Rabbit R1 makes catastrophic rookie programming mistake 

first

second

Hello fireship

Jesus is the way, the truth and the life. Turn to him and repent from your sins today!

" " "artificial" "intelligence" " "

True words my dude.

Maybe that’s their schtick, it’s relatable to everyone’s relationship with their parents

They got millions of investments and people bought it so you’re wrong

What do you expect from a NFT founder who only developed the product to get on the AI hype train?

🤣 seriously

yeah, almost

Coffeezilla

Firstish to market!!!!

They were aware of one thing. With this, it is hard to just disappear, so more likely they discovered they were severely under-experienced to develop this, so they rushed a product to be "first", or likely running out of money. There is no indication they are just going to disappear

@@SioxerNikita they're ex-crypto bros, the end go is always to disappear for these types.

You just casually mentioned the first legitimate use for the R1. A constant bright orange reminder of how not to do things.

Just like every other dead product with a working display, it too shall become a retro gaming emulator.

@@John_C_J It's the circle of life.

"This critical security update permanently renders your device harmless, which is a huge step up from the dangerous liability it was before."

​@@stonecoldcarebearIt's bright orange making it way more useful as a reminder compared to a black or white laser projector that's more of a fire starter for when you can't find your lighter

The vast majority of "AI-powered" projects are, lmao

@@NatiiixLP Most "innovative startups", if not all

That's what almost all "AI" projects are tbh

Well it's UI is written in Flutter so you're a bit wrong

@@julianojosoa2145 He said it's the equivalent of throwing random node modules together, not that it's literally using node modules.

Especially r-2!

Don't read my name

@@witness1013 Wondering what it will look like

Fr

Jesus is the way, the truth and the life. Turn to him and repent from your sins today!

Basically a mp3 player

@@laptopuser5198 at least an mp3 player doesn't become a brick when some server it relies on for everything eventually shut down

MP3 player with always-on DRM type shit

With a catastrophic battery

Comparing it to a smartphone is giving it too much credit lol

🥺

What happened to his mom?

​@@theairaccumulator7144 she passed away

this is only comparable to Technoblade. The pain is real.

for a short moment i thought it was an accident until I read the rest of it

This

No it was very much intended as a "product", it was just coaded by middle schoolers apparently.

well it was designed by *Teenage* *Engineering*

Could be a ploy floated to steal data. Something trendy? All the rich kiddies have it and then...

You ain't that far off, their CTO just dropped out of college to found the company

How is it not surprising? I for one am very surprised that such bad devs could ever land any jobs, let alone a product that has been a talking point globally for months

Don't read my name

@@alibarznji2000because you can tell the device was an idea by inexperienced developers. every facet of their implementation has proven to either be naive or extremely basic. These are the same people that make an API call to tell the time during their LLM job when it has a clock on-device instead of just passing it in from device. These people didn’t know what they were doing and were in over their heads.

@@driedpotatoes fair enough, but my point still stands. How could these people get the funding for a project? The world is a weird place

Shitehole ✅

Kola superdeep borehole ✅

Don't read my name

@@1.4142 ✅️

rabbithole loophole

Engineers??? This can only be the work of an outsourced overseas code mill.

Being able to get the job != being good at the job.

“We’re gonna hardcode it so it works and then change that later…. What do you mean it’s been shipped?”

@@magicmulder There's nothing as permanent as a temporary solution!

I feel like I'm missing something here. The API key was hardcoded in a source file leaked by an insider. What is the actual solution to keep the API key safe?

This applies to 99.99958% of all tech start-ups. It does not matter if its fintech, or some artists that released a sick 3d render of some revolutionary new transport,energy,etc.-system that will totally change the world. You know, like fontus, solar roadways, hpyerloop and derivates, etc. And idiots who believe that a 3d render is the same thing as a working prototype are investing in these scams. Sadly even governments are burning public money on these scams.

