►
From YouTube: UniMatrix Technical Board Call 2021-09-15
B
B
From
our
side,
frederick
lawson
should
join.
He
accepted
the
meeting
at
least.
B
C
C
About
kobit
19,
therefore,
so,
if
we
can
so
we
would
like
to
explain
the
contents
of
the
update
later.
C
I
don't
know
in
the
worst
case
he
will
not
join
this
meeting.
C
Okay,
okay,
and
to
younger
handsome
separated
the
document
so
orchestration
part
in
the
content
part
and
so
about
the
orchestration
part.
Security
requirements
for
organization
from
master
needed
authentication
for
controlling
the
access
to
the
kubernetes
api.
C
Api
authorization
with
role-based
access
control
isolates
the
worker
knows
network,
do
not
expose
directory
to
public
network,
restrict
access
from
pause
in
difference,
protect
the
database
on
crosstalk,
htcd
and
sql
by
transport,
layer,
security,
firewall
and
encryption
vulnerability.
C
Node
could
enable
the
react's
container
security
context
such
as
up
armor
syrinx
by
default
and
could
not
be
changed
from
the
muscle
mode,
prevent
all
plugins
that
all
allow
the
volume
mounting
to
host
locations,
disable
the
privileged
containers
and
about
container
general
requirements
and
container
vulnerability
scanning
and
os
dependency
security
need
to
scan
the
image,
build
steps,
email,
signing
and
enforcement
and
sign
container
images
for
only
trusted
sources.
C
Privileged
containers
need
to
be
controlled
and
verified
before
the
installation
confined
the
containers
with
linux
security
modules
such
as
a
permanent
ac,
relax
or
second
that's
all
from
eye
precise,
and
so
maybe,
if
he
can,
he
will
join
this
meeting
raider
and
so
in
that
time,
so
I'll.
Please
ask
him
about
this
contents.
C
B
B
B
B
So,
as
I
explained
last
time,
I
think
that
security
implementation
is
up
to
each
manufacturer,
and
so
I
think
we
should
just
make
some
general
security
recommendations
rather
than
enforcing
security,
certain
security
mechanisms
and
so
on.
So
I
just
wrote
down
some
general
things
we
can
discuss
around.
So
some
of
these
are
also
on
your
list
from
microside.
B
B
The
full
vulnerability
scanning
we
can
also,
if
we
use
if
we
create
an
account
on
docker
hub,
if
we
put
our
containers
there,
we
can
also
get
scanning
done
in
docker
hub
they
use
snook
for
that,
I'm
not
sure
as
an
open
source
product.
Probably
we
are
allowed
to
do
that.
Maybe
awesome.
Do
you
have
any
idea.
Do
is
that
as
service
that
they
provide
for
open
source
project.
E
Sorry,
I
I
don't
know
actually,
but
usually
they
are
free
for
open
source.
Those
kind
of
scanning
tools.
B
Okay,
I
see
we
got,
hung
join
us
now.
C
So
the
security
expert
is
younger.
F
Okay,
he
will,
I
don't
know
he
will
be
able
to
join
this
meeting
or
not.
B
B
B
Okay,
so
my
third
recommendation
is
to
use
hardening
flags
when
you're
building
your
containers
when
you're
compiling
will
make.
If
your
container
is
compromised,
it
will
kind
of
make
things
more
difficult
for
a
attacker
to
do
something
hurt
that
is
actually
implementing
an
exploit
and
I
believe,
if
we
are
using
since
we
are
using
ubuntu,
also
for
our
at
least
I'm
using
that
for
the
sdk.
So
a
lot
of
the
packages
that
gets
installed
from
ubuntu,
I
I
think
already
is
using
the
hardening
some
holding
flags
when
they
are
building.
B
E
From
debian
well
now
from
ubuntu
yeah-
well
probably
I
mean
there
are.
There
are
a
few
flags
that
are
usually
used
to
pie
and
pick
flags
for
what
you're
talking
about
when
you
have
dynamic,
address,
yeah
addresses
and
also
you
know,
there
are
some
other
flags
that
that's
very
common
that
doesn't
really
impact
you
in
any
negative
way.
B
Usually,
some
of
the
flags
have
a
negative,
a
small
performance
hit.
I
think
when
I
looked
at
this
debian
hardening
guide
said
something
like
five
percent.
It
could
be
up
to
five
percent.
E
B
But
normally,
if
you
I
guess
for
the
cpu,
normally
probably
you
won't
have
your.
B
Okay,
so
the
fourth
recommendation
is
to
generate
these
security
profiles,
so
I
will
experiment
a
little
bit
more
with
that.
We're
using
docker
slim
to
see
if
I
can
get
it
to
it.
Automatically
is
a
working
profile
for
for
second
and
up
armor.
B
But
at
this
point
I
mean
we
have
not
decided
to
to
use
specific
security
module.
I
will
just
do
some
experimentation.
B
And
then
we
come
to
the
that
each
basically,
each
app
should
have
its
own
users
and
you
should
control
privileges
for
the
app
user.
