Security headlines Tarsnap Special with Colin Percival
Tarsnap is a backup service running with the slogan “Online backups for the truly paranoid”.
The service has well earned its slogan as a secure backup option.
Created in 2006 by at the time FreeBSD’s security officer Dr. Colin Percival, who
was responsible for FreeBSD’s security advisory.
Colin is not only a successful entrepreneur but also a dedicated FreeBSD user.
After dealing with the pain of running Tarsnap for himself for a while he decided
to follow Paul Graham’s
wisdom of “There are certain things that naturally needs to be companies” and
the Tarsnap company is born While modern startup companies spend there budget on marketing campaigns, pouring
in Money into Google Adwords and similar service, Colin focused on building a great product that resulted in its user base adoption. He even experimented with google adwords spending around 200 usd, but it didnt
result in any new users. Proving that when you provide a good value to the market, the market rewards you.
Colin has been getting his hands dirty with FreeBSD in the late 1990’ies
when the firewall in his family house
running openbsd crashed due to disk failure. After changing the disk he
did not manage to
figure out how to install OpenBSD so he went with FreeBSD. While
studying for his doctrine, he got concern
about security, that led him to use freebsd where he later jumped
on as FreeBSD security officer.
Being the FreeBSD’s security officer gave him knowledge of
security holes before anyone else did and
he needed a secure backup solution for storing his files.
After some head scratching, he decided to
go the startup route and create his own backup solution. After
getting several user requests about having
password-protected key storage, Collin created Tarsnap’s
secure cryptographical solution for
protecting keys called “Scrypt”, which later got picked up by several opensource
projects such as the cryptocurrency project Litecoin.
Colin is a very intelligent and trustworthy person, to
improve security when connecting
and staying connected between machines he creates spiped.
Adding a layer of safety on top of just using regular
ssh, to mitigate attacks and weaknesses caused by OpenSSL.
Because scrypt has a heavy resource need, making it hard for
attackers to crack, it became a more secure alternative then the
standard hash functions we use in modern systems such as sha1 and md5.
The project started to growth and it was soon adopted by various larger companies
such as stripe.
If you are interested in finding and submitting bugs in Tarsnaps
own code base, Colin has put up a Bug bounty
rewarding the people that find all kinds of bugs in the code base, a fun
fact is that a majority of the security bugs
that gets submitted is not found by security researchers looking
for holes but by average developers looking at
the functions in the code.
Today Tarsnap runs on a large set of different systems by a diverse
crowd, providing secure storage of
data thanks to its stable code base and amazon s3.
Colin also donates Tarsnap’s December profit to the opensource
community sponsoring the FreeBSD foundation, the EuroBSD
conference, the bsdcan conference, bsdnow podcast and several other projects.
We are super happy to have Colin as a guest on Security Headlines! Relax and give it a listen at: