I'm not sure if you're really trolling or not...
So let me risk wasting a little time...

You're right that Iran isn't being constructive about their reaction and actions - they're acting childish too.

But does that give us a pass? Surely it doesn't mean that assassination of their scientists, supporting the proxy war, flying spy drones over their country, supporting the MEK etc is all well and good. [They shot my dog, so I can shoot their kids?]

Surely you wouldn't make that argument, right?!

I can't easily change Iran - it's hard enough changing the thinking and actions of MY country.

Rather than futilely trying to force someone else to act different, I need to constrain myself.

Perhaps if I look at MY actions first, I may find reasons for the *reaction* I get from those I interact with.

So, Yes - Iran is doing lots of stupid things too. They're at least partially responsible for the bad relationship. [But if I look at the magnitude of the insults and bad-blood over the years - it's pretty obvious to me [and perhaps you'll disagree] that we [the US] are way more than 50% responsible.]

Further I know that I can only change *my* actions, *my* character - and *my* country. I can't change you, or your character, or Iran.

So, as in any bad relationship, change YOURSELF first and see what happens. You may [almost certainly will] find that change in your character and actions for the better has very magnified impacts on the others in that relationship. It may not lead to a place where everything is just "peachy keen" - but it's different. Then you can decide what you'll do different next.

However, THE recipe for total loss, stalemate, and disaster is to wait for the other side to do it different first.

It would seem from your posting above that you're going to wait by for the other side to change first. Sort of like the two little kids yelling at each other; "he hit me first." It might even be true - but taking that approach only means the war continues forever.

Change starts right here.

* with Me *

If I'm not willing to admit my faults and character flaws, why should anyone else start first?

I'm making the point that WE [the US] are a serious part of the problem, and demonizing the Iranians and their government won't solve a thing. It will just mean that more Americans and more Iranians end up dead or otherwise injured [mentally, physically, emotionally, financially] somewhere. We can complain about how badly the Iranians treated us, or we can recognize the horrible things OUR government has done in our name - and without a lot of complaint from the population. We can strive to learn the lesson.

Or we can continue to keep repeating the same lesson again, paying the high price each time in blood and treasure.

I, personally, strive to learn my lessons the first time.

-Greg

Lets see here. We're waging robo war in Pakistan, Afganistan, Iraq Yemen - virtually surrounded their whole country - some 100K troops near their borders.
We're beating the drums of "Those Iranians are the worst since Hitler..."
We're probably assassinating their scientists.
We've invaded multiple countries without provocation for a long time, and waged countless covert wars and actions against those we don't like.
We supported a proxy war [using our best friend Saddam Hussain - (where have I heard that name before?)] using weapons of mass destruction against the Iranians, using US intelligence.
And less than sixty years ago we helped overthrow a democratically elected government in Iran and put in place the Shah. [Who was evil in ways that Hitler *would* understand.] ...and if I understand you, you're complaining that the Iranians used some props you find offensive.

You sir, have a most misplaced sense of decency [or a most woefully inadequate knowledge of the history of the dealings of your country].

Of all the offenses betwixt the USA and Iran, I'd posit that the balance isn't even close to parity. The Iranians have a lot of IOU's due against the US. [Like enough to use one every day for a century.]

Look at ubiquiti's stuff. M5 Wireless bridges out to to the AP's and UniFi [normal or long-range] for the clients.
www.ubnt.com
Nanostation M5 [5Ghz]: http://ubnt.com/nanostationm
UniFi: http://ubnt.com/unifi

Not as slick as Ruckus or some other stuff, but incredibly cheap. [Bridges are about $200 for a pair - and super solid, massive through-put. UniFi is about $70 per AP.]

You also get the ability to help pay for the system via UniFi. [Paypal subs, no admin reqd. Vouchers for "free" use etc.] That's all included for "free" in their system.
Plus you can use Pico's for outdoor use. Already weather-proof.

[I've not run the Pico's - so check it out in the forum: http://www.ubnt.com/forum/forumdisplay.php?f=48 - you should be able to get your answers there.]

It's really some of the best bang-for-the-buck for non super-high-density WiFi use around, IMO>

-Greg

+1 for the parent
or simply shoot the pages with a digital camera and if needed do some post-processing.
You can even have full color if you need it.

