Christina WarrenOK, so you know the so-called "source code leak" from Rabbit for the #r1 last week? It wasn't a real leak, but what it showed was different than what I was expecting. So Rabbit Hole, the way you configure your R1 -- it only works on desktops, which I thought was rather odd. And then I went to manage my connection and I figured out why. This whole thing is a fucking VNC session in the web browser served as if it is a modal login
So when you go to https://hole.rabbit.tech for your configuration, that i a proper web app. But look at what happens when you click on one of the connect buttons. A VNC session opens up. Notice the URL is /uber-vnc
The VNC doesn’t have clipboard access and can't access any of your extensions -- this is how I first discovered this (I wasn't looking at the URL at first). So logging into your account takes some effort. Look at this button here. This is what you need to use to pass a password into this VNC.
The whole process is also horribly slow, even though it is trying to trick the user into thinking it is just a normal modal Uber/DoorDash/Spotify login window. I'll add a video in a second
OK, this is a walthrough of how janky the VNC is for the #rabbit #r1 https://cloud.c-mac.me/Q6HhVXRd
Video uploaded to CleanShot Cloud
Mike Beasley@film_girl i hollered
Kazi@film_girl using the API would not work for apps that don't have an API. Rabbit wants to work with any webapp a human can click and type into
@zer0 I understand that. But Spotify does have an API, and a good one. Uber has an API. DoorDash too. It’s possible the Uber/DD APIs wouldn’t do what they want to accomplish (Uber’s prob would). They still shouldn’t do auth flow this way, without making it clear the user is logging into the service on a browser running in a VM on a cloud machine. Uber and Spotify both support oAuth. No reason to login this way.
@film_girl True that
Chris Theberge@film_girl this must be part of their whole workaround for not having to use APIs and use their large action models. It’s basically something like selenium and they literally have a VM that your session is running on persistently somewhere. This is a wild design choice because I bet it is incredibly expensive infrastructure.
@Encryptic yeah they are using Playwright instead of selenium (yay TypeScript) and the stuff is hand-coded as far as I can tell. For Uber/DD, I can almost understand this choice. I cannot understand it for Spotify, who has an incredible API and a service for which the VM nature of this approach means there is delay when doing things like pause and resume. Until I see any real examples that aren’t part of their demos, I’m unconvinced the so-called LAM even exists right now.
@Encryptic but right now nothing is using their LAM as far as I can tell. The general queries come from perplexity, which is using GPT-4 under the hood and the app integrations are manually coded in Playwright. So the goal might be to be able to record an action and convert it to code using their LAM, but we’re not there yet.
Chris Masterson@film_girl What the…
@chrismasterson exactly. I knew they were doing some of this because of the leaked code. I didn’t quite realize that included how they were doing auth.
Niléane
Ken Kinder 
@film_girl Wait wait what. Is this a VNC connection to a cloud device somewhere or the r1 itself? Does Spotify show where you logged in from?
‼️ zei@film_girl just casually type your password for other services into a (virtual) cloud computer Rabbit controls… yeah… not so sure about that being a good idea.
Adam Bell 
@film_girl oh my god
This is so janky
Jonathan Flusser@film_girl MKBHD kinda glossed over this when he talked about it last week on his podcast, so thank you for the video!!
sam henri gold@film_girl oh my god???