Additional notes to sig-providers #10 (#384)

* additional notes to sig-providers #10 Signed-off-by: George Kwabena Appiah <[email protected]> * Update 010-2023-10-25.md Signed-off-by: Drinkwater <[email protected]> --------- Signed-off-by: George Kwabena Appiah <[email protected]> Signed-off-by: Drinkwater <[email protected]> Co-authored-by: Drinkwater <[email protected]>
akash-network · Nov 27, 2023 · 3981698 · 3981698
1 parent 7ae6cf1
commit 3981698
Showing 1 changed file with 57 additions and 26 deletions.
diff --git a/sig-providers/meetings/010-2023-10-25.md b/sig-providers/meetings/010-2023-10-25.md
@@ -1,21 +1,19 @@
  # Akash Network - Providers Special Interest Group (SIG) - Meeting #10
 
 ## Agenda
-
+- Presentation on Auditing providers tool
+- Discussions on Content Moderation.
 - Follow up discussion on GPU Provider Setup.
 - Update from Praetor on all of the work that they have been doing. 
 - Open Discussion on all things related to Akash Providers. 
 
-
 ## Meeting Details
-
 - Date: Wednesday, October 25th, 2023
 - Time: 08:00 AM PT (Pacific Time)
 - [Recording](https://2aefpzwgiwj6jzkl5fdsn7us3pjprpnpkoqqrrsu6bjaukktnxya.arweave.net/0AhX5sZFk-TlS-lHJv6S29L4va9ToQjGVPBSCilTbfA)
 - [Transcript](#transcript)
 
