Search
1000 results for “tobie”
-
Hakerzy mogą przejąć Twoje życie przez kalendarz. Nowy atak „promptware” wykorzystuje AI przeciwko Tobie
Eksperci z firmy SafeBreach odkryli nową klasę ataku, nazwaną „promptware”, która wykorzystuje logikę sztucznej inteligencji przeciwko użytkownikowi.
W przeprowadzonym badaniu pokazali, jak za pomocą specjalnie spreparowanego zaproszenia w Kalendarzu Google, można zmusić AI Gemini do przejęcia kontroli nad inteligentnym domem ofiary, a nawet do kradzieży jej prywatnych maili.
Google Gemini z nowymi funkcjami prywatności. Na personalizację w Polsce jeszcze poczekamy
Czym jest „promptware” i jak działa?
„Promptware” to, według definicji badaczy z SafeBreach, specjalnie zaprojektowany prompt (czyli polecenie tekstowe, graficzne lub dźwiękowe), którego celem jest wykorzystanie interfejsu modelu językowego (LLM) do wywołania złośliwej aktywności. W przeciwieństwie do tradycyjnych wirusów, nie atakuje on systemu operacyjnego, ale samego asystenta AI.
W scenariuszu ataku na Google Gemini, badacze wykorzystali jego głęboką integrację z całym ekosystemem Google. Haker wysyła ofierze spreparowane zaproszenie w Kalendarzu Google, w którego opisie ukryty jest złośliwy prompt. Następnie, gdy użytkownik prowadzi normalną rozmowę z Gemini, jego proste, niewinne polecenie (np. podziękowanie) może pośrednio aktywować ukrytą w historii czatu złośliwą instrukcję.
Scenariusz jak z „Black Mirror”
Skutki takiego ataku są alarmujące. Badaczom z SafeBreach udało się w ten sposób zmusić Gemini do wykonania szeregu niebezpiecznych działań, w tym:
- Wysyłania spamu i wiadomości phishingowych w imieniu ofiary.
- Generowania toksycznych i szkodliwych treści.
- Usuwania wydarzeń z kalendarza ofiary.
- Zdalnego sterowania urządzeniami w inteligentnym domu (np. oświetleniem, ogrzewaniem, oknami).
- Geolokalizacji ofiary.
- Kradzieży i przeszukiwania prywatnych maili.
Nowe zagrożenie w erze AI
Firma SafeBreach ostrzega, że społeczność zajmująca się cyberbezpieczeństwem do tej pory nie doceniała ryzyka związanego z atakami typu „promptware”. Według ich analizy, aż 73% zagrożeń, jakie stwarzają asystenci AI, ma charakter wysokiego lub krytycznego ryzyka.
Pęd gigantów technologicznych do jak najszybszego wdrażania i integrowania AI we wszystkich swoich produktach tworzy zupełnie nowe, nieprzewidziane wcześniej wektory ataków.
Badacze poinformowali Google o odkrytej luce w lutym. W czerwcu firma opublikowała wpis na blogu, w którym opisała swoje wielowarstwowe podejście do zabezpieczania Gemini przed technikami „wstrzykiwania promptów”. Incydent ten jest jednak ważnym ostrzeżeniem, że wkraczamy w nową erę cyberzagrożeń, w której hakerzy będą atakować nie tylko nasze komputery, ale także logikę naszych cyfrowych asystentów.
Haker mógł zdalnie otworzyć każdy samochód znanej marki. Krytyczna luka w portalu dla dealerów
#AI #cyberbezpieczeństwo #GoogleGemini #hakerzy #KalendarzGoogle #news #Promptware #SafeBreach #sztucznaInteligencja #zagrożenie
-
Hakerzy mogą przejąć Twoje życie przez kalendarz. Nowy atak „promptware” wykorzystuje AI przeciwko Tobie
Eksperci z firmy SafeBreach odkryli nową klasę ataku, nazwaną „promptware”, która wykorzystuje logikę sztucznej inteligencji przeciwko użytkownikowi.
W przeprowadzonym badaniu pokazali, jak za pomocą specjalnie spreparowanego zaproszenia w Kalendarzu Google, można zmusić AI Gemini do przejęcia kontroli nad inteligentnym domem ofiary, a nawet do kradzieży jej prywatnych maili.
Google Gemini z nowymi funkcjami prywatności. Na personalizację w Polsce jeszcze poczekamy
Czym jest „promptware” i jak działa?
„Promptware” to, według definicji badaczy z SafeBreach, specjalnie zaprojektowany prompt (czyli polecenie tekstowe, graficzne lub dźwiękowe), którego celem jest wykorzystanie interfejsu modelu językowego (LLM) do wywołania złośliwej aktywności. W przeciwieństwie do tradycyjnych wirusów, nie atakuje on systemu operacyjnego, ale samego asystenta AI.
W scenariuszu ataku na Google Gemini, badacze wykorzystali jego głęboką integrację z całym ekosystemem Google. Haker wysyła ofierze spreparowane zaproszenie w Kalendarzu Google, w którego opisie ukryty jest złośliwy prompt. Następnie, gdy użytkownik prowadzi normalną rozmowę z Gemini, jego proste, niewinne polecenie (np. podziękowanie) może pośrednio aktywować ukrytą w historii czatu złośliwą instrukcję.
Scenariusz jak z „Black Mirror”
Skutki takiego ataku są alarmujące. Badaczom z SafeBreach udało się w ten sposób zmusić Gemini do wykonania szeregu niebezpiecznych działań, w tym:
- Wysyłania spamu i wiadomości phishingowych w imieniu ofiary.
- Generowania toksycznych i szkodliwych treści.
