You found the backup wrap up your go-to podcast for all things

backup recovery and cyber recovery.

In this episode, we extract some interesting cybersecurity and backup

lessons from Hollywood's take on AI threats and data protection.

The movie actually gets a lot of things right about immutable backups, air gap

storage, and the importance of offline copies when everything goes sideways.

Well, we also talk about how an underwater doomsday vault saves the world.

Why you need cryptographic hashes to prove data integrity and what

happens when your cybersecurity plan doesn't account for the human element.

The episode I think, is a lot of fun and you will actually learn a few things

about protecting your data from ai.

And regular old ransomware attacks.

By the way, if you don't know who I am, I'm w Curtis Preston, AKA, Mr.

Backup, and I've been passionate about backup and recovery ever since.

I had to tell my boss that there were no backups of the production

database that we had just lost.

I don't want that to happen to you, and that's why I do this.

On this podcast, we turn unappreciated backup admins into Cyber Recovery Heroes.

This is the backup wrap up.

Welcome to the show.

Hi, I am w Curtis Preston, AKA, Mr. Backup.

And with me, I have a guy that took way too long to see the movie

that we're talking about today.

Prasanna Malaiyandi.

How's it going?

Prasanna,

I am good.

Do you wanna tell listeners why it took me so long to see it?

because you were doing research sort of

No.

That, no, I

wait.

in the country.

Oh well there is that, but you could have seen it in India.

Couldn't you?

Have had

I could have, I don't know if it would be, it probably would

be the same experience, but

It would be interesting if they dub it.

If they dub it, not dub it.

What do they call it?

What?

What do they call it?

Do they dub it?

Is that the word?

Yeah,

dubbed or

in Hindi watching Tom Cruise speak Hindi.

That would be, that'll be awesome.

what?

If you, I bet if you watch the old ones on Amazon, you

Uhhuh.

watch it in different languages and I bet you Hindi and I think

they might also have Thamil,

Oh really?

which

Wow.

me off all the time.

But yes, I was watch because every once in a while, for some reason, um.

Uh, when I watch like a TV show on Amazon Prime, the audio

would be changed to Thamil,

Uhhuh.

Oh, really?

and I'm like, wait, this is not the right language.

not right.

Um, yeah, that's, that's pretty funny.

But that it, that it, every once in a while for me, it

will, it will put it in Spanish,

Yeah.

So the thing though is when I, so I have seen English movies in India.

In fact, I saw Life of Pie in India and so it was English, fine.

is kind of funny given, you know, given the content of that movie,

seeing that movie in India is, what's the, the guy, the, the main dude.

Is he

Patel,

da?

No, he's Indian.

Dave Patel.

Yeah.

Yeah,

grew up in the UK though, or something like that.

because he, he's, yeah, he is got kind of a, kind of an English accent a little bit.

Yeah.

But it was a good movie, you know?

it was.

And you saw it recently again.

No.

the way, for people who don't know,

Yeah.

we're talking about for this episode is actually the Mission Impossible series.

The Mission Impossible final reckoning.

Yes.

And well, sorry, what I was referring to is you recently saw it again,

Oh yes.

The, the Mission Impossible movie.

Yes.

Yeah.

So I've now seen it three times.

Has

have now spent 10 hours of my life watching this movie.

Or basically two Bollywood movies.

Basically,

No, actually I

I don't know.

This might qualify to be a single Bollywood movie given,

given that it's length.

Yeah.

In fact, my wife was like, oh my God, that was a little long.

Yeah.

Yeah.

It's 'cause when you guys watch Bollywood movies, you kind

of, don't, you p pause them.

We do it over

Yeah,

Yeah.

yeah.

But this was like, you gotta watch it.

Well.

I, yeah.

You have to watch this movie like that.

Yeah.

and the best part is I think when we're watching it after it was done,

she was like, they don't give you an intermission in the middle of the movie,

so you could take a bathroom break or grab some snacks or whatever else.

Because most Indian movies, they will pause in the middle,

Oh, interesting.

an intermission, so then you could go like, go grab snacks or

go to the bathroom or whatever

And,

continue.

and this is my chance to mention my favorite app,

I did

um, which, which is, which is, you know, not a sponsor.

This is an app I've been using for 10 years, and it's like, you know.

Changed my life.

So the app is called RunPee, literally word RunPee.

And it will tell you like no P as in go pee.

Okay.

It will tell you when you can go run p run and pee in the movie.

Right?

And it's free, uh, as long as you don't mind, like movies

older than like a week or two.

Uh, but if you, if you don't mind either watching a bunch of ads to get, uh.

