Um, how in the world is an IT guy making a Star Trek reference surprising? Why would an educated Arab making a comment referencing one of the most famous Arab poets (Kahlil Gibran) be surprising? (I've read through 'The Prophet', it's a poetry book that has as much to do with Muslim extremism as Shakespeare). I think you might need to take the aluminium hat off and/or come out from under the bridge and relax a little bit.
Surely, in the big scheme of things, Osama's death really doesn't matter that much. Don't take the mediatainment as seriously as it thinks you should.
Reps last 2 years, Presidents 4, Senators 6. It's all right there in the current system. Nobody has "job security." The majority can vote out anyone at every election.
Exactly, I think a better 'fix' would be to remove or at least limit the money involved in getting elected. As long as money is the main motivator (because $ does = votes), politicians will have to spend the majority of the their time seeking donations instead of legislating and US politics will continue down the plutocracy path. That said, I don't know what the best way to do this would be: enforced spending limits?, public financing?, enforced receiving limits?, something else?, some combo?
1. Allows better control of what addresses end up on what subnet (e.g. I might want to have my servers on the 0:dead:beef:1 subnet and my clients on the 0:dead:beef:2 subnet)
If they're physical subnets, this shouldn't be a problem. If they are logical subnets, you could let each machine have an address in each network, it probably wouldn't matter too much. It also looks like (i.e. untested by me) you could set up auto-configuration to configure a specific addresses per machine, although I don't see this as any better than DHCP (i.e. you have to have a separate address configuration for each network node in either case.)
2. Doesn't require me to manually reconfigure lots of IP addresses - set it once in DHCP and it's enough
Setting an address prefix once in the router versus having to have a configuration on the DHCP server for each individual machine? I'm not seeing the advantage.
3. Autoconfig doesn't guarantee a machine will have the same IP while DHCP will... And a few other reasons.
TLDR; Better security, more convenient to administer.
It does guarantee the same address (unless you change prefixes, but if you're doing that all your addresses are changing anyway, and given the prefix, you'll know the new address). I don't see any more convenience to have to update individual machines within a DHCP configuration as opposed to just changing a network prefix, but I may be missing something. As for security, the internal MAC addresses can be hidden by not using auto-configure. I'm not sure this is a big gain, it assumes you're not using a firewall to hide internal addresses anyway (port forwarding, IPv6-to-IPv6 NAT, or something), in which case the attacker knows the addresses of externally visible machines. Having the MAC address of the machines as well is probably not a huge advantage (although hiding them certainly wouldn't hurt).
Oh and I can't help noticing the description about D&D is reminiscent of ANY organization. A Master ordering people what to do? Sounds like the President of my country or the CEO of my company.
So please, enlighten me and others, what makes Beck/Michelle worse than Franken? In your opinion but backed with facts? Thanks.
I probably shouldn't respond to trolls but I went looking for quotes anyway. I actually looked for the worst Franken quote (it took some effort, and I would say it is still mostly a fail), the others I just picked whatever crazy one came up first (these two were easy). By the way, go looking yourself, Franken has some interesting, thought inspiring quotes (and some dumb ones). Michelle has some stupid ones, but mostly religious rabble rousing quotes. She wants to live in a fantasy land, but I would at least call her sane, barely, although not reasonable. Beck has a lot of seriously, need some therapy, type quotes. Beck is so far down the track on the crazy train, I don't think the word 'reasonable' exists in the dictionary of whatever reality he exists in.
"I do personal attacks only on people who specialize in personal attacks."
-Franken
Would you kill someone for that?...I'm thinking about killing Michael Moore...I could kill him myself, or if I would need to hire somebody to do it,...No, I think I could. I think he could be looking me in the eye, you know, and I could just be choking the life out. Is this wrong? I stopped wearing my What Would Jesus — band — Do, and I've lost all sense of right and wrong now. I used to be able to say, "Yeah, I'd kill Michael Moore," and then I'd see the little band: What Would Jesus Do? And then I'd realize, "Oh, you wouldn't kill Michael Moore. Or at least you wouldn't choke him to death." And you know, well, I'm not sure.
