I initially shared your assumption; especially since 'cute/expressive avatar' is the aspect of 'robot' where a suitably rigged 3d model in the engine of your choice can get most of the effect(and a great deal more versatility) for essentially nothing; while environmental traversal or manipulation and sensing are where 'actual physical robot' start to get much more interesting; but unless they are very carefully hiding that desirable feature it seems like a no.

It seems especially tepid if you compare it to something like the "Loona V28 Robot Pet Dog ChatGPT-4o Smart AI-Powered Companion" that costs $50 less than the freestanding variant of the 'Reachy Mini'; but is dragged down by being a proprietary blackbox hobbled by no doubt dodgy firmware on a mystery SoC and a near-certainly alarming (lack of) privacy policy in terms of whatever hastily implemented chatGPT integration is powering it.

There's a thing that also isn't exactly going to terrify Boston Dynamics or change the face of the 5th industrial revolution; but it's both enough 'robot' to justify not just being a 3d character onscreen using your webcam; and something where an explicitly tinkerer-friendly version would likely be a lot more engaging. I'd be surprised if the designer of that one did much overt hardening; a proper job of that is expensive; but unless the user is in it for the reverse engineering just using some mystery ICs or glob-tops, an LCD that speaks somewhat oddball SPI; and generally not labelling headers or leaving debug consoles open can making modifications a real hassle without explicit anti-tamper efforts.

It would sound like an Alexa on wheels; but it doesn't actually have any wheels. It's basically a webcam with mic, speaker, and the ability to wiggle its 'head' for effect.

This is the 'disruption' that is supposed to be shaking a billion-dollar industry? 'taking on Tesla and Boston Dynamics with radical transparency(except on the order page, because why would you want to know about the camera resolution or battery capacity?)'; and apparently not much else; but hey, only $300 for the hardwired version.

Truly, actually being able to traverse or manipulate your environment is for legacy losers. Wiggling your head is the transcendent future of robotics!

Luckily the new standard's fretting about "authenticating agents" and "ensuring that only authorized agents can participate in workflows" should allow doing cryptographically what historically was handled by mere obfuscation; so that you can call it a security feature rather than having it recognized as hostile UI design.

I assume that, sooner or later, someone will propose 'agent attestation', if only as an excuse to stop working on the "our agent is dangerously unreliable" problem because that's hard, potentially intractable; while "it's dangerously unreliable; but we can cryptographically demonstrate that it's running on our hardware root of trust" is fairly pedestrian 'trusted computing' stuff at this point.

Then we can talk up 'interoperable', 'standardized', 'glorious collaboration across disparate platforms!' without the risk that our bot infrastructure might enable downright vulgar use cases like scrapers obtaining transparent price signals.

"Once they gather more insight into what factors make games and decision-making scenarios more challenging for people, Zhu and his colleagues hope to start devising new behavioral science interventions aimed at prompting people to make more rational decisions."

The guys who do mobile game monetization are laughing into ~$125 billion/year at the idea of someone attempting to study how games make people act irrationally in order to do something other than encourage them. And that's not counting the overt gambling and day trader facilitating operations.

I'm glad to hear that one of AI's "most pressing challenges" is concluding that you should use TLS on the wire and having a standardized JSON object in which to declare your proprietary extensions; rather than the ongoing inability to make LLMs distinguish between commands and data even vaguely reliably; or the persistent weakness to adversarial inputs.

It's not wrong that you'd want to use the sensible obvious choices and avoid pointless vendor quirks; but talking about 'A2A' as a contribution to solving agentic AI's most pressing challenges seems about as hyperbolic as describing ELF or PE32+ as being notable contributions to software security and quality. Yeah, it would be worse if we were also squabbling over how to format our executables; but oh boy is that the unbelievably trivial bit by comparison.

I'd be curious how often a support session would be sensitive enough to make having it move a problem.

It's easy to see how(especially if people are willing to pay for onshore or onshore-adjacent support anyway) it would be vastly easier to just have the data stay there rather than try to red team every random log upload to see if there's a snippet of GDPR or somethin in it; but my impression was that people already shied away from doing things like uploading live auth tokens when they could avoid it; so I'd be curious how often the support session is truly of urgent interest. Doesn't necessarily need to be; if somebody wants to be sure and the additional cost is marginal; but I envy the security problems of someone locked down tight enough that compromising their vendor and scraping their support logs is the way in.

LLMs seem like a fairly appropriate pick if hallucinations are the point of the exercise.

You can still get Nickel-iron batteries today for applications that suit them. You might find the energy density of under .1 MJ/kg to be a little bit of a downer vs. more like .3 for nickel metal hydride; or .7 for lithium chemistries.

The sheer magnitude of the difference in patent numbers makes me wonder about what the difference in culture or regulatory environment about patent filing are.

Especially if you are talking companies in similar contexts, or same company today vs. 5 years ago vs. 10 years ago, or talking broad orders of magnitude, number of patents is presumably a better than useless metric; but "The two biggest companies have 7 patents" looks a lot more like someone doesn't even care to have a patent attorney throwing shit at the wall to see what sticks. Especially if you don't actually move to try to enforce them standards for examination are not just desperately high; and there's absolutely no requirement that whatever you are applying for a patent on is an improvement over existing methods; just that it's novel. The intern's vaguely cute idea that is 20 years behind the state of the industry won't be relevant; but it might still be patentable.

