Decoding the flag soup
Every tar command is built from the same pieces: exactly one operation, create, extract, list, plus f for "the archive is this file" (almost always needed, almost always last before the filename), a compressor (z gzip, j bzip2, J xz, --zstd), and modifiers like v for verbose. Read -czf as "create, gzip, file:" and the whole table above becomes predictable rather than memorised.
Habits that prevent disasters
List before extracting (-t): a well-made archive contains a single top-level directory; a careless one is a "tar bomb" that sprays files into your current directory. Extract into a fresh directory or use -C when unsure. For backups, run as root with -p --same-owner or restored permissions will silently belong to whoever extracted. And keep archive paths relative (tar strips leading / by default, a safety feature, not a bug) so a restore can't blindly overwrite a live /etc.
Choosing compression in 2026
gzip (z) remains the compatibility default. xz (J) squeezes ~30% smaller but can be ten times slower to create. zstd (--zstd) compresses nearly as well as xz at nearly gzip speed and decompresses faster than both, for backups on modern systems it's the right answer, and -a with a .tar.zst filename selects it automatically. For huge trees, compression, not disk I/O, is usually the bottleneck: -I 'zstd -T0' (or pigz for gzip) uses all cores.