Rabbit failed to properly reset keys: emails can be sent from rabbit.tech domain

I have one of these in my bag right now, never turned on though. I understand it's some custom Android hardware and synthesizes a bunch of API-based NN service providers, and doesn't do anything on device, but I'm not too mad at that -- for this price point this year, it was always only going to be something like that. I am interested in the ongoing form factor experimentation happening, and want to encourage startups to think differently about form factors, so I'm happy to buy stuff that doesn't quite hit the mark, as long as it's got an interesting idea.

Anyway, I'm looking forward to giving it a try, and I'll almost certainly never use it once I've kind of pawed through it and seen what seems good and what seems bad. Similar for that humane pin which I think I paid for but never even received.

If you read a lot of sci-fi, authors have put an immense amount of time into thinking about what UI looks like as we have supercompute/AI access more broadly, and I think it's clear that a phone isn't the final state for these interactions. What's less clear to me is what sort of compelling mid-way points there are between what we have now and ubiquitous environment-aware AGI (e.g. Minds from Iain Banks). It's one reason I thought humane's projector was really interesting; we do a lot of visual interaction in daily life, so an audio-only earbud isn't likely to be the be-all/end-all.

Anyway, hardware startup guys, please make more of these, and figure out what's going to be compelling when we've scaled up bandwidth, scaled down latency and scaled up local compute. I'm looking forward to buying it.

Never heard of this. So I went to the website to find out what it is. "Your pocket companion" the top of the website reads. Ok, don't know what that means. Scroll down "push to talk button", "conversational interface", and some other hardware features. Still no idea what it's for. They have a keynote video. I press play. It starts with them showing a bunch of press coverage and social media. Still no description of what it is. Not even a demo of what it does. I got several minutes into the video and it's all acting like I already know what it is. I've completely lost interest. Mystifyingly bad marketing.

Sad thing is people support and enrich shitty conmen like this but hate to pay an opensource dev/tool/lib.

Recent and related:

Rabbit data breach: all r1 responses ever given can be downloaded - https://news.ycombinator.com/item?id=40792684 - June 2024 (32 comments)

Article title downplays the important part (can read other users emails)

I had bought one but after the hackernews articles, I vowed to not open the box and send it back. I was prompted refunded and I'm glad I followed through.

My R1 is quite terrible, queries only work about half the time. When it does work it has limited information/functionality. Keeping it to hack on the hardware though, it's pretty spiffy.

Once it came to light that the Rabbit founders last venture was a blatant rug-pull Web3/NFT project it was only a matter of time before this project fell apart as well.

https://www.xda-developers.com/rabbit-nft-company-past/

The claims they made about the R1s capabilities even echoed claims they had previously made about their defunct GAMA "Quantum Engine" Web3 buzzword soup.

> Later, in August 2023, the "Quantum Engine" became OS2, a personalized operating system that could do things for you like order groceries.

The 404 Media article linked on the page:

https://archive.is/QdTbK

I really can't believe anyone bought one of these devices. It looked terrible right out of the gate.

Here is Coffeezilla's take on the product https://www.youtube.com/watch?v=zLvFc_24vSM

This article [0] says they should have used secrets management, since they are using Kubernetes anyway, so this seems to be about their server, not the embedded or Android code.

Doesn't accessing the hard coded api keys imply to intrude the server in the first place?

[0] https://www.404media.co/researchers-prove-rabbit-ai-breach-b...

Bit confused on how this group got access to the rabbit codebase, as this sounds closer to backend code and not jadx'ing the APK.

Are there any details on that?

This level of incompetence is quite amazing to see.

I feel bad for teenage engineering. I'm a fan of their gear and its design, including the R1's physical design. It's a shame that it didn't have utility and turned into such a hot mess.

Maybe they can add some MIDI ports and make some sort of funky pocket instrument.

What an absolute dumpster fire Rabbit has been.

I knew they were overhyping things with their pre-launch promises, but the reality of their engineering was much worse than I could have ever imagined.

Tbh I got exactly what I expected when buying the R1, build quality is actually even better than expected.

Jesse Lyu's story just smells off. He was into crypto, then moved to AI. He seems like a grifter hopping on the hottest trend. I'm looking at you, C3.ai's Tom Siebel.

Is this verified? 404 Media wrote that they got an email from the researcher impersonating Rabbit[0], but the unpaywalled part of that doesn't explicitly say that they verified the headers. I could spoof an email from president@whitehouse.gov to an email server that doesn't strictly enforce SPF etc., but that's a lot different than sending an email out via the actual whitehouse.gov mailserver.

Given the other claims, I don't doubt that researchers can do this. I just haven't yet seen a strong verification of this claim.

[0]https://www.404media.co/researchers-prove-rabbit-ai-breach-b...

me to rabbit: "why don't you just give up?"