<zarvox> dwrensha: note that vagrant-spk may require a reimplementation of that strategy; see https://github.com/sandstorm-io/vagrant-spk/blob/master/stacks/meteor/launcher.sh
<kentonv> mquandalle, dwrensha: FWIW, I suggest not deleting the old data after migration. Leave it there and ignore it. That way if a migration but is found you still have the original data to potentially recover with.
<kentonv> mquandalle, dwrensha: The "atomic marker" for migration can be the existence of some newly-created subdirectory.
<paulproteus> I created a draft of this page: https://github.com/sandstorm-io/sandstorm/wiki/Security-non-issues
<kentonv> paulproteus: nice. There's a bunch of Wordpress and Etherpad bugs, at least, that should be added.
<paulproteus> Yeah.
mnutt_ has joined #sandstorm
<ocdtrekkie> But if you look on the front page, it is.
<kentonv> ocdtrekkie: My guess is the front page only distinguishes thumbs-up vs. thumbs-down
<kentonv> but not double-thumbs-up vs. single-thumbs-up
<ocdtrekkie> That is definitely possible, kentonv, as it notices your thumbs down on ssjekyll.
<ocdtrekkie> I wonder if the front page percentage counts +1 and +2 as the same.
<ocdtrekkie> Or if like, two -1s and two +2s would show up at 50% on the front page.
jadewang has quit [Remote host closed the connection]
patrickod has joined #sandstorm
simonv3 has quit [Quit: Connection closed for inactivity]
mnutt_ has quit [Quit: mnutt_]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 265 seconds]
mnutt_ has joined #sandstorm
mquandalle has quit [Quit: Connection closed for inactivity]
gopar has quit [Quit: Leaving]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 255 seconds]
jadewang has joined #sandstorm
jadewang has quit [Remote host closed the connection]
mnutt_ has quit [Quit: mnutt_]
jadewang has joined #sandstorm
jadewang has quit [Remote host closed the connection]
Aric has joined #sandstorm
<Aric> Hello
<Aric> I had a lot of questions about using Sandstorm that wasn't clear from the FAQ at least... or maybe I'm just a newb...
<Aric> If I installed this on my CentOS 7 server and then wanted an admin to fully manage all new sites (DNS and all) including him handling when a site goes down for any reason... can he do all of this without any server/ssh access, only access to Sandstorm?
<Aric> Also on the demo in WordPress I can't search and install plugins direct from it but it wants the zip file... is this a limitation only of the demo or of sandstorm even on my own server?
<davidjgr_> plugins in wordpress in ss didn't work for me properly last time I tried it, but that was some time ago
<davidjgr_> when you say new sites, are you talking about different sandstorm installs?
<davidjgr_> I would guess the wordpress plugin search needs an external connection that it doesn't have permissions for
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 265 seconds]
mort___ has joined #sandstorm
<Aric> I guess I just have to test it on my own server... maybe it's demo only problem
<Aric> as long as WordPress can request out and the http server has ownership of the wp-content folder it can install directly and update plugins auto etc.
<Aric> I'm also confused what happened to Sandcats.io
<Aric> "Sandcats is integrated into the Sandstorm installer so that when you install Sandstorm, you get working DNS, including wildcard DNS."
<Aric> So on a custom install I will see DNS options in the Sandstorm (no need for sandcats) console? Just point all my domains to the sandstorm install and then it handles the DNS from there?
<XgF> Aric: If you're using your own domain, you need to configure DNS manually. sandcats.io is a dynamic DNS service (like things lke dyndns), which does wildcards (so it can work with Sandstorm)
<Aric> XgF: any idea on the first question above about an admin being able to fully admin a site with just login to Sandstorm as well as WordPress permissions to update fully from the WP-Admin?
mort___ has quit [Quit: Leaving.]
mort___ has joined #sandstorm
mquandalle has joined #sandstorm
mort___ has quit [Remote host closed the connection]
mort___ has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 255 seconds]
<dwrensha> Aric: Sandstorm apps (including WordPress) don't get network access by default.
