MCP Registry Solves Discovery. WorkOS Connect Solves Security. (Sponsored)

The MCP Registry makes it easy for LLMs to discover tools, but discovery alone isn’t enough.

Tools still need to act on behalf of users, and that requires secure, delegated access. API keys don’t cut it. They’re hard to scope, break user flows, and undermine the promise of seamless integration.

WorkOS Connect delivers a fully compliant OAuth 2.1 flow. It handles PKCE, scopes, user consent, and secure token issuance out of the box.

The WorkOS advantage:

• Compliant with MCP OAuth 2.1

• Handles redirects, consent, and scopes

• Easy to drop in and fast to ship

Ship secure MCP Auth with WorkOS Connect

This week’s system design refresher:

• FAANG System Design Interview: Design A Chat System (Youtube video)

• Cookies vs Sessions

• Access Control Clearly Explained

• Full Fine-Tuning vs LoRA vs RAG

• How Git Reset Works?

• Apache Kafka Explained (At the high level)

• SPONSOR US

FAANG System Design Interview: Design A Chat System (WhatsApp, Facebook Messenger, Discord, Slack)

Help us Make ByteByteGo Newsletter Better

TL:DR: Take this 2-minute survey so I can learn more about who you are,. what you do, and how I can improve ByteByteGo

Take the ByteByteGo Survey

Cookies vs Sessions

Every web app needs a way to remember users after they log in, and the way they manage this makes a big difference in performance, scalability, and security of that web application.

Cookies:

• Store data directly on the client (like user info or tokens).

• Each request sends the cookie back to the server.

• Simpler to implement, but can expose data if not secured properly.

Sessions:

• Store data on the server; the client only keeps a Session ID in a cookie.

• Each request uses the Session ID, and the server looks up the data in its session store.

• More secure, but requires extra server-side storage and management.

Over to you: Do you usually prefer cookies, sessions, or token-based authentication?

The AI Agent for Production-Grade Codebases (Sponsored)

Augment Code’s powerful AI coding agent and industry-leading context engine meets professional software developers exactly where they are, delivering production-grade features and deep context into even the largest and gnarliest codebases.

With Augment Code you can:

• Index and navigate millions of lines of code.

• Get instant answers about your codebase.

• Automate processes across your entire development stack.

• Better understand code, debug issues, and ship faster

Build with the AI agent that gets you, your team, and your codebase the results you need for top performance.

Discover Augment Code

Access Control Clearly Explained

Access control decides who gets in and who’s locked out — but the rules vary.

• Role-Based Access Control (RBAC): Access based on roles (e.g., Maintainer, Viewer). Simple, scalable.

• Attribute-Based Access Control (ABAC): Access based on attributes (user, resource, environment). Flexible, but complex.

• Access Control List (ACL): Explicit permissions for each user or group. Direct, but hard to manage at scale.

RBAC = roles.
ABAC = attributes.
ACL = explicit permissions.

Over to you: Have you ever had to switch from one model to another? What drove the change?

Full Fine-Tuning vs LoRA vs RAG

All three are different ways of adapting a large pre-trained language model to new tasks or knowledge.

1. Full Fine-Tuning
   The entire pre-trained model is retrained on new data. It means that all the weights of the network are updated, which gives high accuracy but requires more computing power and storage.

2. LoRA Fine-Tuning
   LoRA stands for Low-Rank Adaptation. Instead of changing the whole model, the main weights are frozen, and only small additional layers are trained. This is much faster and cheaper than full fine-tuning while still adapting the model to new tasks.

3. RAG
   RAG stands for retrieval-augmented generation. The model doesn’t retrain. Instead, it retrieves information from external sources (databases, web, documents, etc) whenever needed. The query is enhanced with relevant context before being passed to the model, making it more accurate and up-to-date without heavy retraining.

Over to you: Which other fine-tuning technique have you seen?

How Git Reset Works?

Git Reset moves your current git branch (HEAD) to a different commit and can make the index and working directory match it.

There are three options available with the ‘git reset’ command:

1. Move HEAD (--soft)
   Moves what the HEAD points to. However, the index and working files stay the same. For example, the ‘git reset --soft HEAD~’ command moves the pointer back one commit.

2. Updating the Index (--mixed)
   This is the default option. It updates the index with the contents of whatever snapshot HEAD now points to, but leaves your working files alone.

3. Updating the Working Directory (--hard)
   This option moves the HEAD, resets the index, and makes the working directory match that commit. The command ‘git reset --hard HEAD~’ sets everything (pointer, index, files) to the older commit.

Over to you: Have you used Git Reset in your project?

Apache Kafka Explained (At the high level)

From Netflix to Uber to LinkedIn, Apache Kafka is the backbone of their real-time data infrastructure. It is a distributed event streaming platform built to handle massive streams of data with low latency and high reliability.

• Producers: Applications (web, mobile, IoT, logs, etc.) that publish messages to Kafka topics.

• Topics & Partitions: Messages are organized into topics, which are split into partitions for scalability and parallelism.

• Broker Cluster: Kafka brokers store and serve partitioned data. Multiple brokers form a cluster to ensure reliability and fault tolerance.

• KRaft (Controller Quorum): Coordinates cluster metadata and leader elections — ensuring the cluster remains consistent.

• Consumer Groups: Applications that subscribe to topics and consume messages.

Over to you: Do you use it more for real-time pipelines or event-driven microservices?

Dev work ≠ business impact? Fix that. (Sponsored)

Running engineering is brutal. Endless pressure to deliver, constant obstacles, and a business side that doesn’t always get it.

DevStats makes it simple:

✅ Align engineering with business goals

✅ Keep delivery predictable and on track

✅ Spot bottlenecks early and keep delivery flowing

With DevStats, you stop flying blind and start shipping what matters.

👉 Get a demo

SPONSOR US

Get your product in front of more than 1,000,000 tech professionals.

Our newsletter puts your products and services directly in front of an audience that matters - hundreds of thousands of engineering leaders and senior engineers - who have influence over significant tech decisions and big purchases.

Space Fills Up Fast - Reserve Today

Ad spots typically sell out about 4 weeks in advance. To ensure your ad reaches this influential audience, reserve your space now by emailing sponsorship@bytebytego.com.