Thursday, January 4, 2007

Disk Backup that Just Works

When was the last time you backed up your hard drive? Almost nobody does. I never did until my disk crashed containing a) all my financial records and b) all of my daughters' baby pictures, and it cost me $1500 to have it recovered. I then did what everyone else does who loses his data – bought a backup program and a network drive, ran it two or three times, then forgot all of my virtuous resolutions and ignored it; just as I did with my gym membership.

I first tried Genie Home edition, which had won a PC Magazine editors' choice award. I knew right away that I'd made a bad choice when I saw the following dialog box at installation:

This is a product whose designers consider Easy to be the opposite of Normal. It reminds me of the Three Stooges comedy short No Census, No Feeling (1940), in which Moe asks a man, "Are you married, or happy?" And they make "not easy" the default choice. Not the right product for me.

Genie offers many, many choices, as shown here:

It is immensely powerful. It can do almost anything one might ever want to do with backup. But this flexibility is not what home users, small business users, and arguably many large business users need or want. They want to be safe, but not so badly that they'll think about it or lift a finger to do it. And they shouldn't have to.

Like seat belts or birth control, disk backup schemes only work if you use them. Therefore the right method for you is not the one that works best in the laboratory, but the one that impinges on your lifestyle the least so that you actually do use it. Since backup programs require thought to set up, and then effort to use, no one ever does it. We all have a "hierarchy of needs", as one of my students once described it, and any given disk backup ranks low in that hierarchy. It's really, really easy to let this one slide, because it doesn't bite you TODAY, and lots of other stuff does. They (and I, and probably you, too) need disk backup that Just Works.

Such a program is Carbonite automatic online disk backup ( (Note: I have no business relationship with Carbonite other than as a satisfied customer. Another product called Mozy does similar things. I haven't used it, but Walter Mossberg liked both products in a recent review.) You download and install a program which runs in the background whenever your system is running. Every time a data file changes, Carbonite waits 10 minutes to see if it'll change again, then automatically sends the file over your broadband connection to its backup server. You don't have to think at all, or touch anything. It's completely fire-and-forget. Compare the Genie screen shown above with Carbonite's status screen here. Which would you rather see?

Carbonite does the things that most users care about most of the time – protects against disk crashes, or your machine getting lost or stolen. It stores the backed-up data off your site to protect it against fire or disaster, and keeps files for a month after you delete them from your hard drive to protect against accidental deletion. If you lose data (WHEN you lose data, the Second Law of Thermodynamics guarantees that you will), you restore it through the Windows Explorer. It costs $50 / year for unlimited storage, so you don't have to think about the size of your backup data (mine's about 13 gigabytes).

Carbonite omits the features that few users care about, and the product is much more reliable and easy to use as a result. Its option screen is shown in the following picture, and you can see that there aren't many:

I consider this absence of frills to be a very attractive feature. You can't, for example, schedule Carbonite to run at particular times. There's no need, because it's always sitting in the background, backing up changed files as soon as it can. You can't easily get it to back up your program files or system registry unless you go digging. Again, that's not what most people care about most of the time. If you lose your data, you have probably lost your whole disk, in which case you are better off with a clean install of programs from their sources. Your data, like my daughters' baby pictures, can't be replaced by a commercial vendor. Carbonite won't back up any file larger than 4 gigabytes, but few users have files that large (about 7 CDs worth in a single file; we're talking full-length full-size movie here.) It only keeps deleted files for a month, and doesn't keep multiple versions of a file, only the most recent. To my mind, adding these so-called features would detract from its main benefit – protection against the primary hazards (hardware failure, loss, or theft; site disaster; inadvertent deletion) with exactly zero thought or effort.

Developers ask me, "My sales people will laugh in my face if I send them out without a list of features as long as my arm, like Genie has. How the hell can I give them something that Just Works?" That's looking at the problem exactly backwards. Your user isn't you. What home user, what small business administrator, and even how many enterprise-scale administrators could turn down the sales pitch, "Write me a check, then scratch 'disk backup' off your to-do list forever. Or at least until next year, when you spend five minutes to write me another check, then go back to ignoring me." None, none, and not many.

Carbonite is the best example I've found so far of a good, useful program that Just Works. We need more programs to work this way. Send me your examples, good or bad, so I can trumpet them from the rooftops.


A Elmhorst said...


I've just run across your work and I'm fascinated with it. I'm a software engineer and I've had some very strong feelings about how poorly the computer industry in general is treating consumers. I haven't read your book yet, but I plan to.

One of the biggest areas of concern for me is how lackadaisical the industry has been towards spam. Rather than solving the problem, they've been introducing band-aid after band-aid. And after all this time, there is still no solution, just band-aids, and consumers are still using email as it existed 15 years ago because the industry is too scared to move forward with a new standard that would fix it!

Have you ever considered that a consumer advocate group should be formed to start speaking out to the industry on just how bad it is?

hendrixski said...

I like how at the end you pointed out that salesmen give undue pressure to add useless features to a program just for it to have a "list of features as long as my arm". Will we see a sequel to "why software sucks" about things non-developers do to make software useless?

That's why I think Open Office is better than Microsoft Office because it doesn't have a list of useless features that some salesman thought were brilliant, but users could care less for. Open Office doesn't have a sales force as far as I know. It just does the stuff you need it to do, and it's easy to find the button that does it for you. I just works!

AdamDZ said...

While I agree that most backup solutions are not easy and straightforward I would never resort to using an on-line backup system when all my files are copied to some 3rd party server. I wouldn't trust anyone with my files no matter what their fine print says. Not to mention that most broadband upload speeds still suck and it'd take days to backup my digital photographs, for instance.

David S Platt said...

Andy, that was my thought in writing the book and starting this blog -- we'll make this a movement. Use the contact link on the main blog page and send me email if you'd like to discuss it further.

Adam, you may be paranoid about people snooping on you, and I won't say that you're wrong. But I will say that for most people, the online backup that actually does get done is infinitely preferable to the private, safer, one that does not. And I think you would find the performance adequate for most people, even casual still photographers, though probably not videographers and maybe not professional photogs. The usual cable modem upload speed of 400k bits/sec would transmit a 1 MByte picture in 20 seconds, three of them per minute, 180/hr or a thousand-plus overnight. And then they rarely change, so you don't have to transmit them again, and you probably wouldn't do it every day. You'd have to shoot a lot before you bumped your head on that. And also, as I've been saying, allowing edge cases to dictate the functionality of mainstream apps is one way this trouble gets started.

Best to everyone, Dave

JB said...

"what small business administrator, and even how many enterprise-scale administrators could turn down the sales pitch, "Write me a check, then scratch 'disk backup' off your to-do list forever. Or at least until next year, when you spend five minutes to write me another check, then go back to ignoring me." None, none, and not many."

Boy, did you miss the boat on this one. What business, regardless of size, would want to have their corporate data stored off site entrusted to another company, especially for $50 per year???? What are the risks of your data being accessed by a rogue employee? By a hacker? Accidentally through software malfunction? With privacy laws as they are today, I would be extremely surprised if any company went that route. When the Chief Information Officer comes asking where the backups are and you tell them you implemented a backup solution where it's stored offsite. Where exactly you aren't certain, and what security measures they have in place you don't know. But hey, it was only $50 per year and I could forget about it!!" To which the CIO would reply "You can also forget about your job!!"

Security and usability are at opposite ends of the spectrum. The easier it is, the less secure it likely is. The more secure it is, the less user friendly it likely is.

Your narrow views on what software should be like meets your needs. Great, seek out what meets your needs. But don't try and preach that everybody should be marching to your beat.

Through simple social engineering one could find out other companies who have their data backed up there. "I'm interested in your product. I sell widgets. Can you provide me with some of your happy customers who also sell widgets so that I can evaluate how well it meets the needs of other widget vendors. Next find an employee willing to part with information for a price. You now have your competition's customer database, accounting information, whatever.