<Aric> by default... so how do you change that?
<dwrensha> we are currently working on the Powerbox, which will be a user interface for managing the capabilities of apps
<dwrensha> once we have the Powerbox working, then I intend to update the WordPress app to be able to request network access
<Aric> Looks good...
<Aric> I was looking at the Gitlab app.. I wanted to have it setup as a full Gitlab so I would dns it as git.mysite.com/repoNameHere but the app seems to only instantiate single repos... is this due to some limitation of Sandstorm?
<dwrensha> GitLab implements a bunch of features that we think are better handled by Sandstorm
<dwrensha> in Sandstorm, it makes most sense for each grain to be a single "unit of sharing"
mort___1 has joined #sandstorm
<dwrensha> or "document", or in GitLab's case, repository
mort___ has quit [Ping timeout: 252 seconds]
<dwrensha> Then you can use Sandstorm's Sharing features to manage access
<dwrensha> unfortunately, I haven't gotten around to adding support for specific permissions to the GitLab app
<dwrensha> but once I do, you'll be able to share read-only, or read-write, etc. access to a GitLab repo, entirely through the Sandstorm interface
<dwrensha> The GitWeb app already works like this.
<Aric> It seems that way there would be no way to do git.site.com/repoHere as everything would have to be a siubdomain ya?
<Aric> reponame.site.com is a possibility but just not what seemed practical under our old structure so would require some rethinking
<dwrensha> The only way for a grain to serve content from a custom URL like that is to go through Sandstorm's web publishing feature, which currently works for static content only.
mort___ has joined #sandstorm
mort___1 has quit [Read error: Connection reset by peer]
mort___1 has joined #sandstorm
mort___ has quit [Ping timeout: 264 seconds]
mort___1 has quit [Client Quit]
mort___ has joined #sandstorm
<Aric> Hmm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 250 seconds]
mquandalle has quit [Quit: Connection closed for inactivity]
prosodyVeContext is now known as prosody
mquandalle has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 255 seconds]
mort___ has quit [Ping timeout: 246 seconds]
babykinggeorge has joined #sandstorm
<babykinggeorge> Hi all
<babykinggeorge> When will Piwik be added to the shiny new app market?
<dwrensha> sounds like a question for zarvox
<babykinggeorge> Thanks dwrensha, I'll check back later to see if zarvox has replied :)
babykinggeorge has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
mnutt_ has joined #sandstorm
Aric has quit [Quit: Connection closed for inactivity]
mort___ has joined #sandstorm
jadewang has joined #sandstorm
NOTevil has joined #sandstorm
jadewang has quit [Ping timeout: 250 seconds]
<ocdtrekkie> A logo revision should never be worthy of the HN top news spot.
<ocdtrekkie> Only Google can do a press cycle about changing the font in their logo.
erikoeurch has joined #sandstorm
mort___ has quit [Ping timeout: 246 seconds]
<mquandalle> cool, thanks
<dwrensha> you should be able to clone that, run make (which will take a long time because it builds both niscud and mongod), drop in the newer node binary, then be good to go
<dwrensha> you'll need a Go compiler for building mongo-tools
simonv3 has joined #sandstorm
<paulproteus> Howdy simonv3
<simonv3> Hey paulproteus
<simonv3> Are Jack or Rosalie on here do you know? Would love to chat with them a bit more
<paulproteus> Nice to see you here.
<simonv3> (A lot of the things they mentioned as targeted audiences are people I would like to target as well, so I thought it still made sense to maybe join forces, and I suspect I could learn a thing or two from them)
bb010g has joined #sandstorm
<paulproteus> jack Cool!
<paulproteus> I don't I don't think they are at the moment; jacksingleton is Jack's IRC nick when he is.
<paulproteus> GHangoutsworks reasonably well for me chatting with Jack typically. Rosalie' I mostly only talk with by email.
