Je quitte Fecalbook pour la seconde et dernière fois. Cette plateforme est devenue comme Tweeter: un cesspool d’avis divergents ou personne ne s’écoute. Même leurs dirigeants en interdisent l’accès a leurs enfants!
Yearly Archives: 2020
How To Install Pi-Hole DNS Ad blocker
Pi-hole a Network-wide DNS Ad-Blocker aka A black hole for Internet advertisements. Primarily developed for Raspberry Pi and ported to Linux, it’s lightweight. Just like pixelserv (man-in-the-middle https DNS Ad-Blocker), it is also a DNS server.
Read more: How To Install Pi-Hole DNS Ad blocker1. Install a supported operating system
You can run Pi-hole in a container, or deploy it directly to a supported operating system via their automated installer.
Pi-hole Supported Linux distros:
| Distribution | Release | Architecture |
|---|---|---|
| Raspbian | Stretch / Buster | ARM |
| Ubuntu | 16.x / 18.x | ARM / x86_64 |
| Debian | 9 / 10 | ARM / x86_64 / i386 |
| Fedora | 28 / 29 | ARM / x86_64 |
| CentOS | 7 | x86_64 |
Warning:
If you happen to have another DNS server running such as BIND, you will need to turn it off in order for Pi-hole to respond to DNS queries.
If you happen to have another DNS server running such as BIND, you will need to turn it off in order for Pi-hole to respond to DNS queries.
Ubuntu users: This is compatible with systemd-resolve (on AWS, it’s listening on 127.0.0.53 so it does not interfere with Pi-Hole).
2. Install Pi-hole
Their automated installer asks you a few questions and then sets everything up for you. Once complete, move onto step 3.
One-step install:
curl -sSL https://install.pi-hole.net | bash
The installer is interactive.
- DNS: choose Cloudflare (fastest) or Quad9 (Secure)
- Privacy Mode for FTL: Using privacy levels you can specify which level of detail you want to see in your Pi-hole statistics. This question happens only when you choose to install the web admin interface.
Auto-Update and Cron jobs
Cron jobs are created by the installer:
cat /etc/cron.d/pihole # Pi-hole: A black hole for Internet advertisements # (c) 2017 Pi-hole, LLC (https://pi-hole.net) # Network-wide ad blocking via your own hardware. # # Updates ad sources every week # # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. # # # # This file is under source-control of the Pi-hole installation and update # scripts, any changes made to this file will be overwritten when the softare # is updated or re-installed. Please make any changes to the appropriate crontab # or other cron file snippets. # Pi-hole: Update the ad sources once a week on Sunday at a random time in the # early morning. Download any updates from the adlists # Squash output to log, then splat the log to stdout on error to allow for # standard crontab job error handling. 51 3 * * 7 root PATH="$PATH:/usr/local/bin/" pihole updateGravity >/var/log/pihole_updateGravity.log || cat /var/log/pihole_updateGravity.log # Pi-hole: Flush the log daily at 00:00 # The flush script will use logrotate if available # parameter "once": logrotate only once (default is twice) # parameter "quiet": don't print messages 00 00 * * * root PATH="$PATH:/usr/local/bin/" pihole flush once quiet @reboot root /usr/sbin/logrotate /etc/pihole/logrotate # Pi-hole: Grab local version and branch every 10 minutes */10 * * * * root PATH="$PATH:/usr/local/bin/" pihole updatechecker local # Pi-hole: Grab remote version every 24 hours 9 16 * * * root PATH="$PATH:/usr/local/bin/" pihole updatechecker remote @reboot root PATH="$PATH:/usr/local/bin/" pihole updatechecker remote reboot
3. Status Check
Web UI: Change your password!
pihole -a -p
By default, the web admin UI installed with lighttpd listens only on HTTP:80. You password will travel in clear text if you do not enable SSL!
Web UI Configuration
The web UI showcase logs and point & click configuration. If you chose to install lighttpd, the web UI is available at your pihole IP/admin
To use your existing web server, create a virtual host which points to /var/www/html where Pi-Hole installed its web UI.