- Usuwania wydarzeń z kalendarza ofiary.
- Zdalnego sterowania urządzeniami w inteligentnym domu (np. oświetleniem, ogrzewaniem, oknami).
- Geolokalizacji ofiary.
- Kradzieży i przeszukiwania prywatnych maili.
Nowe zagrożenie w erze AI
Firma SafeBreach ostrzega, że społeczność zajmująca się cyberbezpieczeństwem do tej pory nie doceniała ryzyka związanego z atakami typu „promptware”. Według ich analizy, aż 73% zagrożeń, jakie stwarzają asystenci AI, ma charakter wysokiego lub krytycznego ryzyka.
Pęd gigantów technologicznych do jak najszybszego wdrażania i integrowania AI we wszystkich swoich produktach tworzy zupełnie nowe, nieprzewidziane wcześniej wektory ataków.
Badacze poinformowali Google o odkrytej luce w lutym. W czerwcu firma opublikowała wpis na blogu, w którym opisała swoje wielowarstwowe podejście do zabezpieczania Gemini przed technikami „wstrzykiwania promptów”. Incydent ten jest jednak ważnym ostrzeżeniem, że wkraczamy w nową erę cyberzagrożeń, w której hakerzy będą atakować nie tylko nasze komputery, ale także logikę naszych cyfrowych asystentów.
Haker mógł zdalnie otworzyć każdy samochód znanej marki. Krytyczna luka w portalu dla dealerów
#AI #cyberbezpieczeństwo #GoogleGemini #hakerzy #KalendarzGoogle #news #Promptware #SafeBreach #sztucznaInteligencja #zagrożenie
-
Kilka podpowiedzi jak sobie radzić z bólem w czasie aborcji. Czy Tobie pomogło coś innego? Daj znać w komentarzu, może inne osoby skorzystają 💕
#aborcjabezgranic #polska #legalnaaborcja #ciąża #maszwybór #leki #ból #aborcjatabletkami #aborcjafarmakologiczna @aborcja
-
Kilka podpowiedzi jak sobie radzić z bólem w czasie aborcji. Czy Tobie pomogło coś innego? Daj znać w komentarzu, może inne osoby skorzystają 💕
#aborcjabezgranic #polska #legalnaaborcja #ciąża #maszwybór #leki #ból #aborcjatabletkami #aborcjafarmakologiczna @aborcja
-
Kilka podpowiedzi jak sobie radzić z bólem w czasie aborcji. Czy Tobie pomogło coś innego? Daj znać w komentarzu, może inne osoby skorzystają 💕
#aborcjabezgranic #polska #legalnaaborcja #ciąża #maszwybór #leki #ból #aborcjatabletkami #aborcjafarmakologiczna @aborcja
-
Kilka podpowiedzi jak sobie radzić z bólem w czasie aborcji. Czy Tobie pomogło coś innego? Daj znać w komentarzu, może inne osoby skorzystają 💕
#aborcjabezgranic #polska #legalnaaborcja #ciąża #maszwybór #leki #ból #aborcjatabletkami #aborcjafarmakologiczna @aborcja
-
Kilka podpowiedzi jak sobie radzić z bólem w czasie aborcji. Czy Tobie pomogło coś innego? Daj znać w komentarzu, może inne osoby skorzystają 💕
#aborcjabezgranic #polska #legalnaaborcja #ciąża #maszwybór #leki #ból #aborcjatabletkami #aborcjafarmakologiczna @aborcja
-
Heartstopper season 3 review: things get serious https://oldaintdead.com/heartstopper-season-3-review-things-get-serious/ #AliceOseman, #CorinnaBrown, #EddieMarsan, #HayleyAtwell, #Heartstopper, #JennyWalker, #JoeLocke, #KitConnor, #KizzyEdgell, #RheaNorwood, #TobieDonovan, #WilliamGao, #YasminFinney
-
This Friday is #OnRamp Day! Don't miss the first one of the year with @tobie as he will challenge your assumptions
More details on our previous post:
https://mastodon.opencloud.lu/@OSPOAlliance/111727303095713905
-
This Friday is #OnRamp Day! Don't miss the first one of the year with @tobie as he will challenge your assumptions
More details on our previous post:
https://mastodon.opencloud.lu/@OSPOAlliance/111727303095713905
-
This Friday is #OnRamp Day! Don't miss the first one of the year with @tobie as he will challenge your assumptions
More details on our previous post:
https://mastodon.opencloud.lu/@OSPOAlliance/111727303095713905
-
This Friday is #OnRamp Day! Don't miss the first one of the year with @tobie as he will challenge your assumptions
More details on our previous post:
https://mastodon.opencloud.lu/@OSPOAlliance/111727303095713905
-
#Heartstopper, season 2: still wonderful https://oldaintdead.com/heartstopper-season-2-still-wonderful/ #CorinnaBrown, #Heartstopper, #JoeLocke, #KitConnor, #KizzyEdgell, #LGBTQIA, #TobieDonovan, #WilliamGao, #YasminFinney
-
Move Fast and Don’t Break Things: Shipping the Simplenote MCP
When Automattic recently launched a month‑long hackathon, engineers Mark Biek and Evan Tobiesen knew exactly what they wanted to work on: the Simplenote Model Context Protocol (MCP) server.
Neither Mark nor Evan works in data science, so measurement might have been the easy thing to skip. Instead, they shipped a product with built‑in measurement from day one.
The team faced two difficult design questions. First, how do you give a large language model (LLM) permission to write to a user’s notes without a disaster? Second, how do you know if anyone is using the tool, without ever seeing the contents of their notes?
