#openstack-meeting-alt log

17:00:45 <hyakuhei_> #startmeeting security
17:00:46 <openstack> Meeting started Thu Aug  4 17:00:45 2016 UTC and is due to finish in 60 minutes.  The chair is hyakuhei_. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:47 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:00:49 <openstack> The meeting name has been set to 'security'
17:00:54 <singlethink> o/
17:01:00 <hyakuhei_> hey!
17:01:03 <xarses> sorry guys
17:01:10 <hyakuhei_> no worries
17:01:14 <hyakuhei_> #link https://etherpad.openstack.org/p/security-agenda
17:02:14 <hyakuhei_> I'm expecting a quiet meeting
17:02:22 <hyakuhei_> Blackhat etc.
17:03:19 <hyakuhei_> So I guess we'll get started, any Syntribos folks around?
17:03:58 <hyakuhei_> Hmm, I guess not
17:04:28 <hyakuhei_> lhinds: you around?
17:04:51 * hyakuhei_ listens for an echo
17:04:54 <hyakuhei_> hey dg____
17:05:14 <hyakuhei_> It's oddly quiet here, concerned the internet broke.
17:05:28 <dg____> are we in the wrong room or something?
17:05:29 <elmiko> hi =)
17:05:33 <dg____> hey elmiko
17:05:48 <hyakuhei_> elmiko is here! Everything will be ok now.
17:05:50 <elmiko> how's things on the other side of the pond?
17:06:03 <hyakuhei_> I'm your side atm elmiko
17:06:11 <elmiko> ooh, interesting... ;)
17:06:17 <hyakuhei_> I know rite!?
17:06:27 <elmiko> can't get enough american politics huh?
17:07:13 * singlethink has had enough... hyakuhei_ can take my share
17:07:24 <elmiko> hahaha, singlethink++
17:07:56 <hyakuhei_> So I'm not sure we have enough of a quorum to follow the normal meeting agenda.
17:08:08 <dg____> its oddly quiet
17:08:31 <dg____> guess a few people are in vegas
17:08:40 <hyakuhei_> I think with the various conferences / things going on at the moment and the midcycle on the horizon there's not much going to happen before the summit
17:08:46 <hyakuhei_> s/summit/midcycle/
17:08:52 <dg____> +1
17:08:58 <dg____> anything you want to discuss?
17:09:08 <dg____> elmiko are you coming to the midcycle?
17:09:13 <hyakuhei_> Last chance to vote for: https://www.openstack.org/summit/barcelona-2016/vote-for-speakers/
17:09:15 <elmiko> no, i don't think so
17:09:32 <gmurphy> how's the threat analysis stuff going dg____?
17:09:35 * gmurphy hides
17:09:49 <elmiko> i thought about trying to get clearance for some sort of last hurrah with the ossp, but it didn't quite work out
17:10:49 <hyakuhei_> booo.
17:10:56 <singlethink> I just added one item under OSSNs
17:11:01 <hyakuhei_> Roadtrip! We'll cover food, you can stay in my bathroom :P
17:11:10 <hyakuhei_> #topic OSSN
17:11:11 <elmiko> haha, brilliant!
17:11:27 <dg_____> back again, sorry internets
17:11:28 <hyakuhei_> singlethink: could you say a bit more about NTP ?
17:11:35 <singlethink> Ok well... we and others have been reporting a number of NTP vulnerabilities lately
17:11:54 <singlethink> basically, there are a number of ways that (until very recently) unauthenticated attackers can change time
17:11:59 <singlethink> or DoS ntpd
17:12:08 <hyakuhei_> Well NTP's insecure in general and lots of services like Swift need precise timing....
17:12:15 <singlethink> A number of them can be mitigated by hardening the NTP configuration
17:13:10 <singlethink> Would the steps to harden NTP in an OpenStack environment be an appropriate OSSN topic?  Or is it too general (because there's lots of stuff that depends on NTP outside of OpenStack too)
17:14:00 <hyakuhei_> Tricky. So OSSN can (and do) refer to issues that underly OpenStack.
17:14:14 <dg_____> seems like a topic for the guide
17:14:20 <dg_____> at least mentioning that it should be done
17:14:20 <hyakuhei_> I think an OSSN would be fine. It'd have to spell out that it's not an inherent issue with OpenStack but that services can be abused by it.
