive to the needs of businesses who want to rely on it.
I'm quite aware of what tarsnap is.
Delete that file on one device, it is gone from all that share it.
Especially with Packrat feature.
Scripts can copy out from the Dropbox to both negate your issue and proliferate backup copies to many physical locations.
* Mobile support
* Windows support
* A web interface
* Any way of using it other than CLI
TFA left all that stuff in place. "tarsnap the software" does not change at all.
The argument here is Tarsnap is a great product but the way its being sold actively discriminates those who would be best served by their offering, but are not run by unix wizards, and I think we should all care about this issue as well. If it means a company like Target is easily convinced to use a solution like Tarsnap, instead of a competitors, or worse, rolling their own - I think we would be all much better off.
With a great tool like Tarsnap, no matter how its priced, or how its sold, or what CSS is loaded - it should be clear that it provides a great value add and most people are better off with Tarsnap's solution in an enterprise setting. We shouldn't forget its incredibly easy to say "Well things are great now" when they are only great for you.
cperciva: Pretty please try this first and measure the effect? Would be super interesting!
For the last several years I've been running a business whose primary purpose, really, is charity: providing high quality technical services to people and businesses who couldn't otherwise afford them.
It sounds like a noble cause, but it sucks balls.
You're not serving your customers' needs if you end up in the hospital for any of a hundred different reasons that can happen to anyone at any time, and there's nobody that can manage the service for you while you're out. (Look: you obviously think that having a backup plan for data is important; why do you not think that having a business backup plan is also important?)
You're not serving your customers' needs if you can't afford to ensure the integrity of your own infrastructure. No business lasts forever; what happens if Amazon, two years from now, starts making policy decisions that cripple your business? Steve Jobs died just over two years ago and most people agree by now that Apple has become a different company. Bezos is not immortal, and there's a board of directors that would very much like to be making a lot more money from Amazon.
You're not serving your customers' needs by maintaining an unnecessarily high barrier to doing business with you. I do web and mail hosting for a number of customers. Having backups is really important to me. But I'm also busy and underpaid and my hair's always on fire and my bank account never has quite enough money in it, so tarsnap for me has never looked better than my current backup system (BackupPC on a machine I have physical access to in a secure location). Excel modeling to attempt to estimate my monthly costs for a service is obnoxious.
You're not serving your customers' needs by being unable to fix problems that they are actively complaining about because you're the only engineer in your business capable of addressing them.
Colin's current way of doing business is actively interfering with his goals -- assuming those goals are anything more than, "provide a cool backup service as a hobby".
You don't have to become a disciple of SV startup culture. There's a fantastically large middle-ground that allows for changing the business just a little bit without sacrificing its soul.
The amazing thing here is that both Colin and Patrick are amazing engineers: Colin as a software engineer, but Patrick as a business engineer. A business is an abstraction that can -- and should -- be engineered. That means understanding the scope and requirements of the problem being solved and then coming up with a system that meets them. Colin, for godssake, take Patrick's advice just as seriously as somebody should take your advice on cryptography.
People keep trying to "fix" Colin instead of doing the entrepreneurial thing and competing with him. He can't be fixed because there's nothing "wrong" with him. That's like telling Good Will or the Salvation Army to change their pricing. If you want a for-profit department store then start your own Walmart. If you want a better backup service like Tarsnap then clone the thing and do it better.
Colin's an unfathomably smart, pretty reasonable dude. It feels wrong to assume that he's in this for the religion of it, or that no argument exists that's convincing enough to change his mind.
For the same reason, "fixing" seems like the wrong verb here.
Also, you can't provide the guarantees you want. You could hire 24 hour tech support but will they be able to troubleshoot colin's servers if they are down and he is sleeping?
Update: another business idea for Colin. Keep tarsnap as-is but license the server code for a fee so others can run a business as proposed.
SpiderOak? Only heard about them because they're "hip" on here, given the state of technology in the average startup, I wouldn't trust them with my data ever.
PS. Let's not be harsh on SpiderOak though, I never used it for backup purposes and haven't read about any security breaches or privacy concerns about it anyway.
