frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Shutting Down Clear Linux OS

https://community.clearlinux.org/t/all-good-things-come-to-an-end-shutting-down-clear-linux-os/10716
2•todsacerdoti•1m ago•0 comments

Nuxt Joins Vercel

https://vercel.com/blog/nuxtlabs-joins-vercel
1•rattray•6m ago•1 comments

The Kap Programming Language

https://kapdemo.dhsdevelopments.com/examples.html
2•thunderbong•12m ago•0 comments

A Software for One

https://www.jasonthorsness.com/30
2•jasonthorsness•12m ago•0 comments

Women Are Falling Behind in America's Return to the Office

https://www.wsj.com/lifestyle/careers/return-to-office-gender-gap-236392aa
3•bdev12345•12m ago•0 comments

Astronomer launches internal investigation after viral Coldplay video

https://www.cnn.com/2025/07/18/entertainment/coldplay-concert-kiss-cam-astronomer-investigation
2•bb88•13m ago•0 comments

Build your CV on Subreply as a LinkedIn alternative

https://subreply.com/lm
4•lcnmrn•17m ago•0 comments

Curse Not the King

https://daringfireball.net/2025/07/curse_not_the_king_cbs_colbert_trump
1•Bogdanp•17m ago•0 comments

The Physics of Dissonance (MinutePhysics) [video]

https://www.youtube.com/watch?v=tCsl6ZcY9ag
1•jerf•22m ago•0 comments

Billionaire Gabe Newell: pitching VCs makes no business sense

https://www.pcgamer.com/gaming-industry/multi-billionaire-gabe-newell-says-the-whole-startup-culture-of-pitching-vcs-for-capital-makes-no-business-sense-a-great-way-of-destroying-money-and-wasting-peoples-time/
6•e2e4•22m ago•0 comments

Ccusage: A CLI tool for analyzing Claude Code usage from local JSONL files

https://github.com/ryoppippi/ccusage
8•kristianp•24m ago•2 comments

Fuzzing macOS Userland (For Fun and Pain)

https://marqcodes.com/fuzzyingforfun.html
1•N3Xxus_6•24m ago•0 comments

Free Online Minesweeper

https://www.freeonlineminesweeper.com
1•avonmach•25m ago•0 comments

DHH – I Hate TypeScript (3 min video)

https://www.youtube.com/watch?v=tyjUH5TLSTM
3•rmason•31m ago•0 comments

Show HN: Interactive Bash tutorial that runs in the browser

https://sandbox.bio/tutorials/bash-script
2•raboukhalil•33m ago•0 comments

Show HN: Castream – Native iOS/Android IRL multistreaming app

1•acabralto•34m ago•0 comments

There Is No Antimemetics Division – A Novel (2025)

https://www.penguinrandomhouse.com/books/783041/there-is-no-antimemetics-division-by-qntm/
2•Duanemclemore•37m ago•1 comments

First earthquake, then fire: UC San Diego researchers test steel building

https://www.kpbs.org/news/science-technology/2025/07/17/first-earthquake-then-fire-uc-san-diego-researchers-test-steel-building
2•littlexsparkee•40m ago•1 comments

Ask HN: What are your favorite open source AI agent implementations?

2•kanodiaashu•40m ago•0 comments

Node.js 18 is being deprecated

https://vercel.com/changelog/node-js-18-is-being-deprecated
1•ananddtyagi•45m ago•0 comments

EPA says it will eliminate its scientific reseach arm

https://www.nytimes.com/2025/07/18/climate/epa-firings-scientific-research.html
34•anigbrowl•46m ago•4 comments

Vibe coding? AI assisted coding? I prefer being an AI micromanager [video]

https://www.youtube.com/watch?v=3gnfOnhC1EA
5•godot•51m ago•0 comments

"Pitch in " Anti-Litter PSA (1973) [video]

https://www.youtube.com/watch?v=Sba0GzhZ088
1•petethomas•55m ago•0 comments

Agents Built from Alloys

https://xbow.com/blog/alloy-agents/
2•azhenley•56m ago•0 comments

US EPA cutting workforce by 23%, closing research division

https://www.reuters.com/legal/government/us-epa-cutting-workforce-by-23-closing-research-division-2025-07-18/
15•pseudolus•59m ago•1 comments

I'm Rebelling Against the Algorithm

https://varunraghu.com/im-rebelling-against-the-algorithm/
3•Varun08•1h ago•0 comments

