[linux-elitists] Congruent Infrastructure (was: Re: Surveillance)

Eugen Leitl eugen at leitl.org
Sun Sep 8 09:49:03 PDT 2013


----- Forwarded message from Andy Bennett <andyjpb at ashurst.eu.org> -----

Date: Sun, 08 Sep 2013 17:14:01 +0100
From: Andy Bennett <andyjpb at ashurst.eu.org>
To: Marc MERLIN <marc at merlins.org>
Cc: linux-elitists at zgp.org
Subject: [linux-elitists] Congruent Infrastructure (was: Re: Surveillance)
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130116 Icedove/10.0.12

Hi,

>> Which means I need to set up that build the source
>> package and check that the binaries match thing.
>> Anyone doing this already for your favorite
>> distribution?
>  
> I did that at google for our distribution that runs in production,
> well more specifically we don't run upstream binaries at all. We've
> re-bootstrapped our own distribution, maintain and compile our own openssl,
> openssh and so forth.
> 
> We also have mostly binary invariant builds, and yes that was work, we had
> to patch stuff for sure.
> However, that process didn't tell us if the upstream binaries were the same
> because we modified most of our source to be leaner and compiled differently
> than upstream.

> Home page: http://marc.merlins.org/

I notice you did this:

http://marc.merlins.org/linux/talks/getupdates/


I'd be very interested in your views on things such as Puppet or Chef: I
myself have been very skeptical of them. Some of the issues are outlined
in this blog post (not by me):

http://blog.thestateofme.com/2013/04/30/an-adventure-with-chef/


It seems that all the evangelists for such things have never heard of
things like MIT Athena and http://www.infrastructures.org/ and don't
seem to know much about the underlying theory.

infrastructures.org describes a system similar to the one in your
slides, albeit using slightly older technology.


I'd be interested in your thoughts on "congruent infrastructure
management" especially around the issues of avoiding divergence, proving
convergence and recovery from failure that doesn't involve wiping the
machine.







Regards,
@ndy

-- 
andyjpb at ashurst.eu.org
http://www.ashurst.eu.org/
0x7EBA75FF

_______________________________________________
Do not Cc: anyone else on mail sent to this list.  The list server is set for maximum one recipient.
linux-elitists mailing list
linux-elitists at zgp.org
http://zgp.org/cgi-bin/mailman/listinfo/linux-elitists

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5



More information about the cypherpunks mailing list