With anything related to security it is virtually impossible to anticipate every single scenario in advance, and this gives attackers an advantage. If you do not use JWT, you are essentially betting on your solution being smarter than people hired specifically to create a secure authentication and authorization system.

The article recommends “just using a ‘normal’ opaque session token and storing it in the database”. That is certainly easier to implement and understand: just create a random string, and check that the user sends the correct string. What could go wrong? …

A user recently asked for an overview of Duplicati from a security perspective. Because this information isn’t currently documented in one place, I’m sharing a version of that overview here to explain the different components that make up Duplicati, and why they were chosen to provide maximal safeguards.

But first, some context:

How traditional backups usually work

A traditional backup is typically created by making an initial full copy of the files. This first backup takes up a lot of space and is problematic for storage over the internet, with limited bandwidth.

The trouble with incremental backups

To save on storage of subsequent backups, most systems rely on incremental backups after that initial backup. Rather than …

Duplicati Quarterly Update

It has now been 3 months since Duplicati Inc was created and it has been a wild ride already. I would like to highlight some of the key achievements we have made in that short timespan.

A new open-source beta release

It is always a big effort to get to a new release. Besides the development effort and coordination, there is always a high level of community involvement, testing a variety of configurations and choices that are not feasible to have in the test setup. During the first quarter we rolled up a year’s worth of community efforts into a new beta release!

New website

The Duplicati website has been based on a free template and has served as the face of Duplicati for several years. But the design looked quite dated, so …

I promised myself I would never write a file format without a version field, but here we are.

As part of upgrading Duplicati to .NET8, I discovered that the updater manifest file for Duplicati pointed to the “one golden zip file” that was used with .NET4. With .NET8 there is no golden zip file since we have different versions for each operating system, so I had to rework the contents of the file in an incompatible way. This presented a couple of problems:

• After trying to just enter the new content, I realized the key-length was too short and the file format didn’t support changing the key size.

• Worse: This was the first time I had to update the file format, and I realized there was no version field.

Duplicati is a free and open source backup client that securely stores encrypted, incremental, compressed backups on cloud storage services and remote file servers. I’ve worked on the project for 15 years, along with over 100 contributors, but for various life reasons have had less time to dedicate to the project in the last few years. PRs have been taking longer to get merged, and bigger changes (like upgrading to .NET 8) were dragging.

In March, I announced the formation of Duplicati, Inc, an open core company building on top of the open source project. This development means I can dedicate more time to the project and hire developers to work on improvements and add to the project’s velocity. One of the first major improvements I wanted to make is upgrading the project to .NET 8.

Open Core Ventures proudly announces the launch of Duplicati Inc., an enterprise-grade data security built on the Duplicati open source backup solution. With recent funding, founder Kenneth Skovhede aims to elevate Duplicati from a personal backup tool to a robust enterprise solution. In a world where cyber threats are ever-increasing and cloud costs are soaring, Duplicati stands out with its zero trust, fully encrypted approach, giving users complete control over their data security. As businesses re-evaluate their security strategies, Duplicati offers a uniquely flexible and secure backup option, ready to meet the diverse needs of modern enterprises and technology service providers.

We’re excited to announce the launch of a our first commercial feature designed to make it easier to setup and manage your Duplicati backups: the Duplicati Portal. app.duplicati.com

Our goal is to make it as easy as possible to monitor and manage for your Duplicati backups particularly for people backing up multiple customers, production databases, and critical business data.

What is the Duplicati Portal?

The Duplicati Portal is a centralized, cloud-based solution that allows you to monitor and manage your backups across multiple devices and environments. With this new tool, you can easily access detailed information about your backups, manage backup configurations, and monitor backup health from anywhere, at any time…

As part of launching the new company we are hitting many milestones and having a tremendous momentum. Unlike most of the achievements, the launch of our new Duplicati website is a very visual milestone.

The original site was developed using a Github starter template, and refined with the help of contributors to communicate the core values of the project. While the values of the Duplicati Open Source project have not changed, good website design …

It is my pleasure to introduce the newly formed Duplicati company!

I have worked on Duplicati for over 15 years, but it has always been a side project that I spent my spare time on. The project has grown quite a lot with millions of backups running each month and a vibrant user community that found a home with the introduction of the forum. Naturally, the project has also attracted many voluntary contributors, and it would not be half as good without the massive contributions…