17:14:42 <hyakuhei_> dg_____: Agree but OSSN is just easier right now, Guide is in limbo
17:14:44 <singlethink> ack
17:14:57 <hyakuhei_> Is that a fair thing to say elmiko ?
17:15:31 <elmiko> yeah, i think an ossn is appropriate, but ideally something in the guide would be tops in my book
17:15:35 <gmurphy> well it seems more like OS hardening. so could be a slippery slope if we start down that path too.
17:15:53 <elmiko> i mean, there could be discussions of alternate ntp implementations and whatnot...
17:15:55 <hyakuhei_> gmurphy: I understand, but OSSN are generally driven by the authors.
17:15:58 <singlethink> I'd be fine with either.  I was trying to come up with something of reasonable scope to contribute
17:16:00 <dg_____> hyakuhei is that due to limboing strategy or lack of resource?
17:16:00 <gmurphy> kk.
17:16:08 <gmurphy> lack resource i think
17:16:20 <hyakuhei_> dg_____: lack of resource isn't a strategy?
17:16:36 <dg_____> it is at HPE ;)
17:17:08 <elmiko> zing!
17:17:08 <hyakuhei_> Just #OpenStackThings.
17:17:36 <singlethink> It looks like the install guides instruct users to install Chrony these days: http://docs.openstack.org/mitaka/install-guide-obs/environment-ntp.html
17:17:39 * hyakuhei_ takes the KB away from dg_____ for his own good
17:17:52 <dg_____> hahah thanks hyakuhei_
17:18:27 <dg_____> ok guys, i have to step out early, Im going to attempt to write a section on threat analysis for the security guide before the mid-cycle
17:18:46 <gmurphy> #link - https://github.com/viraptor/reconbf
17:18:49 <unrahul> Guys
17:18:50 <elmiko> dg_____: good luck, we're all counting on you
17:18:56 <hyakuhei_> dg_____: let me know how I can help, should have a couple of hours available next week
17:18:56 <gmurphy> this is another tool HPE open sourced recently
17:19:14 <unrahul> Can I do the Syntribos updates after this?
17:19:15 <gmurphy> has some openstack scope
17:19:23 <hyakuhei_> Whoop, I was wondering if Recon would get open sourced. That's cool
17:19:28 <hyakuhei_> We should do a blog post about it.
17:19:35 <gmurphy> thought i would throw that out there since it's about 3am in australia where stan is
17:19:38 <hyakuhei_> I'll draft something if others don't mind
17:19:51 <singlethink> ohh... that looks cool
17:19:51 <gmurphy> ping stan on it. i'm sure he'd be happy to help
17:19:53 <hyakuhei_> I'll stub it out, invite everyone to comment/edit as appropriate
17:20:00 <hyakuhei_> gmurphy: for sure
17:20:11 <gmurphy> sounds good. he submitted a talk for the summit on it too
17:20:32 <gmurphy> starting to add in more openstack related profiles recently etc
17:20:45 <gmurphy> previously had been a lot of operating system type stuff
17:20:54 <hyakuhei_> It's a really interesting project, very happy to see it's open source now
17:21:29 <gmurphy> may not be the final home either. but is there for now
17:21:42 <hyakuhei_> Cool!
17:21:55 <hyakuhei_> ok, I don't have anything else on OSSN unless you guys do?
17:22:08 <hyakuhei_> #topic Docs
17:22:34 <elmiko> docs are gewd
17:22:39 <hyakuhei_> So my understanding is that sicarie is moving on and elmiko will have very little time to look at docs in the future
17:22:41 <elmiko> we need more
17:22:47 <hyakuhei_> ^ Crisis mode enabled.
17:22:48 <gmurphy> soz. i just jumped the gun then. i thought you changed the topic to #openstackthings lol
17:22:50 <elmiko> oh wow, didn't hear that about sicarie
17:22:56 <hyakuhei_> gmurphy: no worries
17:23:05 <elmiko> good for him (i hope)
17:23:27 <hyakuhei_> So it's possible I've just told the internet something I shouldn't have but I don't think it was secret. My understanding is he's changing role and it'll be less OpenStack focussed in general
17:23:40 <elmiko> i am cartainly willing to help transition with the docs, but i'll need live bodies
17:23:59 <hyakuhei_> Understood. So we need to work out how to fix this. I'll talk to the docs core
17:24:07 <elmiko> sounds good
17:24:10 <hyakuhei_> We also need to work on that open-letter/email to the ML
17:24:30 <elmiko> fortunately, there isn't much institutional knowledge around the sec-docs. it's pretty straightforward
17:24:48 <hyakuhei_> elmiko: yeah, we just have to get people involved.
