Wednesday, July 30, 2008

The Lifehacker Editors' Favorite Software and Hardware

Lifehacker readers range from the complete newbie to the most seasoned techie, but where do the Lifehacker editors stand? We polled our own editors for the computer hardware and applications they swear by and we're breaking it down for you here. This post is categorized into the software each editor uses on a daily basis, the operating systems we live in, the hardware we rely on, the peripherals we utilize on a regular basis, and webapps we need. Then we tell you exactly what kind of user we think we are.

Gina Trapani, Editor:

The Basics

  • Firefox: I spend the majority of my day in my favorite browser, where I manage email, write Lifehacker posts, read RSS, and surf. My must-have Firefox extensions include: Foxmarks (so my bookmarks are everywhere), DownThemAll! (for downloading big files), CoLT (for grabbing links to drop into Lifehacker posts), all of the Better Extensions which I put together, Firebug and Chris Pederick's Web Developer toolbar (for development), and Greasemonkey and Stylish for customizing pages. (Here are my current user style picks.)
  • Quicksilver: On any Mac, I'll Cmd+Spacebar out of habit, because I've come to rely on QS so much for launching apps, moving files, resizing images to Lifehacker's standard sizes, and accessing frequently-used documents on the Shelf.
  • TextExpander (Mac) and Texter (Windows): Not only does TE and Texter help me write Lifehacker posts by auto-expanding HTML snippets, it auto-corrects typos and helps me stay on track with our style guide (by automatically replacing things like "wifi" with "Wi-Fi", for example).
  • TextWrangler (Mac) and EditPlus (Windows): Everyone needs a good text editor, and these two are my picks. (TextWrangler is free, but EditPlus is not).
  • KeePass: The day I sat down and created my KeePass password database—and decided every time I'd set up a new password I'd store it there—was a good day indeed. While I do use Firefox to save web-based logins, KeePass is an awesome secure parking place for Wi-Fi, network, computer, and file passwords as well as software serial numbers. Since it's Mac and Windows compatible, if I save a password on the PC's copy of Firefox, I'll also enter it into KeePass so I can still look it up on the Mac.
  • Adobe ImageReady: A throwback to my web dev years, I still reach for an old copy of IR whenever I have to do any image editing beyond simple cropping and resizing. Been meaning to get good at a free option for awhile now—and I'll have to, since Adobe discontinued ImageReady releases.
  • Adium (Mac) and Pidgin (Windows): I'm not a huge IM user, but when I need to hop on for a quick chat these are my two clients of choice.
  • Cygwin: I'm not running a Linux desktop full-time, but I do need my ls and scp. While offers these Unix command line tools built into OS X, Cygwin can give it to you on Windows.
  • InstantShot (Mac), Skitch (Mac), and SnagIt (Windows): Since I take screenshots all day long, these three apps are indispensable. For a simple snap and resize, I use InstantShot and Preview; to annotate screenshots SnagIt and Skitch get the job done.
  • Mozy (Mac and Windows), Time Machine (Mac), and SyncBackSE (Windows): Since I work at home with no IT department backing up a network drive, backing up my important data's up to me. I bought an unlimited Mozy subscription for off-site backup in case of fire, flood, theft, or tsunami, and use Time Machine and SyncBack to run regular local backups to a FireWire drive.
  • GeekTool (Mac) and Samurize (Windows): I like having my todo.txt, a calendar, and a set of daily reminders in front of my face every day. So while I keep my desktop clear of shortcuts and documents, GeekTool and Samurize pins my top tasks, a two month calendar, and remind reminders to keep me on track during the day. Here's more on setting up GeekTool on the Mac, and incorporating text files on your desktop with Samurize.

Primary OS

It's changed over the years and will continue to shift, but right now I split my time about 80%/20% Mac OS X and Windows XP. I plan to increase my Windows time (and get Vista into the mix) to better serve Lifehacker readers, who are primarily Windows (about 70% at the moment, though this chart changes by the minute). Setting up a Hardy desktop is also looking more and more tempting.


I used to use four different computers on a regular basis, but keeping them all maintained, synced, backed up, and up to date with operating system patches became too much. So last year I decided to simplify and pare down the machine I use for work purposes to one laptop (so I could take it with me when I travel), and chose:

  • A 15-inch MacBook Pro to which I added a stick of memory, using Adam's guide. I run both Windows XP and Leopard on this machine with VMware. (I used to Boot Camp and virtualize that partition in Parallels—but when I needed more internal hard drive space, I killed the Boot Camp partition and now just virtualize XP.) I've also got...
  • An ancient Dell Dimension tower which I launched Lifehacker on mostly goes unused now. For awhile I used it as a file server, but to reduce energy consumption, I decided keeping an always-on file server was overkill for the two people who live in my household.
  • A G4 PowerBook, which was replaced by my MacBook Pro last year, lives in the living room. For a beat-up secondary computer, the PowerBook still does triple duty as a media center file server for my XBMC, a recipe reference in the kitchen while we cook, and my other half's main computer.
  • A classic Xbox running XBMC is my primary media center for watching downloaded video, and my TiVo records TV episodes online.


Besides a stack of external hard drives, a Netgear router, an ink jet printer, and a widescreen Dell monitor I hook the MacBook up to when I'm at my desk, I've got:

  • A Fujitsu ScanSnap mobile scanner for Mac, which is perfect for scanning receipts, contracts, and newspaper articles. I reviewed the Windows version here and loved it so much, that when I sent the review unit back to Fujitsu I bought the Mac version as soon as it was available..
  • An iPhone, which I had misgivings about purchasing when I lost my Nokia. The iPhone 2.0 software isn't without problems that are dogging me as well as a couple of others, but for the most part, it's a very pleasant gadget to use.


Even though I still like keeping important files saved to my local hard drive, I've moved most of my daily work into a Firefox tab (which makes it easy to access from the iPhone as well). I use dozens of webapps, but the primary ones are:

  • Gmail: A year or so ago I abandoned Thunderbird to use Gmail's web interface exclusively, mostly for its conversation thread view (which T-bird doesn't quite handle as well) and its keyboard shortcuts, and because I'm constantly working on the Better Gmail extension.
  • Google Reader: Once I switched from Bloglines to Google Reader, I've never looked back—even though Adam did almost convince me to move to NetNewsWire, I'm too happy with my Reader workflow to change things up. I'll often read feeds while I'm on line at the grocery store or in the doctor's waiting room, and star items that may turn into Lifehacker posts later.
  • Google Calendar: The Lifehacker staff uses a shared GCal calendar to schedule vacations, conferences, and software launches, and I use it for my personal calendar as well.
  • Campfire: In lieu of instant messenger, at Adam's suggestion, the Lifehacker staff started hanging out in a Campfire room throughout the day while we write, which helps us coordinate and ask quick questions and make decisions so much faster than over email.
  • Twitter: I don't have the time to fool around on Facebook or Flickr as much as I used to, but contributing to and scanning Twitter is a fast, efficient way hear what my pals are up to and blog with very little effort. Twitter's helped me keep in touch with my NYC friends, find story ideas faster than they break in my RSS reader, recruit guest writers, keep tabs on people I admire and look up to, and poll people I trust quickly.
I also love MediaWiki and Here's more on the apps that run Lifehacker's virtual office.