Including OpenAI

​@@mwwhited Nope

They're used because it works. The name of the game in tech/engineering now is to hype something to the heavens, sell it off to some sucker and now it's their problem, walk away with millions. I sincerely doubt the CEO legitimately believes in his product.

Correct 👍👍👍👍

INTERNET OF THINGS (read: devices with SIM cards or wifi connections sending TCP/UDP data to receivers which is just an open Socket) THE CLOOOOUDDDDD (read: somebody else's computer except we're hiring a bunch of services that all do 1 thing rather than a monolithic server where all services compete against each other for CPU/RAM) ARTIFICIAL INTELLIGENCE (read: probability machines that just do guesswork based on input and a dataset (model) to work out of as baseline) BLOCKCHAIN (read: things you don't need)

to be fair, i don’t think anyone would consider rabbit to be “complex” or “professional”, they’ve shown themselves to be quite literally the opposite from day 1, the CEO is literally beefing with a 13 year old online, so that’s very telling lol

​@@sapphicgaze wait what?? wtf

​@@tristan5299can confirm, I was the 13 year old kid

A mistake worse than hard coding API keys

a hole's a hole, right? 😂

@@alexnoman1498 Tell that to your missus

The super deep borehole was capped decades ago, and a picture of a nondescript well cap in a nondescript warehouse doesn't have as much visual impact in a video as an big open pit, does it?

This guy's a hole expert

Classic blunder

bfg jar it

Everybody gets one.

This 👆

but that is exactly the point, they hardcoded the company's api keys

Those API KEYS should give you access to an intermediate server, but somewhere down the line there should be a way to display a numerical keypad so you can type/configure a PIN code

I might be missing something here but from what I know you can't get an Android app's code with just the .apk. I don't know how you could get the API key if the app was built with it in the codebase. Also while it's absolutely not a good idea to have any API key in a codebase, again from what I know, leaking any codebase is as bad as leaking the API key (and let me go off road here a bit, github is pretty secure so the only way to access the code base would be either a compromised account or some fed up ex-employee). But it's tomato tomato at that point (as in leaking codebase vs codebase plus API key). And I am not sure about this AWS secrets manager thing but ultimately it will be linked to a single account and if that account is compromised, so is the API key. Although one thing does change by not hardcoding the API key. For rotation you would need to fetch a new API key from the backend server. That's a real reason why not to hardcode it because otherwise you will need to rely on user side app updates to fetch a new version of the app for the new API key.

@@SahilP2648 APKs are just a ZIP files that contains an app's resources in a tree. This includes the app's native code. In almost all cases API keys are stored as strings in the binary. In case it is not obfuscated, you can easily extract them via. the `strings` program. But regardless of obfuscation, these things can still be reverse engineered, either through manual process, or using a debugger and a bit of time. It's impossible to protect anything you deliver to users. This is why you should not store API keys in client-code. Rotating keys would require users to update, and you're leaking this information to anybody who's curious enough. The point of AWS Secrets Manager is that it's protected through isolation and permission. Keys are stored separately from the application code, and should only be extracted from services that have specific roles to access, which should only be persisted for a short amount of time. Of course any compromise could make it possible to obtain those secrets through those services. In those cases, the isolation makes it easier to prevent further attack by deny access to those compromised services, simply by removing their roles and re-rolling the API keys-but it does not prevent the attack from already compromising data if that data is stored together with the service without any protection. There's always tradeoffs between security and convenience.

Bro what are you guys talking about? The video is so confusing! I just want to know if I should buy this gadget or not...