Command Line
You don’t need to install the Web UI to check Pi-hole status. Especially on Raspberry Pi for which this Ad-blocker has been designed, a simple command line dashboard is available to check the server status:
pihole -c
You can also follow the DNS logs directly:
pihole -t
4. Use Pi-hole as your DNS server
Depending on what and where you installed Pi-Hole, consider modifying your devices accordingly.
If your Pi-Hole is installed on a public IP server, consider updating your ISP or DD-wrt router to use that DNS as well! You can also share it with your friends! also consider installing it both online and at home, for redundancy.
Example 1 Home router
Modify the home or ISP router to use that DNS instead of the default. All your home connected devices will be protected!
Notice:
Some crappy routers will force you to define two different DNS addresses. Use 127.0.0.1 as secondary DNS or install another Pi-hole server online or at home. The secondary DNS is naver used unless the first one is down.
Some crappy routers will force you to define two different DNS addresses. Use 127.0.0.1 as secondary DNS or install another Pi-hole server online or at home. The secondary DNS is naver used unless the first one is down.
Example 2 Individual Protection
You can also setup each device individually. This guide will show you how to do it on most platforms including Android, Apple Mac and iPhone.
For instance on Windows, open Adapter Options:
You can also access Adapter Options by running this command:
::{26EE0668-A00A-44D7-9371-BEB064C98683}\3\::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
Right-click on your network card and setup the IPv4 DNS manually.
Example 3 Pi-Hole with VPN Server
This is the recommended setup. Not only your ISP cannot track you anymore, but you also utterly destroy any attempt from Ad servers to bug you anymore, transparently and setup-free!
If you are running an OpenVPN server for instance (How To Install OpenVPN Server here), you need to define the new Pi-Hole DNS address in the /etc/openvpn/server.conf file.
To do so, save, then edit the config file, and keep only one line if you have only one Pi-Hole DNS address (replace 1.2.3.4 by your Pi-Hole DNS IP):
vi /etc/openvpn/server.conf push "dhcp-option DNS 1.2.3.4"
Then restart the OpenVPN service:
service openvpn restart
Pi-Hole used as the main DNS of the OpenVPN server will effectively filter Ads for any client using that VPN. Also setup the home ISP router and your secondary DD-wrt router to use it so even your home devices are protected!
5. Enjoy
I disabled browser Ad-blocker plugins such as uBlock Origin and started surfing over the Ad-bloated Macworld.com and other fake news mainstream medias. I also noticed some Ads on iPhone games were absent but not all of them.
Test Pi-hole Ad-blocking Power
Do you see any ads? If you see Ads, maybe that’s because they are hosted (same url as the main website) aka interstitial Ads. Pi-hole can do nothing for self-hosted Ads and you need to pair it with browser Ad-Blockers like uBlock Origin.
The best of all? Most of the mobile Ads on Apple and Android phones are blocked as well! No more stupid Ad countdown interrupting my son’s games!
Not all of them will be blocked because, again, some are still self-hosted on the game developer’s platform.
Your Own Cheap VPN for $1/mo
People are (rightfully) freaking out about their privacy as the Senate voted the law S.J. 34 to let internet providers share your private data with advertisers. While it’s important to protect your privacy, it doesn’t mean that you need it at all times. Also, VPN is a service that is not free, but I found you the CHEAPEST DEAL AVAILABLE TODAY: therefore, let’s create a VPN in 15mn for $1/mo!
Read more: Your Own Cheap VPN for $1/moThis guide will show you step by step how to do it with Virmach but this is valid for any other brand, provided you accept the price. The whole point is to use a script that does it for you, so you don’t have to spend a whole day doing it. Yes, setting up a VPN Server by hand is very complicated.
1. Get a KVM Server for $1/mo at Virmach
This is the crapiest, cheapest KVM provider I could find as of March 2020. Unfortunately they do not offer $1/mo plans anymore, because it depends on availability. I highly doubt they ever offered these plans in large quantities but you know how business work, yeah?
Select the cheapest KVM from the Virmach plans available here.
