fluffybeing · March 26, 2014 15:47
diff --git a/libcloud REPL b/libcloud REPL
 <rahulrrixe> Jc2k : I have one question \0/
 <rahulrrixe> I am trying to build a repl for apache libcloud so that a user can execute the libcloud code online
 <rahulrrixe> but these code will be executed on server so security is important thing
 <Jc2k> Daemoen: it was added to pycrypto git in Feb 2011
 <rahulrrixe> so what should i use pysandbox or restricted python for safe execution?
 <Jc2k> Daemoen: looks like it was first in pycrypto 2.5
 <Daemoen> Jc2k: yeah... found that python-crypto on el6 is *wayyyyy* behind
 <Daemoen> 2.0.1
 <Jc2k> Daemoen: welcome to el6 :)
 <Jc2k> you are probably going to have to put evverrything in virtualenv to have a chance with that thing..
 <Daemoen> or install development tools and use pip to install reqs, lol
 * Jc2k shudders
 <Daemoen> im almost tempted to use a fedora 20 instance as my control machine for ansible and things... i dont normally use fedora for infrastructure services, but since we are using google compute, i need to be able to manage it efficiently with ansible
 <Jc2k> rahulrrixe: a REPL would be nice but i think you should write a plan before making any code for this
 <Jc2k> for example, what API calls will you actually be able to make?
 <rahulrrixe> it would be only for libcloud and its dependency
 <Jc2k> but you can do a lot of things with that
 <Jc2k> and i wouldnt use it - i'd have to give it API credentials
 <Jc2k> thats like giving it my password
 <rahulrrixe> ok 
 <rahulrrixe> so one have to login first and then use repl
 <Jc2k> login how?
 <rahulrrixe> we can give them some secret_key 
 <rahulrrixe> this would be really challenging as everyone will put their security key and we need to secure them
 <Jc2k> yes
 <Jc2k> which is why i think its a nice to have, but there are more important things to be working on
 <rahulrrixe> I made a sample app that run python code on server
 <rahulrrixe> so i thought it would be nice to integerate it on libcloud
 <Jc2k> there is quite a long way between a sample app and something that secure and sustainable
 <rahulrrixe> Can you suggest some solutions or if we want to integerate this in future how we can proceed?
 <rahulrrixe> just starting steps so that i will work on it during free time :)
 <rahulrrixe> yeah you are absolutely right i read several blogs about security failures with online consoles.
 <Jc2k> 1, think about where it will be hosted. the libcloud website is hosted on Apache infrastructure. we can't just install random stuff on there.
 <rahulrrixe> no we will host it on google app engine platform
 <rahulrrixe> with libcloud dependency installed and will embed app this into the site
 <Jc2k> you can't just decide that - it'd have to be voted on by our PMC. we might not want to use a non-free cloud for parts of our website, for example.
 <rahulrrixe> similar to http://live.sympy.org/
 <Jc2k> 2, encryption
 <rahulrrixe> Jc2k: ok
 <Jc2k> i dont want my secret_key going over the wire in plain text
 <rahulrrixe> yeah ssl encryption will be needed with https connection. 
 <Jc2k> 3, the difference between sympy and libcloud is that i have to put a secret_key in there to do anything useful. i dont post my credentials that can cost me lots into websites.
 <Jc2k> what if there is a bug or a network glitch and when i do a create_node call the server runs it multiple times?
 <rahulrrixe> now It seems that REPL for libcloud is not a good idea for now, I need to look into more detailed security and network aspects of it.
 <rahulrrixe> Jc2k : I will dig more about security and network issues and will create plan first and then discuss with the community
 <Jc2k> that sounds good
 <Jc2k> http://lwn.net/Articles/574323/
 <Jc2k> has some thoughts on pysandbox and its limitations
 <rahulrrixe> I read this article in morning
 <Jc2k> he is one of the developers
 <Jc2k> and one of his points is
 <Jc2k> pysandbox cannot be used in practice
 <rahulrrixe> yup
 * rocker has quit (Ping timeout: 265 seconds)
 * ptone_ has quit (Ping timeout: 265 seconds)
 * ptone_ (ptone@2604:180:1::f01:fce6) has joined #libcloud
 <rahulrrixe> Jc2k : pypy sandbox provide the full security, because it uses jit compiler and run whole python process in sandbox environment. http://pypy.org/index.html
 * rocker ([email protected]) has joined #libcloud
 <Jc2k> rahulrrixe: does that alter your plan to use app engine?
