Apple are pushing us away from install recovery (and continue working) provided by bootable backup to one where we reinstall macOS and recover everything else from backup.
The only scenario I care about for bootable backup is in case of drive failure I have something critical and need access to system and data, and thus would boot off of external media (ATA hard drive in USB toaster) in order to get some task done.
Since my primary machine is an iMac, the fix would have to be getting it to Apple for repair and a wait of at least several days. Assuming only the SSD failed, I might be able to get quick access by booting from USB or else doing so on a replacement iMac.
I might not want to take hours (or even an hour) to install the OS before being up and running, if only at a performance penalty and temporarily.
you should be looking at backup of your databases with a database specific product which can then if required be included in your backup operations. The same thing applies to virtual machines.
You're right. Each DB has tools available to take a snapshot using the DBs own snapshot system, so write that to the filesystem first. So, I (ideally) need a backup solution with before/after hooks.
Fortunately, I wouldn't normally have any very large database. It would only be some test data set.
Does building software yourself really make it more secure? Assuming you do have the required skills, do you have the time to go over every line in the code to discover vulnerabilities.
If you really want open source (because you can build it yourself) then your should be using an open source operating system, not macOS or Windows. And do you build your own Linux from source?
It insures that it corresponds as built to the source I might be looking at. (Since I trust the compiler and other build tools...)
"reproducible build" is I realize thorny, and something that is in various stages of development by several crypto wallet, messaging (Threema, Signal), and even Covid exposure (Dutch one seems to have achieved it?) apps.
Git can validate that source is the same for multiple builders, at least.
No, I'm not going to examine every line of code. But if the app is popular enough, perhaps security researchers have poked and prodded and commented publicly.
No, I don't build my own Linux from source. But I like that I could, and that others have. I do build the mobile app platform I use to write apps from source. I suppose more for debugging. I'm very familiar with it's innards, I do sometimes trace into the platform code or even modify to add my own logging or contribute back some fix or feature. I will also look at source when documentation is unclear. I need to know the source I am looking at corresponds to what I am running.
I realize some pooh-pooh the notion that open source enhances security through the potential for open examination. I'm on the side of the fence without the poo.
Main reason I think is that it's possible to fix things myself. In a backup system, that just might come in VERY handy! If I have enough motivation, and there is a bug that prevents me from retrieving data that I need, I have the power to fix it.
Yes, ARQ has an open data standard, and there IS an open-source restorer, so there's that.
requiring both free and open source you are restricting yourself
Open source but not free is OK. Hard to imagine an acceptible enforcement mechanism, other than threat of legal action. Any technical enforcement solution puts control over ability to use in somebody else's hands.
