[bigB]

Im guessing the author of this has somewhat of an issue with Steve Gibson and GRC, and has obviously spent some time mulling over how to write a very wordy and seemingly in-depth bashing of the their Spinrite software. However if you like myself have seen it work, and actually take a previously unusable hard drive to a usable state to allow a successful recovery of data, or in recent times, take an SSD with poor performing read and write speeds to a significant improvement after running Spinrite on the drive, you will be able to skip much of the diatribe in this post and actually see that it more of a character assassination on GRC and Gibson himself. Is the software 100% guaranteed to work, nope and I probably wouldn't recommend it for critical enterprise data recovery if you have the budget to spend on commercial recovery services, but as a low price maintenance tool it works well for many. The Author of this posts seems pretty knowledgeable, and probably has alot of offer, which is why its a pity his ego and spiteful nature seeps into his writing.

[johnkizer]

This article didn't read like character assassination to me, personally - most of the time spent on GRC/SpinRite (after the overall topic of disk recovery is introduced) seems to be either observations about Gibson's style with which I think many would agree - e.g.

"It doesn't help that Steve Gibson's writing is pervaded by a certain sort of... hucksterism. A sort of ceaseless self-promotion that internet users associate mostly with travel influencers selling courses about how to make money as a travel influencer."

Or substantive critical points about the software, e.g.:

"This gives the flavor of the central problem with SpinRite: it claims to perform sophisticated analysis at a very low level of the drive's operation, but it claims to do that with hard drives that intentionally abstract away all of their low level details."

And I think it's fair to ask someone who is selling a piece of software for $89 to provide some backing for their claims beyond ones that would only pertain to largely-obsolete hardware.

[at_a_remove]

I think you are dead on. I recall -- perhaps incorrectly -- that Gibson has been just silly amounts of incorrect on some things, but SpinRite itself, I've never heard anything but "... and then everything worked like a minor miracle." And you're correct, Gibson has a certain, uh, Wolfram-y habit of selling himself whenever possible, which doesn't help matters, but I hope people can manage to separate the personality from the product.

[Gormo]

> Wolfram-y

Wolfram has already gone from alpha all the way to upsilon?

[effie]

Observations of Gibson's style are all negative, except at the very end, praising the user interface. But that last element read more like a quick self-cleaning ritual for the author of the piece, rather than effort to provide a balanced description.

Gibson's style may very well be overly self-congratulary and deserving criticism, and many could agree on that. But this piece still reads like inordinate amount of effort just to show somebody and their work in negative light, without actually checking their product and evaluating it rationally and equitably. Even if there are bad things to say about Mr. Gibson's style or his software, the software may still be working and useful, and no attempt at serious evaluation was made.

> And I think it's fair to ask someone who is selling a piece of software for $89 to provide some backing for their claims beyond ones that would only pertain to largely-obsolete hardware.

I agree it is fair to ask, and Mr. Gibson seems like a reasonable ,easy to talk person. Did you try? He has a podcast, Twitter and a newsgroup discussion forum.

[pdonis]

If you want an even less flattering portrayal of Steve Gibson, try this:

https://radsoft.net/news/roundups/grc/

Previously discussed here:

https://news.ycombinator.com/item?id=3890168

[Dylan16807]

Did you try anything else on those drives first? Just reading or reading then writing an entire drive could do a lot to smooth out flaky sectors.

[wmf]

Has Gibson ever explained how SpinRite works? Many people won't believe in magic even if it works.

[paulryanrogers]

Listen to the "Security Now" podcast. He explains how SpinRite works every 3rd or 4th episode, with testimonials on every show.

He seems open minded and mostly harmless, both in his tool (which I find works better than free alternatives), and in his armchair security analysis. Sometimes though he oddly contradicts his own best practices, like nearly blind faith in LastPass for years based on (IIRC) a white paper and the early execs being very chummy and accessible. Thankfully the audience calls out the questionable stuff.

[naikrovek]

The podcast is called “Security Now” but what it should be called is “privacy now” because Mr. Gibson fails to understand a lot of contemporary security problems yet is quite sure that Windows collecting telemetry is the most severe problem on the planet today.

unless you use his software to fix it, that is.

Every episode having a 15-minute commercial for spinrite (via testimonials which all sound like they were written by the exact same person) should be more than enough for anyone to start to question the guy.

[TeeMassive]

I didn't listen to that show for a while now; but it seemed that it was the only show out there that explained in details computer security news. I remember him explaining the speculative execution exploits when they first appeared really well when they first appeared. Does the people I know who works on blue and red teams listen to him? No, they already know that stuff, and yeah he could be more up to date, but he does his researc, does his homework and is a great pedagogue.

[naikrovek]

> he does his research, does his homework

Is that why he ran Windows XP unpatched as his primary computer because “it’s fine, this is all I need; I have a firewall, nothing can get in.”

That is not the behavior of a security expert.

If you don’t know why that is bad, you do not understand entire classes of attack, today.