Uh, credits to use towards p coins is what they call them.

Or in my case, I pay a dollar a month.

To, to belong to the, you know, to the P universe.

And that, that literally, I'm on the West Coast, so this stuff comes out.

Literally, I, I get, like if it's, I'm going to see a show here in a

couple hours that that comes out today, the P Times will be in that

movie by the time I get to the movie.

And basically it will tell you if you just use it like regularly, if you use

it without paying at all, the number one thing it will tell you is, is there

anything at the end of the credits.

Which is like, it, it does that for all movies, which is nice to know.

Uh, but if you, if you have the credits or whatever, it will tell you

basically at 15 minutes and 37 seconds.

Um, when, uh, in the, in this movie, uh, when, um, when Angela Bassett

says, when Ethan, where are you?

Um, you can go, you get three minutes and they tell you what

happens while you're gone.

And then even better.

If you don't want to have to think about that while you're watching the

movie, you can set a timer and it'll tell you when the universal logo fades

out, press the go button and then you can just, and it will buzz your leg

Hmm.

time to pee.

And you can, and you can, uh, go run.

And then they have this little synopsis while you're gone and

tells you, um, it's awesome.

Uh, and they'll also tell you, they'll be like.

You know, the second P time is the best.

Like you don't miss anything, you know?

Or like the third p time is, you know, it just depends on the movie.

They'll be like, the third p time is for emergencies only because

you know, you do miss this or that.

Yeah, yeah,

so for Hollywood movies, would they basically just time it

for every single dancing?

So you basically have like 12 different options

yeah, yeah, yeah.

Yeah.

So.

I, first off, I loved this movie.

Um, it, um, and, and by the way, spoiler alert, do not listen to this

episode if you don't want to hear, you know, secrets about this movie.

And if you haven't seen the movie, you know what?

I don't even know what to tell you.

'cause it's about to leave theaters.

Um, yeah.

a critical thing.

'cause I think it's so, unlike you, Curtis, I don't watch

many movies in theaters.

I think it's

Yeah.

couple a year.

Right.

And this was one of them though, where it was like, you must see it on a

Yeah.

to really.

enjoy it

Yeah.

the action sequences, everything else is just so much bigger

on a big T, a big screen.

Yeah.

TV is 98 inches, it's still,

it's still not the same.

still not the.

that there's, there's a pounding audio and everything, right?

And, and also the communal experience of watching it with other people

and the other people reacting.

When I saw it on opening day, the, again, spoiler alert,

uh, this is your last chance.

Uh, when, um, bill Dunlow shows up on the screen, the audience

literally cheered, right?

people who may not know who Bill Dunlow is,

I.

from one of,

Go ahead.

know the actor's name,

Okay.

He

That's the character's name,

Oh, is

but go ahead.

Yeah.

So he is a person, if you remember whichever movie it was, where

The very first episode.

where they're trying to steal the knock list and he's in that

Yeah.

secure vault and he is

Yeah.

repelling down and he drops the knife and

It's where the, the famous scene of the, where he like hovers six

inches from the floor and almost,

So.

The guy who Curtis is referring to was in that movie, and he's a person

who basically was, stole his ID and were imPrasannating him inside.

And what you learn from this movie is he's actually the designer of the vault.

And so when the vault actually ultimately gets penetrated and the,

the data is stolen, they send him to a, you know, a, a listening station

in, you know, the North Pole somewhere.

Yeah.

Alaska.

And, um, and he shows up in the movie now, like 30 years later,

which is, which was just really cool.

It was a nice fan service thing.

But yeah.

So anyway, um, what I thought would be fun, uh, I, what I. Enjoyed the most

about this movie, is that, first off, it was, in some sense it was a little on

the nose because we are starting to see, because the, you know, the core like.

Premise here is that there is this artificial intelligence that is

altering reality as we know it.

And, you know, and they show pictures of like, it's like

replacing tanks with school buses and, you know, and all this stuff.

And, and nobody knows what truth is anymore.

And we are in the middle of that, right?

Did you see the article?

In fact, the register published something recently

Mm-hmm.

they had talked about how today with ai, it's very similar to like

when the atomic bomb went off.

I. that everything changed, right?

Like all the particles, everything else change after that one moment,

Yeah.

like, AI is the exact same.

Where like everything is different now.

And like you said, like this movie points out, it's really hard to tell

like what's real versus what's not.

And it could

Yeah.

worse in the future.

Up.

unleashed something.

Yeah.

Up until now.

If you saw a video of something, you could believe that that thing actually happened.

