<paulproteus>
It has a nice motto: "freeing the web one face at a time"
<paulproteus>
I don't think it solves problems we particularly have, though.
<paulproteus>
But hey, maybe people can run their Libravatar endpoints on Sandstorm one day (-:
<paulproteus>
Maybe I can get him to write a driver....
<paulproteus>
(That's short for Libre-avatar )
<ocdtrekkie>
So, paulproteus, is this meant to just save you having to add your profile picture to every web account you have, or what exactly does it do?
<ocdtrekkie>
I mean, in the current discussion, if Sandstorm keeps people's avatars, it can pass them through the API. And it can get them from Google or Github, and inevitably, users can set them directly in Sandstorm from a user panel at some point.
<paulproteus>
The idea for Libravatar is to be like Gravatar in that it saves you from having to add your profile picture to every web account you have, and to be unlike Gravatar in that you can be the one to actually _serve_ that file out, since Libravatar federates via DNS.
<paulproteus>
In this sense, Libravatar is more of a protocol than a web service.
<ocdtrekkie>
Do sites have to specifically look for Libravatar then?
<paulproteus>
(As I understand it.)
<paulproteus>
Yeah -- it requires code changes to apps to support Libravatar.
<paulproteus>
I don't think it's a super compelling thing, but I like to mention it as a different way to solve the same problem Gravatar solves.
<ocdtrekkie>
paulproteus: I just am not sure why you'd use it over like... putting your profile picture on your server somewhere. Since if you self-host Libravatar, you have to give it a URL anyways.
<ocdtrekkie>
Iunno.
<ocdtrekkie>
I'm weird. I don't see Gravatar as a thing that "solves a problem", because I never saw "no profile picture" as a problem. :P
<ocdtrekkie>
Or, I guess Gravatar lets you upload other pictures, but I've actually never seen that done. I just g et whatever random square pattern thingies it makes. To me, that's what Gravatar is. :P
natea has joined #sandstorm
<zarvox>
Hrm. Etherpad appears to use eval(). (As things that use require.js often will.)
<zarvox>
This would violate the desired security policy. :S
<zarvox>
Ditto Ethercalc.
<zarvox>
Perhaps we just have to allow eval(), since too many useful things will need it.
<kentonv>
yes, I think we can't turn off things like eval or inline script, etc. But in any case our goal is to block cross-origin requests.
<dwrensha>
name idea: gathering.sandstorm.io
<paulproteus>
(I haven point, I just want to say) magic: the sandstorm
darius has quit [Ping timeout: 250 seconds]
darius has joined #sandstorm
paroneayea has quit [Read error: Connection reset by peer]
gopar has joined #sandstorm
paroneayea has joined #sandstorm
<ocdtrekkie>
lol paulproteus
<ocdtrekkie>
I found a Meteor project for playing Magic games actually. :D
<ocdtrekkie>
It has to call outside resources though!
<ocdtrekkie>
(It pulls card images from Wizards of the Coast. It'd be impractical to store all of the MTG card images in an app.)
<paulproteus>
i,i Magic the Gathering driver
<ocdtrekkie>
lol
<ocdtrekkie>
Well, just a generic thing that can be tightly set to only request access to Wizards' images subdomain.
ragesoss has quit [Ping timeout: 256 seconds]
ragesoss has joined #sandstorm
jadewang has quit [Remote host closed the connection]
<kentonv>
lol, I was sitting hear, freaking out wondering why every time I told vagrant to shut down all these VMs, they kept coming back up. I started killing virtualbox processes but they'd just come back.
<kentonv>
realized Blackrock was still running.
<kentonv>
*facepalm*
gopar has quit [Quit: Leaving]
<ocdtrekkie>
lol
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 256 seconds]
ArcTanSusan has joined #sandstorm
<zarvox>
kentonv: self-healing considered strong!
