@film_girl@mastodon.social
@film_girl@mastodon.social avatar

film_girl

@film_girl@mastodon.social

It's film_girl, but on Mastodon. I'm a Senior Developer Advocate at GitHub, a podcaster, a journalist turned developer and someone obsessed with tech, OSS, and pop culture.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

film_girl, to random
@film_girl@mastodon.social avatar

They get me https://hachyderm.io/@rmondello/112375295071568754

film_girl,
@film_girl@mastodon.social avatar

@wajdi @rmondello no

film_girl, to Rabbits
@film_girl@mastodon.social avatar

OK, this is a walkthrough of the weird VNC thing uses for connecting accounts. Again, I'm not saying there is anything necessarily wrong with doing this. I am saying there are way better ways to do this. And the clipboard button workaround is very funny.
https://mastodon.social/

film_girl,
@film_girl@mastodon.social avatar

@rcarmo fully agree. I’m def going to change my Spotify password lol

film_girl, to random
@film_girl@mastodon.social avatar

OK, so you know the so-called "source code leak" from Rabbit for the last week? It wasn't a real leak, but what it showed was different than what I was expecting. So Rabbit Hole, the way you configure your R1 -- it only works on desktops, which I thought was rather odd. And then I went to manage my connection and I figured out why. This whole thing is a fucking VNC session in the web browser served as if it is a modal login

film_girl,
@film_girl@mastodon.social avatar

So when you go to https://hole.rabbit.tech for your configuration, that i a proper web app. But look at what happens when you click on one of the connect buttons. A VNC session opens up. Notice the URL is /uber-vnc

image/png

film_girl,
@film_girl@mastodon.social avatar

The VNC doesn’t have clipboard access and can't access any of your extensions -- this is how I first discovered this (I wasn't looking at the URL at first). So logging into your account takes some effort. Look at this button here. This is what you need to use to pass a password into this VNC.

film_girl,
@film_girl@mastodon.social avatar

The whole process is also horribly slow, even though it is trying to trick the user into thinking it is just a normal modal Uber/DoorDash/Spotify login window. I'll add a video in a second

film_girl,
@film_girl@mastodon.social avatar

OK, this is a walthrough of how janky the VNC is for the https://cloud.c-mac.me/Q6HhVXRd

film_girl,
@film_girl@mastodon.social avatar

@d right -- because it is a VNC hiding as a modal/login. I don't know if they are doing web assembly or just serving pure TinyVNC but like, this is sketch as hell for sure.

film_girl,
@film_girl@mastodon.social avatar

@lorewanderer truly. And I’m not even that surprised that they are using Playwright scripts for the Uber/Door Dash stuff (Spotify’s API is robust and free so that does surprise me). But I was still a little shocked they used a VM as the auth point. I’d just assumed they’d do auth in a safer way and pass tokens on to the headless browser. But in retrospect that was asking for too much.

film_girl,
@film_girl@mastodon.social avatar

@chrismasterson exactly. I knew they were doing some of this because of the leaked code. I didn’t quite realize that included how they were doing auth.

film_girl,
@film_girl@mastodon.social avatar

@zer0 I understand that. But Spotify does have an API, and a good one. Uber has an API. DoorDash too. It’s possible the Uber/DD APIs wouldn’t do what they want to accomplish (Uber’s prob would). They still shouldn’t do auth flow this way, without making it clear the user is logging into the service on a browser running in a VM on a cloud machine. Uber and Spotify both support oAuth. No reason to login this way.

film_girl,
@film_girl@mastodon.social avatar

@Encryptic yeah they are using Playwright instead of selenium (yay TypeScript) and the stuff is hand-coded as far as I can tell. For Uber/DD, I can almost understand this choice. I cannot understand it for Spotify, who has an incredible API and a service for which the VM nature of this approach means there is delay when doing things like pause and resume. Until I see any real examples that aren’t part of their demos, I’m unconvinced the so-called LAM even exists right now.

film_girl,
@film_girl@mastodon.social avatar

@Encryptic but right now nothing is using their LAM as far as I can tell. The general queries come from perplexity, which is using GPT-4 under the hood and the app integrations are manually coded in Playwright. So the goal might be to be able to record an action and convert it to code using their LAM, but we’re not there yet.

film_girl,
@film_girl@mastodon.social avatar

@ernie at least with beeper I had some trust in the ceo but fundamentally, you’re not wrong.

waynedixon, to random
@waynedixon@mastodon.social avatar

@film_girl I thought I’d let you know that I am absolutely blaming you for the fact that I can’t get “A Bar Song (Tipsy)” by Shaboozey out of my head…

film_girl,
@film_girl@mastodon.social avatar

@waynedixon it’s such a good song!!

film_girl, to Playdate
@film_girl@mastodon.social avatar

All of the talk over the last few weeks about startups shipping unfinished hardware reminds me, and not for the first time, what a triumph the #playdate is. The whole @panic crew worked so hard to deliver something that fulfilled expectations and then some against challenges (like a global pandemic and supply chain fiasco) that would have leveled others.

film_girl,
@film_girl@mastodon.social avatar

@cabel not as many people notice as who should, but we see you and we appreciate you!

film_girl, to random
@film_girl@mastodon.social avatar

This is fantastic. If you’ve got the Rabbit apk launcher plz share with me christina at christina dot is. This is hilarious. https://www.androidauthority.com/rabbit-r1-is-an-android-app-3438805/

film_girl,
@film_girl@mastodon.social avatar

@b3ll of course it does! We’ve got limited budgets and need to design custom charging cables and wireless charging battery extenders. Or we need to pay Teenage Engineering to shit out a rejected Playdate prototype. We don’t have money for custom Linux runtimes! AOSP is the new Busybox is a thing I legit wrote a decade ago.

film_girl,
@film_girl@mastodon.social avatar

@JoeBeam @gruber oh, I’ve got one! I wanted the apk

film_girl,
@film_girl@mastodon.social avatar

@thomasapowell 100%

film_girl,
@film_girl@mastodon.social avatar

@cabel @b3ll people who don’t half-ass hardware! So it’s basically you guys and Valve (Valve counts because yes they use Linux as fhe base for SteamOS but they delivered Proton and built the entire custom UI. And before people try to claim Valve got Proton from Wine, yes. They had a base to start with. They then invested the resources to actually make Wine good in the modern era and they do patches on the weekly to fix game quirks)

film_girl,
@film_girl@mastodon.social avatar

@zjp @b3ll I’ve been enamored with it since I first played one at xoxo in 2019. I was part of the first batch of orders. I love it so much.

film_girl,
@film_girl@mastodon.social avatar

@outadoc I mean, the AI isn’t client side and I don’t expect these types of companies (read: hype driven) to take on the task of building their own OS or anything. But the fact that someone extracted or got a hold of the apk and it worked on a phone (apparently they fixed some stuff so prob not anymore) is hilarious.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • anitta
  • khanakhh
  • mdbf
  • InstantRegret
  • Durango
  • Youngstown
  • rosin
  • slotface
  • thenastyranch
  • osvaldo12
  • ngwrru68w68
  • kavyap
  • cisconetworking
  • DreamBathrooms
  • megavids
  • magazineikmin
  • cubers
  • vwfavf
  • modclub
  • everett
  • ethstaker
  • normalnudes
  • tacticalgear
  • tester
  • provamag3
  • GTA5RPClips
  • Leos
  • JUstTest
  • All magazines
    •