-Beck
[Same-sex marriage] is probably the biggest issue that will impact our state and our nation in the last, at least, thirty years. I am not understating that.
Why is this listed as news? This is entertainment at best, and pretty poor entertainment at that. If I wanted useless drivle like this, I would be watching any of the major TV channel tabloidainment shows instead of reading slashdot.
In a world where the current products are different than the previous ones and should be judged on their own merit. Or should nobody ever buy Sam Adams's Noble Pils this spring because the old Spring White was kind of shitty?
If you bought bad beer from a company, you should be hesitant to purchase more beer from them. If you have had Sam Adams in the past that was good, but the last one was bad, you might be more forgiving. That is, if it's possible to judge over a range of products, you should. But if you've tried a variety of products from a company and they were not very good, you could probably guess that the newest product was going to be bad too.
As for MS, I think its past speaks for itself. It's only strong selling point is its ubiquity. Which is a strong selling point. Otherwise, I think the evidence is generally that they either purchase good software and make it worse over time or that they just make mediocre to bad software. (They are also great salesmen).
What constitutional rights of the defendant? Property does not itself have constitutional rights only persons, and in those cases the property itself is the defendant.
Which is, of course, patently ridiculous. Unless you're in a Terry Pratchett novel and you were just run over by some luggage which is currently sitting in the corner looking incredibly innocent.
Yes, without doing local resolution, there is a possible vulnerability between the DNS resolver and the host.
Without checking the openssh website, though, I think you can assume that if they don't have local dnssec resolution yet, they will have it, at least as an option, in the future. I.e., there are a number of dnssec resolving libraries available for them to use, so it be a matter of choosing one and patching their code to support it. It's just a question of when.
DNSSEC secures it against hackers, but makes it more vulnerable to political attacks. Because DNS was designed to be centralized.
I don't understand. DNS is centralized and is somewhat vulnerable to political attacks. But how does DNSSEC make it more vulnerable? (It seems no different to me).
Just out of curiosity, does that mean you wouldn't mind the same treatment when you go over state borders in your car/bus/train? You'd have the same simple choice of being seen digitally naked or getting patted down and searched by hand. They could set it up at truck scale locations and require all vehicles to stop.
Your same logic would apply. The government would not actually be denying interstate travel. You would be free to walk, ride a bike, or ride a horse without being seen naked or body checked. It would be your choice to get in vehicle, but it wouldn't be required. Is your privacy worth the extra 10-30 days walking? Would that make state border searches okay for you?
No it wouldn't. You didn't have to try and opt out pre-95. You could participate in life without having to worry about it following you forever (well, not worry as much anyway).
Pre-95... go to a party, get drunk, act like a complete imbecile. Most of your friends know and give you a hard time about it for awhile and it goes away.
Post-95, five years after that party, the company you're apply to work at finds pictures of you being said imbecile, no job for you.
Pre-95, don't have to worry about your friend taking a picture. The number of people ever seeing it is small.
Post-95, Anyone anywhere could see that picture for the rest your grandchildren's lives.
Social sharing on the Internet is much more invasive than implied by previous statements. It will likely provide more culture changes than any of us can possibly imagine (for good and bad, I'd lean toward mostly good). It would be really interesting to see what will happen in a couple generations.
You're comment has a couple mistakes, it should be 'never ever write in your report...'.
But most importantly, in English you must always start these stories with, "I never though this would happen to me,". Your English teachers were sorely lacking...
Honestly? I'm just tired of the anti-FOX bashing. All of the other TV channels are pro-"we need more government", and it's nice to have at least one channel that is pro-"smaller government is better". As government grows individual freedom shrinks... or worse: becomes chained.