If their server is compromised, who is responsible for notifying your customers pursuant to privacy laws? Are they required to notify you?

As a home user, I don't want my tax returns, scans of personal documents, resume, whatever stored somewhere out of my control unless I had everything encrypted at my end before it even went across the wire.

Paranoid? I call it being safe, realistic, and compliant with privacy laws.

Your advice crosses the line when you recommend this solution for the corporate world. And even for home users, it should come with a notice of potential privacy issues arising from this solution.

You are obviously not qualified to recommend software solutions in any professional capacity.

"This program works great for me. The risks are that your private data is stored on a server somewhere out there and it could get compromised. If you can live with that, this might very well be a backup solution for you."

I could go on and on about this and the article from Yahoo! that brought me here (it was posted to Fedora's listserv hence why I read it). That article can also be ripped apart pretty good because again you are advocating that all software should be designed such that it meets your needs perfectly. But your needs aren't the same as mine, or the same as the graphics artist, or the accountant, or the librarian, or the mechanic, or ...

Take a different approach next time. "These are my needs.... If your needs are similar to mine, here is what I recommend that has worked well for me."

JB said...

I just visited their site and to their credit they state that your data is encrypted before it goes across the wire so their employees can't see it. They do say "Employees of Carbonite cannot see your backed up data; however, Carbonite does store a copy of your decryption key in a secure location, so that you can retrieve your data if you forget your password."

So it is encrypted. But any employee that knows where to get the decryption key can get access to your data.

I'm not suggesting that Carbonite as a company is not to be trusted, nor any of their employees. I am saying that in a corporate environment, that is not an acceptable level of risk. For a home user it may very well be. That's an individual decision.

Now if they provided a corporate version of their software with more features (ahh, now we see why software comes with more features than you need, because others have different needs) which allowed you to set up your own server offsite where you'd run a server version of their software there, and the client version of the software on your company machines then you'd be able to backup offsite to your own trusted equipment.

You like "It just works". Sometimes I also like that. But not in all cases. Same applies to other consumers out there.

Advocate a scaled down version of an application that "just works" for those who want it (at a reduced price perhaps). Or seek out alternatives that meet your specific needs (and others who share your needs). That would be a much better approach to take than jumping all over software that does a lot more than what "you" need so they should strip all that useless stuff out so that it meets your needs. The needs of others is unimportant based on the position you are taking.

Sakimori said...

"When was the last time you backed up your hard drive? Almost nobody does."

Either you have made an incorrect assumption or you have been misinformed. While I would certainly have a hard time arguing that *most* people back up their data, even a cursory glance at the world around me and the environment in which I work tells me that a large number of businesses know the importance of backing up their data regularly; likewise, a good number of casual users make a habit of backing up whatever important data they keep on their home computer(s) -- be it a manual process or fully automated, onto a flash drive or a CD/DVD, regularly or sporadically.

While I'm sure these people and businesses are but a minority of the world's computer users, I think it's hardly fair to disregard them altogether simply because they make up a small portion of the total population. Give some credit to those of us who *do* back up our files.


"[Genie Backup manager, Home Edition] is a product whose designers consider Easy to be the opposite of Normal."

I suppose these two options could just as easily have been labeled "Layout for people who might care *where* their backed up data goes, *what* exactly it is they want to back up, and *when* exactly they would like this process to take place" and "Layout for people who want us to make these decisions for them".

This is akin to walking into a restaurant and being asked if you would like the "normal menu" or the "easy menu". The former ("normal") menu would contain exquisitely-worded descriptions of the restaurant's many dishes (substitutions allowed, of course), their prices, and a surprisingly large selection of soft drinks, wines, and freshly-squeezed juices. The latter ("easy") menu would consist of a cartoonishly-drawn chicken, a cow, and a fish, below them a "selection" of drinks -- a glass of water and a non-descript beer can; your waiter then asks you (in the least condescending tone he can muster) to please point to one animal and one drink, at which point he nods, abruptly rips the menu from your hands, and retreats into the kitchen without a word.

