Tapestry was a specialized backup automation utility, written in Python 3.6 for use on unix and Windows systems. It is currently tested on Windows 10, Ubuntu 18.04 and Max OS X. Tapestry operates in a somewhat novel way, performing backups of whole files, operating from recursively-generated lists taken from the contents of user-specified files, packaging them using our Blockwise Packaging Algorithm before compressing, encrypting, and signing them for storage - a model which allows the user to eliminate trust in the security of the storage solution completely, with complete portability.

Zero Trust

Reduce your threat surface by eliminating the need for unnecessary trust in your storage solution. Tapestry’s assymetric encryption method means that only your trusted administrators can view or restore from a Tapestry backup, while providing strong verification of backup integrity through digital signatures. If your storage is readable, your backups are secure.

Portability

Category path definitions are user-defined, and non-platform specific. Backups created on any platform can be restored on any other platform - with their original file heirarchy intact - exactly where you want them to be.

Resilliency

Tapestry stores the full index information for each backup in every single block of the backup. If you find yourself with only fragments of your backup, the pieces you do have are fully recoverable. Further, the NewRIFF metadata format is designed with extensibility in mind - future releases of Tapestry will be fully reverse compatible, always.

Tapestry was a specialized backup automation utility, written in Python 3.6 for use on unix and Windows systems. It is currently tested on Windows 10, Ubuntu 18.04 and Max OS X. Tapestry operates in a somewhat novel way, performing backups of whole files, operating from recursively-generated lists taken from the contents of user-specified files, packaging them using our Blockwise Packaging Algorithm before compressing, encrypting, and signing them for storage - a model which allows the user to eliminate trust in the security of the storage solution completely, with complete portability.

As of January 2024, Tapestry is now archived software. It is no longer being actively maintained beyond critical security fixes. Better alternatives are likely available, but if you are a tapestry user we’d love to hear from you. Please contact this address if you have a pressing need for this software, and we’ll see about trying to restore it.

Tapestry is currently in its v 2.2.0 release. This release included a variety of cross-platform bug fixes and performance enhancements, along with the critical feature to verify that files were unaltered during the backup creation process. See the changelog for details.

Already sold, and just want to try it out? Flip open your shell of choice and call pip install tapestry.

Trust Only Uptime

Tapestry was designed from the ground up to eliminate the need for trust wherever possible. For sensitive business and personal information, simply trusting your storage provider not to view or tamper with your content is just not an option. For that reason, we’ve implemented a number of features to place proven security technologies in the hands of our users. Asymmetric Encryption via PGP

Tapestry uses Gnu Privacy Guard (GPG), a free, open-source implementation of the OpenPGP protocol, to encrypt each and every file it produces with aymmetric encryption. The practical upshot? The public half of the recovery key could be distrubted organization-wide to generate backups, while only a few trusted admins might have access to the private half. There’s no tedious per-file key management or reliance on low-strength passwords. One recovery key, one disaster avoided.

Proof-of-Integrity with RSA Signatures

Tapestry supports automatic signing of its generated output files using a per-user-configurable signing key. With proper key management, this means you can have high confidence that the file you retrieve from your storage solution is the same file you put there when you generated the backup - not a bit out of place. Combined with the right PKI, this makes managing the trust level necessary to validate backups a snap.

Zero Data Tracking

Apart from the data which is generated and stored in each backup, Tapestry collects exactly no data about the users running it or the systems it’s being run on, and has no telemetry capabilities. We don’t even see the passphrase protecting your keys - by design, we leave collecting the passphrase up to your GPG install’s configuration by letting it trigger the Pin Entry binary you specified.

In short: you don’t even have to trust us.

Complete Freedom Of Movement

From the beginning, Tapestry was always meant to be completely platform independant. As long as you have a python interpreter and GnuPG installed, you’ll have access to the full host of features Tapestry provides.

Have Pip, Will Travel

Even recovering from a brand new OS install is easier now with the release of Tapestry via the Python Package index. An up-to-date version of Tapestry is just a pip install tapestry away. On Linux, this means you can recover in minutes. On Windows, you’ll have to install Tapestry’s dependancies python and Gnupg4win first.

