n8gray.org: Backup Bouncer is Working, Confusing, Annoying Developers

Backup Bouncer is Working, Confusing, Annoying Developers

A friend recently pointed out that BB gets some love on the Carbon Copy Cloner product page. This is quite satisfying to me, since my indirect goal with BB was to get it into the hands of the folks making the tools. The primary goal was always to let users validate backup tools on their own, but it was always clear that this would end up putting pressure on the tool makers. When a user comes to you and says, “your tool fails backup bouncer test foo,” you either pay attention or lose a customer. This is very empowering for end-users, but one can see how it has the potential to irritate tool developers if they disagree with BB’s test methodology.

So I wasn’t too surprised when a user forwarded me a somewhat exasperated-sounding note from Shirt Pocket software explaining why SD doesn’t pass BB’s FIFO and device file tests. I won’t paste the note in here, since I feel that would be poor form, but I will pass along their rationale for not copying these files. They feel that FIFOs and device files are normally system-created files that are not meant to be preserved across reboots or backups. For that reason, SD doesn’t back up these filesystem object types at all.

One can understand how Shirt Pocket arrived at this policy. Writing a good system-level backup tool is more subtle than it might appear. There are actually parts of the filesystem that you don’t want to back up, like caches, VM files, and so forth. You don’t want to back up the device files under /dev, since those get created dynamically depending on what devices are attached. In short, there are some parts of the filesystem that are tied to the state of the running system, and these should not normally be copied in a backup.

The problem with Shirt Pocket’s policy is that although it is certainly true that the system-created FIFOs and device files should not be copied in a system-level backup, there are legitimate reasons a user might create FIFOs or device files, and there’s every reason to preserve those user-created objects during a backup. Don’t get me wrong — this is obscure stuff that only advanced UNIX hackers would do, but hey, advanced UNIX hackers need reliable backups too! SD’s policy is, IMHO, overly broad. I would be much more comfortable if SD excluded filesystem locations rather than entire classes of filesystem objects.

The Shirt Pocket letter also accused BB of being “rather misleading to most” on this issue because it makes people worry about something that won’t cause them any problems. Although I vehemently disagree with the “misleading” characterization, I agree that not every BB test is equally important in practical terms. Most end-users will absolutely not care that tool X doesn’t backup FIFOs. This is why BB has always had a prioritization feature. Quoting from the usage string of bbouncer:

-T <set>     Use the given set of tests.  <set> can be either 
             "critical", for tests whose failure will cause problems
             for average users, or "important", for tests whose
             failure may not cause problems for many users, but which
             may be important to power-users or may qualify as 
             critical in the future.

The FIFO/device file tests are not included in either the “critical” or “important” set of tests. So I’m saying (and have always said) that most users, even most power users, won’t care about them. So why test for them at all? Consider the situation before Maurits’ blogged on backups and BB existed. Most people, myself included, didn’t even know what the full set of OS X filesystem object types and metadata was. Maurits filled us in on what existed, but knowing how to test for preservation was still a black art. BB was meant to democratize that testing, but also to act as an exhaustive test set. (I don’t claim to have achieved even close to 100% coverage, but that’s the goal.) So it’s important to me that BB include tests for any metadatum or filesystem object that can conceivably have a reason to be backed up.

Having said that, I’ll concede there’s a usability bug here. The -T option is unlikely to be discovered by casual users, and they’re the ones who need it most! It’s not used by autopilot and it’s not even documented in the README. So I think I’ll be making the following changes:

I’ll document -T more pervasively
I’ll have the priority of a test appear in BB’s output
I’ll have BB default to running in “important” mode, changing the exhaustive mode to an opt-in option

Hopefully this will help prevent confusion for casual users and ease the support burden of tool developers while maintaining BB’s goals of providing easy backup tool validation and exhaustive test coverage.

June 2nd, 2008 [Projects/Backup-Bouncer • Apple/OS X] permalink TB

« WTF is MIPSEL? :: More Backup Bouncer »

Comments:

1. Dave Nanian replies:

Nate –

To clarify what I said to our mutual user:

This particular part of Backup Bouncer’s ‘testing’ is rather misleading to most, especially those who generally don’t even know what these types of files do, or how they’re used… always a worry when someone starts standardizing a test.

I wasn’t attempting to say that you were being misleading at all. Rather, the “flat” nature of the test results being passed along were being misinterpreted because they’re “weighted” the same in presentation. Unlike much metadata, ACLs, etc, FIFOs and local devices are typically recreated after each boot - FIFOs, especially, are generally created at application startup time for cross-program communication. It seemed sensible to not copy them since their content wasn’t really relevant. So the “failure” would generally not have any effect even if a user created their own FIFOs.

