Sidewalk to Nowhere

Thoughts, musings, and ideas from brian m. carlson


  • Git and SHA-256: stage 4

    In case you’d missed it, Git 2.29 has recently been released with a full stage 4 SHA-256 implementation. What exactly does that mean? Let’s take a look.

  • Mandatory Use of Git Hooks

    In my free time, I answer questions about Git on Stack Overflow, and I’ve seen a trend towards folks wanting to use hooks to enforce using various linting mechanisms or running test suites. This is generally a bad idea for a couple of reasons, mostly because it doesn’t achieve what you want to achieve and it makes advanced developers' lives needlessly difficult.

  • The Status of Git and SHA-256

    Recently, a new chosen-prefix attack on SHA-1 was announced. Since there’s renewed interest in it, here’s the state of SHA-256 work in Git.

  • Thoughts on Case-Insensitive File Systems

    As some folks know, I’m a contributor to Git. I also answer various questions about Git on Stack Overflow and elsewhere, and a lot of those questions are from users on Windows or macOS, since those are the two most common platforms.

  • Thoughts on XHTML and security

    One of the interesting security problems we see on the web today is how to deal with untrusted HTML. Lots of folks want to allow Markdown on their sites, or AsciiDoc or some other text format, and any of these can contain literal HTML that needs to be sanitized. The problem invariably comes down to writing a sanitizer that parses HTML in the way that everyone else parses HTML, so that a malicious user can’t provide HTML that escapes sanitization.

  • The EDITOR and VISUAL environment variables

    On most Unix systems, there are two environment variables that control the user’s choice of text editor: EDITOR and VISUAL. They have different historical purposes, but are generally interchangeable today.