Hacker News: orisho

New comment by orisho in "Why senior developers fail to communicate their expertise"

orisho — Tue, 12 May 2026 22:40:50 +0000

Shouldn't a senior developer strive to eliminate complexity while increasing velocity? The two do not contradict. Reducing complexity can increase velocity.

New comment by orisho in "A web-based RDP client built with Go WebAssembly and grdp"

orisho — Sat, 25 Apr 2026 14:26:39 +0000

It's probably there not as a way to connect networks, but as a way to keep them separate, only allowing RDP between specific computers on different networks.

New comment by orisho in "We replaced H.264 streaming with JPEG screenshots (and it worked better)"

orisho — Tue, 23 Dec 2025 23:40:07 +0000

A 15 frame min anf max GOP size would do the trick, then you'd get two 15 frame GOPs. Each GOP can be concatenated with another GOP with the same properties (resolution, format, etc) as if they were independent streams. So there is actually a way to do this. This is how video splitting and joining without re encoding works, at GOP boundary.

New comment by orisho in "LLMs are mortally terrified of exceptions"

orisho — Fri, 10 Oct 2025 03:22:48 +0000

You're right, but the way to achieve this is to allow the error to propagate at the file level, then catch it one function above and continue to the next one.

However, LLM generated code will often, at least in my experience, avoid raising any errors at all, in any case. This is undesirable, because some errors should result in a complete failure - for example, errors which are not transient or environment related but a bug. And in any case, a LLM will prefer turning these single file errors into warnings, though the way I see it, they are errors. They just don't need to abort the process, but errors nonetheless.

New comment by orisho in "Work is not school: Surviving institutional stupidity"

orisho — Thu, 02 Oct 2025 17:48:13 +0000

I believe it's because if you are easily replaceable, then screwing up means you're not worth the trouble. If you aren't easily replaceable (whether it's because you have demonstrated you're a good employee or you're working a high-demand role), you are worth the trouble and you'll get more chances. There are other reasons too, such as jurisdictions where suing after being laid off is more common, which makes more chances, PIP and severance packages more likely.

New comment by orisho in "Invasive Israeli-founded bloatware is harvesting data from Samsung users in WANA"

orisho — Sat, 20 Sep 2025 21:30:24 +0000

It's not just Israel. It's just not newsworthy if it's not Israel.

New comment by orisho in "Using eSIMs with devices that only have a physical SIM slot via a 9eSIM SIM car"

orisho — Mon, 20 Jan 2025 13:14:58 +0000

You may find yourself in that situation if you have a device that only supports SIMs, and you can't use any of the cheap travel esim providers with it. For travel, you would replace your local SIM with the 9eSIM, and be able to switch providers depending on destination. The difference can be huge in some countries, where a local provider's travel plan can be 30 to 50 USD, while a equivalent on an ESIM provider is just $4.

I live in such a country and have parents with older phones who can't use esims, so the value is obvious to me. :)

New comment by orisho in ""Unstripping" binaries: Restoring debugging information in GDB with Pwndbg"

orisho — Mon, 09 Sep 2024 00:45:16 +0000

I don't recall what it was called in the menu, but it was definitely possible to assume a struct on a particular address. Muscle memory tells me the button is U, even though actual memory fails me.

New comment by orisho in "Nitric Is Terraform for Developers"

orisho — Fri, 16 Aug 2024 22:21:26 +0000

The alternative is making it possible for developers to only think about code, not permissions, or at least specify the permissions in terms of what you want to do, not what permissions you need. Think iOS, you write "I need fine grained location access" into the manifest, you don't configure the permission system to allow you to call the API.

Another poster touched on another important point: it's important for this to be changeable independent of the code. The reason for this is actually kind of subtle. Obviously, you don't wanna have to need to rebuild in order to regenerate permissions. But the real reason, imo, is that it should be easy to parse for a human, easy to locate for a human, and also easy to parse and adjust for a machine, that might determine a permission is no longer necessary, or who is trying to build a dependency graph in order to determine who to wake up during an incident. That means it should go into configuration that is versioned and deployed alongside the code, but not in the code.

If you make this hard to understand and change, people will just copy it, and the you're back to square one. It's gotta be the easiest thing to do the right thing, because at scale, people are gonna do the easiest thing.

I feel like I'm kinda going on at length about this, so instead I'm gonna leave you with a link to a blog I wrote about the same concepts, if you wanna read more. It's about Kubernetes network policies, but really the same concepts apply to all kinds of access.

https://otterize.com/blog/network-policies-are-not-the-right...

