this post was submitted on 03 May 2024
855 points (97.7% liked)

Technology

60005 readers
2116 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 
  • Rabbit R1 AI box is actually an Android app in a limited $200 box, running on AOSP without Google Play.
  • Rabbit Inc. is unhappy about details of its tech stack being public, threatening action against unauthorized emulators.
  • AOSP is a logical choice for mobile hardware as it provides essential functionalities without the need for Google Play.
you are viewing a single comment's thread
view the rest of the comments
[–] 0x2d@lemmy.ml 25 points 7 months ago (3 children)

their page to link accounts to it was not a real webapp, it was a novnc page that would connect to an ubuntu vm that runs chrome with no sandboxing and basic password store under fluxbox wm

someone dumped the home directory from it

[–] cheet@infosec.pub 14 points 7 months ago (1 children)

Holy shit, that's actually hilarious, I imagine someone would have noticed when their paste/auto type password managers didn't work

For those confused, this sounds like instead of making a real website, they spin up a vm, embed a remote desktop tool into their website and have you login through chrome running on their VM, this is sooooo sketch it, its unreal anyone would use this in a public product.

Imagine if to sign into facebook from an app, you had to go to someone else's computer, login and save your credentials on their PC, would that be a good idea?

[–] brotkel@programming.dev 2 points 7 months ago (1 children)

What I don’t understand is why. This sounds like way more work than spinning up some out-of-the-box framework with oAuth or a Google login and hosting it on Lambda or Azure. What is logging in on a VM box even going to do for the device?

[–] Ramenator@lemmy.world 4 points 7 months ago

I've looked it up and it's even uglier and I can kinda understand why they did it this way Basically, for their "integrations" they aren't using any official APIs. Instead they just use the websites and automate them via the Playwright framework. So for each user they have a VM running with a Chrome browser to access the services. So now they have the problem that they need to get their users session cookies into the browser. And the easiest solution for that is having the users access their VM via VNC and just log into the automated browser.
This is such a hacky solution that I'm actually in awe of it's shittiness. That's something you throw together in an all-nighter during a Hackathon, not a production ready solution

[–] MystikIncarnate@lemmy.ca 8 points 7 months ago

Well that's horrific.

[–] Narrowband@lemmy.world 4 points 7 months ago (2 children)

I wish I knew what any of this meant…

[–] SereneHurricane@lemmy.world 4 points 7 months ago

It basically implies that they cobbled together some standard technology but they didn't even put it together very well.

It's like a solution that's held in place with chewing gum and Band-Aids.

[–] possiblylinux127@lemmy.zip 1 points 7 months ago

The "login" was actually a browser based remote access tool. You were signing in on a machine on there network running Chrome.

Someone dumped the contents of that machine.