If you think Fox is pro smaller government, I don't think you and I have watched the same channel. If you said they were pro-ratings regardless of the truthiness, I'd agree. If you said they were pro-small government when then they didn't like the current government, I'd go along with it (given the ratings thing has a generally higher priority). But there has been plenty of times they've been pro bigger government as long as they agreed with they government.
Just to cover my bases, yes the other (I guess I'll call them 'news'... no scratch that) tabloid channels are also ratings whores. My qualitative (and definitely biased) personal opinion is that Fox tends to be one of the least truthful and least accurate of TV tabloid channels. My guess is that they are also quantitatively so. But then, I feel like I'm arguing over which performer gave the best show on the Titanic.
"I have two children, one of whom is a boy. What's the probability that my other child is a boy?"... it is given that the FIRST child is a boy.
I must admit that English is not my native tongue but I fail to see how this gives that the FIRST child is a boy. Doesn't "one of whom" implies that it can be either the first or the second?
I am a native English speaker. "One of whom... my other... ", does not indicate a birth order. [unless there is an English dialect I'm unaware of that requires that any time you speak of more than one child in a sentence, you must talk about them in birth order.:) ]
In fact, for word problems, the reader can not count on anything that is not explicitly stated. For such questions, this phrasing implies a purposeful lack of information regarding birth order.
...but I remember enough to say that holding a city's computer systems random [sic] (which is essentially what he was doing) certainly deserves a guilty verdict on a count of "computer tampering." You really think it's acceptable under any circumstances for someone to hijack a network like that? Yes, he works there and technically "administrates" those machines, but he has a duty to his employers (ultimately, the citizens), and he was not upholding that duty.
I remember it differently. Either that or this is for some other definition of "hijack", "ransom", and "duty" than the definitions commonly used and found in the dictionary.
"hijack" : He didn't take it over, he was the network admin.
"ransom" : He didn't ask for any ransom, he stated he would only give the password to the Mayor.
"duty" : According to how he interpreted the written job requirements, giving the password to anyone else much less a roomful of known, semi-known, unknown and a phone full of unknown people did not match the written security requirements.
Frankly, from what I've read, I agree. Although, I would hope and expect that the jury has a good deal more information than I have. It does scare me that an ignorant jury could have just been afraid of a "Oh my god!, computer hacker" and convicted him on their emotional response rather than intelligent deliberation. I hope I'm just missing some of the info they had.
Childs not mentioning it in a meeting or conference call, where it might be overheard, is appropriate under the latter policy, but inappropriate given a failure to have initially shared it with the designated central security authority.
I'm not sure what you're trying to say here. "If he failed to have it stored in a central security authority, he should completely ignore all the other policy requirements?". That doesn't make a whole lot of sense to me.
As a completely subjective point of view, judging from the general incompetence, I wouldn't be at all surprised if a 'security administered global password management database' did not exist. In which case, he wouldn't have been able to place his password there.
DNSSEC increases your maintenance costs (constant resigning even if no changes), makes DYNDNS servers harder to run, exposes your zone data, and helps DDOS attacks.
Did I miss anything?
The internet is currently not controlled by anyone but DNSSEC changes this by requiring every domain to have a traceable certificate. Look for greater centralized control by people saying "think of the children" and "this will only be used to combat terrorism". It also pretty much guarantees that new clients will be written to allow DNS lookups in both the "official" root zone and under alternative roots.
I thought I should clear up some worry:
1. DNS does not require DNSSEC. You can still have domains that work just like they do today that do not use the security extensions of DNSSEC. I.e., no more centralized control than you already have today with DNS.
2. On the other hand, I'm not sure what control 'the man' (heh) would have that they don't currently have with DNS. For.com domains, a user goes to the.com servers to find out which DNS they should query for a zone. With DNSSEC, a user would still go to the.com servers to find out which DNS they should query for a zone and also get a fingerprint of the trust anchor for that zone. I don't see any extra control really.