I'm currently suffering from a deluge of emails (turns out that a blog post
from Patrick McKenzie saying that I shouldn't have cut prices results in
even more people signing up for Tarsnap than the price cut did, and most of
my email comes from new users)
Consumers are pretty price sensitive, and business that sell directly to consumers must cater to this. This is why Patrick is always advocating that you start a business that sells to other businesses. A business doesn't mind paying for something as long as the cost is below the value it gets them. Isn't that the basics of business? Buy low, sell high? Buy a service that provides $X value as long as the cost is < $X?
I first can across this difference when I was a newbie DBA. We needed to upgrade our SQL Server cluster to the latest edition. I reviewed the differences between the various editions, and decided we could use some of the features in Enterprise vs. Standard. I did a little estimation, and showed how much time we could save between the DBAs and the developers if we got Enterprise. It was nowhere near the difference in the license costs, but I passed my findings onto the IT manager and the CEO. The CEO said buy Enterprise. I was stunned, and thought it was a bad decision. The reality was that we got so much value out of SQL Server, it didn't matter that we paid more than what was absolutely necessary.
Developers have the consumer pricing mindset as well. They complain about IntelliJ, Xamarin, or Visual Studio licensing, or worry about SQL Server costs. Even if an IDE provides you with a 1% performance gain, I'm pretty sure that's worth it for most companies. Who cares if a language/framework/database/server is free if reduces your output by even 5%. That's just bad business. You can claim a license fee on your taxes, but you can't claim an opportunity cost.
Consumer tight-fistedness for consumers can also be a bad thing. I live in a relatively cheap area of the US. When I travel, I'm shocked at the prices. In order to feel comfortable, I have to ask myself not Is this a good price? but Would I rather pay $15 for a pina colada or go without? Often the answer is, Yes, I'd rather sip a coconutty concoction on the beach in Hawaii than have an extra $15 when I get home.
...is not actually true. There are likely thousands of companies with multi TB databases, many of which are small shops who need a backup solution. S3 is one option of course...
1) $50/month is WAY too much for the opening tier. Maybe $50/year. $50/month may sound OK to someone who already has a business generating meaningful revenue. But $50/month would be a show-stopper for most bootstrappers (which I imagine is a core audience). Especially when compared to something like Digital Ocean's $5/month.
2) The site design proposal looks pretty horrid. No doubt the current web site is also lousy, I think he could stick with something that still "speaks" to geeks. That "new" site design looks like one of these terrible templates which I think actually could send the wrong message.
Maybe this isn't cperciva's goal? Maybe he is just running the service as he wants it to be?
Seems good to me.
Looking around I see at least three services ("probyapp.com", "deadmanssnitch.com", and "cronwat.ch" - the latter of which has an expired SSL certificate).
FWIW one of the main reasons I've never used tarsnap is the pricing and the picodollars, it never felt "real" enough, although obviously it is completely transparent.
All the same benefits as tarsnap: de-dup, guaranteed privacy, OSS, headed by a bona fide geek (http://blog.kozubik.com/), fair pricing. Plus: multi user sub accounts, 7 days of free server side snapshots of your entire backup space and geo redundancy.
Plus business benefits: SAS 70 / PCI / SOX / HIPAA compliant, a company that's been going for over a decade and isn't reliant on one person or supplier etc.
I loved leaving the existing service as a poorly publicized option, as it keeps the hn-crowd-early-adopter-technical-consultants using the service, and thus recommending it to the $500/mo businesses.
There is no problem in the way the service is priced.
Its about the same way cloud services charge.
How much are you going to spend on a big AWS installation,
including bandwidth, storage and compute? You dont know?
Well knowing that to a penny is hard.
Well boo hoo. I was going to go on vacation and I dont wanna
read email when I am on a 21 day sabbatical. What happens if there is not enough money on the credit card you are charging your other cloud services too? You get email, and if you go over they stop running your stuff.. Go over even more and eventually they will just delete your stuff. That is not just your backup that is your entire platform.
I dont see the problem here. The use case is, I sign up for tarsnap, I put some money in the account and then I dont want to ever think about it again.
Do you do think with other cloud platforms? Dont you want to keep an eye on what it costs? Wouldnt that be prudent?
