Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Additional notes to sig-providers #10 #384

Merged
merged 3 commits into from
Nov 27, 2023
Merged

Additional notes to sig-providers #10 #384

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0e414e5
additional notes to sig-providers #10
iamGeorgePro Nov 12, 2023
a1a1c27
Update 010-2023-10-25.md
brewsterdrinkwater Nov 13, 2023
c7050e9
Merge branch 'main' into patch-3
brewsterdrinkwater Nov 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
83 changes: 57 additions & 26 deletions sig-providers/meetings/010-2023-10-25.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,19 @@
# Akash Network - Providers Special Interest Group (SIG) - Meeting #10

## Agenda

- Presentation on Auditing providers tool
- Discussions on Content Moderation.
- Follow up discussion on GPU Provider Setup.
- Update from Praetor on all of the work that they have been doing.
- Open Discussion on all things related to Akash Providers.


## Meeting Details

- Date: Wednesday, October 25th, 2023
- Time: 08:00 AM PT (Pacific Time)
- [Recording](https://2aefpzwgiwj6jzkl5fdsn7us3pjprpnpkoqqrrsu6bjaukktnxya.arweave.net/0AhX5sZFk-TlS-lHJv6S29L4va9ToQjGVPBSCilTbfA)
- [Transcript](#transcript)

## Participants

- Andrey Arapov
- Benjamin B
- Byan
Expand All @@ -29,32 +27,65 @@
- Tyler Wright
- Zach Ross




## Notes


- Benjamin shared some information on a provider auditing tool that he and his brother submitted for the Akash-a-thon.
- Benjamin shared some strategies that he created which are easy to introduce to price scripts. ould be worth looking into deval: https://github.com/figurestudios/designing-price-script-guide.
- Sam Walker asked where the tool will be hosted. Almost everything will be powered by Akash.
- Sam Walker mentioned an issue that he found https://github.com/akash-network/support/issues/137. Tyler mentioned that this issue was talked about during sig-support biweekly meeting #20.
- Deval gave an update on Content moderation.
- Wallet addresses can be blocked. Deval showed a demo.
- Shimpa asked what would happen if the naming was being changed.
- Zach mentioned that he has been using Andrew Mello's chaperone OS tool for a couple of weeks.
- Andrey mentioned Praetor's solution will be the first line defense to filter out the bad images so the provider won't bid. Chaperone service is a deeper solution.
- Samuel mentioned some of his kubernetes experience.
- The group talked about Andrew Mello's chaperone tool: https://github.com/cryptoandcoffee/akashos/blob/main/chaperone.py .
- Samuel mentioned some tools they are using including https://kyverno.io/ and https://www.openpolicyagent.org/ .

### Action Items:

## Meeting Notes
- Tyler mentioned the community pool grant awarded to the Praetor team for their work on tools for aspiring providers.
- Tyler Acknowledged the progress made by the Praetor team, including basic functionality and work on content moderation and API improvements.

### Benjamin's Presentation on Auditing Providers
- Benjamin described a proof of concept created for automatically tracking and benchmarking providers.
- Their goal is to create an auditor tool that assesses providers on different levels based on factors like uptime and reliability.
- Benjamin suggested a tiered signing approach, where providers meeting certain criteria would receive different ratings.
- Mentioned the collection of historic data and its relationship with the concept.
- Benjamin discussed the hosting of most services on Akash and noted that the database could also be run on Akash.
- Tyler Wright encouraged participants to [view the YouTube](https://www.youtube.com/watch?v=jg90U1£82uU) video shared in the chat and provide feedback in the "providers" channel on discord.

