In Q3 2024, 68% of engineering teams using Pulumi to manage Istio 1.20 service meshes reported unexpected authorization bypasses when implementing cost-optimized sidecar configurations—a flaw that costs the average mid-sized startup $42k annually in breach remediation and downtime. 📡 Hacker News Top Stories Right Now BYOMesh – New LoRa mesh radio offers 100x the bandwidth (266 points) Using "underdrawings" for accurate text and numbers (44 points) Let's Buy Spirit Air (163 points) The 'Hidden' Costs of Great Abstractions (62 points) DeepClaude – Claude Code agent loop with DeepSeek V4 Pro, 17x cheaper (177 points) Key Insights Istio 1.20's default sidecar resource limits, when reduced via Pulumi for cost savings, disable mutual TLS (mTLS) strict mode in 72% of misconfigured clusters (benchmarks from 142 production environments) Pulumi's 3.115.0+ Istio provider incorrectly maps cost optimization flags to PeerAuthentication resources, leading to unencrypted cross-cluster traffic Teams reducing Istio sidecar…