Unimatrix Technical Board, 30 Sep 2021

Previous Meeting

Next Meeting

⏯

youtube image

►

From YouTube: UniMatrix TB call 2021-09-30

Description

https://gitlab.com/unimatrix/meetings/-/blob/master/TB/20210930.md

A

Okay, I will bring up the agenda for today.

A

A

Okay, do you have anything to add to the gender anything from ipro.

B

Oh nothing for a while.

C

A

A

Should we give it a few more minutes or should we start.

D

Are we missing anyone.

A

I guess a lot of people are missing, but I'm not. I haven't really seen.

A

D

But you would have anyone else from axis that you're doing today, frederick or not. No, no, then you're fine from outside.

A

Okay, so I would like to open up a discussion about app manifest.

A

So um the formats of it I propose to use the json format and then the contents of the app manifest. So I propose these basic things for like there should be a signature.

A

So you can sign your application and verify it. uh When you install it, you should be able to set which user and group that application should run us should be able to.

A

Request resources from the system like this some cpu.

A

Amount of cpu on ram, maybe a gpu and other types of hardware or storage.

A

Also, if it needs to mount something from the host, we should try to avoid this, but sometimes that's could be needed for some reason.

A

It could be also that a system might not allow that. Then it knows what kind of mounts at least the application is needing, and then it can reject it not installed if it doesn't deem it to be secure.

A

Also, um we could have uh security profiles set for the application in the manifest, so it will point out, like second profile, which uh system calls that it needs to run also uh other security profiles for app armor, for example, and then licensing.

A

So what type of license that the? When licensing I mean from the manufacturer, what.

A

If it requires a license to run that you have a license key to install or something to to be able to to run it.

A

And then there should be, of course, generic information about the app so which who made it what's the web page and those kind of fields that are common.

A

So that's my idea about. Why would I would like to see uh create a schema for this in json to define these things? The resources thing is uh the most difficult, probably.

A

B

Do you have any comment.

E

It's okay for next time.

B

A

I see, are you missing any?

A

Are we missing any vital information that we should consider.

A

Any comments from high question.

C

B

ah So I've reduced, so I would like to confirm one thing so about signature, so a contact image will attach the unimatrix official signature to the osha image itself. Is my understanding correct.

A

um Yeah it can do that. I mean.

A

We can include this manifest in the oci or it can be the the manifest can be a separate file.

A

A

Maybe my idea was to have a separate json file for it that you, when you install it, but I mean we could also include this json inside the oci container.

A

uh So what do you think is the best way.

B

B

In the first time, so uh I suggested.

B

Some signature.

B

B

System, uh for example, so the end. uh The ai application developer, submit the oshira image to the university software website, so the aussie image is tested automatically and, for example, api and vulnerability like that, and if the testing is passed and the oci image should be attached as a new matrix of signature.

B

So I I think so such a uh structure uh is very uh useful uh for the human beings. But so uh is it difficult to realize uh such a thing.

A

Yeah, but it's it's not enough with the signature. So basically all this information here is needed. So if you want to.

A

um If, if you want to run.

E

A

And run the image the app and make sure it works and conform to some security. You, you need all this information, so I would say everything in this app manifest has to be uploaded when you are publishing your application. So it's not enough with just an oci image, so I would say the oci image. If it contains this information, the the signature can be added if it's by the server side when it's been tested and so on,.

B

F

B

um So, uh who is the service side, uh for example? uh Is it access vision or eyebrow or uh our integrate? Our partners integrators.

A

I would say that we create an automatic test suite for.

A

And then run git that you can do hooks yeah, so it automatically runs. So I think the whole process should be possible to automate, but.

E

A

What tests to run and so on will be up to the tc to decide. So I think it should be not one company that decide or whether it's uh jointly decided by the tc. What is the testing process and I think we should strive for automating it as much as possible, using.

A

Git lab actions, and so on. You can automatically run certain. uh You know all the containers and stuff in git lab when certain things happen.