Message from a Gazan to Campus Protesters: You're Hurting the Palestinian Cause

orisho — Fri, 26 Apr 2024 19:35:08 +0000

Article URL: https://www.newsweek.com/message-gazan-campus-protesters-youre-hurting-palestinian-cause-opinion-1894313

Comments URL: https://news.ycombinator.com/item?id=40173191

Points: 9

# Comments: 4

New comment by orisho in "House Votes to Extend–and Expand–A Major US Spy Program"

orisho — Fri, 12 Apr 2024 21:29:33 +0000

In newer versions of Android, apps which are not opened by the user have their permissions automatically and periodically revoked. So they no longer have the permissions, and when reopened, the user needs to grant the permissions again interactively. Presumably to solve this.

New comment by orisho in "Retina – eBPF distributed networking observability tool for Kubernetes"

orisho — Tue, 19 Mar 2024 22:55:38 +0000

See also: Network Mapper - low privileges, no-eBPF network observability tool for K8s

https://news.ycombinator.com/item?id=39761114

New comment by orisho in "Network Mapper – low privileges, no-eBPF network observability tool for K8s"

orisho — Tue, 19 Mar 2024 22:53:48 +0000

See also: Retina, eBPF-based network observability tool by Microsoft. https://news.ycombinator.com/item?id=39759627

The Network Mapper can export to Grafana Tempo (contributed by the community!), but doesn't have to. You can get its output as text, JSON, PNG or SVG using a CLI or an API (directly from the deployment in your cluster), and use it to auto-generate network policies.

Built while avoiding eBPF and reliance on a particular CNI with the intention to run on older nodes, with low privileges, a low performance footprint, and most importantly - zero config.

Network Mapper – low privileges, no-eBPF network observability tool for K8s

orisho — Tue, 19 Mar 2024 22:48:35 +0000

Article URL: https://github.com/otterize/network-mapper

Comments URL: https://news.ycombinator.com/item?id=39761114

Points: 6

# Comments: 1

New comment by orisho in "IAM Is the Worst"

orisho — Fri, 15 Mar 2024 11:54:49 +0000

The problem with IAM systems is they tend to try to encompass so many different functionalities, and stay unopinionated, that there are just so many ways to achieve similar end results. This opens the way for endless bikeshedding, and unfortunately is inevitable to some degree in large enough organizations.

This is a bit of a shameless plug, but I hope since it's an open source project it's okay. I'm working on a suite of tools called Otterize (otter and authorize, get it, haha :) that automates workload IAM for Kubernetes workloads.

You label your Pods to get an AWS/GCP/Azure role created, and in a Kubernetes resource specify the access you need, and everything else is done by the Otterize Kubernetes operators so that your pod works.

It's a lot simpler than all the kungfu you normally have to do, but it's not magic, honestly, it's just the result of limiting scope and having an opinionated view of what the development workflow should look like. Basically, instead of maximizing on capabilities, it trades some capabilities to maximize on developer comfort.

Check it out if you're keen on contributing, or just think IAM has a tendency to devolve into a mess ridden with politics.

github.com/otterize/intents-operator and docs.otterize.com

Cross-cloud access to AWS using cert-manager and SPIFFE

orisho — Wed, 13 Mar 2024 18:00:23 +0000

Article URL: https://github.com/otterize/otterize-csi-spiffe-demo

Comments URL: https://news.ycombinator.com/item?id=39694994

Points: 2

# Comments: 0

Meta: Image and video editing through simple instructions

orisho — Fri, 17 Nov 2023 12:21:38 +0000

Article URL: https://twitter.com/adam_polyak90/status/1725199148788376049

Comments URL: https://news.ycombinator.com/item?id=38302531

Points: 3

# Comments: 0

New comment by orisho in "Can’t send email more than 500 miles (2002)"

orisho — Tue, 19 Sep 2023 21:48:03 +0000

Oh, I love this story! :D Always fun to read whenever I stumble upon it.

Show HN: Visualize Kubernetes Clusters

orisho — Wed, 22 Mar 2023 16:17:01 +0000

A lot of Kubernetes observability projects require very invasive deployments. My team was looking for something more lightweight and non-invasive, so we built the network mapper, an open source project which uses DNS traffic to map service traffic within Kubernetes clusters.

We’ve just added a CLI that creates a graphical map of your cluster using graphviz: otterize network-mapper visualize.

I’m curious to learn: Is such a map valuable to you? How would you use the information? Do you already have a map of your cluster, and was it difficult to acquire?

Comments URL: https://news.ycombinator.com/item?id=35263356

Points: 7

# Comments: 0

New comment by orisho in "Zoom app dock: Congratulations, your app has apps in it now"

orisho — Tue, 10 Jan 2023 23:02:10 +0000

It has an option to "auto open", which you can deselect.