3. You can use DNSSEC without providing your public key to the upstream domain (like.com or.net). In this case, everyone that wants to use DNSSEC for your domain would have to get your trust anchor through a separate path. They wouldn't need the root TA to trust your zone, but they would have to figure out how to get your TA. This is a bit of a pain, but doable. And, of course, you can still just use DNS without the security extensions.
Sure. So you get all the hashes in 2 minutes and then you have a month to crack them before the responses change.
The resources needed to crack one-way hashes of a domain: vey high (probably on exhaustive search of the name space, have fun). The gain of cracking the hashes: the zone file info for that zone.
My guess is the result, assuming it's even realistic to get in a decent time frame (year?, 10years?, how much resources do you have to throw at it?), would not be worth the effort.
To put your anecdotes in perspective: The last time I went to an emergency room in the U.S., it was literally empty, no patients, no nurses, no doctors. I could have been dead on the floor in a large pool of blood for at least 20-30 minutes (I think it was even longer than that but it was at least that long) before anyone noticed. [I didn't have a life threatening injury luckily, but lets just say I was unimpressed with the service]. I have no idea what English ERs are like.
When my brother had his wisdom teeth out, he was laid out for a week. He couldn't eat solid food for most of that time and was completely miserable. He was in the U.S. When I had my wisdom teeth out, I didn't take any pain killers afterwords. I was out the same night and eating just fine the next day. I was in the U.S. I went to the exact same doctor he did. I have a feeling the results you saw may have more to do with the patients, their sensitivity, and their teeth than with the quality of the dental care itself.
In other words, we probably need to look at larger number (i.e. statistics) to get a better idea of which system better serves its society.
Slashdot Mirror
Um, how in the world is an IT guy making a Star Trek reference surprising? Why would an educated Arab making a comment referencing one of the most famous Arab poets (Kahlil Gibran) be surprising? (I've read through 'The Prophet', it's a poetry book that has as much to do with Muslim extremism as Shakespeare). I think you might need to take the aluminium hat off and/or come out from under the bridge and relax a little bit.
Surely, in the big scheme of things, Osama's death really doesn't matter that much. Don't take the mediatainment as seriously as it thinks you should.
Reps last 2 years, Presidents 4, Senators 6. It's all right there in the current system. Nobody has "job security." The majority can vote out anyone at every election.
Exactly, I think a better 'fix' would be to remove or at least limit the money involved in getting elected. As long as money is the main motivator (because $ does = votes), politicians will have to spend the majority of the their time seeking donations instead of legislating and US politics will continue down the plutocracy path. That said, I don't know what the best way to do this would be: enforced spending limits?, public financing?, enforced receiving limits?, something else?, some combo?
A public key on the local recursive dns is used to verify the root server. The root server verifies the tld's and so on.
Why DHCP? Because:
1. Allows better control of what addresses end up on what subnet (e.g. I might want to have my servers on the 0:dead:beef:1 subnet and my clients on the 0:dead:beef:2 subnet)
If they're physical subnets, this shouldn't be a problem. If they are logical subnets, you could let each machine have an address in each network, it probably wouldn't matter too much. It also looks like (i.e. untested by me) you could set up auto-configuration to configure a specific addresses per machine, although I don't see this as any better than DHCP (i.e. you have to have a separate address configuration for each network node in either case.)
2. Doesn't require me to manually reconfigure lots of IP addresses - set it once in DHCP and it's enough
Setting an address prefix once in the router versus having to have a configuration on the DHCP server for each individual machine? I'm not seeing the advantage.
3. Autoconfig doesn't guarantee a machine will have the same IP while DHCP will ... And a few other reasons.
TLDR; Better security, more convenient to administer.