Now it's like, here's this video of this politician saying this

thing, and you immediately go, did he actually say the thing?

Or is this a fake video?

That's the new reality that we're living in, and that, and some of

that AI is amazingly, uh, accurate.

You know what?

I hope it'll do.

What.

I hope we could just like tell it, create this podcast episode and it'll generate

videos of the two of us that are lifelike, that have all the nuances that we use

How do we,

the episode.

how do we know that hasn't happened already?

Listeners, if you think that this is a AI generated podcast

episode, please leave a comment.

Yeah.

And don't, don't ask us if we're homeless.

There was a, we got that one comment.

The guy said he was joking.

He said he was joking.

'cause I was like, wow, that ouch.

You know, uh, yeah.

He's, he is like, yeah, these guys, they kind of look homeless, but they

know what they're talking about.

Um, yeah, so we're definitely in, you know, some call it the post-truth world.

Uh, it, it's very difficult.

I, in some sense, I think.

That if it causes everyone to question everything and then you go and have to

verify the the source, uh, that's not necessarily bad, but it is difficult

because there are a lot of things that have happened over history where

when you had the video of the thing I.

Uh, that was, that was a conclusive proof I can think of, like, celebrities

dropping the N bomb, for example.

Uh, you know, if you've got a video of that or, or like a celebrity, I can

think of some people that have like beaten up their girlfriends and it

was caught on a security camera again.

Yeah, yeah.

Elevator footage.

Yeah, exactly.

Um, anyway, so, but

no,

yeah, but go ahead.

thing though, just talking about this, right?

How it's hard to tell, uh, reality from fiction, right?

And what really happened in the movie though, one of the things that they

were trying to do as this entity, this AI thing, started taking over

the world and changing everything.

Is they were like, we just need to dump all the data that we have

and like basically go offline.

Right.

So they

Yeah.

scenes where there were like CIA analysts and military researchers.

Right.

They were doing everything.

Old school.

Right.

They had like giant displays and models where they were

physically moving ships around on

Yeah.

and giant rooms of people just like take like.

Writing down physical copies of everything that was digitized.

Right.

So

yeah,

some physical copy

yeah.

happened to the digital.

And, and you know, to bring it back to our world, um, there's definitely, there

was definitely some, some ideas there.

Um, well, I, I don't wanna get into that just yet.

Uh,

I, I, I don't

but go ahead.

either because there was

Yeah.

I wanted to talk about too.

One thing that I wanted to ask you.

So they're sitting there tr so.

You can't trust if what you're seeing is truth fiction.

Right.

Right,

Um, and so they were trying to preserve it.

right.

Right.

I guess a couple questions I have for you

Mm-hmm.

are there alternative ways to preserve that data in such a way that you know

that it is the original, authentic piece and not something that has been changed?

Yeah, let's let, let's, let's not talk about that just yet.

But yeah, that's definitely a question that I want to, that I

want to answer in this episode.

Right.

Um, but just, I just want to finish commenting on the overall movie.

I really enjoyed what.

It was.

Amazing, really long.

Um, I, um, the first off the concept, the premise of the movie, a bit on the

nose at, at the moment, um, that was actually somewhat uncomfortable at parts.

What I really enjoyed was that for the most part, with a few.

Especially towards the end, a few crazy things.

They got the concepts right, the tech concepts, they got the scuba concepts.

I'm a scuba diver.

Um, and they even got things right that they didn't really have to explain to

the average viewer, but they got it right for the, you know, the handful of us

that are in the scuba, scuba community.

And same thing with the techie world.

Right?

I loved this idea of the Doomsday vault.

Right.

I, I'm pretty sure it's total fiction, uh, because that, that sounds like

cooperation between like world governments and I don't see that happening.

Um, I thought it was weird that it was like floating in water, but whatever.

I, I

Um,

that scene and I was like, that is really interesting.

It's not completely outside fiction

It is not completely unrealistic.

Right.

There is, by the way, there is like, there is a doomsday like seed vault.

I, I, I'm aware of like heirloom seeds and stuff.

Yeah, yeah.

Norway isn't also, not technically Doomsday Vault, but

isn't like the LDS uh, genetic

Yes, yes.

Yeah.

And

similar

the salt mines in, in Utah.

Yeah.

Yeah.

Um, and.

But yeah, I, I liked that they, they took a lot of effort with

some, obviously artistic license.

They took a lot of effort to get the tech right.

Um, I mean, you know, there were a couple of silly things like, so,

so one of my best friends is a, is a former, uh, submariner, right.

And I asked him, I was like, do they have a room like that?

And, and he is like, they actually do kind of have a room like that where

you can go in and outta the sub.