 <rahulrrixe> Jc2k : maybe, i don't know because i still can't say. We can not host this on Apache infrastructure because there might be security loopholes which is unknown, can we host the app on some open-source cloud platform.
 <Jc2k> if there might be security loopholes, what about the safety of peoples credentials?
 <rahulrrixe> Jc2k : these security credentials are sent using https connections, we can send similarly in our ajax requests 
 <rahulrrixe> repl will take input and send this to the app in https request and then the app will reply
 <Jc2k> and if the app is exploited to then doing something evil with that? what steps will you take to protect my security credentials?
 <rahulrrixe> I mean to say that we will be executing this on a server for one time no credential will be stored on the server.   
 <Jc2k> i think conceptually i have a hard time with anything where i have to handover credentials to a random REPL. it seems inherently risky. but as a potential end user and as someone on the PMC who will probably have to deal with repurcussions of it going wrong.
 <Jc2k> *but -> both
 <rahulrrixe> like we run libcloud on local machine
 <rahulrrixe> Jc2k : yeah, I am trying to figure out its possibility and you gave me really great insight
 <Jc2k> i would rather have a mock REPL where i didnt have to hand over credentials. like using the dummy driver
 <rahulrrixe> yeah that is nice idea
 <Jc2k> so i create_node and then when i call list_node i see my change, but its not actually backed up by real machines
 <rahulrrixe> yeah with dummy credentials
 <rahulrrixe> So that user can atleast see all the capabilities of the libcloud
 <rahulrrixe> and can mock this on their local machine
 <rahulrrixe> this is cool :)
 <Jc2k> a plus side of this is that some of our dummy drivers would need improving to fully roundtrip (e.g. if i call create_node, do i see a new node appear in list_nodes? if i destroy the node, does it disappear)
 <Jc2k> and that would be good for tests
 <Jc2k> and for integrators
 <rahulrrixe> yeah, 
 <rahulrrixe> means make a REPL bot for libcloud.
 <Jc2k> i dont know what you mean. but im getting ready for work now. so ttfn.
 <rahulrrixe> Jc2k : thanks :)
	<rahulrrixe> Jc2k : I have one question \0/
	<rahulrrixe> I am trying to build a repl for apache libcloud so that a user can execute the libcloud code online
	<rahulrrixe> but these code will be executed on server so security is important thing
	<Jc2k> Daemoen: it was added to pycrypto git in Feb 2011
	<rahulrrixe> so what should i use pysandbox or restricted python for safe execution?
	<Jc2k> Daemoen: looks like it was first in pycrypto 2.5
	<Daemoen> Jc2k: yeah... found that python-crypto on el6 is wayyyyy behind
	<Daemoen> 2.0.1
	<Jc2k> Daemoen: welcome to el6 :)
	<Jc2k> you are probably going to have to put evverrything in virtualenv to have a chance with that thing..
	<Daemoen> or install development tools and use pip to install reqs, lol
	* Jc2k shudders
	<Daemoen> im almost tempted to use a fedora 20 instance as my control machine for ansible and things... i dont normally use fedora for infrastructure services, but since we are using google compute, i need to be able to manage it efficiently with ansible
	<Jc2k> rahulrrixe: a REPL would be nice but i think you should write a plan before making any code for this
	<Jc2k> for example, what API calls will you actually be able to make?
	<rahulrrixe> it would be only for libcloud and its dependency
	<Jc2k> but you can do a lot of things with that
	<Jc2k> and i wouldnt use it - i'd have to give it API credentials
	<Jc2k> thats like giving it my password
	<rahulrrixe> ok
	<rahulrrixe> so one have to login first and then use repl
	<Jc2k> login how?
	<rahulrrixe> we can give them some secret_key
	<rahulrrixe> this would be really challenging as everyone will put their security key and we need to secure them
	<Jc2k> yes
	<Jc2k> which is why i think its a nice to have, but there are more important things to be working on
	<rahulrrixe> I made a sample app that run python code on server
	<rahulrrixe> so i thought it would be nice to integerate it on libcloud
	<Jc2k> there is quite a long way between a sample app and something that secure and sustainable
	<rahulrrixe> Can you suggest some solutions or if we want to integerate this in future how we can proceed?
