Git-crypt is a dead product with numerous unresolved issues and drawbacks.
Newer versions of git cause git to crash when invoking git-crypt[0].
It doesn’t scale with users: Off-boarding a key is a commit in git. Since it is trivially easy to rewind a git repo before the revocation commit and then decrypt with the revoked key, this means you need to rotate every key under management when any revoke is performed.
It provides the illusion of asymmetric key encryption, but your asymmetric key wraps a shared symmetric key used to encrypt the entire repository. This also means a user could roll the repository back before a key was revoked and steal the symmetric key used to protect the repository and then use that key to decrypt the repository any time in the future.
It doesn’t scale with the number of files under management. As a result of how it’s implemented, every invocation is a separate process launch. This means every file triggers an asymmetric unwrap of the symmetric key. If you’re protecting your GPG key with hardware keyfob, decrypting the repository will take a long time.
This product seemed like a cool idea for a while but it’s implementation leave much to be desired and has not stood the test of time…
Password-store[1] does a better job than git-crypt for single user git based gpg encrypted password management.
For multi-user git repo encryption I prefer Mozilla SOPS[2], especially when coupled with something like AWS KMS…
But then you might consider stepping up to something like Hashicorp Vault[3] or Infisical[4].
"I would like to make this systemically better by addressing our second order problems that are causing our very visible first order problems"
You will be told that we absolutely do not have time for that. The only actions you're allowed to take are fighting the fires closest to you, not turning off the pumps that spray the gasoline everywhere.
Typically this is only even possible because nothing that you're doing is actually used or scrutinized since if it was, someone would have immediately noticed that nothing works. Usually this is at places running on varying levels of investment dollar three-card-montey.
My go to reference when I want to reduce rust binary size is the excellent https://github.com/johnthagen/min-sized-rust, a set of guidelines on how to reduce size with explanations of the consequences
3D printing has a bifurcation in the hobby; some people enjoy it for the objects they can make, some people enjoy it for the printers themselves. I pass no judgement either way, just an observation. I saw the same thing in the photography world; some were gearheads, some couldn't care less, and were focused on the image.
As for me personally, I spent many entertaining, delightful, maddening and frustrating years playing with a frankendelta of bodged parts, broken firmware and hacked wiring. Learned a ton, don't regret any of it. But the moment I got an X1C, the Rostock has been relegated to Spiral Vase mode only. And I can't help but note my actual printing volume has increased dramatically when the process became less of a babysit.
Having spent 2023 doing exactly what you aspire to do, I have some casual friendly advice: go into this problem-first.
While everyone learns differently and finds motivation in unique ways, nothing pushes me through all of the layers of frustration and learning like having an end-goal that I'm passionate about realizing. On the contrary, just hitting a list of things to learn in an arbitrary order hoping that it will stick when I actually need to get something done is like driving high speed into a wall.
When you approach a problem, the correct answer to "what next" is usually pretty apparent. In my case, for example, I had no idea that transitioning from software development to "hardware" (which really is just software running on hardware) would involve detours into learning Solidworks CAD so that I could model enclosures as well as render out what things will look like before they exist.
Another major area that I drastically underestimated was connecting the dots between the parts/components I use and the logistics of sourcing and using those parts. For example, the parts that are easily available on demand at JLCPCB are not only vastly different than what you can get from Digikey and Mouser, but they often need to be ordered in quantities of 100+. It's also "fun" realizing that if you want KiCAD to have nice looking 3D renders of your future board, you often have to go off hunting for 3D step files of each part. You are about to learn how it's common to make an order at Digikey that is actually shipped to JLCPCB so that they can assemble your board. They will even hold on to your parts in between orders.
Get comfortable with Octopart!
One project that I recommend is to actually implement your own MCU board instead of relying on prefabricated Adafruit or Arduino boards. Not only will it give you more flexibility, but there is something really gratifying about fully understanding how and why everything is working. While there are many tutorials on how to do this, I personally really like working with RP2040 chips and I found this three part series excellent: https://www.youtube.com/watch?v=RNH-CL8GrF8
One bit of parting advice (feel free to ask more) is around the concept of switch debouncing and hardware interrupts. I've found that there's a sort of "stages of grief" where people go through a dozen increasingly complex ways to make 1 press = 1 event. The short version is that there's no perfect way to do it in software, and where software is involved, you want to move away from polling pin state in your loop to using interrupt handlers ASAFP because sleeping in your loop is the root of all evil.
IMO, the only correct way to do switch debouncing is to use resistors and capacitors; this is known as an RC debounce (Google it). You then send those signals into a hex inverter like the 74HC04, and then into a digital pin on your MCU (which is then captured by an ISR hardware interrupt).
Every other path will just lead to pain. This might seem like a digression, but you'll thank me later.
Finally, you will be pleasantly shocked by how amazing GPT is at talking through schematics. It knows the datasheets, can explain circuits and alert you to quirks and gotchas.
ps. if you find yourself without interesting problems to solve, I highly recommend buying some cheap Nerd Musician courses and building some MIDI controllers! https://www.musiconerd.com/
Incidentally, the DEC J-11 PDP-11-on-a-chip is still available[0] and can easily[1] be hooked up to other required hardware (I mean, the thing has a monitor/debugger built in, what’s not to like?).
A few years back, I was trying to find out how to reduce mistakes in the programs I write.
I got introduced to Lamport's TLA+ for creating formal specifications, thinking of program behaviors in state machines. TLA+ taught me about abstraction in a clear manner.
Then I also discovered the book series "software foundations", which uses the Coq proof assistant to build formally correct software. The exercises in this book are little games and I found them quite enjoyable to work through.
Determinants always fascinated me, partly (completely?) because of the cool sounding name. I always wanted to get intuition for them because their formula is so simple, which has always been deeply unsatisfying to me to just take on its face.
