Comment by novok
5 years ago
Another thing to keep in mind with this kind of software is tracking data loss, corruption and deletion. I've used photo management services before, and have had data loss that I can't explain from this year or that year. Did I delete it? Did I do a migration wrong? Did the software silently delete it? I'm not quite sure. What is even worse is you cannot get 'another copy' of these photos from elsewhere, because they're all unique.
Having a 'recycle bin' and an ability to see the history of photo deletion, modifications and imports can be useful in tracking down what causes data loss. Also having masters accessible in a simple plain directory is essential in being able to audit that the software is working correctly, can be backed up in a simple manner and if your service goes belly up, is easy to migrate from.
Another issue is bitrot. Your desktop can bitrot modify a photo, and then your photo management software detects this as the 'new version' and destroys the original good version. You have to make sure you mitigate this by storing a hash on import and restoring to the original hashed version.
Sharing some of the steps we've taken at ente to reduce the probability of such events:
- All files uploaded to ente are versioned and older versions are available for 60 days from the day you updated them.
- File deletions are performed only as a function of user action. Deleted files are again recoverable for 60 days.
- Two copies of each file are maintained with separate storage providers. Both of these providers offer 11x9 durability.
- For each uploaded file, we compare the number of bytes uploaded from the client to that received on the server and request a reupload in case there is a mismatch (to be replaced with a hash check).
We understand your concerns and will continue to invest in steps that improve data integrity and durability.