<paulproteus> If anyone has bright ideas on how to remove this message from the 'vagrant-spk pack' output, I'd love it:
<paulproteus> npm WARN package.json meteor-dev-bundle@0.0.0 No description
<paulproteus> npm WARN package.json meteor-dev-bundle@0.0.0 No repository field.
<paulproteus> Arguably I could filter them out in the Python script.
<paulproteus> npm WARN package.json meteor-dev-bundle@0.0.0 No README data
eternaleye_ has quit [Ping timeout: 265 seconds]
bb010g has quit [Quit: Connection closed for inactivity]
gopar has quit [Remote host closed the connection]
jadewang has quit [Remote host closed the connection]
jadewang has joined #sandstorm
jadewang has quit [Remote host closed the connection]
bb010g has joined #sandstorm
mquandalle has quit [Quit: Connection closed for inactivity]
gemlog has joined #sandstorm
<gemlog> Does sandstorm have a canary for ssl? Is one even needed given where the private keys are or... ?
gemlog has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
gemlog has joined #sandstorm
gemlog has quit [Client Quit]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 252 seconds]
ZucchiniZe has quit []
ZucchiniZe has joined #sandstorm
groxx has quit [Quit: Connection closed for inactivity]
bb010g has quit [Quit: Connection closed for inactivity]
gemlog has joined #sandstorm
gemlog has quit [Client Quit]
gemlog has joined #sandstorm
soulshake has joined #sandstorm
<gemlog> was anything every mentioned about a canary for ssl? (my web client locked up)
<gemlog> ever
logbot_______ has joined #sandstorm
logbot______ has quit [Remote host closed the connection]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 252 seconds]
<geofft> gemlog: you're asking about sandcats.io's free SSL? the private keys live on your server, not with Sandstorm the company
<gemlog> yes, but how are they derived?
<gemlog> I'm pretty ignorant. I'm just wondering how they might be compromised.
<gemlog> back doored like others and if sandstorm has a canary to indicate that it may have been compromised.
<gemlog> I did acknowledge in my original q that they are stored locally.
<gemlog> the keys are actually from globalsign.
<gemlog> it wouldn't be a first for *anyone* to be compromised.
<gemlog> In this instance I'm asking about when folks 'get a letter' from the usa feds.
<gemlog> I think a canary is the only way to communicate.
<gemlog> Otherwise those statements sound crazy out of a security context.
<geofft> I thought the keys are generated on your server, and they're only _signed by_ GlobalSign.
<gemlog> dunno, i'm asking
<gemlog> I thought they were certs from globalsign. I like your version of things better
<geofft> "Your private key is on your machine and never leaves."
<geofft> a cert is a signature
<geofft> the standard process of getting an SSL cert (this is not Sandstorm-specific) is to generate a private key, and then ask a CA for a signature of the public key
<gemlog> ah
<geofft> a cert is a signed document from the CA saying "I've been convinced that this public key belongs to the person who owns this domain name"
<gemlog> like someones pgp key
<geofft> yeah
<geofft> _very_ similar to a signature on a PGP key, yes
<geofft> so the only things government coercion, a malicious employee, a hacker, etc. could do is sign a cert for a key that doesn't belong to you, or refuse to sign a cert for a key that does belong to you (DoS)
<gemlog> ok, so I'm no more vulnerable than when I generate ssh keys for myself, except someone vouched for me
<gemlog> thx
<geofft> there isn't a good answer for the first case right today, but Certificate Transparency is getting there
<gemlog> I wasn't clear on ssl
<gemlog> obviously :-)
<gemlog> so how did the big thing with ssl keys being backdoored come to pass then (with the nsa)
<geofft> which thing?
<gemlog> I'll go look
<geofft> there was a thing in the news a year back about a random-number algorithm that was backdoored, but that's not directly relevant to SSL keys
<geofft> (it could be used to compromise SSL _connections_, except that just about no one actually used that algorithm)
<gemlog> could have been that
<geofft> the only other thing I can think of was the Debian thing, which was an honest mistake -- someone commented out a line of code they didn't understand, Debian OpenSSL only generated 65536 possible private keys
<geofft> so you could just run Debian's OpenSSL in a loop and generate all possible private keys pretty quickly.