Self Assessment

I'm a late early adopter. I love to try out new apps, but after reviewing thousands over the years here at Lifehacker, I think long and hard before I actually work one into my daily workflow. I'm a big open source advocate—to the point of a tendency toward that "tinfoil hat" free software extremist mindset—but I will (and do) compromise for beautiful and easy-to-use software, too. It's great that you can do so much in the cloud these days, but I like to store and manipulate my own data and avoid webapp lock-in as well—so, for example, I back up my Gmail account via POP. I love tinkering with software, but I'm not as much of a hardware DIYer as my co-editors, many of whom have built their own computers.

Adam Pash, Senior Editor:
The Basics

Primary OS
I've been primarily operating in OS X since I built my Hackintosh, but I'm always running VMware Fusion (another must have) with Windows and (sometimes) Ubuntu.

I'm using the Hackintosh as my main desktop, an aging MacBook Pro with OS X and Vista in Boot Camp, and an older Windows box that's a dedicated Media Center back-end. Then there's the Xbox 360, of course, which gets about as much tinkering time as the Media Center.

Both of my desktop computers (the Hackintosh and the Vista Media Center) were built from the ground up.

There's also my iPhone, which I use almost as much as my laptop these days.

After a weekend of watching a friend regularly reboot his router while I was visiting recently, I should give credit to my router, which is intermittently either running Tomato or DD-WRT. They're rock solid.

I've got a Logitech MX Revolution wireless mouse and one of the new slim Apple keyboards, both of which are very nice to work with daily. I've also got a cheap-ish Canon MP180 printer/scanner combo with a recently broken printer tray.


  • Love Gmail. I've been making a small move to desktop apps lately, but until Google makes a desktop version of Gmail (not likely) or someone rips off the main tenets of the Gmail interface, I'm not leaving it any time soon.
  • I'm also a big fan of Mediawiki as a software, and—naturally—Wikipedia. I may have well been answering this question in 2004.

Self Assessment
I'm a big fan of anything I can build for cheaper than I can buy it. Hardware DIY gets easier and easier every year, and I've managed to do just fine for myself without ever picking up a soldering gun or anything of the sort. It's all much easier than most people think.

Kevin Purdy, Associate Editor:
The Basics

  • Firefox: With the following extensions: Foxmarks (syncing between systems and Firefox portable, Password Exporter (same reason), CustomizeGoogle (newly installed, mostly for the Google Link annoyance described at #8, and the dev build (i.e. Firefox 3-compatible) of Tab Mix Plus.
  • Launchy and Texter: Both suggestions from Adam, both indispensable to my Windows work. When I'm in Linux, though ...
  • GNOME Do and Snippits: The Linux semi-equivalents.
  • Pidgin: I used to use the last version of vanilla AIM that worked with the (then-free) DeadAIM plugin, until I became a Linux geek and friends started hitting me up on GChat.
  • GIMP: Because I truly do suck at Photoshop, so I'm learning day-by-day with its free counterpart.
  • Prism: For running Campfire, Google Calendar, and a few other apps in distraction-free shells on the desktop.
  • Revo Uninstaller: For cleanly and completely uninstalling most of the software I test out on the job.

Primary OS
I honestly split my time between Windows Vista and Ubuntu Hardy Heron (8.04). Up until recently, I'd been almost exclusively running Hardy (which I've openly professed my fondness of) with a wirelessly synced iPod touch, but I can't get my dual monitor setup working in Hardy, and iPhone 2.0 put a nix on the second—for now.


  • A five-year-old desktop I built myself, now doing light testing duty with XP installed
  • A Lenovo ThinkPad T61P (dual-booting Ubuntu and Vista)
  • My parents' old desktop, turned into a multi-function home server (converted with help from Gina's guides and this starting point.
  • My wife's Compaq Presario laptop, which suffers its fair share of guinea pigging.

  • Linksys WRT54G (ver. 6) router: Big mistake, considering I have to wince every time Adam finds a new Super Router firmware (like Tomato or DD-WRT), and I have to sit it out with my locked-down blue box.
  • HP Deskjet 825c: Hooked up to the home server for remote printing (from every system except Vista, of course).
  • iPods: I've got an old 4 GB mini, the wife has a 4 GB nano, and I'm constantly tweaking my 8 GB touch.
  • LG LCD monitor: Originally for the old desktop, now a dual screen for the ThinkPad.

I use quite a number of them, but the main ones are:
  • Google Docs: I might switch over to the more feature-rich Zoho Suite one day, because the feature I love most about GDocs is simply that it saves every few seconds. The accessibility and offline abilities don't hurt, either, though.
  • Reader: Both during morning posts and casual browsing through the iPhone-friendly beta.
  • Gmail: Big surprise, I'm sure, but I mostly use it through Thunderbird via IMAP for both work and home mail.
  • Remember the Milk: On my AWN dock in Linux, on my iPod touch, my iGoogle start page, through my phone and email—a truly universal but simple to-do list.

Self Assessment
I'm obviously a big fan of open source and free software, as you can probably tell from the lists above. I chose and customized my laptop in large part for its Linux-friendliness, and I'll always favor software and webapps that can be accessed from any computer. In general, though, I can never leave well enough alone—a good trait in writing for this site, I'd think—and while I'm pretty satisfied with my current array of tools, I'm thinking a few lower-tech, real-world productivity tools—index cards, anyone?—could probably find a useful home somewhere in my system.

Jason Fitzpatrick, Contributing Editor:
The [Free] Basics

  • Launchy: Although I'm a relatively new user of Launchy, I'm finding rapidly that I use it enough that I'm frustrated when I'm on a computer that doesn't have it.
  • Digsby: With lots of people on lots of different messaging platforms, Digsby makes my life easier.
  • Picasa2: When dealing exclusively with client files I'll use a program like Adobe Lightroom, but for ease of use and for a program that is easy to use for my non-techie wife, Picasa2 is a fantastic fit.
  • TeraCopy: I hated the built-in file handler in Windows. When you're moving 80 gigs from one drive to another you don't want to come back after your lunch break and see there was an error at the end of the transfer and the whole thing aborted. TeraCopy takes that pain away!
  • xplorer2 lite: I also hated the default file explorer in Windows. When you're editing large amounts of media and organizing it, having an explorer alternative on steroids is the only way to go.
  • UltraVNC: Over the years there have been all sorts of fancy new ways to remotely connect to your home PC, but I've never found anything I like more than a basic VNC connection.

The [Paid] Basics

  • Photoshop: I've been using Photoshop for almost 15 years now and short of writing my own programs and playing with them, haven't had more fun with another piece of software.
  • UltraMon: If you have dual monitors, it's invaluable.

Primary OS
My primary OS is Windows XP. I'm usually in some state of tinkering
with OS X (working on a Hackintosh just for kicks), and Linux. I find as time goes on that with Linux I'm less tinkering with the limited free time I have to play with it and more enjoying it. Linux has really matured since I first installed it in 1994.

I used to be an avid computer builder. As far as my primary machine for daily use goes, I usually just purchase a machine that's on sale and throw a bunch of RAM and hard drives in it. I don't game much anymore, so my rig doesn't need to bleed speed. All of that said I have a ton of parts and I often strip down computers before people send them off to be recycled so I have more than enough motherboards, hard drives, etc. to build all the random projects I set my mind too. The level of parts in my workshop has reached a saturation point actually, and it is extremely likely that my next computer will be built from them with a few newer pieces thrown in.

