HackerTrans
TopNewTrendsCommentsPastAskShowJobs

sammorrowdrums

no profile record

Submissions

Leaving MySQL

blog.sesse.net
626 points·by sammorrowdrums·قبل 5 سنوات·341 comments

comments

sammorrowdrums
·قبل 3 أشهر·discuss
I think the seeing the underutilized commands and flags (with real data not just a hunch) would have helped identify where users were not understanding why they should use it, and could have helped refine the interface and docs to make it gradually more usable.

I mean no solution is perfect, and some underused things are just only sometimes extremely useful, but data used smartly is not a waste of time.
sammorrowdrums
·قبل 9 أشهر·discuss
Relatedly, I think that success in post-AI business will be about doing more with the same or more people, not the same with less. Like you say, the AI part reduces the value and increases the availability of anything automated, so competing by trying to fire the most people to do keep doing the same job is simply not the game of anyone wanting their business to survive.

You have to provide scale and quality that was out of reach before and is now table stakes (whenever now is for a given industry).
sammorrowdrums
·قبل 10 أشهر·discuss
Our clandestine services will spend years getting people into the right places. I mean at at certain point the difference between the two blurs, and the social engineering entirely overlaps.
sammorrowdrums
·قبل 10 أشهر·discuss
I took the plunge, I loved my RM2 but about a year ago I fell down stairs and landed on it.

I’ve ordered refurbed Paper Pro and Move.

Things that excited me about the device:

- with significant AI use I feel I need this more than ever. Drafting, thinking, note taking, annotating etc. - it looks wonderful for todos, shopping lists etc. - width designed to work with Paper Pro (and the landscape mode experience seems solid from reviews), so I will try the dual device setup - I didn’t always have RM2 with me, and I’m hoping this will now change to genuinely always. - I learned to love the constraints and for example I’ve discovered a love of Brandon Sanderson, Liu Cixin, Cory Doctorow, and countless other authors precisely because I went all in on DRM free ebooks, I want to expand that to graphic novels also hence the paper pro. - I do get random inspiration and obsidian has been my powerhouse for oh the go notes but I’m hoping scrybble.ink will now let me bring remarkable documents into obsidian. - very un-invasive to take notes in conversations etc.

Sure it’s a complete indulgence, but it helps me to enjoy note taking, being my library with me etc. and I find constraints foster my creativity and exploration and I lean into them.
sammorrowdrums
·قبل 11 شهرًا·discuss
I’m one of main devs of GitHub MCP (opinions my own) and I’ve really enjoyed your talks on the subject. I hope we can chat in-person some time.

I am personally very happy for our GH MCP Server to be your example. The conversations you are inspiring are extremely important. Given the GH MCP server can trivially be locked down to mitigate the risks of the lethal trifecta I also hope people realise that and don’t think they cannot use it safely.

“Unless you can prove otherwise” is definitely the load bearing phrase above.

I will say The Lethal Trifecta is a very catchy name, but it also directly overlaps with the trifecta of utility and you can’t simply exclude any of the three without negatively impacting utility like all security/privacy trade-offs. Awareness of the risks is incredibly important, but not everyone should/would choose complete caution. An example being working on a private codebase, and wanting GH MCP to search for an issue from a lib you use that has a bug. You risk prompt injection by doing so, but your agent cannot easily complete your tasks otherwise (without manual intervention). It’s not clear to me that all users should choose to make the manual step to avoid the potential risk. I expect the specific user context matters a lot here.

User comfort level must depend on the level of autonomy/oversight of the agentic tool in question as well as personal risk profile etc.

Here are two contrasting uses of GH MCP with wildly different risk profiles:

- GitHub Coding Agent has high autonomy (although good oversight) and it natively uses the GH MCP in read only mode, with an individual repo scoped token and additional mitigations. The risks are too high otherwise, and finding out after the fact is too risky, so it is extremely locked down by default.

In contrast, by if you install the GH MCP into copilot agent mode in VS Code with default settings, you are technically vulnerable to lethal trifecta as you mention but the user can scrutinise effectively in real time, with user in the loop on every write action by default etc.

I know I personally feel comfortable using a less restrictive token in the VS Code context and simply inspecting tool call payloads etc. and maintaining the human in the loop setting.

Users running full yolo mode/fully autonomous contexts should definitely heed your words and lock it down.

As it happens I am also working (at a variety of levels in the agent/MCP stack) on some mitigations for data privacy, token scanning etc. because we clearly all need to do better while at the same time trying to preserve more utility than complete avoidance of the lethal trifecta can achieve.

Anyway, as I said above I found your talks super interesting and insightful and I am still reflecting on what this means for MCP.

Thank you!
sammorrowdrums
·قبل 5 سنوات·discuss
I’m getting a smartwatch with watch only runs, it has tracking, Bluetooth for headphones and can preload Spotify playlists.

It has WiFi but no cell phone. Really looking forward to just being out for runs, with no possibility of contact or checking notifications etc.
sammorrowdrums
·قبل 5 سنوات·discuss
I was doing a Hacker Rank puzzle yesterday in Python and after I optimised it, it still timed out on one input. Looked at the chat, and saw a comment "just run it with PyPy" and naturally it then passed all parts.

It's easy to forget that CPython is not that optimised generally, but as soon as you need to deal with algorithms it is lacking often.

I think even that the fact there are so many C implementations in libraries shows that the lack of optimisation for the sake of clean compiler code manifests as a readability / complexity issues elsewhere.