►
From YouTube: Unimatrix Technical Board call 2021-08-17
A
So,
can
you
see
the
agenda.
B
D
A
A
Then
we'll
start
with
the
first
bullet,
so
regarding
opencv
features,
I
prepared
a
document.
A
What
is
produced
by
cmake
when
you,
when
we're
building
opencv
right
now
in
for
the
sdk
layer,
so
this
is
I've
been
working
on
this
sdks
do
some
release
of
it,
so
hopefully
in
the
coming
week,
or
so
that
we
should
have
a
sdk
image
with
opencv
and
the
other
apis.
A
So
maybe
we
should
go
through
this,
so
I'm
using
opencv
4.1,
just
because
I
know
it's
working
well,
but
maybe
we
should
look
at
having
a
newer
version.
A
A
A
A
So
there
are
quite
a
few
interesting
libraries
here
that
maybe
we
want
to
include
and
just
because
things
are
included
in
the
sdk,
it
doesn't
mean
that
they
will
automatically
be
in
the
generated
applications,
because.
A
A
Also,
the
video
library
has
some
interesting
features
like
object
tracking,
for
example,.
A
A
Yes,
so
this
library
is
only
67
kilobytes,
so
it's
it's
a
very
small
library
for
making
the
the
api
more
user-friendly.
I
think.
A
A
I
I
think,
including
the
higuer,
is
a
good
idea,
because
if
you
look
at
a
lot
of
examples,
you
know
cv
use
that,
for
so
it's
I
think
it's
a
lot
of
people
are
used
to
having
that
it
makes
life
easier
for
the
developer.
D
A
Let's
see
the
image
cross
image
codex,
sorry,
I
only
included
one.
There
is
jpeg
so
that
you
can
read
and
write
jpegs.
I
don't
know
if
anything
else
is
needed.
There's
other
stuff,
like
writing,
roster
other
formats,
it's,
but
I
I
don't
really
see
a
use
for
it.
So
I
excluded
all
that.
A
A
A
Yeah,
that's
the
status
right
now,
what
is
being
included?
I'm
also
looking
at
some
other
optimizations
for
paralysis,
parallelism
called
open
blas.
It's
a
library
for
speeding
up
mathematical.
C
Also
from
what
pro,
so
that
requirement
is
the
presentation
I
shared
with
you
in
the
previous
meeting
and
so
so
far,
so
jpeg
and
code
in
the
will
be
encore
in
h,
for
example,
instead
to
6
34,
and
so,
according
to
your
explanation,
resize
is
included
in
it
and
so
how
about
rotation
and
to
resolution
created
api?
C
A
A
A
The
arm
device
for
the
container
the
docker
file
now
for
building
it
it
it
kind
of
allows
you
to
have
different
different
libraries
for
different
hosts
for
host
and
for
target.
So
if
you're
for
amd
64
host
you
can
include,
I
think
I
include
more
things.
I
include.
C
The
movie
movie
encoding
is
very
basic
function,
therefore,
so
I
think
so
it
should
be
included
in
it,
and
so.
A
C
C
Should
introduce
the
movie
encore
function
so
accept
accept
this
opencv
api.
A
Yeah,
for
I
mean
if
you,
if
your
video
input
is
from
another
device,
let's
say:
you're
are
working
on
a
server
that
receives
frames
from
a
remote
device
over
rtsp
or
something
like.
A
For
example,
for
a
cloud
or
a
server
environment,
so
for
that
that
type
of
host
that
this
list
I
made
is
not
relevant
that
I
I
include
more
things
for
amd
64
host,
then
ff
the
full
ffm
fake
library.
It
will
be
available.
So
all
the
there's
much
more
encode
and
decode,
but
let's
say
for
an
arm
arm
target
like
or
on
the
on
the
device
side.
You
don't
need
to
do
the
encode
decode,
because
it's
got
a
local
video
pipeline
so
and
then
the
input
to
opencv
will
be
raw
images
right.
C
I
I
don't
understand
so
the
positioning
of
this
video
api.
C
C
Is
this
api
useful
only
for
the
still
image.
A
A
A
C
So
maybe
I
don't
understand
the
world
architecture
of
the
apis,
and
so
this
video
api
is
placed
on
rare
in
there
so
iron.
