<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-AU" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">I always encourage customers to make security a priority.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">One very simple thing you would be able to do when running up such an AMI for research and learning purposes would be to lockdown the
Security Group around the EC2 instance to only accept incoming traffic from your laptop/workstation that you are connecting from.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">See
<a href="https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html">
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Regards<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#44546A">John</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"> Cameron Shorter <cameron.shorter@gmail.com>
<br>
<b>Sent:</b> Tuesday, 15 January 2019 10:50 PM<br>
<b>To:</b> osgeolive@lists.osgeo.org<br>
<b>Cc:</b> Bruce Anger <bruceanger@gmail.com>; Hildebrandt, John <johnhild@amazon.com><br>
<b>Subject:</b> Re: [OSGeoLive] OSGeoLive Cloud -- (was Budget 2019)<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p>During the FOSS4G Oceania community day, Bruce Anger and John Hildebrandt made great progress toward running OSGeoLive in AWS.<o:p></o:p></p>
<p>Bruce's notes are here: <a href="https://docs.google.com/document/d/12Hix3gAlOkbpyBj9EjOza-JLMEvS6l135Z-Hpuw7ZlU/edit?ts=5bf77367">
https://docs.google.com/document/d/12Hix3gAlOkbpyBj9EjOza-JLMEvS6l135Z-Hpuw7ZlU/edit?ts=5bf77367</a><o:p></o:p></p>
<p>James, your points are valid when considering setting up a production server. However, if we initially limit the target use case to a workshop/demo type setting, with nothing on the VM to be considered of value, then I assume security should be able to be
ignored.<o:p></o:p></p>
<p>(A future iteration could address security). <o:p></o:p></p>
<p>Brian, I probably should have been more specific about the use case I was suggesting.<o:p></o:p></p>
<p>Cheers, Cameron<o:p></o:p></p>
<div>
<p class="MsoNormal">On 15/1/19 4:09 am, James Klassen wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal">Technically, I suspect it would be relatively easy to convert the OSGeoLive VM image into the formats accepted by various cloud providers.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">My main concern is that historically OSGeoLive has been setup prioritizing ease of use on a single user machine to let a new user explore and learn the software with as few hurdles as possible. This seems in fundamental conflict with best
practices for putting a server on the open internet (in the cloud or otherwise).
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">For example, we have easily guessable and well documented passwords, generally permissive permissions in applications and on the filesystem, unrestrictive firewall, way more than the minimum software installed than is needed for any given
task (increasing attack surface area), ... <o:p></o:p></p>
<div>
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I think we would need to put some serious thought into how to secure an OSGeoLive cloud image and what that might mean for usability.<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Sun, Jan 13, 2019, 20:04 Brian M Hamlin <<a href="mailto:maplabs@light42.com">maplabs@light42.com</a> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<p style="margin:0cm;margin-bottom:.0001pt">Hi All --<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"> <o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt">> <span style="background:white">creating a "OSGeoLive in the Cloud" instance</span><o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"> <o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"> It might be said that OSGeoLive is ...<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"> <o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt">- a flagship for OSGeo dot org<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt">- a proof-of-work for UbuntuGIS integration<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt">- a service to all of the member software projects, incubated or others<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"> literally multiplying the leverage of interoperable data toolchains when combined<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt">- a service to all of the science communities worldwide, in all major human languages<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt">- a service to students of all kinds, in all places touched by technology<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"> ... others not mentioned<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"> <o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt">So, what might a "cloud" OSGeoLive be ? news flash, many long-standing projects now<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt">included on OSGeoLive are quite active in the cloud and continue to be..<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"> <o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt">Major cloud players say - Ubuntu OS is the most popular cloud service OS by number of customers<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt">OSGeoLive is already an Ubuntu platform project. so ....<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"> <o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt">companies handling geospatial data chains are already using directly, UbuntuGIS PPA to build...<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt">Some.. but another fact .. Docker technology easily runs Ubuntu PPA systems on a RedHat base, today.<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt">The Docker container shares the kernel only with the host, while the rest of the OS layers are Debian/Ubuntu.<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"> <o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt">Is there an economic arguement to be made, with respect to a "cloud" OSGeoLive ?<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt">I find many economic arguements to be badly self-contradicting, when viewed broadly.. <o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"> <o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt">The OSGeoLive project has continuity and serious utility.. beyond that, opinions vary widely..<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt">Is a "cloud" OSGeoLive the right move ? with what resources ? open questions<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"> <o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"> best regards from Berkeley, California<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"> -Brian M Hamlin darkblue_b dbb<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"> <o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"> <o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"><br>
On Sun, 13 Jan 2019 20:23:28 +1100, Cameron Shorter <<a href="mailto:cameron.shorter@gmail.com" target="_blank">cameron.shorter@gmail.com</a>> wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid black 1.5pt;padding:0cm 0cm 0cm 4.0pt;margin-left:3.75pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<p class="MsoNormal" style="margin-bottom:12.0pt">I'm really hopeful that we'll see some people follow through with
<br>
creating a "OSGeoLive in the Cloud" instance which could be spun up and <br>
used during training sessions. (This could be a great Google Season of <br>
Code topic). I think this could be done with free developer AWS <br>
instances, but it would be good to have access to budget if required to <br>
support a first deployment.<br>
<br>
Also, it would be good to have discretionary funding to pay for <br>
OSGeoLive USBs for conferences that ask for it during the year. Maybe do <br>
a print run of 500 to 1000 USBs (That would be 50 to 100 USBs at an <br>
OSGeo table at a conference/workshop/code sprint, for 10 to 20 events).<br>
<br>
On 13/1/19 3:11 am, Astrid Emde (OSGeo) wrote:<br>
> Hello folks,<br>
><br>
> yes - it is time to think about the budget for 2019.<br>
><br>
<br>
-- <br>
Cameron Shorter<br>
...<o:p></o:p></p>
</blockquote>
<p><br>
--<br>
Brian M Hamlin<br>
OSGeo California<br>
<a href="http://blog.light42.com" target="_blank">blog.light42.com</a><o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"> <o:p></o:p></p>
</div>
<p class="MsoNormal">_______________________________________________<br>
osgeolive mailing list<br>
<a href="mailto:osgeolive@lists.osgeo.org" target="_blank">osgeolive@lists.osgeo.org</a><br>
<a href="https://lists.osgeo.org/mailman/listinfo/osgeolive" target="_blank">https://lists.osgeo.org/mailman/listinfo/osgeolive</a><o:p></o:p></p>
</blockquote>
</div>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>osgeolive mailing list<o:p></o:p></pre>
<pre><a href="mailto:osgeolive@lists.osgeo.org">osgeolive@lists.osgeo.org</a><o:p></o:p></pre>
<pre><a href="https://lists.osgeo.org/mailman/listinfo/osgeolive">https://lists.osgeo.org/mailman/listinfo/osgeolive</a><o:p></o:p></pre>
</blockquote>
<pre>-- <o:p></o:p></pre>
<pre>Cameron Shorter<o:p></o:p></pre>
<pre>Technology Demystifier<o:p></o:p></pre>
<pre>Open Technologies and Geospatial Consultant<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>M +61 (0) 419 142 254<o:p></o:p></pre>
</div>
</body>
</html>