I don't really have any peripherals that I love... except my Logitech Trackman Wheel. I've been using a Logitech Trackman for over 10 years now and I love controlling the entire movement of the mouse with just my thumb. If Logitech announced they would no longer be producing the Trackman, I'd go out and buy a stockpile just to be safe. If we're being a bit looser with definition of peripherals, I'm quite fond of my Windows Mobile phone, the HTC Apache, it's a rather common WM phone but I like having a device I can custom and tweak to my hearts content. I frequently use the BuildOS program from to rebuild my entire phone and try new things.

The only web apps I use with any consistency are Gmail and Google Reader. I also use SmugMug to catalog and share media with family and clients and Mozy to back up data. For my Windows Mobile phone I use the service DashWire to conduct remote backups of contacts and other data.

Self Assessment
My computer usage reflects strongly on my general personality. I don't use many social networking tools, I'm not the kind of person that Twitters the minute details of their life. I share my personal pictures on a password-protected site only for family, not on Flickr. When I'm working I use a pretty Spartan set of tools which helps me stay focused. Google Reader to distill my feeds, Firefox to help fling me about the web, a simple calendar, contact list, and to-do list in Outlook to sync with my Windows Mobile phone. And when I'm goofing around instead of getting work done I'm all over the map experimenting with new software, dubbing foreign films, playing in Photoshop, building a TiVo clone out of spare parts from my workshop bins, trying out new tweaks on my XBMC, etc. I love experimenting and playing with computers, I've just come to a point in my life where I have enough of a time crunch that I have to be careful to fence off the "Let's see what we can solder to this!" part of my love for computers from my "Let's get some work done and pay the bills!" part.

Tamar Weinberg, Contributing Editor:
The [Free] Basics

  • Notepad2: I'm not a developer so I don't really need the extravagant features offered by LH favorite Notepad++. I do love the line-numbers and color-coding of Notepad2, and that's all I'm looking for in a Notepad replacement.
  • Pidgin: I'm a fan of purple penguins and find Pidgin's options easily configurable for my needs. I also use a very old version of AIM with DeadAIM because the GUI is oh-so-nice. By the way, Digsby is on my list of apps to try!
  • Irfanview: Because it's so incredibly lightweight and small, Irfanview is a great app to use for image viewing and to resize or crop images quickly.
  • Firefox: Firefox 3.0.1 is a terrific browser, and unlike 3.0, this baby doesn't crash at all on my computer.
  • VLC Media Player: I used to open files and never be able to locate the proper codecs. VLC eliminates that hassle. When I have downtime and want to watch a movie or TV show on my computer, VLC does a nifty job, and it's also pretty lightweight too, which adds to the appeal.

The [Paid] Basics
  • FlashFXP: Unlimited lifetime upgrades and a purchase that was made several years ago made this an easy choice.

Primary OS
My primary operating system at this time is Windows XP Pro. Ah yes, a Mac OS would be nice, but I've been procrastinating on making the plunge! Windows XP does what I need. Additionally, I run a Fedora 9 box in the corner of my apartment and am always SSH'd into it to tinker around with the system.

My main computer is a Dell XPS M1710 laptop, but I built the two desktops I use (they run Windows XP and Fedora 9). I test Lifehacker software on another old Dell laptop. I also have a MacBook Air that I haven't yet used. I know Gina is going to kill me when she reads this.

Peripherals and Gadgets

  • Samsung ML-2010: Really the family printer of choice, and we like it because of the network printing capabilities. I'm a big fan of getting up to gather my printouts days after I print them out!
  • Flip video: I'm new to the video world, but the Flip has proven to be a small yet affordable camcorder that produces quality results.
  • Treo 755p: I've been using Palm OS for almost 10 years now and can't really fathom moving over to a Windows Smartphone.
  • iPod touch: I once wished for an iPhone without the phone. Then, Apple announced the iPod touch. All it needs now is more storage space.
  • Lots of external hard drives: I've suffered way too many hard drive failures to risk losing data again, so I have more than a terabyte of data stored on external hard drives in the event that my main drives fail.

I don't use other peripherals on a regular basis primarily because my desk is my lap and my office chair is a couch. There's not much you can use here without things falling all over the place.


  • Gmail: I really like Gmail, especially since it now supports IMAP. I have four tabs of Gmail for the three accounts I use (three of which are on Google Apps for Domains). Really, who doesn't like Gmail?
  • Flickr: To put it simply, photo sharing rocks. I'm a big fan of social media and I love being able to tag photos, comment on them, add notes, and organize them into sets that others can easily see and navigate to. I also love how you can bookmark your favorite photos with the "call a fave" feature.
  • Twitter: I use Twitter on a pretty consistent basis mostly to foster and build professional relationships. I enjoy that it has an API with hundreds of available applications. I primarily use Twhirl with Twitter and I take heavy advantage of the SMS tools when I'm mobile.
  • WordPress is my blogging platform of choice, but I do use MovableType maybe even more regularly.
  • FriendFeed: FriendFeed is one of my favorite tools ever to keep abreast of the news that interests my colleague and peers, and the conversation is growing. The best part is that you can hide the noise and only focus in on the signal.
  • Carbonite: This non-intrusive backup solution for Windows and Mac is tough to beat for the price of $49.95/year for unlimited storage.

Much of what I use revolves around my work behavior, since I'm tremendously focused on using the computer for all work and no play (if I play, I'll go with a console of some sort—my Wii and Xbox360 get some nice face time when I have a spare moment). I'm somewhat old school but I love to try new things provided that I don't have to install them on my computer (well, for the most part).

Now it's your turn...
Readers, what are your preferred freeware, shareware, and commercial apps? What gadgets and peripherals tickle your fancy? Which webapps do you use consistently? Share your all-time favorite recommendations in the comments.

Original here

Save Your Data With One of These Top Backup Programs

We test five new apps that make saving--and restoring--your vital data a lot easier than tools you've tried in the past.

Jon L. Jacobi

Saving files on your hard drive is the easy part; choosing how to back up those files can be more difficult.

And why do you need backup software? If you ever have a hard drive fail, or get hit with an impossible-to-remove virus, you'll find that a complete backup--including your files, drives, and operating system--is the simplest way to get things back to normal. Not having backups is like flying in a combat zone without a parachute.

Traditional backup programs help you organize, schedule, and maintain your backups, and their newest versions make doing so easier than ever. However, tradition is quickly accommodating new realities. Two of the products we tested--NovaStor NovaBackup and EMC Retrospect Professional--recognize the increasing role of online backup in users' backup strategies.

Online backup is easy, secure, and safer than local backup (by virtue of being off-site, and being stored on drives that are themselves backed up regularly by your online service provider). Nevertheless, it isn't appropriate for everyone; most users have relatively slow upload speeds over their online connection, so online backup can be considerably slower than backing up to a local or ethernet hard disk. With a large collection of digital photos or multimedia, you're talking several days, literally.

Ideally, all backup programs would offer seamless access to all online backup services, but most don't. In the case of NovaStor and EMC, both companies also offer separate online backup services (NovaNet-Web and Mozy, respectively), which made tighter integration between the software and the online service a natural progression (NovaStor does a much better job at this than EMC, which offers basically a band-aid solution).