I
don't
understand
what
you
try
to
do
by
this
discussion.
So.
A
A
Node
but
the
other,
the
other
features
that
you
have
listed,
like
rotate
resize
convert
from
different
color
spaces.
Those
things
are
already
that
are,
they
are
present
in
the
opencv.
C
Sorry
so
a
multiple
input
supported
in
front
interface,
the
end
of
the
list.
A
A
C
As
you
know,
so,
rather
supported
the
multiple
input,
supported
interface,
inference,
enterprise
and
so
the,
for
example.
So
can
the
video
api
support
two
type
of
stream
for
the
influence.
A
If
I
can
see,
we
can
support
many
inputs,
yes
right
right
right
right,
I
mean
you
can
already
have.
If
you
use
video
for
linux,
you
can
have
multiple
inputs
there,
and
I
mean
open
cvs,
supports
video
for
linux.
So
and
you
can
also,
let's
say
you
have
a
video
for
linux
and
ffmpeg.
So
you
can.
You
can
use
those
in
parallel
as
well.
So
you
can.
A
Yes,
and
also
from
axis,
we
have
made
our
own
back
end
for
opencv.
I
haven't
put
that
yet
in
the.
A
In
the
open
cv-
distribution
that
we
have,
but
I
will
do
that
sometime
because
we
are
still
run-
we
are
running
on
our
raspberry
pi,
but
we
have
run
this
also
on
our
hardware.
C
Okay,
thank
you
very
much,
I'm
so
so,
but
so
I
don't
know
the
opencv
injury
job.
Okay,
I.
D
A
From
high
question
side,
I
think
the
the
the
things
you
have
listed,
I
think,
are
included.
I
think
yes,
this
is
the
document
you
sent
me
dora.
D
A
B
A
Then
there's
no
other
comments.
We'll
move
on
to
the
next.
C
A
It's
you
mean
the
one
I
showed
yeah
it's
already
available
under
the
tb
meetings.
A
A
C
Oh,
is
this
took
off
our
the
latest?
One
right,
sorry:
is
this
stock
of
r,
the
latest
customization
file
right
yeah.
A
Maybe
we
can
quickly
just
go
through
what
is
happening
so
basically,
I
decided
to
use
ubuntu
as
a
base
distribution,
because
it's.
A
A
A
A
We
need
to
install
cmake,
but
cmac
in
that
version
of
ubuntu
is
not
working,
so
I
have
to
install
some
older
version
and
then
we
build
basically
opencv
using
cmake
and
make,
and
then
we
also
package
the
libraries
that
are
needed
on
the
target
because
the
other
dependencies
there
was
for
building-
and
this
is
the
runtime
dependencies
down
here
and
that's
it
and
you
will
find
similar.
So
that's
for
building
opencv,
I
I
I
organized
this
repository
in
a
similar
way
for
the
other
dependencies.
A
So
you
can
have
a
look
at
this.
Maybe
we
can
have
a
tutorial
about
this
when
it's
finished,
when
it's
more,
it's
not.
It's
not
really
ready
for
quite
finished
yet,
but
but
I
hope
to
do
it
in
one
or
two
weeks
like
we
can
have
a
pre-release
of
the
sdk.
A
C
I
thought
about
the
security
so
for
introducing
ansible,
so
ipro
has
some
concern
about
the
security
inside
of
of
the
camera,
and
so
the
integrators
can
connect
to
the
camera
by
using
ssh
and
safely
and
for
sure
the
connection
is
secured.
C
However,
so
if
the
integrators
is
not
good
guy,
so
in
such
case,
so
the
integrator
can
access
to
the
internal
part
of
the
camera.
C
Therefore,
so
ipro
would
like
to
know
how
to
keep
the
security
in
the
camera
in
internal
part
of
the
camera
so,
for
example,
bluetooth
directory
limitation,
all
right
that
so,
first
of
all,
so
we
would
try
to
know
how
actually
keep
the
security
in
in
the
part
of
I,
in
the
internal
part
of
the
camera
and
by
using
ssh
connection.
A
A
The
user
that
is
supposed
to
use
ansible
has
limited
set
of
permissions,
so
it
can't
do
any
serious
damage
to
the
system,
so
it's
got
a
limited
access
to
to
the
folder
and
so
on,
and
maybe
srirami
have
more
information
about
exactly
what
you
I
think
from
our
side.
