Used to work as a manager at a pizza place and we had a guy apply to deliver who had the same name as... their son.
Allegedly Jr. had a lengthy record including some drug offenses and something like a DUI / DWI. Naturally Sr. And Jr's records got crossed since they have the same First, Last, and Address, which caused Sr. many headaches including that we required a driving record check that would fail on a DUI / DWI.
>Saying MCP is vulnerable is like saying "Web applications are vulnerable”
Just for reference, this GitHub follows in the tradition of many an example project all of which have the explicit intent of demonstrating not that the underlying concept is inherently vulnerable, but that implementations can be.
Damn Vulnerable Web App is probably the best known, but there are others for REST apis, web sockets, GraphQL, and more. They’re educational reference implementations that are deliberately insecure to use as an educational tool.
The same way you'd write a third party client to any software/API.
The MCP uses some kind of identity to talk to booking.com or GitHub. That's your security boundary. You assume that anything the MCP has access to (including that identity), the user has access to. If you add a `list_available_hotels()` tool to your booking.com MCP, that tool needs to run with the same identity as the person talking to the LLM. It doesn't have any more permissions or access to your system than the booking.com react app does.
Think of the MCP server as a natural language interface to your application. Like a CLI or a WebApp. Instead of writing specific commands to a cli, or following a series of clicks in a GUI app, you "chat" with it.
If you're authenticating the exact same way you would to an HTTP api(put an API key in the config), why does MCP need to exist instead of just plugging in the API key + link to openapi specs in an "Agent API Config"?
I was responding to you saying that the security model is different because servers can be treated as client applications for the security model, but that doesn't make sense for third party servers that you aren't hosting and just sending/receiving data from.
From the client PoV, booking.com could return malicious information to my prompt telling it to do unauthorized things with my computer(e.x. upload banking cookies to a remote endpoint). This doesn't sound secure, and just saying "it's part of the client" doesn't change that.
May have been true when Instagram was a photos app with a chronological timeline of only the accounts you follow + a few ads. If you wanted to seek content outside of your personally curated feed it was in a different tab or you would need to search for it.
Now it’s a meme-shorts first platform that constantly suggests content outside of your follows and non-chronologically. You can’t opt out of “suggested content” pictures or videos in your feed for more than 30 days at a time and there is no option to permanently opt out. It’s not possible to opt out of shorts (reels) suggestions in your feed. It’s not possible to opt out of meta “threads” suggestions in your feed. I just opened the app and 5 of the first 11 items in my feed were sponsored ads, and 1 of the 11 was suggested “threads”.
Plenty of those memes and reels ARE focused on 'IRL' activities, though.
Obviously the full experience depends on your feed, but a lot of content is created and shared around restaurants/activities/vacation etc and many millennials and Gen Z find inspiration there, whether from influencers or peers.
Agreed, big fan of codenames in general but it plays its best when you’re playing against / alongside people that you’ve known for a while. The metagaming aspect of structuring clues to who your partner is really takes it to the next level.
I like to use Edge on occasion when I need to read something dry but necessary because I find following along with the TTS it’s auto-highlight of text helps me stay focused and retain better as well.
Is there any equivalent program for ebooks? If not can someone build one? The dream would be to plop in an arbitrary document (pdf, docs, tex, epub, and so on) and have it read to me by a reasonable TTS at a speed of my choosing and have words / lines highlighted as the TTS goes along. Bonus points if you can regularly identify and skip things that are not necessarily relevant like page numbers, headers, footnote markers, and so on, which is something that Edge TTS within Edge struggles with when reading PDFs.
I've been using https://readest.com/ lately. It's FOSS and just recently got this feature. The TTS voices are pretty natural and text is highlighted one sentence at a time. Plus the design of the product is great.
How about the Microsoft Surface Pro 9 being x86 while the Surface Pro 9 with 5g being ARM. My conspiracy theory is they did it on purpose to submarine ARM into enterprise environments
It seems one of the primary tradeoffs in edutainment is between actually learnable teaching and “content porn” where you sub content with food, cars, tech, etc.
When I think of truly learnable cooking videos the first thing that comes to mind is Kenji’s POV cooking videos / streams. Seems like something that could be relatively adaptable to a AR / MR format in a way that would differentiate it from other (still valid) content like the relatively educational food porn from Alex / @FrenchGuyCooking.
I'm actually making a version of Kenji's macaroni and cheese (except with shredded baby back rib meat added) for lunch as we speak! His channel is great.
I would also be interested in a Chef Jean Pierre simulator, where you learn classic French recipes in a subtly deranged metaverse with a butter-based economy.
It’s been ages so I don’t recall the exact details but you could pull a similar trick with the PS2 version of Guitar Hero to play custom songs on an unmodded console. You would burn a copy of the game with custom songs, insert and start a legit copy of the game, and then physically pull open the DVD tray and quickly replace the legit copy with the burned DVD at a specific time between when the PS2 had authenticated the disc as legit but before the game had actually loaded. It was a little finicky but with some practice it would work like 2/3rds of the time.
You could use a similar method to play burned PS2 disks using a Datel (of Action Replay fame) "Swap Magic" disc and a card to pull the tray out. the Swap disk appeared as a genuine PS2 disk with bad sectors, which would cause the drive motor to stop and give some time for the swap to occur.
Allegedly Jr. had a lengthy record including some drug offenses and something like a DUI / DWI. Naturally Sr. And Jr's records got crossed since they have the same First, Last, and Address, which caused Sr. many headaches including that we required a driving record check that would fail on a DUI / DWI.