But, as I also said to this user:

That said, we’ve don’t want people to be concerned about these particular types of files if they do run Backup Bouncer and don’t understand what they’re really looking at, and as such we have a bug reported against this and hope to address it in a future release.

We reported this bug — really a design choice — against the cloner back when Backup Bouncer was originally written (in fact, I emailed you about it at that time), and it’s due to be fixed in the next release.

I hope that’s clearer, and thanks for writing Backup Bouncer.

June 2nd, 2008 at 3:58 pm

2. n8 replies:

Hi Dave,

Thanks for the comment. I do remember our conversation about this issue back when BB was first released, and one of the reasons for making this post was to give developers like you a place to point users who worry about the results of these non-critical BB tests. As I said, I admit that the presentation is potentially confusing. The term “misleading” rubbed me the wrong way, but I understood the point you were making. Sometimes a little information is a dangerous thing.

As for the SD FIFO/device policy (notice I never called it a bug), I’m glad to hear you’re planning on changing it. I’ll gladly agree that only BB users will probably notice the change, but it’s encouraging to know that if I mkfifo foo then foo will be preserved in my backups. It’s a nitpick, but you might as well pick that nit.

June 4th, 2008 at 9:34 am

3. n8gray.org: More Backup Bouncer replies:

[...] print the “priority” of a test along with its outcome, which hopefully should clear up some confusion among less experienced users. On a tip from Patrick Power I’ve added a new test that combines [...]

June 9th, 2008 at 4:12 pm

4. Joe’s Amazing Technicolor Weblog » Blog Archive » the stable rdiff-backup is not looking so hot for metadata on OS X replies:

[...] bunch of things being tested by bbouncer that may or may not be of interest to the average user. A recent post by the author points out that bbouncer has a -T flag for indicating which level of paranoia to run at. Rerunning [...]

June 10th, 2008 at 11:47 am

Search

Blog Categories

Archives

Links

Subscribe

Meta

Comments:


