frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Wutopia Lab designs bookshop in China to resemble inside of teapot

https://www.dezeen.com/2025/03/01/wutopia-lab-ceramic-pages-bookshop/
1•neom•1m ago•0 comments

CalyxOS Community update – our progress after the release of Android 16

https://calyxos.org/news/2025/06/26/community-update-android-16/
1•pabs3•7m ago•0 comments

Can Tinygrad Win?

https://geohot.github.io//blog/jekyll/update/2025/07/06/can-tinygrad-win.html
1•_hark•8m ago•0 comments

Jack Dorsey Releases BitChat: Encrypted Messaging via Bluetooth LE Mesh

https://github.com/jackjackbits/bitchat
4•ananddtyagi•14m ago•0 comments

There's a COMPUTER inside my DS flashcart [video]

https://www.youtube.com/watch?v=uq0pJmd7GAA
2•surprisetalk•16m ago•0 comments

Can Digital Poison Corrupt the Algorithm?

https://hackaday.com/2025/06/27/can-digital-poison-corrupt-the-algorithm/
1•gnabgib•16m ago•0 comments

Secret Cellular Phone Numbers

https://computer.rip/2025-07-06-secret-cellular-phone-numbers.html
2•zdw•18m ago•0 comments

MCP Generator

https://liblab.com/blog/mcp-generator
2•sagivo•21m ago•0 comments

China Is Quickly Eroding America's Lead in the Global AI Race

https://www.msn.com/en-us/money/markets/china-is-quickly-eroding-america-s-lead-in-the-global-ai-race/ar-AA1HNoP4
3•BiraIgnacio•23m ago•0 comments

Show HN: Modernized File Manager and Program Manager from Windows 3.x

https://github.com/brianluft/heirloom
2•electroly•25m ago•0 comments

Where are the GenZ multi millionaires and billionaires?

1•moneyhungry•30m ago•1 comments

China Has Paid a High Price for Its Dominance in Rare Earths

https://www.nytimes.com/2025/07/05/business/china-rare-earth-environment.html
2•NN88•30m ago•1 comments

Swedish Campground: "There are too many Apples on the screen!"

https://www.folklore.org/Swedish_Campground.html
3•CharlesW•30m ago•0 comments

What Can We Learn from Estonia?

https://www.statecraft.pub/p/how-to-digitize-the-government
1•atlasunshrugged•32m ago•0 comments

State Digital Transformation in Ukraine: 2019–2024 Review

https://voxukraine.org/en/state-digital-transformation-in-ukraine-2019-2024-review
1•atlasunshrugged•32m ago•0 comments

Researchers seek to influence peer review with hidden AI prompts

https://techcrunch.com/2025/07/06/researchers-seek-to-influence-peer-review-with-hidden-ai-prompts/
1•tagawa•32m ago•0 comments

Hey Siri, Time for That Lobotomy

https://spyglass.org/siri-chatgpt-claude/
1•bentocorp•34m ago•0 comments

Show HN: uvtarget – a helpful utility to manage Python in CMake, powered by uv

https://github.com/basis-robotics/uvtarget
2•a_t48•35m ago•0 comments

Adjustable Spring mechanism

https://www.youtube.com/watch?v=ZbpacL9NOdM
1•downboots•36m ago•0 comments

At least 36 new tech unicorns were minted in 2025 so far

https://techcrunch.com/2025/07/06/7-new-tech-unicorns-were-minted-in-2025-so-far/
1•bentocorp•38m ago•0 comments

Activision takes Call of Duty: WWII offline after reports of RCE exploits

https://www.tomshardware.com/video-games/pc-gaming/activision-takes-call-of-duty-wwii-offline-after-hackers-apparently-disrupted-the-game-with-rce-exploits-malicious-code-wreaks-havoc-on-pc-gamers-as-bad-actors-take-complete-control-of-your-computer
3•andrecarini•46m ago•0 comments

As Drones Spot Sharks, New York Beaches Are Shut Down

https://www.nytimes.com/2025/07/06/nyregion/shark-sightings-new-york-beaches-drones.html
1•geox•51m ago•0 comments

Optimizing PHP Apps in Dokku

https://aaron.com.es/blog/optimizing-php-apps-in-dokku/
1•chilipepperhott•53m ago•0 comments

PydanticPrompt: A simple library to document Pydantic models for LLMs

https://github.com/OpenAdaptAI/PydanticPrompt
1•abrichr•54m ago•0 comments

Show HN: Bottomless Storage for Agent Memory

https://www.acceleratedcloudstorage.com
1•obitoACS•58m ago•0 comments

"Do not highlight any negatives"

https://www.google.com/search?q=%22do+not+highlight+any+negatives%22+site%3Aarxiv.org
7•bgc•1h ago•2 comments

