18:27 <asheesh> Do the waive

18:27 <asheesh> (a) I still want a DocuSign alternative in Sandstorm and

18:27 <asheesh> (b) I did an event last night where I signed a waiver

18:27 <asheesh> (Journey To The End Of The Night, ichaseyou.com )

18:29 <zarvox> omg such +1 on self-hosted private cloud document signing app for Sandstorm

18:34 <kentonv> I wonder what the legal requirements are for such a thing

18:36 <zarvox> yeah, the other half of the document signing bit is the guarantee that the service provider won't lose the signed document and will testify in court that this contract was signed on $DATE and so on

18:37 <zarvox> if the grain owner deletes the grain, then where does that leave the contract signer? unclear.

18:37 <zarvox> And you don't have a third-party testifying that the contract is authentic, and when it was entered.

18:39 <asheesh> i,i docusign runs a paid service as a driver where they archive a hash of the document

18:39 <zarvox> Then again, what assurances do folks using docusign have that docusign/hellosign won't go under and cease to continue providing the service?

18:43 <asheesh> https://github.com/OpenESignForms/openesignforms fascianting

18:43 <asheesh> Hilariously I can't tell where the source is, despite it being AGPLware.

18:49 <asheesh> Also presumably if all the thing does is email both parties a "Signed" PDF, that would probably be enough for most people.

18:49 <asheesh> Which is to say, is there a Meteor PDF editing app yet? : P

18:52 <asheesh> http://www.methvenlaw.com/Practice-Areas/Internet-Trademarks-Copyrights/Using-Electronic-Signatures.html "The key here is the intent of the party who is signing electronically to enter into a binding transaction." "including one's name as part of an electronic mail communication also may suffice" in "22 states, including California" that have passed the 'state-based Uniform Electronic Transactions Act (

18:52 <asheesh> "UETA")'

18:53 <asheesh> I <3 this because I love watching crypto nerds pull out their PGP keys to "electronically sign" documents only to learn in shock and horror that the law doesn't care about their cool crypto kit.

18:53 <asheesh> (by this I mean: I experienced that shock and horror in ~2003 and have since gotten over it but it was eye-opening)

19:11 <asheesh> https://www.odoo.com/page/open-source-alternative

19:11 <asheesh> What an awesome marketing page.

19:11 <asheesh> Also Odoo Sign seems reasonable.

19:12 <asheesh> Oh my goodness it is nice.

19:16 <asheesh> https://www.odoo.com/trial is also super nice.

19:20 <asheesh> Hey jadewang

19:26 <asheesh> nm commented on github issues

19:26 <zarvox> i,i "We even have deployed it on Windows Azure and Amazon EC3 instances." (from https://github.com/OpenESignForms/openesignforms )

19:31 <asheesh> Oh BTW kentonv what if we show the Etherpad demo text only ifDemoUser?

19:32 <asheesh> I ask b/c I noticed for me, on mobile, it's super-hard to select all and erase.

19:32 <asheesh> And apps can ask sandstorm-http-bridge if the user is a demo user, seemingly.

19:38 <zarvox> asheesh: apps don't know the connecting user at grain creation time

19:38 <zarvox> only on first request

19:39 <asheesh> Then on first request Etherpad can add the demo text : D

19:40 <asheesh> Oops, failed to AFK. Need to buy phone accessories! Back in a while.

19:40 <zarvox> it'd be janky to implement, but maybe you could do that by posting back to the Etherpad API

19:59 <maurer> Hey, so, my sandcats.io cert appears to be expired when I connect via browser (it presents one that expired about 12 hours ago) but the logs say it thinks it has one valid until the 8th

19:59 <maurer> https://maurer.sandcats.io

19:59 <maurer> Since Sun Nov 01 2015 18:25:26 GMT+0000 (UTC) is more than three days away from Sun Nov 08 2015 07:59:59 GMT+0000 (UTC) not renewing HTTPS cert yet.

20:01 <zarvox> That sounds like possibly a bug/surprising behavior in the hot-patching-cert-reloading behavior

20:01 <maurer> Anything you'd like me to do to dump state for you guys, or should I just restart sandstorm, which might make the problem go away

20:02 <zarvox> I know there's some logic that tries to avoid switching immediately to a newly issued cert because usually there's some amount of client clock skew, and Globalsign's OCSP stuff takes 10 minutes to update, and we can't get NotValidBefore in the past

20:03 <zarvox> restarting sandstorm will almost surely make the problem go away. I would ask that you file an issue with any information you have now before you do so, and then asheesh can take a look at it when he has a chance

20:05 <zarvox> I can confirm that I'm getting the old cert both from curl and from Firefox.

20:05 <maurer> Should I file that on sandcats or sandstorm/

20:05 <maurer> *?

20:06 <zarvox> Sandstorm. The code that will need to change to fix it is in the latter.

20:06 <kentonv> problem seems not limited to maurer. I see other sandcats hosts broken. :(

20:08 <kentonv> although actually the one other I've seen so far expired in september, which is weird

20:10 <maurer> Well, I threw up an issue: https://github.com/sandstorm-io/sandstorm/issues/1109

20:12 <zarvox> maurer: thanks!

20:12 <maurer> (Restarting did cause it to use valid certs, so it's something with the certificate transition)

20:13 <zarvox> Yeah, that code is...tricky

20:14 <zarvox> IIRC, in the HTTPS handling, inside every SNI callback, it checks the cert expiry date, and tries to hotpatch the newer cert in if it has a "better" one available

20:15 <zarvox> the bug could be either in deciding what "better" means, or in the hotpatching code

20:22 <gemlog> my instance has been a happy little sandcat since my new ssl install, however today

20:22 <gemlog> sandstorm/run-bundle.c++:1634: failed: **mongod failed to start. Initial exit code: ; status = 1; bailing out now.

20:23 <gemlog> it died at some point last night and I'm unable to start it without that error

21:46 <ckocagil> hi asheesh

21:57 <gwillen> 10:53:06 < asheesh> I <3 this because I love watching crypto nerds pull out their PGP keys to "electronically sign" documents only to learn in shock and horror that the law doesn't care about their cool crypto kit.

21:57 <gwillen> asheesh: you could likely make the law care

21:57 <gwillen> you would need an expert witness to explain to the court what it all means

21:57 <gwillen> and the jury's eyes would glaze over if you had one of those

22:37 <kentonv> ckocagil: I approved nodebb. Seems pretty nice!

22:38 <ckocagil> kentonv: cool!

22:38 <kentonv> takes a long time to load. Hopefully snappy-start can fix that eventually.

22:40 <ckocagil> what's snappy-start?

22:41 <ckocagil> oh I see. hibernation for processes.

22:41 <ckocagil> yes, it would.

22:42 <kentonv> yeah, it's a take on checkpointing that should work particularly well for improving startup time of sandstorm apps.

22:42 <kentonv> while being less complicated and error-prone than the more-general CRIU

22:43 <kentonv> eventually we plan to use it to optimize startup time. Though optimizations are low-priority until we get the powerbox working.

22:44 <ckocagil> yeah I can understand

22:50 <gemlog> It started. I can no longer reproduce the error and I don't know why.

22:52 <ckocagil> 1) open sandstorm 2) resize the browser window to about 500x500 3) maximize 4) observe that some ui is missing from the top bar

22:57 <kentonv> ckocagil: known bug in Chrome. Fixed in Chrome 48 I think.

22:57 <kentonv> gemlog: Hmm that's disconcerting. Everything seems fine, though?

22:58 <kentonv> gemlog: is there anythingc in sandstorm.log or in the mongo logs around the time of the error that might be relevant?

22:58 <gemlog> I'm using a grain now, seems ok. I did nothing since I read the logs this a.m. and tried a restart.

22:59 <gemlog> I don't recall doing anything before the instance died either. It's very strange.

22:59 <gemlog> Other than reading the logs, all I tried was a manual update and it couldn't find anything new. It failed with the same error after I attempted the update.

23:00 <gemlog> I could paste a bit more, but there isn't much. 0 byte files for the failed attempts in mono.log.*

23:00 <gemlog> sec

23:01 <kentonv> is it possible you ran out of disk space?

23:03 <gemlog> you scared me there, nope 48% used on slash -- I do meant to move opt though

23:05 <kentonv> ram, maybe?

23:06 <gemlog> I suppose. That's always a possibility for pretty much anything.

23:06 <gemlog> I just built this box a few months ago.

23:06 <gemlog> There's some stack: output if that's helpful

23:06 <kentonv> not really

23:06 <gemlog> k

23:07 <gemlog> right after it forked child returned 1. That's all I've got, sorry.

23:08 <kentonv> hmm well let us know if it happens again I guess

23:08 <gemlog> I was just about to say, I'm wasting your time. I'll pop back if it happens again and I'll test ram.

23:09 <kentonv> not a waste, it's good to be aware of these things even if we don't find a solution

23:09 <gemlog> btw, it is *so* nice having ssl and a sort of auto-dns -- I plunked a vm of erpnext on a different port. Works a treat! :-)

23:10 <gemlog> I don't think that was an intended use, but it is there.

23:10 <kentonv> :)

23:11 <kentonv> hmm is that an app we should package for Sandstorm?

23:11 <gemlog> I did think of it. But I decided it might mess with their business model -- I'm just starting to dig into it myself.

23:12 <gemlog> I haven't asked if they are more hosting or support or both. good guys.

23:13 <gemlog> I had a truly horrible experience with another erp a couple of years ago (I'm not alone in this) and erpnext is a breath of fresh air to me so far.

23:15 <gemlog> a client was paying me for 6 mo and I honestly couldn't answer "when". I'm glad they pulled the pin on me at that point after reading the experiences of others tbh.

23:17 <gemlog> I felt like a real idiot not understanding what I was doing after all that time. I was basically cargo-culting my code.

23:18 <gemlog> I got to my six month mark with erpnext after a couple of evenings.

23:19 <gemlog> d/l their vm and have a play with it. uses mariadb and "just works" out of the box that way.

23:19 <ckocagil> maybe you weren't supposed to understand but hire their official support :-)

23:19 <gemlog> Yes. That's precisely what it was ckocagil.

23:20 <gemlog> docs sucked and it was not particularly pythonic and... and... I'll stop now.

23:41 <mnutt> the owncloud guys are really making my life hard. the app-store-approved iOS client requires that /status.php be accessible, but requires that /remote.php/webdav be behind basic http auth. so I can put the basic auth in the URL, but then it complains that it didn’t get a 401 challenge for /remote.php/webdav. shame on me for assuming they used the same auth logic for desktop and ios…