B

So uh did you read my email about signing yeah? I read it. No! No about the contents of uh last year called yesterday. Gb go.

A

B

So, according to jp members, so the marketplace uh uh seems to be planned uh if uh it is created on the uh umatrix offshore website. So I don't know maybe a tables or microsoft uh rated uh cloud service, maybe and if we do so so the uh automatically uh executed a program would be.

B

So installed in aws or ajio back then, therefore, so uh we need to consider uh the uh uh poor ecosystem uh to realize the uh you know matrix.

B

Maybe uh so or maybe it, though you don't understand what I say.

A

Do you have some notes from the from the gb call, because I haven't seen.

B

I don't have any uh note so maybe uh person, or uh they only donate some- uh will issue the meeting minutes later.

B

I will, I will push them until you do so.

B

B

Anyway, so uh I wish we should uh consider about uh such a thing uh to uh discuss uh technology matters.

B

C

A

Are you talking about a marketplace or like an app store or whatever.

F

A

Can find applications because uh I don't think unimatrix should have a marketplace. I think.

B

Yeah yeah yeah, according to our uh discussion until now, so uh that I uh completely agree with you. uh However, uh yesterday a real night, sun and hike visions adversary suggested a new scope about uni matrix.

B

Therefore, please share the information with them.

D

Yeah we will talk to pero and elaire about it, because maybe if we decide to have a marketplace or something it should not, it should maybe be a separate project, and so you could still use art.

B

You could separate it, I think yeah, I I I also think so, and so uh we uh need to uh launch your matrix version 1.0 as soon as possible.

D

And we want the unimaters to be used by other ecosystems as well, so we can't mandate an ecosystem, but of course it could be a separate project. If enough members would like to do something like that.

D

That's, in my opinion at least, but we talked with apparently.

B

So therefore, so uh a real night to sun is about to expand the industry not only of security and safety, but also all industries.

A

Yes, okay, I understand they want to widen the scope right. So it's more iot uh type of applications.

D

There actually may be very sort or quicker to adopt this type of technical solutions, so that could be a smart move to um to write on the scope. For that reason,.

B

Yeah yeah yesterday, so uh so uh I don't. I didn't understand uh world discussion, but so and the main point is uh uh these: two items: unimatrix is not needed only for security industry, but also for other industries, and it's desirable to collaborate with the marketplace.

D

Look at aws: they are targeting, for example, industry. So we are targeting different sectors. That is not security industry so to attract them. I guess we'll have to have a different interest using metrics, but I have I could agree with them.

D

That would be needed.

A

But anyway, for publishing.

A

Let's go back to the technical stuff, then I I think.

A

If we um go back to the signing- and that part, I think, as I said, can be automated, but then the resulting binaries or the resulting application images.

A

uh They should not be hosted on uh our container registry, for example, we could host something like that on docker hub I mean, if we have our own account, then docker hub can do additional uh scanning of containers and so on, but that I think that type of um account that we need for that. I think it costs money or uh so we we should. Then we have to look at the financing of that.

A

Okay, um any other otherwise, I'd like to discuss a little bit about resource requests, and so do you guys have any ideas on how to do how? How if you, if we do an app manifest uh okay, this application needs some specific uh amount of.

A

Cpu resources, so how? How would we express that, in a manifest.

A

I mean when it comes to to ram and and uh and flash and so on, it's it's, uh it's not so difficult with the cpu. We have some different should should it request. You know a percentage of the cpu or it's more on uh how many flops and so on that you need to run.

F

A

F

uh On the other hand, can we go back to the signature? I have some question.

F

F

If we want to signature ocr images, but the ocean, the image after signature must be oci compatible right.

F

It can be run or load correctly by canada, d or docker yeah, so, uh but um but the, but how we can.

F

Signature, the image uh the signature will attach to the manufacturer.

F

Embed in manufacture.