Simplenote is a lightweight note‑taking app for iOS, Android, Mac, Windows, Linux, and your browser. It’s been around since 2008, and like many of Automattic’s products, Simplenote is open source and free. Mark launched a read‑only version on April 15. The hackathon was a chance to go further.Radical Speed Month (RSM) was a single month where Automattic employees stepped away from their regular work to pair up, build, and ship a passion project. The hackathon started on April 22, and by May 8, Mark and Evan had already shipped a new version of the MCP. Neither Mark nor Evan works on Simplenote day-to-day. Mark is on domains, Evan on marketing technology.
“I have been a Simplenote user for 10 years. I’ve always really loved it, and I have a gazillion notes,” explained Mark. “And back in February, I wanted an excuse to write an MCP server because I had never written one before.”Designing for Data Safety
As Mark put it, “The last thing we want is to put a tool out and have an LLM run wild and delete somebody’s notes.”
At first, the MCP tool was Mac-only and read-only (list, search, get). Opt-in write tools (create, update, trash, restore, revert) were the obvious next step. The MCP spec lets a server tag each tool as either read-only or destructive.
Part of the work involved quantifying LLM guardrails, turning vague safety concerns into concrete numeric thresholds.
Before enabling writes, Mark and Evan added several data safeguards:
- Discoverability: The MCP write tools are not exposed when the MCP is in read‑only mode, so LLMs can’t discover them by accident.
- Content protection: There are also limits to how notes can be updated—text can’t be replaced by large amounts of white space, and updates can’t drastically shrink or blank out a note.
- Recoverability: Notes may be added to the trash but not deleted, so they can always be restored.
- Rate limiting: Bulk operations are blocked, too. If the MCP detects more than five write operations within 30 seconds, it stops.
“If you have a note that is above a certain length, and that length changes by more than 50%, we block it,” Mark explained. “Let’s say you have a note that’s a dozen paragraphs long, and the LLM does something wacky and tries to wipe it out with just a single sentence… the rate limiting will prevent that.”
A shopping list for a traditional Italian risotto, built in Simplenote through the MCP.Designing for Telemetry
The MCP only records two data event types: setup run and tool call. That may look like it wouldn’t be enough. But those two event types answer more questions than you’d expect. The telemetry records data on adoption, stickiness, tool popularity, and connector preference.
Instrumenting an MCP server without leaking user data was part of the project.
“On a technical level, we generate a random or a unique ID,” explained Evan. “It’s just an ID for the install. And then we track very minimal data…. So we can see that this random user ID ran the tool ‘get note.’ While we don’t see which note or anything like that, we still get worthwhile usage stats.”
One way to use Simplenote is on a Mac with a local install rather than in the browser. This way of using Simplenote can be fully offline, so notes never get to the web. The MCP also works with this setup.
Test data from the Simplenote MCP, gathered before public release. Left: setup runs by platform and connector. Center: tool calls by provider over the last month. Right: how many installs opted into write mode.
Users can also opt out of tracking completely with a single command.We both spent a lot of time making sure we understood what the AI was doing and whether it was the right way to do it.
Mark BiekHow they built it
Connecting AI to Simplenote was only half the story. AI also helped build it.
“We worked really hard at not just vibe coding this, letting the AI crank out whatever and not knowing what it was doing,“ Mark explained. “We both spent a lot of time making sure we understood what the AI was doing and whether it was the right way to do it.”
The team applied guardrails to their own process, not just to the LLM’s behavior at runtime.
“We didn’t just say, ‘hey, build me an MCP server,’” added Evan. “We had the documentation and the scope of the project lined up. We used issues in Linear, pull requests, and automated tests, kind of like guardrails around the AI.”
Working with multiple AI tools created a separate problem: keeping the codebase consistent.
“The agents’ markdown files, which definitely helped to keep [the project] on track, made it easy to review, and ensured that, in the end, it looks like a uniform code base,” Evan said. “It’s not like parts of it look different depending on which AI agent or which prompts we used.”
This is especially important because Simplenote MCP and Simperium, the open source sync backend that powers Simplenote, are both publicly available on GitHub.
“This is available as an open source project,” said Mark. “People could fork it, people could submit their own enhancements or bug fixes to it. And so we wanted to make sure that the project was organized from that perspective as well, in case there are outside contributors who want to add anything.”
The number of open source contributions the project receives is just one of the metrics the team will watch.“I think it’s just going to be: are people using it?” said Mark. “That’s the first level of success. We don’t have a number in mind. But if anybody’s using it at all, I’m going to be excited.”
He added: “A second layer of success would be if we actually started getting some outside contributions.”The Simplenote MCP shows a pattern other teams can copy: Set numeric limits on writes, so an LLM can’t run wild. Record which tools ran on which platform, but never what the user wrote. Let users turn telemetry off with a single command. Apply the same discipline to how the AI writes the code as you do to how it runs at runtime. None of this is technically difficult. It just has to be decided early.
The new Simplenote MCP currently works with Claude Desktop, Claude Code, Cursor, VS Code (Copilot), Zed, Cline, Windsurf, and anything else that speaks MCP. Give it a try, and, in the comments below, please let us know what you think.
#ai #Automattic #DataAnalytics #technology -
Move Fast and Don’t Break Things: Shipping the Simplenote MCP
When Automattic recently launched a month‑long hackathon, engineers Mark Biek and Evan Tobiesen knew exactly what they wanted to work on: the Simplenote Model Context Protocol (MCP) server.
Neither Mark nor Evan works in data science, so measurement might have been the easy thing to skip. Instead, they shipped a product with built‑in measurement from day one.
The team faced two difficult design questions. First, how do you give a large language model (LLM) permission to write to a user’s notes without a disaster? Second, how do you know if anyone is using the tool, without ever seeing the contents of their notes?