And while online backup is clearly the wave of the future, don't wait for the future to add a backup utility to your list of must-have applications now. A delay could be one of the costliest mistakes you'll ever make in your computing life.

The backup programs discussed on these pages are all available as downloads--see the link at the end of each review. Or see the complete collection of all these files.

Online and On Your Hard Drive

NovaStor NovaBackup 10 Professional

NovaStor's NovaBackup 10; click to enlarge.
If you're wondering what happened to NovaBackup 9, so am I: The company, oddly, went straight from version 8 to version 10. However, if my hands-on testing is any indication, the program simply may have been that much improved.

While the $50 NovaBackup 10 (price as of 7/15/2008) has many major changes under the hood, the obvious improvement to this package is its infinitely friendlier user interface. This interface mimics one of the best, Microsoft Office 2007, and its big-button file menu. Perhaps even more important, NovaBackup's layout and workflow are immaculate--a rarity among the comprehensive backup applications that NovaBackup competes against.

Another huge improvement is the addition of disk imaging--backing up drives and partitions in their entirety. Since version 10 marks NovaStor's initial attempt at a disk imaging capability, I expected a primitive first-time solution; but NovaBackup's implementation, courtesy of Farstone, is more than adequate for most users, and will likely satisfy many professional users.

You can back up and restore entire drives or single partitions, restore individual files and folders, and even search within individual images once you mount them as a Windows drive letter.

I enjoyed my hands-on trials with NovaBackup 10 tremendously--especially the seamless integration of online backup storage. If you have an Amazon S3 or NovaStor's Digistor, you can simply add the service as a device, enter your user info, and then select it as the destination for any of your backups. Not that the backup clients for other online services are bad, but using NovaBackup's advanced options and GUI simply make it that much easier. It also allows you to apply the same settings to your local backups so that you're always sure you have everything backed up to each location.

NovaBackup includes a free, one-year, 2GB DigiStor account, though you need to provide credit card information to use it; the account will be cancelled, not automatically renewed, if you don't want to keep it.

NovaStor claims that it's reworked many of NovaBackup's internal routines so that backups transpire faster. In my hands-on testing, backups of every kind were as quick as, or quicker than, the competition's, but the program itself was a bit slow to boot, and the disaster recovery (imaging) module was especially slothful enumerating drives--it took up to 30 seconds to recognize them all. Because no progress bar appears during the enumeration, the first time it occurred I was nearly convinced that the program was locked up. Blinking drive lights told me it wasn't, but the experience is just that slow.

As improved as NovaBackup's interface may be, the software still has few rough spots. I was darned if I could figure out a way to save a script that I created using the backup wizard, which actually says "Create a script to backup your data" (using "backup"--one word--as a verb is their mistake, not mine). Secondly, interface glitches came up when I used the disaster recovery module on my system with XP SP2 set to Large Size (120 DPI) display mode. Until I switched to Normal Size (96 DPI), the module was unusable.

These glitches are easily fixed, and NovaStor has promised to make them quickly. Overall, the program is easy to use and highly capable, with file-based backup, support for tape drives, open-file backup, plain backup and restore of files, seamless online backup, integrated antivirus scanning, and disk imaging--all for just $50, undercutting much of the competition by more than half.

Download NovaStor NovaBackup 10 Professional (Price: $50, 15-day free trial)

EMC Retrospect 7.6 Professional with Continuous Data Protection Professional Add-in

EMC Retrospect 7.6; click to enlarge.
Though I'd love to say that for version 7.6, EMC has revamped Retrospect's rather obtuse interface, such an overhaul hasn't actually occurred. I can report only that the most feature-packed file-based backup program on the planet is now even more powerful, albeit just slightly.

EMC Retrospect 7.6 Professional with Continuous Data Protection Professional Add-in ($129 plus $29 for continuous data module; price as of 7/15/2008) can't be matched for breadth of file-based features: super-flexible scheduling; disaster recovery; plain file copy; support for remote clients, tape drives, the Mac, and name it. If it fits the traditional, file-based backup role, it's in here.

Version 7.6 has two additions: support for Mozy online backup and the company's $29 Continuous Data Protection (CDP) add-in. Alas, while they sound notable, neither is truly integrated; they can only roughly be categorized as new Retrospect features. You can launch CDP from within Retrospect, but it's otherwise a separate entity complete with its own system tray app sitting alongside Retrospect's monitor/scheduler.

Lack of integration aside, Retrospect CDP works well. It differs, however, from many of its competitors (including Memeo Autobackup and NTI Backup 5 Advanced, which is reviewed on the next page) by not allowing you to select a directory such as My Documents for backup. Instead, CDP selects files via what are referred to as protection policies, more commonly known as filters. For instance, select a filter (policy) to back up all Word documents (*.doc, *.docx) and another to back up all JPEG images. It's an easy-to-understand approach for less technical users, but I found it restrictive in practice.

What's decidedly not restrictive is CDP's ability to back up to several different locations. For instance, you can keep constantly updated copies of your data on a thumb drive, in a network folder, and on an external hard drive. You also have the option to back up only when a file is saved or periodically even when open files have not yet been saved.

Online backup integration isn't nearly as seamless. I was hoping that I could simply specify my Mozy online backup account as the destination for a backup job, but for now, Retrospect can only launch the Mozy client or, for first-time users, whisk you to a Web page where you can sign up. (The first 2GB at Mozy are free; you get unlimited personal storage for $5.) I use and recommend the service, but it's not truly a feature of Retrospect itself.

Other Retrospect 7.6 improvements include a Mac client that now runs in native mode (not emulated) on both Power PC and Intel-based Macs; better support for 64-bit operating systems; and the ability to back up a Microsoft Exchange Server 2007 operating in a two-node Windows Server 2008 Cluster environment.

Retrospect 7.6 Professional is $129, which includes two client licenses for backing up other PCs or Macs over a network. Additional client licenses are $39. The upgrade to version 7.6 is free for registered 7.5 users.

Download Retrospect for Windows 7.6 and CDP (Price: $129 for Retrospect, $29 for CDP; 30-day trial)

The Traditionalists

NTI Backup 5 Advanced

NTI Backup 5 Advanced; click to enlarge.
NTI Backup 5 Advanced (price $70 as of 7/23/2008) is by far the most complete backup solution NTI has ever released. It brings continuous data protection (CDP), file-based backup, and what the company calls drive-based backup (otherwise known as disk imaging), all under one extremely friendly roof. It also solves a long-standing problem for NTI--the inability to back up open files.

Backup 5 Advanced uses the same impressively intuitive interface that has been its trademark for several years, with the more polished look that was introduced last year. The step-by-step buttons on the left and the relevant options and selectors on the right are the perfect blend of easy-to-learn and easy-to-use. Many wizardlike interfaces get in the way once you know them, but this one doesn't.

The imaging module includes adjustments for compression level, encryption, and verification. You can get more granular with your tweaks for Backup 5 Advanced's file-based and CDP backup. For CDP, you can back up by filter or location (choose a directory), as well as back up your "profile" (e-mail, desktop settings, address book, Outlook .pst file, and the like). All three types of backup can be scheduled at any time, and you may instruct the PC to go into standby, hibernation, or power-down modes after a job completes. You can also have the program notify you by e-mail upon the completion (or failure) of a job, though it lacks a provision for running programs before and after a job.

