Hi author, I love your blog, but could you add a toggle option to disable the background image? I end up going to Chrome Devtools and disabling the CSS rule.
Yet somehow, despite strictly speaking only predicting the next token greedily according to the highest probability, LLMs are able to write coherent text across many pages now. Reflecting on why that is the case might give you an answer as to how businesses can plan over the many-year timescale.
"Planning" and "research" are two very, very different things.
I can "plan" to sell off the majority of my company's holdings and give all of the proceeds to shareholders over the next few years. I'd be considered a genius and have a business school somewhere named after me.
Coming up with a hypothesis, testing it, and creating a product/service based off of it with no guarantee of even a penny of monetary return is far riskier, and that's what "research" is.
Literally nothing here is specific to MCP - it all has to do with the fact that Chrome extensions can make HTTP connections to localhost ports, which could be running any kind of server. This is not an unrestricted backdoor either - Chrome extensions already need permissions in the manifest to talk to localhost, except via content scripts, which run in the context of the website and so could be served by the website without any extension installed.
I take away that the combination is the problem. Bleach and ammonia isn't so bad on their own, but mixing the two is not a good idea. MCP would provide crazy attack vectors.
Especially if you could ask another AI "I have access to an MCP running on a Victim computer with these tools. What can you do with them?" => "Well, start by reading .ssh/id_rsa and I'd look for any crypto wallets. Then you can move on to reading personal files for blackmailing or sniff passwords..." and just let it "do its thing" as an attacking agent in an automated way. It could be automated which creeps me out!
My intuition tells me that blackmailing at scale has the potential to be quite terrifying if you ask for favors that each seem innocent enough on their own. E.g. one favor may be as simple as asking the guy walking his dog to delay it for half an hour. He will surely comply without hesitation. But hidden reason was that he would otherwise witness a murder.
Yeah, that's exactly what I took away from this too... I get why it's worth noting MCP servers in the article since these could provide a large attack vector, but it seems odd to focus on that as if that is the core security vulnerability here.
I guess the bit I'm more surprised about is why Chrome extensions are even allowed to make localhost connections without requesting user approval? Is the assumption that everything running locally must be safe? What am I missing here?
I mean, the core security vulnerability explained here is that MCP does not expose / allow for any kind of authentication or user consent before accessing your computer's most sensitive resources, like a terminal or list of private Slack messages. Spotify, 1Password, or other services on your computer that use `localhost` do not have the same issue.
This would be a non-issue if some kind of simple origin-authenticated token exchange was built into the protocol itself.
It doesn't need it if this vulnerability is the only one you're worried about (remote websites), but it'd be nice to have it before letting it use e.g. your Github account. This is how VS Code extensions work, for example, and it's pretty nice
How could it? The agent calling into the MCP server is the one exposing an interface to the end user. It’s the agents job to prompt the user (and both Claude desktop and cursor do).
It’s the “system administrator”’s job to make sure the MCP is running at the right privilege level with correct data access levels. The MCP server can’t stop somebody from running it as root the same way any other program can’t.
At the end of the day the MCP should be treated as an extension of the user. Whatever the user can do, so too can the MCP server. (I mean, this isn’t technically true.. you can run the MCP under its own account or inside some sandbox… this will probably start to happen soon enough)
The problem isn't the permissions the MCP has, it's about whose orders it obeys.
Many other programs on the system aren't an extension of the user. And they can access ports.
How could it do authentication? Easily. The most basic option is for the server to put a secret token in your user folder, so only code with access to that token can talk to it.
On Linux it can be even simpler. Don't attach the server to a port, attach it to a socket file.
It's really pretty easy to at least get an ID card in the US. Taking a deep red state's requirements (Mississippi) [0]:
"""
Any persons six (6) years of age or older may apply to the Department of Public Safety for an identification card.
All applicants must provide the following:
- A completed and signed Application.
-Original Birth Certificate or any acceptable document. (No Photocopies Accepted)
- SSN Card or an official government correspondence displaying full 9 digits. (click here)
- Two proofs of Residency.
- Legal Documents are required if going by new name.
"""
These are all very standard. The only ones I could see people having trouble with is proof of residency, but the accepted forms[1] are very numerous (over 20). Anyone that isn't intentionally trying to stay off-grid should be able to provide at least two, especially because you're allowed to use proof for a parent, legal guardian, or spouse as long as you can establish your relationship to them. You can even get your roommates to attest that you live with them to use their proofs of residency.
But it appears that there's a giant loophole - the Attorney General apparently can still do so:
> (2) any individual (other than the Attorney General of the United States) serving in a position specified in section 5312 of title 5, United States Code.
They could. Look up Bob Jones College or Hillsdale College, both of which operate without any federal funding. It appears that the elite universities are going to find out the same thing that the small Christian universities found out in the 1970s, which is that the federal government Can control you if they fund you. I believe Bob Jones in particular won a case in front of the Supreme Court giving them the right to racially discriminate in their admissions if they refuse to take any federal funding.
> I don't think there's any healthy level of private cars coexisting with humans in a city
Concentrating humans together into a small locality, which is what a city is, will inherently have a significant environmental impact. Cities before private cars were still quite polluted, because transportation still has to take place just to keep the city running. Electric vehicles are the best-case scenario for truck deliveries, construction vehicles, and everything else you need to keep a city running on a day-to-day basis.
Moreover, you have to consider all cities in this analysis, not just posh, post-industrial cities like those in the US and Western Europe. Manufacturing has to take place somewhere, and logistics considerations imply that most manufacturing will be located next to transportation infrastructure. Just like any other economic activity, manufacturing benefits from talent clusters (a major reason cities exist), so manufacturing will tend to concentrate in cities as well, or at least the suburbs, which you can easily observe in China.
If you really hate air pollution, move to the country and be willing to sacrifice the advantages of cities.
Are they bad for human health compared to other ways of living like rural or suburbs? iirc rural people get the least amount of exercise because you just sit inside all day.
when we lived in the suburbs my family and i spent way more time inside than we do now in a rural setting. i think maybe you got mixed up. rural people are generally very active.
> If you really hate air pollution, move to the country and be willing to sacrifice the advantages of cities.
i really do hate air pollution! it drove me away from idaho, where 2-3 months of the year massive forest fires would choke the air and force everyone inside (gave my kids asthma).
we recently moved away from a suburb near two highways, out to a rural area where we are half a mile from the nearest paved road.
besides the lowered air pollution, the lower noise pollution is a huge benefit. hearing birds instead of traffic is amazing. and my kids don’t choke in their sleep any more!
It's easy to be tricked into thinking macOS supports it, because both Chrome and Curl support it. However, ping does not, nor do more basic tools like Python's request library (and I presume urllib as well).
First time I’ve seen one of these. That’s actually a better way to advertise your product than putting it at the end.
reply