Current location

narf Source control manager Git

summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOlivier Mehani <shtrom@ssji.net>2018-01-23 13:15:40 +1100
committerOlivier Mehani <shtrom@ssji.net>2018-01-23 13:15:40 +1100
commit4a530cdcefac1043b52a597886a066fe148b60a2 (patch)
treef821a245b2940126a61bfe244cc28efc9e87a845
parent3da1c6728643b7c4bd541aabe980ad0f80cb1838 (diff)
[2018lcn] Tuesday morning
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
-rw-r--r--2018lca/2018lca.tex220
-rw-r--r--2018lca/IMG_20180122_153207.jpgbin473692 -> 71428 bytes
-rw-r--r--2018lca/IMG_20180122_153453.jpgbin491509 -> 84961 bytes
-rw-r--r--2018lca/IMG_20180122_162909.jpgbin372416 -> 60100 bytes
4 files changed, 220 insertions, 0 deletions
diff --git a/2018lca/2018lca.tex b/2018lca/2018lca.tex
index f22cd9c..7637e65 100644
--- a/2018lca/2018lca.tex
+++ b/2018lca/2018lca.tex
@@ -258,6 +258,226 @@ Why would one need access to a bio hacking lab?
\section{Tuesday}
+\subsection{Keynote: Open Source Pharma --- Matthew Todd}
+
+\begin{itemize}
+ \item Needed to find a cheap way to create a medication against Malaria (water-born
+ parasite, e.g., from lake Malawi), so only the active molecule remains
+ \item Created an online lab notebook to demonstrate early activity and raise
+ awareness
+ \item People started contributing, 75\% from the private sector, from their
+ own lab
+ \item Posted a request for help on Linked In
+ \item OpenInnovation is not OpenScience: industrial give out a problem they
+ don't have a solution to, let people work on it, buy the solution
+ \item 6 rules of Open Science
+ \begin{itemize}
+ \item All data are open and all ideas are shared
+ \item Anyone cane take part\ldots
+ \item \ldots
+ \end{itemize}
+ \item Lot of reliance on Open Access
+ \item Non-conclusive experiments are parked, but the data is available for
+ anyone to resume
+ \item Lab notebook \begin{itemize}
+ \item Post results every day
+ \item Todo list (used Github issue tracker)
+ \item Data in Google Sheet (400--500 molecules)
+ \item Twitter feed to reach ouf to people
+ \end{itemize}
+ \item Open Source is technology for the process (as would be another piece of
+ physical equipment)
+ \item Molecules are at the level where industrials would patent it (works on
+ mice)
+ \begin{itemize}
+ \item Don't know why the molecule works, though
+ \item Think that the molecules inhibit an iron (?) pump in the parasite
+ \item There actually are 30 molecules
+ \item All public domain
+ \end{itemize}
+ \item Big input from Big Pharma (not the company, but the scientists;
+ companies are happy for PR returns)
+ \begin{itemize}
+ \item Need to deal with SNAFUs publicly
+ \item Need to be careful with people's reputations
+ \end{itemize}
+ \item Demonstration: Sydney high school students recreated the drug that
+ Martin Shkreli was charging \$100,000 for
+ \item Next targets for Open Source Malaria
+ \begin{itemize}
+ \item Scientific: Preclinical trials
+ \item Community: More official industry Pro Bono
+ \item \ldots
+ \end{itemize}
+ \item Missing bits
+ \begin{itemize}
+ \item Auto linking of molecules (like Github issues)
+ \item Publish the Google sheet data to public databases
+ \item Stickers
+ \item Non-profit?
+ \item Create a narative: wiki that can be published
+ \end{itemize}
+ \item New project: OS Mycetoma (fungus growing under the skin; treatment is
+ amputation)
+ \item The Drugs for Neglected Diseases Initiative (DNDI) is considering Open
+ Source as best option
+ \item Who's gonna pay?