<paulproteus> Sorry about any typos; experiencing some heavy lag at the moment.
<simonv3> That’s cool, I’ll just email back then :)
<paulproteus> (-:
<mquandalle> dwrensha: I get the following error on the sandstorm log: “error command line: unknown option storageEngine” (haven't investigated)
<dwrensha> mquandalle: that indicates that an old mongod binary is being used
<dwrensha> mquandalle: the --storageEngine flag was introduced in 3.0
<dwrensha> mquandalle: maybe you have a stale build of mongo/mongod?
<mquandalle> yep meteor-spk.deps/bin/mongod --version is v2.4.9
<dwrensha> rm -rf meteor-spk.deps
<dwrensha> what git commit are you at in the mongo submodule?
<dwrensha> `cd mongo && git clean -xffd` should clean things out
<mquandalle> 29a7a6b
mnutt_ has quit [Quit: mnutt_]
<dwrensha> oh, that's the niscu commit
<mquandalle> ah, git submodules :)
<mquandalle> I've done git submodule update, but apparently there were an error
<dwrensha> yeah, maybe I shouldn't have renamed the submodule
<dwrensha> what was "mongo" is now "niscu"
<dwrensha> and there is now an actual legit mongo submodule
jadewang has joined #sandstorm
<dwrensha> oh, but I seem to have screwed that up somewhat
<dwrensha> or, at least, not done what I intended
<dwrensha> the mongo submodule ought to point at https://github.com/mongodb/mongo
<dwrensha> ouch, and I screwed up the branch too
<dwrensha> I'll fix this...
mnutt_ has joined #sandstorm
<dwrensha> I think I just fixed it...
<dwrensha> er, spaces / tabs
<dwrensha> grr
<mquandalle> please don't git push --force ^^
<dwrensha> did I?
<dwrensha> I don't think I did.
<mquandalle> no, but I can feel the temptation for spacing issues
<mquandalle> was kind of a joke I guess
<mquandalle> anyway I discovered that I needed to `git submodule sync` before updating the submoduless
* dwrensha reads some documentation about submodules
<dwrensha> They seem like they ought to be so simple!
<paulproteus> They are simple if you align your mind into the git way.
<paulproteus> Once you've done that, however, you will stop being able to speak English that anyone else can understand.
<dwrensha> the thing I'm confused about now: why do they need both an entry in .git/config and in .gitmodules?
<maurer> dwrensha: .gitmodules is versioned with the repository and contains default information for those cloning it
<paulproteus> .gitmodules is working tree state and therefore approximately unofficial; git/config is the official state.
<paulproteus> Er what maurer said
<maurer> dwrensha: .cig/config contains personal info
<maurer> *git
<dwrensha> but they shouldn't need personal info
<maurer> dwrensha: What if you want to point a repo at a personal mirror?
<dwrensha> it sounds to me more like .gitmodules is the official thing, and .git/config lets you override it
<dwrensha> and overriding it seems like a fancy feature I should never have to worry about
<paulproteus> zarvox: https://vmprof.readthedocs.org/en/latest/ is a tool that you run on your laptop that can aggregate stats to a backend that fijal (elsewhere on freenode) wrote and fijal is interested in porting the web side of it to Sandstorm
<paulproteus> From what I understand from a conversation yesterday.
<erikoeurch> Upgrading an app seems awfully risky (upgrading Paperwork rendered all my Paperwork grains ... uhm, "exceptional"...) -- will Sandstorm handle upgrades in some safer way in the future?
<zarvox> paulproteus: cool, thanks
<paulproteus> erikoeurch: What I'd like to see is us snapshot the app pre-upgrade, so then you can roll it back if you didn't like it.
<zarvox> paulproteus: so +1 on that
<paulproteus> And then app authors can notice that people are doing rollbacks and/or can do staged roll-outs of a new version, etc.
<paulproteus> Sandstorm is pretty uniquely positioned as a platform for that snapshot to be reliable, so we might as well capitalize on that.