It's meant mainly for escaping.

It's not, subs aren't made to.

To go diving the way that they depicted in the, in the movie.

But he's, but the, the most unbelievable part about that room is how big it was

that even if they had a room like that, that room could fit like 10 people.

He's like, there's no room on the sub that fits 10 people, let

alone a room that's used once in a while for, for scuba diving.

But, but anyway, um, yeah, I, I enjoyed that, that stuff.

But let's talk about the the main plot.

I'm gonna reword it in my words.

In order to kill the ai, what we need is.

An immutable copy of the original source code that's been stored in

an air gapped, a water gapped, um, a water gapped storage facility.

Far offline from everything.

And, uh, and then, you know, we get, we're gonna combine that with this poison pill.

Um, so, uh, I I love that.

I love that.

Basically the entire, the final episode of, of, um, because we just

did an episode on air gapping, right?

That the, the final episode of Mission Impossible and arguably the

entire Mission Impossible series.

The core, the, the, the thing that's gonna win the day is an air gap backup, right?

Or, or like I said, like a water gap backup.

What did you think about that?

No, that was, yeah, when I, I, you know what?

I actually didn't think about that until you just mentioned it,

Yeah,

then I was like, yeah, you're right though.

It was, we have a copy that's like buried with a submarine

that no one knows where it is.

yeah.

part

I.

little kind of.

Not quite what we would think about, right?

You wanna know where your air gap

Yeah, we, it's kind of important when you do the 3, 2, 1, it's

important to know where the one is.

but, but other than that, you're right.

It was completely offline, immutable, no access to anything.

Yeah,

that is literally what, uh, saves the world.

yeah.

Um, and I, I did, you know, it did make me want to ask questions of like.

So there's no other copy.

There's no, I think what they were trying to say was that all other copies

Had been

have been infected by the ai.

Right.

To which I still want to say there are no other copies that are

stored in like immutable storage

No,

the original source code.

probably not.

That, that just, that, that bothers me.

Well, because remember though, Curtis, right?

Part of it is, right, if you think about AI in general, right?

Or LLM, machine learning, right?

Part of it is the source code, but part of it is all this like

training data and other things, which is constantly evolving.

So what you get from one day to the next may not be the same, right?

And

Yeah.

it could be learning, it could be, right?

It's the constant learning model, right?

So.

Yeah.

And you know, and, and again, there's things that you just have to let

go, you know, the willing suspension of disbeliefs as we call it.

I'm like, how do you write a poison pill for some source code that you, that you

don't know what the source code does?

I don't know, whatever.

Not to mention the fact that you're, you got this special little slot

thing that's designed to go in, that's designed to go in the special little

slot in a device that you've never seen.

That part reminded me a little bit of, um, independence Day, where, um,

virus and.

yeah, where they had, they upload the virus to the thing.

It's like, it's there, there was actually a blog post that came out back then.

It was like the, the 20 things I learned about.

It from watching or I don't know.

I think it was like the 20 things I learned, and one of them was if

you go up to a top secret military facility, if you just show them an

alien, they will let you right in.

If you remember, they had 'em in the back of the pickup truck.

They're trying to get in, they pull up the tarp and they're like,

oh yeah, come on, come on in.

Uh, and then, but my favorite was a Mac can interface with, even though it can't

interface with most earth computers.

This was, this was back when Mac were, were really different, you know, uh,

uh, as I'm sitting here on a Mac.

Um, but yeah, that was, um.

That was a funny one.

And so there's, there's a couple things like that to, to poke fun at.

I will say, just for those curious, the scuba stuff,

they got it pretty dang right?

Um, you know, the, the, the fact that one of the, again, one of those things that,

that, um, that they included that they didn't have to include was when you, when

you go down in, in depth every 10 meters, you add a. Uh, one to the denominator.

So when you're at the surface, it's, it's equal one over one.

When you're at 10 meters, the air, uh, is compressed by half.

When you're at, you know, 20 meters, it's compressed by one third.

So you'd add a number all the way.

And so he went to 300 feet.

So I'm just gonna approximate that to be a hundred meters.

So that means.

He's at one.

The air, at the, at his depth was one 11th, the size that

it would be at the surface.

So that's why when they said they, they're like, how do you, how could

he have taken one breath of error?

I

Right?

How can you take one breath of air at 300 feet and last to the surface?

And you know, one answer is, well, he didn't.

But the other answer is, and by the way, I've actually done this, not at, not at

a hundred meters, but, but at 90 feet.

Um, I've run out of air.

