dsa bof
play

DSA BOF DebConf17 Montral, Canada 1 agenda delegation: what do - PowerPoint PPT Presentation

Oct 11, 2022 •318 likes •445 views

DSA BOF DebConf17 Montral, Canada 1 agenda delegation: what do we do membership: who are we looking back: what we've been up to moving forward: what we're planning IAM refresh cloud infrastructure service

  1. DSA BOF DebConf17 
 Montréal, Canada 1

  2. agenda • delegation: what do we do • membership: who are we • looking back: what we've been up to • moving forward: what we're planning • IAM refresh • cloud infrastructure • service packaging • contact us 2

  3. delegation • what we do: • maintain the Debian user database (LDAP) • administer Debian infrastructure in support of Debian services • manage some Debian services (authN, authZ, email, static websites, security mirrors, DNS, CDNs, TLAs) • coordinate with hosting (eg UBC) and service providers (eg Fastly) • work with Debian Developer colleagues in support of their services 3

  4. membership • Aurelien Jarno (aurel32) • Héctor Orón Martínez (zumbi) • Julien Cristau (jcristau) • Luca Filipozzi (lfilipoz) • Martin Zobel-Helas (zobel) • Paul Wise (pabs) • Peter Palfrader (weasel) • Stephen Gran (sgran) • Tollef Fog Heen (tfheen) 4

  5. looking back • CDN-backed apt repositories: http://deb.debian.org ... general availability! • experimental anycast-available apt repositories • mergers and acquisitions • DebConf infrastructure ... has been very slow going • infrastructure refresh (thank you HPE and LeaseWeb!) • @UBC: 4 HPE BL460c Gen9 machines, HPE BLc7000 enclosure, HPE MSA2040 SAN, 10GE switches, and FC switches for core services • Bytemark: HPE DL380 Gen9 machine for cdimage service • @Sanger: HPE DL360 Gen9 machine for snapshot service • @LeaseWeb: 2 HPE DL180 G6 machines for snapshot cluster 5

  6. moving forward • mergers and acquisitions • work with DebConf Team to decide whether to cease or complete the transition of DebConf services to DSA ... currently stalled • work with Alioth Team to decide how to support the transition from Alioth to «insert name of thing here when we know what it is» • infrastructure refresh • bytemark refresh • ftp-master redux in EU and cdimage redux in NA • buildd/porter status: wtf sparc64, omg mips, yay arm • consistent out-of-band management ... because we didn't 6

  7. identity & access mgmt • Debian's IAM infrastructure is built for decentralization • ssh push of service-specific files generated from LDAP data • heavily customized schemas; crufty utilities • started a replacement for the utilities, 'ud', but not for the schemas • maybe we need to think about de-customizing the schemas • can leverage more tools • maybe we need to think about revamping SSO (SAML, OIDC) • can o ff er authN/authZ to other services: AWS IAM, API proxies, etc. 7

  8. cloud infrastructure • DSA believes Debian infrastructure should be controlled by Debian: • dedicated hardware hosted in friendly data centres • virtual machines on hypervisors that are Debian-controlled • insecure hypervisors make for insecure virtual machines • DSA still believes this but we're prepared for the conversation about leveraging o ff ers from cloud providers (AWS, GCP , AZURE, OVH, etc.) • we're prepared to o ff er SAML/OIDC services to leverage Debian credentials for cloud services • we want to empower a Cloud Team to manage Debian LDAP group membership which translates into cloud service authorization 8

  9. service packages • whenever Debian releases our distribution, just like every other system administration team, DSA jumps through some hoops to ensure that the services we support function correctly • typically, there are no test suites; more importantly, we don't o ff er our service owners a viable test environment • we think they should use their own systems... but they don't always have access to debian.org services on which they might depend... • what if we o ff ered a container service? • service owners provide complete recipes; we build the containers • and we rebuild them whenever there are security updates • and we provide some test containers that provide mock services 9

  10. requests & final thoughts • d-i team: • please make deb.debian.org the default but make location-specific mirror available at priority low or medium • apt team: • please work with mirror operators to implement content security policies in order to deliver hash mismatches, etc. • please improve apt such that it retries • dsa team: • consider using CDN for security mirrors 10

