<simonv3>
Heya, is there something like gist or code snippet sharing app on sandstorm?
<syri>
That'd be a cool app.
<simonv3>
Should be fairly simple too I reckon?
<simonv3>
As long as it doesn’t run
<simonv3>
have to run*
<simonv3>
I was basically just looking to copy paste a log and couldn’t remember pastebin’s name right away, and it seemed like an obvious thing for sandstorm to do
<asheesh>
Oh hey, news.ycombinator.com has us front-paging for "Sandstorm's security track record, and what it means for self-hosting" cc: kentonv
<kentonv>
yeah I saw
<kentonv>
(note to people here: do NOT go vote for us, you'll get us demoted. :P)
<asheesh>
I've spent most of the weekend away from computers & phones; that's a neat thing to see when checking back in.
<kentonv>
the submission was actually two days ago. Mods appear to have twiddled the timestamp.
<asheesh>
Fascinating.
<asheesh>
Or resubmisssion??
<kentonv>
no, it's the same article ID
jemc has quit [Ping timeout: 244 seconds]
<kentonv>
funny that there are no comments, though. No one wants to challenge our outlandish claims? :)
frigginglorious has joined #sandstorm
gemlog has joined #sandstorm
<gemlog>
my local install is fine, but my sandcats.io has ssl issues. already a known issue?
<kentonv>
gemlog: what kind of ssl issues?
<gemlog>
ff says:
<gemlog>
Your connection is not secure
<gemlog>
The owner of oasis.sandstorm.io has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
<gemlog>
This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.
<kentonv>
oasis or sandcats? You said sandcats before...
<kentonv>
oasis seems to be working for me. Is it oasis.sandstorm.io itself that shows a bad cert or is it the app hosts?
<kentonv>
can you look at the cert and tell me what's wrong exactly?
<gemlog>
I just refreshed the above grain and got that, then came here. Now I've just refreshed the page again and got a perms thing from sandstorm telling me to login. Next I logged in with github just fine. Weird.
<kentonv>
so everything is working now?
<gemlog>
Yes, after that second refresh. Just why did ff freak out and give me that messaage earlier. I have that rss tab open all the time.
<kentonv>
was the whole page gone or was it only the grain's iframe? Like, was the topbar still there?
<gemlog>
All gone. Just that error message in the middle of the screen from FF V 45.0
<gemlog>
I should have taken a screenshot I guess vs. just the copy/paste above. sorry
<kentonv>
are you on an unusual network?
<kentonv>
like a cafe or a hotel or something?
<gemlog>
ah, interesting. Good question. I was going to say "no, just my regular isp", which is true, but I just looked and I /am/ on my regular isp, but my box has connected to dd_wrt_vap
<gemlog>
well done kentron. rare corner case then. thanks.
<kentonv>
I kind of hate how Firefox's new SSL error screen proclaims that it's the site operator's fault. :P
<gemlog>
I hear you bud. sorry for the distraction, my bad then. I forgot that connection was even available. I experiment a lot...
<gemlog>
ciao
gemlog has left #sandstorm ["Konversation terminated!"]
<kentonv>
Well I was going to say "no problem, thanks for reporting it -- if it were on our end I'd want to get on that" -- but I guess gemlog left.
wolcen_ has joined #sandstorm
jemc has joined #sandstorm
tdfischer has quit [Ping timeout: 240 seconds]
tdfischer has joined #sandstorm
neynah has joined #sandstorm
neynah has quit [Client Quit]
sknebel has quit [Quit: No Ping reply in 180 seconds.]
sknebel has joined #sandstorm
sknebel has quit [Quit: No Ping reply in 180 seconds.]
<digitalcircuit>
mnutt, I was just thinking earlier that OwnTracks sounded like a good Sandstorm app... Now I'll have to try it out :)
<mnutt>
the UI is both very straightforward (plain html file in docroot/) and in need of some UI help, if anyone is looking to hack on a sandstorm app
GeorgeHahn has quit [Read error: Connection reset by peer]
jadewang has joined #sandstorm
_iwc has joined #sandstorm
frigginglorious has quit [Quit: frigginglorious]
<zarvox>
mnutt: wow, I saw the HN post while waiting for dinner and was like "that would make a neat Sandstorm app" - amazing turnaround time :)
<zarvox>
And with offer template integration too!
