Same! I remember a co-worker getting a call from a relative about it so I went to cnn.com. ...only to see it time out. Same with usatoday.com and abcnews.com. At that point I knew that something was happening.
I then happened to remember that abcnews.com.au existed and figured Australia's websites weren't getting hit quite as hard as ours, and I was right. It was front page news there.
We all left the office (which was in Center City Philadelphia) a few minutes later.
This is one reason why whenever I build a new project, I build it inside of a Docker container.
That way, the project has just the dependencies it needs, and I know I can rebuild it at some point in the future and will be unlikely to run into problems when I do.
Using CAs and signed certificates in SSH is definitely the way.
If anyone wants to play around with that, without the risk of locking themselves out of a server, I built a little "playground" awhile back whihc is a series of Docker containers that can SSH to each other. Give it a try at https://github.com/dmuth/ssh-principal-and-ca-playground
(I haven't touched the project in awhile, so if there are any issues, please open an Issue and I'll gladly look at it!)
I can offer what much younger me was once told by a senior engineer:
1) With respect to not having whitespace: "Not everyone is as smart as you, and you need to ask yourself, do you want junior engineers working on your code to keep bothering you asking how things work, or would you rather your code by easy to read (and commented) so that they can pick things up on their own?"
2) With respect to complexity: "We are expected to build products that align with business objectives. New and experimental code belongs in your home lab and on your GitHub, not in a production environment."
Depending on how things go with #2, maybe offer to let the engineers spend 20% of their time working on lab projects to improve their product, with the understanding being that the rest of the time they are expected to build products with a minimum of complexity.
It lets you create a Git repo with synthetic commits and has sample exercises for doing different things within that repo, such as removing commits or squashing commits. (along with hints and answers)
Building this project helped me understand the ins and outs of Git much better and I suspect there will be value for anyone else who works through the examples.
That's interesting about the blocksize. I was never impacted by that because I mostly use dd for writing large files, and a large block size always made more sense to me. For example, if I wanted to test writing a 1 GB file to a flash drive, I'd do something like:
Agreed--SSH certificate authorities (and principals) are powerful things that can be used to manage SSH access at scale. My workplace is a large enterprise that uses our own CA for getting access to systems--the keys it issues are good for 8 hours, then we have to grab a new key (using an internal utility).
For anyone who is interested, I put together a little playground which can be spun up in Docker that allows you to play around with and learn how SSH CAs and Principals work:
You'll want to spin this up in Docker Compose, and to add custom hosts upstream of you (such as ISP routers), you can edit the hosts.txt file (to add in human-friendly names such as "upstream") and add those hosts in the HOSTS variable in the docker-compose.yml file.
Feel free to open an issue on the project or reach out privately if you have any questions.
"Never ever copy your private keys on a computer somebody else owns."
FTFY.
In more detail: if your private keys ever leave your computer via the network, it's a good idea to consider your private keys compromised and to burn them and create new ones.
> I got in a painfully stupid argument with a middle-age IT admin “we don’t want to our employees installing apps”
If they think that any domain that ends in .app is for installing apps, their mind is gonna be blown about some of the sites on .net and .org domains...
I then happened to remember that abcnews.com.au existed and figured Australia's websites weren't getting hit quite as hard as ours, and I was right. It was front page news there.
We all left the office (which was in Center City Philadelphia) a few minutes later.