My worst tech purchase became my best DIY desk lamp

https://medium.com/@philwornath/when-2-useless-items-unite-repurpose-your-monitor-lamp-bar-ikeahackers-upcycling-02e6ad595e1b
1•philjw•1h ago•1 comments

Show HN: Vizr – Ask questions about your marketing data, get real answers

https://vizr.app/
1•arifliftos•1h ago•0 comments

With One Call, Trump Alters the Fate of a Contested Power Project

https://www.nytimes.com/2025/07/17/climate/hawley-grain-belt-express-invenergy-trump.html
4•zekrioca•1h ago•2 comments

Is Translation the Killer App?

https://substack.com/home/post/p-168658235
1•mathattack•1h ago•0 comments
Open in hackernews

A Critical Look at "A Critical Look at MCP."

https://docs.mcp.run/blog/2025/05/16/mcp-implenda-est/
33•palmfacehn•2mo ago

Comments

nip•2mo ago
> Further, one of the issues with remote servers is tenancy

Excellent write-up and understanding of the current state of MCP

I’ve been waiting for someone to point it out. This is in my opinion the biggest limitation of the current spec.

What is needed is a tool invocation context that is provided at tool invocation time.

Such tool invocation context allows passing information that would allow authorizing, authentication but also tracing the original “requester”: think of it as “tool invoked on behalf of user identity”

This of course implies an upstream authnz that feeds these details and more.

If you’re interested in this topic, my email is in my bio: I’m of the architect of our multi-tenant tool calling implementation that we’ve been running in production for the past year with enterprise customers where authnz and auditability are key requirements.

jensneuse•2mo ago
The way we've solved this in our MCP gateway (OSS) is that the user first needs to authenticate against our gateway, e.g. by creating a valid JWT with their identity provider, which will be validated using JWKS. Now when they use a tool, they must send their JWT, so the LLM always acts in their behalf. This supports multiple tenants out of the box. (https://wundergraph.com/mcp-gateway)
Yoric•2mo ago
Is this really hard to code?

I mean, converting a tool-less LLM into a tool-using LLM is a few hundred lines of code, and then you can plug all your tools, with whichever context you want.

nip•2mo ago
Indeed very easy to code!

My point is about the need for a spec of this mechanism: without a spec, every company / org will roll out their own and result in 500 flavors of the same concept.

That’s where MCP shines: tool calling and tool discovery is already 1.5 years old (an eternity in ai land).

The MCP spec ensures that we can all focus on solving problems with tool calling rather than wasting time in cobbling together services that re not interoperable (because developed without a common spec / standard)

__loam•2mo ago
This is an advertisement
tomrod•2mo ago
I wish this were critical, but it is an ad for MCP.run.
nip•2mo ago
It’s both in my opinion and discussions can stem from the linked article

Many come to HN also for the comments

palmfacehn•2mo ago
Personally, I'm not a fan. I thought the proponent's view might stimulate a discussion.
FunnyLookinHat•2mo ago
> Server authors working on large systems likely already have an OAuth 2.0 API.

I think this biases towards sufficiently large engineering organizations where OAuth 2.0 was identified as necessary for some part of their requirements. In most organizations, they're still using `x-<orgname>-token` headers and the like to do auth.

I'm not sure that there's a better / easier way to do Auth with this use case, but it does present a signficant hurdle to adoption for those who have an API (even one ready for JSON-RPC!) that is practically ready to be exposed via MCP.

motorest•2mo ago
> I think this biases towards sufficiently large engineering organizations where OAuth 2.0 was identified as necessary for some part of their requirements. In most organizations, they're still using `x-<orgname>-token` headers and the like to do auth.

I don't think that's it. Auth is a critical system in any organization, and larger organizations actually present more resistance to change, particularly in business critical areas. If anything, smaller orgs gave an easier time migrating critical systems such as authentication.

hirsin•2mo ago
Touching on tenancy and the "real" gaps in the spec does help push the discussion in a useful direction.

https://vulnerablemcp.info/ is a good collection of the immediately obvious issues with the MCP protocol that need to be addressed. A couple low blows in there, that feel a bit motivated to make MCP look worse, but generally a good starting point overall.

owebmaster•2mo ago
This post has too many "shameless plugs" to be taken seriously.
smitty1e•2mo ago
Serious question:

If doing an extended, service-level session (like a GPT interaction) with a server known beforehand, would it make sense to set up a keypair and manage the interaction over SSH?

Restated: are we throwing away a lot of bandwidth establishing TLS trust for the more general HTTP?