17:24:55 <elmiko> right
17:25:03 <hyakuhei_> Or work out some elaborate trick to get them contributing ;)
17:25:06 <elmiko> the scripts are all self-explanatory
17:25:18 <elmiko> heh, i'd love to hear about said trick ;)
17:25:19 <hyakuhei_> Excellent.
17:25:34 <hyakuhei_> elmiko: think back a few years - see if you remember when it happened ;)
17:25:41 <hyakuhei_> #topic Midcycle
17:25:44 <hyakuhei_> #link https://etherpad.openstack.org/p/barbican-security-midcycle-N
17:26:00 <elmiko> hyakuhei_: ack
17:26:25 <hyakuhei_> So IBM is going to sponsor the room and breakfast/lunch for Security people. I think I can swing Barbican too if that's not covered already... redrobot know what the score is there?
17:27:37 <hyakuhei_> I dont' have much more to add really. We need a few more unconference topics but I think lots of the work will be sprints to tidy/clean/wrapp various projects
17:27:55 <hyakuhei_> Thoughts?
17:29:12 <elmiko> i think ibm should definitely cover breakfast for barbican, they work hard!
17:29:35 <hyakuhei_> totes!
17:29:41 <hyakuhei_> #topic Any other business
17:29:58 <gmurphy> (insert previous recon discussion here)
17:30:02 <hyakuhei_> Today is the last day of conference voting
17:30:07 <hyakuhei_> #link https://www.openstack.org/summit/barcelona-2016/vote-for-speakers/
17:30:16 <elmiko> gmurphy: what is recon?
17:30:17 <hyakuhei_> There's some great talks there and a few really fuddy oness.
17:30:43 <gmurphy> elmiko: the github link from before
17:30:57 <elmiko> hyakuhei_: any talks you want to highlight?
17:31:03 <gmurphy> how many talks this year hyakuhei_?
17:31:17 <hyakuhei_> 30ish I think
17:31:33 <hyakuhei_> elmiko: No, can't hotlink anyway
17:31:41 <elmiko> ack
17:31:47 <hyakuhei_> Will mention that using keyboard numbers and arrows is way faster for voting
17:31:48 <hyakuhei_> heh
17:31:48 <elmiko> recon looks cool
17:31:54 <hyakuhei_> It is
17:32:06 <unrahul> Hey hyakuhei_ I am from #Syntribos, can I update about the project after we finish up, I was running late
17:32:58 <hyakuhei_> unrahul: good stuff, thanks :)
17:33:12 <hyakuhei_> I don't think we have any more stuff for you
17:33:25 <hyakuhei_> Anyone else have other business before we dive into Syntribos?
17:33:55 <gmurphy> nopes
17:33:59 <hyakuhei_> #topic Syntribos
17:34:08 <unrahul> Thanks hyakuhei_ ! , We are working on making the internal APIs a lil better
17:34:09 <hyakuhei_> unrahul ^^^
17:34:39 <unrahul> and also, on the front end part, we were intially following uniittest results ouput
17:34:44 <hyakuhei_> Interesting, do you have things you want reviewing/contributing to?
17:35:12 <unrahul> we have moved on from there and is working on making it better.
17:35:14 <unrahul> https://review.openstack.org/#/c/345286/
17:35:38 <unrahul> this patch has been there for a while and is close to getting merged. but other than that we are working on multiple patches not ready for review really
17:35:55 <unrahul> Both ccneill and mdong are off to DEFCON so.. things are kinda slow..
17:36:18 <elmiko> lucky....
17:36:30 <unrahul> yeah elmiko !.
17:36:39 <unrahul> thats it from us..
17:37:17 <hyakuhei_> Awesome, thanks unrahul, you're doing extremely good work here, I know it's already being used internally here on at least one big project.
17:37:53 <hyakuhei_> Any last minute things ?
17:38:01 <unrahul> thanks hyakuhei_ ! it is really great to hear other projects are using it.. especially still we are in alpha.
17:38:13 <unrahul> have fun guys!
17:38:24 <hyakuhei_> #endmeeting