Simplenote is a lightweight note‑taking app for iOS, Android, Mac, Windows, Linux, and your browser. It’s been around since 2008, and like many of Automattic’s products, Simplenote is open source and free. Mark launched a read‑only version on April 15. The hackathon was a chance to go further.Radical Speed Month (RSM) was a single month where Automattic employees stepped away from their regular work to pair up, build, and ship a passion project. The hackathon started on April 22, and by May 8, Mark and Evan had already shipped a new version of the MCP. Neither Mark nor Evan works on Simplenote day-to-day. Mark is on domains, Evan on marketing technology.
“I have been a Simplenote user for 10 years. I’ve always really loved it, and I have a gazillion notes,” explained Mark. “And back in February, I wanted an excuse to write an MCP server because I had never written one before.”Designing for Data Safety
As Mark put it, “The last thing we want is to put a tool out and have an LLM run wild and delete somebody’s notes.”
At first, the MCP tool was Mac-only and read-only (list, search, get). Opt-in write tools (create, update, trash, restore, revert) were the obvious next step. The MCP spec lets a server tag each tool as either read-only or destructive.
Part of the work involved quantifying LLM guardrails, turning vague safety concerns into concrete numeric thresholds.
Before enabling writes, Mark and Evan added several data safeguards:
- Discoverability: The MCP write tools are not exposed when the MCP is in read‑only mode, so LLMs can’t discover them by accident.
- Content protection: There are also limits to how notes can be updated—text can’t be replaced by large amounts of white space, and updates can’t drastically shrink or blank out a note.
- Recoverability: Notes may be added to the trash but not deleted, so they can always be restored.
- Rate limiting: Bulk operations are blocked, too. If the MCP detects more than five write operations within 30 seconds, it stops.
“If you have a note that is above a certain length, and that length changes by more than 50%, we block it,” Mark explained. “Let’s say you have a note that’s a dozen paragraphs long, and the LLM does something wacky and tries to wipe it out with just a single sentence… the rate limiting will prevent that.”
A shopping list for a traditional Italian risotto, built in Simplenote through the MCP.Designing for Telemetry
The MCP only records two data event types: setup run and tool call. That may look like it wouldn’t be enough. But those two event types answer more questions than you’d expect. The telemetry records data on adoption, stickiness, tool popularity, and connector preference.
Instrumenting an MCP server without leaking user data was part of the project.
“On a technical level, we generate a random or a unique ID,” explained Evan. “It’s just an ID for the install. And then we track very minimal data…. So we can see that this random user ID ran the tool ‘get note.’ While we don’t see which note or anything like that, we still get worthwhile usage stats.”
One way to use Simplenote is on a Mac with a local install rather than in the browser. This way of using Simplenote can be fully offline, so notes never get to the web. The MCP also works with this setup.
Test data from the Simplenote MCP, gathered before public release. Left: setup runs by platform and connector. Center: tool calls by provider over the last month. Right: how many installs opted into write mode.
Users can also opt out of tracking completely with a single command.We both spent a lot of time making sure we understood what the AI was doing and whether it was the right way to do it.
Mark BiekHow they built it
Connecting AI to Simplenote was only half the story. AI also helped build it.
“We worked really hard at not just vibe coding this, letting the AI crank out whatever and not knowing what it was doing,“ Mark explained. “We both spent a lot of time making sure we understood what the AI was doing and whether it was the right way to do it.”
The team applied guardrails to their own process, not just to the LLM’s behavior at runtime.
“We didn’t just say, ‘hey, build me an MCP server,’” added Evan. “We had the documentation and the scope of the project lined up. We used issues in Linear, pull requests, and automated tests, kind of like guardrails around the AI.”
Working with multiple AI tools created a separate problem: keeping the codebase consistent.
“The agents’ markdown files, which definitely helped to keep [the project] on track, made it easy to review, and ensured that, in the end, it looks like a uniform code base,” Evan said. “It’s not like parts of it look different depending on which AI agent or which prompts we used.”
This is especially important because Simplenote MCP and Simperium, the open source sync backend that powers Simplenote, are both publicly available on GitHub.
“This is available as an open source project,” said Mark. “People could fork it, people could submit their own enhancements or bug fixes to it. And so we wanted to make sure that the project was organized from that perspective as well, in case there are outside contributors who want to add anything.”
The number of open source contributions the project receives is just one of the metrics the team will watch.“I think it’s just going to be: are people using it?” said Mark. “That’s the first level of success. We don’t have a number in mind. But if anybody’s using it at all, I’m going to be excited.”
He added: “A second layer of success would be if we actually started getting some outside contributions.”The Simplenote MCP shows a pattern other teams can copy: Set numeric limits on writes, so an LLM can’t run wild. Record which tools ran on which platform, but never what the user wrote. Let users turn telemetry off with a single command. Apply the same discipline to how the AI writes the code as you do to how it runs at runtime. None of this is technically difficult. It just has to be decided early.
The new Simplenote MCP currently works with Claude Desktop, Claude Code, Cursor, VS Code (Copilot), Zed, Cline, Windsurf, and anything else that speaks MCP. Give it a try, and, in the comments below, please let us know what you think.
#ai #Automattic #DataAnalytics #technology -
Move Fast and Don’t Break Things: Shipping the Simplenote MCP
When Automattic recently launched a month‑long hackathon, engineers Mark Biek and Evan Tobiesen knew exactly what they wanted to work on: the Simplenote Model Context Protocol (MCP) server.
Neither Mark nor Evan works in data science, so measurement might have been the easy thing to skip. Instead, they shipped a product with built‑in measurement from day one.