Categorical Indexing: What you want, where you want it

Tapestry’s tapestry.cfg configuration file allows you to define the top-level path to each of your categories for both windows and linux simultaneously, while the NewRIFF recovery metadata introduced in Tapestry 2.0.0 contains the lower portion of the path for each and every file. Your documents in linux can be placed right alongside your documents from Windows, if necessary!

Lost your config file, or can’t remember your categories? Not a problem. If Tapestry can’t find the right category in your configuraiton file, it will just create a directory at your specified output path and rebuild the original file structure for that category there.

One-line Automation

Attack the problem of forgetfulness head on - triggering tapestry every third thursday at 2 AM is a single line in crontab away.

Robust Resilliency

A backup solution isn’t very good if corruption in one file means the whole backup is lost. Every precaution has been taken to prevent such an outcome. Minimum Intervention Approach

To better protect the integrity of your data, Tapestry doesn’t mess around performing delta-based backup processes like change-logging or version control. Every Tapestry backup contains every file in every directory you told it to look at, in full and unaltered. No complex change management or tracking required.

First, Tapestry crawls the directories and sub-directories of the categories you’d indicated, preparing the indexing information it requires. Then, it performs a “moving truck” algorithm to prepare the minimum number of output blocks, each no larger than a filesize you specified. Burning to CDs or DVDs? No problem. Throwing packets over the wire to a legacy FTP or NFS share? No problem. Don’t vare about the output file size? Still no problem.

Redundant Indexing

Every single output file produced by tapestry contains the full recovery index. What’s this mean for you? That means if you only have part of the backup for some reason, you can still recover the part you had.

LabNotes for This Project

End of an Era: Archiving Tapestry

04 Jan 2024

Tapestry is the oldest code project of mine that can be said to fall under the Arcana Labs umbrella - in fact, it’s so old that the project itself has persisted through two full rebrands and renamings of the lab - Kensho Security Labs, and Patch Savage Labs before that. While I’m sure I’m now its only continuous user, the fact remains it is, at least for me, a profoundly useful backup utility… when it works… and sadly, it no longer works.

Nailing Down a Years-Old Problem in Tapestry

20 Dec 2023

Tapestry is the oldest code project of mine that can be said to fall under the Arcana Labs umbrella - in fact, it’s so old that the project itself has persisted through two full rebrands and renamings of the lab - Kensho Security Labs, and Patch Savage Labs before that. While I’m sure I’m now its only continuous user, the fact remains it is, at least for me, a profoundly useful backup utility… when it works.

Lab Notes: A Lazy August

27 Aug 2021

Wasn’t there an update for Tapestry coming out this month? Weren’t you going to keep working on PETI? Did anything get done at the labs, come to think of it? Actually, yeah. Lots of things have happened. Let’s talk about those.

Reviving Tapestry

01 Jul 2021

Tapestery is probably the oldest project most Arcana Labs followers would remember me working on. It began two iterations of identity ago, back when this was “Patch Savage Labs”, followed through the Kensho Security Labs Rebrand, and three jobs and several years later, it’s still with us - a bespoke backup utility nobody asked for.

Adding System Keyring Functionality to Tapestry

05 Feb 2021

Recently - this very morning, in fact - it was suggested that I move credential storage for Tapestry out of the “no, you’re not allowed” space and into the local system keyring by use of the python library module of the same name. After a quick review I decided I would, and the current version of the development code for Tapestry already includes the necessary changes. I did however want to talk about why this decision was made and why you may or may not want to use it.

Tapestry 2.0.2: The Tester's Rewrite

13 Oct 2019

By far the biggest project being worked on right now at Kensho Security Labs is not Tapestry, but Enumpi. But that doesn’t mean we’ve let Tapestry fall completely by the website. We just released version 2.0.2 of the software, bringing some admittedly-minor changes to the software that brings you safe, secure, store-anywhere backup functionality. All we did, really, was add a few functional bypasses called when the program is in testing mode to allow bypassing some forced interaction steps.

Tapestry, The Future, and Simplifying

15 Sep 2019

Of the various projects underway at Kensho Security Labs, Tapestry is probably both the flagship project and the most mature codebase. To date, the project has seen some 14 releases across 471 commits on master.