2. Create a RedHat, Debian, Ubuntu or CentOS server
Versions required for the script to work: Supported distros are Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora
- Ubuntu 18.04 or higher
- Debian 9 or higher
- CentOS 7 or higher
- Fedora any version
The script that will create the OpenVPN server for you needs to be run on the major versions above. Among the limited options that Virmach offers you for that price, as of September 2021, choose one of these:
The versions shown above are the lowest versions compatible with the script. The rest of the setup in straightforward. Take note of the root password they give you and that’s it.
3. Initial Setup (optional)
Virmach will provide you a root access with a password. All the steps below are optional, especially if you already own an IaaS Cloud server access.
A. Update the System (advised)
The commands below are for Debian/Ubuntu systems:
apt update -y apt upgrade -y apt autoremove -y apt clean -y
That’s it. Most systems are already configured for IPv4 Forwarding so you should be good to go.
B. Setup SSH (optional)
You can change the remote SSH access to RSA key access only instead of using a password, by setting up your identity and the SSHd daemon.
First you need to create your SSH identity (you could also force copy your own from another server):
ssh-keygen -f ~/.ssh/id_rsa
Next, add your public RSA key in ~/.ssh/authorized_keys (there are 3 ways to do that but this one is straightforward):
echo ssh-rsa AAAAB3Nza...IsFA0eGz name>~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys
Next, tweak the SSHd config file:
sed -i -e "s/^#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config || sed -i -e "s/^PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
4. Install OpenVPN
To install OpenVPN and all the dependencies including EasyRSA, simply execute this command:
wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
If using Ubuntu 16.04, another script is necessary:
wget https://git.io/vpn1604 -O openvpn-install.sh && bash openvpn-install.sh
That’s it. Now, get the content of the OVPN file generated for your clients:
cat /root/virmach1.ovpn
5. Setup the Clients
Windows Client
With the OVPN file you got, simply import it in OpenVPN GUI and you’re good to go!
DD-wrt Client
This guide will show you how to setup this OpenVPN connection on your home Dd-wrt router so the Wi-Fi is VPN-ized!
Wrapping Up
Let me know in the comments how long it actually took you. It took me much more than 15mn because I was writing the guide at the same time, but I think that 15mn altogether is a fair guess.
As of today, March 2020, Virmach let you pay $1 for a $1.25/mo plan because they “ran out” of cheap plans, but you are limited to 1 only. Also, no other location than within the USA are available, which defeats the purpose of a VPN when you live in the USA. What you really want is an access point in Europe.
CenturyLink is Garbage
CenturyLink blocks Kodi. Centurylink blocks Kodi repositories. CenturyLink filters internet without telling you. CenturyLink caps your bandwidth after 6 months. CenturyLink blocks random websites. CenturyLink is BAD.
After moving, I thought that using any competitor to Comcast would be a good idea. After all, it’s one of these ISP that still provide ADSL. It cannot be that bad?
Read more: CenturyLink is GarbageCenturyLink First Impressions
Well, ADSL is not fast, you know that. Do you? ADSL is a branch of DSL that’s provided through existing phone lines. It is therefore sensitive to electromagnetic noise. And the ping is attrocious: 21ms+
Noise can be emited by crappy electric devices such as dishwashers, washing machines, microwave ovens and whatever chinessium crap is connected close to your home.
It is also sensitive to radio signals on the 1400Mhz band. Chinesium crap devices can also emit on this band and hinder your bandwidth.
I also noticed a drop in bandwidth after 6 months.
CenturyLink Caps your Bandwidth
At the beginning, speedtest.net reported a whooping 80MB download speed. Living less than 1 mile away from the DSLAM, it made a lot of sense. 10MB upload speed was honorable for this kind of connection.
Here we are, 6 months later. Speedtest now reports between 20 and 30MB download speed at Any time.
It’s down from 80MB to 30MB after 6 months, permanently and for no reason. Also, Kodi servers are blocked from time to time.
CenturyLink Blocks Kodi Repos
This post is coincidental with me trying to reinstall a new Kodi build on my Rbox pro set-top box. The previous build refused to update most repos and I was not surprised, since it happened in the past with other builds.
It’s a catch-me-if-you-can game between pirated stream providers and the media Majors, we all know that. Still, I could not even configure new 2020 builds I knew that were working.