[d__d] has quit [Ping timeout: 246 seconds]
darius has quit [Ping timeout: 240 seconds]
[d__d] has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 252 seconds]
ArcTanSusan has quit [Quit: ArcTanSusan]
<XgF>
ocdtrekkie: Libravatar (seriously, can people stop calling their projects /Libr.*/? Worst naming system ever) does (DNS?) discovery so it can go from "me@example.com" to the correct avatar
<XgF>
And does Sandstorm providing avatars actually solve the problem for Wordpress (where random people can comment on your Wordpress blog)?
<XgF>
Of course, random people will be commenting via the public view, so...
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 265 seconds]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 265 seconds]
mort___ has joined #sandstorm
joshbuddy has quit [Quit: joshbuddy]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 264 seconds]
mort___ has quit [Quit: Leaving.]
amyers has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 244 seconds]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 265 seconds]
jadewang has joined #sandstorm
natea has quit [Quit: natea]
jadewang has quit [Ping timeout: 240 seconds]
dwrensha has quit [Ping timeout: 246 seconds]
mort___ has joined #sandstorm
natea has joined #sandstorm
natea has quit [Ping timeout: 246 seconds]
dwrensha has joined #sandstorm
natea has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 250 seconds]
darius has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 246 seconds]
<ocdtrekkie>
XgF: While the public can't comment it doesn't matter. ;)
<ocdtrekkie>
But I do suppose that'd be an example of where Gravatar has a use. But then, is the public view sandboxed?
<ocdtrekkie>
I suppose right now, while it only does static content, it doesn't matter.
natea has quit [Quit: natea]
bb010g has quit [Quit: Connection closed for inactivity]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 265 seconds]
jadewang has joined #sandstorm
kentonv has quit [Quit: Leaving]
kentonv has joined #sandstorm
<dwrensha>
Hm. What happens if an app calls stayAwake(info, notification) and arranges that notification.cancel() never returns?
<dwrensha>
Does the background task become uncancellable?
<kentonv>
probably the correct thing is for the app to be marked "not backgrounded" before forwarding cancel() to the app. Can't remember if that's what the code does.
<kentonv>
(that effectively sets a timeout)
<dwrensha>
I see that the notification is emoved from the Notifications collection before cancel() is forwarded.
<dwrensha>
*remove
<dwrensha>
d
joshbuddy has joined #sandstorm
<dwrensha>
It seems that notification handles saved in ApiTokens ought to have the field `owner : frontend`
natea has joined #sandstorm
<kentonv>
dwrensha: the handle isn't owned by the frontend. The handle is held by the grain, then dropped when it is done.
<kentonv>
the OngoingNotification is held by the frontend, though.
<kentonv>
owned, that is
<dwrensha>
I'm running jparyani's test app
<dwrensha>
looks like it makes two entries in ApiTokens
<dwrensha>
the owner of one is "grain: ..."
<dwrensha>
the other doesn't have an owner
<dwrensha>
which, according to our docs, means that it is a webkey
<dwrensha>
which seems obviously wrong
<kentonv>
the second one is probably the OngoingNotification. I agree that it should be listed as owned by the front-end.
<kentonv>
yeah that one _should_ be owned by the front-end. I guess we have some confusion about owner vs. provider.
asmyers has quit [Remote host closed the connection]
<kentonv>
nice work catching this.
<posix4e>
I'm so confused about the https story of sandcats. It doesn't seem on by default
asmyers has joined #sandstorm
<kentonv>
posix4e: unfortunately we aren't a CA
<posix4e>
Makes sense
<kentonv>
you'd think issuing certificates for your own subdomains would be easy but it's not really. :(
<posix4e>
Although isn't there a capability for some certs to sign subdomain certs?
<posix4e>
haha
<posix4e>
jinx
amyers has quit [Ping timeout: 264 seconds]
<posix4e>
what about those https proxy mitm attacks coming from hardware based caching servers that enterprises did
<kentonv>
there's some sort of domain-restriction extension but unfortunately Apple has chosen not to implement it.
