Off the cuff, I'd suggest hashing. The browser would take an MD5 or SHA1 of each object it is caching. I've had this idea for awhile. In fact, we already have something sort-of similar -- the etag, among other things.
We can even do tricks like if-modified-since, to fetch a file if and only if it's been modified since our cached version was downloaded.
What we want is something like that, but across URLs and servers. So you'd issue a HEAD request, look for headers like X-SHA1-Sum or X-MD5-Sum (probably support multiple such headers), and for each of those, check if we have an object cached by that sum.
The advantage of this over Google is that we don't have to hit Google's servers every time -- we download it from whichever site we're connected to at the moment. Which is probably faster anyway, especially given pipelining, etc. That means less privacy concerns and less single points of failure -- but webmasters looking to save every penny can always link to Google's library anyway.
The other option, of course, would be to recognize that ajax stuff is basically growing its way toward equivalency with desktop apps, and bite the bullet of essentially adding package management to the browser cache. I would actually go the other way: It might take a few extra features, but most of the time, I'd much rather have package management that behaves like a web browser. Instead of my package manager bugging me that there's a Firefox update, and then bugging me to restart my browser, I'd simply start whatever the latest Firefox is as soon as I click on it.
But either way, I think the checksum idea will be trivial to implement all around, and I don't see a reason not to, even if we go the package management route in the long run.
Actually I had read your comments; and it wasn't a direct reply to you, more of a reply to the notion of it not being the point. Which is why I felt like you didn't read my comment -- the original post in this thread was asking whether game developers consider that some piracy occurs because people can't afford the games themselves.
That's what I think the point is. Not that your post is without merit, it just probably belongs elsewhere in the discussion.
If it is used in the correct context for the right reasons TPM is a solid platform for temporary licensing to view/listen copyrighted media. The correct context, and the right reasons, are generally going to be about actual security, like a user encrypting their own hard drive, or signing their own trusted environment (and checking that signature).
I don't consider copy protection to be the correct context. For the most part, I find this idea that you can sell someone part of a product, or the rights to use a product but only under certain very controlled circumstances, to be distasteful at best, and more likely outright dishonest. Users believe they're buying a game, not the right to play a game on the platform of the developer's choice, and only with approved hardware.
What would be the correct context, and for the right reasons?
Point is that, maybe Google thinks they can do more good by being there than others would.
And there is some credibility to that. It's my understanding that Google has something like 25% market share in China, and Baidu pretty much has the rest. Providing competition to Baidu is a good thing.
Just playing devil's advocate here, by the way. I wouldn't choose to censor, pretty much at all. But the fact that we're still having this conversation -- and, on top of that, there have been a few +4, Insightful, on both sides of it -- is proving my point that it is debatable; we are, in fact, debating it.
Compare to: The way YouTube panders to Scientology is wrong. No one here has even tried to put up a counterargument to that.
Let me rephrase, then: Only one (or neither) of them would ever actually act on it. To be clear, I think McCain might, and I think Obama wouldn't.
The idea that they won't act on it is patently ridiculous. There's no evidence for any such thing in our political system. Look at Obama's voting record, and look at his contributions.
That's why every person who cares sweet fuck all about this country votes 3rd party and has for a long long time. Way to throw your vote away.
It's better for them to be there than ont That's what's debatable.
We all have to do what we can to try to make it better, and I think Google generally tries to do this. Explain the YouTube Scientology thing, then.
Not really. Then you'd just go to each candidate with your demands, and let them bid on em.
Also, there may be legitimate reasons for contributing to multiple candidates -- maybe you like all of them, or maybe you just want to encourage the political process.
(a) an individual can choose, in any given moment, between self interest and trying to help someone else And that has immediate consequences.
Many people confuse "can't" with "won't", even in the personal case. I absolutely can walk down the street naked. I won't, because it's embarrassing, illegal, and unhealthy in this weather.
(b) a corporate board of directors and corporate officers are pretty much required to choose the corporation's self interest. I'm not entirely sure, but I'm guessing that this follows the same rules. A corporate board of directors, and corporate officers, very well can choose an action that is not in the corporation's interest -- or not the absolute best, profit-maximizing move they could make.
They might well lose their job and their reputation, and have to start over in the mail room somewhere else, but they have that choice. In fact, they might gain a reputation for being an ethical person, which isn't bad.
So it is, again, that they won't -- that they care about their job more than their ethics. And if they care about their job that much, it probably has something to do with the money.
