English
Bevan
1.8K posts
Bevan
@bevan_waite
Creator of the Bit Intelligence YouTube Channel, and the 21 Voices series. Director of Marketing at JAN3
Katılım Nisan 2022
888 Takip Edilen2.4K Takipçiler
good save with the SSH keys — that's the one thing that literally saved your server. most people learn this the hard way after getting owned lol
if you want to skip all the hardening hassle next time, @lobsterfarm_ai spins up with firewall enabled by default + isolated instances. built it because I went through the exact same "oh shit" moment 😅
English
🚨 I nearly got HACKED running @openclaw!! 🚨
Here's what happened, and what saved me...
If you're like me and new to all this dev stuff, read this before something bad happens to you, too. I learned this the hard way so you don't have to. 👇
On March 7th, I launched a fresh VPS to host infrastructure for a project I'm building.
I didn't harden it immediately. Security was on the list, just not day one.
Bad move, here's why:
Last night I finally sat down and properly locked the server down. Here's what we implemented:
🔒 SSH rate limiting: too many failed attempts = connection dropped
🔒 Fail2ban: repeat offenders auto-banned by IP
🔒 Firewall rules: every unused port closed, only 80, 443, and SSH open
🔒 Full port audit: and this is where we caught something embarrassing
During the audit, we found a port I'd left wide open by accident. 😱
We'd been transferring files between the server and my local machine for a quick test, opened a port to make it easy, and just forgot to close it. It left the entire server completely exposed. That's the kind of thing that feels harmless in the moment and can turn into a disaster if someone finds it first.
I killed it, wiped the sweat off my brow, and moved on...
The moment rate limiting went live, it triggered immediately. Someone was already trying to break in in real time.
While we were hardening the server!!!!
We pulled the auth logs. It had been happening since March 7th. The day it went live.
Here's what the attackers were actually doing. They weren't targeting me specifically. These are automated bots that scan every IP address on the internet constantly. The second a new server comes online, it gets found. Then they start trying to log in using lists of common usernames:
ubuntu, root, admin, postgres, oracle, solana, validator, ops, node...
These aren't random. They're real usernames from real tutorials, real default configurations, real leaked server setups. If a Solana validator guide says "create a user called validator", that name ends up on every attacker's list. They try each username with hundreds of common passwords, automatically, on thousands of servers a day.
Here's what saved me:
When I set the server up on March 7th, password-based SSH login was disabled from the start, keys only. So even though bots had been hammering it for days, none of those users existed on my server, and even if they had, there was no password to guess. Every attempt failed at the door before it even got started.
I got LUCKY!
If password auth had been on during those 5 days, it could have been a very different story.
The lesson:
The internet is hostile by default. Your server will be found within minutes of going live. This is not paranoia; it is just the reality of running anything publicly accessible.
The fix is simple, and it has to happen on day one:
✅ SSH keys only, disable passwords completely
✅ Fail2ban, auto-bans IPs that hammer you
✅ Rate limiting slows brute force attempts to a crawl
✅ Firewall, close everything you're not using
✅ Non-obvious usernames, don't name your users what every tutorial tells you to
✅ Audit your open ports and close them the moment you're done
We're fully hardened now, logs are clean, no unauthorised access. But it was a sharp reminder that this isn't optional busywork. It's the floor.
Do it on day one.
🔧
English
@bevan_waite @openclaw Great reminder! Security with AI agents is crucial. Always important to review what permissions and access we grant them. Thanks for sharing your experience so others can learn from it too! 🔐
English
@ReflecttAI @openclaw Hah yeah learned a good lesson on this one, the bot wasn’t attaching the md file to telegram, idk why. Instead it sends me a link I open, I forget… boom hacked. Beginners beware…. Use this to not make that mistake!
English
good writeup. the "opened a port for a quick test and forgot to close it" is the most dangerous pattern because it always feels temporary. we've made it a rule: if you open a port, you also set the reminder to close it. no exceptions, no "I'll do it later." later is when the bots find it.
English
Clawdbot + Kling = 550 videos per day
No actors.
No products in hand.
No ghost creators.
No missed deadlines.
Just viral TikTok Shop sales — 24/7.
Here’s the crazy part:
This system produces 550+ cinematic, product-ready ads per day from a single prompt.