<posix4e>
What's annoying is i can't even ru it through a ssh tunnel
<posix4e>
Error looking up DNS TXT records for host 'localhost': queryTxt ENOTFOUND
<kentonv>
the error indicates that the "Host:" header is arriving as "localhost"
<kentonv>
it needs to match the sandcats domain
<posix4e>
kentonv: of course
<kentonv>
I think those mitm attacks were never supposed to work under the rules. :) Or they were based on pre-installing a certificate into all the corp's machines.
mort___ has quit [Ping timeout: 256 seconds]
<posix4e>
kentonv: so can i run https on my own domain?
<kentonv>
you can buy a certificate for your sandcats domain through normal means. You'll have to temporarily run a static web server on your box to host the proof of ownership requested by the CA.
<kentonv>
you'll also need to run nginx or some such to terminate the SSL
<posix4e>
Any more information for this? Like a walkthrough. I h8 to say this, but without https I am not super motivated to use y'alls code
<posix4e>
I already have a webpage there
<posix4e>
that supports https
<kentonv>
we are definitely big fans of HTTPS and we're working on a better option here
<kentonv>
I agree running sandstorm without https is rather unsatisfactory
<kentonv>
there's a bunch of engineering work to be done to automate stuff. In a couple months we should have it working pretty well, I think.
<posix4e>
I mean i can just ssl tunnel the thing
<posix4e>
but then my cert will be bonk
<posix4e>
kk
<posix4e>
So today, i should just wait for a couple of months?
<posix4e>
I'm in no rush really
<posix4e>
so that's a fine option for me
<kentonv>
well, it depends on how much you want to tinker
<posix4e>
tinkering is fine as well
<posix4e>
I just don't wanna be a timesuck for you guys
<posix4e>
This makes sense, i see how to change it as well
<posix4e>
Except fuck 3de3
<posix4e>
3des
<kentonv>
If you're going to go this route, I'd probably suggest doing it on your own domain rather than sandcats, since setting up DNS is comparatively easy, and your registrar may offer a discount on SSL for domains purchased there
<kentonv>
well, that cipher suite received an A+ from ssllabs last I tested. But feel free to tweak. :)
<kentonv>
don't forget that you need a wildcard certificate. I think the best price I've seen for them is something like $90/yr.
<kentonv>
(the cost of wildcards is a problem that we're hoping to fix by talking to CAs...)
<posix4e>
it all makes sense
<posix4e>
now
<posix4e>
To tell you the truth, i'm just ganna run a ssltunnel and custom cert
<posix4e>
because it takes 5 minutes
<posix4e>
and i'm super lazy
<kentonv>
yeah if you don't mind installing a self-signed cert on your machines then that's certainly the cheapest option.
kentonv has quit [Quit: Leaving]
<posix4e>
ok that works sweet
[d__d] has quit [Remote host closed the connection]
[d__d] has joined #sandstorm
<posix4e>
If i use a tunnel everything is going to send them to the http port. Is it sufficient to just change it in the conf?
<jadewang>
yo @paulproteus
<posix4e>
Ah that seems to work
<paulproteus>
Yo all
kentonv has joined #sandstorm
natea has quit [Quit: natea]
<posix4e>
Why not push to become a free CA?
<posix4e>
and just self sign cert cas for now
<kentonv>
we're counting on Let's Encrypt to become a free CA
<kentonv>
it's not easy
<posix4e>
Ah cool
<posix4e>
my roomate is yan, i'll bug her about it
<kentonv>
hah, yeah we've talked to Yan about it a bunch. :)
paroneayea has quit [Read error: Connection reset by peer]
paroneayea has joined #sandstorm
natea has joined #sandstorm
<ocdtrekkie>
zarvox: Not fond of calling any time of secrecy "perfect" are we? :D
<dwrensha>
i,i pretty good forward secrecy
<zarvox>
ocdtrekkie: I take it you are subscribed to notifications for sandstorm! ;)
<ocdtrekkie>
lol absolutely
<ocdtrekkie>
kentonv can sneak stuff by me sometimes because you can't actually subscribe to commits, just PRs and issues.
<ocdtrekkie>
But I learn a lot reading this stuff.
<dwrensha>
jparyani, kentonv: fyi, I'm working on fixing up the "owner" field in the notifications stuff
<kentonv>
dwrensha: cool, are you going to make it enforced?