  11. contact us • mailto:debian-admin@lists.debian.org • mailto:dsa@debian.org • irc://irc.oftc.net/debian-admin 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HPE SecureData for Big Data Platform HPE Vertica Big Data Platform HPE Security Data

HPE SecureData for Big Data Platform HPE Vertica Big Data Platform HPE Security Data

HPE SecureData for Big Data Platform HPE Vertica Big Data Platform HPE Security Data Security February 2016 Data Security Impacts Design and Delivery of Big Data Projects Data Security frequently is a leading Role Security Impacts

545 views • 23 slides
Lattice Models: The Simplest Protein Model The HP-Model (Lau & Dill, 1989) model only

Lattice Models: The Simplest Protein Model The HP-Model (Lau & Dill, 1989) model only

Lattice Models: The Simplest Protein Model The HP-Model (Lau & Dill, 1989) model only hydrophobic interaction alphabet { H , P } ; H/P = hydrophobic/polar energy function favors HH-contacts structures are discrete, simple, and

628 views • 52 slides
HPE StoreVirtual to StorMagic SvSAN MAKING THE COMPLEX SIMPLE MAKING THE COMPLEX SIMPLE

HPE StoreVirtual to StorMagic SvSAN MAKING THE COMPLEX SIMPLE MAKING THE COMPLEX SIMPLE

2019 2020 MIGRATING FROM HPE StoreVirtual to StorMagic SvSAN MAKING THE COMPLEX SIMPLE MAKING THE COMPLEX SIMPLE CONFIDENTIAL PRESENTERS & AGENDA BRUCE KORNFELD Chief Marketing & Product Officer MARK CHRISTIE Director, Technical

873 views • 16 slides
cience About S cience 2.0 and Open S Dr. Guido Scherp Coordinator Leibniz Research Alliance

cience About S cience 2.0 and Open S Dr. Guido Scherp Coordinator Leibniz Research Alliance

cience About S cience 2.0 and Open S Dr. Guido Scherp Coordinator Leibniz Research Alliance Science 2.0 ZBW Leibniz Information Centre for Economics Digitization of Research Gretchen Vogel, A plea for open science on Zika , ScienceMag,

408 views • 20 slides
Data Archiving in iRODS Data Management Platform User Interfaces ? CLI CLI Plugins APIs

Data Archiving in iRODS Data Management Platform User Interfaces ? CLI CLI Plugins APIs

Data Archiving in iRODS Data Management Platform User Interfaces ? CLI CLI Plugins APIs APIs Apps Services - Metadata handling - Data repositories Archiving for: - Dropbox-like - Non Reproducible data - Storage with longevity services

274 views • 15 slides
Over-Morgen Omdat mensen belangrijk zijn! Jos Ectors May 21th, 2019 Compared to 80 (42) years

Over-Morgen Omdat mensen belangrijk zijn! Jos Ectors May 21th, 2019 Compared to 80 (42) years

Over-Morgen Omdat mensen belangrijk zijn! Jos Ectors May 21th, 2019 Compared to 80 (42) years ago, the world has changed Mainframe Client-Server Mobile-Cloud Edge to Cloud Centralized Distributed Centralized Distributed 1960-1970

823 views • 10 slides
Significance of Radiogenic Heating Global heat flux Total = 47 +/- 3 TW Continents = 13.8 TW

Significance of Radiogenic Heating Global heat flux Total = 47 +/- 3 TW Continents = 13.8 TW

Earths Power Budget: Significance of Radiogenic Heating Global heat flux Total = 47 +/- 3 TW Continents = 13.8 TW Oceans = 30.9 TW nominal thermal history with constant viscosity (violates T-dep viscosity) ~38k data of various

256 views • 21 slides
LNS Laboratory for Nuclear Science 1 There is a large discrepancy in proton form factor data.

LNS Laboratory for Nuclear Science 1 There is a large discrepancy in proton form factor data.

Polarization Observables using Positron Beams Axel Schmidt MIT JPos17, September 12, 2017 LNS Laboratory for Nuclear Science 1 There is a large discrepancy in proton form factor data. 2 Unpolarized d/d 1 . 5 G E /G M 1 0 . 5

780 views • 47 slides
Mostly-Optimistic Concurrency Control for Highly Contended Dynamic Workloads on 1000 cores

Mostly-Optimistic Concurrency Control for Highly Contended Dynamic Workloads on 1000 cores

Mostly-Optimistic Concurrency Control for Highly Contended Dynamic Workloads on 1000 cores Tianzheng Wang , University of Toronto Hideaki Kimura*, Hewlett Packard Labs * Currently with Oracle OLTP on modern & future hardware Multi-socket

377 views • 20 slides
Profiling Platform Storage Using IO500 and Mistral Nolan Monnier, Jay Lofstead , Margaret Lawson,

Profiling Platform Storage Using IO500 and Mistral Nolan Monnier, Jay Lofstead , Margaret Lawson,

Profiling Platform Storage Using IO500 and Mistral Nolan Monnier, Jay Lofstead , Margaret Lawson, Matthew Curry PDSW 2019 SAND2019-14085 C Sandia National Laboratories is a multimission laboratory managed and operated by National Technology and

584 views • 21 slides
of Universal Constructions Eurosys 2020 Andreia Correia University of Neuchtel Pascal Felber

of Universal Constructions Eurosys 2020 Andreia Correia University of Neuchtel Pascal Felber

Persistent Memory and the Rise of Universal Constructions Eurosys 2020 Andreia Correia University of Neuchtel Pascal Felber University of Neuchtel Pedro Ramalhete Cisco Systems Persistent Memory Persistent Memory (or Non-Volatile

438 views • 21 slides
R e d f i s h T h e n e w s t a n d a r d f o r a S o f t w a r e

R e d f i s h T h e n e w s t a n d a r d f o r a S o f t w a r e

R e d f i s h T h e n e w s t a n d a r d f o r a S o f t w a r e D e f i n e d I n f r a s t r u c t u r e B r u n o C o r n e c F L O S S I T A J a n u a r y 2 0

583 views • 18 slides
Query-based Music Recommendations via Preference Embedding Chih-Ming Chen,

Query-based Music Recommendations via Preference Embedding Chih-Ming Chen,

Query-based Music Recommendations via Preference Embedding Chih-Ming Chen, Ming-Feng Tsai, Yu-Ching Lin, Yi-Hsuan Yang. Institutes involved in this research work CLIP Lab, National Chengchi University MAC Lab,

4.36k views • 28 slides
HP FLEX FABRIC NETWORKING DATA CENTER SOLUTIONS Mladen vraka Networking Sales Specialist

HP FLEX FABRIC NETWORKING DATA CENTER SOLUTIONS Mladen vraka Networking Sales Specialist

HP FLEX FABRIC NETWORKING DATA CENTER SOLUTIONS Mladen vraka Networking Sales Specialist Hewlett Packard mladen.svraka@hp.com Trends Creating Data Center Network Challenges Trends Challenges Complexity Virtualization

514 views • 24 slides
F1 IT Martin Hingley, ITCandor Agenda Motor racing challenges Related IT and data

F1 IT Martin Hingley, ITCandor Agenda Motor racing challenges Related IT and data

F1 IT Martin Hingley, ITCandor Agenda Motor racing challenges Related IT and data issues F1 IT solutions Lessons for the rest of us Where the F1 technical directors came from Mercedes Williams A technical sector akin

569 views • 11 slides
OVN: Open Virtual Network for Open vSwitch Russell Bryant (@russellbryant) Kyle Mestery

OVN: Open Virtual Network for Open vSwitch Russell Bryant (@russellbryant) Kyle Mestery

OVN: Open Virtual Network for Open vSwitch Russell Bryant (@russellbryant) Kyle Mestery (@mestery) Justin Pettit (@Justin_D_Pettit) Virtual Networking Overview Provides a logical network abstraction on top of a physical network VM1 VM2

