GPG & Git

Back in April, Github added support for a long-standing git feature — commit signing. Technically you’ve been able sign commits with -S since git 1.7.9, but there was no UI for it on Github. This update led folks to start automatically signing all commits, but that’s not necessary.

The git tree is a directed acyclic graph — meaning every commit references its parent — and hashed with SHA-1. In practice, this means it’s impossible to change the history of a git repo without rewriting all succeeding commits. Said another way, if you trust the SHA-1 hash of the head of the tree, you can implicitly trust the entire tree.

What does this have to do with signed commits? Well, when you sign a commit, you’re also signing all previous commits. This is one of the reasons that git originally only allowed tags to be signed:

Signing each commit is totally stupid. It just means that you automate it, and you make the signature worth less. It also doesn’t add any real value, since the way the git DAG-chain of SHA1’s work, you only ever need _one_ signature to make all the commits reachable from that one be effectively covered by that one.

You can automatically sign all tags by adding the following to your .gitconfig file:

[tag]
gpgsign = true

If you don’t tag releases, another good place to sign commits is at the end of a pull request. After a long chain, one signed commit effectively signs the entire branch. You can even add an empty, signed commit with:

git commit --gpg-sign --allow-empty

This way, there’s no need to enter a GPG passphrase for each commit, but only when you need it.

Pale Blue Dot

This clip, at the end of Cosmos, seemed apropos as we watch politicians in the United States battle to be the “momentary masters of a fraction of a dot.”

Here’s a portion of the transcript, which I found on the Planetary Society’s website, taken from Carl Sagan’s 1994 book Pale Blue Dot.

The Earth is a very small stage in a vast cosmic arena. Think of the rivers of blood spilled by all those generals and emperors so that, in glory and triumph, they could become the momentary masters of a fraction of a dot. Think of the endless cruelties visited by the inhabitants of one corner of this pixel on the scarcely distinguishable inhabitants of some other corner, how frequent their misunderstandings, how eager they are to kill one another, how fervent their hatreds.

Our posturings, our imagined self-importance, the delusion that we have some privileged position in the Universe, are challenged by this point of pale light. Our planet is a lonely speck in the great enveloping cosmic dark. In our obscurity, in all this vastness, there is no hint that help will come from elsewhere to save us from ourselves.

The Earth is the only world known so far to harbor life. There is nowhere else, at least in the near future, to which our species could migrate.

— Carl Sagan, Pale Blue Dot, 1994

Github Auto Deploy

I published my first npm package over the weekend: github-auto-deploy.

I’ve been playing with Github Auto Deploys recently. There are a couple things I’m doing here that I think are different from the typical auto deploy workflow.

  1. Using the deployment event. Github has a way to differentiate push from deployment. Deployments have the added benefit of depending on Github statuses, like ci/travis-ci. Having deployments depend on a test suite is nice.
  2. Using git fetch && git checkout. Instead of doing a git pull and slowly updating files depending on the network speed, first fetch all the files and then do a quick file pointer swap to instantly update all files at once.

Example

PORT=1234 SECRET="Swifty4Lyfe" gad /var/app /var/app/bin/deploy.sh

In this example, deploy.sh might look something like this:

npm install
service node-app restart

If you have questions or suggestions, let me know!

The man who brought us the lithium-ion battery at the age of 57 has an idea for a new one at 92

QZ has an amazing article about 92 year old John Goodenough, inventor of the lithium-ion battery.

The good news is that Goodenough has one last idea. He’s working on it with yet another crop of post-doctoral assistants. “I want to solve the problem before I throw my chips in,” he says. “I’m only 92. I still have time to go.”

Source: The man who brought us the lithium-ion battery at the age of 57 has an idea for a new one at 92 – Quartz