# 2017-06-14 Data Extinction Event Investigation Report

## Introduction

My laptop's home partition uses Btrfs alongside with Snapper. Snapper creates periodic volume snapshots, which I used for backup. It was very suitable for the prevention of accidental file deletion. However, I recently put some bulky files (8x ~2GB) on my home partition. Somehow this led to occasional 100% CPU usage for one of the Btrfs-related processes. I decided to clear my volume snapshots to avoid 100% CPU usage.

I decided to manually dump all the snapshots by running the following commands:

cd /home/.snapshots

## Dangerous cultural practices

It is clear that I understand the danger of losing data while performing risky operations. However, it seems that I always get away with it - in the sense that the mission critical files always have outdated backups somewhere.

I think I basically grew complacent. I believe I have learnt a lot of bad habits, rather than changing my bad habits, I managed to build myself layers of defences against those bad habits.

Rather than stop doing shift-delete. I decided to install volume snapshot, so I can liberally delete files. Rather than backing up data before changing partition layout, I rely on the fact that it is pretty easy to revert changes to LVM partitions by using the LVM configuration backup.

I seem to have been ignoring the danger of losing data, because the benefits of getting things down quickly have blinded me.

## Backup solution that are being used

The following backup solutions are currently being used:

• Mission-critical source code (for both software and documents) are checked into repositories on fangfufu.co.uk. The only problem is that sometimes I am too lazy to commit and push. I feel quite often I don't make enough progress to warrant a commit.
• Btrfs volume snapshots are being used to avoid accidental file deletion.
• Old archival files are synchronised to fangfufu.co.uk using Resilio Sync. The plan was to synchronise it with a Raspberry Pi in China, however, that Raspberry Pi went offline.
• The same old archival files are also pushed to Google Drive using Google Drive CLI Client [5]
• Ad-hoc copies of critical documents that are not often used are stored in Google Drive.

## Backup solutions that can be considered

• My local postdoc has two hard drives in his workstation, he uses rsync to copy files from main hard drive to backup hard drive on a daily basis. My T440p will have 3 hard drives, when it comes back from repair.
• Rather than using rsync, I can just send the Btrfs volume snapshot diffs to my 1TB secondary hard drive. I am already doing Btrfs volume snapshot anyway.
• btrbk seems to be a bit better than snapper, in the sense that it actually supports automatically sending the snapshots away.

## Future action plan

1. Commit and push source files more frequently and more diligently.
2. Expand the coverage of Resilo Sync.
3. Push more data into Google Drive - after all, I have unlimited Google Drive storage space as a York Alumni.
4. Investigate btrbk.
• public/2017-06-14_data_extinction_event_investigation_report.txt