so, I posted a pile of servers for free or really really cheap.
ocharles
we should probably work out a deployment manifesto at some point
ruaok
ZERO inquiries.
ocharles
"only deploy with .debs, deployment activation must be done via fabric" etc"
ruaok
ocharles: yeah, thankfully everything is pretty simple
ocharles
I did a bit of reading into Linux containers yesterday
they are very cool
ruaok
LXC?
ocharles
yea
ruaok
interesting. very light weight VMs.
is the focus more on sysadmin than security or both?
meaning, can untrusted services run in a container?
ocharles
the idea is controlled isolation
ruaok
understood.
but how is isolation defined? :)
ocharles
if you want to isolate a process to only see eth0 and mount /machines/debian as /, it can do that
however you define it. it can do isolation on various levels - pid, file systems, network interfaces, maybe a bit more
mat_ joined the channel
ruaok
interesting.
ocharles
http://docker.io builds on top of it, like vagrant builds on top of virtualbox
warp
ruaok: containers share the same kernel as the host, vulnerabilities in the interface are perhaps more likely than with real VMs.
ruaok
warp: thats exactly what I was trying to get at, thanks. ;)
slightly OT… with bartendro, the idea of shipping an RPI as part of a product seems very cool.
until you think about the fact that you're shipping a unix box.
and all the security and field update implications that come with it.
would chef be a useful tool for doing in-field updates?
I'm already planning on having everything in a deb.
ocharles
what's an in-field update?
ruaok
but ideally, it would be quite simple to update bartendro in the field.
deployed to customers.
warp
ruaok: that's probably why embedded systems use busybox and put as little as possible other binaries on the device.
reosarevok
nikki_: logged in fine
kepstin-work
well, updating a bartendro means it has to have a net connection; you want to make sure to only do it when the device is not in use - do you want it manually initiated, or silent in the background?
ruaok
warp: busybox is more for a small footprint IIRC
and I fucking hate it. thats why I love RPI.
its a full blown box.
kepstin-work: yes, net connection assumed, manually initiated.
kepstin-work
ruaok: then you basically just need some ui that does an apt-get update; apt-get (dist-?)upgrade, reboot.
warp
ruaok: sure. but it also means the attack surface can be greatly reduced, which means you don't need to worry about security updates as much.
kepstin-work
probably combine it with a notification system that runs the update periodically and tells you if there are pending updates
warp
ruaok: that obviously also means it's a pain to work with :)
ruaok
warp: but, its about carefully striking a balance between hackability and security.
kepstin-work
(and of course, you'll have to provide an sd card flash image and instructions for de-bricking, should it not come up from an update)
ruaok
kepstin-work: yeah, that might just be enough.
kepstin-work: yep, that is all cake
for instance, I want the bot to be 100% hackable.
that means, there needs to be an easy way to log in.
warp
ruaok: yep, it's a tradeoff.
ruaok
but the bot should not have a back-door that people from the street can exploit to waste your booze
kepstin-work
on the one hand you want it hackable, on the other hand you need it to run as a reasonably-secure kiosk mode
ruaok
kepstin-work: ding. exactly that.
warp
ruaok: the easiest way to secure it seems to be to just not connect to to anything. if you want to hack on it, plug in the ethernet cable, disconnect when done.
ruaok
I think I need to lock down all the access to the box and then distribute an SSH key with which people can log in.
but even that leaves the door open.
kepstin-work
do you plan to hook up a touchscreen directly to the rpi, or how is the ui connected?
ruaok
warp: the main point of the bot is to have a wifi connection with which you order your drink.
we dont have to worry about internet attacks, but local area attacks.
ruaok: you want very careful firewalling then. The only thing exposed on the wifi should be the web ui; admin should require a hardwire connection
ruaok
ah!
warp
ruaok: what kepstin-work says. the wifi thing should be firewalled and not allow ssh login.
ruaok
that seems quite sensible.
allow SSH connections only over wired interface.
heh. my drinkbot is going to have a firewall. :)
warp
:D
ruaok
I can already push to github from it. which is freaking awesome. :)
ocharles
a firewall and a ro mount of / is probably enough for a drinkbot
ruaok
even then, I need to secure the WS for the bot.
kepstin-work
of course, the alternate method of admin is to hook up a keyboard and monitor via hdmi/usb.
ruaok
right now, anyone can sign into the access point and do a GET /ws/clean and probably waste $50 of booze. :)
warp
lol
kepstin-work
do you plan to have the drinkbot act as a wireless access point, or connect to an existing wifi network?
ruaok
kepstin-work: that is physically hard.