[Gormo]

If he has implemented mitigations for all of the applicable risks of the software he's using, how is that "not the behavior of a security expert".

To my mind, a security expert is someone who understands the functional details of specific vulnerabilities, and explains how to mitigate them, not someone who makes vague, cargo-culty judgments about entire applications or OSes.

[userbinator]

That is the behaviour of a security expert who isn't afraid to challenge the dogma perpetuated by Big Tech.

[TeeMassive]

And yet AFAIK he seems to be doing fine. If you run the same stuff, only allow and visit the same addresses, and disable ECMAScript and in addition to other mitigation measures such as 2FA then I don't really see the problem.

> That is not the behavior of a security expert.

Your image of "security experts" must come from movies. I know security experts IRL. Their security at home amounts to not use their work computer for personal stuff and 2FA.

[pcdoodle]

He has had some very fun episodes over the years. Blue pill back in the Vista days blew my mind.

Another episode: "Blue Keep", had me calling everyone I knew in charge of Windows Domains, with many thanks coming back my way because it was a pretty big deal to get patched on unsupported systems.

I highly recommend the weekly podcast.

[8372049]

If you think of Steve Gibson as more of a technical minded journalist and less of a "security expert", then the show is very enjoyable. There's a lot less grave errors now than there used to be, his voice is pleasant and he usually covers relevant and interesting news.

[bigB]

There is in depth information on its workings, on the website itself, in the newsgroups and in the podcast. If the author of the article were to look it would remove any "magic" of its workings. The author apparently has an axe to grind, for whatever reason , having said that , it may be for a very good reason but for transparency sake this should be included in the article. Instead its just a weird ramble about what he thinks of other tools and that he thinks Spinrite is a "scam" without technically explaining why, boiling it down to essentially a technically worded opinion piece.

[johnkizer]

The in-depth information on the website appears to be this link:

https://www.grc.com/files/technote.pdf

Which, while not directly dated in the content of the document, references a "screaming Pentium II 333 MHz", which would theoretically put it ~1998. Is the claim that operating at a "low level" on hard drives in 1998 is the same as in 2024?

[jjeaff]

the simplest explanation for what spinrite does that I have heard is that on spinning rust drives, it simply tries to access the same bad data over and over until it finally (sometimes) gets a result. which makes sense that it would work (sometimes) because hard drives that are going bad tend to do so intermittently.

[Hakkin]

This is more or less also what (GNU) ddrescue does[0]. It first tries to do a linear copy of the full disk, skipping any errors, then goes back and tries to re-read the error sectors until you either cancel or it succeeds. It also keeps track of everything it's doing so you can stop and start the process without it redoing work.

[0]https://www.gnu.org/software/ddrescue/manual/ddrescue_manual...

[cqqxo4zV46cp]

As someone that’s listened to Security Now on and off for 16 years, with some light memory jogging I’d probably find that I know far more about SpinRite than would ever be useful to me.

[TeeMassive]

This is what I was about to say. I've used it some drives and it worked 4 out of 5 times for drives that I had given up all hopes for.

These hit piece articles are all the same: very well contrived phrases that stops short of making definitive statements and overly rely on the reader making assumptions as a mean to avoid libel lawsuits.

[nuancebydefault]

>... take an SSD with poor performing read and write speeds to a significant improvement after running Spinrite on the drive.

I really can't tell if this is serious or irony. A HDD de-cluster algo that improves SSD speed... how clever!

[effie]

What is an "HDD de-cluster algo"?

[KennyBlanken]

My issue with Steve Gibson is that he spews technobabble, exploiting the delta between "stuff people who work at drive manufacturers know" and "stuff computer users, even highly educated ones, know about how hard drives work", in order to sell what basically amounts to a commercial version of badblocks with a bunch of fancy graphical animations.

Spinrite kinda worked back in the days of MFM drives where they had to be low-level formatted with sector track information the controller then uses to figure out where the head is on the drive, and that sector information is refreshed during writes. But it was still quasi-snake oil, using a lot of mumbojumbo to say "I just note the original value of a sector, write it a zillion times, and then move to the next. This causes the MFM controller to refresh the sector tracks." Yes, those drives did benefit from low-level formats done in the condition the drive would be operated in - with that particular controller, at that temperature range.

He claimed that spinrite could detect not just whether a particular bit was a 0 or 1, but get the analog value directly from the drive by "bypassing" the BIOS to talk to the controller directly. And Spinrite used to have an ASCII "graph showing these supposed values.

Post MFM - IDE, SCSI, SATA, FC, etc - controllers are built-in to the drive, and low level formatting was handled by the drive's controller itself. The drive is sent a low-level format command. Gibson might have still had some claim to legitimacy left there.

But then...drives shifted to using servo tracks written at the factory. The drive itself is physically incapable of doing anything to those servo tracks, and if you degauss the drive, you permanently destroy the drive because the servo tracks are wiped. The drive certainly doesn't expose via its IDE/SATA/SCSI interface any of the super-duper-low-level stuff he continued to claim to be accessing.

