There is another facet to it as well, if it really makes sense to solve it via code or could it be more effective to handle with a manual process.
The hard part is that its a cyclic problem, you learn the importance of simplicity only by observing how complexity may not always be adding value. As a principal or staff if you suggest the engineers to simplify things, they may even see it as a missed opportunity for promotion.
While I do agree that MCP was probably bit too far from whats required, there is some benefit for sure. Providing information in a consistent format across all the services makes it easier work with. It lowers the brittleness of figuring out things making the products built using LLMs more stable/predictable. Most importantly it becomes the latest version of the documentation about a service. This can go a long way in M2M communication, pretty much standardization of Application layer.
Oh wait, things like open-api and all already exists and pretty much built to solve the same problem.
Probably everything else is debatable, I do agree with one thing though, the cat is indeed out of the bag. It would have been probably a really good use case if the scope was limited to only hardware based security keys for enterprise users only.
Rolling it out for OS platforms, software based authenticators just muddies the water. You cannot even provide any guarantees around it being phishing resistant anymore.
Most experienced folks would be very careful in predicting or stating something with certainty, they would be cautious about their reputation/credibility and will always add riders on the possibilities.
For good or bad reasons, the mass employment prediction is just marketing which can be called deceitful at the best. When you have so much money riding then you are not an individual anymore, you are just an human face/extension of the money which is working for itself
The data is more or less correct, however the comparison's are flawed. There are tons of US based companies that pay on the similar scale to all their employees regardless of visa status. Instead of tying the visa with the employer, giving it for a certain duration can go as a long term fix to address both abuse and supply shortage. Its takes preparation, skill and the mindset to make it to companies like google and meta.
OAuth says nothing about authentication other than you have to be redirected back to the client once authentication is complete, by unspecified means, before the client can proceed with authorization and get a token proving they are now authorized to do something. There is no slippery slope.
I alluded to the usage of being hijacked for the same reason. From what I have seen, the nuance around oAuth1 vas auth2 vs auth2.1 vs OIDC is just something that most people use without understanding the details just in order to achieve the end goal. On the top you can add PCKE, client credential, password credential and now we are talking about something thats not comprehensible anymore. I am not a purist by any means but it still pains when people do thing whiteout understanding them.
Totally tangential to article, was browsing through the website UI - https://marginlab.ai/explorers/swe-bench-pro/ , the page gives impression that the language, category boxes are selectable. However they are not a dropdown. Not sure if it was intentional design by human or some smart code generation by Claude based on the design sketches.
More than likely its a third party service managing the tracking of the email. Serving content over http just requires them to ask HSBC to add a domain entry for their (cName) server. HTTPS would increase the amount of work required.
Its never about the soft skill experts being able to convince the engineers, the challenge if any, is always about them being able to convince the "leadership"
The hard part is that its a cyclic problem, you learn the importance of simplicity only by observing how complexity may not always be adding value. As a principal or staff if you suggest the engineers to simplify things, they may even see it as a missed opportunity for promotion.