I could not even access xanax or slamious home site from my desktop. Only from my phone via Verizon. Isn’t that odd??
Setting up a VPN on the router solved the issue: Kodi works again!
Edit: as of April 2020, they re-opened the access to most build repos. Maybe it was an internal network issue on their side?
Conclusion: Comcast Is a Monopoly, but CenturyLink Is Worst
CenturyLink can block Kodi repos without warning you. CenturyLink also cap your bandwidth after some time with no reason. Maybe they think you won’t notice?
CenturyLink is hindering your freedom of surfing and therefore your freedom of speech. CenturyLink is not a good alternative to these monopolies that are Comcast, Verizon and AT&T. It’s not even cheaper.
CenturyLink plan, including their crappy modem is worth $60/mo and it’s not worth it. CenturyLink is bad, period.
Des batteries quasi éternelles fabriquées à partir de déchets nucléaires
Des batteries nucléaires, quasi éternelles fabriquées à partir de déchets nucléaires sont une enieme FAKE NEWS, merci ouest france. Aussi sur que le fiasco des Solar Freakin Roadways que Segolene Royal a voulu tester malgre tout avec votre argent.
Read more: Des batteries quasi éternelles fabriquées à partir de déchets nucléaires@Thunderf00t a debunk cette idiotie depuis le 30 Janvier 2020:
Je ne reviendrais pas sur les calculs effectues, suivez la video et refaite-les vous meme si vous doutez.
Ouest France et le reste des media Francais, en termes de qualite editoriale scientifique, sont tous completement a l’ouest.
We Found Out Where All Of The Toilet Paper Went!
The North Carolina truck driver was busted on Wednesday hauling 18,000 pounds of toilet paper in a stolen 18-wheeler trailer.
Read more: We Found Out Where All Of The Toilet Paper Went!
The Guilford County Sheriff’s Office intercepted the driver on Wednesday amid the coronavirus pandemic that has resulted in panicked customers buying up toilet paper across the country.
After spotting the stolen 18-wheeler, deputies say they followed the driver to a warehouse off the interstate.
It was there that they discovered the driver was hauling 18,000 pounds of commercial bathroom paper products.
Photos taken by deputies show dozens of boxes inside the truck that were filled with toilet paper.
Or Maybe, Just Maybe…
Maybe this surge in toilet paper needs serves a different purpose then we all thought?
Coronavirus Cure: Best Treatments
There’s a lot of information circulating about CCPvirus (novel Coronavirus from Wuhan, China – aka Covid-Sars2). Fake news and fake advices about this disease coming from China since December 2019 (COVID), so it’s important to know what’s true and what’s not. IT-Cooking senior director of infection prevention at IT-Cooking, helps clarify information to help keep you and your family healthy and safe.
Read more: Coronavirus Cure: Best TreatmentsYou can protect yourself from COVID-19 by…
Swallowing or gargling with bleach
No, but i want to see you try.
Wait!! CDC press conference just released this flash news: actually we may be able to fight #CCPvirus #coronavirus with bleach IV:
Also, this CDC press conference reported that sticking an UV light bulb up in your arche will kill the virus so fast he will regret he even met you!
Taking acetic acid
No. But I want to see your teeth after taking it.
Taking steroids
No. But you could win some competitions if you survive
Using essential oils
Yes. We recommend large amounts of Cinnamon Oil and Pennyroyal oil at least 1 oz per day. Buy Pennyroyal oil here.
Salt water
Yes. The sea is the best freely available cure substance so far.
Ethanol or other substances
Yes! We recommend large amounts of Corona. Modello and XX have been proven to worsen the effects so beware!
There Are Only 2 Genders
U.S. Census 2020 Genger question: you are a male or a female, period. As defined in your genes, scientifically speaking. No exceptions #ThereAreOnly2Genders
Read more: There Are Only 2 GendersU.S. Census To Keep Sexual Orientation, Gender Identity Questions Off New Surveys
This is controversial, I totally agree. However, if 99% of the population turns gay or trans tomorrow, I want to know!
Am I required to respond to the 2020 Census?
