Send Link mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.anu.edu.au/mailman/listinfo/link
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Link digest..."
Today's Topics:
1. Re: RFI: Opening an account with Google without a
phone-camera (Craig Sanders)
2. Re: RFI: Opening an account with Google without a
phone-camera (Craig Sanders)
3. Re: RFI: Opening an account with Google without a
phone-camera (Craig Sanders)
4. Chinese humanoid robots 'the world?s most-watched television
program' (Stephen Loosley)
----------------------------------------------------------------------
Message: 1
Date: Fri, 20 Feb 2026 18:30:01 +1100
From: Craig Sanders <[email protected]>
To: link <[email protected]>
Subject: Re: [LINK] RFI: Opening an account with Google without a
phone-camera
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
On Sun, Feb 15, 2026 at 09:32:00AM +1100, Roger Clarke wrote:
> I'm trying to set up a Scholar account.
>
> A new feature is that its setup process demands capture of a QR code.
I had to do this recently when github started required 2FA for my
account. Best option was a One Time Password (OTP) code.
I used Save As in my browser to save the QR code image to a file, then used
`zbarimg` (from the zbar-tools package, https://github.com/mchehab/zbar) to
decode the QR image.
Actually, I had to use the `convert` program from ImageMagick to convert the
.svg file to .png first. Dunno why but github's QR code image was in .svg
format, and zbarimg doesn't understand .svg input files.
This was all on Linux. Dunno if zbarimg or similar is available for other
operating systems.
Github offered other methods, but I found this to be the least hassle. Also,
I was curious to know what was actually in the QR code image - not much, just
my account name and the TOTP secret. I used the secret with my local OTP
client (pass's OTP plugin) with `zbarimg --raw /tmp/qrcode.png | pass otp
insert totp/github`
That worked just fine, so now I can get a new (valid for 30-seconds) OTP
whenever I need it to login to github. It was a lot easier and a lot less
hassle than I was expecting.
I have no idea what's in a Google Scholar QR code - it might be a OTP code, or
a secret, or a URL
craig
PS: I'm always suspicious whenever I see a QR code, it could contain
**anything** (up to ~4 KiB alphanumeric data, or ~7K numeric data) including a
URL that links to some mystery site. And I really don't want my phone browsing
to some unknown web site that might be full of malware just because I scanned
a fancy barcode.
So I've learnt the magic words "Sorry, I don't have a smart phone, I can't
install apps, or use QR codes. I only have a dumb phone".
------------------------------
Message: 2
Date: Fri, 20 Feb 2026 18:44:43 +1100
From: Craig Sanders <[email protected]>
To: [email protected]
Subject: Re: [LINK] RFI: Opening an account with Google without a
phone-camera
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
On Mon, Feb 16, 2026 at 08:06:03AM +1100, Roger Clarke wrote:
> There's been a marked falling-away of tokens, as in separate, physical
> artefacts containing a time-based OTP generator.
My bank, Bendigo Bank, forced me last year to switch from the physical token
I've been using to login to my online banking for decades to an OTP via SMS.
I complained, but this was not optional, it was mandatory. After further
complaints and resistance from me, they said they could also do an OTP via
email. I reluctantly chose that because I run my own mail server and the
short-lived (30 sec) OTP would be encrypted via TLS during transmission.
Not perfect but much better than the completely insecure SMS method. GPG
encrypted email was beyond them.
They were promoting this as a security UPGRADE, when it was clearly a massive
security downgrade.
Probably because it was cheaper. Or they were following the latest idiotic fad
pushed by corporate security weasel-"consultants". or wanted to gather mobile
numbers for SMS spam purposes.
craig
------------------------------
Message: 3
Date: Fri, 20 Feb 2026 19:08:58 +1100
From: Craig Sanders <[email protected]>
To: [email protected]
Subject: Re: [LINK] RFI: Opening an account with Google without a
phone-camera
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
On Mon, Feb 16, 2026 at 01:37:36PM +1100, David wrote:
> I'd intended to refer specifically to a physical OTP device. Any form
> of software OTP which runs in the same desktop/laptop as the relevant
> application is surely much less secure than an SMS-based OTP (?) because a
> hacker who gains access to that system can then impersonate any valid user.