Um, and because as you come up the surface that, that, that process reverses itself.

So that's why.

You have to breathe continuously.

The number one rule of scuba that you learn over and over and

over again is always breathe.

Never hold your breath.

Hmm.

as you come up the air, the air is expanding and so your lungs would explode

if you didn't let air out your your thing.

And so you can see him as he's coming up.

So it literally is possible to take a single breath of air at

depth and make it to the surface by slowly broke, blowing out, uh, air.

Yeah.

And um, and I know that for a fact because I did run out of air.

At depth at 90 feet.

Um, that's a story for another day, but at night for the record.

Um, yeah, in rough ski.

Yeah.

Scary,

Not good.

actually, it's actually happened to me twice, but anyway,

Hmm.

nevermind.

Um, but so let's talk about, um, I think the core thing of the movie

is that air gap backup's good.

Right.

You, you do need a, you do need a, the ability to trust, you

know, a copy of, of your stuff.

So here's a question for you.

Yeah.

that technically considered an air gap backup because they've never actually

used it for restore testing before

I.

to.

Well, I would, I would say that it sort of, it was sort of forced to be

an air gapped backup, and again, we're, you know, it's a water gapped backup.

But, but, um, it, it was offline, right?

The point is that it was offline.

It was that whole sub was meant to be offline.

Now, I don't, I. I don't know if was the sub offline because it crashed

Yeah.

was it offline?

Because that was the design of subs.

'cause remember the, that sub, the other sub, it had to come to the surface to

be online and he was staying at depth on purpose to avoid detection and, and

also, uh, infection by the, by the entity.

Um, but yeah, I mean, sometimes you do what you gotta do, right?

But in this case, um, I.

And when we say it was an immutable copy, it was only immutable because there

was nothing there that could change it.

It was just a hard drive.

yep,

was just a hard drive with some source code.

And by the way, why is the source code there anyway?

It should be the compiled version of the whatever, you know, we

will let that go.

But you know, it, it, it could, it wasn't technically immutable.

It was just a hard drive.

Right.

And then we get to the end, what they do to get the entity into the,

um, what was the name of the place?

Doomsday Vault, right?

Because the, you, you may be thinking, well, isn't the whole purpose of

this vault to be offline and, you know, and, and outlive the world?

The answer is yes.

That was the whole point of what she was doing.

Where she's splicing in the, the red wire and the thing, and then she's connecting

a, uh, a transmitter or receiver.

Right?

Which again, you know.

Insider threat.

insider threat.

The, um, again, that's the part you kinda have to let it go because if you

see how deep that vault is, there's no way a cell phone signal's getting

outta that thing, but whatever.

Um, and, um, and then he's, and then he ends up connecting his thing

where he's, as he's falling through the air, you may recall that he

does his final connection as he's falling through the air on a reserve.

Parachute.

Thank God.

Um.

By the way, total aside, I have an ex-brother-in-law who's whose,

uh, parachute failed like that.

And, and, uh, cigar rolled,

Okay.

is what they call it.

Um, and he bounced.

He did not die.

He, he bounced, but he, he, he dove from 10,000 feet and, uh,

or, or it died at 10,000 feet.

And, uh, and he bounced and lived, uh, but he was, he was never the same again.

Um, but yeah, so he.

He, he transmits the stuff and they get it in there, and the whole thing

of the, the blink of an eye and the, you know, that whole thing.

wanna talk about.

So they're

Okay.

One of the people, they designed this five dimensional storage system

is that?

was like a crystal like structure, which was maybe like three inches

by two by one inch by one inch,

Yeah,

small,

yeah, yeah.

able to dump all of the entities data.

There's.

Yeah.

Entity into it in like a blink of an eye.

Right.

And I was like, okay, does, and it would have to change

colors when it was receiving.

I was like, really?

And once again, going back to what you said, they didn't know what the interface

looks like because who had access to the Doomsday Vault and there was a guy making

Yeah,

was like

yeah,

in New York City in a

yeah,

vault.

And

yeah.

So, yeah, so stuff like that, not to mention the whole,

like he starts describing the wires that she's gonna find.

Yeah.

I am like, you'll, you know, to the right, you're gonna find a cluster of wires

and you're gonna want to cut the red one and, you know, um, or don't cut the red.

I, I don't remember.

But, but, um, yeah.

So not to mention the amount of data that, that, that, that, that, that,

that saying had being transmitted over a cell phone signal over the

public internet via thing, you know?

Yeah.

You, you just gotta let that part go.

Yeah.