D
This
manifest
is
a
similar
like
as
when
we
I
mean
install
the
app
in
the
cell
phone,
and
I
mean
when
I
try
to
run
the
the
application.
It
will
remind.
D
Of
how
many,
how
many
privileges
does
this
app
need
to
apply?
I
mean
before
running
right.
B
I
mean,
if
you
use
on,
if
there's
an
app
management
api.
So
if
we
come
up
with
some
generic
names
for
apis,
like
video
audio
similar
to
to
how
it
is
in
on
android,
I
think
that
would
be
a
good
idea
that
we
can
push
in
on
with
actually.
B
And
I
think
also
then
bosch
would
be
interested
in
in
doing
that
standardizing
some
kind
of
manifest.
B
E
E
B
Yeah,
well,
you
mean
actually
so
you
mean
if
you
have
a
device
so
how
it's
onboarded
to
to
become
ready
for
deployment.
B
Yeah
that
part,
I
think,
is
manufacturer
specific,
so
unimatrix
on
only
comes
in
at
deployments
how
you
onboard
your
devices.
I
think
it
is
different
for
for
every
company,
okay,
okay,.
B
D
Cannot
talk
talk
because
of
because
of
his
device?
Hey,
let
me
ask
one
question:
is
that
the
manifest
the
manifesto
here
is
is
for
the
application
right
is
not
for
the
talk
docker
container.
B
B
B
Is
but
things
like,
where
do
you
put
security
profiles?
Is
that
part
of
the
I
mean.
B
Yeah,
well,
I
I
think
generally,
it
should
be,
maybe
standardize
what
you
actually.
B
C
So
last
week,
so
I
discussed
and
lasting
internally
in
the
for
sure.
So
the
application
vendors
should
check
the
compatibility
by
using
the
manifest
file
and,
in
addition,
so
unimately
a
consortium
should.
C
Put
the
signature
to
the
ocean
image
application
and
each
device
edge
or
complements
or
cloud.
C
Have
the
structure
of
conformation
conformation
and
about
the
signature
and
the
container
image
is
surely.
C
Signed
by
the
unimatrix,
the
osha
image
should
be
deployed
in
the
in
each
device
and
in
addition,
so
the
about
the
evaluation
and
so
the
evaluation.
C
Maybe
a
unimatrix
consortium
couldn't
ensure
the
wall,
security
or
the
something
else
and
therefore
also
finally,
so
each
company
only
have
to
evaluate
the
content
image,
but
so
the
unimatrix
consortium
should
issue
the
signature
to
the
each
container
application.
E
C
No,
no,
no,
no
unimately
consortium
will
not
distribute
each
application
and
just
sign
yeah.
E
B
Yeah
is
that,
in
line
with
what
we
do
at
the
axis,
I'm
not
sure
it
is
okay,
yeah
yeah,
then
it's
probably
easier.
B
B
Maybe
we
should
try,
we
should
talk
about
deployment
then,
since
we
have
a
hard
time
to
agree
on
which
which
contain
a
framework
to
use,
I
think
maybe
we
should
leave
it
open,
like
makoto-san
proposed,
like
it's
up
to
each
company
to
select.
B
B
So
so
I
propose
to
to
to
start
with
the
on
with
app
management
api
as
like
the
standard,
and
then,
if
you
want
to
use
orchestration
like
kubernetes
and
things
it's
optional.
B
My
idea
is
that
we
want
to
support
quite
a
wider
range
of
devices
that
is
more
limited
in
the
amount
of
ram
and
flash
and
so
on.
So
I
think
the
the
one
with
api
is
quite
small,
and
already
manufacturers
may
support
only
so
adding
support
for
that.
Small
api
is
probably
a
little
demand
on
the
device
itself.
So
and,
and
then
you
you
would
you
could
you
can
deploy
your
containers
using
this
api
and
run
them
like
with
a
container
framework?
C
C
If
the
system
integrators
support,
cri
api,
and
so
even
though
the
high
level
long
time
content
runtime
is
cryo
or
container
d,
it
would
be
able
to
work,
therefore,
so
in
case
of
kubernetes
related
to
system.
B
D
So
sorry,
the
unveil
profile,
the
unreal
protocol
you
mentioned-
is
already
released
by
onward.
D
B
Management
service,
yes,
it's
available
on
onewish.org
it
I
think
it's
been
out
for
for
since
2012
or
2006.
So
I
think
it's
2006.
B
D
So,
if
we're
already
released
by
the
web,
I
think
there
are
no
reason
to
why
not
directly
reuse
it,
but
does
it
I
mean
feasible,
I
mean
deploy
the
application
by
real
protocol.
How
does
the
I
mean
the
server
connected
to
each
camera?
I'm
not.
I
can't
read
it,
I'm
not
in!
I
don't
know
the
the
protocol
before
I
I
need
to
relate
the
first.
B
C
I,
as
the
raw
label,
don't
continue
runtime.