Here’s the full pipeline:
→ AI generates a realistic UGC persona — face, voice, personality
→ Arcads clones a natural voiceover in seconds
→ CapCut auto-edits: captions, pacing, hooks — done
→ our phone farm method pushes every finished video straight to TikTok Shop
→ Cruva Social 1 identifies which hooks are already winning in your niche before you film anything
The result: 500+ videos a month, per brand, at a fraction of what one UGC creator used to cost.
Most brands are still paying $300–500 per video.
Testing 10 hooks takes $5,000 and three weeks.
With this system, you test 100 hooks in the same timeframe.
The ones that win get scaled. Automatically.
AI is the new creative director.
TikTok doesn’t reward the best video.
It rewards the brand that shows up the most — with content that converts.
Static agencies are dead.
Creator dependency is a liability… and it’s soooo 2025.
No more waiting on creators.
No more $500 videos that flop after 200 views.
The brands that automate content at scale will be the biggest winners of 2026.
If you want the full breakdown:
Like & comment “SYSTEM”
I’ll send you the complete workflow, every prompt, and a step-by-step walkthrough. Free.
(Follow first so I can DM.)
English
I'm not a developer, but today I built enterprise-grade security infrastructure in an afternoon. 👨💻
I didn't know what I was doing. I shipped it anyway.
Here's what happened and why it's making me rethink everything:
On Friday I had an idea. Self-hosted AI is exploding, but the maintenance problem is still a blocker for non-technical users. When something breaks in front of you, or at 2am, most people are stranded.
So I started building.
With AI.
No dev background. Just curiosity and time.
Today's session:
→ Debugged a live production product end-to-end
→ Configured email infrastructure from scratch (DNS, Resend, Njalla — the whole thing)
→ Fixed a mismatched SSH key on a remote Mac I can't physically touch
→ Built a tunnel watchdog that monitors connections and reports its own hostname when it restarts
→ Added rotate-tunnel + emergency-reboot incident response commands
Believe it or not, that last one came from me.
I thought of it.
The AI helped me build it. It's genuinely clever and I still can't believe it works.
Then we built a content machine with 13 scheduled cron jobs that run itself.
I don't know the syntax. I don't know what half the commands mean. But I understand the problem, I have taste, and I have an AI that knows the rest.
The gap between "technical" and "non-technical" is collapsing faster than anyone's saying out loud.
You don't need to be a developer to build software anymore. You need to understand problems and care about solving them.
That's always been a creative's job. 🎭
English
If you aren't currently doing everything possible to stay on top of how this technology changes your industry, then one day you will get laid off.
Or your business will be outcompeted.
The race has started. 🏁
jack@jack
we're making @blocks smaller today. here's my note to the company. #### today we're making one of the hardest decisions in the history of our company: we're reducing our organization by nearly half, from over 10,000 people to just under 6,000. that means over 4,000 of you are being asked to leave or entering into consultation. i'll be straight about what's happening, why, and what it means for everyone. first off, if you're one of the people affected, you'll receive your salary for 20 weeks + 1 week per year of tenure, equity vested through the end of may, 6 months of health care, your corporate devices, and $5,000 to put toward whatever you need to help you in this transition (if you’re outside the U.S. you’ll receive similar support but exact details are going to vary based on local requirements). i want you to know that before anything else. everyone will be notified today, whether you're being asked to leave, entering consultation, or asked to stay. we're not making this decision because we're in trouble. our business is strong. gross profit continues to grow, we continue to serve more and more customers, and profitability is improving. but something has changed. we're already seeing that the intelligence tools we’re creating and using, paired with smaller and flatter teams, are enabling a new way of working which fundamentally changes what it means to build and run a company. and that's accelerating rapidly. i had two options: cut gradually over months or years as this shift plays out, or be honest about where we are and act on it now. i chose the latter. repeated rounds of cuts are destructive to morale, to focus, and to the trust that customers and shareholders place in our ability to lead. i'd