Um,

So,

it, it reminds me of an episode of Alias where she's trying to steal data from

a server and she does this upside down hanging thing, kind of like, uh, Ethan

Hunt in the first episode and she has a wireless modem that she's using to

transfer the data out of the server.

And I'm like, that's not,

How it

that's not how that works.

Well, it's like, do you remember, uh, with old car fob or key fobs

where you would hold it to your chin to turn your head into an antenna?

No, I do not remember that.

So Volkswagen, Audi Keys, in the early two thousands, the distance

was awful, if you held the car, uh, key fob underneath your chin.

I, this sounds,

increase the

like an urban legend

I've actually done it, Curtis.

really.

Yes.

It explains a few things, but, um, yeah, so, so.

talk about something.

Okay.

So what, just so we've got some things that we could talk about,

we can talk about, I mean, we, we could talk about, um, this concept

of the, of the doomsday vault.

We can talk about the offline copy, we can talk about the immutability.

We can talk about this question that you had about what would you

do if you actually wanna store data that you can trust like that?

Yeah.

Yeah.

So, which, which question do you wanna start with?

start with production,

Uh, so you're saying that you, you want to be able to have a copy?

sorry.

So data you're creating today,

Mm-hmm.

that either you're creating or already exists.

Yeah.

How do you go about to ensure that?

It doesn't get changed, and you could prove the authenticity of said data.

Yeah.

Right, because this comes up in compliance use

Yeah.

right?

With their SOX regulations, financial regulations, medical regulations,

all of these things, right?

Yeah.

And so the one thing they didn't cover, which I'm wondering maybe that was a miss

on their part, was, was there something they could have done for production data?

Instead of we only focus on making sure that you're able to determine

has it been altered or not?

Yeah.

So the answer is yes.

I will say that the core thing still comes down to we need something,

we need a place that we, that we can trust that's immutable, right?

We need some type of storage, and, and I, I think this is a, this is true.

For so much, for, for, for backups, for ransomware protection, for, uh,

lawsuit, you know, for eDiscovery purposes, you need to be able to

demonstrate for multiple reasons and multiple purposes that the thing that

you're presenting, whether it's for a restore or for a lawsuit, is really

the thing that you started with, right?

And, um, and so.

It has to start with a truly, truly, truly immutable copy of the data.

Right?

And, and again, I go back to the only thing that's truly immutable is

something that even you aren't allowed to delete it even if you have all power.

Right?

Which is rare.

Very,

really, really rare.

Right.

Um,

had access to a server,

yeah.

just physically destroy the server, the hard disks.

Yeah,

Which, which is why you're saying it's very, very hard to truly have

well.

copy.

Well, what I, well, I'll also say there's no such thing as an immutable

Yes.

because of what you just said, right?

There is no such thing, 100% immutable.

We talk about immutability being a, a binary condition like pregnancy

or death, but it's not right.

It is a spectrum.

Um, but.

But there's, you know, there's good, better, best, right?

And the best immutability is you can't delete it.

No one else can delete it short of what you just described,

short of destroying it.

And then what you have to do to protect against that is you have to have

multiple copies and multiple situations.

Right.

Um, and, um, by the way, I do, um.

Before I forget the thing that happened from the first episode.

The thing that we learned from the first episode is you can have all

these, like there's this scene where they describe the 10 different security

measures to get into the front door.

And so what does he do?

He goes in the back door,

Yep.

he's gonna come through the AC vent,

Yeah.

is just hilarious.

Anyway, um, but.

It has to start with a 100% immutable storage thing.

There are a variety of ways to do that.

Um, you know, uh, maybe we should just have an episode, which is talk

about the different ways to have a hundred percent immutability.

Um, although there's no such thing as a hundred percent I, um, but, so once you

have that, then it's a matter of metadata.

Helping you to prove that the thing is the thing, right?

So if you've got a place where you can store metadata that is also immutable,

then you can use things like hashes.

You can use things like, you know, MD5 hashes, or, you know, and, and, and, and,

you know, they gotta be made more and more secure, bigger and bigger hashes, uh, to,

to prevent, you know, hash collisions.

Um, you know, MD5, like, well, there's, um, uh, what's.

Yeah.

Thank you.

Well, there's, there was Shah one

Yeah.

Shah two pretty much gone.

So people are saying Shah 2 56, um, which just the, the i I think that

just meets the 256 bits, right?

The hash right.

Um, and you, you need that, you, so with that, if you have,

you know, a cryptographic hash.

Each object that you stored in the immutable storage, when you retrieve

it from that immutable storage, you can say, here's the thing, we run the hash

against it and, and, and it matches.

Right.

Um, now again, you know, I'm constantly thinking about ways to get around

that we go through the back door.

