On the other hand, the TPM spec is pretty complex, especially because they wanted to address privacy issues: the endorsement key, burned by the manufacturer, is only able to encrypt messages and not able to sign them,…
Definitely not. But when someone looks at me, my gaze is drawn to that person, to say "hello" for instance. I have the same kind of feeling with a camera. (Maybe if i was living in a town, i would loose this reflex.)
On the french trains, you can sit opposite someone else. I'm feeling really uncomfortable when this person scrolls on its phone, with the phone back camera pointing to me for hours. I sometime ask this person to hide…
I think this is really close to the way nix2container works (https://github.com/nlewo/nix2container). nix2container generates metadata at build time and streams the required data at runtime. At build time, it generates…
In the same kind of spirit, when i was the tech team manager in a company without any transparent salary policy, i've been practicing what i've been called the "symmetrical salary management": when I knew the salary of…
More precisely, this is the price per person but if you travel alone, you have to share a room with someone else. Or you would have you to make private a double room which costs about 5400E.
> With no way of splitting up the Nix dependencies into separate layers nix2container [1] is actually able to do that: you can explicitly build layers containing a subset of the dependencies required by your image. An…
And regarding this part of the article > Particularly with GitOps and Flux, making changes was a breeze. i'm writing comin [1] which is GitOps for NixOS machines: you Git push your changes and your machines fetch and…
> Would Nix work well with GitHub Actions? You can use Nix with GitHub actions since there is a Nix GitHub action: https://github.com/marketplace/actions/install-nix. Every time the action is triggered, Nix rebuilds…
We have an issue to support non flake deployments: https://github.com/nlewo/comin/issues/30
No, it has been initially developed to manage a "COMmunity INfrastructure" and it sounds like the word "coming". I didn't know this meme but it's a nice coincidence because this infrastructure is actually a kind of…
The main issue is to use configuration files residing somewhere in the filesystem. This looks like a global variable in a codebase (something we generally try to avoid). Instead, the configuration file should be…
> would be hard to beat "sync a file to a warm container and run it" It depends on the size of your Pex file (i don't think you mentioned it and sorry if i missed the info). With a Docker/OCI image, it would be possible…
> The key factor behind our decision was the realization that while Docker images are industry standard, moving around 100s of megabytes of images seems unnecessarily heavy-handed when we just need to synchronize a…
FYI, the nix2container [1] project (author here) aims to speedup the standard Nix container workflow (dockerTools.buildImage) by basically skipping the tarball step: it directly streams non already pushed layers. [1]…
To get Rust incremental builds, did you consider using something such as crane https://github.com/ipetkov/crane ? And regarding OCI images, i built nix2container (https://github.com/nlewo/nix2container) to speed up…
Another advantage of the gomod2nix approach concerns long term build reproducibility [1]. Having each source dependency in its own derivation would make easier source code mirroring. Since Nix knows the hash of each…
First, you should own your domain, to own your email identity. With a domain, Gandi (my employer) includes two mail addresses: imap, roundcube, sogo, sieve filters, aliases,... https://www.gandi.net/en/domain/email
With https://github.com/nlewo/nix2container, I'm trying to make a more standalone tool. Basically, a Go binary takes a reference graph and produces a JSON file describing a container image. This JSON file is then…
On the other hand, the TPM spec is pretty complex, especially because they wanted to address privacy issues: the endorsement key, burned by the manufacturer, is only able to encrypt messages and not able to sign them,…
Definitely not. But when someone looks at me, my gaze is drawn to that person, to say "hello" for instance. I have the same kind of feeling with a camera. (Maybe if i was living in a town, i would loose this reflex.)
On the french trains, you can sit opposite someone else. I'm feeling really uncomfortable when this person scrolls on its phone, with the phone back camera pointing to me for hours. I sometime ask this person to hide…
I think this is really close to the way nix2container works (https://github.com/nlewo/nix2container). nix2container generates metadata at build time and streams the required data at runtime. At build time, it generates…
In the same kind of spirit, when i was the tech team manager in a company without any transparent salary policy, i've been practicing what i've been called the "symmetrical salary management": when I knew the salary of…
More precisely, this is the price per person but if you travel alone, you have to share a room with someone else. Or you would have you to make private a double room which costs about 5400E.
> With no way of splitting up the Nix dependencies into separate layers nix2container [1] is actually able to do that: you can explicitly build layers containing a subset of the dependencies required by your image. An…
And regarding this part of the article > Particularly with GitOps and Flux, making changes was a breeze. i'm writing comin [1] which is GitOps for NixOS machines: you Git push your changes and your machines fetch and…
> Would Nix work well with GitHub Actions? You can use Nix with GitHub actions since there is a Nix GitHub action: https://github.com/marketplace/actions/install-nix. Every time the action is triggered, Nix rebuilds…
We have an issue to support non flake deployments: https://github.com/nlewo/comin/issues/30
No, it has been initially developed to manage a "COMmunity INfrastructure" and it sounds like the word "coming". I didn't know this meme but it's a nice coincidence because this infrastructure is actually a kind of…
The main issue is to use configuration files residing somewhere in the filesystem. This looks like a global variable in a codebase (something we generally try to avoid). Instead, the configuration file should be…
> would be hard to beat "sync a file to a warm container and run it" It depends on the size of your Pex file (i don't think you mentioned it and sorry if i missed the info). With a Docker/OCI image, it would be possible…
> The key factor behind our decision was the realization that while Docker images are industry standard, moving around 100s of megabytes of images seems unnecessarily heavy-handed when we just need to synchronize a…
FYI, the nix2container [1] project (author here) aims to speedup the standard Nix container workflow (dockerTools.buildImage) by basically skipping the tarball step: it directly streams non already pushed layers. [1]…
To get Rust incremental builds, did you consider using something such as crane https://github.com/ipetkov/crane ? And regarding OCI images, i built nix2container (https://github.com/nlewo/nix2container) to speed up…
Another advantage of the gomod2nix approach concerns long term build reproducibility [1]. Having each source dependency in its own derivation would make easier source code mirroring. Since Nix knows the hash of each…
First, you should own your domain, to own your email identity. With a domain, Gandi (my employer) includes two mail addresses: imap, roundcube, sogo, sieve filters, aliases,... https://www.gandi.net/en/domain/email
With https://github.com/nlewo/nix2container, I'm trying to make a more standalone tool. Basically, a Go binary takes a reference graph and produces a JSON file describing a container image. This JSON file is then…