The team faced two difficult design questions. First, how do you give a large language model (LLM) permission to write to a user’s notes without a disaster? Second, how do you know if anyone is using the tool, without ever seeing the contents of their notes?
Simplenote is a lightweight note‑taking app for iOS, Android, Mac, Windows, Linux, and your browser. It’s been around since 2008, and like many of Automattic’s products, Simplenote is open source and free. Mark launched a read‑only version on April 15. The hackathon was a chance to go further.Radical Speed Month (RSM) was a single month where Automattic employees stepped away from their regular work to pair up, build, and ship a passion project. The hackathon started on April 22, and by May 8, Mark and Evan had already shipped a new version of the MCP. Neither Mark nor Evan works on Simplenote day-to-day. Mark is on domains, Evan on marketing technology.
“I have been a Simplenote user for 10 years. I’ve always really loved it, and I have a gazillion notes,” explained Mark. “And back in February, I wanted an excuse to write an MCP server because I had never written one before.”Designing for Data Safety
As Mark put it, “The last thing we want is to put a tool out and have an LLM run wild and delete somebody’s notes.”
At first, the MCP tool was Mac-only and read-only (list, search, get). Opt-in write tools (create, update, trash, restore, revert) were the obvious next step. The MCP spec lets a server tag each tool as either read-only or destructive.
Part of the work involved quantifying LLM guardrails, turning vague safety concerns into concrete numeric thresholds.
Before enabling writes, Mark and Evan added several data safeguards:
- Discoverability: The MCP write tools are not exposed when the MCP is in read‑only mode, so LLMs can’t discover them by accident.
- Content protection: There are also limits to how notes can be updated—text can’t be replaced by large amounts of white space, and updates can’t drastically shrink or blank out a note.
- Recoverability: Notes may be added to the trash but not deleted, so they can always be restored.
- Rate limiting: Bulk operations are blocked, too. If the MCP detects more than five write operations within 30 seconds, it stops.
“If you have a note that is above a certain length, and that length changes by more than 50%, we block it,” Mark explained. “Let’s say you have a note that’s a dozen paragraphs long, and the LLM does something wacky and tries to wipe it out with just a single sentence… the rate limiting will prevent that.”
A shopping list for a traditional Italian risotto, built in Simplenote through the MCP.Designing for Telemetry
The MCP only records two data event types: setup run and tool call. That may look like it wouldn’t be enough. But those two event types answer more questions than you’d expect. The telemetry records data on adoption, stickiness, tool popularity, and connector preference.
Instrumenting an MCP server without leaking user data was part of the project.
“On a technical level, we generate a random or a unique ID,” explained Evan. “It’s just an ID for the install. And then we track very minimal data…. So we can see that this random user ID ran the tool ‘get note.’ While we don’t see which note or anything like that, we still get worthwhile usage stats.”
One way to use Simplenote is on a Mac with a local install rather than in the browser. This way of using Simplenote can be fully offline, so notes never get to the web. The MCP also works with this setup.
Test data from the Simplenote MCP, gathered before public release. Left: setup runs by platform and connector. Center: tool calls by provider over the last month. Right: how many installs opted into write mode.
Users can also opt out of tracking completely with a single command.We both spent a lot of time making sure we understood what the AI was doing and whether it was the right way to do it.
Mark BiekHow they built it
Connecting AI to Simplenote was only half the story. AI also helped build it.
“We worked really hard at not just vibe coding this, letting the AI crank out whatever and not knowing what it was doing,“ Mark explained. “We both spent a lot of time making sure we understood what the AI was doing and whether it was the right way to do it.”
The team applied guardrails to their own process, not just to the LLM’s behavior at runtime.
“We didn’t just say, ‘hey, build me an MCP server,’” added Evan. “We had the documentation and the scope of the project lined up. We used issues in Linear, pull requests, and automated tests, kind of like guardrails around the AI.”
Working with multiple AI tools created a separate problem: keeping the codebase consistent.
“The agents’ markdown files, which definitely helped to keep [the project] on track, made it easy to review, and ensured that, in the end, it looks like a uniform code base,” Evan said. “It’s not like parts of it look different depending on which AI agent or which prompts we used.”
This is especially important because Simplenote MCP and Simperium, the open source sync backend that powers Simplenote, are both publicly available on GitHub.
“This is available as an open source project,” said Mark. “People could fork it, people could submit their own enhancements or bug fixes to it. And so we wanted to make sure that the project was organized from that perspective as well, in case there are outside contributors who want to add anything.”
The number of open source contributions the project receives is just one of the metrics the team will watch.“I think it’s just going to be: are people using it?” said Mark. “That’s the first level of success. We don’t have a number in mind. But if anybody’s using it at all, I’m going to be excited.”
He added: “A second layer of success would be if we actually started getting some outside contributions.”The Simplenote MCP shows a pattern other teams can copy: Set numeric limits on writes, so an LLM can’t run wild. Record which tools ran on which platform, but never what the user wrote. Let users turn telemetry off with a single command. Apply the same discipline to how the AI writes the code as you do to how it runs at runtime. None of this is technically difficult. It just has to be decided early.
The new Simplenote MCP currently works with Claude Desktop, Claude Code, Cursor, VS Code (Copilot), Zed, Cline, Windsurf, and anything else that speaks MCP. Give it a try, and, in the comments below, please let us know what you think.
#ai #Automattic #DataAnalytics #technology -
Move Fast and Don’t Break Things: Shipping the Simplenote MCP
When Automattic recently launched a month‑long hackathon, engineers Mark Biek and Evan Tobiesen knew exactly what they wanted to work on: the Simplenote Model Context Protocol (MCP) server.