<dwrensha>
yes, that too
<kentonv>
yay
<dwrensha>
SandstormCoreImpl.prototype.restore just needs some simple checks, I think
<XgF>
Ooh, playing with Hacker CMS:
<XgF>
Error: remote exception: remote exception: remote exception: expected S_ISREG(stats.st_mode); Not a regular file.; filename = /var/preview/archives
<XgF>
type: failed
<XgF>
C++ location:(remote):??
asmyers has quit [Ping timeout: 256 seconds]
<kentonv>
XgF: whoops, it appears that trying to open a directory without the trailing / in preview mode produces that exception. Weird that I've never actually seen that.
<kentonv>
XgF: FWIW, the published view will redirect to add the /.
<kentonv>
I guess debug symbols would be helpful, to inspect contents of variables
preilly has joined #sandstorm
<kentonv>
it seems like it's allocating space for the log string, but it's allocating way too much space
preilly is now known as Guest71769
<dwrensha>
perhaps relevant: the kj lib was compiled with g++
<dwrensha>
right now I'm seeing what happens if it's clang++ the whole way down
<kentonv>
well, that's not supposed to be a problem
<kentonv>
is this on Linux or OSX?
<dwrensha>
linux
<XgF>
Client is using the same libstdc++ and same libstdc++ headers, and same llanguage standard?
<kentonv>
is clang perhaps using libc++ rather than libstdc++?
<kentonv>
it shouldn't do that without a flag, I think
<kentonv>
you could check with `ldd binaryname`
<dwrensha>
aha, works fine if kj is compiled with clang++ too
<XgF>
Note that lisbstdc++ has ABI differences between C++03 and C++11 and I expect also C++14, and that with libstdc++<5 the C++11 ABI is unstable (even though they don't increment the soversion or such!)
<kentonv>
XgF: the ABI changes between c++03 and c++11 should cause linker errors if that's the problem, since they put the c++11 stuff in an inline namespace...
<dwrensha>
kj is compiled with -std=gnu++11
<kentonv>
dwrensha: what does `ldd` show for C++ library?
<dwrensha>
for kj compiled with clang++: libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00007f38a7f5a000)
<kentonv>
I meant for the binary, but I guess that answers the question anyway
<XgF>
dwrensha: What header paths are clang++ and g++ using?
<kentonv>
XgF: I've never seen Clang use a different header path from GCC... have you?
<XgF>
kentonv: It can do, especially if the GCC isn't the system compiler
<kentonv>
is GCC ever not the system compiler on Linux?
<XgF>
Well, more that version of GCC isn't the system compiler
<kentonv>
dwrensha: I suppose you could try making the -std flags match and see if that helps. It would surprise me, though.
natea has quit [Quit: natea]
<paulproteus>
I am having second thoughts about installer-tests spawning new GCE instances.
<kentonv>
why's that?
<paulproteus>
My main unhappiness with spawning GCE instances is that it means when "developing" the installer tests, there'll be a disconnect between what I run on my laptop vs. what runs in e.g. Jenkins.
<paulproteus>
So I am time-boxing some further experiments with qemu to see if they will be fruitful.
<paulproteus>
Else I will go ahead on the GCE route.
<zarvox>
paulproteus: ping me if you hit any issues with qemu/libvirt/etc; I've been dealing with them rather a lot lately
<paulproteus>
I seem to have a hilariously hacky Python script that, through sleight of hand Python modifications of the the qemu argv, convinces libvirt to not attempt to use KVM acceleration, despite it requesting it.
<paulproteus>
Shockingly this seems to work OK.
<paulproteus>
zarvox: Cool.
<paulproteus>
I did just have to add /usr/bin/kvm.real to an apparmor config file.
<zarvox>
paulproteus: Can you simply set the libvirt domain type to be "qemu" instead of "kvm"?
<paulproteus>
Interesting. Let me see.
