
Bug 647959 – Add Honest Achmed's root certificate (2011) - Moral_
https://bugzilla.mozilla.org/show_bug.cgi?id=647959
======
viraptor
I'm really disappointed that www.honestachmed.dyndns.org/cert.der didn't work
:(

~~~
SchizoDuckie
That means it's up for grabs, although dyndns.org now asks $40 A YEAR?!?!?!

~~~
voltagex_
I am still looking for an _easily configurable_ self-hosted dynamic DNS
solution. Signed updates to BIND9 are tricky. I really just want to delegate
*.d.voltagex.org for when I have to move to an ISP that doesn't offer static
v4/v6 IPs.

~~~
Yetanfou
Some registrars offer an API to their own (free) DNS service which makes it
possible to update records automagically. An example of such is Gandi
([https://gandi.net](https://gandi.net)), which also happens to be the one you
use (according to whois). This way you're free to do any sort of DNS trickery,
including simple dynamic updates through a cron job on the router. Given that
you already have a domain with them and use the Gandi name servers it should
be easy to set up something to do just what you want. You'll need to get an
API key first, for more info check
[http://www.gandi.net/domain/api](http://www.gandi.net/domain/api)

~~~
majewsky
I use Gandi, too, for the same purpose. A bonus is that the corporate proxy at
work (which blocks DynDNS domains for reasons that are beyond me) does not
mind me accessing my personal server.

GitHub has a script for DynDNS using the Gandi API:
[https://github.com/jasontbradshaw/gandi-
dyndns](https://github.com/jasontbradshaw/gandi-dyndns)

------
reedloden
Just use Let's Encrypt. :)

Signed, The guy who marked that bug report invalid.

~~~
kuschku
That is not a solution for everyone, as they offer no wildcart certificates
yet. Also no EV auth.

At the current moment, it is questionable why some CAs – TURKTRUST comes to
mind – are considered trustworthy, when they are barely more trustworthy than
your random street dealer.

~~~
mikeash
Are wildcard certs still necessary if you can get a cert issued automatically
with no delay?

~~~
ytjohn
Probably not for most use cases, but definitely if you have a dynamic host-
based addressing scheme. In fact, my company uses a wildcard for an S3
compatible object storage service we've built in house.

A wildcard cert for example.com covers any <bucketname>.example.com our users
create. Going round trip on requesting and issuing certs for each bucket would
add significant delays.

~~~
mikeash
Makes sense. I can't quite figure out Let's Encrypt's (what an odd
construction) policy on ultimately supporting wildcard certificates, but it
sounds like they're generally opposed but not completely decided. Maybe
they'll end up supporting it eventually.

------
AdamGibbins
Previous post:
[https://news.ycombinator.com/item?id=2463762](https://news.ycombinator.com/item?id=2463762)

------
sparky_
Is there some context to this? I am assuming it's a parody of some then-
current controversy?

Edit: Appears to be a parody of Comodo issuing rogue certs. More -
[http://www.scmagazine.com/experts-weigh-in-on-comodo-ssl-
cer...](http://www.scmagazine.com/experts-weigh-in-on-comodo-ssl-certificate-
fraud/article/199109/)

------
jheriko
i'm usually quite thick skinned about these things... and maybe I am reading
too much into it, but using a stereotypically racist American/English
misspelling of an arab name to convey some amount of untrustworthyness?

(the same could be said about used car salesmen... but i am not one of those)

this rubs me up a bit wrong... as humorous as the intent is.

~~~
nikolay
Why are you guys so sensitive? It makes you weaker, not superior. People say
all kinds of things to manipulate others, make them vulnerable, etc., and if
one's going to waste their few moments granted on this planet dealing with
non-issues like this - it's just a poor strategy. And, by the way, you're
insensitive toward people who are even less sensitive.

Edit: I have kids, they get home crying, because people call them this or
that. So, it's time to grow up.

~~~
jheriko
I only mentioned it because I normally don't give a crap about these kinds of
things. I am genuinely surprised that I am even slightly offended by this...
its not a rational choice.

p.s. I am doing this as I wind down after a long day of productive work. I
wouldn't assume that anyone browsing HN places particular value on the
discussion here beyond its own intrinsic value... its certainly not wasting my
precious few moments.

(pps. i did not downvote, but upvoted, because conflicting and honest opinions
are vital to healthy discussion, and yours is perfectly valid imo).

~~~
51109
> I am genuinely surprised that I am even slightly offended by this... its not
> a rational choice.

Racism is not rational. You feeling offended could have more to do with your
own prejudice being exposed (the joke worked) than feeling sorry for the arabs
that may have been offended by this (there is, as of yet, no sign pointing to
that).

Humor uses stereotypes. That's why the owner of the Kwik-E-Mart is an Indian
illegal immigrant named Apu Nahasapeemapetilon. If such humor makes one
uncomfortable, do you really think that is out of empathy for the Indians? I
think it is more likely that one has a thin skin or does not want to see their
own stereotypes confirmed.

Also the context is important here (see the Comodo Hacker). The choice for a
foreign name and an untrustworthy-sounding business name was not willy-nilly.
Finally: Have a hacker tip of the day
[https://www.youtube.com/watch?v=bAQqrnX7BsM](https://www.youtube.com/watch?v=bAQqrnX7BsM)

~~~
jheriko
just to clear up. i am actually an arab.

i think apu's name is a joke on the exceptionally long names of sri lankans...
and yes, it is casually racist - or at least pokes fun at a nationality if not
a race (whatever the case, its not a good joke imo).

+1 for video.

~~~
brighteyes
No, Apu's name is not "casual racism".

First of all, it's not casual. It's not an offhand, unintended remark that
nonetheless reveals a hidden negative bias. Apu's name was very _deliberately_
\- the opposite of casually - chosen by the show creators.

Second of all, it's not racist. The name, by itself, imports nothing negative
about Apu. It does not say Apu is inferior, nor does it show an intention of
harm against Apu.

What does the name do? It shows an interesting human difference, that in some
cultures, it is common to have much longer names than in others. The name
points that out, and to most viewers that is amusing because they aren't used
to such names. Their culture's average name length is far shorter.

But there is nothing positive nor negative about having a shorter or a longer
name. Apu's name isn't making a negative statement about Apu - _unless_ you
have a bias against long names / south Asian names. If you do, then Apu is
just directing your attention to your _own_ bias.

~~~
jheriko
this is a good point. thanks for taking the time to try and educate me :)

------
vmorgulis
Tor author approves:

[https://bugzilla.mozilla.org/show_bug.cgi?id=647959#c4](https://bugzilla.mozilla.org/show_bug.cgi?id=647959#c4)