The same with tarsnap. You star using it, keep an eye on what it costs. Then after a while you should be able to create a projection of how much its going to cost. That to me seems like a good thing to do if you run a "serious" business.
Side-Note: I don't feel okay about the way this turned out for Colin. He is a member of our community, I'm reading his comments here, he is active. Everyone here, judging his business model, with some people being extremely harsh IMHO, feels like an on-line reality or something. I don't like it.
Also, the proposed design looks ugly and absolutely standard, whereas the current one has this touch that makes it stand out. As a geek, though.
What about reframing the marketing/messaging changes the underlying tech involved?
How is creating a complimentary B2B site, going to make the G2G one any less valid?
I'm not understanding why there is a recurring theme in this thread that having awesome underlying tech is somehow mutually exclusive from running a great business as well.
1. Colin gets hit by a bus and Tarsnap disappears. There's not much that this new company could do to protect itself from this problem, short of convincing Colin to implement a failsafe that, upon his verified death, hands full control of Tarsnap (including any relevant private keys and passwords) over to someone who can continue the service (and that someone could easily be the founder of this new company).
2. Technical support that this company could provide would be limited based on the level of support that Colin would provide to this company. Again, perhaps this company could draw up an agreement with Colin for priority support, paying some large amount of money per month for the privilege.
3. There's probably other issues I'm missing, perhaps this company can't make the same guarantees tarsnap itself could (e.g. ability to be HIPAA-compliant) due to not being in control of the technical aspects.
But otherwise, it could certainly provide all the metered pricing guarantees, including guaranteeing backups don't get deleted after a 7 day shot clock. And they may be able to make other guarantees (e.g. priority support) depending on what they can convince Colin to deal with; I'm sure that it's easier to have a single special customer that gets special treatment than it is to offer priority support (and other guarantees) to arbitrary customers.
On another note, I disagree with the author that metered pricing should be removed entirely (although he seems to have already conceded that he will never win that argument). Tiered pricing for businesses is great, but there's still a need for cheaper pricing for various reasons.
Perhaps I'm an employee at a company that's testing Tarsnap to ensure it meets the company's needs before making the case for the company to buy a service plan. I may not have the authority to purchase a $50/mo plan, but I certainly would have no qualms about paying $1 out of my own pocket to test the service for two weeks.
Or maybe I'm an independent developer who's bootstrapping a business. I'm still in development mode so I have no customers and therefore no income. Being able to pay $2/mo for the backups I need is a lot more appealing than paying $50/mo. When I finally launch my product and gain users, then I can consider switching to the $50/mo plan for the guarantees it offers (e.g. predictable pricing).
I do like the proposals in the article, but I wouldn't make the metered pricing that invisible. I'd call it Elastic Tarsnap, put it in the same table before Tarsnap Professional, give it a faded background and put the language with the picodollar pricing on it. This will communicate that that's the intended product for the truly paranoid power user who needs their personal data backed up. Maybe even put that exact sentence under it "Backups for truly paranoid power users (or unix geeks)". Because it's not just corporations that have specific needs, we unix geeks have specific needs too.
I wasn't aware of this "feature" before, and I don't currently have any need for Tarsnap's service, but I don't think there is any way I would choose to use that service or any other software product from the same guy/team. Maybe the underlying cryptography is rock-solid, but that's completely irrelevant if my backups are going to be deleted while I'm on vacation.
I want my provider to make money, but I also want to understand their business enough to know whether I'm a customer that is making them money or one that they are likely to want to drop in the near future. To be clear: I am not complaining about things being expensive (I like paying for things!), and agree that Tarsnap sounds like they aren't charging enough for the value that they could provide me, but I want their business model to be transparent (again, so I know they are making money off of me, so I know how to and whether to negotiate, and so I feel comfortable they won't shut down their service in a few months when they realize their customer's needs changed and suddenly they aren't making money anymore), and putting up the standard three price tiers hides all of that from me in a way that makes me nervous.