<zarvox>
<_< "simply"
<zarvox>
sorry
<paulproteus>
(-:
<paulproteus>
Meanwhile yum apparently ignores ^C
<paulproteus>
I presume this is a yum feature, not some oddity with my virtualization.
<paulproteus>
Yup, yum feature.
<paulproteus>
Current download cancelled, interrupt (ctrl-c) again within two seconds
<paulproteus>
to exit.
<paulproteus>
I looked away for more than two seconds, so I guess I can't exit.
<zarvox>
SIGINT is for people who believe in giving up on installations ;)
<paulproteus>
Yay! There we go.
<paulproteus>
I am a big believer in giving up.
<aldeka>
lol
<paulproteus>
zarvox: OK, setting "libvirt.driver = 'qemu'" in the Vagrantfile is a much better idea than playing awesome games with argv.
<paulproteus>
Fun as that was.
<zarvox>
paulproteus: if you're using vagrant-libvirt, you can set driver to "qemu" under config.vm.provider :libvirt
<zarvox>
wow you and I wrote that almost the same time
<zarvox>
good job team :)
<paulproteus>
Now I'll test if I can safely remove my kvm diversion.
<paulproteus>
: D
<paulproteus>
If so, man, I should have done this yesterday. Apologies to Kenton for "forcing" him to give me permission to create VMs for no actual reason. : P
<paulproteus>
(Though I think it remains to be seen if this actually works well enough.)
<paulproteus>
(but I think it's likely to)
<paulproteus>
zarvox: Thanks for reading here and suggesting actually asking for what I want.
<zarvox>
It's okay, it took me 12 hours of frustrated debugging to find the "clear_emulator_capabilities" flag a couple weeks back
<paulproteus>
Well I'm glad we're both in this together.
<zarvox>
Oftentimes, there's a simple switch to do what you want; you just have no idea how to identify if it exists or what it's called.
<zarvox>
Yay. :)
<kentonv>
paulproteus: eh, we really ought to move all our non-prod stuff into a new GCE project anyhow
<paulproteus>
++
<paulproteus>
I figure.
<paulproteus>
Also for some reason I am shocked whenever libvirt works.
<paulproteus>
As non-root, that is.
<paulproteus>
As root I expect it to work.
<zarvox>
Heh. What sort of PolicyKit JS-like expressions did you have to write to make that happen?
<paulproteus>
I don't know, I just apt-got something and probably adduser'd myself to something!
<paulproteus>
"Sandstorm: qemu and rust in production"
<zarvox>
is that the blog post you're drafting?
<zarvox>
;)
<paulproteus>
I am hoping to add a bunch of other ridiculous technologies to the list first.
<paulproteus>
Ideas welcome!
<paulproteus>
(Rust is no longer ridiculous, sadly.)
<paulproteus>
(But it is ridiculous in the same sentence as qemu.)
<paulproteus>
I guess honestly it is kind of cool that qemu is useful. Anyway.
<aldeka>
paulproteus: You/Sandstorm should submit a proposal to RustCamp!!
<paulproteus>
In related news, phildini and I got a talk accepted to PyOhio.
<aldeka>
Nice.
<paulproteus>
I think I'm going to let phildini handle giving the talk. It's Aug 1-2. I like Ohio, in theory, and PyOhio too.
<XgF>
dwrensha, kentonv: A thought, is the clang++/g++ issue because clang is causing libstdc++ to pick one ABI, and g++ another?
<XgF>
Depending upon how many standard library objects KJ/Capnp pass about, this could not cause linker issues but instead abort at runtime
<XgF>
(perhaps due to some ABI subtlety)
<XgF>
Testcase would be if it works with capnp compiled with GCC 4.9
<dwrensha>
more data: if I install a clang++-compiled capnp, then node-capnp (which apparently must use g++) fails to work
<paulproteus>
dwrensha: I think you (rightfully) ask for docs more frequently than I usually write them, so you might appreciate that I'm writing up some docs on the installer-tests now.
<paulproteus>
(Like all truly good actions in life, I'm doing this for me, not for you, but I did think of you.)