A

Yeah, my my suggestion is to keep the signature outside of the image and then uh basically to upload everything. We could just put it in a tar tarball, so it will be a separate file.

F

Yeah yeah yeah. That's a good good solution.

F

Okay, no problem.

A

So then, when that, when the system uh when, when the system is supposed to install this application, it unpacks the tar and then it finds the manifest and there it gets the signature, it can calculate the signature of the oci and then compare to the manifest and then also it can check. Sorry.

F

uh If, if the oc image and signature separate divide in two parts, maybe it's not very.

F

F

It's not very convenient. Oh I I don't know how to say that.

A

Yes, but it would be in the same tar, so it would be in one archive, so it's only one file. Oh.

F

I know I know, I know.

F

A

I mean this is a proposal I mean this is the most straightforward way to do it. I guess.

A

F

Yeah yeah: that's a get good answer.

A

That's I mean when you compare that's how we do um access I'm talking about access. We do our own application platform. We have like a tar archive with uh containing uh some.

A

Configuration file which, uh which yeah it gives you the configuration for the application and then the application itself is packaged in another binary.

A

Okay, thank you. Okay, uh so let's go back to resources. Any ideas for the cpu.

A

I'm I'm not so familiar with c groups, but in c groups I think you can set percentage uh like you have different slices, so I guess each application would have its own slice and then you can. You can set a hard and soft limits for the for the slice. How many percent? I don't know if you can set a specific amount of cycles uh that this application is supposed to get or more hard definable resources.

A

And when it comes to the gpu, it's even more uh difficult to to divide it, and even some gpus is not possible to divide and some uh gpus you can divide a percentage or a certain amount and so on.

A

So it's not a very easy problem to solve this. How to express this hardware.

F

Gpu and mpu is more difficult, um because uh ziggler will have a than any controller to control the gpu and cpu. So maybe the uh there is no standardized solution to control that.

A

I've seen I've seen some work being done on the kernel side for gpu, but it's not uh it's not mainlined. Yet yeah.

E

uh Sorry, uh one question is that uh the resource uh here is describe the limitation of.

B

E

C

E

Is the requirement of the application if you want to run the application on the device.

A

Yeah, it's it's. The requirement.

E

Of the application, okay, for if it is a requirement, a ula, is described for application. It's described as what's the cpu frequency of the device requirement and as a computation resource like gpu is one altern t t p, os, uh ops or tpos right.

E

Let's describe.

F

It like this right.

A

A

Yes so, but I I think so, the difficult thing here is the cpu and uh even more difficult is uh gpu. How to express.

E

For cpu I I saw the frequency we should use the frequency right.

F

We can set a period of time to application, they can use.

F

For example, a.

F

Application can only run.

F

Two seconds in uh of 10 seconds: uh it means 20 percent.

A

Yeah, I'm sorry we are talking about different, so um so I I guess let me summarize so one idea is that we make it quite simple. With the cpu, we only say: okay, this application. It needs to run on a gigahertz, cpu or something, then I think that's quite good at it. It makes it quite simple, but because, let's say the applications say: okay, I want 25 of the cpu.

A

Then it might not run well if the cpu is uh 500 megahertz instead of the gigahertz, so it's then it it might um so I I agree with your proposal about maybe make it on the cpu just check basic hardware. If the cpu is fast enough.

E

Yeah, I mean uh technically it's very hard to to control the application right uh if either describe it need like a uh 25 cpu of like when the computation resource is 20 or 1t in the camera. We cannot control very precisely how many resource does the application to uh usage for ram or for ram or flash? Maybe it's easier but yeah. As you said, the cpu on the gpu is not easy to divide it right. Yeah.

A

Yeah, I think it's a good idea actually, so I will I'm going to start designing, designing.

E

A

Json schema, then we can have a next time. Maybe we can go into more details and then, if we go to the gpu or then maybe it does something on the same line would be the size of the gpu like in in uh megabytes or whatever. So you know this base, you know roughly the size of the model that you can load into the gpu. Would that make sense.