<zarvox>
mnutt: also glad to hear you are up and running with vagrant-spk and libvirt! that makes two people who aren't me who have reported success with it.
jadewang has quit [Remote host closed the connection]
jadewang has joined #sandstorm
<mnutt>
the one thing that is slightly less than perfect is the google maps integration (and geocoding, which I disabled) I'm not quite sure what to do about those
jadewang has quit [Remote host closed the connection]
<mnutt>
also I think owntracks doesn't talk enough in its docs about the inherent risks of constantly recording your location (and with geolocation, sending them all to google as well)
mnutt has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<zarvox>
Yeah. I'm not sure exactly how you'd manage a map like that in a Content-Security-Policy-enforcing Sandstorm world.
xet7_ has quit [Read error: Connection reset by peer]
xet7_ has joined #sandstorm
xet7 has quit [Ping timeout: 276 seconds]
raoulzecat has quit [Ping timeout: 244 seconds]
ecloud_wfh has quit [Ping timeout: 244 seconds]
ecloud has joined #sandstorm
raoulzecat has joined #sandstorm
raoulzecat has quit [Quit: byebye]
synchrone has quit [Ping timeout: 248 seconds]
synchrone has joined #sandstorm
tdfischer has quit [Ping timeout: 246 seconds]
tdfischer has joined #sandstorm
tobald has joined #sandstorm
brylie has joined #sandstorm
<brylie>
Hi all. How can I open up a sandstorm application for general, public access? E.g. if I set up a Telescope grain, how can I connect it to a domain name and allow public access?
Bulwark has joined #sandstorm
<brylie>
Ghost is the only Sandstorm app, so far, that I have figured out how to make publicly accessible, e.g. by web crawlers, anonymous individuals, etc.
<Bulwark>
Hey guys. Is this the right place to seek installation assistance? If not - where should I go? :)
<brylie>
Bulwark, I can try to help
<brylie>
What difficulty are you encountering?
<Bulwark>
Awesome. Trying to install Sandstorm on one of my OVH Boxes (64-bit 14.04 Ubuntu), but I get a failure message relating to CONFIG_USER_NS=y
<Bulwark>
running kernel 3.14.32
<brylie>
Hm, that is pretty specific. Will you post the failure to a Github issue?
<brylie>
It looks like OVH may be providing a modified kernel, but the original kernel might still be an option.
<brylie>
Cool. I am also considering OVH. How has your experience been with OVH?
<Bulwark>
OVH is amazing
<Bulwark>
been with them for years, through Kimsufi. My total bill for 3 servers is about £40 a month
<brylie>
Nice :-)
<Bulwark>
which I use for various projects near-constantly. 2tb disks are handy
<Bulwark>
wouldn't hesitate to recommend. However, they're in high demand, so it might be worth using a kimsufi watching service to notify you when your server of choice is in stock
<brylie>
I am currently using DigitalOcean and host1plus. I am considering migrating some of my DigitalOcean VMs to OVH.
<brylie>
Wow! 2tb?! How much is that data package per month?
<Bulwark>
I'll just pull the details, one sec
<Bulwark>
unlimited data transfer (word on the grapevine is you get throttled at 5tb, but I have gone over that before with no penalty)
<brylie>
OK, cool. I found the page by searching for kimsufi.
<Bulwark>
Hmm, I have a KS-6, their offerings seem to have changed since I was last here
<brylie>
It seems to be around 80 euros per month.
mnutt has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
BigShip has joined #sandstorm
amyers has joined #sandstorm
amyers has quit [Remote host closed the connection]
amyers has joined #sandstorm
aaronr has quit [Ping timeout: 260 seconds]
amyers has quit [Quit: Leaving]
amyers has joined #sandstorm
<asheesh>
Morning, all.
