You’ve likely heard everyone at the office or online proclaim that “K8s has eaten everyone’s lunch!” or that “everything should be in a docker container!”. While there are advantages to the above methodologies; it’s very easy to have cargo-culted their adoption; especially for Kubernetes (K8s). I find the biggest problem however that there is a fundamental lacking of what is a *container. There s a 1000 other posts online explaining containers and I’m adding my own to the pool...| Farid Zakaria’s Blog
tl;dr: Linux capabilities are just xattrs (extended attributes) on files — and since tar can preserve xattrs, Bazel can “smuggle” them into OCI layers without ever running sudo setcap.| Farid Zakaria’s Blog
Know thy enemy. – Sun Tzu Anyone who’s used Protocol Bufffers| Farid Zakaria’s Blog
Ever run into the issue where you exit your main method in Java but the application is still running?| Farid Zakaria’s Blog
The Java language implementation for Bazel has a great feature called strict dependencies – the feature enforces that all directly used classes are loaded from jars provided by a target’s direct dependencies.| Farid Zakaria’s Blog
There is endless hype about the productivity boon that LLMs will usher in.| Farid Zakaria’s Blog
At DEFCON33, the Nix community had its first-ever presence via nix.vegas and I ended up in fun conversation with tomberek 🙌.| Farid Zakaria’s Blog
I have been actively trying to contribute to CppNix – mostly because using it brings me joy and it turns out so does contributing. 🤗| Farid Zakaria’s Blog
Since the introduction of Nix and similar store-based systems such as Guix or Spack, I have been fascinated about finding improvements that take advantage of the new paradigms they introduce. Linux distributions are traditionally dynamic in nature, with shared libraries and executables being linked at runtime. Store-based systems, however, are static in nature, with all dependencies being resolved at build time. This determinism allows for not only reproducibility but also the ability to opti...| Farid Zakaria’s Blog
Have you ever found your java_binary full of mixed bytecode versions and wondered why?| Farid Zakaria’s Blog
If you just want a very easy-to-use binary cache, consider using cachix. Nix is an amazing tool, however the learning curve can be very high. The online wiki has a lot of great documentation however I find it is often very geared towards NixOS specifically. I wanted to better understand how to setup my own binary cache.| Farid Zakaria’s Blog
Special shoutout to aspect-build/rules_py whose inspiration for the py_image_layer helped me in crafting this solution. 🙏| Farid Zakaria’s Blog
One of the more seemingly complex features of Bazel are transitions.| Farid Zakaria’s Blog
For the longest time before embarking on my NixOS journey on my wonderful Framework 13 AMD laptop – I was a big advocate for running Nix atop a traditional Linux distribution like Debian.| Farid Zakaria’s Blog
We had the case at $DAYJOB$, where our CI system would occassional bork 💀.| Farid Zakaria’s Blog
Nix is great, but it can be a bit dreary continuously looking at the endless /nix/store paths with their varied letters.| Farid Zakaria’s Blog
My recent posts on dynamic-derivations had me thinking more about working with Nix more directly.| Farid Zakaria’s Blog
I have been doing quite a lot of Bazel for $DAYJOB$; and it’s definitely got it’s fair share of warts. I have my own misgivings of it’s migration to bzlmod and it converging to a standard-issue dependency-management style tool. We have yet to transition to MODULE.bazel and our codebase is quite large. As you’d expect, we hit quite a lot of diamond dependency issues & specifically with external repositories in our WORKSPACE file. A surprising implementation detail I recently learned wa...| Farid Zakaria’s Blog
I have written a lot about NixOS, so it’s no surprise that when I went to go dust off my old Raspberry Pi 4, I looked to rebrand it as a new NixOS machine. Before I event went to play with my Pi, I was unhappy with my current home-networking setup and looked to give it a refresh. I have had always a positive experience with Ubiquiti line of products. I installed two new AP (access points) and setup a beautiful home rack server that is completely unnecessary since my Internet provider is Com...| Farid Zakaria’s Blog
Note This is a follow up to my previous post on speeding up elf relocations for store based systems. I wrote earlier about some impressive speedups that can be achieved by foregoing the typical dynamic linking that can be applied to systems such as Nix where the dependencies for a given application are static.| Farid Zakaria’s Blog
I have been a big fan of the fish shell lately mostly because it delivers what it promises; works out of the box™️. The obvious downside to fish is that it is non-standard POSIX sh – meaning some (not all!) of the 1-line scripts you find on the Internet may not work. I use to be a pretty big zsh fan but I hit enough oddities with my setup that I gave up in anger one day. 😤| Farid Zakaria’s Blog
This is a follow-up post to my prior one NixOS Option Inspection. Many thanks to @roberth who followed up on my issue and helped explain it. 🙏 If you are using NixOS, you’ve likely encountered the module system. It’s NixOS’s super-power and what makes it incredibly easy to share, reuse and configure systems based on Nix { imports = [ ./hello.nix ]; services.hello = { enable = true; greeter = "Bob"; }; } In a prior post, I wrote about how it can be challenging to work backwards ⏪ fr...| Farid Zakaria’s Blog
NixOS modules are great; and it’s one of the superpowers of NixOS. They’re so great, there was a working group to look into how to apply the concept to Nixpkgs itself. For those uninitiated, there are plenty of guides online describing it’s value and purpose such as this one or on nix.dev. My largest complaint thus far with it was that it’s hard to go backwards. ⏪ “Who and what defined a particular option?” 🕵️| Farid Zakaria’s Blog
This is a post inspired by many talks I’ve given to engineering groups about Nix. You can see an example of one such talk Why I love Nix, and you should too I’ve given a lot of Nix talks. I’ve given Nix talks internally at companies where I’ve introduced it, at local meetups and even at NixCon. Giving a talk about Nix is hard. As engineers I find often we try to explain why or how Nix works but never show the end result. Many of the talks I’ve given start explaining “Nix developed...| Farid Zakaria’s Blog