<erikoeurch> paulproteus: sounds like a good idea
<dwrensha> we should also provide better testing tools to app authors
<erikoeurch> Can Sandstorm guarantee that earlier versions will always work?
<mquandalle> hum, now I have a building error scons: *** Do not know how to make File target `mongodump' (/home/maxime/github/meteor-spk/mongo/mongodump). Stop.
<paulproteus> I would be kind of +1 on a month long sprint of making sure we're making app authors happy.
<dwrensha> mquandalle: scons!?
<dwrensha> mquandalle: hm...
<paulproteus> Even a two week one.
<dwrensha> mquandalle: d'oh
<dwrensha> mquandalle: I see the problem
<dwrensha> mquandalle: should be fixed
neynah has joined #sandstorm
<paulproteus> Unrelated to anything useful, but:
<paulproteus> The dev env setup instructions for https://github.com/mozilla/thimble.webmaker.org are kind of sad.
<mquandalle> Yay! it works
<mquandalle> Thank you dwrensha
<dwrensha> mquandalle: have you tested out upgrades?
<mquandalle> I'm not sure how to upgrade with the new ss shell
<dwrensha> You can install an old version of an app. You'll be asked whether you want to downgrade.
<mquandalle> but does that work with meteor-spk dev?
<dwrensha> when you open a grain, you'll get the dev version of the app
<dwrensha> so you could set up some grain state with an old installed version, and try opening the grain after doing `meteor-spk dev`
<paulproteus> jparyani: So it _should_ be true that you can add this .gitattributes to your .sandstorm/
<paulproteus> And then push that and ask the Windows-using friend to pull.
<paulproteus> Working on integrating that into vagrant-spk now.
<mquandalle> Upgrades work
<mquandalle> And so the empty grain size have decreased from 1770Kb to 240Kb
<kentonv> nice
dwrensha has quit [Ping timeout: 255 seconds]
<mquandalle> While I'm at it is there anything I can do to speed up the grain init?
<mquandalle> creating a new grain takes something like ~3/4 secs
<mquandalle> but opening an existing grain is much faster
<zarvox> Is there a way to do less work at launch time?
<zarvox> possibly by doing it at packaging-time instead?
<mquandalle> that what I had in mind
<zarvox> What all does wekan do on first-launch?
<mquandalle> I guess creating the mongo database?
<zarvox> You could theoretically initialize a database, embed that in the immutable package, and copy it straight to /var on first launch if it doesn't exist yet
<zarvox> that may be faster than mongo initializing it?
<kentonv> honestly wekan's startup time is pretty good
<kentonv> I mean I think it basically matches other meteor apps
<paulproteus> jparyani: https://github.com/jparyani/Lychee/pull/5 ; should contain all you need
<kentonv> we have plans to do optimizations in sandstorm that can improve this without app changes
<zarvox> snappy-start
<kentonv> yep
meonkeys has joined #sandstorm
<paulproteus> jparyani + zarvox: I'll try to do that vagrant-spk fix today but post-meeting probably.
<paulproteus> I now need a `vagrant-spk lint` target maybe...
dwrensha has joined #sandstorm
<paulproteus> ...to communicate to package authors to make changes to their little worlds.
<mquandalle> kentonv: but the first time is still a bit frustating
<mquandalle> (for all meteor apps)
<mquandalle> draw.io is much faster
<dwrensha> mquandalle: I think the empty grain size is more like 700KB. If you wait for 60s you'll see it go up. I think that's WiredTiger doing its checkpoint.
<kentonv> draw.io is ahead-of-time compiled. There's just no way for you to compete with that until we implement snappy-start.
<kentonv> and then it will be automatic. :)
<mquandalle> Hm yes, you are right dwrensha
<paulproteus> I appear to have joked about "sandstore.io" as an app market domain name and now glyph wants me to actually make it. : P
<paulproteus> She sells c shells in the sand store
<aldeka> :D
<aldeka> ...or where you buy your sandcat swag
<dwrensha> sandstor.me
neynah has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
<maurer> Only-semi-joking - you could create a sandstorm grain that was a webshell into an environment with all the tools needed to write and dev e.g. a meteor-spk (as much as I hate meteor) app, assuming you could figure out how to let spk dev reach out of the grain (powershell?)
