Running on Linux Firefox.

I guess it could work better if it was enabled for only actual attack vectors projects.

I suspect there's always a human checking these results. If NPM straight out rejects an update due to suspected malware, they might end up rejecting correct updates as well. If they grant some "safe" patterns a special pass, they might get exploited.

So I think this only works if you have security scanners that are well-maintained and kept in secret. NPM folks could of course co-operate with some security companies to have a first stab with the releases before they are put to public access. At some point some parties might start want to have monetary compensation for such an arragnement, though.

    echo 2 | sudo tee /proc/sys/vm/drop_caches
    time cp -rl foo bar

This should actually be a feature for git itself, if it's not already.

I'm not saying MCP or the ways we use it cannot be extended to cover this use case, but my understanding is that nobody does it. But shell/code does, and more.

That's really my only issue with MCPs.

With shell you can pass data from one component to another directly, not only being cheaper, faster, but also preserving complete integrity. While models nowadays seem to do data echoing well, there's always the chance they might not do it exactly.

There's no reason why a shell would not be able to limit abilities of a party using it as well, by virtue of just implementing only the desired functionality. What makes it more advanced in this context is the (standard) ability to express how to connect multiple components to each other, or to/from local storage. MCP does not have this.

Providing that does not have any inherent danger any more than jq's functions have an inherent danger. Actual execution of processes or real files does not need to be involved.

I think the basic solution to this is to have a "static shell" but with modern tools for the agents, not actually executing other binaries. It could have things like jq, curl, piping and redirection to/from session files. Maybe even Python if it can be made safe. If not, then there are a lot of languages can be.

It seems like there's little point in MCP in that case. Maybe more point if it was a standard mechanism for MCP to provide additional data, in a completely compatible fashion with all other tools? You could perhaps even pass such URLs to other MCPs. You could have an MCP for jq for doing stream processing. Starts to look a lot like a shell, though.

Seems like MCPs could also be extended to store auxiliary data to your memory (or filesystem..), and then an additional extension to provide that kind of data as auxiliary data in the calls to MCP.

Well, even as is, MCP still provides a standard method of using OAuth for accessing such services. And you must use MCP if you wish to add something to the ChatGPT.com web service, so it's easy to see why OpenAI folks are seeing companies going that way.

Sounds a lot like a shell to me.

MCPs are impossible to combine this way: everything you feed or get from them goes though the model and consumes tokens.

Even X had a separate application called xterm 42 years ago: the complete X system was not to my knowledge called a terminal system, except perhaps when discussing the dedicated client devices, such as VT1300. Also the term "virtual terminal" as far as I know has always referred to a the kind of interface this application is making use of.

So I think we can just accept that the term is overloaded such that "terminal" refers to both of these situations, as there is no historical precedent to have it exclude the other situation, and the term "terminal-based application" is completely clear to a rational listener.

Maybe the GC would be less of a problem if we didn't want to have the best possible performance as well.

In addition, this protocol could make it more transparent to say "oh we cannot proceed as we dropped the this cache, are you sure you want to proceed and consume a whole lot of expensive uncached tokens?". Oh, maybe that's a reason not to do it..

While hacking is used to to refer to illicit activities, I do actually believe that the same activities can also be performed e.g. on your own devices, or with permission, and still be called hacking. So in my view, I do not believe legality is the defining term, but the actual things you do; oftentimes useful for illegal activities.

But I must assume there is a group of people who consider the term to be loaded with that exclusion, so I should take this into account.

However, to me "hacking your own devices" as a concept seems crystal clear, and is not a contradictory term.

I also expect purely gyroscopic approach to be much lighter compute-wise.