None of this is to say that I have reason to believe that they aren't considerably behind on tech; but '7' is just so low it suggests you aren't even bothering. That's the sort of thing where individual products that have no innovations worth mentioning probably have more 'apparatus and method for doing some obvious nonsense; but on a battery charge controller' patents than two entire battery companies have.

Why ask whether china is eroding the lead; rather than whether the incumbents are maintaining it?

Maybe my faith is weak and if I were huffing the dumb money I'd understand; but it looks awfully like our boisterous little hypebeasts promised that, this time, unlike all the other times in 'AI' we could totally brute force our way to the AGI Omnissiah; briefly tried copium in the form of hoping that competitors would be intimidated by their capex(because there's basically a generation of VCs who think that failure to reach monopoly is indistinguishable from losing); and finally proceeded to speedrun commodification because it turns out that nobody actually had any plan for what would happen if this alley started looking visually impaired even after we plundered the entire internet to feed it.

I realize that it's more fun to focus on what the sinister chinese are doing than what our glorious golden boys are not doing; but let's do the latter anyway; especially since this is one area where you can't just please chinese factory slaves as an inherent price advantage. The guys mechanical-turking out 'training'/'classification' tasks will all go wherever to scrape up the cheapest labor available, then stiff them on promised payments; and (while the process is pretty porous) being not-china is definitely still the best way to get access to premium TSMC processes; and at least not-worse for most of the rest of the most interesting ones.

Either LLMs are fundamentally a technology where being the first mover is a dumb idea; or the 'leaders' are actively fucking it; because, unlike some of the cases involving rare earths mining or finding fast fashion sweatshop sites, this was theirs to lose.

I assume that there's a research OS somewhere that has discovered that this is much harder than it looks for anything nontrivial; quite possibly even worse than the problem that it is intended to cure; but looking at the increasingly elaborate constructs used when sudo is intended to be a granular delegation makes me wonder if the correct approach lies down the path of better permissions rather than ad-hoc lockdown logic.

There are some cases(eg. password-change or login tools often both reflect granularity limits in credential storage; and make reads or edits on your behalf to parts of files that you wouldn't be allowed to touch directly; but also do things like enforce complexity or age requirements that would require a really expansive view of 'permissions' to encompass) where the delegate program is handling nontrivial delegation logic on its own; but in a lot of instances it's hard to escape the impression that you are basically bodging on 'roles' that can't be or aren't normally expressed in object and device permissions by building carefully selectively broken tools.

I obviously don't blame sudo for that; its scope is letting you run a particular thing as someone else if the sudoers file allows it; but a lot of sudoers files might as well just say "there are no roles on this system between 'useless' and 'apocalyptic'"; and that feels like a permissions design problem.

Of note; probably not one to try to NT yourself out of; I'm not sure that you can build a sufficiently expressive set of permissions on classic UNIX style ones; but I've yet to see an NT-derived system that didn't boil down to 'admin-which-can-be-SYSTEM-at-a-whim'/'little people' regardless of the wacky NT ACL tricks you can get up to.

I'm curious if it's a case of the alternatives being tried and largely found to be worse; or if (along with a number of other OS design/architecture fights) the whole thing has mostly been pushed out of mainstream relevance by the degree to which you can just pretend everything inside a worker VM is basically at a homogeneous privilege level if you don't want to deal with it.

I can't comment on where sudo itself lives on the spectrum from aggressively solid implementation to really-dodgy-smell-around-the-edges; but it seems like its purpose is a fundamentally tricky problem even if its execution were impeccable.

The basic "user is authorized for root; but we'd prefer he be thinking and logged when he uses that authorization" is reasonably cogent use case; but it's more of a reminder than a security barrier. Then you get into the actually-interesting attempts at limited delegation and determine that you'd basically need a different userland for a lot of purposes: aside from the modest number of things(often with setuid already in place) built specifically to carefully do a very particular delegated function on your behalf and provide you with nothing else if they can help it; very little aside from garbage kiosk UIs or web or database-backed applications with user and permission structures mostly orthogonal to those of the underlying OS actually tries to constrain the user's use of the application(within whatever context that user is operating; generally having a privilege escalation is considered bad).

Half of what you run considers having an embedded shell to be a design feature; so including any of that on the sudoers list essentially means being able to chain arbitrary commands from that sudoers entry; and the other half doesn't outright intend to include a shell but would require some really brutal pruning, likely of important features, to prevent being able to chain a couple of interactions into having the ability to run whatever. And that is assuming that sudo itself is working entirely correctly.

I always look to people with degrees in 'community development' to tell me whether there are enough spooks in my computer science or not; it's just good sense.

If it's dissociality and/or disinhibition without an LLM fetish it's just an ICD-11 personality disorder.

Saying that, much less in public in a way that suggests you either think that it will be helpful or that people will view you as being helpful, seems like strong evidence of an AICD-11 personality disorder.