GPG & Git

Posted on November 5, 2016February 26, 2017

Back in April, Github added support for a long-standing git feature — commit signing. Technically you’ve been able sign commits with -S since git 1.7.9, but there was no UI for it on Github. This update led folks to start automatically signing all commits, but that’s not necessary.

The git tree is a directed acyclic graph — meaning every commit references its parent — and hashed with SHA-1. In practice, this means it’s impossible to change the history of a git repo without rewriting all succeeding commits. Said another way, if you trust the SHA-1 hash of the head of the tree, you can implicitly trust the entire tree.

What does this have to do with signed commits? Well, when you sign a commit, you’re also signing all previous commits. This is one of the reasons that git originally only allowed tags to be signed:

Signing each commit is totally stupid. It just means that you automate it, and you make the signature worth less. It also doesn’t add any real value, since the way the git DAG-chain of SHA1’s work, you only ever need _one_ signature to make all the commits reachable from that one be effectively covered by that one.

You can automatically sign all tags by adding the following to your .gitconfig file:

[tag]
gpgsign = true

If you don’t tag releases, another good place to sign commits is at the end of a pull request. After a long chain, one signed commit effectively signs the entire branch. You can even add an empty, signed commit with:

git commit --gpg-sign --allow-empty

This way, there’s no need to enter a GPG passphrase for each commit, but only when you need it.

Choosing Wrong

Posted on July 4, 2016October 19, 2016

Last week’s episode of This American Life is about people making the wrong choices even when they know they are wrong. The first segment, from Malcom Gladwell’s new podcast, Revisionist History, is especially interesting. He talks to Rick Barry about Wilt Chamberlain and perfectionism.

MCA

Posted on May 4, 2016November 28, 2015

The M, C. and A trains won't be running, due to the world being really unfair, sometimes.

— Fake MTA (@FakeMTA) May 4, 2012

Donald Trump Dangit

Posted on March 11, 2016February 26, 2017

Last week Wired published an article with references to Donald Trump replaced with ‘someone with tiny hands’. Since this is obviously a problem, I have a solution, donald_trump_dangit. It will replace ‘someone with tiny hands’ with Donald Trump, so you can use the handy Drumpfinator extension without worry.

Pale Blue Dot

Posted on March 6, 2016April 21, 2021

This clip, at the end of Cosmos, seemed apropos as we watch politicians in the United States battle to be the “momentary masters of a fraction of a dot.”

Here’s a portion of the transcript, which I found on the Planetary Society’s website, taken from Carl Sagan’s 1994 book Pale Blue Dot.

The Earth is a very small stage in a vast cosmic arena. Think of the rivers of blood spilled by all those generals and emperors so that, in glory and triumph, they could become the momentary masters of a fraction of a dot. Think of the endless cruelties visited by the inhabitants of one corner of this pixel on the scarcely distinguishable inhabitants of some other corner, how frequent their misunderstandings, how eager they are to kill one another, how fervent their hatreds.

Our posturings, our imagined self-importance, the delusion that we have some privileged position in the Universe, are challenged by this point of pale light. Our planet is a lonely speck in the great enveloping cosmic dark. In our obscurity, in all this vastness, there is no hint that help will come from elsewhere to save us from ourselves.

The Earth is the only world known so far to harbor life. There is nowhere else, at least in the near future, to which our species could migrate.

— Carl Sagan, Pale Blue Dot, 1994