It was news on slashdot before the firmware release:
http://games.slashdot.org/story/10/03/29/0227251/install-other-os-feature-removed-from-the-ps3

Moral of the story might be:
Don't upgrade before reading.

It might be nice of Sony to supply a changelog before the update on the machine itself. They present an EULA to the user, maybe below is the changelog (but we all know nobody reads the EULA).

But you didn't have to upgrade to a version without Other OS option, at the cost of losing other options (online play).

But I installed Linux on it and tried to use is, unless you had some use for the Cell SPEs it was useless. No GPU access, slow disk I/O and less RAM than a decade old machine. If you were targetting Cell/SPE from Linux you wouldn't have upgraded. To my understanding current GPU it much nicer target. For me nothing of value was lost, though I didn't gain anything in return.

You block dns?

Why would someone be connecting to random openvpn servers? But maybe you didn't get the idea, you only allow people to make connections to THEIR vpn servers, so they can do whatever they want without exposing your IP adres to the world.

There are a few options:
-take part in an "open" network that has some accountability (eg FON (good luck finding a functioning hotspot))
-only allow VPN connections (good luck filtering)
-tunnel your open network through TOR, you will not be implicated in any unlawful actions (slow but not my problem)

"Or how do you think the signature of com gets onto the public key of example.com? Magic?"

It doesn't. And you are confusing a web of trust with CA, it's like PGP. com. can only tell a dnssec user what it thinks the public KSK of example.com. is. That should have been communicated in a secure way to com. It is oneway trust between direct parent-child relations in the dns tree.

If you just kept reading instead of getting distracted by flash, you'd have seen the next link point to human readable text explaining (briefly) how dnssec works and how to implement it for a specific named. I just have to hope you read past flash this time.

Like I said, for the local market dnssec presence is huge, and last time I checked NLD is still part of the real world and it still has some influence on it (especially considering its size).

But .com has everything in place to do dnssec. So if an owner of a .com wants to get dnssec support, they should get a dutch dns provider, there are many that give the customer the option to activate dnssec.

But there are no CAs in DNSSEC. There are only public/private keypairs under control of the owner of the domain.
www.example.com. has 3 pairs/signatures to check:

• .
• com.
• example.com.

example.com. tells the com. authority what it's public KSK is.
com. tells the root zone what it's public KSK is.
The public KSK of the root is known by all people/software that want to check dnssec signatures (the weak point since how do you securely distribute and update that one?).

Math fail detected: 250*10^6 domains, 5*10^6 .nl, 10^6 .nl with dnssec. So atleast 0.4% of all domains are dnssec:
5/250/5 == 0.004 * 100% == 0.4%
.nl is in the 5 top of most used country TLDs. .nl is used for about 70% of the domains targetting the dutch market. So dnssec implementation is huge for the local market. And while it still might not be perfect, it is better than just plain DNS.

No catch, just a discount per domain registered for dnssec (0.28 EUR/year). I have about 1k .nl domains, I spend a few days figuring out what dnssec was about, how to implement, test and maintain it. Activated it on the corporate domain, some personal and a couple of test domains and waited 2 months to see if there were problems (none). So now it is active for all domains saving us 420 EUR till the discount ends in 2014-06. For us it was not enough to cover the expense of my time, but this had to be implemented eventually, so better do it now while you still get some discount.

"its certificate system is just as broken as the SSL cert system is now"

Can you explain this? DNSSEC hasn't got much common with the SSL cert system. There is only 1 root authority, the weak point during a key change. Each domain/tld has their own (multiple) keys. tld and domains should regenerate the short Zone Signing Keys fairly often (a couple of weeks), while the bigger Key Signing Keys should be regenerated about once in a year. If a tld is compromised it only has to create a new KSK, individual domains aren't affected (IIRC). If an individual nameserver or domain is affected only that server of domain needs to regenerate a KSK.

Nobody is using them? 1/5 of the .nl domains are registered DNSSEC domains:
http://xs.powerdns.com/dnssec-nl-graph/

Why choose this instead of powerdnssec? I strongly suggest the dnssec training at http://www.dnsseccourse.nl/en/player.html (flash) to improve one's understanding of the dnssec protocol. And powerdns to implement it http://doc.powerdns.com/powerdnssec-auth.html

BTW dnssec adoption is amongst the highest for .nl in absolute numbers of domains, simply because there is a bounty for every domain signed. If you have a few hundred of domains the costs to implement are lower than the discount given till mid 2014 == profit for implementing dnssec. And since powerdns does all the hard work automatically and dynamically in a transparant way (except importing the DS key in the tld)

"Dunno about iOS, Android or Windows Phone, but MeeGo has a very effective battery-saving mode, which dims the screen, does not use data connections unless you manually start them and automatically disengages once you start charging it."

There is an app for that.