Neither Mark nor Evan works in data science, so measurement might have been the easy thing to skip. Instead, they shipped a product with built‑in measurement from day one.
The team faced two difficult design questions. First, how do you give a large language model (LLM) permission to write to a user’s notes without a disaster? Second, how do you know if anyone is using the tool, without ever seeing the contents of their notes?
Simplenote is a lightweight note‑taking app for iOS, Android, Mac, Windows, Linux, and your browser. It’s been around since 2008, and like many of Automattic’s products, Simplenote is open source and free. Mark launched a read‑only version on April 15. The hackathon was a chance to go further.Radical Speed Month (RSM) was a single month where Automattic employees stepped away from their regular work to pair up, build, and ship a passion project. The hackathon started on April 22, and by May 8, Mark and Evan had already shipped a new version of the MCP. Neither Mark nor Evan works on Simplenote day-to-day. Mark is on domains, Evan on marketing technology.
“I have been a Simplenote user for 10 years. I’ve always really loved it, and I have a gazillion notes,” explained Mark. “And back in February, I wanted an excuse to write an MCP server because I had never written one before.”Designing for Data Safety
As Mark put it, “The last thing we want is to put a tool out and have an LLM run wild and delete somebody’s notes.”
At first, the MCP tool was Mac-only and read-only (list, search, get). Opt-in write tools (create, update, trash, restore, revert) were the obvious next step. The MCP spec lets a server tag each tool as either read-only or destructive.
Part of the work involved quantifying LLM guardrails, turning vague safety concerns into concrete numeric thresholds.
Before enabling writes, Mark and Evan added several data safeguards:
- Discoverability: The MCP write tools are not exposed when the MCP is in read‑only mode, so LLMs can’t discover them by accident.
- Content protection: There are also limits to how notes can be updated—text can’t be replaced by large amounts of white space, and updates can’t drastically shrink or blank out a note.
- Recoverability: Notes may be added to the trash but not deleted, so they can always be restored.
- Rate limiting: Bulk operations are blocked, too. If the MCP detects more than five write operations within 30 seconds, it stops.
“If you have a note that is above a certain length, and that length changes by more than 50%, we block it,” Mark explained. “Let’s say you have a note that’s a dozen paragraphs long, and the LLM does something wacky and tries to wipe it out with just a single sentence… the rate limiting will prevent that.”
A shopping list for a traditional Italian risotto, built in Simplenote through the MCP.Designing for Telemetry
The MCP only records two data event types: setup run and tool call. That may look like it wouldn’t be enough. But those two event types answer more questions than you’d expect. The telemetry records data on adoption, stickiness, tool popularity, and connector preference.
Instrumenting an MCP server without leaking user data was part of the project.
“On a technical level, we generate a random or a unique ID,” explained Evan. “It’s just an ID for the install. And then we track very minimal data…. So we can see that this random user ID ran the tool ‘get note.’ While we don’t see which note or anything like that, we still get worthwhile usage stats.”
One way to use Simplenote is on a Mac with a local install rather than in the browser. This way of using Simplenote can be fully offline, so notes never get to the web. The MCP also works with this setup.
Test data from the Simplenote MCP, gathered before public release. Left: setup runs by platform and connector. Center: tool calls by provider over the last month. Right: how many installs opted into write mode.
Users can also opt out of tracking completely with a single command.We both spent a lot of time making sure we understood what the AI was doing and whether it was the right way to do it.
Mark BiekHow they built it
Connecting AI to Simplenote was only half the story. AI also helped build it.
“We worked really hard at not just vibe coding this, letting the AI crank out whatever and not knowing what it was doing,“ Mark explained. “We both spent a lot of time making sure we understood what the AI was doing and whether it was the right way to do it.”
The team applied guardrails to their own process, not just to the LLM’s behavior at runtime.
“We didn’t just say, ‘hey, build me an MCP server,’” added Evan. “We had the documentation and the scope of the project lined up. We used issues in Linear, pull requests, and automated tests, kind of like guardrails around the AI.”
Working with multiple AI tools created a separate problem: keeping the codebase consistent.
“The agents’ markdown files, which definitely helped to keep [the project] on track, made it easy to review, and ensured that, in the end, it looks like a uniform code base,” Evan said. “It’s not like parts of it look different depending on which AI agent or which prompts we used.”
This is especially important because Simplenote MCP and Simperium, the open source sync backend that powers Simplenote, are both publicly available on GitHub.
“This is available as an open source project,” said Mark. “People could fork it, people could submit their own enhancements or bug fixes to it. And so we wanted to make sure that the project was organized from that perspective as well, in case there are outside contributors who want to add anything.”
The number of open source contributions the project receives is just one of the metrics the team will watch.“I think it’s just going to be: are people using it?” said Mark. “That’s the first level of success. We don’t have a number in mind. But if anybody’s using it at all, I’m going to be excited.”
He added: “A second layer of success would be if we actually started getting some outside contributions.”The Simplenote MCP shows a pattern other teams can copy: Set numeric limits on writes, so an LLM can’t run wild. Record which tools ran on which platform, but never what the user wrote. Let users turn telemetry off with a single command. Apply the same discipline to how the AI writes the code as you do to how it runs at runtime. None of this is technically difficult. It just has to be decided early.
The new Simplenote MCP currently works with Claude Desktop, Claude Code, Cursor, VS Code (Copilot), Zed, Cline, Windsurf, and anything else that speaks MCP. Give it a try, and, in the comments below, please let us know what you think.