+ \begin{itemize}
+ \item VCs do invest in Open Source development
+ \item Need to promise that people can make their money back
+ \item Suggestion: Data exclusivity: 6 years monopoly after paying for the
+ human trials
+ \end{itemize}
+\end{itemize}
+
+\subsection{Containers Miniconf}
+
+\subsubsection{Day 2 Operations with Containers: Myth vs. Reality --- Elizabeth
+ K. Joseph}
+
+\begin{itemize}
+ \item Apache Mesos
+ \item Myths
+ \begin{itemize}
+ \item Containers will solve all your problems
+ \begin{itemize}
+ \item You still have to maintain them (upgrades, \ldots)
+ \item You need a debugging service so the logs don't disppear when the
+ container ups and dies
+ \end{itemize}
+ \item Green fields, everything from scratch
+ \begin{itemize}
+ \item Lots of legacy tooling and infrastructure
+ \end{itemize}
+ \item Everything is already automated
+ \begin{itemize}
+ \item The APIs are there
+ \item but you need to write automation
+ \item Logging, metrics, monitoring
+ \end{itemize}
+ \item No more planning
+ \end{itemize}
+ \item Truths
+ \begin{itemize}
+ \item High-reliability is easy
+ \end{itemize}
+ \item Tools
+ \begin{itemize}
+ \item Sysdig Monitoring
+ \end{itemize}
+ \item Must haves
+ \begin{itemize}
+ \item Upgrade strategy
+ \item Backups
+ \item Disaster recovery --- tested
+ \item Metrics collection and monitoring
+ \item Centralised logging
+ \end{itemize}
+\end{itemize}
+
+\subsubsection{Designing scalable production Kubernetes clusters on AWS --- Nick Young}
+
+\begin{itemize}
+ \item Founder of the Kubernetes Infrastructure Technology Team (KITT) at Atlassian
+ \item Objective: a set of clusters that could run at least 95\% of compute
+ workloads at Atlassian
+ \item Storage and persistence outside of the containers
+ \item Nick's rule of designing stuff: design out the biggest problem you know about,
+ so you can find new and interesting ones later
+ \item Problems to solve
+ \begin{itemize}
+ \item Manage blast radius $\rightarrow$ layer cake with strong isolation
+ \begin{itemize}
+ \item FLAG: base AWS config, VPCs, subnets, VGWs, security groups
+ \item KARR: all compute, control plain, etcd; stands up an apisever
+ endpoint and nothing else
+ \item Goliath: all config inside Kube, including, RBAC, PSP, \ldots;
+ including on-demand short-lived SSL certs between services
+ \end{itemize}
+ \item Cattle, not pets $\rightarrow$ immutable infrastructure
+ \begin{itemize}
+ \item Controllers and nodes: ASG, cycled or autoscaled
+ \item etcd servers: named milk cows
+ \item Rebuild a cluster in less than half an hour
+ \end{itemize}
+ \item Manage dependencies $\rightarrow$ can only depend on AWS stuff
+ \begin{itemize}
+ \item Make certificate management tractable: secrets stored in private
+ S3 buckets secured with IAM rolese
+ \end{itemize}
+ \end{itemize}
+\end{itemize}
+
+\subsubsection{Becoming the Admiral: mastering Docker orchestration --- Alistair
+ Chapman}
+
+\begin{itemize}
+ \item Monitoring container workload
+ \begin{itemize}
+ \item Collect logs on the side
+ \end{itemize}
+ \item Adapting team processes and tools
+ \begin{itemize}
+ \item Dockly
+ \item ctop
+ \end{itemize}
+ \item Securing containers
+ \begin{itemize}
+ \item Don't trust random images
+ \item Rules-based security: capsule8 allows to monitor low-level events in
+ the containers (syscalls, file accesses, \ldots)
+ \end{itemize}
+ \item How to integrate
+ \begin{itemize}
+ \item Throwing Docker (or Kube, or OpenShift) at a problem is not a
+ solution unless you build infrastucture around it
+ \item Need to build the stack inside AND outside of the containers
+ \end{itemize}
+\end{itemize}
+
+\subsubsection{Migrating to the cloud --- Devdas Bhagat}
+
+\begin{itemize}
+ \item Cloud considerations
+ \begin{itemize}
+ \item Scaling
+ \item Variability on demand
+ \item Legal issues depending on physical host counties
+ \end{itemize}
+ \item Choices
+ \begin{itemize}
+ \item Already moving to Docker and microservices
+ \item Moving from Mesos to Kube was easy
+ \item Google Cloud is a slightly better choice than AWS
+ \end{itemize}
+ \item IPv6: Google does not put their money where their mouth is
+ \item Conclusion
+ \begin{itemize}
+ \item Cloud migration is a business decision
+ \item Not a cost-cutting decision
+ \item Outsourcing: your priorities are not their priorities
+ \end{itemize}
+\end{itemize}
+
+\subsubsection{Puppet in the cloud --- Jethro Carr}
+
+\begin{itemize}
+ \item 200 servers in AWS managed with Puppet
+ \item Configuration management
+ \begin{itemize}
+ \item Quick, reliable, repeatable provisionning of servers
+ \item Automatic provisioning
+ \item Consistency and auditabilitiy
+ \end{itemize}
+ \item Why do you care with Docker/Kube/ECS/\ldots?
+ \item Security issue
+ \begin{itemize}
+ \item if an attacker ows a server, it can request creds from the Puppet server
+ \item autosigning is very dangerous if you get it wrong
+ \item check whether a server is allowed to get the signature
+ \end{itemize}
+\end{itemize}
+
\section{Wednesday}
\section{Thursday}
diff --git a/2018lca/IMG_20180122_153207.jpg b/2018lca/IMG_20180122_153207.jpg
index 728f08d..a10d0be 100644
--- a/2018lca/IMG_20180122_153207.jpg
+++ b/2018lca/IMG_20180122_153207.jpg
Binary files differ
diff --git a/2018lca/IMG_20180122_153453.jpg b/2018lca/IMG_20180122_153453.jpg
index c81ad2e..347e3d3 100644
--- a/2018lca/IMG_20180122_153453.jpg
+++ b/2018lca/IMG_20180122_153453.jpg
Binary files differ
diff --git a/2018lca/IMG_20180122_162909.jpg b/2018lca/IMG_20180122_162909.jpg
index b1bbbed..fec470f 100644
--- a/2018lca/IMG_20180122_162909.jpg
+++ b/2018lca/IMG_20180122_162909.jpg
Binary files differ