Broadly speaking, NTI Backup 5 Advanced worked extremely well for me. Its backups were flawless; however, I had a couple of minor operational gripes. To back up to a network location, I had to first map the destination as a drive within Windows Explorer--a rather odd approach considering the program allows you to select an FTP site as your backup destination. Also, while you can schedule daily backups, you can't set them to run on alternate weeks to different media as you can with Retrospect. I discovered a very minor bug where the drive-based backup wouldn't show the drives on my system while an internal 100MB IDE Zip drive was attached. This was most like a conflict with the ASPI layer used by NTI for low-level drive access.

Backup 5 Advanced is the first NTI backup product I can wholeheartedly recommend: It's a solid, reliable performer, its file-based backup is more than adequate for typical use, and it offers CDP and imaging as well. Alas, at $100 it's twice the price of NovaBackup 10, a product that's nearly as friendly--and more powerful.

Download NTI Backup 5 Advanced (Price: $70; 30-day free trial)

Paragon Drive Backup 9.0 Personal

Paragon's Drive Backup 9.0; click to enlarge
Paragon's disk-imaging application, Drive Backup 9.0 Personal (price $40, as of 7/15/2008), may still be a feature or two shy of competitor Acronis True Image Home 11, but you probably don't need whatever is be missing. DB9's newfound ability to back up and restore individual files and folders, in addition to imaging whole drives and partitions, makes the two programs nearly equal. If the restore implementation were a little simpler, you could throw out the "nearly"; still, Drive Backup 9's friendlier, configurable GUI and its $10 price advantage make it a difficult choice between the two.

While Paragon makes selecting individual files and folders for backup easy, selecting them for restore is harder. When you browse, instead of seeing a separate window with the files listed, you have to navigate a tree in the same browser you used to select the archive. If you're restoring from a long-path network location, this approach becomes unwieldy. The other, more serious problem is that you can restore a file only to its original location. This is a pain when you want to recover an older version of a file without overwriting the newer one.

The other major new feature in this version is the rescue media builder's ability to write its recovery image to a thumb drive as well as to CD. Flash USB drives boot much faster (on newer PCs whose BIOS supports booting from a USB device), and they're easier to carry around. Also, as always, if you own the company's Partition Manager the abilities of that program are added automatically to the recovery media. That makes for a very nice all-around emergency toolkit/boot disc.

The other changes to Drive Backup 9.0 Personal are minor: bug fixes, more drivers, and better support for various operating systems, including Apple's dual-boot Boot Camp for both Mac and PC support. In the end, for straight disk imaging, DB9 is as good as it gets. But the company needs to make restoring individual files and folders easier; and in light of NovaBackup 10, which has imaging as well as a host of other backup features, Paragon should also lower the price.

Download Paragon Drive Backup 9.0 Personal (Price: $40; 30-day free trial)

Titan Backup

Titan Backup; click to enlarge.
Having reviewed literally dozens of backup programs, I'm not easy to impress. But I was impressed with Titan Backup (price $40 as of 7/15/2008). Though it lacks the ability to back up open files and has no imaging capability, it has just about everything else you could wish for in a backup program. The interface is also one of the best I've seen--an intuitive combination of tabbed dialog and step-by-step wizard that I have only minor quibbles with.

Titan Backup's performance and abilities were pretty much on a par with other second-tier backup programs. You can opt for plain file backup, backup to a zip file, or backup to an executable zip (with a 4GB size limit--a zip limitation). Options include 256-bit AES encryption, the ability to run other programs before and after the backup, and user-name or password entry for backing up to protected network locations. The password didn't work with my Synology DS508 NAS box when the destination was a password-protected folder, but I'm inclined to blame this on the NAS box, which has a somewhat odd security implementation. There were no problems backing up to public folders, hard drives, a flash drive, CD/DVD, or via FTP.

Other features include e-mail notifications (with account settings), syncing of folders, a comprehensive scheduler, command-line execution, and some very nicely written help files. There's no support for tape, but on the consumer level, this is a not an issue these days.

As to those GUI quibbles, they were as petty as wishing the company had put the "Edit Task" button on the upper toolbar with "Delete" and "Import Task" configuration buttons instead of with the primary operational "Start" and "Restore" buttons on the side panel.

Download Titan Backup (Price: $40; 15-day free trial

Original here

MySpace joins OpenID coalition to share log-ins

The online hangout MySpace took another step Tuesday in cooperating with rival Internet services, joining a coalition that allows people to use the same accounts and passwords across the Web.

The OpenID coalition now includes Time Warner Inc.'s AOL, Google Inc.'s Blogger, Yahoo Inc. and blogging services Vox, WordPress, LiveJournal. Users with a supported account can activate it for use at other sites accepting OpenID; this way they won't have to keep creating new accounts and remembering passwords.

Because MySpace users now log on with their e-mail addresses, MySpace users wishing to log on at another OpenID site will use their unique Web address -- either an assigned number or a name chosen by the user. MySpace did not say whether it will be accepting OpenID accounts from elsewhere in lieu of its normal registration.

Facebook, the No. 2 online hangout behind News Corp.'s MySpace, has yet to announce OpenID support. Typically, Facebook has favored developing its own systems, while MySpace has been apt to join coalitions. MySpace also is a member of OpenSocial, a Google-initiated platform for sharing applications across the Web.

MySpace also said Tuesday its users will be able to quickly share profile data with two additional partners, Flixster and Eventful. Yahoo Inc. and eBay Inc. are among the partners in the Data Availability program, which lets other sites incorporate MySpace profile information, averting the need for users to constantly create new profiles at each site.

Original here

Groups Urge FCC to Keep the Internet Open

Grant Gross, IDG News Service

The U.S. Federal Communications Commission needs to take steps to keep the Internet free of interference from broadband providers, such as the slowing of peer-to-peer traffic and the tracking of subscribers' Web habits, several witnesses told the FCC at a hearing Monday.

The FCC should take fast action against broadband providers that block access to legal online applications, especially those who don't notify their subscribers, said Marge Krueger, administrator of the Communications Workers of America (CWA) for the district covering Pennsylvania and Delaware.

Krueger didn't name providers that have slowed access to applications, but Comcast has been in the news in recent months for slowing access to the BitTorrent peer-to-peer application. A Comcast representative didn't testify at Monday's hearing at Carnegie Mellon University in Pittsburgh, but the company has repeatedly said it slows BitTorrent traffic at limited times of peak traffic.

Another witness complained that some broadband providers are using deep-packet inspection techniques to track subscribers' Internet use, in an effort to deliver targeted advertising. NebuAd, a California company, has worked with several broadband providers to provide this targeted ad service, but several privacy groups and U.S. lawmakers have objected to the tracking.

Deep-packet inspection can be a useful tool for network management, said David Farber, a computer science and public policy professor at Carnegie Mellon. "What's almost obscene is the fact that people are using it to gather information about what I'm sending on the network and selling that information to other people," Farber said. "That is completely obscene and should be stopped."

Several members of the public also called on the FCC to enforce so-called network neutrality rules that would prohibit broadband providers from blocking or slowing Web content from competitors. Small video producers and other online businesses will not be able to compete without net neutrality rules, said one Carnegie Mellon student.

But Robert Quinn, senior vice president for federal regulatory policy at AT&T, asked the FCC to look carefully before regulating how broadband providers can mange their networks. While the FCC has the power to enforce net neutrality rules, broadband providers need to be able to manage their networks as more and more subscribers begin to use high-bandwidth applications such as video, he said.

