Note

Updated 0115 Lol, turns out there was already a ready-made solution and I was here drawing diagrams from scratch 😅 https://mcp-auth.dev/docs/tutorials/todo-manager I’ve been experimenting with building some MCP servers lately. When dealing with multiple users, authorization becomes a concern. MCP clients (Agents) currently need to complete authorization when connecting to an MCP server, i.e., at initialization time. I mapped out two MCP OAuth flows for reference in future development. Case 1: The third-party app natively supports OAuth. This is the simpler case — just authorize directly with the third-party app, and the Agent can call tools normally. ...

Introduction I’ve learned a lot from Ethernaut recently. Setting aside the more basic stuff, I want to document some ECDSA-related notes. In the formulas below, lowercase letters represent scalar values, uppercase letters represent points, except N which is the curve order. ECDSA relies on the discrete logarithm problem on elliptic curves. For a private key privkey, the public key PubKey is a point on the elliptic curve satisfying $\text{PubKey} = \text{privkey} \cdot G$, where G is the generator of the elliptic curve. Because the discrete logarithm problem on elliptic curves makes it computationally infeasible to derive privkey from PubKey and G, digital signatures become possible. ...

I installed proxychains-ng to force certain programs to go through a proxy, but found it works inconsistently on macOS. After some research, the culprit is macOS SIP (System Integrity Protection). proxychains4 works by replacing the dynamic libraries of child processes to force them through a proxy. However, macOS SIP prevents all built-in executables from having their dynamic libraries replaced for security reasons — so proxychains4 simply doesn’t work with anything under /usr/bin/. ...

The following has only been tested on iOS Opening the blog on a desktop is great, of course. But opening it on mobile and saving it as a bookmark to the home screen gives a rather peculiar experience. Other bookmarks like Grafana and UptimeKuma open in full-screen mode and feel super smooth. But my own blog bookmark, when tapped, redirects to open in Safari — which is confusing. A quick search turned up both the cause and the fix. ...