Centaur: A Controversial Leap Towards Simulating Human Cognition

https://insidescientific.com/centaur-a-controversial-leap-towards-simulating-human-cognition/
4•CharlesW•1h ago•0 comments

Russ Cox solves AoC 2021 Day 24 using Go in Acme [Compiler Analysis] [video]

https://www.youtube.com/watch?v=hmq6veCFo0Y
1•todsacerdoti•1h ago•0 comments

Intelligent Recommendation Engines with Agents

https://www.mlwhiz.com/p/genai-series-beyond-basic-rag-building
1•ai_unwrapped•1h ago•0 comments

Show HN: Zero-Prompt Video Generation

https://meme-gen.ai/create/animation
1•bd2025•1h ago•0 comments
Open in hackernews

A Critical Look at "A Critical Look at MCP."

https://docs.mcp.run/blog/2025/05/16/mcp-implenda-est/
33•palmfacehn•1mo ago

Comments

nip•1mo ago
> Further, one of the issues with remote servers is tenancy

Excellent write-up and understanding of the current state of MCP

I’ve been waiting for someone to point it out. This is in my opinion the biggest limitation of the current spec.

What is needed is a tool invocation context that is provided at tool invocation time.

Such tool invocation context allows passing information that would allow authorizing, authentication but also tracing the original “requester”: think of it as “tool invoked on behalf of user identity”

This of course implies an upstream authnz that feeds these details and more.

If you’re interested in this topic, my email is in my bio: I’m of the architect of our multi-tenant tool calling implementation that we’ve been running in production for the past year with enterprise customers where authnz and auditability are key requirements.

jensneuse•1mo ago
The way we've solved this in our MCP gateway (OSS) is that the user first needs to authenticate against our gateway, e.g. by creating a valid JWT with their identity provider, which will be validated using JWKS. Now when they use a tool, they must send their JWT, so the LLM always acts in their behalf. This supports multiple tenants out of the box. (https://wundergraph.com/mcp-gateway)
Yoric•1mo ago
Is this really hard to code?

I mean, converting a tool-less LLM into a tool-using LLM is a few hundred lines of code, and then you can plug all your tools, with whichever context you want.

nip•1mo ago
Indeed very easy to code!

My point is about the need for a spec of this mechanism: without a spec, every company / org will roll out their own and result in 500 flavors of the same concept.

That’s where MCP shines: tool calling and tool discovery is already 1.5 years old (an eternity in ai land).

The MCP spec ensures that we can all focus on solving problems with tool calling rather than wasting time in cobbling together services that re not interoperable (because developed without a common spec / standard)

__loam•1mo ago
This is an advertisement
tomrod•1mo ago
I wish this were critical, but it is an ad for MCP.run.
nip•1mo ago
It’s both in my opinion and discussions can stem from the linked article

Many come to HN also for the comments

palmfacehn•1mo ago
Personally, I'm not a fan. I thought the proponent's view might stimulate a discussion.
FunnyLookinHat•1mo ago
> Server authors working on large systems likely already have an OAuth 2.0 API.

I think this biases towards sufficiently large engineering organizations where OAuth 2.0 was identified as necessary for some part of their requirements. In most organizations, they're still using `x-<orgname>-token` headers and the like to do auth.

I'm not sure that there's a better / easier way to do Auth with this use case, but it does present a signficant hurdle to adoption for those who have an API (even one ready for JSON-RPC!) that is practically ready to be exposed via MCP.

motorest•1mo ago
> I think this biases towards sufficiently large engineering organizations where OAuth 2.0 was identified as necessary for some part of their requirements. In most organizations, they're still using `x-<orgname>-token` headers and the like to do auth.

I don't think that's it. Auth is a critical system in any organization, and larger organizations actually present more resistance to change, particularly in business critical areas. If anything, smaller orgs gave an easier time migrating critical systems such as authentication.

hirsin•1mo ago
Touching on tenancy and the "real" gaps in the spec does help push the discussion in a useful direction.

https://vulnerablemcp.info/ is a good collection of the immediately obvious issues with the MCP protocol that need to be addressed. A couple low blows in there, that feel a bit motivated to make MCP look worse, but generally a good starting point overall.

owebmaster•1mo ago
This post has too many "shameless plugs" to be taken seriously.
smitty1e•1mo ago
Serious question:

If doing an extended, service-level session (like a GPT interaction) with a server known beforehand, would it make sense to set up a keypair and manage the interaction over SSH?

Restated: are we throwing away a lot of bandwidth establishing TLS trust for the more general HTTP?