Take TCP, for example, which requires you to open two TCP ports for every connection, one for control and one for data. ...what?
Sorry, I haven't looked at the structure of an actual TCP packet in a long time, but I have no idea what you're talking about.
What happens if you want to embed user-entered data in the control? Well, that's easily handled, too, by moving everything except the framing sequences in the control channel into the data channel, so everything is data. Great, so now we can have exploits based on manipulating the data instead.
There are incredibly simple solutions here, already implemented. There's prepared statements, which I think may work at the SQL level, not sure. Then there are higher-level APIs, like ORMs -- the better ones make it easier to be secure.
Making yourself vulnerable to a SQL injection is every bit as stupid as running 'eval' on that user-entered data. And I really do like that my language of choice has eval. Just because idiots use it to make themselves insecure is no reason to throw the technology away.
I think it's quite an outrageously bad architecture that has payload and control data together on the same channel. I think it's actually nicely flexible, sometimes. I like that I can type SQL commands at a MySQL console.
I agree in principle, but this is a solved problem. Most database APIs allow prepared statements. Platforms like Rails abstract away most of the need to write any SQL yourself -- AND it fakes prepared statements.
The only reason we still have SQL injection is, we still have armies of morons writing crappy PHP and VB pages. Not that it's impossible to write good PHP, but it sure as hell doesn't encourage it -- do I use mysql_escape_quotes, or mysql_real_escape_quotes, or what?
Actually, they already include a Webkit engine in Air, which is their Flash-based desktop app platform. It's not hard to imagine them porting that to Flash.
As distasteful as that seems, it would have one nice side effect -- there are a few places where Flash is pretty much the only option. MySpace, for example, allows Flash widgets, but not iframe widgets, because Flash widgets are more secure. With Webkit inside Flash, we'd be able to build a normal AJAX/iframe widget, and just wrap it in Flash for retarded sites like MySpace.
For example: When you buy enough advertising in a magazine, you get editorial for free.
When you watch the news, the sponsors products will turn up in news articles when possible. This isn't a coincidence. And when you pull this enough, people start to catch on, and dislike it. That's actually one of the reasons Google was successful in the first place -- they separate out the "sponsored links", clearly and plainly, and otherwise deliver solid, accurate results.
The theory is, at the very least, you want to pretend to be ethical, even for business reasons alone. Altruism works, evolutionarily, for individuals. Why not for corporations?
My point is there is a real disconnect between how people act in businesses (particularly in America) and how a person acts in the real world. And my point is, that doesn't excuse how people act in businesses.
Maybe there was no excuse or apology in your statement, but it is frequently phrased like that, or worse, "What did you expect? This is how it works. Can't do anything about it."
There are no(or at least very few) people born with the sole intent of damaging the earth or harming others. In our youth (particularly university students) we tend to embrace the cultures of idealism and see the corporate world as blood sucking and alien. Yet all these idealistic individuals somehow disappear. Having reprioritised or flattened their internal needs to do good on the society as a whole, and worry more about things like: will I lose my home? Ok, I can sort of see your point, up to "will I use my home" -- sorry, but I doubt anyone at Google would lose their home if YouTube had stood up to the CoS.
And I have seen the result of someone breaking out of that corporate hell, by the way. There is a very real, visible difference between someone working for a corporate overlord and someone working for something they believe in -- in this case, a small startup.
To anyone worried about losing your home, I ask you this: Will it still feel like home once you know what it cost?
And yes, I do work for a living. I stand by this: There are certain things I will not do, for any price, and I can and will move to a smaller apartment (or room) and eat Ramen, if I have to.
IF censorship was all that China did, I wouldn't care so much... censorship doesn't work. It's the official brutality, murder and the treating people as beasts of burden that bothers me. But, censorship is all Google is doing here. They're not brutalizing, murdering, or mistreating people, as far as I know.
They are associating with the PRC, so maybe guilt by association, but it's not as though the PRC would stop just because Google refused to censor. They'd just block Google, and everyone there would use Baidu instead.
Google lost its claim to not being evil quite some time ago. They should have simply refused to do any business in China at all. That's debatable. Doing business with China, even with PRC rules, provides more information to the Chinese people. That's good.
Google also indexes the entire fucking Internet, so the filtering is bound to slip up somewhere. Things will slip through the cracks, as opposed to not going through at all. That's also good.
Doing business with the PRC does support the PRC, which is bad. And they are actively censoring, which is evil. That's why it's debatable both ways.