 ## Participants
-
 - Andrey Arapov
 - Benjamin B
 - Byan
@@ -29,32 +27,65 @@
 - Tyler Wright
 - Zach Ross
 
-
-
-
-## Notes
-
-
-- Benjamin shared some information on a provider auditing tool that he and his brother submitted for the Akash-a-thon.
-- Benjamin shared some strategies that he created which are easy to introduce to price scripts. ould be worth looking into deval: https://github.com/figurestudios/designing-price-script-guide.
-- Sam Walker asked where the tool will be hosted. Almost everything will be powered by Akash.
-- Sam Walker mentioned an issue that he found https://github.com/akash-network/support/issues/137. Tyler mentioned that this issue was talked about during sig-support biweekly meeting #20. 
-- Deval gave an update on Content moderation.
-- Wallet addresses can be blocked. Deval showed a demo.
-- Shimpa asked what would happen if the naming was being changed.
-- Zach mentioned that he has been using Andrew Mello's chaperone OS tool for a couple of weeks.
-- Andrey mentioned Praetor's solution will be the first line defense to filter out the bad images so the provider won't bid. Chaperone service is a deeper solution.
-- Samuel mentioned some of his kubernetes experience.
-- The group talked about Andrew Mello's chaperone tool: https://github.com/cryptoandcoffee/akashos/blob/main/chaperone.py .
-- Samuel mentioned some tools they are using including https://kyverno.io/ and https://www.openpolicyagent.org/ .
-
-### Action Items:
-
+## Meeting Notes
+- Tyler mentioned the community pool grant awarded to the Praetor team for their work on tools for aspiring providers.
+- Tyler Acknowledged the progress made by the Praetor team, including basic functionality and work on content moderation and API improvements.
+
+### Benjamin's Presentation on Auditing Providers
+- Benjamin described a proof of concept created for automatically tracking and benchmarking providers. 
+- Their goal is to create an auditor tool that assesses providers on different levels based on factors like uptime and reliability.
+- Benjamin suggested a tiered signing approach, where providers meeting certain criteria would receive different ratings.
+- Mentioned the collection of historic data and its relationship with the concept.
+- Benjamin discussed the hosting of most services on Akash and noted that the database could also be run on Akash.
+- Tyler Wright encouraged participants to [view the YouTube](https://www.youtube.com/watch?v=jg90U1£82uU) video shared in the chat and provide feedback in the "providers" channel on discord.
+
+### Demo from Praetor(Content Moderation Solution)
+- Deval began to present the content moderation solutions, starting with wallet address blocking and demonstrated the use of a modified Provider service through the deploy tool from cloudmos.
+- Deval demonstrated content moderation solutions, including wallet address blocking and Image URL blocking.
+- Showed how a blocked wallet address prevents deployment and mentioned the management API, which will allow providers to close leases themselves.
+- Presented Image blocking, demonstrating the blocking of URLs containing specific domain names.
+- Explained that successful deployment requires whitelisted wallet addresses, whitelisted images, and no use of blocked domains.
+- Showed a successful deployment of a game and played the game on the provider's side.
+- Mentioned plans to make the system more dynamic and allow block and disabled items to be enabled from Praetor app itself.
+- Discussed the upcoming implementation of the management API and plans to release an updated version of the provider service.
+- Andrey inquired about whether the provider code was modified and suggested submitting pull requests upstream.
+- Deval Patel: Confirmed that they would submit pull requests once the dynamic codes and blocklist code were satisfactorily completed.
+- Damir raised a question about what happens if someone clones an Image and renames it, suggesting that the image might still run. 
+- Andrey shared an experience of trying to run a miner and having the process killed, indicating that some systems can be employed to detect and address such issues. 
+- Deval explained that the management API would allow providers to inspect the content of images and potentially close them.
+- Zach mentioned that the Chaperone service can block specific processes or look for specific file types. [Shared a link](https://github.com/cryptoandcoffee/akashos/blob/main/chaperone.py) related to this.
+- Tyler mentioned that there is an issue in the Akash project roadmap related to content moderation. 
+- Tyler encouraged Deval to update that issue with the details mentioned during the meeting. 
+### Other Matters Discuused
+- Andrey advised participants to follow announcements from the provider announcement channel in Discord. 
+- Andrey encouraged providers to report issues in the "providers" channel or directly to him. 
+- Tyler Mentioned the "support" special interest group that addresses open support tickets related to the core product. 
+- Tyler discussed issue [number 137](https://github.com/akash-network/support/issues/137), indicating it might be a known issue, and mentioned potential tooling to address it. Offered to discuss the matter further with Samuel after the meeting.
+#### -  Discussion on Security and Container User Privileges
+- Zach discussed pod security standards and the fact that Akash deployments run containers as the root user, which raised security concerns. 
+- Zach Inquired about the possibility of creating a separate Akash user for container deployments.
+- Andrey responded that blocking the root user for user deployments and specifying a non-root user in Docker images would require deeper consideration and a feature request. 
+- Andrey mentioned remapping user IDs as another option. Suggested starting a discussion in the Akash repository.
+- Tyler suggested that Zach drop a discussion on the topic of user permissions and default user settings in the Akash Repository. Mentioned the upcoming steering committee meeting where this could be discussed further.
+- Zach Expressed willingness to join the steering committee meeting tomorrow and contribute to the discussion.
+- Samuel Shared his experience with [Kyverno](https://kyverno.io/) and Open Policy Agent in the context of enforcing security policies in Kubernetes clusters. 
+- Smauel mentioned that Kyverno can be used to prevent deployments that don't meet specific security criteria. 
+#### - Discussion on Notifying Users About Rejected Images
+- Samuel asked about the process for notifying users in advance about rejected images due to security policies.
+- Andrey suggested that this topic deserves further discussion and mentioned leveraging provider attributes to notify users about rejected images.
+- Benjamin mentioned that it's not possible to send information back to users whose deployments were rejected
+- Benjamin suggested a solution of saving and encrypting logs in a way that only the tenants can decrypt.
+- Deval explained that the error messages are given during deployment, but the problem may arise when users don't check the logs or ignore the pop-up messages
+- Deval Discussed the need to also handle deployment history and rejections on the client side. Proposed discussing this with the client team to find a suitable solution.
+## Action Items:
+- Zach Ross will create a discussion in the Akash Repository about user permissions and default user settings.
+- Group to explore methods for providing users with better feedback when their deployments are rejected.
 - Group will continue to monitor the content moderation work over the next month.
 - Ben and His brother will share market research and open up discussion on audit tools.
+- Deval to update Content modeartion Roadmap on Github
 - Chaperone tool will continue to be worked on by Andrew Mello.
 
-# **Transcript**
+## **Transcript**
 
 _This editable transcript was computer generated and might contain errors. People can also change the text after it was created._