AT&T spent about US $17.5 billion in 2007 on expanding networks and other capital improvements, Quinn said. The broadband provider expects bandwidth demand to increase by more than 400 percent in the next three years, he said.

"With the kind of growth we are seeing in bandwidth demand today, we cannot simply stay ahead of the bandwidth curve by building bigger and better pipes," Quinn added. "The money to build them just doesn't exist. Network operators must be able to manage those networks to squeeze out every last ounce of efficiency that we can, in order to keep the cost to the end-user customer as affordable as we can possibly make it."

The CWA's Krueger and several other witnesses called on the U.S. to create a comprehensive broadband policy that would help providers roll out broadband to rural areas and increase speeds. Average U.S. broadband speeds are slower than in several other industrialized nations, putting U.S. consumers and businesses at a disadvantage, she said.

But Scott Wallsten, vice president for research at the conservative Technology Policy Institute, suggested that many reports showing the U.S. falling behind other nations in broadband are misleading, particularly studies by the Organisation for Economic Cooperation and Development (OECD) showing the U.S. 15th in the world in per capita broadband adoption. The U.S. has a larger household size than many other OECD members, and households typically get one broadband connection to share, he said.

The OECD also undercounts business broadband connections, he said.

While better information about broadband availability is needed, the U.S. is not facing a broadband crisis that cries for major new policies, Wallsten said.

FCC member Michael Copps said he found it hard to believe that people were still arguing against a comprehensive broadband policy. All major infrastructure built in the U.S., from the railroads to the telephone network to the interstate highway system, required major investments by the federal government, he said.

"I am unaware of any infrastructure built in the history of this country that has not been accomplished through a public sector/private sector partnership," Copps said. "We're sitting here saying, 'Should there be a [national] strategy?' We've never done that before."

Original here

DNS disaster: first attacks reported

David Meyer, ZDNet UK

The first attacks that are likely to have stemmed from a serious Domain Name System flaw have been reported.

Dan Kaminsky
(Credit: Kaminsky's blog)

The existence of the Domain Name System (DNS) flaw, which could be used to redirect browsers to malicious sites, was revealed at the start of July by security researcher Dan Kaminsky. Multiple vendors, including Microsoft and Cisco, have already issued patches to counteract any attacks.

However, code that could act as a blueprint for an attack via the flaw was published on Wednesday last week by Metasploit, which provides penetration-testing tools. On Friday last week, a user named James Kosin posted an excerpt from a server log to a Fedora Linux mailing list, claiming it proved attacks based on the DNS flaw had begun.

"The DNS attacks are starting," read Kosin's post. "Below is a snippet of a logwatch from last night. Be sure all DNS servers are updated if at all possible. The spooks are out in full on this security vulnerability in force. This is your last warning... Patch or upgrade now!"

Approached via email to discuss his post, Kosin appeared to retreat from saying the activity he had observed was definitely an attack. "I can't prove or disprove any claim that it is an exploit of the flaw other than to say it started about a week ago," he told sister site "I'd already updated the server's DNS application, so I'm taking an educated stab in the peripheral internet here in saying it is a good possibility of being a possible exploit."

Carl Leonard, a threat research manager for the security company Websense, who reported Kosin's post, said his company had still not seen any attack reports in its own systems. However, he said Websense does "expect to" see such reports. "The exploit code is available and people still need to patch systems," he said. "It's kind of a waiting game at the moment."

The flaw in question is inherent to the DNS - the part of the internet's infrastructure that takes a human-readable web-address request and finds the corresponding numeric IP address. The nodes of the DNS are nameservers and, if one of those is left unpatched, the new attack code could fool the server into redirecting user requests to phishing sites or other malware-hosting sites.

Those who need to apply the patch are mostly internet service providers (ISPs) and companies that run their own nameservers. Users can check if their nameservers are vulnerable through a tool hosted on Kaminsky's blog.

Original here

New DNS exploit now in the wild and having a blast

By Joel Hruska

About two weeks ago, we covered the release of a DNS security fix meant to patch a vulnerability in the system that matches domain names with IP addresses. The flaw had been discovered by security researcher Dan Kaminsky some months earlier but, at the time, details on the exploit were being kept secret. That information has since leaked thanks to an accidental blog post by someone at Matasano Security. Fast forward four days, and hackers, enterprising little children that they are, have released an exploit aimed squarely at the vulnerability.

This would be less of an issue if the widely released patch from two weeks ago had been fully deployed, but a number of companies or ISPs don't seem to have gotten the memo. Accordingly to Kaminsky, some 52 percent of DNS servers are still vulnerable to the attack. This is a marked improvement from the 86 percent vulnerability rate in the days immediately following the patch's release, but it's still far too high, especially with dangerous code now squirreling its way across the Internet. Patch deployment is not an instant process, even if the company is on the ball, but we'll hopefully see the number of patched DNS servers skyrocket in the next few days.

Some publications have dubbed the attack Metasploit, but that term refers to the open-source Metasploit Framework that was used to develop it. As for the exploit itself, it's a new variation on a classic DNS poisoning theme. It disrupts the normal translation functions of a DNS server, causing it to redirect users to websites other than the ones they intended to visit. A poisoned DNS server, for example, could send someone to when they had actually typed into the address bar. DNS poisoning isn't new—vulnerabilities have existed for over a decade—but the one Kaminsky discovered increases the power of a successful attack.

Kaminsky has now detailed the methodology of a standard DNS poisoning attack and provides additional information on the vulnerability he discovered. As he describes it, a DNS lookup request is essentially a race between a good guy and a bad guy, each of whom possess certain advantages. The good guy knows when the race begins, and he knows the secret code that's been sent along with that request in order to verify that the response coming back is actually authentic. The bad guy doesn't have this code, but he actually decides when the request goes out, and he knows about the request before the good guy does.

Normally, the good guy wins the vast majority of these races, and the bad guy is forced to race again and again in an attempt to guess the right authentication value before the good guy provides correct information. What Kaminsky discovered, and what the new hack exploits, is a vulnerability in the recursive nature of the DNS system. DNS is designed to "bump" your request along until it reaches a server that can answer the client's request. If you ask for a location it doesn't know, can refer you to,, and so on, until it finds the requisite information. is what's called an "in-bailiwick" relative to—the information that comes back from that server is automatically trusted and passed on.

Therein lies the problem. Instead of launching an attack straight at and losing 99 percent of the time, the bad guy attacks one of the recursive in-bailiwick servers and then feeds it false information. The in-bailiwick server communicates that data back to, which then caches the response—that way, it doesn't need to look the information up again. Problem is, the server has cached poisoned information and doesn't know it. Until that information drops out of the server's cache, the bad guy has effectively won the race.

Moving to the more DNSSEC system would have solved this problem, and that idea was apparently floated, but it was dismissed on account of the tremendous overhead required by this protocol. The patch that currently exists is not a foolproof solution, but it minimizes the chances that the attack will succeed. "The exploit is now tens of thousands of times harder, but still possible," Kaminsky stated during his Black Hat webcast. "one in several hundred million to one in a couple billion."

Original here

Happy SysAdmin Day!