Caving to Scientologists is pretty much unarguably bad, with pretty much zero positive side effects.
Up until 7.04, it took some monkey work to get certain Nvidia chipsets working due to not being detected correctly by the install. Fair enough. Nice to know it's been fixed for over a year.
For instance, in the time it took you to reply to my message, you could have hit the sites needed and got your driver downloads started for a Windows installation. Not a big deal. Two big differences, though:
First, I know what many of those sites are. I know exactly where to look for downloads on most generic corporate sites. And I know how to boot Linux if I need to lspci, or even just lsmod to see what was autodetected.
And second, I enjoy replying to your post. I don't enjoy hunting down drivers.
Anyone that works around Windows boxes should already have a USB floppy hanging around if they have RAID. I still call that a WTF.
Why can't I put the driver on a normal USB stick? Why can't I boot a live Windows environment and download it on the fly, as needed? Why can't I burn a separate CD and swap them?
How many different ways are there to solve this problem, short of plugging in a USB floppy?
Still, it's not something (as referenced later in the thread) a multi-hour, a full day, a two day ordeal. It's simply not what folks are cracking it up to be. The last time I installed Windows on my laptop, it was, in fact, a full day ordeal.
It came with Vista. Microsoft's own HD-DVD tools were not compatible with Vista, so the company bought me XP SP2.
Probably most of my time was spent imaging the Vista system...
I then installed XP. This was fast enough, but no video drivers. Expected, really.
Then I downloaded the appropriate drivers from the nVidia site... and they didn't work, claimed I didn't have that card. This is especially weird because the nVidia Linux drivers worked fine.
Checked the Toshiba website (it was a Toshiba laptop) -- no drivers at all. Apparently XP isn't supported on this machine. (What's more, when I called later about the optical drive not working, on either Linux or XP, they insisted that I install Vista. Only after attempting to boot the Vista CD failed did they believe me.)
Finally found the drivers on the Toshiba UK site. They're out of date, and not much chance for updates, but they work. Still came in like ten or fifteen different files, probably only five of which were relevant, and of course, it can't be just a driver, it has to also be the Toshiba Control Panel or whatever...
And yeah, all that, plus downloading Firefox, installing Visual Studio, Eclipse, and HD-DVD tools, antivirus, antispyware, Tortoise SVN, setting up an encrypted partition -- was a pretty solid day, probably day and a half. Absolutely a solid 3-4 hours, at least, trying to track down drivers alone (including calling them and being told to fuck off for using XP) -- and I would never have found them, except for one other guy in the office who had an identical laptop (also with XP) and found me a link.
Compare this with Linux -- the only thing that didn't work was the soundcard. Upgraded to Hardy, and now it works. And yeah, that sucks, but you know, I can work without a soundcard, I can even plug in a USB audio device.
If you want to say which one is better, yes, Linux is the obvious choice, but it's not going to be the simplest and easiest thing on earth depending on your hardware and requirements of the system. That's pretty much what I want to say, and I agree. No OS is easy. But Windows is the hardest I've had to install, unless we count individual Linux distros, in which case, Gentoo is harder. Yes, I will admit that compiling your OS from scratch, with barely a script to help you, is harder than installing XP.
Think tribal times, a new tribe suddenly appearing in your area is a scary thing because odds are they want what up until then you have. Alright. Think tribal times, two tribes living close together for whatever reason, maybe outright attacking each other, probably not...
And naked kids running around, playing, exploring, laughing... running between the tribes. They don't know that the other tribe is something to fear until their parents tell them to.
Maybe we're "born into fear" in that we fear everything until we find out not to -- but then we start to find out things that are safe. And to make subtle decisions about people, especially based on something like their beliefs, is absolutely something learned.
Pitch Black has a gritty, lo-fi feel similar to the initial Alien movies. Chronicles feels like Yugi-oh on acid. You should at least agree that Butcher Bay is better than either of them. And especially after that, the prison scene in Chronicles is good.
Never seen Yu-gi-oh, so I'm not sure where that comes from. From the ads I have seen, I hope you're joking -- even if Riddick wasn't a great movie, I wouldn't call it bad.
The Anime short that they did might have been like that, though.
No, Wild Wild West is bad. Riddick is just ok -- but I do like the character, probably watch anything he's in.