#ai #Automattic #DataAnalytics #technology -
Move Fast and Don’t Break Things: Shipping the Simplenote MCP
When Automattic recently launched a month‑long hackathon, engineers Mark Biek and Evan Tobiesen knew exactly what they wanted to work on: the Simplenote Model Context Protocol (MCP) server.
Neither Mark nor Evan works in data science, so measurement might have been the easy thing to skip. Instead, they shipped a product with built‑in measurement from day one.
The team faced two difficult design questions. First, how do you give a large language model (LLM) permission to write to a user’s notes without a disaster? Second, how do you know if anyone is using the tool, without ever seeing the contents of their notes?
Simplenote is a lightweight note‑taking app for iOS, Android, Mac, Windows, Linux, and your browser. It’s been around since 2008, and like many of Automattic’s products, Simplenote is open source and free. Mark launched a read‑only version on April 15. The hackathon was a chance to go further.Radical Speed Month (RSM) was a single month where Automattic employees stepped away from their regular work to pair up, build, and ship a passion project. The hackathon started on April 22, and by May 8, Mark and Evan had already shipped a new version of the MCP. Neither Mark nor Evan works on Simplenote day-to-day. Mark is on domains, Evan on marketing technology.
“I have been a Simplenote user for 10 years. I’ve always really loved it, and I have a gazillion notes,” explained Mark. “And back in February, I wanted an excuse to write an MCP server because I had never written one before.”Designing for Data Safety
As Mark put it, “The last thing we want is to put a tool out and have an LLM run wild and delete somebody’s notes.”
At first, the MCP tool was Mac-only and read-only (list, search, get). Opt-in write tools (create, update, trash, restore, revert) were the obvious next step. The MCP spec lets a server tag each tool as either read-only or destructive.
Part of the work involved quantifying LLM guardrails, turning vague safety concerns into concrete numeric thresholds.
Before enabling writes, Mark and Evan added several data safeguards:
- Discoverability: The MCP write tools are not exposed when the MCP is in read‑only mode, so LLMs can’t discover them by accident.
- Content protection: There are also limits to how notes can be updated—text can’t be replaced by large amounts of white space, and updates can’t drastically shrink or blank out a note.
- Recoverability: Notes may be added to the trash but not deleted, so they can always be restored.
- Rate limiting: Bulk operations are blocked, too. If the MCP detects more than five write operations within 30 seconds, it stops.
“If you have a note that is above a certain length, and that length changes by more than 50%, we block it,” Mark explained. “Let’s say you have a note that’s a dozen paragraphs long, and the LLM does something wacky and tries to wipe it out with just a single sentence… the rate limiting will prevent that.”
A shopping list for a traditional Italian risotto, built in Simplenote through the MCP.Designing for Telemetry
The MCP only records two data event types: setup run and tool call. That may look like it wouldn’t be enough. But those two event types answer more questions than you’d expect. The telemetry records data on adoption, stickiness, tool popularity, and connector preference.
Instrumenting an MCP server without leaking user data was part of the project.
“On a technical level, we generate a random or a unique ID,” explained Evan. “It’s just an ID for the install. And then we track very minimal data…. So we can see that this random user ID ran the tool ‘get note.’ While we don’t see which note or anything like that, we still get worthwhile usage stats.”
One way to use Simplenote is on a Mac with a local install rather than in the browser. This way of using Simplenote can be fully offline, so notes never get to the web. The MCP also works with this setup.
Test data from the Simplenote MCP, gathered before public release. Left: setup runs by platform and connector. Center: tool calls by provider over the last month. Right: how many installs opted into write mode.
Users can also opt out of tracking completely with a single command.We both spent a lot of time making sure we understood what the AI was doing and whether it was the right way to do it.
Mark BiekHow they built it
Connecting AI to Simplenote was only half the story. AI also helped build it.
“We worked really hard at not just vibe coding this, letting the AI crank out whatever and not knowing what it was doing,“ Mark explained. “We both spent a lot of time making sure we understood what the AI was doing and whether it was the right way to do it.”
The team applied guardrails to their own process, not just to the LLM’s behavior at runtime.
“We didn’t just say, ‘hey, build me an MCP server,’” added Evan. “We had the documentation and the scope of the project lined up. We used issues in Linear, pull requests, and automated tests, kind of like guardrails around the AI.”
Working with multiple AI tools created a separate problem: keeping the codebase consistent.
“The agents’ markdown files, which definitely helped to keep [the project] on track, made it easy to review, and ensured that, in the end, it looks like a uniform code base,” Evan said. “It’s not like parts of it look different depending on which AI agent or which prompts we used.”
This is especially important because Simplenote MCP and Simperium, the open source sync backend that powers Simplenote, are both publicly available on GitHub.
“This is available as an open source project,” said Mark. “People could fork it, people could submit their own enhancements or bug fixes to it. And so we wanted to make sure that the project was organized from that perspective as well, in case there are outside contributors who want to add anything.”
The number of open source contributions the project receives is just one of the metrics the team will watch.“I think it’s just going to be: are people using it?” said Mark. “That’s the first level of success. We don’t have a number in mind. But if anybody’s using it at all, I’m going to be excited.”
He added: “A second layer of success would be if we actually started getting some outside contributions.”The Simplenote MCP shows a pattern other teams can copy: Set numeric limits on writes, so an LLM can’t run wild. Record which tools ran on which platform, but never what the user wrote. Let users turn telemetry off with a single command. Apply the same discipline to how the AI writes the code as you do to how it runs at runtime. None of this is technically difficult. It just has to be decided early.
The new Simplenote MCP currently works with Claude Desktop, Claude Code, Cursor, VS Code (Copilot), Zed, Cline, Windsurf, and anything else that speaks MCP. Give it a try, and, in the comments below, please let us know what you think.