Bulwark has joined #sandstorm
<Bulwark>
Hey again - I'm having a few issues with my Sandstorm self-hosted solution, specifically with the wildcard_host, which is apparently misconfigured
<asheesh>
Bulwark: Hi!
<Bulwark>
would anyone be able to take a quick glance at it and make sure I'm not doing anything obviously wrong, before I go insane? :)
<asheesh>
I'd be happy to help. Note that the wildcard host warning is a little aggressive, so basically, if grains seem to work, then you're in good shape.
<asheesh>
I'm happy to also take a look, Bulwark!
<Bulwark>
Oh okay, I hadn't dared try anything, the warning message was very explicit about everything burning down if I tried! Give me one sec to try an app
NOTevil has joined #sandstorm
<Bulwark>
Hmm. While Sandstorm allows me to install apps, when starting a grain I get a loading wheel of death
<Bulwark>
I assume that's a wildcard issue?
<asheesh>
Yup.
<asheesh>
OK, cool. So what's the URL to your Sandstorm install?
<asheesh>
I'm fine debugging this here (in public; publicly logged; has the upside that people Googling can learn more) or in private (send me a privage message on IRC) if you prefer.
<Bulwark>
sorry-not-sorry for the darude sandstorm joke. I'm sure I'm not the first and I'm sure I won't be the last!
<asheesh>
Specifically look for the screenshots of the DNS panel there.
<Bulwark>
Ah, okay. My wildcard was pointed at my other box. I've updated now so once that filters through, I'll attempt again
<asheesh>
Great. Now, questions: Would that DigitalOcean link have helped, if we had provided the link somehow/somewhere?
<asheesh>
Also, if I adjust the wildcard_host text to say "Until you fix it, you will probably not be able to use any apps." would that be any less scary?
<asheesh>
I'm sort of glad you saw the error message and it helped you contact us, but I'd prefer even more if you had seen it and you could figure out how to fix it without asking us!
<asheesh>
Well, I should say, I'm definitely glad the error message helped.
<asheesh>
BTW, in your case, you probably want a wildcard underneath darude.fl4w.net
<asheesh>
Like *.darude.fl4w.net.
<asheesh>
Maybe we can make that clearer, actually, hmm.
<Bulwark>
Hmm. Well the error message definitely helped. However, CF's DNS changes are usually near-instantaneous, and I'm still getting DNS errors on example.darude.fl4w.net, so perhaps it is to do with my config afterall?
<asheesh>
Yeah, I was thinking that.
<Bulwark>
SERVER_USER=sandstorm
<Bulwark>
PORT=8081
<Bulwark>
MONGO_PORT=6081
<Bulwark>
BIND_IP=0.0.0.0
<Bulwark>
BASE_URL=https://darude.fl4w.net
<Bulwark>
WILDCARD_HOST=*.darude.fl4w.net
<Bulwark>
UPDATE_CHANNEL=dev
<Bulwark>
ALLOW_DEV_ACCOUNTS=false
<Bulwark>
one sec
<Bulwark>
Oh wow, oops. I was going to paste that all in one line, apologies for the spam and yay for no bouncer
<asheesh>
I'm happy to look at a screenshot etc. of your CloudFlare DNS page.
<Bulwark>
I'm gonna try one more thing my end to ensure I'm not being an idiot and then sure! 2 secs
<asheesh>
The DNS is resolving now, btw, for example.darude.fl4w.net!
<Bulwark>
Hmm, I'm still getting some odd errors, restarting sandstorm now
<asheesh>
Restarting Sandstorm doesn't usually help much, fwiw.
<asheesh>
I imagine that's the problem - you could enable CloudFlare SSL to work around that for now, although it would result in CloudFlare having your plaintext.
<Bulwark>
Hmm. I think that may be the solution. Was about to say I'm still getting the 'wheel of death'
<asheesh>
I think in this case that's not a huge deal.