<maurer> Combine ith with some kind of tutorial and you could make it so that writing a webapp "via sandstorm" would be the way youngsters learn to write apps since it wouldn't require a devkit the same way other things do
<ocdtrekkie> aldeka: I have been asked about where to buy sandcat swag.
jadewang has quit [Remote host closed the connection]
jadewang has joined #sandstorm
natea has joined #sandstorm
<mquandalle> mauer, what specifically do you hate about meteor?
jadewang has quit [Remote host closed the connection]
<maurer> mquandalle: It includes its dependencies wholesale; it's dynamically typed; it requires code execution to display static content; it's incredibly difficult to package
<maurer> mquandalle: However, since their toolkits are currently raw spk, meteor-spk, and vagrant-spk, meteor-spk has the best fit for if someone were to try to make a grain for developing a sandstorm app
<maurer> err, an app for creating sandstorm app development grains
<erikoeurch> Is it not possible to uninstall an app?
natea has quit [Quit: natea]
natea has joined #sandstorm
mnutt_ has quit [*.net *.split]
paroneayea has quit [*.net *.split]
XgF has quit [*.net *.split]
patrickod has quit [*.net *.split]
patrickod has joined #sandstorm
mnutt_ has joined #sandstorm
paroneayea has joined #sandstorm
XgF has joined #sandstorm
natea has quit [Quit: natea]
natea has joined #sandstorm
<zarvox> erikoeurch: yeah, uninstall is currently missing in the new UI, but we're definitely going to add it. If you have a burning need to actually uninstall things, poke me and I'll get you some JS you can run in a browser console.
natea has quit [Client Quit]
<erikoeurch> zarvox: ok! No burning need at the moment, was just thinking I should get rid of some old versions, but that can definitely wait until there's a button for it :)
natea has joined #sandstorm
natea has quit [Client Quit]
natea has joined #sandstorm
simonv3 has quit [Quit: Connection closed for inactivity]
natea has quit [Client Quit]
mnutt_ has quit [*.net *.split]
paroneayea has quit [*.net *.split]
XgF has quit [*.net *.split]
natea has joined #sandstorm
mort___ has joined #sandstorm
natea has quit [Client Quit]
natea has joined #sandstorm
mort___ has quit [Client Quit]
mnutt_ has joined #sandstorm
paroneayea has joined #sandstorm
XgF has joined #sandstorm
mort___ has joined #sandstorm
<erikoeurch> in the log for a grain: "PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !" -- should I be worried?
<dwrensha> erikoeurch: probably not. Which app?
<erikoeurch> Paperwork
<maurer> erikoeurch: Shouldn't be a vuln, but seems like a defense-in-depth weakness
<au> erikoeurch: unlikely, as mysql's port is not exposed via Sandstorm
<au> (unlikely to be a cause of worry, that is)
<erikoeurch> great
mort___ has quit [Quit: Leaving.]
<erikoeurch> guessed so, but not quite sure how it all works behind the scenes yet
mort___ has joined #sandstorm
gopar has joined #sandstorm
<paulproteus> erikoeurch: We probably need to fix things so packages are less noisy for things like that.
<paulproteus> Thank you for reading the logs and asking questions!
<maurer> paulproteus: fixing that is probably good for DiD anyways, since it can introduce a weakness if an app tries to use db user permissions to restrict its own access
<maurer> paulproteus: And it shouldn't be too hard to scramble the mysql root pw on first app start
mort___ has quit [Read error: Connection reset by peer]
<paulproteus> I always saw that message as cosmetic because I couldn't come up with any kind of meaningful attack.
<dwrensha> maurer: where would you store the root password?