<gemlog> I remember that. just an oops.
<gemlog> I'm completely comfortable using ssh, which is basically the same math. It would be nice to integrate. ssh now does this.
<gemlog> use pgp/gpg keys
<gemlog> so why can't I auth to https with my pgp/gpg/ssh key
<gemlog> I know I can't, I'm just asking how hard it would be to implement.
<gemlog> would need a new protocol
<gemlog> and would just end up with bots signing keys for other bots....
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 240 seconds]
saneki has quit [Ping timeout: 264 seconds]
saneki has joined #sandstorm
jparyani_letscha has quit [Ping timeout: 264 seconds]
mort___ has joined #sandstorm
jadewang has joined #sandstorm
mort___ has quit [Quit: Leaving.]
jadewang has quit [Ping timeout: 244 seconds]
xet7 has joined #sandstorm
xet7 has quit [Quit: Leaving]
xet7 has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 240 seconds]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 264 seconds]
mort___ has joined #sandstorm
mort___ has quit [Quit: Leaving.]
mort___ has joined #sandstorm
jadewang has joined #sandstorm
_whitelogger has quit [Remote host closed the connection]
_whitelogger_ has joined #sandstorm
cbaines has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 256 seconds]
mort___ has joined #sandstorm
rustyrazorblade has quit [Quit: rustyrazorblade]
mort___ has quit [Quit: Leaving.]
spangattack has quit [Ping timeout: 240 seconds]
jadewang has joined #sandstorm
keturn has joined #sandstorm
jadewang has quit [Ping timeout: 260 seconds]
mort___ has joined #sandstorm
xet7 has quit [Ping timeout: 244 seconds]
xet7 has joined #sandstorm
mort___ has quit [Quit: Leaving.]
isd has joined #sandstorm
mort___ has joined #sandstorm
jadewang has joined #sandstorm
mcpherrin has left #sandstorm [#sandstorm]
nander has quit [Ping timeout: 246 seconds]
spangattack has joined #sandstorm
<gemlog> So, I'm having a lot of fun running the new ssl install script behind a nat! :-)
<gemlog> No, oauth still doesn't work and I can't gain admin, but I noticed that I could invite from the :6080 console, so I invited myself with another email address.
<gemlog> :-)
<gemlog> using passwordless login.
<gemlog> Now I'm thinking I could probably do the same to gain admin
<gemlog> ?
<gemlog> I think that the common need to run behind a nat is important. Not business model important, but philosophically important.
<gemlog> I was showing some teenagers this morning and they were all over it with enthusiasm.
<gemlog> Should mention, the ssl bit /is/ working fine.
<gemlog> oh, I did have to start/stop the sandstorm service to make the invite work
<gemlog> so it's not just oauth, but auth in general
<ckocagil> "Your app ID is actually its public key. The private key was placed in your keyring"
<ckocagil> I don't see any sandstorm key in my keyring...
<dwrensha> ckocagil: in ~/.sandstorm or ~/.sandstorm-keyring ?
<dwrensha> see also `spk getkey` and `spk listkeys`
<ckocagil> dwrensha: ah, it's under ~/.sandstorm
<ckocagil> I thought it'd imported to the system keyring
<gemlog> More clues.
<gemlog> immaculata 09-2025 ~> spk listkeys
<gemlog> *** Uncaught exception ***
<gemlog> sandstorm/util.c++:48: failed: open(name.cStr(), flags, mode): No such file or directory; name = /home/gemlog/.sandstorm-keyring
<gemlog> stack: 0x474f44 0x48c569 0x48c52d 0x43c7b1 0x43d435
<ckocagil> yeah I did an ln -s for that one
<ckocagil> "spk getkey out.spk: key not found in keyring"
<gemlog> I'm going to log out now. Ping gemlog at gemlog dot ca if any of that was useful for the nat problem
gemlog has left #sandstorm ["Konversation terminated!"]