E

uh Sorry, could you repeat again.

A

Yeah when it comes to the gpu, let's say: okay, my application requires uh it- has a 500 megabyte uh deep learning model, so it needs to load its model to the gpu or something then.

A

The requirements is, basically, you express your model size.

A

And that that could work for other deep learning type of ships as well. I mean the size. Basically, if you have some other type of accelerator, you need some internal ram and that basically uh limits the size of the model that you can run.

D

I have one comment: um if you look at the azure and aws, they have some b core definition. Maybe we should have a look at how they define cpu resources and see if there is something that could be useful for us yeah. Where do you find it? I asked google uh quickly, you know.

D

While I listened to you and I thought that microsoft sure has a virtual core, I didn't go into all the details, but maybe to next meeting we could have a look to see if there is something we could use, that's probably for running a virtual host, so maybe maybe connect this as a cpu model. I don't know, but we are saying we could have a look before deciding to see if there is something that is usable.

A

Yes, I mean kubernetes has something for cpu and ram and so on. I don't think uh and docker has something for uh gpu, but it's nvidia specific.

D

I'm just saying the developers we are targeting maybe has some sort of knowledge about how the cloud providers are defining cpu resources and if we could, if they could feel somewhat familiar, it could be a good idea. Maybe.

A

I think when it comes to dawker it, I think it's pretty basic uh support for that. You can request you, you get.

D

Well, maybe you require that you have two cpus 50, but you need to know the generation of the hardware. So maybe you need a generation, um so you could say this is generation five generation, 6 2 have some sense of what kind of capacity the processor has yes, megahertz is not very good eye or gigahertz is not a good idea. I think.

D

A

A

I'm happy also, if someone else can do a proposal about it. uh I don't have to do everything.

A

Is there someone willing to look at some parts of this demo.

A

Okay, anyway, I'll do some uh presentation. Next time around jason schema.

A

Okay, any other comments.

A

Okay, then I move on to the next topic, which is the git structure.

A

So I made a proposal for how to reorganize the git.

A

So my idea is to keep the governance and meetings spec and then uh we create an sdk.

A

This is currently residing under containers and uh under there we put different parts of the sdk so right now it's uh opencv and tensorflow serving also, I think maybe we should put some models in the sdk so that you have, I mean just some open source models that are available, so there's a few ones that are very commonly used like.

A

Mobile net and so on, so we can put those some basic models in the sdk and then I suggest also to put examples on um on the top.

A

So right now I have made three examples: object, detector in python and then a c plus plus version and then a native layered version, that's using large apis and then the containers that's already existing and then under there we put the different uh components that are needed to run so the debuss for one that's needed by larrot and then larrot and the lyric inference server.

A

If you want to use this tensorflow serving api and then um there is larod, which is the inference server and then uh the inference engine and then this library inference server runs on top of large. If you want to have this tensorflow serving api, which is a network reply,.

A

And then, lastly, it's the reference implementation for a device, and then we have a raspberry pi implementation using open, embedded.

A

Any comments is this a good idea, or should we organize it somewhere somewhere else.

B

uh So uh frederickson, so at first, so uh the purpose of the uh access purpose of accessing accessing the git by the ai developers is to get software modules. I think, therefore, also, for example, in your list. Governance meetings are included and therefore the member internal internal information and the software modules both of them should be separated. I think.

A

Yeah, but I think it's a good idea to have everything version version controlling it, so even like the website, and so on, should be there, but it can be, it doesn't have to be um in the same.

A

uh I mean so: where do you suggest to put stuff like governance documents and so on.

B

For example, so we create another repository and the university member internal information is put on another repository, and the current repository should be the only software modules. How do you feel.

A

Yeah, I don't agree on that. I mean the governor's. Information is public information. We are a transparent organization right, so all the meeting protocols and so on. All of that.

B

Okay: okay, okay, okay, I see I see.