By Patrick Orndorff

Tedwires200Today is SysAdmin Day, otherwise known System Administrator Appreciation Day. This "holiday" was first celebrated in 2000 and takes place annually on the last Friday in July. The goal, according to the SysAdmin Day website, it to give the guys and gals who maintain your computer network some love... and perhaps some nifty gifties!

Let's face it, System Administrators get no respect 364 days a year. This is the day that all fellow System Administrators across the globe, will be showered with expensive sports cars and large piles of cash in appreciation of their diligent work. But seriously, we are asking for a nice token gift and some public acknowledgement. It's the least you could do.

If you are looking for something nerd-tastic for the person who helps keep your data flowing, there is a slew of gift suggestions listed at
Otherwise, you can always go with the old standbys of junk food and comic books. See the System Administrator Appreciation Song video after the jump.
Zemanta Pixie

Outrageous! Government Carelessness

During wartime, one of America's most solemn duties is to take care of its veterans. So why do careless government workers keep putting our vets at risk? That happened last January at a Department of Veterans Affairs medical center in Birmingham, Alabama, when an employee's portable hard drive containing Social Security numbers of more than 250,000 vets and more than a million doctors went missing. A jackpot for any identity thief, the computer was never found, despite an FBI reward. An inspector general later found that the VA office "did not take adequate information, physical, or personnel security measures to protect sensitive data from potential loss or disclosure."

Shocking, right? Well, it's even more shocking when you consider it had happened before. Less than a year earlier, another VA employee in the Washington, D.C., area brought home a laptop computer that held the names, birth dates, and Social Security numbers of 26.5 million veterans, only to have it stolen from his house. When one chagrined U.S. Senator pronounced the incident "absolutely baffling," then-VA secretary Jim Nicholson assured Congress he was "mad as hell" and vowed to aggressively reform security practices. Another federal agency set new guidelines for the handling of portable computers, including the use of special encryption technology to keep unauthorized people from accessing sensitive data.

The laptop of one careless government employee can contain millions of Social Security numbers.

But the computer lost in Alabama wasn't encrypted. Neither was a laptop stolen from the car trunk of a researcher at the National Institutes of Health in February. That laptop had detailed information -- names, birth dates, medical histories -- on 2,500 patients enrolled in a federal medical study. (In a twist you couldn't make up, one of them was Texas Congressman Joe Barton, who also happens to be the founder of the Congressional Privacy Caucus. "I was stunned," Barton said.)

The San Diego-based Identity Theft Resource Center says that 2007 was a banner year for what it calls data breaches, with almost 128 million records reportedly endangered by theft, loss, or hacking. That's more than six times the 20 million exposed records the group counted the previous year. "That's unacceptable," says Ari Schwartz of the Center for Democracy and Technology. "People should be angry."

No one has yet reported being victimized as a result of government sloppiness, but it's only a matter of time: Identity theft is the No. 1 fraud complaint registered by consumers, according to the Federal Trade Commission. Scam artists who steal personal data can easily use it to make some cool cash -- and wreck your life in the process. Data thieves can sign up for credit cards, take out loans, and even receive medical treatment and stick you with the bill -- or commit a crime and then hand your information over to the cops. Have fun clearing that from your record!

Portable computers have raised the risk. About one in five of the cases registered by the Identity Theft Resource Center so far this year involves a stolen or lost laptop. There was the U.S. Transportation Department laptop with data on 133,000 people that was swiped in July 2006 after a Miami-area employee left it in the back of his SUV when he went to lunch. In South Bend, Indiana, last November, a Memorial Hospital employee lost a laptop containing names, addresses, and Social Security numbers of more than 4,300 current and retired employees after reportedly giving it to a flight attendant to stow before takeoff.

It's not just our personal information, by the way, but also data with possible law enforcement or national security importance. A 2007 Justice Department audit found that the FBI was somehow losing 2.6 laptops per month, many with sensitive or classified information. More than 1,400 Energy Department laptops went missing in a six-year period, according to another audit. So much for homeland security.

Despite growing awareness of the problem, real safeguards are not in place. A February report by the Government Accountability Office found that only two of 24 agencies the GAO reviewed had implemented all the security measures recommended by the government. So it shouldn't be a surprise that the GAO also found that at least 19 of 24 agencies had experienced one or more breaches that could expose people's personal information to identity theft.

The same infuriating irresponsibility exists in the private sector: In March 2007, retailers T.J. Maxx and Marshalls admitted that 45 million debit and credit card numbers had been nabbed from their computer systems by hackers who most likely got it all wirelessly.

These kinds of incidents will continue until companies and the government take data privacy more seriously, says Linda Foley of the Identity Theft Resource Center. "People will take data home. It's just the way we are now," she says. "But there should be policies and procedures to protect this information, and they're lacking across the board." (Experts say banks and other financial institutions have generally been a happy exception to that rule.)

One step, which all but 11 states have taken, is for companies and the government to notify the public when their data has been put at risk. But it took the VA three weeks to warn vets after its first major laptop loss -- a reminder that it's time for Washington and corporate America to get off their rears and pay more attention to the private data sitting in their laps.

Do More…

While you may not be able to stop government carelessness, you can protect yourself against ID theft.

• Shred credit card information or any document with your Social Security number before throwing it away. • Make lists of your credit cards and emergency phone numbers in case your wallet is lost or stolen. • Check bank and credit card statements for suspicious charges, and order a copy of your credit report annually.

Original here

How to reveal blocked caller ID info: a video guide to risky behavior

by Joshua Fruhlinger,

Let's say for some reason someone has his or her caller ID blocked and is calling you all the time. Let's then say you really want to know who that person is for, you know, whatever reason -- not that we'd know anything about that. Some crafty phreaker types have come up with a way to do this using an enterprise-spec asterisk box and a SIP trunk provider. In a demonstration video, a hacker tweaks said asterisk box with some new configurations to strip out privacy flags, forward the call to another number, and ultimately reveal caller ID information which, surprisingly, is still available. This isn't meant to be easy, but if the terms "prepend," "SIP trunk," and "asterisk box" don't scare you away, go ahead and watch the video after the break. Big disclaimer: we're not responsible for your broken gear, jail time, or restraining orders.

Original here

5 rules of variable naming.

When I was at uni some 10 years back now, I remember one of my lecturers telling me not to make variable names too long because you would get "pain in your fingers".

Well, rule #1 goes against that advice:

1. Make your variable names long and descriptive
Visual Studio has IntelliSense, Eclipse has its own code completion, and I'm sure whatever IDE you're using can finish your variable names off for you, too. Using long names prevents the ambiguity of short or cryptic names.

2. Put units in your variable names
If you are writing an engineering application you are going to be using variables with units. Embed the unit name in the variable, for example, distanceInMM.

3. If you are using Camel Case, don't capitalise commonly hyphened, or combined words.
Let me explain.

Callback is normally spelt as one word. So, pretty please, don't call your variable callBack.

4. Never, ever use the variable name temp. The only perfectly valid exception to this rule, is when you're writing a swap function.

5. int i is perfectly valid in a small loop. I've met programmers who would crucify me for saying this, but when your loop is half a dozen lines of code long or less, int i is perfectly valid as a loop counter. It's so widely used, it's almost expected.

Original here

No, your code is not so great that it doesn’t need comments

Posted in Software Development by Dan

Code-commenting is so basic and so universal that every programmer, regardless of the language that they practise, thinks that they know all there is to know and that their way is the only sensible approach (I am no different in this respect). I guess that’s why there are so many blog postings offering advice on commenting (you can add this one to the list).