> Worse still, it may generate a false sense of security.
A mobile phone is far easier to hack than a desktop computer, and many phones
are already running malware snooping on their SMS messages and browser
sessions (and everything else on their phone) because most people have no
knowledge of or interest in basic computer hygiene, and they'll just blithely
install corporate spyware apps whenever asked.
Phones are completely insecure. They're also easily lost or stolen, and
people have the habit of taking them with them wherever they go (that's kind
of the point of having one).
(and this insecurity doesn't just affect the phone's owner. It affects the
security and privacy of everyone in the phone's contact database...this is
one of the reasons why facebook, microsoft, google, etc can know your name,
address, email address, and phone number as well as who you are in contact
with, even if you don't have an account with them. surveillance via uninformed
"consent" of the ignorant)
SMS is also completely insecure, long obsolete and weak encryption even by
1990s standards.
The phone network isn't secure, either. There have been numerous accounts of
people's identity being stolen, web accounts hijacked, bank accounts drained,
etc due to cell-phone cloning by bribed or blackmailed telco employees. Dunno
if it has happened here in Australia, but it's common in the US (and deemed
an "unsolvable" problem because it would be an unfair burden on telcos to do
anything about it).
So, SMS OTP delivers the one-time-password to an insecure device by an
insecure method on an insecure network. It's security theatre, not actual
security.
> Put another way, the "something you know and something you have" principle
> reduces to "something you know, full stop".
Or, in my case, multiple things I know (site account name, site password,
my local gpg passphrase) and something I have (my desktop computer with my
gpg-encrypted TOTP setup).
> Last time I researched this matter, one .au bank actually insisted on a
> physical OTP for customers with transactions over $10,000 per day but
> otherwise used SMS-based OTP by default, two would provide a POTP token
> under varying degrees of presure, and one simply wasn't interested. A POTP
> may be a chargeable item though (~~$50?), which I suppose is fair enough.
$50 for something worth a couple of bucks at the very most (and that's being
generous) is not "fair enough". It's extortionate profiteering. Which I
suppose is par for the course for banks.
craig
------------------------------
Message: 4
Date: Fri, 20 Feb 2026 23:05:12 +1030
From: Stephen Loosley <[email protected]>
To: "link" <[email protected]>
Subject: [LINK] Chinese humanoid robots 'the world?s most-watched
television program'
Message-ID: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
Who?s laughing now? China?s humanoid robots go from viral stumbles to kung fu
flips in one year
Published Fri, Feb 20 20263:27 AM EST Updated 2 Hours Ago By Dylan Butts
https://www.cnbc.com/2026/02/20/china-humanoid-robots-spring-festival-gala-unitree-tesla-ai-race.html
Key Points
China?s humanoid robots impressed at the Spring Festival Gala earlier this
week, shifting public sentiment.
The robot?s abilities displayed at the event were far more advanced than those
shown just one year prior.
Analysts say that while technology has improved, capability, not stunts, will
decide long-term economic impact.
[Video Caption] Robots taking part in a martial arts performance at the 2026
Spring Festival Gala in Beijing, China on February 16, 2026. [End]
Chinese humanoid robots are having a moment in the spotlight after a standout
performance at the country?s annual Spring Festival Gala earlier this week,
with videos from the event circulating widely online.
The gala, widely considered the world?s most-watched television program,
featured robots from several startups performing everything from kung fu moves
to choreographed dances to elaborate gymnastics displays.
The showing marked a sharp contrast from the 2025 Gala, which had featured less
advanced versions of the robots twirling handkerchiefs in a wobbly folk dance.
