resonanttoe 2 months ago

For those looking for more context - If memory serves it was in response to https://en.wikipedia.org/wiki/Comodo_Cybersecurity#Certifica... and the various controversies around it.

Honest Achmed has been one of my favorites for as long as its been around.

  • fmajid 2 months ago

    And also Symantec, and now Entrust. All of these CAs have incredibly sloppy vetting procedures and/or control over their resellers. In many cases they didn't even check CAA records to see if they'd be authorized to issue new certs, even though it has been a requirement for years. They had one job, and failed abysmally at it, relying on their too big to fail status. You can feel the frustration of people like Adam Langley at Google over his inability to bring the banhammer to bear fast enough on those clowns.

ramon156 2 months ago

Am I the only one that understands 10% of what's going on? Obviously they won't add his CA, and there seems to be some other links to joke requests, but what am I missing?

  • nilsherzig 2 months ago

    They are poking fun at the seemingly random (and non-trustworthy) companies which are allowed to issue root CAs and how hard it is to remove them if they reach the "too big to fail" status.

  • bilong 2 months ago

    [flagged]

Dragging-Syrup 2 months ago

The best part is the website hxxps://www.honestachmed.dyndns.org/ is still up.

  • agumonkey 2 months ago

    pardon the side question, what is this trend of rewriting http in hxxp ? a reflex from platforms that don't allow sharing urls ?

    • batch12 2 months ago

      I do this to defang the url to prevent unintentional clicks or automatic previewing when working and reporting on security events. Sometimes the habit bleeds over.

      • agumonkey 2 months ago

        ha, makes total sense :)

        I might get into this habit too (and it's somehow funny how ~ergonomics can backfire)

  • cr3cr3 2 months ago

    Yeah, and http only :) It would be hilarious if it had invalid cert.

begueradj 2 months ago

Achmed, not Ahmed ...

  • virtualritz 2 months ago

    Yes as far as the title on the Mozilla page goes but: Ahmed is pronounced Achmed (if your first langues is e.g. English).

    Among my Arab friends with that name the spelling that omits the 'c' is more common. Another common form is Ahmad which is still pronounced the same.

    The version with 'c' is one that contains a pronunciation hint for people whose native language is not Arabic (but probably English). As is the one with the 'e' vs the 'a' as last vowel.

    I.e. Ahmad == Ahmed == Achmed.

    • Narishma 2 months ago

      > The version with 'c' is one that contains a pronunciation hint for people whose native language is not Arabic (but probably English).

      What hint would that be? There's no 'c' sound in the Arabic version.

      • TazeTSchnitzel 2 months ago

        “ch” like in Scottish English “loch” is closer to the “h” in “Ahmad” than the normal English “h"

        • Narishma 2 months ago

          No, it's not. It's a soft 'H' sound in Arabic, the same as in Muhammad. It's closer to the English 'H'. The Scottish 'ch' is a different letter entirely in Arabic and doesn't appear in this name.

          • foldr 2 months ago

            This sound, to be precise: https://en.wikipedia.org/wiki/Voiceless_pharyngeal_fricative

            It is indeed closer in terms of its place of articulation to English 'h' than either variant of the German 'ch' sound.

            • 998244353 2 months ago

              I suppose the point is that it's not the voiceless glottal fricative?

              To my ears [ħ] sounds closer to [x] and [χ] than to [h] (even though the place of articulation is closer to [h]), but I'm sure it's different for people who (natively) speak a language with all three.

              • foldr 2 months ago

                Yeah, I imagine it's an interesting question which of these sounds is more perceptually similar to the target sound. It may well depend to some extent on the native language(s) of the person who is listening.

lionkor 2 months ago

why trust the others and not Achmed?

  • hulitu 2 months ago

    > why trust the others and not Achmed?

    Because, "trust us". Seriously, Google, Microsoft, Cloudfare, etc. at the same level as Achmed. The only thing Achmed lacks is marketing.

  • ithkuil 2 months ago

    He's too honest

m3047 2 months ago

I'm getting warnings on an old Macbook Air that the Firefox CA certs are going to expire... except the OS is too old to update to a newer version. Oh noes!

Do I really care? That would imply I trusted CAs in the first place... all of them.

  • hulitu 2 months ago

    > Do I really care?

    Firefox will not connect to web sites when certificates are expired.

rich_sasha 2 months ago

I get the sense it's not serious, but is there any more context?

  • nindalf 2 months ago

    From the thread it seems like they’re poking fun at browser vendors adding untrustworthy CAs to their trust store and not removing them even for egregious violations.

    Their point is that Honest Achmed is at least as honest as some of the other CAs they’ve allowed in. This issue was closed a few times because Honest Achmed hadn’t completed an external audit. It was reopened each time by users who pointed out that audits were redundant if Achmed quickly issued a tonne of certificates and became too big to remove.

    In other words, this issue is an implicit critique of browsers certificate policies.

  • viraptor 2 months ago

    It was written around the time one of the CAs got dropped for signing certificates they shouldn't. (I wanna say it was DigiNotar, but that was a long time ago)

    Edit: it was Comodo https://en.m.wikipedia.org/wiki/Comodo_Cybersecurity who allowed an affiliate to grant 9 bogus certs. (Which is probably the "cousin" part of the joke)

burgerrito 2 months ago

Meta question: where do people find these kinds of funny stuff??

  • lionkor 2 months ago

    Usually sharing between friends, communities, etc.

  • cpach 2 months ago

    I’d say this one is a classic.

netsharc 2 months ago

[flagged]

  • uludag 2 months ago

    I actually think that the used car salesman qualifier needed to be added to add the element of dishonesty to the character. I feel the middle-eastern name does plays into the trope of non-westerners's reliance on informal networks of kinship and reputation, but not necessarily dishonesty.

  • savs 2 months ago

    [flagged]

    • fancyfredbot 2 months ago

      It would have been funnier if they implied the dodgy CA was racist.

      If the joke itself is racist then a typical reaction would be to consider it less funny.

      • savs 2 months ago

        The ability to find humor in taboo topics is actually a sign of cognitive flexibility and social intelligence.

        • salviati 2 months ago

          It's not like people condemning the choice of the name are unable to find the humor. We do find it. We are briefly entertained. Then we pause and ponder. Is it a good idea to use a negative stereotype in a joke? Don't we run the risk of confirming the stereotype even more?

          We then find out that our answer to that question is "no". And we bring up the issue with other people.

          There is no "inability to find humor" at play here.

        • fancyfredbot 2 months ago

          Finding humour in racism may indicate any or all of:

          1) cognitive flexibility 2) social intelligence 3) racism ;-)

          Dodgy Dick would have been funnier.

        • mouse_ 2 months ago

          It's called stochastic terrorism, and a society built on top of terror and racism would probably tell you it's "actually a sign of cognitive flexibility and social intelligence."

          I had the same gut reaction as you. I was going to defend the joke as not being racist. Until I thought about it for a few minutes, and came to the conclusion that it's obviously racist. Whenever you have a gut reaction like that, you NEED to look deeper.

        • thomassmith65 2 months ago

          The restrooms at my town's dive bar are full of scatological, sexual and racist graffiti. It must be a hot spot for local geniuses. /s