Olivia
Online
Muyukani Kizito
@askmuyukani
Village nerd with some tools • Founder @prescottdata • Author • Creator of @TurnLang
Nairobi, Kenya
Joined May 2022
65 Following
26 Followers
323 Posts
I experienced good AI magic from @Grok. My starlink internet was spotty for days, I went to raise a ticket, Grok answered, did troubleshooting of my starlink kit, found it was defective, placed an order for a new kit and helped escalate an application for a 1 month waiver. Today, the new kit arrived. @starlink @xai great work
Love seeing Kenyan builders on my TL, very underrated, this work is very important. Won't even try using Google's products. Better support a Kenyan startup.
https://t.co/4r4NBIoc5N
your default EKS/GKE cluster can be compromised in 5 minutes. standard RBAC won't save you. here's the exact YAML you need
these are real, insanely common in prod clusters shipped with defaults
▶ vuln #1 — automountServiceAccountToken: true (default)
every pod gets a token by default. attacker lands in your pod → reads the token → calls kube API as that SA. gg.
apiVersion: v1
kind: ServiceAccount
metadata:
name: my-app
automountServiceAccountToken: false # add this. just do it.
and per-pod:
spec:
automountServiceAccountToken: false
▶ vuln #2 — no NetworkPolicy = flat network
by default every pod talks to every pod. one compromised sidecar, and ur entire cluster namespace is cooked.
apiVersion: https://t.co/PLmCQOf2ZG
kind: NetworkPolicy
metadata:
name: default-deny-all
namespace: production
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
▶ vuln #3 — containers running as root
shocking how many prod workloads still do this. container escape → root on the node. beautiful for attacker, not for you.
securityContext:
runAsNonRoot: true
runAsUser: 1000
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop: ["ALL"]
slap these 3 on every workload before you ship. not optional. not "we'll do it later". now.
RBAC is table stakes. these are the actual foot-guns that get real clusters pwned daily.
copy → paste → never get paged at 3am for this. you're welcome
#kubernetes #k8s #devsecops #EKS #GKE #cloudnative #infosec
![immanuel_vibe's tweet photo. your default EKS/GKE cluster can be compromised in 5 minutes. standard RBAC won't save you. here's the exact YAML you need
these are real, insanely common in prod clusters shipped with defaults
▶ vuln #1 — automountServiceAccountToken: true (default)
every pod gets a token by default. attacker lands in your pod → reads the token → calls kube API as that SA. gg.
apiVersion: v1
kind: ServiceAccount
metadata:
name: my-app
automountServiceAccountToken: false # add this. just do it.
and per-pod:
spec:
automountServiceAccountToken: false
▶ vuln #2 — no NetworkPolicy = flat network
by default every pod talks to every pod. one compromised sidecar, and ur entire cluster namespace is cooked.
apiVersion: https://t.co/PLmCQOf2ZG
kind: NetworkPolicy
metadata:
name: default-deny-all
namespace: production
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
▶ vuln #3 — containers running as root
shocking how many prod workloads still do this. container escape → root on the node. beautiful for attacker, not for you.
securityContext:
runAsNonRoot: true
runAsUser: 1000
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop: ["ALL"]
slap these 3 on every workload before you ship. not optional. not "we'll do it later". now.
RBAC is table stakes. these are the actual foot-guns that get real clusters pwned daily.
copy → paste → never get paged at 3am for this. you're welcome
#kubernetes #k8s #devsecops #EKS #GKE #cloudnative #infosec](https://pbs.twimg.com/media/HFxaon6XkAAV9Us.jpg)
@sukh_saroy Have fun taking that to production
@awsdevelopers Click click click to provision infra is sweating atm 😄
Been a good day staying away from the TL
Resumption on April 2nd
Introducing TurboQuant: Our new compression algorithm that reduces LLM key-value cache memory by at least 6x and delivers up to 8x speedup, all with zero accuracy loss, redefining AI efficiency. Read the blog to learn how it achieves these results: https://t.co/CDSQ8HpZoc
@cursor_ai Actually I love how Cursor has reacted to this whole Kimi situation, the world needs good (AI) companies of good people
It's been a busy month here at @prescottdata (important announcements coming soon), so I got a little bit pulled away from writing at the Dojo.
However, I still managed to share this architecture pattern for horizontal scaling of agentic systems in production. I coined it "The Hydra Pattern". If you are familiar with MapReduce this won't feel so foreign.
Go check it out: https://t.co/MZrYuRrKd3
@garrytan Garry from Temu 😂😂
I am calling this NetZero, AI offset
Who’s gonna create a carbon credits kimda marketplace for this 🤷🏿♂️
🚨 Do you understand what just happened at OpenAI..
on January 26.. Sam Altman told his own employees "we are planning to dramatically slow down hiring.. we think we'll be able to do so much more with fewer people"..
that was 54 days ago..
today OpenAI announced they're nearly doubling their workforce.. 4,500 to 8,000.. by end of year..
the same man telling you that AI replaces workers.. just announced hiring 3,500 more humans because AI couldn't replace his..
so either the AI isn't good enough to do the work.. or Anthropic scared them so bad they threw the whole playbook out the window..
both answers are embarrassing.. but only one of them is true.. and Sam knows which one.
🚨 Do you understand what just happened at OpenAI..
on January 26.. Sam Altman told his own employees "we are planning to dramatically slow down hiring.. we think we'll be able to do so much more with fewer people"..
that was 54 days ago..
today OpenAI announced they're nearly doubling their workforce.. 4,500 to 8,000.. by end of year..
the same man telling you that AI replaces workers.. just announced hiring 3,500 more humans because AI couldn't replace his..
so either the AI isn't good enough to do the work.. or Anthropic scared them so bad they threw the whole playbook out the window..
both answers are embarrassing.. but only one of them is true.. and Sam knows which one.
Bad grammar is thhe new proof of being human
It is a dogfooding weekend. We released some OSS projects early in the month, I want to try Garry’s “god mode” without the 10k LOC a day though
@leerob OSS way, love it Lee and congrats on the launch
Last Seen Users on Sotwe
LastDarkArt
Seen from Mexico
洛宝
Seen from Korea
Forbes Nation🇺🇸🇳🇬🇯🇲
Seen from United States
Ignorrrr
Seen from Indonesia
โลกแห่งความมืด💦
Seen from Argentina
ลำ โฆย เบริน์ ลู ฮี
Seen from Thailand
يمنيه حلوه
Seen from Sweden
kpkgenai
Seen from Malaysia
roshida bbw
Seen from Indonesia
AtvNikity
Seen from Brazil
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.5M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.3M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.5M followers
Taylor Swift
@taylorswift13
81.3M followers
Lady Gaga
@ladygaga
72.9M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.6M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.3M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers