For Android phones with the Market app installed, an explicit backdoor isn't even necessary. Application installation is performed by the user requesting something from the Market, and the Market subsequently "pushing" the application to the device by sending an install command through Google's XMPP-based notification service. The installation itself does not require any interaction from the user. This is why, for example, you can install an app on your phone from the Android Market web site.

Well guess what, this means that Google, or anyone who can leverage control over them, doesn't need a backdoor already on your phone. The government could just use the Market's normal installation mechanisms to install SpyOnStuff.apk over the air on an as-needed basis.

Linux doesn't enforce DEP or ASLR, either. OS X doesn't even support real ASLR.

You're blatantly wrong here, and your attitude toward the parent poster speaks poorly of your character.

I expect Android to be where the lion's share of Java development happens in the next few years

This is a joke, right? You must have no sense of how broadly Java is used in the industry. Even if Android were to surpass the iPhone in popularity, all the Android apps put together would be just a drop in the bucket next to the massive, active Java codebase in other sectors.

You're onto something with regard to JavaScript's importance, on the other hand, but I'd hardly call that "regrettable". It has its quirks (coerced concatenation with the + operator, some math gotchas), but on the whole it's an excellent programming language, as dynamic imperative languages go. I'm surprised at the extent to which the language is still misunderstood... think of it as Lisp in C's clothing.

The various "scripting" languages have been moving towards VM architectures, and some are quite good, but none that I know of actually feature any kind of ahead-of-time compilation, even to bytecode. That includes Perl, Python, Ruby, JavaScript, and plenty of others.

Just a minor correction, Python can be pre-compiled to bytecode:

http://effbot.org/zone/python-compile.htm

But I definitely agree with you on the whole.

I agree. The thing generally missed by people who criticize the OpenBSD upgrade process without having actually tried it themselves, is that OpenBSD is so cleanly designed and well documented that it's actually possible to hold a thorough understanding of the operating system in one's head, so to speak. It's like the Arch Linux philosophy:

Relying on complex tools to manage and build your system is going to hurt the end users. [...] "If you try to hide the complexity of the system, you'll end up with a more complex system". Layers of abstraction that serve to hide internals are never a good thing. Instead, the internals should be designed in a way such that they NEED no hiding.

except applied to an entire operating system, built from the ground up and maintained as a cohesive package.

The result of this is that, unlike with Windows or even most Linux distributions, there's little need for automated upgrade utilities because there's really quite little going on under the hood in the upgrade process. This means little chance of things breaking. And if something does break, you'll know precisely what it was and how to fix it.

I've been burned by even the best of the automated upgrade tools (Debian's). Frankly, OpenBSD is the only operating system I ever try to upgrade in place between major versions any more, because the upgrade process is so straightforward and transparent.

Don't forget about forcing iMac users to buy an "upgrade" online in order to enable their computers' 802.11n capabilities.

Possibly. Press F1 and look it up in Windows Help.

One of the things I really liked about Avatar was that, in addition to not being anti-technology, it stood firm against easy temptations to go down the anti-science route as well.

So many films propagate the false stereotypes that scientists are cold-hearted, or amoral, or lacking in a sense of wonder, or somehow fundamentally limited in their understanding of reality due to what promoters of various types of woo often characterize as "scientism". In particular, Hollywood generally seems obsessed with old dualist notions of reality, portraying the evidence-based materialism of science as a hindrance rather than as the intellectual shovel with which we dug our way out of the dark ages.

So it was a nice surprise to see that in this film, for a change, the scientists were the "good guys". The scientists' experiments with Pandoran biology allowed them to understand the true significance of Eywa and all the other trees in the forest, and this knowledge drove them to fight against Eywa's destruction. Science didn't make Grace unfeeling and amoral; anthropology caused her to fall in love with the Na'vi people, and ultimately die to protect them.

Among Grace's last words, on seeing that she had been brought to Eywa, was that she wanted to "collect some samples". But this wasn't some pot shot against "scientism". It was a warm reflection upon Grace's character, showing that for her, the sense of awe she felt of the universe was best expressed through and addressed by science.

Whether it was conscious or not, I really have to commend the attitudes toward science conveyed by Avatar. Perhaps if more films were willing to show science and scientists in a similarly positive light we could begin to see a turnaround in attitudes among society at large.

Oh snap, you're right, I stand corrected.

That's a good thought, but the problem is that tunneling TCP over TCP (such as HTTP over SSH) is subject to the TCP retransmission cascading effect, a.k.a. TCP-over-TCP meltdown, which is particularly likely to be a problem for him given the kind of Internet connections he may be stuck with on his travels.

It would be better to tunnel over a protocol that does not attempt to ensure reliable transport, such as UDP or pure IPsec. So I agree with you that he should find some inexpensive, reputable host to use as his endpoint, but I recommend that he use OpenVPN over UDP rather than SSH over TCP for his tunnel. OpenVPN is easy to set up, penetrates NATs well, and will be compatible with pretty much any inexpensive VPS provider (but be sure to check with potential hosts' terms of services first to make sure they're OK with tunneling your personal web browsing traffic through their servers).