Comment on Rabbit R1 AI box revealed to just be an Android app
cheet@infosec.pub 1 month agoHoly shit, that’s actually hilarious, I imagine someone would have noticed when their paste/auto type password managers didn’t work
For those confused, this sounds like instead of making a real website, they spin up a vm, embed a remote desktop tool into their website and have you login through chrome running on their VM, this is sooooo sketch it, its unreal anyone would use this in a public product.
Imagine if to sign into facebook from an app, you had to go to someone else’s computer, login and save your credentials on their PC, would that be a good idea?
brotkel@programming.dev 1 month ago
What I don’t understand is why. This sounds like way more work than spinning up some out-of-the-box framework with oAuth or a Google login and hosting it on Lambda or Azure. What is logging in on a VM box even going to do for the device?
Ramenator@lemmy.world 1 month ago
I’ve looked it up and it’s even uglier and I can kinda understand why they did it this way Basically, for their “integrations” they aren’t using any official APIs. Instead they just use the websites and automate them via the Playwright framework. So for each user they have a VM running with a Chrome browser to access the services. So now they have the problem that they need to get their users session cookies into the browser. And the easiest solution for that is having the users access their VM via VNC and just log into the automated browser.
This is such a hacky solution that I’m actually in awe of it’s shittiness. That’s something you throw together in an all-nighter during a Hackathon, not a production ready solution