<Bulwark>
my cert is generated for darude.fl4w.net
<Bulwark>
so that's wrong, I assume
<Bulwark>
I need to somehow gen one for *.darude.fl4w.net
<asheesh>
Yeah, you can either generate one for *.darude.fl4w.net ; GlobalSign will sell one to you. Others will too, google.com/search?q=cheap+wildcard+ssl
jemc has joined #sandstorm
<Bulwark>
I was using letsencrypt for their freebies, will look into generating a wildcard one.
<Bulwark>
ah, wildcard domains are not supported. I thought that would have been too easy :P
<asheesh>
Yeah, this is why we run the sandcats thing. CloudFlare can give you wildcard HTTPS too, though.
<Bulwark>
Will drop back to Sandcats until I work out the SSL stuff then I think!
<asheesh>
Wait, no!!! Consider setting up CloudFlare SSL!!!
<asheesh>
I mean, OK, either way is fine. :)
<asheesh>
If you enable the "cloud" icon in cloudflare, that should automatically configure cloudflare ssl.
<Bulwark>
Oh okay, I figured that was only for business plans etc
aaronr has joined #sandstorm
<asheesh>
I think it's free now!
<Bulwark>
Hmm, SSL is enabled from Cloudflare, but still getting ssl errors. This is a headache!
<asheesh>
And did you click the "Cloud" button, for the *.darude record in your domain?
<asheesh>
For me, it seems you didn't, because if you did, it would change what IP address the domain is resolving to, but it's the same for me. Info:
<asheesh>
I'm testing by running this on the command line:
<asheesh>
But it might take a little bit to "stick".
<Bulwark>
IT would appear that CF doesn't allow wildcard protection
<Bulwark>
that's a pain
<Bulwark>
there's literally no option for it
<asheesh>
Interesting.
<asheesh>
Well, that's that, then; sorry to send you on a bit of a wild goose chase.
<Bulwark>
DM'd you a screen of what I mean
<Bulwark>
No worries! If I don't try, I'll never find out!
<asheesh>
If you decide to go the "purchase your own certificate" route, I can help you with that too; I've done it for a few other Sandstorm installs.
<Bulwark>
BigShip, I did try them, however they do not allow wildcard certificates
<asheesh>
Yeah; see above note that they don't support wildcards yet.
<BigShip>
oh :(
<Bulwark>
so for this particular use-case, no joy
<BigShip>
dang, that's the only thing I'd use it for. Thanks for saving me some pain
<BigShip>
asheesh: so, I finally got a development environment set up for packaging. Took like two days of fiddling >_<. Got started back in on packaging Codiad. So much more invovled that I thought it was going to be :(
<BigShip>
asheesh: how much effort would you estimate it should take to package something?
<dwrensha>
wow, Codiad looks pretty cool
<BigShip>
dwrensha: Yeah, I really want to get it running on sandstorm. I use a chromebook for most things, so it'd be awesome for me. I just have no idea what I'm doing :D
<dwrensha>
it looks complex enough that porting it would be nontrivial
<dwrensha>
it says it supports 40+ languages. is there a list somewhere?
<BigShip>
Idk, I haven't used it :D
<dwrensha>
and what does "support" mean?
<dwrensha>
does it compile the code on the server?
<BigShip>
It was just the best looking environment to write code in so I picked that one
<BigShip>
I think it just supports syntax though
<BigShip>
I may put it on hold and try packaging something simpler first for practice. We'll see though. I think I just need to get a better idea of how sandstorm actually works.
paroneayea has joined #sandstorm
paroneayea has quit [Changing host]
<BigShip>
dwrensha: thanks for the help this weekend by the way. You saved me another couple days of frustration
mnutt has joined #sandstorm
<Bulwark>
brainwave. If I self-sign a wildcard SSL cert, would that be enough for Sandstorm?
<bemasc>
asheesh: So, I learned a lot about sandstorm, which was fun, but it looks like the sandbox is basically way too tight for any kind of proxy server
<asheesh>
This is the thing that the proxy would presumably need access to.
<asheesh>
It might seem a little strange to sandbox everything, and then provide a way for the admin to entirely remove the networking part of the sandbox, but that's what we're doing I suppose.