This article got me searching for a 3blue1brown video on determinants and now my mind is absolutely blown!
The Strand is only worth going to as a tourist attraction (if you’re fully aware of its status as such), or if you need big art books (they’re unmatched in that category).
In NY, I’d say take a look at Left Bank books (rare, old literature, photography, art books - some are even early editions of classics), Codex (little used shop with a fantastic selection), Mercer St Books and Records (basement hole in the wall), Westsider Rare and Used books (an UWS classic), Unnameable Books (good events and a literary selection).
For new books, McNally Jackson is the preferred one for the reading public. Their staff selections are useful and they have a dedicated poetry and chapbook section.
About a decade ago I started reading law blogs instead of the news.
They're written for other lawyers, so they're well composed, often without excessive hyperbole. The writing is far higher quality than typical journalism. They're actually informational in terms of describing the mechanisms behind power in our society.
In terms of focus, if something is truly important there will always be a legal analysis. Celebrity fluff and nonsense about talking heads doesn't make the cut. Meaningful conflict and hard questions do.
"Von Neumann would carry on a conversation with my 3-year-old son, and the two of them would talk as equals, and I sometimes wondered if he used the same principle when he talked to the rest of us." - Edward Teller
See [0] for a demonstration.
I watched a documentary from the 80ies a long time ago. A mathematician (can't remember his name) who worked with von Neumann in Los Alamanos was interviewed. He described von Neumann's last weeks in the hospital - the cancer had already metastasized into his brain. The mathematician said something along this lines (I am citing from memory): "von Neumann was constantly visited by colleagues, who wanted to discuss their latest work with him. He tried to keep up, struggling, like in old times. But he couldn't. Try to imagine having one of the greatest minds maybe in the history of mankind. And then try to imagine losing this gift. I was terrible. I have never seen a man experience greater suffering."
Marina von Neumann (his daughter) later wrote this about his final weeks:
"After only a few minutes, my father made what seemed to be a very peculiar and frightening request from a man who was widely regarded as one of the greatest - if not the greatest - mathematician of the 20th century. He wanted me to give him two numbers, like 7 and 6 or 10 and 3, and ask him to tell me their sum. For as long as I can remember, I had always known that my father's major source of self-regard, what he felt to be the very essence of his being, was his incredible mental capacity. In this late stage of his illness, he must have been aware that this capacity was deteriorating rapidly, and the panic that caused was worse than any physical pain. In demanding that I test him on these elementary sums, he was seeking reassurance that at least a small fragment of this intellectual powers remained." [1]
In my Fortune 500 employer, we have pan-regional task forces/committees people can join for collaboration like this. I'm on the Engineering Training Taskforce in my region. We meet an hour a month to plan various events, including "Tech movie nights". Pre-COVID we'd get upper management to approve a small budget for popcorn during movie showings, etc. We also have a few (infrequent) long-running series of invited talks on a theme.
Follow-up discussion from earlier in a series is good, but you need it to not interfere with people being able to selectively attend events. Presumably, you'd want to budget some time after the video screening to discuss the just watched movie, followed by some budgeted time for discussing the previous video. If you start out with discussion of the previous video, you're going to scare off newcomers. Or, you have a Slack channel (or similar) for the series and have drawn out asynchronous discussion.
At least until you have critical mass, you need your series to be like an easy-watching low-context series with relatively self-contained episodes. Think The Simpsons instead of something that really requires investment to keep up with the context, like Game of Thrones.
Being on a taskforce/committee does take extra time and effort, but does show initiative and can get one valuable exposure/mindshare from upper management. At least in our organization, cross-team collaboration looks good at annual review time.
I'd be interested to see actual numbers for transaction volume, latency, and reliability of SWIFT and blockchain in practical use cases.
I worked on a payment system using the UK's Faster Payment Scheme a while ago. The SLA for latency is two seconds end-to-end, and is usually much faster than that, was simple enough for a gang of underpaid COBOL programmers to implement it successfully, and didn't have a mechanical error rate worth bothering about. In January it moved 186.1 million payments and 161 billion pounds:
FPS is UK-only, but there's nothing about the technology or the commercial and legal machinery that wouldn't work internationally. If SWIFT is really as bad as you say, it could be replaced with a better instance of the same technology; it doesn't require a haunted git repository to fix it.
Newer versions of git cause git to crash when invoking git-crypt[0].
It doesn’t scale with users: Off-boarding a key is a commit in git. Since it is trivially easy to rewind a git repo before the revocation commit and then decrypt with the revoked key, this means you need to rotate every key under management when any revoke is performed.
It provides the illusion of asymmetric key encryption, but your asymmetric key wraps a shared symmetric key used to encrypt the entire repository. This also means a user could roll the repository back before a key was revoked and steal the symmetric key used to protect the repository and then use that key to decrypt the repository any time in the future.
It doesn’t scale with the number of files under management. As a result of how it’s implemented, every invocation is a separate process launch. This means every file triggers an asymmetric unwrap of the symmetric key. If you’re protecting your GPG key with hardware keyfob, decrypting the repository will take a long time.
This product seemed like a cool idea for a while but it’s implementation leave much to be desired and has not stood the test of time…
Password-store[1] does a better job than git-crypt for single user git based gpg encrypted password management.
For multi-user git repo encryption I prefer Mozilla SOPS[2], especially when coupled with something like AWS KMS…
But then you might consider stepping up to something like Hashicorp Vault[3] or Infisical[4].
[0] https://github.com/AGWA/git-crypt/issues/273
[1] https://www.passwordstore.org/
[2] https://github.com/getsops/sops
[3] https://www.vaultproject.io/
[4] https://infisical.com/