The way to get around that would be to hack the source code of the Shaw.

Yeah.

Uh, algorithm.

Yeah.

Um, but, um, which again, that's why you gotta protect that, you know, you know

it, it's all these different things.

Which it, so

go ahead.

very interesting what you just mentioned because I don't know if we've talked

about it on the podcast before.

Right.

I think normally when we talk about dealing with immutability, we

only focus on the storage pieces.

I. Right, the data storage,

Mm-hmm.

ever touched upon metadata, but I think that's a really important point

Yeah.

well, is whatever system you're using to keep track of the metadata

also needs to be immutable because otherwise someone could just fake it

Yeah.

you're screwed.

Yeah.

That, but that's the whole point of that is like, and, and generally that's just

the way object storage works, right?

Is the whole, that, that hash is the identity of that thing.

And so when, if the thing would ever change, it's identity

changes and, you know, and right.

And so you, and, and object storage is also self-healing.

And then if, if a part of it is damaged, then it, it replicates and, and, and.

Replicates that stuff, and when we replicate it, we ma we use the hashes

to make sure that it's been properly replicated and all of those things.

That's just many of the amazing things about mu um, uh, just object

storage and what makes it so amazing.

Um, and I, I do think that it, that it, that it has become the

defacto way to store data from an immutability perspective.

Um, uh.

And in a way, in a way that can be used to prove that something

is what it, what it was.

Right.

Yep.

and, uh, I, I think that's the, that's the best answer to that.

You, you add to that the challenge of storing it long term, it's

a different discussion, an entirely different discussion.

Yeah,

Right.

Um, because again, there's no medium.

That lasts forever.

There's no medium that even lasts more than say, 30 ish years.

Right.

the

M-disc people will disagree with you.

well, there are some that, that, like when we talk about like m-disc, right?

Um, M-disc is designed to last longer than that, but it's only been tested

in a lab to last longer than that.

Right.

Um, and I, I, as much as I'm a fan of m-disc, I don't think m-disc

is gonna be around in 50 years.

Yeah.

Uh, so, you know,

You're gonna have to

just,

to something.

yeah.

You're gonna have to migrate to something.

Curtis, DNA.

And that's the thing right there.

There are all, I've, I've talked to some people in some skunkworks projects

where they talk about DNA storage.

They talk about optical storage by optical, I'm sorry.

Um, like, like a block,

Yeah,

a, like 3D optical storage or five D, five D optical storage,

whatever the hell that is.

Um, what is five D?

That was the one part.

I was like, wait,

Well,

is that?

Yeah,

Um,

maybe time and space are included in

'cause that, that'd be like four D if it's time.

And then space.

No, but space is part of 3D.

What's the fifth dimension?

Something new.

Maybe it's a black hole

Fifth Dimension is a, is a musical group from the seventies.

that, is something that you should be looking into now to a way to store your

data in a way that not just from like being attacked by AI but being attacked.

Well, you are being attacked by ai, but not in the way that the movie's depicting.

It's more like, um, opportunistic cyber attacks that are using ai.

We joked about it a lot, but the other value here in that movie is that it

shows the value of an air gap backup or a water gap backup apparently.

Um, yeah.

think it was actually critical because one of the things that they were worried

about, I know you just talked about immutable, 'cause they're worried about

the entity modifying existing data, but also to some extent they were worried

about the entity just learning, right?

Gathering, reading the data

Mm-hmm.

where's there and learning from it and understanding where all the faults are.

And so they

Right?

that offline air gap, water gap, whatever you wanna call it.

Yeah.

Yeah.

Yeah.

And I mean.

That's the one part of the movie.

I'm like, nobody in this world, nobody in the Mission Impossible Universe

has an air gap copy backup of stuff.

Like, what the hell?

Um, but it is super important.

But, we've already had it, a whole episode of that.

So that's all I'm gonna say about that there.

The other is that, um, is to just, when you look at security.

JJ Just, just think about this.

Think about the first episode.

Think about this episode.

When you look at security, sometimes we focus so much on this or that, right?

It's important when designing your DR system, when you're designing

your cybersecurity system to make sure that you have somebody who

can help you think outside the box

Yep.

to help you think about the air vent,

Yep.

help you think about, uh, basically what what did happen was everybody

sort of gave up and abandoned the, the, the doomsday vault, right?

Um, basically, um.

And they, they weren't killed.

They just left.

Yep.

Um, and so we can talk about the, the vulnerability of the

human in the cybersecurity plan.