This is overkill for your project, but may lead some interesting places.
http://www.diybookscanner.org/

-Greg

Lastpass - and a sealed envelope with your master password.
Or, last pass and share passwords you can allow.

While Last pass is likely to vanish after x years, there will be some similar solution in the future.

The sealed envelope is pretty good, provided you can leave it somewhere someone else [and not everyone else] can get to it.

-Greg

Here's the explaination I heard recently, and I think it's the best I've ever heard.

You want to train a dog to come when you call.

So, you take a 1 kilo steak and call him - and you feed him the whole kilo at once.

OR

You cut the 1kg into 200 pieces. Then you call him to you and give him once of the pieces. Repeat 200 times.

The first got a BIG reward, but only once. The dog's going to be sated for quite a while.
The second gave a small but substantial reward very often. And better yet, the dog will want another almost instantly.

The second method will "train" your brain to respond in the "desired" way lots faster than the first.

Smoking is a small hit, many times a day, perhaps many times an hour.
Heroin is a BIG hit a few times a day.

Smoking will condition the neurons in your brain a lot faster and more reliably than heroin will.

HTH

I've posted this before, but thought I'd do so again...

And the problem is that, for all the compliments that others pay me, calling me "talented" and "intelligent," I feel paralyzed, like everyone is always expecting something great to come out of me, and all I ever do is disappoint when I don't meet those expectations. So I stop trying.

Read Carol Dweck

Here's what I've posted before...
---.
http://en.wikipedia.org/wiki/Carol_Dweck

In short, there may be some upper limit to raw brain power, but for most, that limit isn't ever reached.

So, claiming that "intelligence" is some inherent trait and, like most, assuming that failure equals non-intelligence causes a whole range of problems.

People can sharpen their skills and those skills are usually viewed as intelligence.

The real rub is this: When kids think they are "intelligent" or not, then nothing they do can impact that inherent trait. They will do all sorts of odd things to avoid failure and being labeled "stupid." [The inverse of intelligent.]

When they are told they can learn, and that "intelligence" is not a fixed trait, they do much better, and the odd behaviors of attempting to either gain entry into the "intelligent" club, futility of being in the stupid club, or working to avoid losing the "intelligent" club card vanish.

Read this: [It's from Dweck herself. Her book "Mindset" is an excellent start too.]
http://web.me.com/dianamadsen/Walden_Webpage/Parent_Resources_files/The%20Perils%20and%20Promise%20of%20Praise.pdf

---
Seriously - I think this is a MUST read for any parent. Not just parents of talented kids - ANY PARENT - ALL PARENTS.

I think many of us see the truth in this work and appreciate it more because we can see these forces at work in our own lives.

-Greg

No, CIH was a virus that trashed the BIOS as part of it's payload.

On some systems it was unable to modify the BIOS and so the *payload* wasn't delivered - so to speak. But it never "infected" the BIOS - in that there was never any attempt to get running code in the BIOS.

And if somewhere somehow it placed running code in the BIOS, it should be viewed as like a million monkeys at a million keyboards. Eventually one will type something readable.

That's a FAR, FAR cry from writing code that intentionally infects the BIOS and does "useful" things in that code.

CIH is/was not even close.

Really, when was the last time you talked to an insurance company and thought: "They really attempt to be the best they can at their job.

Ah, me neither.

-Greg

But it doesn't have to stay that way.

A vendor could easily offer a service to customers that would be the expert in choosing the notary's who are trustworthy, perhaps offering their own notary service as well. Now the vendor selling this service has an incentive to actually protect the user - since if they don't, they lose trust and then lose the customer and their dollars.

And given a little time I'd guess there would be several stable notaries out there and would be well trusted.
There would be services that would help the user choose a reliable bundle of notaries who can be trusted - given the users comforts and needs.

So, yes - at this point in time, it does require a knowledgeable user.
But that wouldn't *have* to be the case at all, and in fact having vendors who have their primary purpose in serving the user and maintaining their trust - is exactly what would decrease the need for end user knowledge. They would provide a service who's interests are aligned with the user, rather than screwing everyone for the most cash. [Either by selling certs to any warm body, or by terrible security because it might cut into profit, or simply because they're too stupid to know better...]

