And also Symantec, and now Entrust. All of these CAs have incredibly sloppy vetting procedures and/or control over their resellers. In many cases they didn't even check CAA records to see if they'd be authorized to issue new certs, even though it has been a requirement for years. They had one job, and failed abysmally at it, relying on their too big to fail status. You can feel the frustration of people like Adam Langley at Google over his inability to bring the banhammer to bear fast enough on those clowns.
Am I the only one that understands 10% of what's going on? Obviously they won't add his CA, and there seems to be some other links to joke requests, but what am I missing?
They are poking fun at the seemingly random (and non-trustworthy) companies which are allowed to issue root CAs and how hard it is to remove them if they reach the "too big to fail" status.
I do this to defang the url to prevent unintentional clicks or automatic previewing when working and reporting on security events. Sometimes the habit bleeds over.
I'm getting warnings on an old Macbook Air that the Firefox CA certs are going to expire... except the OS is too old to update to a newer version. Oh noes!
Do I really care? That would imply I trusted CAs in the first place... all of them.
Yes as far as the title on the Mozilla page goes but: Ahmed is pronounced Achmed (if your first langues is e.g. English).
Among my Arab friends with that name the spelling that omits the 'c' is more common. Another common form is Ahmad which is still pronounced the same.
The version with 'c' is one that contains a pronunciation hint for people whose native language is not Arabic (but probably English). As is the one with the 'e' vs the 'a' as last vowel.
No, it's not. It's a soft 'H' sound in Arabic, the same as in Muhammad. It's closer to the English 'H'. The Scottish 'ch' is a different letter entirely in Arabic and doesn't appear in this name.
I suppose the point is that it's not the voiceless glottal fricative?
To my ears [ħ] sounds closer to [x] and [χ] than to [h] (even though the place of articulation is closer to [h]), but I'm sure it's different for people who (natively) speak a language with all three.
Yeah, I imagine it's an interesting question which of these sounds is more perceptually similar to the target sound. It may well depend to some extent on the native language(s) of the person who is listening.
From the thread it seems like they’re poking fun at browser vendors adding untrustworthy CAs to their trust store and not removing them even for egregious violations.
Their point is that Honest Achmed is at least as honest as some of the other CAs they’ve allowed in. This issue was closed a few times because Honest Achmed hadn’t completed an external audit. It was reopened each time by users who pointed out that audits were redundant if Achmed quickly issued a tonne of certificates and became too big to remove.
In other words, this issue is an implicit critique of browsers certificate policies.
It was written around the time one of the CAs got dropped for signing certificates they shouldn't. (I wanna say it was DigiNotar, but that was a long time ago)
I actually think that the used car salesman qualifier needed to be added to add the element of dishonesty to the character. I feel the middle-eastern name does plays into the trope of non-westerners's reliance on informal networks of kinship and reputation, but not necessarily dishonesty.
It's not like people condemning the choice of the name are unable to find the humor. We do find it. We are briefly entertained. Then we pause and ponder. Is it a good idea to use a negative stereotype in a joke? Don't we run the risk of confirming the stereotype even more?
We then find out that our answer to that question is "no". And we bring up the issue with other people.
There is no "inability to find humor" at play here.
It's called stochastic terrorism, and a society built on top of terror and racism would probably tell you it's "actually a sign of cognitive flexibility and social intelligence."
I had the same gut reaction as you. I was going to defend the joke as not being racist. Until I thought about it for a few minutes, and came to the conclusion that it's obviously racist. Whenever you have a gut reaction like that, you NEED to look deeper.
Honest Achmed has been one of my favorites for as long as its been around.
Bug 647959 – Add Honest Achmed's root certificate - https://news.ycombinator.com/item?id=2463762 - April 2011 (114 comments)
Bug 647959 – Add Honest Achmed's root certificate (2011) - https://news.ycombinator.com/item?id=10839315 - January 2016 (68 comments)
Add Honest Achmed's root certificate (2011) - https://news.ycombinator.com/item?id=35490740 - April 2023 (25 comments)
I might get into this habit too (and it's somehow funny how ~ergonomics can backfire)
Do I really care? That would imply I trusted CAs in the first place... all of them.
https://cabforum.org/working-groups/server/baseline-requirem...
Among my Arab friends with that name the spelling that omits the 'c' is more common. Another common form is Ahmad which is still pronounced the same.
The version with 'c' is one that contains a pronunciation hint for people whose native language is not Arabic (but probably English). As is the one with the 'e' vs the 'a' as last vowel.
I.e. Ahmad == Ahmed == Achmed.
What hint would that be? There's no 'c' sound in the Arabic version.
... yes, this is a joke.
( https://en.wikipedia.org/wiki/Kirpan )
It is indeed closer in terms of its place of articulation to English 'h' than either variant of the German 'ch' sound.
To my ears [ħ] sounds closer to [x] and [χ] than to [h] (even though the place of articulation is closer to [h]), but I'm sure it's different for people who (natively) speak a language with all three.
Their point is that Honest Achmed is at least as honest as some of the other CAs they’ve allowed in. This issue was closed a few times because Honest Achmed hadn’t completed an external audit. It was reopened each time by users who pointed out that audits were redundant if Achmed quickly issued a tonne of certificates and became too big to remove.
In other words, this issue is an implicit critique of browsers certificate policies.
Edit: it was Comodo https://en.m.wikipedia.org/wiki/Comodo_Cybersecurity who allowed an affiliate to grant 9 bogus certs. (Which is probably the "cousin" part of the joke)
If the joke itself is racist then a typical reaction would be to consider it less funny.
We then find out that our answer to that question is "no". And we bring up the issue with other people.
There is no "inability to find humor" at play here.
1) cognitive flexibility 2) social intelligence 3) racism ;-)
Dodgy Dick would have been funnier.
I had the same gut reaction as you. I was going to defend the joke as not being racist. Until I thought about it for a few minutes, and came to the conclusion that it's obviously racist. Whenever you have a gut reaction like that, you NEED to look deeper.