It also isn't like most of the really basic services people buy for their businesses are priced like that already: I pay for power by the kilowatt, phone calls by the minute, and bandwidth (for my servers) by the gigabyte. Sometimes the base rate is thrown in (I get 5TB of transfer included with a virtual unmanaged server, for example, not that I'm using many of those anymore), but very few services I pay for have a fixed flat rate like this. I thereby am having a difficult time appreciating the argument that it would be easier to get a company to pay $100/mo than $5+/-$2 (although maybe the idea is that these numbers are both simply "too small to think much about", which would be an argument I could appreciate). Most services similar to Colin's are priced by usage, not in fixed tiers.
To put this in perspective: I seriously have over fifty thousand dollars a month of service costs for my business that I pay based on some variable cost that Patrick is claiming I am somehow not going to be able to calculate and would keep me from using these providers. In addition to the things already mentioned, I pay by the hour for computers (EC2), by the message for e-mail delivery, by both the amount and number for credit card charges (the bulk of my costs), by the sheet of paper and drop of ink for printing, by the gallon or mile for travel, and again by the gigabyte for content delivery (which is somewhat different than the variable bandwidth I'm spending for my servers). Almost all of the costs of my business are paid for on some variable cost basis, and this is not strange :(.
I can actually go further: my "right hand man" is paid by the hour, so a good percentage of my human resource costs are variable as well. This is somewhat strange, sure, but when I was a consultant I was amazed at just how many companies seemed to be entirely staffed by consultants... we'd go to the business and find out that the don't even seem to have employees anymore, they now just are contracting work out to three different consulting firms. Again: billing for time and materials doesn't seem to cause companies to go running for the hills, and at this point most of my friends are consultants, they all bill this way, and they all have so much work they are quite picky about their clients. The legal and accounting firms I work with are even more examples of this (and ones where I've spent immense amounts of money over the years).
So, I just can't get behind this idea that pricing by the byte is somehow a fundamental flaw in Tarsnap's business. Maybe it should be 10x more expensive than it is: I can easily see the idea that the price of the service is not commensurate to the value. Maybe it should have some lower tiers with fixed pricing for entry-level usage: but then then top-level tier should be open-ended, "talk to a sales associate", and negotiated on the gigabyte (again: this is how most services I've seen that are targeting businesses are operated; they don't have unlimited tiers, they have limited tiers and then "pay by the X" at the high-end). Maybe it should also have a way to price differentiate different kinds of customers: SLA, support, and purchase orders, all make perfect sense to me. But I just don't understand why billing by the month should be considered better than billing by usage.
Personally I'd like to have flat-rate unmetered electricity and not have to think about how much I'm using, but reality dictates otherwise: if it was that way, people would use more, the power company would have to build more generators and burn more fuel, financial and environmental costs would substantially increase and we'd all lose out in the end.
But none of that applies to my cable Internet connection, which as a result is flat-rate unmetered (well, up to some threshold that's high enough I forget how high it is; it's something like a few hundred gigabytes per month, more than I'm going to need); so I don't need to worry about exactly how many gigabytes I'm using. This is a good thing.
The value Tarsnap provides to businesses is much larger than the raw cost of the bandwidth and disk storage, so it makes sense for it to be unmetered and give customers one less thing to worry about.
Oh, and that redesign is way worse than the current design.
I have to beg to differ, as I know this value for where I work. Sure, don't know it to a byte, but I know enough digits * price per GiB/month = reasonable estimate of cost. (And I know the before and after compression.)
Of course, his real point is:
> different bytes have sharply different values associated with them
This is true. However, I don't think that I should be charged by the value of my byte, ever. This is something I despise ISPs for, in that they forbid you to run servers, because what? those bytes have a different flavor?
Same thing here: some bytes are more valuable that others, but I want to be charged by the level of service you're giving me per byte. If you're giving my really-valuable bytes and my not-so-valuable bytes the same service, I expect the same price. If there's a service difference, show me that, and show me the difference in cost for you to provide a different level of service.
Of course, I think he gets this, because if you read he suggested tiers of service, they not only scale up the available storage, but also other things, like "Custom legal / compliance documentation". Different service -> different price.