It does guarantee the same address (unless you change prefixes, but if you're doing that all your addresses are changing anyway, and given the prefix, you'll know the new address). I don't see any more convenience to have to update individual machines within a DHCP configuration as opposed to just changing a network prefix, but I may be missing something. As for security, the internal MAC addresses can be hidden by not using auto-configure. I'm not sure this is a big gain, it assumes you're not using a firewall to hide internal addresses anyway (port forwarding, IPv6-to-IPv6 NAT, or something), in which case the attacker knows the addresses of externally visible machines. Having the MAC address of the machines as well is probably not a huge advantage (although hiding them certainly wouldn't hurt).
Oh and I can't help noticing the description about D&D is reminiscent of ANY organization. A Master ordering people what to do? Sounds like the President of my country or the CEO of my company.
Or, a judge in a courtroom....
So please, enlighten me and others, what makes Beck/Michelle worse than Franken? In your opinion but backed with facts? Thanks.
I probably shouldn't respond to trolls but I went looking for quotes anyway. I actually looked for the worst Franken quote (it took some effort, and I would say it is still mostly a fail), the others I just picked whatever crazy one came up first (these two were easy). By the way, go looking yourself, Franken has some interesting, thought inspiring quotes (and some dumb ones). Michelle has some stupid ones, but mostly religious rabble rousing quotes. She wants to live in a fantasy land, but I would at least call her sane, barely, although not reasonable. Beck has a lot of seriously, need some therapy, type quotes. Beck is so far down the track on the crazy train, I don't think the word 'reasonable' exists in the dictionary of whatever reality he exists in.
"I do personal attacks only on people who specialize in personal attacks."
-Franken
Would you kill someone for that?...I'm thinking about killing Michael Moore...I could kill him myself, or if I would need to hire somebody to do it,...No, I think I could. I think he could be looking me in the eye, you know, and I could just be choking the life out. Is this wrong? I stopped wearing my What Would Jesus — band — Do, and I've lost all sense of right and wrong now. I used to be able to say, "Yeah, I'd kill Michael Moore," and then I'd see the little band: What Would Jesus Do? And then I'd realize, "Oh, you wouldn't kill Michael Moore. Or at least you wouldn't choke him to death." And you know, well, I'm not sure.
-Beck
[Same-sex marriage] is probably the biggest issue that will impact our state and our nation in the last, at least, thirty years. I am not understating that.
-Bachmann
Why is this listed as news? This is entertainment at best, and pretty poor entertainment at that. If I wanted useless drivle like this, I would be watching any of the major TV channel tabloidainment shows instead of reading slashdot.
Cmdr Taco owes me 10 minutes.
'MS funded report declares FOSS software cheaper!'
That would be news. This report is not. Why would anyone care or take this the least bit seriously?
In a world where the current products are different than the previous ones and should be judged on their own merit. Or should nobody ever buy Sam Adams's Noble Pils this spring because the old Spring White was kind of shitty?
If you bought bad beer from a company, you should be hesitant to purchase more beer from them. If you have had Sam Adams in the past that was good, but the last one was bad, you might be more forgiving. That is, if it's possible to judge over a range of products, you should. But if you've tried a variety of products from a company and they were not very good, you could probably guess that the newest product was going to be bad too.
As for MS, I think its past speaks for itself. It's only strong selling point is its ubiquity. Which is a strong selling point. Otherwise, I think the evidence is generally that they either purchase good software and make it worse over time or that they just make mediocre to bad software. (They are also great salesmen).
What constitutional rights of the defendant? Property does not itself have constitutional rights only persons, and in those cases the property itself is the defendant.
Which is, of course, patently ridiculous. Unless you're in a Terry Pratchett novel and you were just run over by some luggage which is currently sitting in the corner looking incredibly innocent.
If only that made these laws a work of fiction.
Since no one mentioned yet, http://www.dnssec.net/ is also a good information site.
Yes, without doing local resolution, there is a possible vulnerability between the DNS resolver and the host.
Without checking the openssh website, though, I think you can assume that if they don't have local dnssec resolution yet, they will have it, at least as an option, in the future. I.e., there are a number of dnssec resolving libraries available for them to use, so it be a matter of choosing one and patching their code to support it. It's just a question of when.