#ai #Automattic #DataAnalytics #technology -
Nocą umówioną, nocą ociemniałą
Przyszło do mnie ciszkiem to przychętne ciało.
Przyszło potajemnie - w cudzej bezżałobie -
Było mu na imię tak samo, jak tobie...Zajrzało po drodze w przyszłość i w zwierciadło -
Na pościeli zimnej obok się pokładło -
Dla mnie się pokładło, bym je mógł całować
I znużyć - i zużyć - i nie pożałować!Lgnęło mi do piersi - ofiarnie pachnące,
Domyślnie bezwstydnie i - posłuszniejące...
W ciemnościach - w radościach - na granicy łkania
Mdlało od nadmiaru niedoumierania.I nic w nim nie było, prócz czaru i grzechu,
Prócz bezwiednej woni - wiednego pośpiechu -
I prócz tego dreszczu, co ginie w krwi szumie -
A bez niego ciało - ciała nie rozumie.Leśmian
-
Kamil Stoch - 190 metrów w ostatnim skoku w Pucharze Świata w karierze.
Kamilu, pięknie Tobie dziękujemy za te wszystkie lata! Zapisałeś się złotymi zgłoskami w historii polskiego i światowego sportu!
-
Kamil Stoch - 190 metrów w ostatnim skoku w Pucharze Świata w karierze.
Kamilu, pięknie Tobie dziękujemy za te wszystkie lata! Zapisałeś się złotymi zgłoskami w historii polskiego i światowego sportu!
-
🆕OPPO Watch X3 zadebiutował. To smartwatch, który chce wiedzieć o Tobie wszystko
➡️https://rootblog.pl/oppo-watch-x3-oficjalnie-zaprezentowany-na-rynku/ -
Jesienna auro, jesienna auro!
Kiedy spod kół chlapie, a na autostradzie szarawo, spraw by wszyscy kierowcy przestrzegali prawo!Bo gdy w dupę Tobie wjadę,
to kto spowodował wypadek?Światła dzienne to duża wygoda, jednak warta jest znania pewna przestroga...
Księga ulicy mówi JASNO:
"Kto za dnia światła razem z wycieraczkami włącza, tego nie rozboli dupa"#SpejsonVLOG #KsięgaUlicy #ZasadyŻycioaProste #Przemyślenia
Wiem, że automatyzacja to świetna rzecz, ale automatyzacja niech nie zwalnia nas z myślenia!
-
Jak wyrwać się z macek Facebooka i spółki?
Pozbycie się Facebooka, Instagrama czy Messengera jest wbrew pozorom prostsze, niż się Tobie może wydawać. I zyskać możesz na tym wiele, przy okazji odkrywając nowe rzeczy.https://kontrabanda.net/r/jak-wyrwac-sie-z-macek-facebooka-i-spolki/
-
#jeu d'échec = "C'est la confrontation à la #mort : 'mat', de 'échec et mat', signifie 'il est mort' en arabe. " -> cf ludique #vie
'[...] ce n'est pas nous qui sommes intelligents, ce sont les outils que nous fabriquons. Ils nous obligent à penser aux choses.
On a fabriqué une #langue, qui nous oblige à #penser : la langue est plus intelligente que nous. [...] C'est un parcours qui nous poursuit depuis l'aube de l'humanité."#marmion #connaissance #psy #education #emotion #TobieNathan
-
#jeu d'échec = "C'est la confrontation à la #mort : 'mat', de 'échec et mat', signifie 'il est mort' en arabe. " -> cf ludique #vie
'[...] ce n'est pas nous qui sommes intelligents, ce sont les outils que nous fabriquons. Ils nous obligent à penser aux choses.
On a fabriqué une #langue, qui nous oblige à #penser : la langue est plus intelligente que nous. [...] C'est un parcours qui nous poursuit depuis l'aube de l'humanité."#marmion #connaissance #psy #education #emotion #TobieNathan
-
#jeu d'échec = "C'est la confrontation à la #mort : 'mat', de 'échec et mat', signifie 'il est mort' en arabe. " -> cf ludique #vie
'[...] ce n'est pas nous qui sommes intelligents, ce sont les outils que nous fabriquons. Ils nous obligent à penser aux choses.
On a fabriqué une #langue, qui nous oblige à #penser : la langue est plus intelligente que nous. [...] C'est un parcours qui nous poursuit depuis l'aube de l'humanité."#marmion #connaissance #psy #education #emotion #TobieNathan
-
"Un Conseil d'Administration de l'université" = "c'est terrifiant : un village de chasseurs, en beaucoup moins élaboré."
université -> enjeux #politique cf réforme de son financement.
#solution : faire amende honorable en cas d'erreur. Y persister = connerie.
"Il ne faut pas baisser les bras à cause des réseaux sociaux, au contraire !"
#marmion #connaissance #psy #education #emotion #TobieNathan
-
"Un Conseil d'Administration de l'université" = "c'est terrifiant : un village de chasseurs, en beaucoup moins élaboré."
université -> enjeux #politique cf réforme de son financement.
#solution : faire amende honorable en cas d'erreur. Y persister = connerie.
"Il ne faut pas baisser les bras à cause des réseaux sociaux, au contraire !"
#marmion #connaissance #psy #education #emotion #TobieNathan
-
"Un Conseil d'Administration de l'université" = "c'est terrifiant : un village de chasseurs, en beaucoup moins élaboré."
université -> enjeux #politique cf réforme de son financement.
#solution : faire amende honorable en cas d'erreur. Y persister = connerie.
"Il ne faut pas baisser les bras à cause des réseaux sociaux, au contraire !"
#marmion #connaissance #psy #education #emotion #TobieNathan