I'm going to alienate Serenity fans, but Serenity just doesn't measure up to the average Firefly episode. Compare to Objects in Space or Out of Gas. Serenity's more on the level of Heart of Gold or The Train Job. Not stellar but better than The Message. Gah! I probably shouldn't comment, given that I disagree with just about all of that.
Out of Gas is probably my favorite episode, though it's hard to choose a favorite. I liked The Message, especially the music.
And of course, loved Serenity, particularly the end. Taking off through the storm, and out into space... been a very, very long time since I've been excited about space travel.
That, and the opening sequence -- smooth, smooth transitions, from the backstory, to the school room, to the lab/escape, to the hologram... And then the camera flying through the ship. At least as good cinematography as in Out of Gas, and that's saying a lot.
I don't know if I really dislike any of it, except maybe The Train Job -- but only because the pilot should've been shown first.
I remember KDE4 being able to run without KDE3 apps, so long as I didn't want to use the apps (Kontact, AmaroK) that hadn't been ported yet.
Does it actually use KDE3 somewhere under the hood? Or did you mean you want more apps to be ported?
We can even do tricks like if-modified-since, to fetch a file if and only if it's been modified since our cached version was downloaded.
What we want is something like that, but across URLs and servers. So you'd issue a HEAD request, look for headers like X-SHA1-Sum or X-MD5-Sum (probably support multiple such headers), and for each of those, check if we have an object cached by that sum.
The advantage of this over Google is that we don't have to hit Google's servers every time -- we download it from whichever site we're connected to at the moment. Which is probably faster anyway, especially given pipelining, etc. That means less privacy concerns and less single points of failure -- but webmasters looking to save every penny can always link to Google's library anyway. The other option, of course, would be to recognize that ajax stuff is basically growing its way toward equivalency with desktop apps, and bite the bullet of essentially adding package management to the browser cache. I would actually go the other way: It might take a few extra features, but most of the time, I'd much rather have package management that behaves like a web browser. Instead of my package manager bugging me that there's a Firefox update, and then bugging me to restart my browser, I'd simply start whatever the latest Firefox is as soon as I click on it.
But either way, I think the checksum idea will be trivial to implement all around, and I don't see a reason not to, even if we go the package management route in the long run.
SourceForge doesn't threaten/ban me for adblocking them.
Oh good!
With two other posts saying that it was sarcastic, I was beginning to suspect I was slipping. If it was sarcastic, it wasn't a particularly good joke.
That's what I think the point is. Not that your post is without merit, it just probably belongs elsewhere in the discussion. If it is used in the correct context for the right reasons TPM is a solid platform for temporary licensing to view/listen copyrighted media. The correct context, and the right reasons, are generally going to be about actual security, like a user encrypting their own hard drive, or signing their own trusted environment (and checking that signature).
I don't consider copy protection to be the correct context. For the most part, I find this idea that you can sell someone part of a product, or the rights to use a product but only under certain very controlled circumstances, to be distasteful at best, and more likely outright dishonest. Users believe they're buying a game, not the right to play a game on the platform of the developer's choice, and only with approved hardware.
What would be the correct context, and for the right reasons?
Point is that, maybe Google thinks they can do more good by being there than others would.
And there is some credibility to that. It's my understanding that Google has something like 25% market share in China, and Baidu pretty much has the rest. Providing competition to Baidu is a good thing.
Just playing devil's advocate here, by the way. I wouldn't choose to censor, pretty much at all. But the fact that we're still having this conversation -- and, on top of that, there have been a few +4, Insightful, on both sides of it -- is proving my point that it is debatable; we are, in fact, debating it.
Compare to: The way YouTube panders to Scientology is wrong. No one here has even tried to put up a counterargument to that.
Not really. Then you'd just go to each candidate with your demands, and let them bid on em.
Also, there may be legitimate reasons for contributing to multiple candidates -- maybe you like all of them, or maybe you just want to encourage the political process.
It doesn't insist, though. No one will ban me for blocking them, either technologically or via threatening posts.
SVN might be easier. I'm not sure CVS is, especially the second you have to do anything more than those four operations.
Many people confuse "can't" with "won't", even in the personal case. I absolutely can walk down the street naked. I won't, because it's embarrassing, illegal, and unhealthy in this weather. (b) a corporate board of directors and corporate officers are pretty much required to choose the corporation's self interest. I'm not entirely sure, but I'm guessing that this follows the same rules. A corporate board of directors, and corporate officers, very well can choose an action that is not in the corporation's interest -- or not the absolute best, profit-maximizing move they could make.