the former.
it is essentially a captive portal
warp
ruaok: GET shouldn't be use for that kind of stuff :)
ruaok
and the drink menu appears on the "sign into wifi access point" screen
ocharles
warp: :)
ruaok
warp: yeah. there are loads and loads of things that needs to be cleaned up.
kepstin-work
get ws/clean should tell you the amount of bot usage since the last cleaning cycle. should use POST to do a clean ;)
ruaok
it was always about getting the next hardware iteration running.
warp
ruaok: good luck, have fun!
ruaok
now that that is done, I can finally improve the software.
ocharles
kepstin-work: probably model /clean as a boolean, and PUT a new value to change the system state
warp tries to focus on musicbrainz.
i don't think you append to the 'clean' resource :)
kepstin-work
so yeah, there's basically two levels of auth - 1. ensure that the person accessing is in the party - this could probably be done via a wifi password, and 2. restrict some commands to admin - this needs webservice auth.
ruaok
kepstin-work: each of the pumps keeps track of how many turns (or fractions of a turn) its made.
for hose life and accounting.
kepstin-work: yeah, the web service auth is the painful part.
I already have simple web site login for making drinks.
so, it needs to have javascript based auth. whats good for that/
?
kepstin-work
could probably get by with just a shared secret known to both the bot and the admin user; perhaps generated during install/setup.
ocharles
you could do some fun 2-factor authentication with the drink bot, seeing as you have to be in physical distance of the bot :)
"How many times did the red LED flash?"
ruaok
ocharles: heh
ocharles
"How many shots did the bot force you to down before showing you this page?"
ruaok
kepstin-work: we want to allow anyone with the password to the bot to log in and make drinks.
ocharles: lol
how many fingers is the bot holding up?
kepstin-work
ruaok: yes, but also limit certain commands to the admin/bot owner I presume?
ruaok
kepstin-work: yes
the admin screen is already protected via login (not on the demo I just linked to, but in production)
kepstin-work
should get a usb fingerprint scanner and hook it up ;)
ruaok
yep, all sorts of POS integration bits have been requested.
now if you could do reliable age verification with a fingerprint scanner, then we'd be all over that
ijabz: building recording index at 42%
seems to be moving a bit faster now. :)
kepstin-work would bet one of the highly-requested features is some way to hand out a number of drink tickets to each attendee
ocharles
heh, better hope you have good concurrency control so people can't exploit race conditions to get free drinks ;)
though I guess the whole physical machine thing imposes quite a bit of serialization :)
kepstin-work
if someone requests a drink while a drink is in process, does it refuse, or does it queue?
ruaok
ocharles: there is no concurrency control. :( not yet. thats is why we have logins limited to a few people.
kepstin-work: undefined. :)
once I get some uninterrupted time to work with the bot, I'll fix all that.
there is a lot of technical debt accumulated in that codebase.
ocharles: yay!
ijabz
ocharles, um shouldn't it be on bitbucket ?
warp
ijabz: most of our stuff is on github only. if some contributors prefer bitbucket, we should have a copy on bitbucket as well.
ocharles
ijabz: bitbucket is being trialed for reviews
until then, github is our canonical repository host
nikki_ is still annoyed that bitbucket has broken the only thing she wants from reviews :/
warp
nikki_: which is?
nikki_
emails
ijabz
Oh I didnt really want to have to learn the gitthub way just to start al over again for bitbucket
ocharles
ijabz: they are the same, but point taken
freso joined the channel
ijabz
thought we had decided on bitbucket, when does that review end
ocharles
no
no decision, and no deadline :)
freso
AFAIK, no decision has been made yet.
ocharles
that should go in the next meeting I think - but I can't edit the topic
irssi seems to only let me do it once, then breaks
warp
ocharles: weird
Freso_laptop
Freso_laptop has changed the topic to: ?? SMILING FACE WITH SUNGLASSES week | http://musicbrainz.org/#devel dev meeting moved to TUESDAY | Agenda: Reviews, schema change testing (ocharles), review location decision
nikki_
warp: more specifically, I want emails to be sent about new reviews and comments on reviews, like review board and github do, but bitbucket recently broke that and you only get them if you have commit access, which I don't have
stefan____ joined the channel
Freso_laptop
ocharles: you're welcome.
warp
nikki_: ah, so giving you commit access would solve it (for you) ?
Freso_laptop
warp: But we can only grant commit access to 5 people or so.
warp
Freso_laptop: wtf?
Freso_laptop
warp: ?
warp
Freso_laptop: oh, more ppl is a paid account you mean