<maurer> dwrensha: You wouldn't
<maurer> dwrensha: The assumption here is that the root account is not in use, or it would have had a pw set
<maurer> paulproteus: It wouldn't give you an attack, it would make some mitigations (like having different db accounts for different things) ineffective in the case that there was an issue elsewhere
mort___ has joined #sandstorm
<paulproteus> Right, yeah, I see what you mean maurer. The only thing I don't love about that is that in dev mode, I'd like it to be possible to access MySQL as root.
achernya has quit [Ping timeout: 244 seconds]
<maurer> paulproteus: Is there a way to check if you're in dev mode? There's probably other things you want to do differently in dev mode too
<maurer> For example, for a minified release app using mongo, you probably don't want the mongo shell
<maurer> but in dev mode, you totally want that
jadewang has joined #sandstorm
achernya has joined #sandstorm
mort___ has quit [Quit: Leaving.]
mort___ has joined #sandstorm
mort___ has quit [Remote host closed the connection]
NOTevil has quit [Quit: DUCK!]
erikoeurch has quit [Quit: Leaving]
<mquandalle> kentonv: Do you have any timescale for snappy-start integration? :)
<paulproteus> 0.75 seconds
<paulproteus> (kidding!)
<kentonv> mquandalle: it's fairly high priority for me, but first thing is to make the front-end scalable
<kentonv> which isn't as hard as it might sound
<kentonv> I hope to be working on snappy-start next week
<kentonv> I don't really know how long it will take to get working, though
<kentonv> it's kind of experimental
<kentonv> and I'll be starting from mark's code which I haven't explored yet
<mquandalle> Woah, didn't expect you would start some work so soon
<mquandalle> Though my initial question was about wekan first time loading time, does snappy helps here
<mquandalle> .
<mquandalle> ?
<kentonv> I think it will
<kentonv> it depends on what exactly is making it slow
<kentonv> but my guess is that it's parsing all the javascript
<kentonv> and initializing server state
<kentonv> I've been putting off snappy-start for a while, but it is increasingly important to us not just for startup times but also because it reduces ram usage
<kentonv> (by allowing multiple instances of an app to share the startup snapshot)
<mquandalle> But then will the app market distribute startup snapshot, or will it build it from the spk on grain creation?
<kentonv> snapshot will be built on install
<zarvox> dwrensha: I was reading over https://github.com/sandstorm-io/sandstorm/issues/826 - is the behavior the user describes the expected system behavior right now (revoking a link revokes access to all users that redeemed it)? I know there's a bunch of options we can take implementation-wise, and all of them will disappoint some different subset of people
<kentonv> zarvox: I think what we really need is a prompt after you change the link which asks "apply to everyone who received access through this link?"
<kentonv> prompts are sad but neither default is correct...
<paulproteus> I would hope it would be an inline UI option.
<zarvox> Yeah, that's one approach that will make it less sad for that user.
<paulproteus> Like underneath the deletion button, after I click delete, it says:
<paulproteus> ...something.
<paulproteus> I don't know that I know the answer either.
<kentonv> paulproteus: I don't think we want to reserve space under every delete button for a check box before the user has even clicked...
<kentonv> I think it needs to be some sort of separate window
<zarvox> I remember the fail-open vs. fail-closed property when a user misunderstands the behavior suggests the current behavior
<kentonv> luckily this doesn't come up much
<zarvox> and then the link-sent-to-mailinglist thing
<paulproteus> Yeah I'll stop trying to design via IRC for now. ( :
<kentonv> the window should also show some summary of what users will be affected, I think
<kentonv> arguably with the ability to choose which ones to keep vs. revoke, but that's getting complicated...
natea has quit [Quit: natea]
simonv3 has joined #sandstorm
<paulproteus> ocdtrekkie: https://github.com/sandstorm-io/sandstorm/pull/794 anything I can do to help this move forward?
<ragesoss> mquandalle: is there a way in Wekan to unarchive a card after you archive it?
mnutt_ has quit [Quit: mnutt_]