<dwrensha> ckocagil: it's `spk getkey <appid>`
jadewang has quit [Remote host closed the connection]
nander has joined #sandstorm
nander has quit [Changing host]
nander has joined #sandstorm
achernya_ is now known as achernya
xet7_ has joined #sandstorm
ocdtrekkie_ has joined #sandstorm
xet7 has quit [*.net *.split]
ocdtrekkie has quit [*.net *.split]
neynah has joined #sandstorm
pcuci has joined #sandstorm
Pistachette has joined #sandstorm
<pcuci> Hi there, I'm trying to setup sandstorm, I picked up dev env setup for my local Ubuntu box option [2]
<paulproteus> Hi pcuci
<paulproteus> Cool
<neynah> @pcuci is from Meteor's hackathon so please help him asap. :D
<neynah> Time is of the essence
<paulproteus> pcuci: Tell me more about why you're trying to set up Sandstorm, btw
<paulproteus> I ask because if you're setting up Sandstorm for the purpose of packaging an app, by far the easiest way to do that is to follow the docs on packaging an app rather than the "install Sandstorm" docs.
<paulproteus> I'm lucky that I opened my laptop at this moment where I have a few minutes!
<neynah> +1
<paulproteus> Do let me know what you make of the above, and if you're having any specific problems.
jacksingleton has joined #sandstorm
<paulproteus> I have to go myself in just a few minutes pcuci so please do answer if you can!
<pcuci> paulproteus: I have a conceptual gap in understanding of what sandstorm does
<paulproteus> Oh, OK, great. Maybe I can answer that.
<pcuci> I see I can add apps to a server (my server), not clear who/why anyone would do this
<paulproteus> (-:
<pcuci> I want my app to be public, and the Meteor infrastructure is super slow right now with everyone deploying to it, haha
<pcuci> was hoping sandstorm can help my distributed team (Canada + Europe)
<paulproteus> pcuci: Got it.
<paulproteus> So Sandstorm is most useful for people creating apps where you want other people to be able to spin up instances easily.
<paulproteus> Like how with Google Docs, anyone can create a new document.
<paulproteus> And the document is owned by them.
<paulproteus> I hope that helps. Unfortunately I have an appointment I have to go to at the moment, but I hope others can help you more!
<neynah> let me poke others,, if not- kenton can definitely help
<neynah> @zarvox is coming
jacksingleton has quit [Ping timeout: 272 seconds]
<zarvox> pcuci: hi! did paulproteus's explanation help any, or should I elaborate?
<pcuci> zarvox: thx, yes, plz send me to the best tutorial to deploy locally with sandstorm.io
<zarvox> A slightly higher-level discussion can be found at https://docs.sandstorm.io/en/latest/developing/
<zarvox> but hopefully working through the tutorial is straightforward!
acous has quit [Ping timeout: 265 seconds]
acous has joined #sandstorm
chris_severs_ has joined #sandstorm
saneki_ has joined #sandstorm
gwollon has joined #sandstorm
dlitz_ has joined #sandstorm
gwollon has joined #sandstorm
gwollon has quit [Changing host]
ecloud_ has joined #sandstorm
jjb has joined #sandstorm
saneki has quit [*.net *.split]
dlitz has quit [*.net *.split]
chris_severs has quit [*.net *.split]
ecloud has quit [*.net *.split]
gwillen has quit [*.net *.split]
oao has quit [*.net *.split]
kxra has quit [*.net *.split]
chris_severs_ is now known as chris_severs
mort___ has quit [Quit: Leaving.]
kxra has joined #sandstorm
KaZeR has quit [Ping timeout: 250 seconds]
jacksingleton has joined #sandstorm
<pcuci> zarvox: ok, I get a hand of it, it's like a Tomcat container, but for any kind of app, and handles SSO
<pcuci> cool, do I need to set it up locally, or can I deploy directly to sandstorm.io like I do to meteor.com?
home_ has joined #sandstorm
<zarvox> pcuci: You'll need to set up locally for development, but you can make a .spk and redistribute it, or submit it to the app market
<zarvox> People can also try out your app on demo.sandstorm.io
<pcuci> zarvox:cool, looks like I need to update my .bashrc to get the ~/bin path working, brb
<zarvox> pcuci: to get vagrant-spk on your PATH? yeah, you can either add the path in your .bashrc, or specify the full path to the vagrant-spk binary in your commands; either will do
home_ is now known as home
rpersaud has joined #sandstorm
<rpersaud> Hi - there, so following this tutorial - https://github.com/sandstorm-io/meteor-spk
<rpersaud> is that the best way to deploy meteor app on sandstorm hosting?
