I remember when this joke was first applied to IoT.
iotku•6h ago
I do love the joke, but it is worth remembering as well that all of those S were to a certain extent afterthoughts to fix otherwise insecure protocols.
Given how old FTP and HTTP are it's fairly understandable that they weren't initially designed with security in mind, but I think it's valid to question why we're still designing insecure systems in 2025.
amitksingh1490•5h ago
Totally agree, If we have made a mistakes in past we must have learnt from it and when designing a standard specially with AI where the outcome is non deterministic we got be more careful.
postalrat•3h ago
And P in WFH stands for productive.
amitksingh1490•10h ago
MCP new spec has to an extent covered auth. But the MCPs are yet to adopt to that.
100% - especially when Auth stands for just Authentication.
Simple RBAC authorization also won't take us far.
But Fine-grained Permissions(e.g. OPA, Cedar, OpenFGA, Permit.io) with ReBAC giving ai-agents Zero standing permissions, and only deriving on the fly the least privilege they need / got consent for, can dramatically reduce the problem
aviralb20•10h ago
MCP adoption is picking up fast.
bigyabai•10h ago
This post is an obvious victim of upvote manipulation. HN should ban the forgecode domain if it's going to abuse submissions like this.
dayjah•7h ago
Can you provide some context for your position? I’m not particularly familiar with ForgeCode. I’m interested in why you think there’s manipulation, and what you mean by “submissions like these”.
This can be easily used to search for seeds/private keys when AI coding agents are in YOLO mode.
ethan_smith•6h ago
The "lethal trifecta" refers to default configurations, excessive permissions, and inadequate authentication - three factors that plague MCP implementations just as they did with earlier technologies.
rvz•9h ago
We have not learned anything from the hundreds of open MongoDB databases without passwords floating around the internet waiting to be breached.
We now have the same with MCP servers in the AI era as documented in [0].
Arindam1729•10h ago
dotancohen•7h ago
The S in SSH?
The S in HTTPS?
The S in MCP?
All stand for the same thing!
I remember when this joke was first applied to IoT.
iotku•6h ago
Given how old FTP and HTTP are it's fairly understandable that they weren't initially designed with security in mind, but I think it's valid to question why we're still designing insecure systems in 2025.
amitksingh1490•5h ago
postalrat•3h ago