News
Get the latest news and updates from our team.
Jul 9, 2024
Why use JWT for authentication tokens (hint: it’s not performance)
With anything related to security it is virtually impossible to anticipate every single scenario in advance, and this gives attackers an advantage. If you do not use JWT, you are essentially betting on your solution being smarter than people hired specifically to create a secure authentication and authorization system.
The article recommends “just using a ‘normal’ opaque session token and storing it in the database”. That is certainly easier to implement and understand: just create a random string, and check that the user sends the correct string. What could go wrong? …
Jun 19, 2024
Secure by design: Using hashing and encryption to provide tamper-resistant, verifiable backups
A user recently asked for an overview of Duplicati from a security perspective. Because this information isn’t currently documented in one place, I’m sharing a version of that overview here to explain the different components that make up Duplicati, and why they were chosen to provide maximal safeguards.
But first, some context:
How traditional backups usually work
A traditional backup is typically created by making an initial full copy of the files. This first backup takes up a lot of space and is problematic for storage over the internet, with limited bandwidth.
The trouble with incremental backups
To save on storage of subsequent backups, most systems rely on incremental backups after that initial backup. Rather than …
Jun 9, 2024
Duplicati Quarterly Update
Duplicati Quarterly Update
It has now been 3 months since Duplicati Inc was created and it has been a wild ride already. I would like to highlight some of the key achievements we have made in that short timespan.
A new open-source beta release
It is always a big effort to get to a new release. Besides the development effort and coordination, there is always a high level of community involvement, testing a variety of configurations and choices that are not feasible to have in the test setup. During the first quarter we rolled up a year’s worth of community efforts into a new beta release!
New website
The Duplicati website has been based on a free template and has served as the face of Duplicati for several years. But the design looked quite dated, so …
May 30, 2024
Securing a JSON file with a hidden signature
I promised myself I would never write a file format without a version field, but here we are.
As part of upgrading Duplicati to .NET8, I discovered that the updater manifest file for Duplicati pointed to the “one golden zip file” that was used with .NET4. With .NET8 there is no golden zip file since we have different versions for each operating system, so I had to rework the contents of the file in an incompatible way. This presented a couple of problems:
After trying to just enter the new content, I realized the key-length was too short and the file format didn’t support changing the key size.
Worse: This was the first time I had to update the file format, and I realized there was no version field.
May 21, 2024
Migrating from .NET 4 to .NET 8 in 300+ commits
Duplicati is a free and open source backup client that securely stores encrypted, incremental, compressed backups on cloud storage services and remote file servers. I’ve worked on the project for 15 years, along with over 100 contributors, but for various life reasons have had less time to dedicate to the project in the last few years. PRs have been taking longer to get merged, and bigger changes (like upgrading to .NET 8) were dragging.
In March, I announced the formation of Duplicati, Inc, an open core company building on top of the open source project. This development means I can dedicate more time to the project and hire developers to work on improvements and add to the project’s velocity. One of the first major improvements I wanted to make is upgrading the project to .NET 8.
May 13, 2024
Open Core Ventures Announces Duplicati Inc Launch
Open Core Ventures proudly announces the launch of Duplicati Inc., an enterprise-grade data security built on the Duplicati open source backup solution. With recent funding, founder Kenneth Skovhede aims to elevate Duplicati from a personal backup tool to a robust enterprise solution. In a world where cyber threats are ever-increasing and cloud costs are soaring, Duplicati stands out with its zero trust, fully encrypted approach, giving users complete control over their data security. As businesses re-evaluate their security strategies, Duplicati offers a uniquely flexible and secure backup option, ready to meet the diverse needs of modern enterprises and technology service providers.
May 2, 2024
Introducing the Duplicati Portal: Your New Hub for Cloud-Based Backup Monitoring and Management
We’re excited to announce the launch of a our first commercial feature designed to make it easier to setup and manage your Duplicati backups: the Duplicati Portal. app.duplicati.com
Our goal is to make it as easy as possible to monitor and manage for your Duplicati backups particularly for people backing up multiple customers, production databases, and critical business data.
What is the Duplicati Portal?
The Duplicati Portal is a centralized, cloud-based solution that allows you to monitor and manage your backups across multiple devices and environments. With this new tool, you can easily access detailed information about your backups, manage backup configurations, and monitor backup health from anywhere, at any time…
Apr 30, 2024
Introducing the new Duplicati website
As part of launching the new company we are hitting many milestones and having a tremendous momentum. Unlike most of the achievements, the launch of our new Duplicati website is a very visual milestone.
The original site was developed using a Github starter template, and refined with the help of contributors to communicate the core values of the project. While the values of the Duplicati Open Source project have not changed, good website design …
Mar 1, 2024
Introducing Duplicati, Inc.
It is my pleasure to introduce the newly formed Duplicati company!
I have worked on Duplicati for over 15 years, but it has always been a side project that I spent my spare time on. The project has grown quite a lot with millions of backups running each month and a vibrant user community that found a home with the introduction of the forum. Naturally, the project has also attracted many voluntary contributors, and it would not be half as good without the massive contributions…