It's not attempting to "read" anything, nor is it the least bit suspicious or malicious.

Your browser was asked if it would like to present a certificate to authenticate, and you were prompted to choose one if you please. You can also hit cancel as client auth can be optional and the server will either serve you the page or a 401/403.

It's like being asked to show ID to enter a pub, you can either show one or decline, and they may or may not let you enter based on that transaction.

Another thing to consider is Honda may have signed these packages with a wink and a nudge, because it may be required, regulatory or Android or otherwise, but they're also not interested in building closed devices. Instead of thanking them we're complaining.

Comments URL: https://news.ycombinator.com/item?id=48524434

Points: 76

# Comments: 28

It's also a good assumption most people airing such complaints have never eaten in a restaurant fancy enough to have valet parking, let alone evil valets.

That said, are evil valets known to tote around USB drives, or would they more likely use your navigation system to drive back to your empty house and clean it out while you're eating?

ReactOS isn't the one that just had one of its package repos owned (again).

* Supposedly 2007 but that does not sound right for embedded customers unless Intel built a lifetime supply.

What does the 'R' in AUR stand for? Rutabaga?

It's an uncontrolled free-for-all disguised as a watering hole. If they can't do the most basic of housekeeping it should not exist full stop.

You want me to believe all the various BIOS manufacturers are going to competently manage a WebPKI root certificate program?

Do you think lobbying did not exist prior to two years ago?

Today it's an industry driven by unscrupulous clout-chasers and a commitment to quantity over quality.

There is a difference between going through patches and pull requests vs. the endless stream of LLM-assisted bullshit that has started cluttering security inboxes in the last few years.

https://www.youtube.com/watch?v=DAuG7_acmdA

Ok but who is going to sift through it all to triage the good bits when you're working on something for free?

> Ffmpeg devs are free not to care, but then they cant complain when they start to get a bad reputation

Who gives a shit about reputation when you're the only game in town?

There is nothing out there that even attempts to approximate an ffmpeg clone. They are the Swiss army knife of media encoding and all complainers have produced are plastic sporks.

ffmpeg is Free Software. You are also free not to use it.

Oddly enough, despite all these endless grievances, no one has come up with a better or more capable tool, certainly not one that is freely available.

Evidently no one cares either, because most implementations of ffmpeg I've seen typically run it as root "because we have to". Don't worry we use Docker bro.

You guys are out here protecting against ghosts but at the same time making the really important stuff 10x harder and more vulnerable to bugs.