<XgF>
dwrensha: Subtle ABI issues suck
<zarvox>
Do we have a standard unit/format for dates/timestamps in the sandstorm/shell codebase? I'm assuming anything we store in the DB should probably be stored in seconds or milliseconds since the epoch.
<zarvox>
In UTC.
<XgF>
Is that POSIX not-actually-UTC UTC? :P
<dwrensha>
XgF: yeah, this is not just bad_alloc exceptions. It's segfaults too.
<paulproteus>
zarvox: In the DB, apparently Meteor handles timezone conversions for you.
<zarvox>
Yeah, that one, with the tricky language about how "a time that represents seconds since the epoch need not actually represent the number of seconds since the epoch"
<paulproteus>
I remember spending a while diggin into this, and it seems that storing a JS Date object will do the right thing.
<paulproteus>
Having said that, I don't remember what my sources were for this belief, so feel free to verify it yourself.
<paulproteus>
I seem to recall spending 15 minutes reading a meteor.hackpad.com document.
<XgF>
zarvox: The one where POSIX say "UTC with these exceptions" and those exceptions are already existing standard time format UT1 :P
<XgF>
dwrensha: Have you tried compiling capnp in libstdc++ old ABI mode?
<zarvox>
paulproteus: maybe I've been wounded too many times, but I don't trust libraries to deal with timezones sanely :P
preilly has joined #sandstorm
<paulproteus>
zarvox: Yeah, that's why I spent 15 minutes staring at this wondering, "What's the catch?"
<zarvox>
Does it work if the machine physically changes timezones?
<paulproteus>
shell/shared/demo.js line 92 suggests that's how we do things right now at least.
<paulproteus>
Does it work if the definition of PDT changes down the road!??
<paulproteus>
My sense of this is that the date gets stored as a timezone-aware timestamp in Mongo, like (UTC_OFFSET, TZNAME)
<zarvox>
We appear to use Date().getTime() in a number of places
<paulproteus>
But I don't super-duper know.
<XgF>
Doesn't Mongo have a datetime format?
<zarvox>
I'm not sure I trust Mongo to handle timezones correctly either, or be able to deal with when the tzinfo changes because jurisdictions are crazy.
<zarvox>
I know MySQL supposedly has timezone support and it's insanely broken in any edgecase you can think of
<paulproteus>
I think the above is all I know, so ping jparyani for other considerations. Having said that, I decided to go with the flow and kentonv didn't object when I did, and one would imagine kentonv would object if I had done something crazy.
<XgF>
If it stores time as (LOCAL_TIME, UTCOFFSET) then it should be fine because it doesn't do anything
<kentonv>
dwrensha: OMGWTF GCC and Clang are using different calling conventions
<paulproteus>
(naturally I realize things pass code review that shouldn't etc.)
<XgF>
kentonv: err, what?
<paulproteus>
< 3 ABIs
<XgF>
kentonv: WHAT?!
<jparyani>
zarvox: I believe mongo stores everything in UTC
natea has joined #sandstorm
<jparyani>
let me try to find the docs
<kentonv>
there's a struct being passed. Clang things it's supposed to pass by pointer, GCC thinks it's supposed to receive by value
<kentonv>
thinks*
<kentonv>
at least that's what it looks like
<XgF>
kentonv: Whats this struct?
<XgF>
jparyani: The sane option for everything except calendar apps :-)
<jparyani>
so everything is stored as ISODate which is just milliseconds since the epoch
<XgF>
kentonv: If thats the entire struct, then per the SysV ABI it should be pass-in-regs IIRC
<jparyani>
you're then reliant on javascript for your timezone conversions...
<kentonv>
XgF: I would think so.
<XgF>
So why is clang passing it by pointer... non-POD related reasons?
<kentonv>
I dunno, need to do more research.
<paulproteus>
Man, the fallout from this kernel issue is a little tragic.
natea has quit [Quit: natea]
<zarvox>
jparyani: yay, I shall move with greater confidence
<paulproteus>
The good news is that I can count "People's existing Sandstorm installs got fixed" toward this month's goal increasing the # of servers checking in for updates.