Even the elite of programmer bloggers are having their say. Steve Yegge covered it and, more recently, so did Jeff Attwood. Jeff’s basic advice, that you wouldn’t need so many comments if you wrote the code to be more self-explanatory, is sound but the idea that we should be aiming for some kind of perfect code that has no need for any comments is dangerous.

It’s not a sensible goal for beginners and inexperienced developers. Tell them that they should write good code without any comments and they will deliver on the second part but struggle with the first. Even among experienced developers, assuming for a moment that it is possible to write perfect code that doesn’t require comments, there will be far fewer who are capable of this than there are who think that they are.

The other arguments against commenting are even weaker in my opinion. Yes, poor comments are …well… poor. So don’t write poor comments, write good ones. And yes, if comments become out-of-sync with the code then they are not helpful. So don’t let the comments become out-of-sync, they are part of your code and should be maintained/refactored along with the code itself.

I don’t believe that I’ve read a piece of code and thought “wow, this has far too many comments”. Unfortunately, I’ve had the opposite reaction all too often. I don’t for one moment believe that it is possible to write quality code without any comments. Take Jeff’s own example:

Here’s some code with no comments whatsoever:

r = n / 2;
while ( abs( r - (n/r) ) > t ) {
r = 0.5 * ( r + (n/r) );
System.out.println( "r = " + r );

Any idea what that bit of code does? It’s perfectly readable, but what the heck does it do?

Let’s add a comment.

// square root of n with Newton-Raphson approximation
r = n / 2;
while ( abs( r - (n/r) ) > t ) {
r = 0.5 * ( r + (n/r) );
System.out.println( "r = " + r );

That must be what I was getting at, right? Some sort of pleasant, middle-of-the-road compromise between the two polar extremes of no comments whatsoever and carefully formatted epic poems every second line of code?

Not exactly. Rather than add a comment, I’d refactor to this:

private double SquareRootApproximation(n) {
r = n / 2;
while ( abs( r - (n/r) ) > t ) {
r = 0.5 * ( r + (n/r) );
return r;
System.out.println( "r = " + SquareRootApproximation(r) );

I haven’t added a single comment, and yet this mysterious bit of code is now perfectly understandable.

Sorry Jeff, but that’s not “perfectly understandable”. I agree with extracting the square root code into a separate method with an appropriate name, but your second version (the one with the comment) was more informative since it mentioned which algorithm you were using (in your version, the maintainer is going to have to figure that out for themselves). Also, we’re still left with at least two poorly-named variables. We can forgive the use of n for the parameter since that’s kind of a convention but what the hell are r and t?

In my opinion, this is better:

* Approximate the square root of n, to within the specified tolerance,
* using the Newton-Raphson method.

Original here

private double approximateSquareRoot(double n, double tolerance)
double root = n / 2;
while (abs(root - (n / root)) > tolerance)
root = 0.5 * (root + (n / root));
return root;

Alternatively, if you don’t like the verbose comment at the top, you could either rename the method to something like newtonRaphsonSquareRoot (if you are happy for the method name to be tied to the implementation) or put an inline comment in the body explaining that this is the Newton-Raphson method. Any of the three variations will communicate useful extra information to the maintenance programmer, who can then Google “Newton-Raphson” if they want to find out more about it. Remember that code is written only once but read many times. It should be tailored for the reader rather than the writer.

This is all very well, but we’re still lacking some information. Why the hell is Jeff calculating square roots in this way? Why is he not using the library function? Is it because he doesn’t like the answers it gives him? Is it for performance? Who knows?

Well-written code will often answer the “what?” and “how?” questions with few or no comments, but you often also need to answer the “why?” question too. Avi Pilosof covers this in his response to Jeff’s post. Avi argues that rather than comment the code, you should comment the business justification for writing the code that way. This may mean inserting reference to particular requirements or issue reports.

So yes, favour code that is self-explanatory, but I don’t believe that you can always achieve the necessary clarity without a few well-placed comments to aid understanding. Code that is obvious to the author today is rarely obvious to the maintainer next year (or even to the author next month).

And if you still really believe that your code does not need any comments, then I hope we never have to work together.

How I got started programming

  1. How old were you when you started programming?By the time I really got into computers around age 12 or 13 my parents old Tandy 3000 wasn’t quite up to date compared to the 386’s and 486’s most of my friends had. I really truly started coding in TI-BASIC on my TI-85. I created all sorts of games, programs and such, which I’d then trade and sell to other kids at school. Around age 16 I bought a custom built machine from a local computer shop. A Cyrix 133 with 16MB of RAM, which I soon upgraded to a Cyrix 200 with 40MB of RAM. It wasn’t long after this that I started coding IRC bots for mIRC and HTML on my Geocities website.My first true coding experience didn’t really come until I started college where I was introduced to PHP by my friend Paul Barton. It was love at first site and the rest is, as they say, history.
  2. How did you get started in programming?I really started in college, but I’m sure there was some BASIC and VB stuff for office here and there before that. My first programs were written in TI-BASIC and ASM for the TI-85.
  3. What was your first language?TI-BASIC for the TI-85 calculator is the first programming language I really sunk my teeth into. What a nightmare.
  4. What was the first real program you wrote?Depends on how you define this I suppose. The first program that I wrote that had any use to me was a program that would figure out math equations for my algebra and statistics classes that would show each step of work as it solved the equation. That’s also the first program I wrote that I made money from as there were quite a few students interested in it.
  5. What languages have you used since you started programming?I guess that depends on what you mean by “used”. I’ve written substantial lines of code in C/C++, PHP, Python, Perl, ASM, BASIC, TI-BASIC, JavaScript and BASH. I’ve also done quite a bit of work in COBOL and MFC.
  6. What was your first professional programming gig?My first paid gig was working on the website for Affordable Computers in Ann Arbor, MI. I’d say my first run at the “big show” was for in 2000.
  7. If there is one thing you learned along the way that you would tell new developers, what would it be?Break stuff. Break everything. Poke, prod and explore. Don’t listen to people who tell you that you can’t do something or that you’re wasting your time. More practical advice is that you should learn to know and love design patterns and avoid GUI’s. I have a real problem with people who say they know SQL because they’re well versed with an ORM or a DB’s GUI. Go back and read up on relational algebra and SQL92 before you say you know SQL okay?I’ll probably get flamed for this, but I think people should learn a single environment in and out and stick with it. This might mean you learn Microsoft’s technologies in and out or Cocoa or LAMP. You simply can’t be an expert in an area of computers without picking a single environment and sticking with it. Dabble, sure, but pick a horse and learn everything you can about it.If you choose UNIX read one man page a day until you’ve read all of the GNU utilities’ man pages. You’re not a true UNIX geek unless you’ve typed man man at once point in your life.
  8. What’s the most fun you’ve ever had programming?Oh, I don’t even know where to start. Hacking on PHP3 back in my dorm room, working with Jeremy and Seth on Care2 late into the night, building eNotes’ infrastructure from the ground up and building large scale systems with Ron and Matt at Digg to name just a few.

This absurd entry was spurred on by Erik Kastner. I’m going to give him a noogie next time I see him for this. Because I hate chain posts like this I won’t be tagging anyone as it after this, but if you do carry this on please trackback this post so I can read and reminisce with you.

Original here