### Demo from Praetor(Content Moderation Solution)
- Deval began to present the content moderation solutions, starting with wallet address blocking and demonstrated the use of a modified Provider service through the deploy tool from cloudmos.
- Deval demonstrated content moderation solutions, including wallet address blocking and Image URL blocking.
- Showed how a blocked wallet address prevents deployment and mentioned the management API, which will allow providers to close leases themselves.
- Presented Image blocking, demonstrating the blocking of URLs containing specific domain names.
- Explained that successful deployment requires whitelisted wallet addresses, whitelisted images, and no use of blocked domains.
- Showed a successful deployment of a game and played the game on the provider's side.
- Mentioned plans to make the system more dynamic and allow block and disabled items to be enabled from Praetor app itself.
- Discussed the upcoming implementation of the management API and plans to release an updated version of the provider service.
- Andrey inquired about whether the provider code was modified and suggested submitting pull requests upstream.
- Deval Patel: Confirmed that they would submit pull requests once the dynamic codes and blocklist code were satisfactorily completed.
- Damir raised a question about what happens if someone clones an Image and renames it, suggesting that the image might still run.
- Andrey shared an experience of trying to run a miner and having the process killed, indicating that some systems can be employed to detect and address such issues.
- Deval explained that the management API would allow providers to inspect the content of images and potentially close them.
- Zach mentioned that the Chaperone service can block specific processes or look for specific file types. [Shared a link](https://github.com/cryptoandcoffee/akashos/blob/main/chaperone.py) related to this.
- Tyler mentioned that there is an issue in the Akash project roadmap related to content moderation.
- Tyler encouraged Deval to update that issue with the details mentioned during the meeting.
### Other Matters Discuused
- Andrey advised participants to follow announcements from the provider announcement channel in Discord.
- Andrey encouraged providers to report issues in the "providers" channel or directly to him.
- Tyler Mentioned the "support" special interest group that addresses open support tickets related to the core product.
- Tyler discussed issue [number 137](https://github.com/akash-network/support/issues/137), indicating it might be a known issue, and mentioned potential tooling to address it. Offered to discuss the matter further with Samuel after the meeting.
#### - Discussion on Security and Container User Privileges
- Zach discussed pod security standards and the fact that Akash deployments run containers as the root user, which raised security concerns.
- Zach Inquired about the possibility of creating a separate Akash user for container deployments.
- Andrey responded that blocking the root user for user deployments and specifying a non-root user in Docker images would require deeper consideration and a feature request.
- Andrey mentioned remapping user IDs as another option. Suggested starting a discussion in the Akash repository.
- Tyler suggested that Zach drop a discussion on the topic of user permissions and default user settings in the Akash Repository. Mentioned the upcoming steering committee meeting where this could be discussed further.
- Zach Expressed willingness to join the steering committee meeting tomorrow and contribute to the discussion.
- Samuel Shared his experience with [Kyverno](https://kyverno.io/) and Open Policy Agent in the context of enforcing security policies in Kubernetes clusters.
- Smauel mentioned that Kyverno can be used to prevent deployments that don't meet specific security criteria.
#### - Discussion on Notifying Users About Rejected Images
- Samuel asked about the process for notifying users in advance about rejected images due to security policies.
- Andrey suggested that this topic deserves further discussion and mentioned leveraging provider attributes to notify users about rejected images.
- Benjamin mentioned that it's not possible to send information back to users whose deployments were rejected
- Benjamin suggested a solution of saving and encrypting logs in a way that only the tenants can decrypt.
- Deval explained that the error messages are given during deployment, but the problem may arise when users don't check the logs or ignore the pop-up messages
- Deval Discussed the need to also handle deployment history and rejections on the client side. Proposed discussing this with the client team to find a suitable solution.
## Action Items:
- Zach Ross will create a discussion in the Akash Repository about user permissions and default user settings.
- Group to explore methods for providing users with better feedback when their deployments are rejected.
- Group will continue to monitor the content moderation work over the next month.
- Ben and His brother will share market research and open up discussion on audit tools.
- Deval to update Content modeartion Roadmap on Github
- Chaperone tool will continue to be worked on by Andrew Mello.

# **Transcript**
## **Transcript**

_This editable transcript was computer generated and might contain errors. People can also change the text after it was created._

Expand Down