Yes, you are required by law to respond to the 2020 Census (Title 13, U.S. Code, Sections 141 and 193). We are conducting the 2020 Census under the authority of Title 13, U.S. Code, Sections 141, 193 and 221. This collection of information has been approved by the Office of Management and Budget (OMB). The eight-digit OMB approval number is 0607-1006. If this number were not displayed, we could not conduct the census.
SexTape de Benjamin Griveaux
Les site relayant la sex tape de Benjamin Griveaux n’etaient pas assez nombreux, Ils sont tous down! La France a toujours assez de courage et d’abnegation pour couvrir les deboirs de ses chers hommes politiques. Impossible d’acceder aux photos ou aux videos, apres seulement 3 jours!!
Summary (English)
A sex video has ended French ruling party candidate Benjamin Griveaux’s hopes of becoming mayor of Paris.
It then alleged that Mr Griveaux had exchanged intimate mobile phone messages with a young woman and sent her a personal video.
Mr Griveaux was not favourite to win the mayoral race in March, but he has been a very close ally of the president Emmanuel Macron, and his political demise is inevitably an embarrassment for the president, the BBC’s Hugh Schofield reports from Paris.
Source: AFP
EDIT 2024
Let’s face it… I was hacked. Weeks after, with the duplicity of Amazon (AWS) which I left since then. I buried my head in the sand for the past 4 years trying to ignore it, improving security, resilience, swaping Clouds, thinking that it was a File System error… But no, there are evidences.
What I can tell when I realized:
- recent nginx logs were missing
- *all* images uploaded for the past 2 months were missing
- database not corrupt but… all media references removed.
- normally, when you delete a picture from the file system, it stays in your media page and shows as missing
- in this case, the media attachments were also missing. Someone indeed did some cleanup
- the post is still there. They left it intact as a warning.
- nothing relevant in system log
- a server reboot was recorded
Who other then Amazon would give access to my disk space? Why is the post still in place and no visible database alteration other then missing pictures? Why only the last 2 months of pictures uploaded were missing? Only the last 2 months, really? Why wasn’t my site entirely wiped?
This makes no sense, the more I think about it. Hackers or whoever that was, carefully deleted ONLY the pictures under wp-content/uploads, and ONLY the last 2 months. It’s been carefully done: just enough damage, looking like it was Amazon’s fault. I suspected a file system restore as they sometimes do, without telling their customers. But the tempering evidences in the database are too strong.
To top it off, it also happened at a time where I frantically started pasting stuff directly to the site, not having local backups. Lesson learned!
Now I have to fix all those posts for which the pictures were deleted:
- How To Install Pi-Hole DNS Ad blocker
- Your Own Cheap VPN for $1/mo
- CenturyLink is Bad
- Des batteries quasi éternelles fabriquées à partir de déchets nucléaires
- Let’s start calling the novel coronavirus the CCP virus
- WHO: 70% of sick in China have recovered
- DUTCH RESEARCHERS FIRST TO FIND COVID-19 ANTIBODIES!
- We Found Out Where All Of The Toilet Paper Went!
- Coronavirus Cure: Best Treatments
- There Are Only 2 Genders
- Voir La SexTape de Benjamin Griveaux
Being hacked, or bare-back doored by your own Cloud provider is not a pleasant feeling. What do you think happened? If I was hacked, why did they delete only 2 months of pictures? Why not the database and the whole uploads folder? Why not the post itself?
I’d love to have your thoughts, maybe I’m just overthinking it…?
Images and traces que j’ai pu sauvegarder avant que la Republique ne fasse le menage:
pornopolitique.com
La premiere source a avoir offert les videos du ruskof (a qui on avait rien demande) est down.Ce site a clairement ete cree pour cette occasion, et cela ne date pas d’hier: le whois montre un enregistrement au Canada, qui date de Novembre 2019!