Yeah, it's like a lot of times when we talk, or you have a great example of

this, right, where you always assume that someone may be around, like you

used to do your DR testing when you

Yeah,

at the bank, and they would tell you, no, Curtis, don't do the test.

Have someone else do it.

yeah, yeah.

we

I.

the talk about the derecho, right?

Or the podcast episode where they're like, we had people who didn't have

contact and who normally would be doing things and are not there,

Yeah.

so it's all these assumptions that you make about people being available or

communications being available that may not be available when you need it.

Yeah.

A derecho.

By the way, we had an episode on that and I learned about this in that episode.

A derecho is a hurricane that forms over land.

It's a thing.

So, so the one last thing I want to bring up on this

Yeah.

so we've been talking about this entity, right, which is going and

changing all the people's data and

Mm-hmm.

the rest and trying to take over the world.

And at one point, right, it hijacks the nuclear weapons of all these

Mm-hmm.

right?

Would you think that this is like a perfect cyber attack ransomware scenario?

Well, I mean, it's a, it's a huge cyber attack ransomware scenario.

Right.

And it, and it's an argument for offline control of certain things.

Right.

I, I actually, I'm pretty sure that, for example, the control of

the nuclear arsenal is not online.

Right.

It's much more about process.

Right.

And they show some of it with the cracking up the key and all that stuff.

Again, I have zero knowledge of how the actual nuclear arsenal is controlled.

You know, I.

the football that the person carries

Other than the, yeah, the thing they call the football for some reason, which I

believe is just the, the codes, right?

The cracking of the codes, and it's a verbal thing.

And again, that process needs to be updated possibly

because of, you know, AI and

yeah,

of voices and things.

But it's, I think it's offline very much by default, by by design.

Yeah.

Um, and not to mention the fact that those things are running on

like eight and a half inch floppies.

isn't that a little scary?

Yeah, it's what it is.

There are some things that need to be, you know, so far the world has agreed.

For example, when it comes to warfare that the decision to kill should

always be in the hands of a human.

Even if you have AI assisting you in the decision that the actual, that,

that we don't want robocop, right?

We don't want the scene in the original robocop, which for

the record is an amazing movie.

Um, and, um, you know, you have 50 seconds to comply.

That's that seed, you know, is like that.

That's when the movie like.

That's when you're like, what am I watching?

Yeah.

Um, but um, yeah.

Good movie.

Anyway, this was fun.

Yeah, no, I hope the listeners enjoyed this.

Uh, slightly different take on thinking about backup and data protection

Yeah.

through Hollywood.

I seen through Hollywood

you

and I.

this, maybe we should do some others,

I think we can, I think there's more.

I think there's other movies and other TV shows where I've seen

backups and cybersecurity depicted.

That's really funny.

We could probably bring Mike on, uh, to have another conversation.

Um, once he finishes his chapter though, uh, by the way, I

have written, I have finished.

The, the rough draft of the final chapter, my final chapter of the book, he's

writing the final chapter of the book.

And, um, uh, so now it just begins the, the, oh, it's awesome.

It's awesome.

And, um, and now it just begins a process of the, the big

thing is the cop the tech edit.

And by the way, if you're in the cybersecurity space and you wanna be

a tech editor of the book, reach out to me, w Curtis Preston at gmail.

You get a free book.

Right by being a tech editor, and you get mentioned in the book, so there's that.

There's actually a guy in, in, in my second book, which was using Stan and Nas.

There's a guy that's mentioned in it twice.

Have I told you about this?

His name is, uh, grant Melvin.

I know Grant, he used to be my boss.

Yeah.

So Mel, he's mentioned in the book twice as Grant, Melvin and Melvin Grant.

From NetApp, right?

Yes.

Yeah,

Yeah, he was

Grant.

Grant, Melvin.

Yep.

I, what's funny is I interacted with him for months over email and then I

run into him in, in, um, in the, you know, in NetApp headquarters and he is

like, I'm Grant Melbourne from NetApp.

I had no idea.

Yeah.

All right.

Well, uh, thanks.

Thanks for, thanks for, thanks for finally seeing the movie

Yeah.

uh, thanks for the episode.

Yeah.

All right, and thanks to the listeners.

Hope you enjoyed this.

If you like it, uh, tell us, you know, maybe we'll make some more.

That is a wrap.

The backup wrap up is written, recorded, and produced by me w Curtis Preston.

If you need backup or Dr. Consulting content generation or expert witness

work, check out backup central.com.

You can also find links from my O'Reilly Books on the same website.

Remember, this is an independent podcast and any opinions that

you hear are those of the speaker and not necessarily an employer.

Thanks for listening.