[conspire] Fraudulent SSL certs for *.google.com from DigiNotar

Edward Cherlin echerlin at gmail.com
Sun Sep 4 01:15:02 PDT 2011

On Fri, Sep 2, 2011 at 02:30, Rick Moen <rick at linuxmafia.com> wrote:
> Quoting Edward Cherlin (echerlin at gmail.com):
>> How many people do you know who can correctly manage their own server
>> at home with their own DNS?
> Pretty much all of them can manage their own servers at home, and it's
> entirely irrelevant whether they can manage their own DNS.
> I say that because I very clearly remember putting up a Web server and
> SMTP host around 1994 and having not a clue what I was doing.  So, I
> consulted a couple of LDP docs and O'Reilly books, played with the
> software, and learned by doing.  I had no aptitude for that:

LOL. There is a great deal of difference between "no experience" and
"no aptitude". If you don't know what the difference is, that suggests
that there are important areas in which you have neither experience
nor aptitude.

> I was a
> _staff accountant_.

Well, then, I conclude that you greatly underestimate the gap between
a _staff accountant_ who is comfortable diving into a technical area
with no background, and the average techno-peasant.

> I have no idea why you're asking that question

I can tell. But I'm too tired to explain tonight to someone who
obviously knows everything there is to know about everything that
matters, and has no time for anybody who has time for anybody who

> -- let alone the
> red herring about running one's own DNS

You brought it up, not I.

> -- because they're almost
> completely irrelevant to the antecedent discussion.
> 'Almost' because I did imply that it's useful towards being comfortable
> with Internet security to have local DNS.  I'm betting, however, that
> you with your outsourcing of your main Internet presence to Google, Inc.
> (GMail) have no idea what I mean by that. So, I'll explain.

See also



> On either Linux/BSD, or Macintosh OS X, or MS-Windows, pull down the
> 'Unbound' recursive-only DNS nameserver, precompiled and ready to run.
> Start it.  Point your local resolver file (/etc/resolv.conf, on Linux)
> at the IP where Unbound is running.  Done.  There is nothing to adjust.
> There is nothing to administer.  It runs itself.

Yes, we have that on our home server, along with Apache, BackupPC, and
a few other things.

> This is not _authoritative_ DNS, where you own and operate your own
> domain (or publish authoritative DNS for a friend's domain).  Until
> around 1997, I never bothered with that.  Not being anyone's fool, I got
> a friend to do it for me.

I believe that that is the point I was making.

> 'hugin.imat.com' in Richard Couture's
> imat.com domain still points to my server, to this day.  All services on
> my machine are reachable that way, e.g., 'rick at hugin.imat.com' still
> reaches me.   The technical expertise required to do that?  I asked
> Richard.

Just so.

> But you're really a technopeasant, aren't you?  It's all just
> unthinkably difficult and arduous, even though it isn't, Mr. GMail?

No, it isn't for you or me, Mr. High-and-Mighty. But you have no idea
what I am talking about, so I forgive you for your arrogance and

>> So we agree about keeping sufficiently sensitive data off the Net
>> entirely. You are confident in your ability to protect less sensitive
>> data on your own server, and you are very likely correct. I would not
>> recommend that the less skilled try it. Would you?
> See 'staff accountant', above.  Do the math.

I'm a 'mathematician' and 'Computer Scientist'. Don't patronize me,
Little Lordling of your tiny domain. It is you who has failed to do
the math, as you openly admit several times in this rant, evidently
without ever noticing.

> I would recommend that anyone interested try it, keep good backups, and
> see if he/she gets the hang of it over a couple of years.  It's not
> fscking brain surgery, Mr. GMail.

Oh, years is it now, Mr. Staff Accountant Man? I rest my case.

> The rest of that-all is not a discussion.  It reads like just another
> time-wasting hand-waving speech and a general waste of time.

"Everything is either trivial or false."--Mathematician's proverb

Which are you?

Oh, BTW, No, you can't carve it as a Buddha.

Edward Mokurai (默雷/धर्ममेघशब्दगर्ज/دھرممیگھشبدگر ج) Cherlin
Silent Thunder is my name, and Children are my nation.
The Cosmos is my dwelling place, the Truth my destination.

More information about the conspire mailing list