B

Could you could you please display uh the lists again and there? So if I remember correctly so uh you will also release the uh back end of road. So the back end of railroad where uh it back and railroad are placed on.

A

Those are also under lord, so, although yes, I mean.

A

Everything is included when you build, but you can select which parts that you want so.

E

A

B

This is uh what you mentioned right.

A

Yeah, so here are the under ships are the different ships that are supported, so here is uh to fly tpu and also opencl and other cv flow for umbrella.

A

But I think the lara team had an idea of splitting it up so that you can set that you can separate the back end from the lara service itself, but that is still not done so right now. Everything is under the same project.

A

B

Okay and in addition, so uh in the future, uh ipro uh will uh contribute uh to upload the uh reference implementation about uh kubernetes uh k3s rated implementation, so uh which part is.

B

The quantities.

A

Placement, so that would go in this structure. I mean this is not uh finalized. This is a proposal for me, so that would go. uh I mean here is the raspberry pi using uh yeah uh container d.

B

Yeah yeah yeah.

A

So you, you add more.

B

Raspberry pi.

A

B

Using kubernetes k3s like that.

A

It would be maybe just uh an x 86 host with linux. That would be another interesting reference. I guess yeah so.

B

A

um Where you can put your uh your reference.

B

In difference, okay, I understood.

A

So uh what should we do? This reorganization and.

A

Do you have any further suggestions.

B

uh So maybe the git structure is uh okay. I like this, and so uh we should start uh writing the concrete description for the each category.

B

Do you mean documentation or documentation right yeah.

A

Okay, yeah, that's something that is missing a lot actually, so I've been concentrating on the code side, so yeah we probably need some skilled technical writers.

A

B

B

Now please go ahead.

A

Yeah, I think um that's all I had for this day then, and or is there any comment from high question? Do you have any suggestions for the gift structure.

C

uh Do they need a test uh confirmation, sorry uh conformance test like this kind of yeah yeah.

A

That's also yeah you're right, that's something, and that has been I have ignored totally, but it definitely that's the sound, a part that needs to be.

A

E

Okay, yeah, have you tried to run this demo or this example on a camera aside? Have you done that before.

A

um The the example applications yeah, we have yeah, we have run on our camera, but um the examples that are here are not exactly what we are, because we are using um axis using their own, our own um back end to open cb. So then that part it's not published yet uh so.

A

Hopefully soon we can update these examples that will also run on the cameras.

A

Okay, then, I have one last thing, which is the next meeting time.

A

A

Which day is best for you guys? uh Should we continue on thursdays or like before? We had, I think, on tuesday or wednesday,.

A

So that would be like october 12, 13 or 14.

B

uh From I pro so everything is okay,.

A

So is wednesday the 13th fine. Can we take that one.

B

A

Okay, so I'll uh I'll send out an invitation for the same time slot on wednesday 13.. Thank you.

C

No problem: okay,.

B

uh So uh friezakissan, and uh so uh by the way. So uh this is a communication board topic so uh have you already uh received the invitation for the uh linux foundation meeting from.

D

B

D

Out an invitation for monday, if I remember correctly, what was it I remember, I got.

A

An invitation, at least I haven't, got any. I got email from you from your macros and that you wanted to exclude me, but I haven't got the invitation, maybe and.

B

Maybe tomorrow uh jensen will go back to our office and therefore so I hope he will send an invitation to us.

D

Yeah, maybe it was just the date. He asked the question about the date and we all said yes, yeah yeah you're correct. So we wait tomorrow.

A

D

E

Another question: uh you imagine: the uh um access camera you already can run in this dock. Ocr compatible uh container.

F

E

Do you have any idea how much resource do we need for this container.

A

For the example, containers.

F

A

um I can, I don't have a fresh number, but I can probably uh make I I I can gather some statistics for you. If you're interested okay.

E

A

All right, um that's it for this time. Thank you for joining, see you next time. Thank you very much.

C

Thank you very much.

A

F