Signing commits with GPG is a useful technique for verifying the authenticity and integrity of code changes - here’s how you can set it up.

Creating keys

First you’ll need to create a key-pair to start signing commits. Run the following command and follow the prompts (if in doubt accept the default settings).

gpg --full-generate-key

This should give you a primary key for signing and for certifying other keys, and a subkey for encryption:

ReDoS - the security threat that no-one knows about. At least that how it seems, every time I talk to developers about ReDoS and get blank looks. Or when the results of a code audit highlight a bunch of evil regular expressions.

We need to talk about ReDoS. In this post, I’ll explain what ReDoS actually is, and what developers can do about it.

This system provides 128-bit security level.

Ever seen a statement like this, and wondered what it meant?

When we talk about security level, we’re basically talking about the number of steps an attacker would need in order to break a cryptographic system. So taking the above statement, that means that any attack on that system would require at least 2¹²⁸ steps.

Let’s take an example. Imagine an encryption system that uses a 128-bit key. Let’s also assume that the only available attack on that system is through an exhaustive key search. That’s 2¹²⁸ possible keys that the attacker would have to search through in order to find the right key. That’s 2¹²⁸ steps, giving the system a 128-bit security level.

Let me take you on a trip back in time. Back exactly 109 years ago today, to the 22nd of May, 1915.

We’re a year in to the first world war, and we’re in Edinburgh, Scotland. 500 men board a train in the middle of the night, bound for the front line in Gallipoli.

But they would never make it.

£250,000. That’s how much it costs my organisation when I hire the wrong the person.

Now you might be wondering how much I pay in agency fees, but I’m talking about the true cost of employee turnover. It’s natural to only think of the direct costs associated with recruitment, but these pale in comparison to the opportunity costs incurred through lost productivity as people leave and join a business.

So, if you make hiring decisions, the real costs associated with getting it wrong probably run to hundreds of thousands of pounds. But don’t panic! I’ve got 3 simple tips for you that will boost your chances of hiring the right person.

Artificial Intelligence (AI) is the most existential challenge humanity will ever face. There is a point of no return where we can still regulate AI, and that is when it becomes smarter than us. And that moment is just a few months away.

This was the message presented by Mo Gowdat in a recent edition of Diary of a CEO. Mo is the former Chief Business Officer of Google X and a world renowned AI expert. His warnings are just one of many made by AI experts from across the globe ever since ChatGPT went public just over a year ago.