DNSSEC secures it against hackers, but makes it more
vulnerable to political attacks. Because DNS was designed to be
centralized.
I don't understand. DNS is centralized and is somewhat vulnerable
to political attacks. But how does DNSSEC make it more vulnerable?
(It seems no different to me).
This was a known problem, but they way(sic) until it really is exploited to then fix it with something untested and thrown together.
It's actually something that people have been working on for quite a long time, many years. It's not a last minute attempt to solve the issue.
Just out of curiosity, does that mean you wouldn't mind the same treatment when you go over state borders in your car/bus/train? You'd have the same simple choice of being seen digitally naked or getting patted down and searched by hand. They could set it up at truck scale locations and require all vehicles to stop.
Your same logic would apply. The government would not actually be denying interstate travel. You would be free to walk, ride a bike, or ride a horse without being seen naked or body checked. It would be your choice to get in vehicle, but it wouldn't be required. Is your privacy worth the extra 10-30 days walking? Would that make state border searches okay for you?
Yeah. It would be just like life before 1995.
No it wouldn't. You didn't have to try and opt out pre-95. You could participate in life without having to worry about it following you forever (well, not worry as much anyway).
Pre-95... go to a party, get drunk, act like a complete imbecile. Most of your friends know and give you a hard time about it for awhile and it goes away.
Post-95, five years after that party, the company you're apply to work at finds pictures of you being said imbecile, no job for you.
Pre-95, don't have to worry about your friend taking a picture. The number of people ever seeing it is small.
Post-95, Anyone anywhere could see that picture for the rest your grandchildren's lives.
Social sharing on the Internet is much more invasive than implied by previous statements. It will likely provide more culture changes than any of us can possibly imagine (for good and bad, I'd lean toward mostly good). It would be really interesting to see what will happen in a couple generations.
You're comment has a couple mistakes, it should be 'never ever write in your report...'.
But most importantly, in English you must always start these stories with, "I never though this would happen to me,". Your English teachers were sorely lacking...
Honestly? I'm just tired of the anti-FOX bashing. All of the other TV channels are pro-"we need more government", and it's nice to have at least one channel that is pro-"smaller government is better". As government grows individual freedom shrinks... or worse: becomes chained.
If you think Fox is pro smaller government, I don't think you and I have watched the same channel. If you said they were pro-ratings regardless of the truthiness, I'd agree. If you said they were pro-small government when then they didn't like the current government, I'd go along with it (given the ratings thing has a generally higher priority). But there has been plenty of times they've been pro bigger government as long as they agreed with they government.
Just to cover my bases, yes the other (I guess I'll call them 'news'... no scratch that) tabloid channels are also ratings whores. My qualitative (and definitely biased) personal opinion is that Fox tends to be one of the least truthful and least accurate of TV tabloid channels. My guess is that they are also quantitatively so. But then, I feel like I'm arguing over which performer gave the best show on the Titanic.
Ex-presso is what espresso used to be....
"I have two children, one of whom is a boy. What's the probability that my other child is a boy?" ... it is given that the FIRST child is a boy.
I must admit that English is not my native tongue but I fail to see how this gives that the FIRST child is a boy. Doesn't "one of whom" implies that it can be either the first or the second?
I am a native English speaker. "One of whom... my other... ", does not indicate a birth order. [unless there is an English dialect I'm unaware of that requires that any time you speak of more than one child in a sentence, you must talk about them in birth order. :) ]
In fact, for word problems, the reader can not count on anything that is not explicitly stated. For such questions, this phrasing implies a purposeful lack of information regarding birth order.
...but I remember enough to say that holding a city's computer systems random [sic] (which is essentially what he was doing) certainly deserves a guilty verdict on a count of "computer tampering." You really think it's acceptable under any circumstances for someone to hijack a network like that? Yes, he works there and technically "administrates" those machines, but he has a duty to his employers (ultimately, the citizens), and he was not upholding that duty.