They might well lose their job and their reputation, and have to start over in the mail room somewhere else, but they have that choice. In fact, they might gain a reputation for being an ethical person, which isn't bad.
So it is, again, that they won't -- that they care about their job more than their ethics. And if they care about their job that much, it probably has something to do with the money.
Sorry, I haven't looked at the structure of an actual TCP packet in a long time, but I have no idea what you're talking about. What happens if you want to embed user-entered data in the control? Well, that's easily handled, too, by moving everything except the framing sequences in the control channel into the data channel, so everything is data. Great, so now we can have exploits based on manipulating the data instead.
There are incredibly simple solutions here, already implemented. There's prepared statements, which I think may work at the SQL level, not sure. Then there are higher-level APIs, like ORMs -- the better ones make it easier to be secure.
Making yourself vulnerable to a SQL injection is every bit as stupid as running 'eval' on that user-entered data. And I really do like that my language of choice has eval. Just because idiots use it to make themselves insecure is no reason to throw the technology away.
I agree in principle, but this is a solved problem. Most database APIs allow prepared statements. Platforms like Rails abstract away most of the need to write any SQL yourself -- AND it fakes prepared statements.
The only reason we still have SQL injection is, we still have armies of morons writing crappy PHP and VB pages. Not that it's impossible to write good PHP, but it sure as hell doesn't encourage it -- do I use mysql_escape_quotes, or mysql_real_escape_quotes, or what?
Actually, they already include a Webkit engine in Air, which is their Flash-based desktop app platform. It's not hard to imagine them porting that to Flash.
As distasteful as that seems, it would have one nice side effect -- there are a few places where Flash is pretty much the only option. MySpace, for example, allows Flash widgets, but not iframe widgets, because Flash widgets are more secure. With Webkit inside Flash, we'd be able to build a normal AJAX/iframe widget, and just wrap it in Flash for retarded sites like MySpace.
And that is what text ads are for.
If a site is going to insist on me watching Flash ads, I'm not going to use that site. End of story.
Offtopic, but it looks like Savannah gives them a choice of CVS or Git. And they chose CVS??
When you watch the news, the sponsors products will turn up in news articles when possible. This isn't a coincidence. And when you pull this enough, people start to catch on, and dislike it. That's actually one of the reasons Google was successful in the first place -- they separate out the "sponsored links", clearly and plainly, and otherwise deliver solid, accurate results.
The theory is, at the very least, you want to pretend to be ethical, even for business reasons alone. Altruism works, evolutionarily, for individuals. Why not for corporations? My point is there is a real disconnect between how people act in businesses (particularly in America) and how a person acts in the real world. And my point is, that doesn't excuse how people act in businesses.
Maybe there was no excuse or apology in your statement, but it is frequently phrased like that, or worse, "What did you expect? This is how it works. Can't do anything about it." There are no(or at least very few) people born with the sole intent of damaging the earth or harming others. In our youth (particularly university students) we tend to embrace the cultures of idealism and see the corporate world as blood sucking and alien. Yet all these idealistic individuals somehow disappear. Having reprioritised or flattened their internal needs to do good on the society as a whole, and worry more about things like: will I lose my home? Ok, I can sort of see your point, up to "will I use my home" -- sorry, but I doubt anyone at Google would lose their home if YouTube had stood up to the CoS.
And I have seen the result of someone breaking out of that corporate hell, by the way. There is a very real, visible difference between someone working for a corporate overlord and someone working for something they believe in -- in this case, a small startup.
To anyone worried about losing your home, I ask you this: Will it still feel like home once you know what it cost?
And yes, I do work for a living. I stand by this: There are certain things I will not do, for any price, and I can and will move to a smaller apartment (or room) and eat Ramen, if I have to.
They are associating with the PRC, so maybe guilt by association, but it's not as though the PRC would stop just because Google refused to censor. They'd just block Google, and everyone there would use Baidu instead.
Google also indexes the entire fucking Internet, so the filtering is bound to slip up somewhere. Things will slip through the cracks, as opposed to not going through at all. That's also good.
Doing business with the PRC does support the PRC, which is bad. And they are actively censoring, which is evil. That's why it's debatable both ways.
Caving to Scientologists is pretty much unarguably bad, with pretty much zero positive side effects.
First, I know what many of those sites are. I know exactly where to look for downloads on most generic corporate sites. And I know how to boot Linux if I need to lspci, or even just lsmod to see what was autodetected.
