11:00:19 <oneswig> #startmeeting scientific-sig 11:00:19 <opendevmeet> Meeting started Wed Jun 16 11:00:19 2021 UTC and is due to finish in 60 minutes. The chair is oneswig. Information about MeetBot at http://wiki.debian.org/MeetBot. 11:00:19 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 11:00:19 <opendevmeet> The meeting name has been set to 'scientific_sig' 11:00:32 <oneswig> echo... 11:02:08 <oneswig> No fixed agenda for today but I did have a couple of items 11:09:19 <oneswig> Quiet session today - anybody participating? 11:11:13 <b1airo> evening 11:12:29 <oneswig> Hi b1airo, sorry was writing terms for a fair usage agreement 11:12:36 <oneswig> not something I do every day! 11:12:58 <oneswig> #chair b1airo 11:12:58 <opendevmeet> Current chairs: b1airo oneswig 11:13:15 <b1airo> gawd, sounds like a hell of a hobby 11:13:34 <oneswig> Sometimes you need one, it seems. 11:13:53 <oneswig> I was also looking through this that one of the team posted: https://changelog.com/posts/monoliths-are-the-future 11:16:36 <oneswig> The usage agreement is for the SMS Lab - our public-access bare metal cloud project for free software projects. 11:17:00 <b1airo> oh cool, worth doing then for sure 11:17:23 <oneswig> Yes! It's not strictly public access, more that anyone can ask 11:17:59 <oneswig> Shaping up to be a fun effort all round. 11:19:18 <b1airo> that Kelsey piece rings true to some extent, but at a meta level i do wonder why our industry needs to spend so much time reminding ourselves that software is hard and technology is hyped 11:20:54 <oneswig> coupling with the (slanted) opinions of the Hashicorp guy, I wonder if all's going well in Kubernetes 11:21:54 <oneswig> Is there a software equivalent to the Peter Principle, in which a project develops increasing sophistication to the point where it buckles under its own complexity? 11:22:42 <b1airo> haha 11:23:59 <oneswig> Met somebody yesterday from your neck of the woods b1airo (well, Greta Point) in a local pub 11:24:20 <oneswig> He said the view from the canteen is the best 11:24:22 <b1airo> eh?! A NIWA'n ? 11:24:28 <oneswig> yup 11:25:28 <oneswig> Now an RSE at Cambridge University 11:25:50 <b1airo> that is funny. ex NIWA i take it? did they know the HPC crew? 11:26:17 <oneswig> I didn't get to go into details unfortunately 11:28:07 <oneswig> I was wondering about another SIG show-and-tell on control plane security monitoring. One of our team has been working on this and it is looking neat. 11:28:12 <b1airo> so, ISC is coming up pretty soon... any thoughts on survey? 11:28:21 <oneswig> good question. 11:30:43 <oneswig> Who seeded the mentimeter presentation with questions? Some of these are quite thorny 11:30:50 <b1airo> oh, that's topical - we've just put a 1-pager investment case together around security for our new infra... it's more focused on tenant-space and services that NeSI is running atop OpenStack, but obviously we need strong confidence in the control plane to underpin that 11:33:06 <oneswig> The question I might like to ask would be along the lines of "What is wrong with HPC in cloud?" 11:34:12 <oneswig> Asking someone what is wrong with what they are advocating is often interesting. If they say nothing, it's usually discrediting 11:35:42 <b1airo> ahh i haven't looked yet, I think last time it was some combination of inputs - will take a peak over the weekend i think. guess what we need to do first is decide how we're using the survey - is it purely an adjacent thing that we might refer to, or will we use it as an interactive tool to drive the discussion 11:36:09 <b1airo> yep agreed 11:36:35 <oneswig> b1airo: might be good to talk to heikkine from Basel University - he's on Slack. They've been working with Wazuh agents for deployed platforms (this is also what we are using for the control plane). 11:38:32 <b1airo> sounds like a good lead, suspect we'll be asking you more directly for a steer if it gets supported... 11:38:52 <oneswig> already looking forward to it. 11:39:42 <oneswig> b1airo: any other thoughts on new discussion content for the SIG? 11:41:16 <b1airo> one other thing I'm thinking of is the automation / control point / glue for taking action based on vulnerability scans, e.g., if we see something bad open to the Internet (where "bad" might mean exposing a critical vulnerability or against policy etc 11:43:42 <verdurin> That security monitoring is of interest to us too. 11:43:46 <oneswig> Good point. There's hardening to prevent it, patching to fix it when we've discovered it, and incident response to fix it after someone else has abused it. Each of those is a worthy subject for discussion 11:45:15 <oneswig> Hi verdurin 11:46:09 <verdurin> Hello. I managed to join even though I haven't updated my calendar entries for the time change yet... 11:46:18 <oneswig> I'll report back on options for a show-and-tell 11:46:48 <oneswig> verdurin: you managed to migrate from freenode as well 11:47:31 <verdurin> Must admit I tried libera first... 11:49:49 <oneswig> This ansible-hardening patch from May might be worth trying: https://github.com/openstack/ansible-hardening/commit/0114e44f3e9497a999ee923b807405f179f01d76 11:50:33 <b1airo> on other topics for the SIG - i'm interested in a discussion about multi-tenant managed service hosting, i.e., what do I need to offer and manage as part of a platform-service that let's RSEs deploy production science (web)services (specifically not HPC - though they might integrate with HPC) 11:51:29 <oneswig> That would certainly be interesting for a discussion, if we could gather a few options together. Good idea 11:52:04 <oneswig> I'll try noting these 11:52:28 <oneswig> #action follow-up discussion on security monitoring, hardening, incident response 11:52:38 <oneswig> not sure if that worked. 11:53:13 <b1airo> i'm selfishly putting the service provider lens on it as that's where we can add value and scale, people can always do their own thing if they have fundamental issues with technology choices 11:53:56 <oneswig> #action b1airo platforms-as-a-service roundup 11:54:06 <oneswig> We'll see if they turn up in the minutes... 11:54:07 <b1airo> it's just a question of what we can support and provide SLAs etc for 11:54:17 <b1airo> 🤞 11:54:55 <oneswig> b1airo: I think everyone's a service provider, nothing selfish about it I'd say 11:55:55 <oneswig> verdurin: any further thoughts from you on future discussion topics? 11:55:56 <b1airo> i mean i guess there are people just running OpenStack for fun, but those kind of people also have dungeons... 11:57:04 <oneswig> I like the people who do it for fun at least as much as the people who do it for profit :-) 11:57:58 <oneswig> nearly at time - and I'd like to put the kettle on. Any more to add? 11:58:07 <b1airo> who's holding the leather paddle? 11:58:27 <b1airo> 🥺 11:58:43 <oneswig> ha! If I had a dungeon it would be used for wine storage! 11:59:23 <b1airo> i concur 12:00:16 <oneswig> Time to close. Thanks b1airo verdurin 12:00:16 <oneswig> #endmeeting