He kept spewing the same nonsense...that his utility would boost the strength of the analog 'signal' on the drive by writing it a whole bunch.

People who worked at drive manufacturers tried to work with Gibson because they were under the impression that he simply hadn't kept up with changes in hard drive technology, when the reality was (probably) that his product was snake oil and he knew it, or he was deluding himself. Example: https://radsoft.net/news/roundups/grc/20060123,00.shtml

Any value Spinrite has is achieved via simply trying to read the same data over and over. If there's a failing block, the drive will remap it, and boom, your not-quite-fully-failed drive is "working" again. Huzzah! Except...you can do the exact same thing by simply running badblocks - free and open source - or if you're trying to recover data, use ddrescue or one of its variants, also all open source. It's basically a "dd" that doesn't give up - hoping that the drive might successfully read a particular area if you try enough. The better variants use a binary search to try and get every possible sector. I've used it, and it works well - I've had drives where I was able to get everything except well less than 1MB worth of data, if you gave it enough time to run.

These days he's even claiming that Spinrite can improve SSD performance by repeatedly reading/writing data, which is absurd. All that is happening is Spinrite is a)wearing out the flash and b)maybe influencing what drive sectors are migrated to the SSD's SLC cache (most drives use an area of flash configured as SLC as a cache for reads/writes because it's significantly faster and more wear tolerant than areas configured as MLC, TLD, or QLC.) As a flash cell's electrical charge is reduced with each read, flash controllers automatically refresh a flash cell when necessary when a sector is read.

[effie]

So, your takedown is "it does things you can do with badblocks"? Not everybody wants to use command line application that can't interpret large integers properly, some people prefer nice user interface and active developer that can work with larger hard drives.

> he's even claiming that Spinrite can improve SSD performance by repeatedly reading/writing data, which is absurd.

Is it really so absurd if it works? Did you do some careful tests of Spinrite on SSDs and did you find it never improved their performance? You seem to be describing 1) your mental model of the SSD drive, and 2) your belief that this model prevents Spinrite from working as advertised. How it prevents that? If SSD firmware does relocate data to other cells when read problems are detected, or refresh the cell charge where the data is, why performance can't improve?

[ikiris]

Thank you for being the voice of reason in this... mess of a thread

[jkhanlar]

"I feel" are the first two words, therefore it is opinion article, the kind of opinion that does not stick to the facts, and rewards opinionated hivemind consent manufacturing. I stopped reading after those two words cuz it's dangerous signaling of ideologies in my nonfactual nonobjective opinion.

[8372049]

For reference, the rest of the sentence is:

[I feel] like I used to spend an inordinate amount of time dealing with suspect hard drives.

[effie]

Granted, but to be fair, I feel like the whole piece is "I feel like spending inordinate amount of time to describe Mr. Gibson and his software in bad light", without an attempt at an equitable evaluation of the product itself.

[fragmede]

I feel that jkhanlar's still going to read the rest of this comment where I call that behavior short sighted and stupid even though they said they wouldn't, because I also started my comment with "I feel". But the problem is, not only did they stop reading there, but they felt it necessary to inform the rest of us about it. Which only makes them look even more like an idiot. Thankfully, by applying their own logic to their post, and halting reading of their comment after the first two words, which are also "I feel", we can save ourselves the trouble. Unfortunately, we don't know to stop there unless we've read the comment, so we're stuck in a paradox.

[effie]

You're criticizing a mode of behaviour (not reading the thing and commenting on it anyway) as stupid. Which I agree with.

Then you say the problem is they informed us about that stupid behaviour of theirs. I'm not so sure that is the problem here. Maybe it is their strange encrypted way to ask for discussion, or help. And we should explain that behaviour is bad and should evolve for better.

But then you're proposing we should adopt that behaviour to save us the trouble with them. Thus you're proposing using behaviour which you criticize on others, or in general, because it sounds clever/funny in the present case. But it isn't, because as you've realized, it does not work.

If you want to save people trouble from stupid posts, my advice is, explain why they are stupid, but do not propose using any stupid behaviour, including behaviours suggested in other posts, even if it looks like it could work towards the end goal. The reason is that end goal is not important enough, and suggesting people adopt stupid behaviour in one case to save trouble, is still stupid, and unfortunately, promotes use of that stupid behaviour in general.

[effie]

Reading first two words isn't sufficient work to arrive at such conclusion. Thus you seem to have jumped to conclusion based on just two words, or more likely, you are showing off/asking for interaction with a seemingly cleverly constructed text that has all the negative attributes it criticizes in the other text.

I did not stop reading your comment, because I didn't think it is dangerous to do so, and I thought it was funny. I write here to you because I think now it is not that funny, and you should abandon this behaviour and change it for better. For example, before commenting on an article, I recommend you first read it all to understand what is it that the article says. You will then be in much better position to make a useful and funny comment here.