I mean no solution is perfect, and some underused things are just only sometimes extremely useful, but data used smartly is not a waste of time.

You have to provide scale and quality that was out of reach before and is now table stakes (whenever now is for a given industry).

I’ve ordered refurbed Paper Pro and Move.

Things that excited me about the device:

- with significant AI use I feel I need this more than ever. Drafting, thinking, note taking, annotating etc. - it looks wonderful for todos, shopping lists etc. - width designed to work with Paper Pro (and the landscape mode experience seems solid from reviews), so I will try the dual device setup - I didn’t always have RM2 with me, and I’m hoping this will now change to genuinely always. - I learned to love the constraints and for example I’ve discovered a love of Brandon Sanderson, Liu Cixin, Cory Doctorow, and countless other authors precisely because I went all in on DRM free ebooks, I want to expand that to graphic novels also hence the paper pro. - I do get random inspiration and obsidian has been my powerhouse for oh the go notes but I’m hoping scrybble.ink will now let me bring remarkable documents into obsidian. - very un-invasive to take notes in conversations etc.

Sure it’s a complete indulgence, but it helps me to enjoy note taking, being my library with me etc. and I find constraints foster my creativity and exploration and I lean into them.

I am personally very happy for our GH MCP Server to be your example. The conversations you are inspiring are extremely important. Given the GH MCP server can trivially be locked down to mitigate the risks of the lethal trifecta I also hope people realise that and don’t think they cannot use it safely.

“Unless you can prove otherwise” is definitely the load bearing phrase above.

I will say The Lethal Trifecta is a very catchy name, but it also directly overlaps with the trifecta of utility and you can’t simply exclude any of the three without negatively impacting utility like all security/privacy trade-offs. Awareness of the risks is incredibly important, but not everyone should/would choose complete caution. An example being working on a private codebase, and wanting GH MCP to search for an issue from a lib you use that has a bug. You risk prompt injection by doing so, but your agent cannot easily complete your tasks otherwise (without manual intervention). It’s not clear to me that all users should choose to make the manual step to avoid the potential risk. I expect the specific user context matters a lot here.

User comfort level must depend on the level of autonomy/oversight of the agentic tool in question as well as personal risk profile etc.

Here are two contrasting uses of GH MCP with wildly different risk profiles:

- GitHub Coding Agent has high autonomy (although good oversight) and it natively uses the GH MCP in read only mode, with an individual repo scoped token and additional mitigations. The risks are too high otherwise, and finding out after the fact is too risky, so it is extremely locked down by default.

In contrast, by if you install the GH MCP into copilot agent mode in VS Code with default settings, you are technically vulnerable to lethal trifecta as you mention but the user can scrutinise effectively in real time, with user in the loop on every write action by default etc.

I know I personally feel comfortable using a less restrictive token in the VS Code context and simply inspecting tool call payloads etc. and maintaining the human in the loop setting.

Users running full yolo mode/fully autonomous contexts should definitely heed your words and lock it down.

As it happens I am also working (at a variety of levels in the agent/MCP stack) on some mitigations for data privacy, token scanning etc. because we clearly all need to do better while at the same time trying to preserve more utility than complete avoidance of the lethal trifecta can achieve.

Anyway, as I said above I found your talks super interesting and insightful and I am still reflecting on what this means for MCP.

Thank you!

As a student I had none of those things.

In the end I concocted a successful scheme where I would buy a series of phone extension cables, convince my university bar to allow me use their landline for a while, book a drum practice room and wire the cables in a long chain carefully to it, using duct tape to keep the cables safe and above door frames etc.

Then I had to join the call, and when it was sight reading time run to the library to print out the sheet music, run back down and play it down the phone.

It was intense, but I got the gig and flew off and sailed around the Baltic gigging for a few months in the orchestra/show band which was awesome.

I really wish that a mobile phone would have worked, it would have saved me a huge amount of stress.

Naomi Klein went into this in No Logo with shopping malls replacing public spaces where you also don’t have a right to free speech and can be evicted arbitrarily at the owners discretion.

You’ll find virtually all of social media platforms have moderation, usage policies and user banning practices that go well beyond allowing the fully legally protected free speech you are afforded in a public space (in many countries).

The blog post was most likely this one: https://github.blog/2022-09-13-scaling-gits-garbage-collecti...

And I think it answers the product vision for it well (why it’s automatic):

> We have used this idea at GitHub with great success, and now treat garbage collection as a hands-off process from start to finish.

GitHub also provides these docs for what to do if there is sensitive data in your repo, which is quite involved and (given the huge amount of knowledge internally of both GitHub internals and git internals), I would trust their advice:

https://docs.github.com/en/authentication/keeping-your-accou...

You can also contact support or create/join a community discussion: https://github.com/orgs/community/discussions

If you feel strongly that a feature you need is missing, by adding your voice, you increase visibility of the request. I think GitHub does offer solutions to this problem though, including eventual GC automatically.

I know it’s silly but it helped me with imposter syndrome to see such a major OS that prides itself on seamless “it just works” experiences tolerate bugs like this.

That and the fact if you airplay a movie to Apple TV it thinks you want it to cast over the top of it with random advert videos in your web browser, so you can’t watch and browse.

We’re all human I guess ;)

I had to upgrade my electricity meter and switch box (even though as mentioned three-phase to the house is already standard) recently in order to accommodate planned environmental upgrades.

Recognising you don’t have much leverage and have no option but to be exploited is a sad reality to have to accept, but of course if your job prospects are not great then that can be the case, and then maybe at least you can wait until the last day before you accept an exploding offer, where you have more knowledge of how the rest of your interview pipeline is progressing.

It’s not that companies don’t want to hire fast (or don’t need to), I’ve worked at startups (in UK too), big tech and worked on hiring.

But if the rush is in their side and they want you, that’s different to an exploding offer in many ways, in that they aren’t trying to pressure you to move fast to improve their negotiating position and worsen yours, they’re the ones on the weaker position, and to get you to move fast for them, that gives you leverage.

You decide if you care about the offer and the company/role etc. and then ask them for a deal that’ll make you cancel your other interviews now in that case.

I wanted to print one such score a few weeks back and was very frustrated to discover I couldn’t.

- download regular scores - access PRO scores but only download ones that are not “official HQ” with copyright restrictions.

> The new category of scores called official HQ scores is not allowed to be downloaded or printed according to the copyright owners' requirements. However, these scores can be viewed, played, and used in Practise mode.

https://help.musescore.com/hc/en-us/articles/209542669-Downl...

This bit me recently as I was confounded trying to download a PRO score myself.

Very cool project, could do with screenshots and things, and the rename made it more cryptic but it is genuinely excellent and earlier in the project it was a clear lifeline for abandoned (by valve not releasing new versions) SteamOS devices.

https://www.adobe.com/creativecloud/3d-ar.html