Tapestry 2.0's Development: A Postmortem

17 Apr 2019

Tapestry 2.0 was released yesterday, and while I slapped together a quick release on the topic at the time, I wanted to follow along that idea with a “lessons learned” retrospective on our testing and development process.

Tapestry 2.0 Is Now Available!

16 Apr 2019

Tapestry 2.0 was released this afternoon. I wanted to throw together a quick blog post about it so that I could plug the new features, explain the major changes, and drop some hints about what we might see in future releases (and when we might expect those). A future blog post is going to offer a retrospective on the 2.0.0 rewrite as a project in its own right!

Introducing Loom

03 Mar 2018

Tapestry is a Fantastic Tool But It’s Missing a Major Feature

Tapestry's Test Hash: MP5‽ Really?

16 Feb 2018

Tapestry Is Getting Real

Trust No One: Eliminating Trust in Tapestry's Design

21 Jan 2018

Wait, I thought the whole point of Tapestry was to establish trust?

In a sense that’s actually true. Tapestry’s purpose was to create an absolutely-trusted backup. That is to say, a user familiar with the program’s operation can create a backup with trust it has not leaked data, store it with trust that it is illegible to remote users, and recover it in the trust it has not been tampered with. However, this approach works precisely because it discards trust in as many factors as possible.

Tapestry in Version 1.0

10 Oct 2017

The trouble with being more toolsmith than true developer is that most of the projects you find useful to construct aren’t really marketable. Tool niches are already filled, with multiple solutions with full dev teams and legions of marketeers. Therefore, if I’m being realistic, I should realize any tool I make, however I generalize it, is going to be niche and bespoke to my uses.

Tapestry 0.3.1 Preview!

08 Sep 2017

In spite of two gigantic sidequests - some Tarnished Tale work and work on the Patch Savage Labs Website - work on Tapestry has continued more or less apace. As expected, there’s nothing major coming down the pipe for 0.3.1, but I thought I’d talk about it anyway since the release will be delayed until somewhere around the end of the month.

Tapestry 0.3.0 is now Live!

23 Aug 2017

Tapestry v.0.3.0 has finally gone live! It should come as no surprise that this release doesn’t fully support windows, and this much is indicated both by the program itself if you attempt to run it in windows, and the readme itself.

The Future of Tapestry

20 Aug 2017

Two months ago, I announced that Tapestry v.0.3.0 was “coming out soon”. And that much is true. What is less certain is what v.0.3.0 is going to look like - and how much that future is going to have to change.

Hacking Tapestry: Some Changes

15 Jul 2017

You might remember that over one month ago, I announced that Tapestry v.0.3.0 was going to have a whole bunch of new features included in it that weren’t there before, and I am happy to say that all of those features work, for versions of work. So where the hell is it? I did a bad.

Sneak Peak at Tapestry 0.3.0!

10 Jun 2017

Tapestry’s next release was intended to be a small set of fixes, finally fixing the passphrase support for Tapestry-generated PGP keys in both the generator and the recovery modes, and a few related small cleaning changes to the way it outputs files. However, a small change in my work environment (and the discovery that somehow my laptop is suitable for hosting a Win7 VM) meant that what was to be 0.2.3 is instead going to be 0.3.0!

The Why of Tapestry

21 May 2017

Tapestry has a very odd design. Not odd in that it is novel (I’m almost certain it isn’t) or odd in its extreme pecularity, but odd in that it is oddly specific. A traditional backup tool functions not unlike a drive snapshot. It pulls your files, and often your applications and OS settings, every time it is run. Contrast with Tapestry, which by default only grabs your Documents and Photos - Music and Videos, too, if run inclusively.

Introducing Tapestry!

20 May 2017

Tapestry is my specialized backup automation tool, currently in version 0.2.2. The project started as a simple exercise in automating what was, for me, a rather complex task. Naturally, it has since sprawled considerably as an exercise in generalizing its use. It is presently written in Python 2.7.12 with dependencies on Python-GNUPG and Gnu Privacy Guard.

This project and its output are provided free of upfront charge as part of the philosophy of FOSS and OSHW development practices. If you like this project and want to support its ongoing development, please check our support page.