<pcuci> zarvox: meteor-spk init - I ran this at the same level with .meteor - it created a file it tells me I should keep secret, but I keep my code in GitHub. Another best practice?
Pistachette has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
<zarvox> pcuci: vagrant-spk will run meteor-spk for you; you shouldn't need to run it yourself?
<rpersaud> thansks, not having luck the other way
home has quit [Quit: Leaving]
<pcuci> paul@paul-netbook:~/workspace/gitimd$ meteor-spk dev
<pcuci> Building Meteor app...
<pcuci> paul@paul-netbook:~/workspace/gitimd$ meteor-spk dev
<pcuci> Building Meteor app...
<pcuci> paul@paul-netbook:~/workspace/gitimd$ meteor-spk dev
<pcuci> Building Meteor app...
<pcuci> ah, sry - forgot this is not Slack :-D
<zarvox> pcuci: are you using vagrant-spk, or meteor-spk directly?
<pcuci> zarvox: directly meteor-spk
<pcuci> installed from binaries, following steps here:
gwollon is now known as gwillen
<zarvox> pcuci: ahhh, if you're already on Linux, that'll do (though it's less documented). If you're on OSX or Windows, you'll need to use vagrant-spk.
<pcuci> zarvox:any idea why the seg fault?
<pcuci> meteor-spk: line 67: 28723 Segmentation fault (core dumped)
luckre has joined #sandstorm
<zarvox> pcuci: hmmm, that's weird. Do you have an LD_LIBRARY_PATH set or something, that might be overriding a library?
<pcuci> let me do a system update, who knows...
luckre has left #sandstorm ["http://quassel-irc.org - Chat comfortably. Anywhere."]
luckre has joined #sandstorm
<zarvox> You might also consider doing the vagrant-spk tutorial, which will do the work in a virtual machine, which is a much more controlled/likely-to-work-the-first-time environment :)
<zarvox> pcuci: ^
_whitelogger has joined #sandstorm
cbaines has joined #sandstorm
rpersaud has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
<pcuci> zarvox:ok, can't download the vgrant image here, I'll do it overnight at home - the hackers will hunt me down
<zarvox> oh, all right!
<zarvox> out of curiosity, what distro are you running this on?
<pcuci> 15.04
<pcuci> zarvox: do I need to run meteor-spk dev as root?
<zarvox> you shouldn't
<zarvox> assuming you installed sandstorm as root initially
<pcuci> npm ERR! stack Error: EACCES, mkdir '/home/paul/.npm/amdefine/1.0.0'
<pcuci> npm ERR! Please try running this command again as root/Administrator.
<zarvox> that's not right; you should own your .npm folder, not root :/
<zarvox> try taking ownership with "sudo chown -R paul:paul ~/.npm"
<pcuci> sandstorm/run-bundle.c++:978: failed: You do not have permission to read the pidfile directory. Perhaps your user account is not a member of the server's group?
<pcuci> zarvox:did the chown -R thing, now this ^
<zarvox> okay, so it got farther - it got to the part where (under the hood) it runs "spk dev"
<pcuci> I remember reading sandstorm user should've been added to sudoers?
<zarvox> the user you're running as should be added to the group the sandstorm server is running as
<zarvox> usually you install sandstorm with the "curl | sudo bash" as the user you're going to be doing development as, and then the permissions should work right out of the box
<zarvox> pcuci: which user owns /opt/sandstorm/var/pid, and which group?
<pcuci> -rw-rw---- 1 root sandstorm 6 Oct 10 17:03 sandstorm.pid
<pcuci> -rw-rw---- 1 sandstorm sandstorm 2 Oct 10 17:03 mongo.pid
<pcuci> zarvox: ^
<zarvox> okay, so things are running as sandstorm - is your user in the sandstorm group?
<zarvox> "groups" will print the groups you're a member fo
<zarvox> s/fo/of/
<pcuci> paul : paul adm cdrom sudo dip plugdev lpadmin sambashare libvirtd
<pcuci> oki, just found out how to do that :)