I remember it differently. Either that or this is for some other definition of "hijack", "ransom", and "duty" than the definitions commonly used and found in the dictionary.
"hijack" : He didn't take it over, he was the network admin.
"ransom" : He didn't ask for any ransom, he stated he would only give the password to the Mayor.
"duty" : According to how he interpreted the written job requirements, giving the password to anyone else much less a roomful of known, semi-known, unknown and a phone full of unknown people did not match the written security requirements.
Frankly, from what I've read, I agree. Although, I would hope and expect that the jury has a good deal more information than I have. It does scare me that an ignorant jury could have just been afraid of a "Oh my god!, computer hacker" and convicted him on their emotional response rather than intelligent deliberation. I hope I'm just missing some of the info they had.
Childs not mentioning it in a meeting or conference call, where it might be overheard, is appropriate under the latter policy, but inappropriate given a failure to have initially shared it with the designated central security authority.
I'm not sure what you're trying to say here. "If he failed to have it stored in a central security authority, he should completely ignore all the other policy requirements?". That doesn't make a whole lot of sense to me.
As a completely subjective point of view, judging from the general incompetence, I wouldn't be at all surprised if a 'security administered global password management database' did not exist. In which case, he wouldn't have been able to place his password there.
DNSSEC increases your maintenance costs (constant resigning even if no changes), makes DYNDNS servers harder to run, exposes your zone data, and helps DDOS attacks.
Did I miss anything?
The internet is currently not controlled by anyone but DNSSEC changes this by requiring every domain to have a traceable certificate. Look for greater centralized control by people saying "think of the children" and "this will only be used to combat terrorism". It also pretty much guarantees that new clients will be written to allow DNS lookups in both the "official" root zone and under alternative roots.
I thought I should clear up some worry:
1. DNS does not require DNSSEC. You can still have domains that work just like they do today that do not use the security extensions of DNSSEC. I.e., no more centralized control than you already have today with DNS.
2. On the other hand, I'm not sure what control 'the man' (heh) would have that they don't currently have with DNS. For .com domains, a user goes to the .com servers to find out which DNS they should query for a zone. With DNSSEC, a user would still go to the .com servers to find out which DNS they should query for a zone and also get a fingerprint of the trust anchor for that zone. I don't see any extra control really.
3. You can use DNSSEC without providing your public key to the upstream domain (like .com or .net). In this case, everyone that wants to use DNSSEC for your domain would have to get your trust anchor through a separate path. They wouldn't need the root TA to trust your zone, but they would have to figure out how to get your TA. This is a bit of a pain, but doable. And, of course, you can still just use DNS without the security extensions.
Sure. So you get all the hashes in 2 minutes and then you have a month to crack them before the responses change.
The resources needed to crack one-way hashes of a domain: vey high (probably on exhaustive search of the name space, have fun).
The gain of cracking the hashes: the zone file info for that zone.
My guess is the result, assuming it's even realistic to get in a decent time frame (year?, 10years?, how much resources do you have to throw at it?), would not be worth the effort.
To put your anecdotes in perspective: The last time I went to an emergency room in the U.S., it was literally empty, no patients, no nurses, no doctors. I could have been dead on the floor in a large pool of blood for at least 20-30 minutes (I think it was even longer than that but it was at least that long) before anyone noticed. [I didn't have a life threatening injury luckily, but lets just say I was unimpressed with the service]. I have no idea what English ERs are like.
When my brother had his wisdom teeth out, he was laid out for a week. He couldn't eat solid food for most of that time and was completely miserable. He was in the U.S. When I had my wisdom teeth out, I didn't take any pain killers afterwords. I was out the same night and eating just fine the next day. I was in the U.S. I went to the exact same doctor he did. I have a feeling the results you saw may have more to do with the patients, their sensitivity, and their teeth than with the quality of the dental care itself.
In other words, we probably need to look at larger number (i.e. statistics) to get a better idea of which system better serves its society.