How to avoid data-loss when drive dies? (Not yet a NC.User)

We currently use one of the popular proprietary Cloud products. Three machines in three different locations run in full sync mode (all data available on the device local disk – the cloud keeps everything in sync*). Last week, I edited graphics, went for dinner, and came back to an empty directory. Indeed, not only my work of that day, but all content on that cloud-synced drive had disappeared.

It turned out that on another machine, the cloud synced SSD (6 months old) had died. The “sudden device removal” was interpreted by that alternative product as erasing all data from that drive. As a result, all synced hard drives on connected devices and the cloud storage itself were wiped clean.

Would the same happen with Nextcloud?

*We work with large files, up to 500 Mb + want to search and filter files with features found in desktop software.

Hi @HuS welcome to the forum :handshake:

what you describe will happen more or less in any sync application. If one of the systems reports “all files need to be deleted” then it is exactly how the system is expected to work. not deleting the files is more or less “unexpected”. Some solutions like onedrive implement some measures to prevent mass deletions of files but in my eyes this goes little too far…

But with Nextcloud as other cloud solutions as well you got recycle bin where all the files remain for some time and can be easily recovered…

Thank you @wwe
I, too can see file-deletion as a logical consequence of device failure. Our Cloud Provider also allowed us to undelete all files – but rolling back was far from loss-free.

  1. Repopulating drives with 300 GB needlessly deleted files took many hours. One could not properly work with these assets during this time.

  2. Our workflow heavily relies on hidden metadata + cache files with the trailing dot convention (.Filename, .FolderName). All newly downloaded data ignored the hidden-flag – I had to manually filter and hide thousands of files and folders on all syncing machines.

  3. Data integrity in depending systems: Some other storage which feeds a web-application pulls data from our nuked Cloud. Would the pulling storage realize that it already had all files, or will it create loads of duplicates [filename(1).jpg]? Seemingly we were lucky…

  4. Moments Panic. Were we hacked, is this a ransomware attack?

We would very much appreciate wipe-protection. A failing disk should not automatically empty the Cloud Storage, which consequently will also wipe all attached devices. Are there any Nextcloud Extensions which take care of this?

I understand… similar situations are more or less unforeseeable, so one can’t reasonably discuss what happens. if the problem manifest for some reason you have lot of work to recover from the problem even if there is no data loss and you “only” need to re-…sync all the data from the cloud

I’m not aware of any… File sync is more or less the core of Nextcloud and works good but the company is very small and with its limited resources it can’t really compete with big-tech when it comes to polishing and covering edge cases…

While I share your expectations as a user but at same time being an engineer from the technical perspective - how should the cloud know all the deleted files come from a failing harddisk?

Thanks again - I appreciate your Nextcloud
insights! You are correct, that what happened to us is rare.

Then again, thinking of Dropbox or Google Drive, their immense userbases and of SSDs dying without warning… Statistically there must be quite a number of people all over the world who encounter the same thing we saw.

And there will even be people who noticed too late for any reason and lose their data permanently.

‘How should the software know that a device has failed?’ It likely couldn’t know for sure.

Let’s assume full data deletion from cloud and sound machines was an action that generally required admin consent. No denied consent in the world will revive the dead drive, obviously, its data is gone.

Yet, I naively imagined that the cloud software could see the death of an attached drive not only as a a long sequence of calls for entity deletion - but could anticipate the big picture: The forbidden action. Then it would stop clearing all intact drives and ask for consent.

Dying hardware also means all calls for deletion will come in simultaneously - that might help the software interpret the case.

I had hoped that an open source product either already had an extension that does what I described or that there were ways to write such rules yourself.

Suggesting such a safety net to the big players would be a waste of time.

Well, you may use smartctl tool and monitor the closeness of your HDDs to the death: mostly it will not happen under normal conditions. And you may write your script which will not allow syncing with the dying drives. But that is out of scope of NC, IMHO.

Yup, should not happen, but it did: After half a year of very light usage with likely less than a single TB written. Big brand, product with great test results.

We didn’t use the tool you mentioned, but had the manufacturer-supplied drive maintenance tool installed. Honestly, I didn’t explicitly check whether it went to autostart (they usually do). At any rate, it remained silent.