The authorization server and resource server can be separate entities. Meaning that jira instance can validate the token but not be the one issuing it or handling credentials.

And what is the protocol for the interface between the GPU-based LLM and the API? How does the LLM signal to make a tool call? What mechanism does it use?

Because MCP isn’t an API it’s the protocol that defines how the LLM even calls the API in the first place. Without it, all you've got is a chat interface.

A lot of people misunderstand what is the role of MCP. It’s the signaling the LLM uses to reach out of its context window and do things.

The video demos never really showed the auth “story” but I assume that there is some oauth step to connect Claude with your MCP service, right?

How could it? The agent calling into the MCP server is the one exposing an interface to the end user. It’s the agents job to prompt the user (and both Claude desktop and cursor do).

It’s the “system administrator”’s job to make sure the MCP is running at the right privilege level with correct data access levels. The MCP server can’t stop somebody from running it as root the same way any other program can’t.

At the end of the day the MCP should be treated as an extension of the user. Whatever the user can do, so too can the MCP server. (I mean, this isn’t technically true.. you can run the MCP under its own account or inside some sandbox… this will probably start to happen soon enough)

They did. But that was back in the 2000s, when nobody really understood the nuance. Today, calling someone a “hacker” to mean “computer criminal” almost feels like a boomer move. We’ve got way better language now: white hat, black hat, script kiddie, scammer (and all its lovely subgenres—pig butchering, refund scammers), phisher, etc. Not to mention whatever we’re calling the folks running dark net markets these days.

And while the general public might not know the fine distinctions between these, I think society does get that there’s a whole spectrum of actors now. That wasn’t true in 2000—the landscape of online crime (and white hat work) hadn’t evolved yet.

Honestly, I’m just glad the debate’s over. “Cracker” always sounded goofy, and RMS pushing it felt like peak pedantry… par for course.

That said, this whole “vibe coding” thing feels like we’re at the beginning of a similar arc. It’s a broad, fuzzy label right now, and the LLM landscape hasn’t had time to split and specialize yet. Eventually I predict we’ll get more precise terms for all the ways people build software with LLM’s. Not just describing the process but the people behind the scenes too.

I mean, perhaps the term “script kiddie” will get a second life?