	<rahulrrixe> just starting steps so that i will work on it during free time :)
	<rahulrrixe> yeah you are absolutely right i read several blogs about security failures with online consoles.
	<Jc2k> 1, think about where it will be hosted. the libcloud website is hosted on Apache infrastructure. we can't just install random stuff on there.
	<rahulrrixe> no we will host it on google app engine platform
	<rahulrrixe> with libcloud dependency installed and will embed app this into the site
	<Jc2k> you can't just decide that - it'd have to be voted on by our PMC. we might not want to use a non-free cloud for parts of our website, for example.
	<rahulrrixe> similar to http://live.sympy.org/
	<Jc2k> 2, encryption
	<rahulrrixe> Jc2k: ok
	<Jc2k> i dont want my secret_key going over the wire in plain text
	<rahulrrixe> yeah ssl encryption will be needed with https connection.
	<Jc2k> 3, the difference between sympy and libcloud is that i have to put a secret_key in there to do anything useful. i dont post my credentials that can cost me lots into websites.
	<Jc2k> what if there is a bug or a network glitch and when i do a create_node call the server runs it multiple times?
	<rahulrrixe> now It seems that REPL for libcloud is not a good idea for now, I need to look into more detailed security and network aspects of it.
	<rahulrrixe> Jc2k : I will dig more about security and network issues and will create plan first and then discuss with the community
	<Jc2k> that sounds good
	<Jc2k> http://lwn.net/Articles/574323/
	<Jc2k> has some thoughts on pysandbox and its limitations
	<rahulrrixe> I read this article in morning
	<Jc2k> he is one of the developers
	<Jc2k> and one of his points is
	<Jc2k> pysandbox cannot be used in practice
	<rahulrrixe> yup
	* rocker has quit (Ping timeout: 265 seconds)
	* ptone_ has quit (Ping timeout: 265 seconds)
	* ptone_ (ptone@2604:180:1::f01:fce6) has joined #libcloud
	<rahulrrixe> Jc2k : pypy sandbox provide the full security, because it uses jit compiler and run whole python process in sandbox environment. http://pypy.org/index.html
	* rocker ([email protected]) has joined #libcloud
	<Jc2k> rahulrrixe: does that alter your plan to use app engine?
	<rahulrrixe> Jc2k : maybe, i don't know because i still can't say. We can not host this on Apache infrastructure because there might be security loopholes which is unknown, can we host the app on some open-source cloud platform.
	<Jc2k> if there might be security loopholes, what about the safety of peoples credentials?
	<rahulrrixe> Jc2k : these security credentials are sent using https connections, we can send similarly in our ajax requests
	<rahulrrixe> repl will take input and send this to the app in https request and then the app will reply
	<Jc2k> and if the app is exploited to then doing something evil with that? what steps will you take to protect my security credentials?
	<rahulrrixe> I mean to say that we will be executing this on a server for one time no credential will be stored on the server.
	<Jc2k> i think conceptually i have a hard time with anything where i have to handover credentials to a random REPL. it seems inherently risky. but as a potential end user and as someone on the PMC who will probably have to deal with repurcussions of it going wrong.
	<Jc2k> *but -> both
	<rahulrrixe> like we run libcloud on local machine
	<rahulrrixe> Jc2k : yeah, I am trying to figure out its possibility and you gave me really great insight
	<Jc2k> i would rather have a mock REPL where i didnt have to hand over credentials. like using the dummy driver
	<rahulrrixe> yeah that is nice idea
	<Jc2k> so i create_node and then when i call list_node i see my change, but its not actually backed up by real machines
	<rahulrrixe> yeah with dummy credentials
	<rahulrrixe> So that user can atleast see all the capabilities of the libcloud
	<rahulrrixe> and can mock this on their local machine
	<rahulrrixe> this is cool :)
	<Jc2k> a plus side of this is that some of our dummy drivers would need improving to fully roundtrip (e.g. if i call create_node, do i see a new node appear in list_nodes? if i destroy the node, does it disappear)
	<Jc2k> and that would be good for tests
	<Jc2k> and for integrators
	<rahulrrixe> yeah,
	<rahulrrixe> means make a REPL bot for libcloud.
	<Jc2k> i dont know what you mean. but im getting ready for work now. so ttfn.
	<rahulrrixe> Jc2k : thanks :)