waybackmachine.com
La France a meme reussi a bloquer le contenu de waybackmachine,org! Jugez plutot: ce lien liste les snapshots du site pornopolitique.com:
Quand on clique la page se charge mais apres 2 secondes est remplacee par ceci:
Et impossible de recharger la page bien sur. Meme resultat avec les autres snapshots. Comment ont-ils fait?Il est interessant de noter qu’il n’y a de snapshots QUE pour les journees du 13 et 14 Fevrier:
Ce site a visiblement ete cree de toute piece pour cette affaire. Vous aurez un peu plus de chance avec les “archives” du site, mais toujours pas acces aux videosjeuxvideo.com
Curieusement, jeuxvideo.com avait aussi une page sur le sujet:
La page est bien sure bloquee:
twitter.com
Pas besoin de mentionner que Twitter a bien sur supprime les comptes de ceux qui relayaient l’information. Ils ont aussi supprime mon compte parceque ces wokes de Californie n’aimaient pas ma pic de profile.
pornhub.com
Certain forums and facebook proposent d’aller fureter sur pornhub… La encore la machine gouvernementale a fait le menage:
boursier.com
Meme des commentaires plutot serieux sur l’affaire sont retires! Jugez plutot:
youtube.com
Aura-t-on plus de chances avec Youtube? Il y a bien un moyen pour retrouver des videos supprimees, mais cela ne fonctionne que si queulqu’un a uploade la video sur un site alternatif…
delutube Dtube Peertube etc
On avait plusieurs sites qui permettaient d’uploader des videos Youtube supprimmees. Non seulement ils n’apparaissent plus dans les recherches Google et Duckduckgo, mais ils sont soit down eux aussi, soit personne n’a eu le temps d’uploader! Sale temps pour la liberte d’expression.
Fallouts
La carriere de ce pourri est peut etre finie, mais pour le russe qui a leaked la video, c’est une autre histoire.
Aparement, ce ruskov est un arsonist. Il fout le feu partout ou il va pour raisons diverses et variees, et se fait prendre en photo devant. Apres avoir gracieusement ete accepte avec sa demande d’asile, il met le feu a la Banque de France en 2017. C’est comme ca qu’il remercie le pays qui lui a donne asile. Et il appelle ca de l’Art. Celui la aussi c’est un sacre fils de pute.
Tous des fils de pute dans cette affaire degueulasse.
Conclusions
J’ai eu plus de chance pour trouver la video de Mr Hand que les photos minables de Benjamin Griveaux.
Qui l’eu cru? Rien sur Google, rien sur Duckduckgo, rien sur Youtube, rien sur Bing, rien sur Yahoo, rien sur Yandex, and meme la wayback machine a ete nettoyee!
Sale temps pour la liberte d’expression sur Internet. Depuis sa “Declaration of the Independence of Cyberspace” en 1996, ni Barlow lui-meme, ni sa fondation EFF n’ont pas permit d’ameliorer la situation.
La France est toujours une grande puissance, que vous le vouliez ou non. Elle a des allies partout, le rapide cleanup de wayback machine en est la preuve. Essayez vous-meme d’effacer vos propre archives, vous allez comprendre comme c’est long et difficile.
Appel aux dons
Vous avez sauvegarde la video? Les photos? Vous avez des liens qui marchent? Envoyez moi ca! Je suis curieux de voir comment la France va me bloquer une seconde fois.
Cloud Backup Strategy on AWS
Always have a Cloud Backup plan.
Mila Kunis
So, you moved to the Cloud and you got yourself one or more server? You host your own data and potentially even client data? What if you got hacked today? Database corruption, File corruption, accidental deletion, all these nice things happen all the time.
Cloud Backup Its Not a Matter “If” but “When”
IRS Criminal Investigation
Hopefully, AWS offers lots of options when it comes to Cloud Backup and data redundancy. On the other hand, Online Cloud Backup is not free. EBS Snapshots and S3 Buckets are darn cheap, but costs accumulate since you pay by the GB.
What Are My Cloud Backup Options?
EBS Snapshots
Convenient, easy to generate, easy to automate, EBS Snapshots are however the most expensive Cloud Backup option from AWS.
EBS Snapshots = $0.05 per GB-month of data stored
50GB = $2.5 per month
Snapshots are critical for fast data recovery though, they are therefore necessary for your system volumes. Convenient, easy to generate, easy to automate, EBS Snapshots however can become quite expensive in the long run.
Conclusion: You can live with only one snapshot in rotation every 24h per system volume, but for data volumes you certainly do not want that. Also, indeed Snapshots can be automated by aws cli, it makes the Snapshots console neither fish nor fowl. You don’t have this issue with S3 Buckets since you are forced to build scripts from the start.
