Sidewalk to Nowhere
Thoughts, musings, and ideas from brian m. carlson
Posts
Version Control for English (and other Natural Languages)
As some folks might know, my degree is not in Computer Science, but in English Creative Writing. When I was doing workshops in university, my professors and classmates all used Word and many of them used the built-in version control feature to version their documents. This was, and still is, a need that has been poorly anticipated, but with a little context, it makes sense.
Tips and Tricks for Password Generation
If you are anything like me, you probably have a lot of different places you need to log in with a username and password. Hopefully you are using a password manager to keep track of all of them so you don’t have to. My preferred option is 1Password; while it’s not free, I have great confidence in their security and for the value I get it’s some of the best money I pay.
Git and SHA-256: stage 4
In case you’d missed it, Git 2.29 has recently been released with a full stage 4 SHA-256 implementation. What exactly does that mean? Let’s take a look.
Mandatory Use of Git Hooks
In my free time, I answer questions about Git on Stack Overflow, and I’ve seen a trend towards folks wanting to use hooks to enforce using various linting mechanisms or running test suites. This is generally a bad idea for a couple of reasons, mostly because it doesn’t achieve what you want to achieve and it makes advanced developers' lives needlessly difficult.
The Status of Git and SHA-256
Recently, a new chosen-prefix attack on SHA-1 was announced. Since there’s renewed interest in it, here’s the state of SHA-256 work in Git.
Thoughts on Case-Insensitive File Systems
As some folks know, I’m a contributor to Git. I also answer various questions about Git on Stack Overflow and elsewhere, and a lot of those questions are from users on Windows or macOS, since those are the two most common platforms.
Thoughts on XHTML and security
One of the interesting security problems we see on the web today is how to deal with untrusted HTML. Lots of folks want to allow Markdown on their sites, or AsciiDoc or some other text format, and any of these can contain literal HTML that needs to be sanitized. The problem invariably comes down to writing a sanitizer that parses HTML in the way that everyone else parses HTML, so that a malicious user can’t provide HTML that escapes sanitization.
The EDITOR and VISUAL environment variables
On most Unix systems, there are two environment variables that control the user’s choice of text editor:
EDITOR
andVISUAL
. They have different historical purposes, but are generally interchangeable today.