Git for Windows: Line Endings
March 20, 2018
If you’re on a team of Windows developers - or more importantly, on a cross-platform development team - one of the things that comes up constantly is line endings. Your line ending settings can be the difference between development productivity and constant frustration. The key to dealing with line endings is to make sure your configuration is committed to the repository, using .gitattributes. For most people,
Read more
Talking about Git at Barcelona .NET Core: 6 March 2018
February 21, 2018
I'm excited to be speaking at the Barcelona .NET Core group on Tuesday, 6 March, 2018. I'll be talking about How Microsoft "Got Git", adopting the Git version control system in Visual Studio and VSTS, and "Scripting Git", how to build .NET applications that interact with Git repositories using LibGit2Sharp.
Read more
Git Security: Further Reading
February 21, 2018
In my talk at Git Merge today, I mentioned that there were some other difficulties handling security issues in Git. Here's some more information...
Read more
Merge vs Rebase: Do They Produce the Same Result?
December 21, 2017
I get asked quite a lot whether I recommend a merge-based workflow, or one where people rebase onto master. But to be quite honest, I couldn't possibly care less. Your workflow is your workflow after all, it's up to your team to work in the way that's most productive for you. For some teams that's merging, for some teams that's rebasing... n the end, the code gets integrated and the end result is the same either way, whether you merge or rebase it, right? Right? If you're a rebase fan, you've probably run into cases where you get conflicts during a rebase that you wouldn't get during a merge. But that's not very interesting... is there a case where merge and rebase both finish and produce a result, but a different tree? Is git-merge guaranteed to produce the same results as git-rebase?
Read more
Creating Mac Disk Images (DMG) with VSTS Build Agents
December 15, 2017
Writing cross-platform UI applications is hard, and there are a bunch of little problems, like packaging. You probably want to distribute your app in a DMG. One of the problems with creating a DMG, though, is that you need a Mac to do it. You can't easily create DMGs on a Linux box or a Windows VM. You need a proper Mac, and historically, it's been hard to find Macs in the cloud for CI hosts. But now, Visual Studio Team Services offers hosted Windows, Linux and Mac systems for continuous integration build hosts. And they're free to get started with.
Read more
git-open supports Visual Studio Team Services
December 6, 2017
I'm really excited that git-open 2.0 was just released. This newest version of git-open includes some changes that I contributed to support for Visual Studio Team Services and Team Foundation Server. This means that I can run a single command, git open, right from within my Git repository, and it will open up a browser and navigate to my project in Visual Studio Team Services.
Read more
Google Analytics for Your Podcast
October 27, 2017
I built a little open source side project: Google Analytics Handler, which reports tracking information to Google Analytics on the server side. It's for my new podcast, All Things Git, so that we can track the RSS and audio downloads from the podcast's website.
Read more
Changing Titles in Google Authenticator
August 23, 2017
Surely you know that the best practice for securing your accounts is to enable two-factor authentication. And hopefully you're using an application as your second factor, instead of text messages. Text messages may not work when you travel to foreign countries, but you're also reliant upon your wireless carrier to keep your data secure. Instead, use TOTP (Time-based One-Time Pad) to get a six digit number from a local application. There are many applications that support TOTP, but I keep it old school, and use the Google Authenticator application. The problem with the Google Authenticator app, though, is that it doesn't let you edit the title of a website (the "issuer") once you've set it up. So you end up with a number that's missing a title, and there's no good way to identify it. Thankfully, TOTP is a published standard, so you can actually create - and then scan - your own QR code based on the secret number that you're given when you turn on two-factor authentication.
Read more
Upgrading git for CVE 2017-1000117
August 14, 2017
A security vulnerability in Git has been announced: a bug in URL parsing can cause git clone to execute arbitrary commands. These URLs look quite suspicious, so it's unlikely that you'd be convinced through social engineering to clone them yourself. But they can be hidden in repository submodules. Unless you're a Continuous Integration build agent, I hope that it's quite uncommon that you git clone --recursive a repository that you do not trust. So this vulnerability is rather uncommon, but as with any security vulnerability that has the possibility of remote code execution, you should upgrade your Git clients immediately. Git version 2.14.1 is the latest and greatest version of Git, and has been patched. But most people don't actually build from source, so your version of Git is probably provided to you by a distribution. You may have different versions available to you - ones that have had the patches applied by your vendor - so you may not be able to determine if you're vulnerable simply by looking at the version number. Here's some simple steps to determine whether you're vulnerable and some upgrade instructions if you are.
Read more
(Re)introducing git-dad
June 18, 2017
After I dropped the git-recover script, @MordodeMaru asked me on Twitter if we could have a git dad command to help you out when you're in a jam: But when I started thinking about my stepdad and his banter with his coworkers, I thought that if a git dad command was really going to help you out, it would help you when you mistyped the git add command. It could bring you a bit of levity... a dad joke! And what better day than Father's Day to make that happen!
Read more