Hacker News: vinckr

New comment by vinckr in "Open Source Resistance: keep OSS alive on company time"

vinckr — Wed, 13 May 2026 18:04:27 +0000

Has that law ever been enforced ? (e.g. taking away a FOSS or other project that someone wrote in their own time)

New comment by vinckr in "Open Source Resistance: keep OSS alive on company time"

vinckr — Wed, 13 May 2026 18:02:43 +0000

in most cases you dont need explicit permission but you need to sign a CLA (Individual Contributor License Agreement) - which kind of includes permission

New comment by vinckr in "Riding the D in Los Angeles: city hopes new subway stations will be game changer"

vinckr — Tue, 12 May 2026 23:13:04 +0000

Coming from Germany I found it funny how tiny the subway lines are in major cities in the US compared to medium-sized cities here.

I always thought Germany was a country centered a lot around cars but it was so much more extreme in the states; seemed not possible to live in a city(!) without a car.

New comment by vinckr in "From Supabase to Clerk to Better Auth"

vinckr — Thu, 07 May 2026 13:55:48 +0000

Personally I hate magic links via email with a passion and will actively avoid products that have this as the only authentication method

New comment by vinckr in "From Supabase to Clerk to Better Auth"

vinckr — Thu, 07 May 2026 13:54:21 +0000

I don't think we can let that one go so easily, since they might not be scanning for ad targeting (pinky promise?) - but they most certainly will slurp everything up for their AI stuff: https://blog.google/products-and-platforms/products/gmail/gm...

New comment by vinckr in "DeepClaude – Claude Code agent loop with DeepSeek V4 Pro"

vinckr — Mon, 04 May 2026 16:05:20 +0000

How is it obvious that this project bought starts on GitHub?

New comment by vinckr in "Starter Template for Ory Kratos"

vinckr — Sat, 07 Feb 2026 13:59:14 +0000

Very cool, thanks for sharing. Feel free to add it to https://github.com/ory/awesome-ory !

The Agentic Trust Framework: Zero Trust Governance for AI Agents

vinckr — Wed, 04 Feb 2026 20:42:29 +0000

Article URL: https://cloudsecurityalliance.org/blog/2026/02/02/the-agentic-trust-framework-zero-trust-governance-for-ai-agents

Comments URL: https://news.ycombinator.com/item?id=46891425

Points: 1

# Comments: 0

New comment by vinckr in "Why users cannot create Issues directly"

vinckr — Fri, 02 Jan 2026 17:59:35 +0000

> Tickets cannot be moved between trackers

You can convert an issue to a discussion and vice versa, so no duplication is needed and your notification should be preserved.

Or do you mean something else?

New comment by vinckr in "Mistral OCR 3"

vinckr — Fri, 19 Dec 2025 23:26:43 +0000

after clicking on your link I browsed twitter for a minute and damn that place has become weird (or maybe it always was?)

New comment by vinckr in "Git history knows more than your standup. We built an AI to query it"

vinckr — Sun, 14 Dec 2025 16:43:13 +0000

I think most commit messages use conventional commits (https://www.conventionalcommits.org/en/v1.0.0/) - I found them to be quite useful for creating structures commit messages.

I think gitmore could be improved if it used the conventional commits specification, there is a reason almost everyone uses them.

New comment by vinckr in "Kratos - Cloud native Auth0 open-source alternative (self-hosted)"

vinckr — Sun, 16 Nov 2025 10:32:04 +0000

These are fair concerns, and I want to clarify what's included versus what's paid.

The confusion here is about two different types of SSO:

_Admin SSO (for managing Ory itself)_ - Ory is fundamentally an API. For self-hosted deployments, you control access however you want - through your infrastructure, reverse proxy, or using Ory Polis. This is not gated.

_Organizations SSO (for your end users)_ - This is the paid feature. It allows your B2B customers to bring their own identity provider. If you're building a SaaS product and BigCorp wants their employees to authenticate using Okta or Azure AD, Organizations handles that federation.

The distinction matters because maintaining integrations with enterprise IDPs is continuous work. For example Google randomly changes their OIDC implementation on a Saturday evening. Someone needs to wake up and fix that. For products serving other businesses at scale, that operational burden is real.

Organizations is one of the few areas where we charge, specifically targeting the B2B SaaS use case. If you're self-hosting for internal use or building a consumer product, you don't need Organizations. If you're selling to enterprises that require SSO, you're generating revenue to support the cost.

New comment by vinckr in "Kratos - Cloud native Auth0 open-source alternative (self-hosted)"

vinckr — Fri, 14 Nov 2025 14:44:27 +0000

if you leave the admin APIs unsecured in production it is an attack vector, not sure what you would prefer being told here?

It says "When deploying Ory open-source Servers, protect access to their APIs using Ory Oathkeeper or a comparable API Gateway."

New comment by vinckr in "Kratos - Cloud native Auth0 open-source alternative (self-hosted)"

vinckr — Thu, 13 Nov 2025 22:04:14 +0000

sorry to hear that, hope you have a better experience going forward. if you feel like it send me some details on what was most painful and we'll fix it.

New comment by vinckr in "Kratos - Cloud native Auth0 open-source alternative (self-hosted)"

vinckr — Thu, 13 Nov 2025 21:23:15 +0000

Another problem is also that "standards" like OAuth2/OIDC are used for a thousand use cases that weren't intended by the authors, so people get really creative with them. Plus the spec itself is vague on many essential things, for example how logout should work. Thankfully I never had to implement SAML but I would guess it's even worse there...

New comment by vinckr in "Kratos - Cloud native Auth0 open-source alternative (self-hosted)"

vinckr — Thu, 13 Nov 2025 18:52:56 +0000

if you are a masochist that is a great retirement project!

New comment by vinckr in "Kratos - Cloud native Auth0 open-source alternative (self-hosted)"

vinckr — Thu, 13 Nov 2025 18:49:45 +0000

Check out Ory Polis if you want SAML/SCIM support: https://github.com/ory/polis

CAPTCHA is not in scope for Kratos, there are already great solutions out there that you can use

New comment by vinckr in "Kratos - Cloud native Auth0 open-source alternative (self-hosted)"

vinckr — Thu, 13 Nov 2025 18:01:53 +0000

You can use other parts of the Ory ecosystem to add these features, such as Ory Polis for SAML/SCIM support: https://github.com/ory/polis

CAPTCHAs aren’t a big help anymore in my personal opinion, but you can easily integrate them on the frontend when using Kratos. The commercial offering just bundles all of this out of the box for you.

If Keycloak fits your needs well and you see no room for improvement, that’s perfectly fine; by all means use what works best for you.

New comment by vinckr in "Kratos - Cloud native Auth0 open-source alternative (self-hosted)"

vinckr — Thu, 13 Nov 2025 17:57:29 +0000

you should check out Ory Polis if you are looking for SAML support in the OSS version: https://github.com/ory/polis

New comment by vinckr in "Kratos - Cloud native Auth0 open-source alternative (self-hosted)"

vinckr — Thu, 13 Nov 2025 17:56:57 +0000

Ory Kratos itself doesn't support SAML that is correct.

However the newest addition to the Ory ecosystem, called Ory Polis (formerly known as BoxyHQ) does close that gap. It is also Apache2 licensed, do check it out here: https://github.com/ory/polis