Patrick has a number of valid points but as far as I know Colin is well aware of almost every one of them. Just like other people shouldn't be telling Patrick how to run his business Patrick would do well to recognize that Colin and he have different drives and factors not easily digested into a blog post (however well intentioned) that equate to optimizing conversion or maximizing the number of dollars taken out.
None of this could not have said in an email to Colin, and as such it serves as a way for Patrick to show publicly how good he is at fixing problems that are related to marketing and conversion, it does very little for Colin other than to make it very public that he's not running his business in a way that caters to most enterprise types. And that's possibly a good thing, depending on what your assumptions are on what motivates Colin.
I'm going to send my own $0.02 on what Patrick wrote to Colin in an email rather than to post it here for all the world to see, Both Patrick and Colin are good men and I'd rather see stuff like this happen in private.
The road to hell is paved with good intentions, and even writing a solicited blog post is not always the best solution to the problem at hand.
If Colin has your private keys then he could be compelled to reveal the contents of your data to a third party. This seems to run counter to the design goals of the system.
Otherwise I found the posting to be enlightening. I learned quite a bit from reading it!
Use tarsnap as the backend, but add a more user friendly interface to it. And be up front about it, don't pretend you're doing something you're not. Colin could keep doing what he likes, and basically someone else will be handling the marketing side of things, and interface development, customer support etc...
As someone with a few side projects and start-ups, all of which are at the proof of concept/mildly profitable stage, it matters to me that there's a way to get started for less than $50/month. $50/month * 10 SaaS platforms = my profits.
His approach makes sense if the aim is to extract the most value from businesses; but what about nurturing new companies?
the aim of life is to be happy, not to meet someone else's expectations.
If running Tarsnap as a free public utility is the light he wants to bring to the world, the outlined Tarsnap' is better at that than his Tarsnap is. Charge businesses more, invest in better UX, subsidize non-business users straight to "free." If he wants to lay on a beach sipping iced cocoa, this is more beach and more cocoa. If he wants more time with his family and less time in the inbox, this is a trivial modification away from that. ("Make money, buy your way out of inbox.")
shrug. in my experience, people telling me how to live my life tend to be a pain in the arse. but maybe i am projecting.
$0.25 / GB-month x 1000gb = $250 / 1TB-month
> here exist geeks who run servers with hobby projects, but they don’t have serious backup needs. Have they taken minimum sane steps with regards to their hobby projects like spending hours to investigate backup strategies, incorporating to limit their liability, purchasing insurance, hiring professionals to advise them on their backup strategies, etc? No? Then their revealed preference is that they don’t care all that much if they lose all their hobby data.
I understand how investigating backup strategies and hiring professionals for advice help with the goal of protecting my data. I do not understand how insurance and, particularly, incorporating to limit liability help protect my hobby data.
Both of those things make sense if I'm engaged in business activity requiring me to protect data in order to make money. How do they help me if I'm engaged in an activity that requires me to have continued access to the data for its own sake?
Many businesses do. Making it easy for them to buy the product will probably be lucrative.
> Did you want to backup your MySQL database? Did you backup the actual data files rather than a mysqldump? Sucks to be you...
What are the dangers of backing up the data files instead of a mysqldump?
I had a scary moment when I thought we were backing up our databases as data files... fortunately someone smarter than me set that up and in fact our backups are mysqldump's. Phew!
If the tables aren't locked while you're backing up, you're going to end up with inconsistent data.
There are tools like xtrabackup that allow you to extract a live copy of the files, but sometimes take some hand loving to get working on another system.
A good solution I found when wanting to copy those particular files instead of a dump/restore was to utilise the snapshotting features of LVM.
1. lock tables
2. take snapshot
3. unlock tables
4. mount snapshot and copy data from it
Then the system continues to work and you have a consistent copy to back up.
The purpose of a small business isn't always to make money, or to provide the best possible service - it can be to create your own job, that you love, that is the perfect job for you.
DHH talks about this.
There's a Reader's Digest story about a guy fishing all day, and an entrepreur tells him he should hire people, increase prices, do marketing etc. Why? So he can retire, and spend all day fishing! But that's what he does now...
That said, there's some good ideas about how to get money out of customers in the article, if that's your priority.