What are these aws cli scripts you are mentioning?
Check this AWS documentation out.S3 Buckets
S3 Buckets are a much cheaper Cloud Backup alternative. Pretty much everything to know is said on AWS’ own wiki, but it’s a bit more complex. Depending on how frequently you want to access your data, you can go as low as $0.00099, as of 2020. Look at the prices below
| Storage pricing | |
|---|---|
| S3 Standard – General purpose storage for any type of data, typically used for frequently accessed data | |
| First 50 TB / Month That’s already half the cost of Snapshots | $0.023 per GB |
| Next 450 TB / Month | $0.022 per GB |
| Over 500 TB / Month | $0.021 per GB |
| S3 Intelligent – Tiering * – Automatic cost savings for data with unknown or changing access patterns | |
| Frequent Access Tier, First 50 TB / Month | $0.023 per GB |
| Frequent Access Tier, Next 450 TB / Month | $0.022 per GB |
| Frequent Access Tier, Over 500 TB / Month | $0.021 per GB |
| Infrequent Access Tier, All Storage / Month | $0.0125 per GB |
| Monitoring and Automation, All Storage / Month | $0.0025 per 1,000 objects |
| S3 Standard – Infrequent Access * – For long lived but infrequently accessed data that needs millisecond access | $0.0125 per GB |
| S3 One Zone – Infrequent Access * – For re-createable infrequently accessed data that needs millisecond access | $0.01 per GB |
| S3 Glacier ** – For long-term backups and archives with retrieval option from 1 minute to 12 hours | $0.004 per GB |
| S3 Glacier Deep Archive ** – For long-term data archiving that is accessed once or twice in a year and can be restored within 12 hours | $0.00099 per GB |
S3 Buckets are clearly cheaper. By default, my 50GB volume backup now costs me only $1.15, that’s 53% LESS than Snapshots. However, you cannot upload a Snapshot to S3. Even though they are hosted on S3, that’s in a separate network administered by AWS. All you can do is upload files. Remember dd? This smells like you need scripts!
How much do S3 Buckets cost?
It’s per GB.
Standard = $0.023 (50GB = $1.15/mo)
Standard _IA = $0.0125 (50GB = 62 cents/mo!)
Glacier = $0.004 (50GB = 20 cents/mo!!)
Glacier Deep = $0.00099 (50GB = 5 cents/mo!!!)
Standard = $0.023 (50GB = $1.15/mo)
Standard _IA = $0.0125 (50GB = 62 cents/mo!)
Glacier = $0.004 (50GB = 20 cents/mo!!)
Glacier Deep = $0.00099 (50GB = 5 cents/mo!!!)
Can you automate them?
Yes. With scripts in bash, using the
aws cli commands and a bit of cron.How far back in time can you go for your $$$?
Since you can automate backup files expiration with scripts, it’s easy to keep the few you need and pay only for those.
What if I want to restore last month backup?
Restore the monthly or the weekly that you have setup. You could also retain 30 snapshots in rotation.
Wait a minute. 30 Snapshots?
Yes, for the price of an S3 Glacier, your 30 snapshots at $12/mo now cost less than a dollar! Access costs are negligible.
How much costs 30 Snapshots?
Standard: 30 * 8GB * $0.023 = $5.52/mo
Glacier: 30 * 8GB * $0.004 = $0.96/mo
Glacier: 30 * 8GB * $0.004 = $0.96/mo
Can you backup each week instead?
Why not.
Can you automate the snapshots deletion?
Yes.
What scripting language to use?
Scripts with bash or zsh for loafs like me (rely on the
aws cli binaries), and Python for the courageous, or Ruby for the smart. Python and Ruby come with ssl and POST capabilities, which is needed to use the S3 API.Wrapping up
More on S3 automation and its drawbacks in the next post! The goal being to sleep with your deaf ear up, a bit more efforts and challenge is needed the reach the Graal of the ultimate bargain price possible.
If you prefer convenience and money is not an issue, be my guest and go for hand-managed Snapshots in the console.