One of the things I really liked about Avatar was that, in addition to not being anti-technology, it stood firm against easy temptations to go down the anti-science route as well.

So many films propagate the false stereotypes that scientists are cold-hearted, or amoral, or lacking in a sense of wonder, or somehow fundamentally limited in their understanding of reality due to what promoters of various types of woo often characterize as "scientism". In particular, Hollywood generally seems obsessed with old dualist notions of reality, portraying the evidence-based materialism of science as a hindrance rather than as the intellectual shovel with which we dug our way out of the dark ages.

So it was a nice surprise to see that in this film, for a change, the scientists were the "good guys". The scientists' experiments with Pandoran biology allowed them to understand the true significance of Eywa and all the other trees in the forest, and this knowledge drove them to fight against Eywa's destruction. Science didn't make Grace unfeeling and amoral; anthropology caused her to fall in love with the Na'vi people, and ultimately die to protect them.

Among Grace's last words, on seeing that she had been brought to Eywa, was that she wanted to "collect some samples". But this wasn't some pot shot against "scientism". It was a warm reflection upon Grace's character, showing that for her, the sense of awe she felt of the universe was best expressed through and addressed by science.

Whether it was conscious or not, I really have to commend the attitudes toward science conveyed by Avatar. Perhaps if more films were willing to show science and scientists in a similarly positive light we could begin to see a turnaround in attitudes among society at large.

Oh snap, you're right, I stand corrected.

That's a good thought, but the problem is that tunneling TCP over TCP (such as HTTP over SSH) is subject to the TCP retransmission cascading effect, a.k.a. TCP-over-TCP meltdown, which is particularly likely to be a problem for him given the kind of Internet connections he may be stuck with on his travels.

It would be better to tunnel over a protocol that does not attempt to ensure reliable transport, such as UDP or pure IPsec. So I agree with you that he should find some inexpensive, reputable host to use as his endpoint, but I recommend that he use OpenVPN over UDP rather than SSH over TCP for his tunnel. OpenVPN is easy to set up, penetrates NATs well, and will be compatible with pretty much any inexpensive VPS provider (but be sure to check with potential hosts' terms of services first to make sure they're OK with tunneling your personal web browsing traffic through their servers).

Wrong. The two properties of Flash that make it vulnerable to this class of attack are:

1. It relies upon a same-origin security model, and
2. Unlike JavaScript code, Flash objects can be executed by simply being loaded by a browser

Both of these things are just as true for Silverlight as for Flash, so this issue will affect Microsoft Silverlight and its users as well. The reason that this is being advertised as a "Flash vulnerability" instead of a "Silverlight vulnerability" is, I'm sure, simply due to Silverlight's relatively tiny market share.

On the other hand, HTML 5 + JavaScript, Canvas, etc. is a solution to this.

In my opinion, the biggest advantage of FreeBSD is how coherent the system is. Everything, from documentation to userspace utilities to the kernel, was developed and tested and released as a single project.

This allows for neat features that require cooperation between several system components, which would be more difficult to implement in the Linux world. For instance, in FreeBSD you can press ^T while cp is copying some huge file, and this will send SIGINFO to cp, causing it to print a progress report to STDERR. Handy.

So it seems to me that this Debian project defeats the most attractive feature of the FreeBSD operating system (by separating its kernel from its tightly integrated BSD userspace), while simultaneously casting aside Linux's advantages over FreeBSD (more drivers, more supported architectures, somewhat better performance, and--this may be controversial--in my experience, better stability). On the other hand, maybe Debian really can improve on the FreeBSD experience; apt rocks, and the Debian project does perhaps a better job than anyone of combining the disparate parts of the GNU/Linux ecosystem into a coherent operating system. So kneejerk reactions aside, I guess I shouldn't judge this until I have the chance to try it... still, I don't see myself trading in my Debian GNU/Linux anytime soon.

Versions X and Y of a DLL will be flat-out incompatible if that DLL is written in C++ and the author has changed the number of attributes in an interface class (unless he uses tricks such as pimpl), or if he's added or removed any virtual functions.

And the fact that Microsoft is so good at preserving application backward compatibility, even in the face of "poor practices", is frankly one of the main reasons that Windows is the #1 business desktop operating system in the world.

If you had actually measured it, you'd know that the Office 2007 ribbon takes up less space than the default Office 2003 menus + toolbars. I guess that would make you the brainwashed idiot, huh?

It's worse than that, actually: not only does OpenDNS also fail to return a proper NXDOMAIN response to queries for invalid domain names, but it is often significantly slower than your ISP's own DNS servers.

I second your recommendation of the Level3 DNS servers (4.2.2.X), if you don't want to run your own DNS server and if your ISP's servers are breaking DNS. There's no point whatsoever to using OpenDNS.

Typical commuter here. My bicycle computer will gladly show you that I average between 17-18 mph to and from work, and I know plenty stronger riders than myself.

Sorry, looks like you're the one full of shit.

Absolutely right. Out of curiosity, I recently tested DNS performance as experienced from my home network, using Steve Gibson's excellent DNS benchmark tool. The test was between:

• My LAN's OpenBSD gateway & DNS server (10.19.0.1)
• My ISP's (BellSouth's) DNS servers (205.152.*)
• OpenDNS (208.67.*)
• Level 3's anycast servers (4.2.2.*)

OpenDNS was the clear loser in this test. (Sorry for the lack of numeric labels on this screenshot, but the graph is to scale.) Querying the local DNS server was of course faster than anything that had to go across the DSL modem, but OpenDNS was also significantly slower than the other remote servers tested.

By getting the professional opinion of a doctor or registered dietitian.

I think you're making the classic mistake of equating the number of patches seen with the actual number, and severity, of vulnerabilities. Of course Debian gets more patches more often than Windows: the Debian security team sends out fixes for security vulnerabilities as soon as they're discovered, rather than leaving users exposed by waiting up to a month and fixing (some, but often not all) of the most critical known vulnerabilities in monthly roll-ups. And of course Debian sees more patches, when nearly all of the desktop applications on a Debian system are handled by apt; Windows Update only takes care of patching the operating system itself.

So when it comes to a question of which operating system to run sensitive government services on, patch counting is worse than useless. Things that are worth considering are the tractibility of the system's security model, and exploit mitigation techniques or fine-grained mechanisms for least-privilege, such as SELinux.

That's false

The problem, precisely, is that we liberals don't have "a guy". He may be a bit more sane than the last guy on social issues such as stem cell research and abortion rights, but in practice Obama represents a wholly inadequate shift to the left from the previous administration.