Right
now.
We
are
not
actually
using
a
lot
of
ssh
to
the
camera
itself.
We
are
mostly
using
http
to
do
stuff.
C
So,
for
example,
so
even
if
we
are
using
a
container
architecture,
however,
so
the
bad
guy
implements
the
attack
program
into
the
container.
C
C
Are
the
actions
making
the
implementation
for
the
security
so
hansen,
so
I
can't
explain
the
purpose
of
the
security
related
things.
So
could
you
please
explain
about
ibro's.
E
Yes,
so
you
know,
you
may
know
that
when
we
deploy
a
cluster,
for
example
using
the
creasers
or
kubernetes,
so
we
will
have
two
parts.
First
is
the
master
node
and
the
remaining
is
the
worker
notes
and
in
the
in
the
case
that
if
the
masternode
will
be
occupied
by
the
attackers,
so
they
can
fully
control
can
deploy
the.
E
E
Currently,
we
investigate
by
trying
to
implement
something
very
simple,
because
in
kubernetes
they
are,
they
are
the
implement
and
they
are
using
something
that
supports
some
functions
like
and
they're,
using
the
some
like
app
armor
or
chair
linux,
to
confine.
D
E
Running
port
inside
the
worker
node,
and
but
to
do
this
to
do
that,
we
have
to
config
in
from
the
master
node.
So
in
that
case,
if
we
master
node
will
be
occupied
by
attackers
so
having
more
and
shelling
oops
or
something
like
that
can
be
disabled,
and
he
cannot
protect
our
running
note.
E
E
E
A
Yeah,
basically,
you
should
not
allow
roots.
So
it's
basically
it's
ruthless.
So
that's
like
a
number
one
security
measure
yeah.
So
no
and
then
you
can
also
use
user
namespace.
So
you
will
actually
have
unique
usage
for
your
containers
so
that
you
can
give
them
specific
permissions
to
exactly
what
they
need
to
do.
A
A
Is
being
attacked,
it
can
also
do
bad
things
to
the
to
all
the
devices.
I
guess
I
I
think
the
same
goes
for
any
I
mean
if
the
controller
controlling
node
is
attacked
you're
in
a
bad
situation,
whatever
tool
you're
using.
A
But
I
guess
you
always
want
to
kind
of
reduce
the
reduce
the
damage
in
in
those
situations.
B
Yeah
this
this,
this
is
more
more
generic
discussion
than
then
ansible
being
part
of
this.
So
it's
so
it's
it's
more
about
how
the
the
system
that
we
are
building
with
unimatrix
with
containers
as
the
as
the
deploying
unit
or
the
execution
unit.
B
In
the
sense,
how
do
we
say
control
the
say,
network
traffic
that
that
goes
in
and
out
of
the
containers,
or
how
do
you
build
secure
applications
that
are
part
of
your
container?
I
mean
in
general.
There
are.
B
There
are
some
of
the
tools,
for
example,
if
you
are
using,
if
you
are
deploying
or
hosting
your
container
in
in
any
of
the
registries,
there
are
some
some
tools
that
can
scan
your
containers
for
any
of
the
any
of
the
hacks
like
like
cve
hacks,
that
that
is
one
way
or
it's
part
of
some
of
the
tools.
So
I
mean
it,
it
is.
It
is
quite
wide.
B
This
discussion
is
quite
wide
and
I
think
we
need
to
identify
what
exactly
do
we
need
to
target
here,
because
it's
quite
wide
subject
here.
I
think.
A
Yes-
and
I
think
we
should
maybe
not
make
a
lot
of
mandatory
requirements,
it
should
be
maybe
recommendations
instead,
because
different
companies
handle
these
types
of
things
in
different
ways,
so
how
they
distribute
certificates
and
how
they,
which
kind
of
container
environments
they
are
running.
I
mean
if
they
are
using
an
lsm
like
app
armor
or
spec
comp,
or
something
like
that.
I
think
we
should
not
mandate
exactly
what
lsm
you
should
be
using
rather
make
some
recommendations.
Maybe.
B
And-
and
it
also
includes
the
whole
whole
pipeline
of
how
we
are
building
our
you
know,
applications
even
even
the
I
mean
such
such
a
hack
or
damage
can
occur
in
any
of
the
whole
build
pipeline,
so
it
starts
from
there.