Around that time, public demonstrations of the humanoids often drew skepticism,
such as a robot marathon in April that made headlines for stumbles, crashes and
breakdowns.
But a year can make quite the difference. Viewers of this week?s event have
expressed everything from admiration for the technological advancements to
concern about what they mean for the labor force and the U.S.-China tech race.
As we watch them push the physical boundaries humans are capable of, it becomes
apparent they can achieve human-level actions, and eventually superhuman-level
performances.
Analysts told CNBC that while humanoid robots still have more to prove, the
advancements made over the past year warrant global attention.
?People should absolutely be taking these robots seriously,? Reyk Knuhtsen,
analyst at SemiAnalysis, told CNBC. ?After this spring gala demonstration,
they?re becoming visibly more lean, fluid, and capable.?
?As we watch them push the physical boundaries humans are capable of, it
becomes apparent they can achieve human-level actions, and eventually
superhuman-level performances,? he added.
China?s early lead
China has already taken an early lead in the manufacturing and deployment of
humanoid robots, according to data from Barclays.
Analysts at the company estimate that of the roughly 15,000 humanoid robot
installations in 2025, China accounted for more than 85%, compared with just
13% in the U.S.
?The fundamental advantage that China has is a nearly vertically integrated
robotics value chain: from the rare earths and high-performance magnets to the
physical components, and the batteries,? Zornitsa Todorova, Head of Thematic
FICC Research at Barclays, told CNBC.
Leading Chinese humanoid companies like Unitree are hoping to maintain that
lead into this year. The start-up, whose robots were prominently featured at
the Spring Festival Gala, expects between 10,000 and 20,000 shipments in 2026,
the CEO told local media just before the show ended.
The enhanced dexterity shown in routines like aerial flips and weapon handling
signals strong potential for economic impact in physically demanding tasks that
involve delicate tool handling and precise movements.
China?s manufacturing advantage, combined with government support, has also
enabled Chinese robotics producers to manufacture their products at much lower
prices than competitors, Todorova said.
Unitree, for example, advertises a base price of $13,500 for its G1 humanoid
robot.
Meanwhile, Tesla?s Optimus, a humanoid leader in the U.S., is expected to keep
prices higher in the near term. CEO Elon Musk said during an earnings call in
Jan. 2025 that the robot?s production cost could fall below US$20,000 if annual
output reaches 1 million units, though final pricing would depend on market
demand.
Analysts expect U.S. humanoid manufacturers to also increase production this
year, but say they likely have their work cut out for them.
?Other markets will ramp up but likely lag due to China?s established supply
chains and production scale,? said Omdia chief analyst Lian Jye Su, adding that
China is likely to lead for at least the next few years.
Caveats remain
While the Spring Festival Gala showcased rapid advances, analysts cautioned
that humanoid robots still face technical hurdles, with AI and mechanical
upgrades required.
?The enhanced dexterity shown in routines like aerial flips and weapon handling
signals strong potential for economic impact in physically demanding tasks that
involve delicate tool handling and precise movements,? said Omdia?s Su.
?However, they still need to prove reliability in unstructured, human-centric
environments for delicate tasks like healthcare or household assistance.?
In those tasks, advances in the underlying AI and minutiae mechanical
engineering will matter more than raw manufacturing and shipment numbers.
?[T]he AI model race is still undecided, and that will be the defining factor
in the end, as the robot will only be as useful as its model,? said Knuhtsen.
While China?s robotics companies have impressed viewers with their flashy
kung-fu routines, the analyst said advances in reasoning, longer task
durations, and the ability to chain multiple tasks together to perform
different chores will matter more this year.
?I think this is where a lot of economic value lies, and it?s steadily
improving.?
--
------------------------------
Subject: Digest Footer
_______________________________________________
Link mailing list
[email protected]
https://mailman.anu.edu.au/mailman/listinfo/link
------------------------------
End of Link Digest, Vol 399, Issue 20
*************************************