And second, I enjoy replying to your post. I don't enjoy hunting down drivers. Anyone that works around Windows boxes should already have a USB floppy hanging around if they have RAID. I still call that a WTF.
Why can't I put the driver on a normal USB stick? Why can't I boot a live Windows environment and download it on the fly, as needed? Why can't I burn a separate CD and swap them?
How many different ways are there to solve this problem, short of plugging in a USB floppy? Still, it's not something (as referenced later in the thread) a multi-hour, a full day, a two day ordeal. It's simply not what folks are cracking it up to be. The last time I installed Windows on my laptop, it was, in fact, a full day ordeal.
It came with Vista. Microsoft's own HD-DVD tools were not compatible with Vista, so the company bought me XP SP2.
Probably most of my time was spent imaging the Vista system...
I then installed XP. This was fast enough, but no video drivers. Expected, really.
Then I downloaded the appropriate drivers from the nVidia site... and they didn't work, claimed I didn't have that card. This is especially weird because the nVidia Linux drivers worked fine.
Checked the Toshiba website (it was a Toshiba laptop) -- no drivers at all. Apparently XP isn't supported on this machine. (What's more, when I called later about the optical drive not working, on either Linux or XP, they insisted that I install Vista. Only after attempting to boot the Vista CD failed did they believe me.)
Finally found the drivers on the Toshiba UK site. They're out of date, and not much chance for updates, but they work. Still came in like ten or fifteen different files, probably only five of which were relevant, and of course, it can't be just a driver, it has to also be the Toshiba Control Panel or whatever...
And yeah, all that, plus downloading Firefox, installing Visual Studio, Eclipse, and HD-DVD tools, antivirus, antispyware, Tortoise SVN, setting up an encrypted partition -- was a pretty solid day, probably day and a half. Absolutely a solid 3-4 hours, at least, trying to track down drivers alone (including calling them and being told to fuck off for using XP) -- and I would never have found them, except for one other guy in the office who had an identical laptop (also with XP) and found me a link.
Compare this with Linux -- the only thing that didn't work was the soundcard. Upgraded to Hardy, and now it works. And yeah, that sucks, but you know, I can work without a soundcard, I can even plug in a USB audio device. If you want to say which one is better, yes, Linux is the obvious choice, but it's not going to be the simplest and easiest thing on earth depending on your hardware and requirements of the system. That's pretty much what I want to say, and I agree. No OS is easy. But Windows is the hardest I've had to install, unless we count individual Linux distros, in which case, Gentoo is harder. Yes, I will admit that compiling your OS from scratch, with barely a script to help you, is harder than installing XP.
Not entirely sure what that has to do with my post, but thanks, that's interesting.
I'm also not entirely sure I like transactions yet. Haven't thought hard enough about it, yet.
I don't know what the equivalent would be, but I'm betting you didn't emerge something bigger, like "kde" or "kde-desktop".
And I never bothered to check, but I suspect that it's possible to do the same with Debian. I like kicker, though, so I haven't bothered.
And naked kids running around, playing, exploring, laughing... running between the tribes. They don't know that the other tribe is something to fear until their parents tell them to.
Maybe we're "born into fear" in that we fear everything until we find out not to -- but then we start to find out things that are safe. And to make subtle decisions about people, especially based on something like their beliefs, is absolutely something learned.
Never seen Yu-gi-oh, so I'm not sure where that comes from. From the ads I have seen, I hope you're joking -- even if Riddick wasn't a great movie, I wouldn't call it bad.
The Anime short that they did might have been like that, though.
No, Wild Wild West is bad. Riddick is just ok -- but I do like the character, probably watch anything he's in. I'm going to alienate Serenity fans, but Serenity just doesn't measure up to the average Firefly episode. Compare to Objects in Space or Out of Gas. Serenity's more on the level of Heart of Gold or The Train Job. Not stellar but better than The Message. Gah! I probably shouldn't comment, given that I disagree with just about all of that.
Out of Gas is probably my favorite episode, though it's hard to choose a favorite. I liked The Message, especially the music.
And of course, loved Serenity, particularly the end. Taking off through the storm, and out into space... been a very, very long time since I've been excited about space travel.
That, and the opening sequence -- smooth, smooth transitions, from the backstory, to the school room, to the lab/escape, to the hologram... And then the camera flying through the ship. At least as good cinematography as in Out of Gas, and that's saying a lot.
I don't know if I really dislike any of it, except maybe The Train Job -- but only because the pilot should've been shown first.