> Unlimited storage, up to 1 TB of media
No. That's not unlimited.
I would much rather prefer a robust commercial entity behind my service providers (+ the super credible technical capability of Colin), than Colin alone.
Is the encryption or deduplication somehow unique? Or isn't the only unique element exactly what the author of this post proposes to eradicate?
If I had more free time...
Otherwise talk is cheap. More so, talk about how someone who has actually done something successful is doing it wrong.
I originally used Tarsnap for a small amount of really important personal data. Data I already have encrypted, and backed up. But data I felt strongly about having a trusted off-site backup for.
It's small data, my billing account shows me I spend around $0.20 per month on this.
Without having been able to try Tarsnap, use it, come to trust it... I would never have had my business sign-up for it and I would continue with home-baked solutions for disaster recovery.
For a startup, being able to translate that utility pricing model to the backups we initially made meant this was extremely affordable and increased with usage (and theoretically our revenue).
I wouldn't have dropped $50 or $100 per month and so would have delayed, avoided and built our own system that was nothing as good as Tarsnap but fulfilled the basic requirement.
Later I'd be in the realm of thinking Tarsnap was reasonably priced, but would I change everything? Probably, but only when it was overdue.
The proposed pricing model introduces a big cliff to climb.
I wouldn't climb that cliff until it was long overdue.
It is precisely because the pricing scales with our use that I could try it personally, and for the startup, without fear of a surprise.
Perhaps I'm no longer your market.
A 250x price rise isn't going to keep me though.
And my point was that it was the experience of the personal usage of Tarsnap that sold me on the business use. Because I knew it would start small and low cost, and scale with our needs just as a pure utility would.
Somehow, pointing this out deserves down votes.
First of all, the post is full of constructive, actionable advice. Does the advice seem good? Then that's all that matters! The post stands by itself even without knowing who patio11 is.
Personal attacks like this literally add nothing while at the same time actively stifling future discussions. You should never have a personal attack unless there is a very good, concrete reason for it to be relevant and you're still polite about it. Anything else is simply both rude and unconstructive.
Second of all, he's somebody who both has a successful business in a vaguely similar niche and used to be a successful consultant optimizing others businesses. That is, he was a professional doing exactly this sort of criticism! And people were paying him for it. Because it's extremely useful.
I legitimately have no idea what business he has talking about tarsnap this way. I clicked his "about" link and it said he made bingo card creator software.
He has a ton of HN karma, so I expected downvotes, but I'm still puzzled as to why he would make this post.
You're saying he's had success in something similar to online backups? What was it?
I do not have a page specifically bragging about that partly because I hate bragging, partly because I hung up my consulting spurs last year, and partly because c.f. XKCD 125. Some of my clients are fairly well-known. Some of them are pretty technical. You have no particular reason to trust this representation, but "I've been involved in engagements which resulted in millions of dollars of improvement to businesses selling things approximately as technical as backup software" is a true statement.
Why I made this post? I wanted to help Colin out, I really enjoy making and selling software, and oh my goodness does that picodollar thing do it for me. Seriously, I have known my wife for less time than I have known the Tarsnap pricing strategy. Every year, like clockwork, it causes me to erupt volcanically. It is my Moby Dick. I will hunt it forever until it dies.
FWIW, he is probably the most well-known CRO expert there has ever been. He has exactly the authority needed to write this post.
[edit: "CRO expert" is too strong, as noted below. I was thinking something "SaaSy". Basically, in this community, he is the expert in some forms of SaaS marketing/pricing.]
If we add a lot of constrains like "Software! No wait, B2B software! For geeks!", for each constraint you add the pool of talent gets rather sharply smaller and my confidence that there exist lots of better options than me accordingly decreases.
One could argue that perhaps that gives him some insight into the B2B sales process, which is a large content of the article.
Your re-design template is so awful (and so bland, so tasteless $25 template), comparing to the original one, which is unique, light and with a thought-out UI.
Colin is happy to provide a useful service and there is a target market for this service (i.e. - other geeks).
It is not his intention to bring the service to the "next level", because running (and dedicating even more time) to this service is not what he wants to do to make a living.