Eli🗿

Are there things you always assumed you're bad at? well, maybe you are,but then maybe you aren't. And guess what, it's not something you can know until you've put in some effort. If you have the passion for it, put in the work and see.

The final chapter of Database Internals. Distributed Consensus. We'll talk zookeeper, paxos, and raft. Live tomorrow 10am PT.

Tomorrow we're talking distributed transactions. I'll be live 10am PT going over atomic operations, multi-phase commit, and Google Spanner. Only two more streams till we're done with this book!

Few years ago, a promising startup called Code Spaces was crippled into closing down due to a security misconfiguration. One tiny mistake in their cloud setup ended up wiping out the entire company. It began when their engineers noticed unusual activity on their AWS console. Someone was inside the actual console, the command center of their whole business. At first, they thought it was a false alarm. “Maybe someone logged in from a new device.” “Maybe a test account.” “Nothing to worry about.” Then a ransom message appeared. The attacker explained, calmly, that they had full control over Code Spaces’ entire AWS environment. If the company didn’t pay, they would begin deleting resources. Code Spaces refused. They tried to fight back, revoke access, rotate keys, kill sessions, everything incident response playbooks say you should do. But the attacker already had admin privileges. And Code Spaces had made the one mistake countless startups still make today: they stored everything, production servers, databases, snapshots, logs, backups, cross-region replicas, inside a single AWS account, behind a single blast radius. No isolation. No backup of the backup. No out-of-band safety net. So the attacker began clicking. Snapshots disappeared. S3 buckets evaporated. EC2 instances terminated instantly. Database backups wiped out. Even the fallback snapshots stored “safely” across regions were under the same compromised account, and were deleted just as easily. The engineers watched in real time as years of customer data vanished. Entire repositories. Configurations. Histories. Everything customers trusted them with. They weren’t dealing with a breach anymore. They were experiencing erasure. Within hours, Code Spaces published a devastating announcement: the damage was irreversible. They could not rebuild. There was nothing left to restore. The company was forced to shut down permanently. It wasn’t a sophisticated hack or an advanced exploit. It was a simple misconfiguration, an over-permissioned IAM role, no MFA on the AWS console, critical backups stored in the same place as production. One compromised credential, and a thriving startup ceased to exist because they trusted their cloud configuration too much, and learned, the hard way, that in cloud security, one mistake can cost you your entire company.

@Jerry_Elikem Nobody says X here

@_jhohannes Eww "Twitter"...😂

@Jerry_Elikem You Dey twitter? Ei

@trevenue44 Chale, the song just dey hit different this morning

@Jerry_Elikem Broski, calm down

@1bp7l_ "Some my guy"

@Jerry_Elikem some my guy ein story

lol presec, best in manipulation & gaslighting

@Jerry_Elikem eish, reading papers n things

Solid piece! I for go read that paper again cos ebi like more things pass over my head 😂

@n_kaybio Real!

An extremely fucked up movie

"Introduction to Parallel Algorithms" by Guy Blelloch is an excellent companion to MIT's course. It covers the memory hierarchy from a parallel computing perspective and much more. cs.cmu.edu/~guyb/paralg/p…

Too often as devs, unless we have the "perfect" solution, we don't want to ship. The path to scale is filled with hacks, mistakes and learnings. No 2 apps are the same and your job as an engineer is to understand the trade-offs. There's a video in the next tweet.

RCE in Gogs (CVE-2024-39930) CVE-2024-39930 is a Remote Code Execution vulnerability affecting the SSH server built into Gogs. While the Sonar's blog post explains the vulnerability well, no working exploit or guide to exploiting this vulnerability had been made public. (1/4)

It’s ok to not know anything, it’s ok to admit you were wrong about something, it’s ok to relearn something in the presence of new info. It’s not a sign of stupidity

This man make I think papa. Translated it for those who don’t understand twi. Chai. The fate of Ghana lies in our hands #StopGalamseyNow #Freethecitizens

Repost this video everywhere. #StopGalamseyNow #FreetheCitizens

BART Simpson said we should get the hashtag to a million tweets. We’re at 680k now #FreetheCitizens