You see, "Normal Layout" is the default selection not because the designers want to give you a hard time, but because they appreciate your purchase of their product, they respect you as a customer, and they realize it would be unfair to simply assume that you are anything but normal, because while the "Easy Layout" may in fact be easier to use, it only carries that name because it would reflect poorly on the good folks at Genie-Soft if they had named it for what it actually is: "Idiot Mode".


"... flexibility is not what home users, small business users, and arguably many large business users need or want. They want to be safe, but not so badly that they'll think about it or lift a finger to do it."

I am a home user. I want flexibility... I *need* it. I want to be safe, and I want it badly enough that I think about it and will (on occasion) go as far as to lift a finger to do it. My data is important to me, and backing it up in a controlled fashion (this requires a tool that is flexible) is part of what I do to secure it against hardware malfunctions and software-based attacks.

I would like to think I am not alone on this, but will refrain from claiming to know exactly what "home users, small business users, and ... large business users need or want", as it would be presumptuous of me to make any such claim.


As for your comments on Carbonite...

Even after setting aside any security concerns, accountability issues, and the fact that this backup system serves only as a running mirror of your current file set (which has both advantages and disadvantages), I can't help but make a few observations of my own (with all apologies to the good folks at Carbonite):

I should note that while some may consider it very attractive that the program lacks frills and does not allow you to perform some tasks unless you "go digging", these are both characteristic of the "let's make the users jump through hoops to do what they want" design mentality. This almost always leads to poor design and is best avoided. Do not make your software more accessible to the casual user at the expense of your normal/heavy/power users!

I also notice that the program's interface is mostly graphical and must therefore be driven by use of a mouse or other pointing device. I see no keyboard shortcuts for any checkboxes or buttons, and this means some physically disabled users may not be able to use the program (or will have an unnecessarily-difficult time doing so). This is poor design and is best avoided. But then again, I guess it doesn't really matter... because "almost nobody" is physically disabled.


Mr. Platt,

Software that "just works" is great, but certain tasks should not be dumbed down to the point where you lose control over the process. Suggesting that developers should tailor their programs after the simplest of tools is irresponsible, as it misleads them into thinking that they don't need to bother with the extra "frills" and that we *like* to jump through hoops, which is simply not the case. Consider this: if a program contains some obscure feature that you don't need, you can choose to not use it; if a program does *not* contain some obscure feature that I *do* need, I'm just plain out of luck and there's nothing I can do about it. What you're doing is asking developers to take away our tools.

For what it's worth, I do not now nor have I ever worked for any software company; I am merely a computer user with some (albeit not much) common sense.

-- Sakimori

BlakeyRat said...

My "solution" to the backup problem is to use a RAID-0 setup in my computer. Sure, it's nothing a neophyte would think of or use, but at least that way my files are safe in case of a disk failure. Unless both disks happen to fail at the exact same time.

The beauty of course is that once it's set up, there's absolutely no thought involved whatsoever. It just works invisibly in the background whenever you save anything.

The downside is that it doesn't protect against a home fire, or a thief stealing the computer, or your cat jumping on the keyboard and deleting a file.

JB said...

I imagine you mean Raid 1? Raid 0 simply spans across drives to make one big one. Raid 1 is a mirrored drive.

Sid said...

If carbonite does not keep multiple versions of files, what happens when a virus infects my computer and replaces all my .jpg files with copies of itself, and 10 minutes later, carbonite replaces all my backed up pictures with the 'most recent version' that is just an infected file, thus flushing all my backups down the toilet.

Mike said...

"Consider this: if a program contains some obscure feature that you don't need, you can choose to not use it; if a program does *not* contain some obscure feature that I *do* need, I'm just plain out of luck and there's nothing I can do about it. What you're doing is asking developers to take away our tools."

This is true, but it isn't the whole truth, because the addition of obscure features isn't free: it costs developers time and detracts from the more frequently-used features, and it distracts users who don't need the obscure features. Furthermore, the truth is that in most cases even you can get along just fine without those obscure features.

David, I think you're right on about your assumption that most home users and some business users prefer ease of use to flexibility. I laugh now that I've written it: it's almost self-evident.

When developing software, it's vitally important to keep in mind who your audience is. Software like Carbonite solves a problem that all computer users have and then decides to target non-technical home users, so it assumes that its users will value their time more than the amount of control they have over a system backup. But you'll never hear someone say "It Just Works" of software like AutoCAD; it might be elegant and usable, but it can't be oversimplified, because the target audience demands flexibility and control.

Suckbusters isn't about power users, and it isn't about domain-specific software: it's about common computer users, and it's about people who want to get things done more than they want to figure out how to do them in the best possible way. I think it's safe to assume that most people who use computers value software that Just Works over having an extra degree of flexibility. David's making himself their advocate.

John Hermanson said...

Quoting Mike: "I think it's safe to assume that most people who use computers value software that Just Works over having an extra degree of flexibility. David's making himself their advocate."

But no one has answered Simon (posted January 5, 2007 6:05 PM). what about when "Just Works", doesn't?

Let's be honest here, there is a certain level of competence required of users of all sorts of things. For example, a person needs to demonstrate a certain level of understanding of the basic rules of the road and laws of their state to be licensed to drive a car. Just what level of ignorance should a programmer be required to develop to?

David Fried said...

I have a small business (I'm a lawyer), I use Carbonite, and I'm thrilled with it for all the reasons that David says. What exactly are these privacy laws that these non-lawyers are worried about, and what exactly are they afraid of? Lawsuits? I back up my data on Carbonite, recommended by my professional computer guru Tony. (and David). I'm not negligent whatever may happen. Just sue Tony (and David.)

And no one, but no one, is going to hack Carbonite looking specifically either for my data or my clients'. They're small fry, and so am I. When I'm running a multi-million dollar firm, with great corporate clients (and I hope I never do), then I'll worry about the theoretical risks everyone is describing.

But I do see the psychological problem. Ever since I installed Carbonite I have occasionally thought "it can't be this easy, can it? Who are these people, and how do I know they're even doing anything?" It's possible Carbonite would sell even more copies if they would make it look just a little more complicated, and create some small illusion of user control, or pop up every time you turn the computer on with the message "We're still here, and since yesterday we have backed up 242 changed files totalling. . . "

David also mentioned Quicken. Quickbooks 2006 is even better. It took me a while to understand that Quickbooks not only does not require me to think like a programmer--I don't even need to think like a bookkeeper. Follow the flow-chart on the home page, and never even think the words "credit" and "debit," or worry about where anything should be posted. That's what the program is for. But it took me a while to trust the program, just as it took me years to trust Turbotax. There too, the secret is don't think like an accountant or a tax lawyer, just answer the questions. (In my experience, btw, this is only true for the Fed. version. I've seen the state versions do some exceedingly peculiar things over the years.)

The antithesis of all this, of course is Microsoft Word. As a lawyer, I am essentially a professional writer, and Word is simply the bane of my existence and the greatest single drag on my productivity there is. I have used it for years and still cannot do a fraction of the things I used to accomplish routinely on WordPerfect 6.1 in the dear dead days of 1995.

David said...

I'm really enjoying your blog, but I'd like to raise a point about Carbonite. Note that I'm a Carbonite user, and I like it for almost all the reasons you cite; but there's a big HOWEVER.

Carbonite doesn't normally back up certain image formats (like JPG, I believe), and it took some spelunking to make it back them up.

It also doesn't back up certain music formats (like iTunes files), and I still haven't figured out how to make it back them up.

Since pictures and music are two of the three categories of "my stuff" that I care about most (the third being documents, of course), the spelunking required to back up pictures and (so far) the refusal to back up some music seems contrary to your definition of Software That Just Works.

As a result, I also own and use the kind of feature-rich, complex backup software that I've scheduled to run long as I remember to leave my computer on late enough.