Roger Qiu

The Matrix AI team has been developing Polykey, a distributed peer-to-peer secret sharing system. It is intended to manage secrets, passwords, API keys for both humans and machines. Many secret management systems have been designed either only for humans, or only for machines. We think this is unnecessary and intend Polykey to work in both cases. However for this article, we'll focus solely on what Polykey provides to the Matrix infrastructure. Matrix Automatons may require secrets in order to communicate to an external API. There are several challenges to managing infrastructural secrets: How to automatically deploy software which relies on…

Nix, NixOS and NixPkgs allows us to to create project-specific development environments with project-specific dependencies (this usually means things like a C project, or a Python project... etc). The way this is done is different for every language community within the Nix ecosystem. The most well developed patterns would be the C/C++, Haskell and Python community, other language communities tend to be smaller and has less documentation. This article serves as an introduction to using Nix for developing projects in different languages that we have worked with. This means we will only focus on shell.nix. Remember that Nix…

This introduction assumes you have played with NixOS a bit, you know about content addressability and why it is important, and how Git repositories represent a distributed content addressed storage system. Git and Github is used as the source control for all of NixOS and NixPkgs. Both NixOS and NixPkgs source code is located here: https://github.com/NixOS/nixpkgs. This means every package that is available via Nix is defined in that repository. This includes OS services and general software. Nix, the language interpreter and the package manager tool is however located here: https://github.com/NixOS/nix. Channels…

Configuration divergence is a result of change entropy in an environment that doesn't enforce referential integrity between loosely-coupled state or "state-at-a-distance". Simultaneously this allows the anti-pattern of action at a distance. This phenomenon is also called "Connascence" and I have also called this "meta-coupling". This process gives us a system that becomes more and more opaque as time continues, and we lose referential transparency on the entire system. The result of course is a repeated cycle of entropic reduction projects (often called "refactoring" or "rewriting") where consultants are hired to…

Today, the most common way for developers to address a dependency is through the use of semantic versioning. This is where you create project A that depends on B at 1.2.3, where 1 is the major version, 2 is the minor version and 3 is the patch version. Accordingly, the rules of following semantic versioning means: Major versions change when you make incompatible API changes. Minor versions change when you add functionality in a backwards-compatible manner. Patch versions change when you make backwards-compatible bug fixes. Theoretically you should be able to update patch and minor versions of dependencies…