584 views • 33 slides
Technology Transition for CHERI Opportunities for Research Robert N. M. Watson , Simon W. Moore,

Technology Transition for CHERI Opportunities for Research Robert N. M. Watson , Simon W. Moore,

Technology Transition for CHERI Opportunities for Research Robert N. M. Watson , Simon W. Moore, Peter Sewell, Peter G. Neumann Hesham Almatary, Jonathan Anderson, John Baldwin, Hadrien Barrel, Ruslan Bukin, David Chisnall, James Clarke, Nirav

351 views • 16 slides
Using Machine Learning for Intent-based Provisioning in High-Speed Science Network Hocine

Using Machine Learning for Intent-based Provisioning in High-Speed Science Network Hocine

Using Machine Learning for Intent-based Provisioning in High-Speed Science Network Hocine Mahtout, Mariam Kiran, Anu Mercian, Bashir Mohammad Lawrence Berkeley National Lab HPE SNTA 2020 1 Problem Statement Intent-based networking research

1.27k views • 26 slides
Human Pose Estimation by Yannic Jnike - 04.11.2019 https://www.youtube.com/watch?v=mxKlUO_tjcg

Human Pose Estimation by Yannic Jnike - 04.11.2019 https://www.youtube.com/watch?v=mxKlUO_tjcg

Human Pose Estimation by Yannic Jnike - 04.11.2019 https://www.youtube.com/watch?v=mxKlUO_tjcg 1 Human Pose Estimation 1. What is Human Pose Estimation 2. OpenPose Pipeline 3. Bottom Up or Top Down Approach 2 What is Human Pose

3.09k views • 33 slides
Boolean Formulas for the Static Identification of Injection Attacks in Java Michael D. Ernst

Boolean Formulas for the Static Identification of Injection Attacks in Java Michael D. Ernst

Boolean Formulas for the Static Identification of Injection Attacks in Java Michael D. Ernst Alberto Lovato Damiano Macedonio Ciprian Spiridon Fausto Spoto University of Washington, USA & University of Verona, Italy & Julia Srl, Italy

818 views • 28 slides
Housekeeping Twitter: # ACMLearning Welcome to todays ACM Learning Webinar ,

Housekeeping Twitter: # ACMLearning Welcome to todays ACM Learning Webinar ,

Housekeeping Twitter: # ACMLearning Welcome to todays ACM Learning Webinar , Current Trends in High Performance Computing and Challenges for the Future with Jack Dongarra. The presentation starts at the top of the hour and

704 views • 43 slides
PICKS AND SHOVELS: AI DATA PIPELINES IN THE REAL WORLD Paolo Faraboschi, VP and HPE Fellow

PICKS AND SHOVELS: AI DATA PIPELINES IN THE REAL WORLD Paolo Faraboschi, VP and HPE Fellow

PICKS AND SHOVELS: AI DATA PIPELINES IN THE REAL WORLD Paolo Faraboschi, VP and HPE Fellow Artificial Intelligence Lab Hewlett Packard Labs ML4HPC Workshop - March 2020 PICKS AND SHOVELS? During the California Gold Rush (160 years ago), only

468 views • 30 slides
Fifth Grade Information Parent Resources Digital Citizenship Daily Schedule Reading &

Fifth Grade Information Parent Resources Digital Citizenship Daily Schedule Reading &

Fifth Grade Information Parent Resources Digital Citizenship Daily Schedule Reading & Writing Workshop Math Science Social Studies HPE Expectations: Students will be RESPECTFUL, RESPONSIBLE, COMMITTED & GREAT LISTENERS!!! **

222 views • 10 slides
Far Edge with VMs and Containers and beyond Open Infrastructure Summit 2019, Denver, CO

Far Edge with VMs and Containers and beyond Open Infrastructure Summit 2019, Denver, CO

Far Edge with VMs and Containers and beyond Open Infrastructure Summit 2019, Denver, CO Wednesday @ 14:30 Room 501/502 Eric Lajoie, Senior Solution Architect Timo Jokiaho, Principal Technologist Red Hat EMEA Telco May 1st 2019 Todays

571 views • 18 slides

More recommend