C
Can
you
repeat
so
the
crochet
image
should
be
supported
under
load
or
the
low
level
container
runtime,
for
example,
run
c
sierra.
B
Okay,
any
other
ideas.
C
So,
by
the
way,
so
how
about
the
vulnerability
scanning
so
communication
board
members
is
about
to
have
the
meeting
with
linux
foundation.
C
The
variable
vulnerability
scanning
so
deeply,
maybe
in
case
of
git
drop,
so
the
special.
C
B
Yeah,
I'm
not
sure
if
github
provides
a
container
registry,
that's
something
that
gitlab
does
for
every
product,
I'm
not
sure.
If
github
does
the
same
thing
they've
been
trying
to
catch
up
with
all
the
features
of
gitlab,
so
I'm
probably
it's
there,
but
I'm
not
sure,
but
it
might
be
a
good
idea
anyway
to
create
an
account
on
docker
hub
to
that's
kind
of
the
place
where
everybody
puts
their
container
images,
so
it.
I
think
it
makes
sense
for
us
to
have
our
container
images
there
as
well
and
then.
B
See
if
we
can,
but
then
we
can
automatically
get
them
scanned
by
snake,
which
I
think
snake
provides
probably
the
best
service
right
now
for
scanning
vulnerabilities
of
this
yeah.
These
different
tools
that
exist.
B
A
Yes,
jens
is
trying
to
set
up
a
meeting
with
to
include
one
from
linux
foundation,
to
discuss
the
website
and
other
technical.
It
related
stuff.
A
So
we
will
invite
you
for
that
meeting.
A
Sure
I
guess
jens
has
done
the
invitation,
so
you
should
be
invited.
So
that's
good,
at
least
on
that.
A
B
A
E
D
C
B
All
right
so
makoto-san
you
had
some
ideas
around
the
organization.
C
C
Revise
the
x
official
website
and
in
parallel
of
course,
so
the
git,
rob
or
github
should
be
reorganized
and
for
the
official
launch
about
the
matrix
version
1.0,
and
so
we
would
like
to
discuss
the
the
organization
about
key
drop
and
github.
Maybe
the
current
the
directory
structure
is
a
little
messy
and
therefore
so
for
the
official
launch.
C
The
structure
should
be
reorganized
in
the
the
discrimination.
Technical
description
should
be
modified
in
the
so
maybe
for
each
software
module
in
the
software
technology.
B
B
The
things
that
are
still
used,
I
will
the
meta
in
the
matrix
basically
contains
the
ref
or
will
contain
the
reference
implementation
of
a
device.
B
That
should
be
fairly
a
very
basic
device
that
only
basic
con
that
only
will
contain
docker
plus
what
is
needed
to
boot
it.
Basically,
this
build
root.
Build
root,
thing
is
old,
I
think
we
can
remove.
The
lib
unicom
is
something
that
was
done
by
high
vision,
I
believe
yeah.
I
think
it
hasn't
been
used
in
a
long
time.
C
C
Yeah,
so
maybe
the
current
git
drop
contents
are
included
in
the
included.
C
Contents,
it
should
be
described
on
the
official
website
there.
Also
several
parts
should
be
transferred
to
the
official
website,
and
so
if
the
contents
is
not
needed
anymore,
so
the
contents
should
be
removed
and
the
remainder
the
directories
should
be
reorganized.
B
B
C
C
You
need
to
discuss
with
communication
members
closely
and
so
make
sure
the
current
contents
are
so
how
we
should
to
read
the
current
contents.
After
now,.
B
Yeah
I
mean
thanks
for
the
website.
I
I
live
up
to
the
communications,
to
do
that.
I'm
just,
I
think,
still
that
even
the
technical
stuff,
also
it's
a
little
bit
unorganized
right
now,
so
the
things
that
are
used,
I
think
we
need
to
describe
better.
I
mean
lara,
just
probably
got
better
documentation
than
most
of
it.
B
A
lot
of
I
mean
the
sdk
and
examples
and
things
that
all
of
that
is
under
the
containers.
So
here
is
more
description,
is
needed,
what
it,
what
it
is
yeah
or.
C
B
C
Yeah,
as
you
mentioned,
so
we
need
the
detailed
discussion
about
the
organization.
Therefore,
so,
if
you
can,
could
you
could
you
please
prepare
the
draft
proposal
so
to
organize
the
github
contents.
B
Yeah,
I
can
make
a
proposal
on
how
to
organize
yes,
yeah.
C
And
based
on
the
draft
proposal,
so
let's
discuss
how
we
proceed
the
the
organization
now
with
our
communication
board
members.
B
C
B
C
I
will
create
the
questionnaire
about
that.
B
C
Therefore,
so
if
you
are
finished
to
make
the
draft
proposal,
please
let
me
know.
B
B
All
right
is
there
anything
else
you'd
like
to
discuss
or
we
are,
can
we
go
on
to
the
next
meeting.
B
B
So
the
same
the
same
time
as
this
one
would
be
september,
29th.
B
B
B
So
this
that's
utc
one
o'clock
at
1300.