There are certainly some things that will need fine tuning and it's a system that will need critical mass - but that's true of any replacement. And this one appears to be one that could co-exist with the current system until critical mass is reached.

-Greg

True enough....

But the whole framework behind certificates and CA's is the problem. This is just a symptom of the problem.

Moxiespike: "Who are you going to trust, and for how long?"
If the answer to how-long, is forever - then you probably have a problem.

The problem is there's no real way to handle problem CA's - and you don't get much choice, and the system is too moribund and static to respond to problems like this.

So, yes we can fix this *specific* problem by getting every browser to re-work the trusted CA's and then get everyone to install the new browser with the new set of trusted CA's.

But that will still leave a small group of people making choices about YOUR trusted CA's. And the latency to make those changes is *very* high.

Not much of a solution, IMO.

Truly, everyone should take the time to listen or read Marlin Moxiespike's proposal.

Moxiespike at BlackHat USA 2011 here .

Read about it.

Show me ONE example (real or hypothetical) where a DNS record has been altered (with or without the cooperation of the DNS provider) by someone other than the legitimate domain owner (e.g. hackers, government etc) where storing certificates in DNS would make things worse than if the site was using current CA-issued certificates and I will accept your arguments.

Seriously? Sex.com was totally hijacked. There are literally thousands of cases where domains get owned. [And once you own the domain its DNS is certainly available for tampering.]

Next, if you are willing to tamper with the whole chain, then nothing will help the user. Easily within reach for a government or serious party handling DNS - and there's no protection.

Why settle for a half measure at best. We're going to have to redesign a whole set of things - lets really try to do it right and make the replacement agile. As MM points out. "Who are you going to trust and for how long." If you can't easily/gracefully [or even ever] change who you trust, then you probably have a problem.

where storing certificates in DNS would make things worse than if the site was using current CA-issued certificates

Man, what a high bar you have there for a "better" solution. 'It's better than the totally broken current system.'
Your argument amounts to: "Well, yeah, rape sucks. We think you ought to get mugged and violently assaulted instead."

Huh? Really?!
Let's just assume CA's *are* worse than DNSSEC - just for the sake of argument.
In that case that DNSSEC would be better than the sketchy CA's. But simply being a little better than what's currently in place shouldn't be where we set our aspirations in coming up with something new and better.

How about, instead of aspiring to get violently assaulted, you work for something a LOT better.

Go ahead and actually read or listen to the talk.

If you won't trust the SSL authorities, and I don't - then one would assume that trusting the registrars/TLD's/root/or country TLD's would be even more crazy.

IMO, DNSSEC simply doesn't really solve the problem, and shouldn't be the "solution." We should look for and design something better.

-Greg

And when the DNS servers are subverted to point to bogus SSL certificates, then what?

You do happen to know that you'll have to trust the government [ISP etc] not to mess with DNS, and a one-stop shop to subvert both your domain and your PKI is just what they'd like to have.

SSL certs authenticated/served by DNS is not a fix, IMO - because DNS isn't any more secure from powerful interests than SSL is. [And it may even be less secure.]

This truly is a hard nut to crack, and knee-jerk solutions like "tie it to DNS" won't solve the problem in any robust way.

-Greg

Pardon me if I'm not overwhelmed.

MS: "Yeah, your home is like Fort Knox - no one will break in through the new stuff we built. Mumble mumble mumble"
Me: "What was that mumbling?"
MS: "Well, everything is really secure, except the old stuff - like, you know, the doors and windows. That's old stuff. You can't hold us responsible, even if we built it. Only the new stuff matters and it's like a rock! No one will break in through the roof or walls!"
Me: "Ah, yeah - I feel so much better already!"

Sheesh.

If the new stuff is SO much better, and it's all that old crap code, then go back and fix it. Until then, I'll assume security doesn't matter much to you since while they can't break the "new" code - there's loads of old code that's full of holes. The practical experience is "it's full of holes." I don't much care where they come from.

[And even then, I don't yet buy the "Well the new stuff is so much better." because I don't see much evidence of it.]

-Greg