Apparently I missed the introduction of the 4.4mm TRRRS audio jack 10 years ago and just now discovered it. What a cool idea.

"I'll just check my critical thinking and nuke it in the microwave" has to be my favorite quote from this Business Insider video on Trader Joe's white-labeled food

Me looking at my todo list on a Sunday night after having done at least a couple things today, yet somehow it looks more like a list of what I did *not* do today.

oh no, due to a series of misclicks, I just accidentally archived the most recent 100 emails in my inbox.

if nothing else, reviewing my "all mail" folder is doing a good job of making me question how important emails in my inbox actually are.

The new MCP spec just dropped! 🎉

There's too many new things to get into everything, but there are two big changes I am most excited about 👀

📝 Client ID Metadata Documents (CIMD) - a simpler way to manage client registrations, clients describe themselves with a URL they control
🔐 Enterprise-Managed Authorization extension (aka Cross App Access) - eliminate the OAuth redirect and get tokens for an MCP server by requesting them from the enterprise IdP

It's been great working on this with folks like Den Delimarsky, Paul Carleton, David Soria Parra, Nick Cooper, Tyler Leonhardt, and more!

Read more about what these mean for you in my full post
👉 https://aaronparecki.com/2025/11/25/1/mcp-authorization-spec-update

Inspired by a question from @thisismissem.social, I wrote up a document describing how to apply DPoP (RFC9449) to the OAuth Device Flow (RFC8628).

https://datatracker.ietf.org/doc/draft-parecki-oauth-dpop-device-flow/

The IETF OAuth Working Group has adopted the Identity Assertion Authorization Grant specification!

This specification provides a mechanism for an application to use an identity assertion to obtain an access token for a third-party API by coordinating through a common enterprise identity provider

This is the basis of Cross App Access (XAA), providing IT admins better visibility and control of app-to-app connections by configuring the connections in their enterprise IdP.

While it will still be a while before it is an RFC, this is an important step in the standards process, as this is the first time the document is "official"! This signifies that the working group agrees that the problem is worth solving, and agrees on the general direction of the spec.

Thanks to everyone for your contributions and feedback so far!

And thanks to my co-authors Karl McGuinness and Brian Campbell!

Well that's the last time I take my ID out of my wallet to go through airport security. I made the mistake of putting it into my pocket instead of back in my wallet and it seems to have fallen out somewhere between PDX and SFO 🫠

So many neighbor dogs like to do their business in our unfinished driveway. Thankfully the neighbors do clean up after their dogs. But if this happens after 8pm, they have been tripping the alarm that keeps out the creepers from the yard.

So earlier this week I set up a new automation. If the cameras spot an animal in the driveway, it disarms the alarm for 5 minutes. This gives their humans enough time to clean up without tripping the alarm. Then it re-arms the alarm after.

This has significantly reduced the number of false positive alarms!

Tonight I had *three* false alarms where dog walkers picking up their dog poop from the driveway set off the siren. I feel bad when people who pick up after their dog set off the alarm because I'm glad they are being responsible! But also tonight I had two people wander in, one smoking something and the other stealing some trash.

Five alarms in one night was enough for me to attempt to fix this.

So now, if everything goes according to plan, if an animal is spotted in the driveway it will disarm the alarm for 5 minutes. That should give the nice people who pick up after their dogs enough time to do so without triggering the siren.

I don't know why I'm so excited to have a fully functional landline phone system in the house, complete with wired and wireless phones, local extensions for each room, voicemail boxes, bidirectional connection with the intercom system, and inbound and outbound dialing. Complete phone nerdery over here, someone should probably stop me.

The latest version of the MCP spec is now officially 2025-06-18! Congrats to everyone in the MCP community involved in making this happen!

Key updates to the authorization section:

⚙️ MCP Servers are no longer responsible for issuing access tokens or handling user authentication
🛡️ A dedicated Authorization Server separate from the MCP Server handles user authentication and issuing access tokens
🔍 RFC9728 Protected Resource Metadata enables the MCP client to dynamically discover the MCP Server's authorization server
👉 RFC8707 Resource Indicators are required as a security measure

Thanks to everyone who contributed to the many discussions to update the authorization part of the spec to be more compatible with existing OAuth systems!

David Soria Parra, Paul Carleton, Den Delimarsky, Nate Barbettini, William Dawson, Jared Hanson, Karl McGuinness, Darin McAdams, Jean-François LOMBARDO and apologies if I forgot to mention you, those threads were extremely long!

#modelcontextprotocol #mcp #oauth #ai

TIL the point up emoji ☝️ doesn't work as a reaction on iMessage because Apple displays the emoji above the message it's a reaction to 😂

I’m just gonna say, I feel like a laptop with its lid closed should not take priority over the bluetooth connection to the headphones I just turned on.

In two weeks I'll be speaking at the MCP Dev Summit in San Francisco! It's going to be a great day packed with back to back sessions.

In less than a year, the MCP project has quickly reshaped how developers are building AI agents. My talk, "Intro to OAuth for MCP Servers", will cover the basics of the new MCP authorization protocol and set the stage for building secure MCP servers.

https://mcpdevsummit.ai/#agenda

This is so silly, I just need to vent. I have this Krups waffle iron, and part of the locking handle has been broken since I got it. I took it apart (really just removed like 6 screws) and there's clearly a plastic part that broke off inside.

So I go to the Krups website and find the replacement part which is available for $3.90, except that shipping is $15.

I emailed their customer support and said I need this replacement part. They wrote back that parts are available on the website for out-of-warranty repairs. I wrote back that it's still under warranty. Their reply:

"Disassembling the unit will void the warranty."

So I called up support to see if they would say anything different on the phone. They asked for my name and then pulled up my ticket, and the guy confirmed that because I opened it up I voided the warranty, and that they don't do warranty repairs by sending out parts anyway.

So apparently I was not supposed to diagnose the problem myself, instead I was supposed to ship it to the appliance repair store in Seattle for them to replace the part and ship it back. It just seems so wasteful and expensive to mail it back and forth when all I need is this $3.90 part.

I absolutely do not understand the math on this, but it does make sense intuitively.

https://docs.vention.io/docs/designing-with-t-slot-aluminum-extrusions

oh no I just realized tomorrow is Monday

This is the second time this month that my boarding gate and seat number are palindromes of each other

Is it just me or does this current Model Context Protocol wave remind anyone of the early Web 2.0 days of everyone launching open APIs?