​@@Alfred-Neuman no u don't need it

the guy in the reply above is missing his cortex

learning taking place 🎉

Yeah but you're not selling thousands of hardware products with an accompanying backend service

I am that, run my own AIs on my local ADA server and know quite well how to program. What you don't understand is the way products get financed. You really think investors look into the codebase? The idea of stand alone AI devices is not bad if well done. The business case could work and when presented it will be shown in the best possible way. You can't know how bad it will be in the end. Rabbit and AI pin could work if they wouldn't rely solely on external APIs. That's what makes them so bad. It's the same with all those stupid OpenAI "apps" flying around on IG nowadays. It's like a virus, AI with a lazy implementation just produces garbage. But even that doesn't matter as long as the money flows. It's not about good code, AI or quality. It's about money.

what is the standard industry way to consolidate/secure all your API keys then? I'd like to know.

@@lightlysalcommenting for follow up notifications

That secret manager is sufficient. The outlined scenario here assumes that the server is compromised, which is something you'd want to prevent in the first place since it's over once they can execute commands on your server. There's a lot of things that can be leveraged, like using a VPC and working only within that network or just running your app on a rootless Docker container. When using an API key from the secret manager, make sure to never log it. Is it 100% safe? Of course not, they're always gonna find a way. But you can make it really, really difficult, and at the very least, not blatantly available.

@@lightlysal When you manage your own instance, usually the relevant packages came with sane defaults (e.g http and db servers usually run under their respective user and groups). You can either NOT consolidate secrets but only provide them on need-to-know basis for each users (which is the traditional way), or use secret manager like vault and pass-along auth (either from app level or OS level) as the identity.

It reduces the risk though. I'm not familiar with AWS, but in general, once your secrets are automatically managed (meaning they're automatically rotated), you can make the validity duration far shorter, use separate keys for readonly access vs read-write, lock down how the key can be used, etc. A leaked key shouldn't be valid long. You could also do something like have a separate super secure server that proxies requests and injects the API key. Your app servers would make requests without the API key, then the proxy server would add the key. Grant very few people access to the proxy server.

The touch screen self-order menus at Taco Bell are an android app and I think their success is warranted

Rabbit is temporary, but dumbifying devices for no good reason is eternal.

@@alexturnbackthearmy1907 the plastic used for this junk is eternal

Ya let's all simp for the guy who outted anti Taliban and anti CCP activists and withheld leaks on Putin and the GOP 🤡

Nope. Not into glorifying foreign espionage

You have one already you're using it

No device at all is a better Rabbit

this, ikr?

Yes, you're Correct 👍👍

stay hard

stay hard

Thank you spam bot.

Same way Theranos got it's funding: "Investors betting their money and other people's money on the project".

Thanks, it makes sense now… Same old story every day 😮‍💨

AI hype and the fact that investors are easy to scam (and that's a good thing)

If you need it in the form of a video essay, go to Coffezilla's first video on it.

the AI hype bubble

In development mode, you put your keys in a .env file that you can load with any dotenv library. In production, your host environment would have a place for you to put your keys. Don't ever put keys in your client, i.e. web pages, mobile apps, etc.

Why does the hardware need to be good anyway? It's job is literally to record audio and send it to a aerver then receive a response and play it back. Don't even need android for that. A microcontroller could do it but it too but it would be way harder to maintain.

​​@@theairaccumulator7144then why you need it when way better hardware is available

lmao the same as "apple intelligence" honestly. basically disguised chatgpt, sadly Americans are 2 dum*b to notice it.

crazy to see how something is hyped when designed by reputable company (teenage engineering) while just being a slightly more complex wrapper. Meh

ywnbaw

...

ERROOOOOOOOOR

​@@DsiakMondalacry

100GB is a lot for essencally single app device that doesnt even need a lot of storage. Not to mention that only med-high end phones have that much, low end is still 128gb.

They destroyed themselves.

Are you perhaps stupid? They caused this themselves and would be absolutely clowned on even if some youtuber didnt make a video about them

💯​@@tablomaxos2965

Before MKBHD video they was destroyed

Shitty product destroyed them stop being a simp for apple shills

No you wont.

He will tho

Gave you a dislike to help you out

Trusted module, like crypto wallets use. They never expose the actual key.