	n8blog distraction in action
	Home Blog Photos Research Code Links Contact Me Search Blog Categories Apple (41) OS X (35) Tips (9) Scripting (4) Blogging (11) blosxom (1) pyblosxom (1) Family (1) Gadgets (1) Hacking (10) C (1) Car (1) Hardware (2) OCaml (1) Music (2) Opinion (1) Photography (3) Projects (22) Backup-Bouncer (8) Forget-Me-Not (2) QLColorCode (4) ScriptExport (7) Utilities (1) Random (8) Unix (4) Ubuntu (1) Archives Links davidnoblet.com Mac OS X Hints R\|Mail The Rome Report WordPress yayfor.us Subscribe Blog Comments Meta Log in Backup Bouncer is Working, Confusing, Annoying Developers A friend recently pointed out that BB gets some love on the Carbon Copy Cloner product page. This is quite satisfying to me, since my indirect goal with BB was to get it into the hands of the folks making the tools. The primary goal was always to let users validate backup tools on their own, but it was always clear that this would end up putting pressure on the tool makers. When a user comes to you and says, “your tool fails backup bouncer test foo,” you either pay attention or lose a customer. This is very empowering for end-users, but one can see how it has the potential to irritate tool developers if they disagree with BB’s test methodology. So I wasn’t too surprised when a user forwarded me a somewhat exasperated-sounding note from Shirt Pocket software explaining why SD doesn’t pass BB’s FIFO and device file tests. I won’t paste the note in here, since I feel that would be poor form, but I will pass along their rationale for not copying these files. They feel that FIFOs and device files are normally system-created files that are not meant to be preserved across reboots or backups. For that reason, SD doesn’t back up these filesystem object types at all. One can understand how Shirt Pocket arrived at this policy. Writing a good system-level backup tool is more subtle than it might appear. There are actually parts of the filesystem that you don’t want to back up, like caches, VM files, and so forth. You don’t want to back up the device files under `/dev`, since those get created dynamically depending on what devices are attached. In short, there are some parts of the filesystem that are tied to the state of the running system, and these should not normally be copied in a backup. The problem with Shirt Pocket’s policy is that although it is certainly true that the system-created FIFOs and device files should not be copied in a system-level backup, there are legitimate reasons a user might create FIFOs or device files, and there’s every reason to preserve those user-created objects during a backup. Don’t get me wrong — this is obscure stuff that only advanced UNIX hackers would do, but hey, advanced UNIX hackers need reliable backups too! SD’s policy is, IMHO, overly broad. I would be much more comfortable if SD excluded filesystem locations rather than entire classes of filesystem objects. The Shirt Pocket letter also accused BB of being “rather misleading to most” on this issue because it makes people worry about something that won’t cause them any problems. Although I vehemently disagree with the “misleading” characterization, I agree that not every BB test is equally important in practical terms. Most end-users will absolutely not care that tool X doesn’t backup FIFOs. This is why BB has always had a prioritization feature. Quoting from the usage string of bbouncer: -T <set> Use the given set of tests. <set> can be either "critical", for tests whose failure will cause problems for average users, or "important", for tests whose failure may not cause problems for many users, but which may be important to power-users or may qualify as critical in the future. The FIFO/device file tests are not included in either the “critical” or “important” set of tests. So I’m saying (and have always said) that most users, even most power users, won’t care about them. So why test for them at all? Consider the situation before Maurits’ blogged on backups and BB existed. Most people, myself included, didn’t even know what the full set of OS X filesystem object types and metadata was. Maurits filled us in on what existed, but knowing how to test for preservation was still a black art. BB was meant to democratize that testing, but also to act as an exhaustive test set. (I don’t claim to have achieved even close to 100% coverage, but that’s the goal.) So it’s important to me that BB include tests for any metadatum or filesystem object that can conceivably have a reason to be backed up. Having said that, I’ll concede there’s a usability bug here. The -T option is unlikely to be discovered by casual users, and they’re the ones who need it most! It’s not used by `autopilot` and it’s not even documented in the README. So I think I’ll be making the following changes: I’ll document -T more pervasively I’ll have the priority of a test appear in BB’s output I’ll have BB default to running in “important” mode, changing the exhaustive mode to an opt-in option Hopefully this will help prevent confusion for casual users and ease the support burden of tool developers while maintaining BB’s goals of providing easy backup tool validation and exhaustive test coverage. June 2nd, 2008 [Projects/Backup-Bouncer • Apple/OS X] permalink TB « WTF is MIPSEL? :: More Backup Bouncer » Comments: 1. Dave Nanian replies: Nate – To clarify what I said to our mutual user: This particular part of Backup Bouncer’s ‘testing’ is rather misleading to most, especially those who generally don’t even know what these types of files do, or how they’re used… always a worry when someone starts standardizing a test. I wasn’t attempting to say that you were being misleading at all. Rather, the “flat” nature of the test results being passed along were being misinterpreted because they’re “weighted” the same in presentation. Unlike much metadata, ACLs, etc, FIFOs and local devices are typically recreated after each boot - FIFOs, especially, are generally created at application startup time for cross-program communication. It seemed sensible to not copy them since their content wasn’t really relevant. So the “failure” would generally not have any effect even if a user created their own FIFOs. But, as I also said to this user: That said, we’ve don’t want people to be concerned about these particular types of files if they do run Backup Bouncer and don’t understand what they’re really looking at, and as such we have a bug reported against this and hope to address it in a future release. We reported this bug — really a design choice — against the cloner back when Backup Bouncer was originally written (in fact, I emailed you about it at that time), and it’s due to be fixed in the next release. I hope that’s clearer, and thanks for writing Backup Bouncer. June 2nd, 2008 at 3:58 pm 2. n8 replies: Hi Dave, Thanks for the comment. I do remember our conversation about this issue back when BB was first released, and one of the reasons for making this post was to give developers like you a place to point users who worry about the results of these non-critical BB tests. As I said, I admit that the presentation is potentially confusing. The term “misleading” rubbed me the wrong way, but I understood the point you were making. Sometimes a little information is a dangerous thing. As for the SD FIFO/device policy (notice I never called it a bug), I’m glad to hear you’re planning on changing it. I’ll gladly agree that only BB users will probably notice the change, but it’s encouraging to know that if I `mkfifo foo` then `foo` will be preserved in my backups. It’s a nitpick, but you might as well pick that nit. June 4th, 2008 at 9:34 am 3. n8gray.org: More Backup Bouncer replies: [...] print the “priority” of a test along with its outcome, which hopefully should clear up some confusion among less experienced users. On a tip from Patrick Power I’ve added a new test that combines [...] June 9th, 2008 at 4:12 pm 4. Joe’s Amazing Technicolor Weblog » Blog Archive » the stable rdiff-backup is not looking so hot for metadata on OS X replies: [...] bunch of things being tested by bbouncer that may or may not be of interest to the average user. A recent post by the author points out that bbouncer has a -T flag for indicating which level of paranoia to run at. Rerunning [...] June 10th, 2008 at 11:47 am Leave a Comment Name (required) Mail (will not be published) (required) Website XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> Notify me of followup comments via e-mail Please type this word with the letters reversed: live