You
are
securing
your
build
pipeline.
You
are
securing
the
way
you
are
pushing
your
containers
into
the
registries.
B
You
are
securing
the
way.
You
are
downloading
the
images
from
the
registries
and
trying
to
deploy
on
on
on
your
systems.
So
unless
you
know
this
whole
chain
is
secured,
you
cannot
just
say
you're
running
your
container
securely
in
that
sense.
B
That
that's
why,
as
as
you
said,
it's
quite
wide
topic,
and
probably
we
have
to
identify
the
scope
of
standardization
here,
because
every
company
employs
different
tools
of
of
say,
container,
related
tools
or
toolkits,
and
I'm
not
sure
if
we
can
standardize
everything
in
the
whole
chain.
A
Yeah
I
I
agree
on
that,
and
I
mean
there
are
a
lot
of
different
lsms
out
there,
and
I
mean
the
most
popular
ones
are
armor
and
second
right
now,
but
there
are
more.
A
A
But
yeah,
maybe
maybe
we
should
kind
of
limit
the
scope
or.
A
C
So
I
think
so
your
matrix
project
should
show
the
white
paper
with
the.
C
So
for
sure,
so
the
way
of
keeping
the
security
depends
on
the
each
company.
However,
so
the
example
should
be
indicated.
A
I
agree
on
that,
so
I
mean
the
reference.
Implementation
should
have
a
decent
level
of
security
and
be
like
yeah,
a
good
reference
also
regarding
security.
So
I
think
we
should
include.
A
Maybe
yeah,
I
will
think
about
for
the
reference
implementation,
how
to
what
to
include
there
when
it
comes
to
security.
C
So
from
hyperside,
so
if
we
can
find
some
insight,
so
we
will
share
that
with
members.
B
Docker
has
provided
some
default
profiles
for
second
and
app
armor,
but
I'm
not
sure
if
that
is
enough
or
it
can,
it
can
prevent
some
of
the
functionality
that
we
are
using
with
with
our
video
apis
and
other
things
which
we
know
we.
A
A
C
Also
frederickson:
how
do
you
proceed
this
item
after
now?
So,
first
of
all,
so
do
you
contact
with
the
action
security
expert.
C
Okay,
so
hanson,
so
maybe
so
we
have
to
show
the
progress
about
our
investigation
about
the
security
in
the
next
meeting.
Therefore,
so
we
need
to
summarize
the
progress
until
this.
E
A
Okay
yeah,
I
will
we
will
prepare
some
document
about
our
recommendations
and
and
maybe
yeah.
We
can
have
a
discussion
around
that.
C
So
but
so
our
investigation
is
not
perfect,
therefore,
so
like
to
know
axis
and
hacker
john's
technical
opinion
in
the
next
tv
call.
A
D
B
D
But
I
will
ask
the
some
opinions
from
our
security
experts.
A
A
I
think
we
should
start
with
container
security
so
how
to
limit
the
impact
of
a
hacked
container
so
how
to
limit
what
the
container
is.
A
Capable
okay,
so
things
like
ruthless
lsams
and
so
on.
D
A
I
think
right
now
we
have
not
enabled
there's
in
gitlab
actually
has
these
security
scanning
of
containers.
That
sriram
was
mentioning.
A
A
A
B
A
Maybe
maybe
you
can
have
a
look,
you
see
if
you
find
something
or
or
someone
else,
I'd
like
to
delegate
this.
B
Yeah
I
can,
I
can
search
for
it
if
the
what
what
kind
of
tools
can
be
enabled?
Okay,
good.
A
All
right,
so
is
there
anything
else
to
discuss
or
we'll
discuss
the
next
mutant
time.
A
Yeah,
it's
fine
for
me
is
that,
okay
for
everyone.
A
Well,
if
this
time
is
okay,
we
could
do
tuesdays
as
well.
A
Okay
and
that's
it
so
and
also
there
is
a
questionnaire
that
you
can
fill
in
now
after
the
meeting.
If
you
have
any
things
to
to
to
say.
C
Yeah,
so
for
the
previous
questionnaire,
so
the
feedback
is
very
few.
Therefore,
so
please
always
give
the
feedback
on
the
question.