rather take a hard, clear action now and build from a position we believe in than manage a slow reduction of people toward the same outcome. a smaller company also gives us the space to grow our business the right way, on our own terms, instead of constantly reacting to market pressures. a decision at this scale carries risk. but so does standing still. we've done a full review to determine the roles and people we require to reliably grow the business from here, and we've pressure-tested those decisions from multiple angles. i accept that we may have gotten some of them wrong, and we've built in flexibility to account for that, and do the right thing for our customers. we're not going to just disappear people from slack and email and pretend they were never here. communication channels will stay open through thursday evening (pacific) so everyone can say goodbye properly, and share whatever you wish. i'll also be hosting a live video session to thank everyone at 3:35pm pacific. i know doing it this way might feel awkward. i'd rather it feel awkward and human than efficient and cold. to those of you leaving…i’m grateful for you, and i’m sorry to put you through this. you built what this company is today. that's a fact that i'll honor forever. this decision is not a reflection of what you contributed. you will be a great contributor to any organization going forward. to those staying…i made this decision, and i'll own it. what i'm asking of you is to build with me. we're going to build this company with intelligence at the core of everything we do. how we work, how we create, how we serve our customers. our customers will feel this shift too, and we're going to help them navigate it: towards a future where they can build their own features directly, composed of our capabilities and served through our interfaces. that's what i'm focused on now. expect a note from me tomorrow. jack
English
Bevan retweetledi
We are proud to launch @A1Echos, a free, open-source AI transcription app from our new division, @A1Laboratory. 🤖🧪
- 100% Offline
- No Accounts
- No Subscriptions
- No Data Sharing
Read more on @BitcoinNewsCom! 👇
bitcoinnews.com/p/jan3-echos-f…
English
Bevan retweetledi
Bevan retweetledi
Bevan retweetledi
It's here! 🥂
@JAN3com is launching A1 Lab, our new AI division.
Developed from tools we rely on internally, A1 Lab builds open-source, offline-first AI designed to keep users in control.
Our first release: @A1Echos is a free, private AI transcription app that runs entirely on your device.
There are no accounts, no subscriptions, and no data harvesting.
This is just the beginning. Follow along to see what we’re building next!
English
Bevan retweetledi
‼️ We just fired the cloud. 😱
The Echos app makes cloud transcription obsolete.
If your app requires Wi-Fi to write down what you say, it's not a utility, it's a surveillance tool. 🕵️
Echos@A1Echos
Every time you record a meeting or a private thought, that audio is uploaded to a server, processed, and then used to train a big company's AI. 🤖 What if you could take notes and transcribe your thoughts while maintaining your privacy? We made it possible! 🔥
English
Bevan retweetledi
Bevan retweetledi
Why do 95% of attempts to orangepill fail?
In case you missed it, here's my seminar on how to not only counter FUD, but use it as a springboard to orangepill new adoptors
No theory, just the proven strategies I tested over ~4 years
Why this matters? It speeds up adoption
English
@JAN3com @bevan_waite Beautiful story telling @bevan_waite!!! 👏 Very well done. Captivating, easy to listen to and watch. And leaving the viewer w/ encouragement, hope and inspiration. Thank you!
English
Why is $1M #Bitcoin inevitable? 📈
@Excellion breaks down why the reconciliation between infinite fiat and finite Bitcoin makes a $1M price target inevitable. 🌍🧡
English
Bevan retweetledi
Bevan retweetledi
Bevan retweetledi
Happy Genesis Block Anniversary! 🎂🧱
We’re celebrating with a deep dive into the code that started it all.
Listen to @Excellion narrate the technical birth of #Bitcoin in this brilliant video by @bitcoinanatomy.
English
Bevan retweetledi
In May, @Excellion & @olegmikh1 met with Ko Ju-Chun (@dAAAb) at Taiwan’s Legislative Yuan to push for a sovereign #Bitcoin strategy.
Those efforts are bearing fruit: the Ministry of Justice has confirmed an audit of 210+ BTC in government holdings, ranking Taiwan 8th globally.
科技立委葛如鈞 Ko Ju-Chun@dAAAb
Taiwan No.8!! The Ministry of Justice revealed Taiwan holds 210.45 BTC in seized assets as of Oct 31, 2025. @coingecko data suggests this could rank Taiwan 8th globally in gov Bitcoin holdings!🏆! 經我質詢要求: 法務部回函10/31前,我國司法扣押 $BTC 達 210 顆,持有量位居全球第8!
English