<asheesh>
Curious what you think; not necessarily urgent.
frigginglorious has quit [Quit: frigginglorious]
<Bulwark>
Best app to keep a code project? Thinking specifically an Atom clone
<Bulwark>
got a whole project-worth of big data structure code and notes, don't trust this laptop's hard drive
<BigShip>
There's gitlab and gogs available. Might be a good place to start
<Bulwark>
Hmmm, will look into gitlab. People in the office keep pressuring me to sign up to their Atlassian stack but it just seems.. bleh
<maurer>
Bulwark: Alternatively, if it's not really version controlled/git stuff, you could try using davros
<maurer>
Bulwark: So, if it's for work and work uses Atlassian, I'd strongly encourage you to use it
<Bulwark>
Nah, it's personal side-project stuff, nothing work related
<maurer>
Bulwark: Other than the proprietary nature, the Atlassian stack is a very strong piece of softwrae
<maurer>
*ware
<maurer>
Ah, OK
<Bulwark>
bit weirded out that dev keep pushing atlassian on me
<Bulwark>
like gtfo, my code is my code
<maurer>
So, I personally use github + private repos for personal dev. gitlab is an attempt to emulate that, but is less full featured, and the sandstorm version is a _little_ confusing since gitlab was built for an org, but sandstorm gitlab is intended for a repo
<maurer>
However, I would use sandstorm gitlab long before stock gitlab
<maurer>
the number of modifications I had to make to a gitlab setup before it could be exposed to the internet is mind boggling
<Bulwark>
I already have a few private gitlab repos littered about, it'd be good to organize them all together on the same host
<Bulwark>
also on my own hardware, more control x)
<maurer>
I haven't tried gogs, but you should give them both a shot I suppose
<maurer>
Main deficiency of gitlab under github is collaboration
<maurer>
so if you're doing small scale work, gitlab (or maybe gogs, haven't tried that one, but it looks shiny) may work
synchrone has quit [Ping timeout: 252 seconds]
<Bulwark>
I'll give 'em both ago
<Bulwark>
a go*
tobald has quit [Quit: Ex-Chat]
synchrone has joined #sandstorm
neynah has joined #sandstorm
<maurer>
Heh, github is down
<maurer>
so I guess now is as good a time as any to be checking out gogs :P
<mnutt>
I would actually recommend against storing code in davros, gogs/gitlab sandstorm app will probably be a much better experience
<mnutt>
(for the same reason I recommend against code sharing via dropbox. either it lacks version control, or you store the .git directory as well and end up with all kinds of weirdness...)
<maurer>
mnutt: Yeah, he said "large data structures", and I was unsure if he meant "code for manipulating data structures" or "I've got a 10GB sqlite file that goes with this code"
<maurer>
dwrensha: The Arena section might be of use to you - it doesn't make things perfectly safe, but it shows how to at least use lifetimes in coordination with e.g. a BuilderArena to make sure things live long enough
dlitz has quit [Remote host closed the connection]
dlitz has joined #sandstorm
NOTevil has quit [Quit: Leaving]
amyers has quit [Ping timeout: 248 seconds]
dlitz has quit [Remote host closed the connection]
BigShip has joined #sandstorm
<mnutt>
fwiw I also got a 500 trying to send an invite link with a sandstorm server I just set up yesterday. unfortunately not at home so I can't get a stack trace, but I will later.
<dwrensha>
yeah, me too
<asheesh>
I... don't have email configured so I expect a 500.
<mnutt>
nice, looks good to me. it wasn't a blocker for me, I just copied the link, I just wanted to corroborate the list email
<zarvox>
Thanks for the reproduction!
<zarvox>
the non-email invite link workflow does work, which I suspect may be the more commonly-used one (since it also works if you haven't configured email yet)
<dwrensha>
would it be possible to add a test for this?
<dwrensha>
like, other tests successfully send emails, right?
<zarvox>
maybe there's the one roundcube test that sends an email?
<zarvox>
Huh. Do we have any tests for the admin UI at all? O_o
<zarvox>
I guess the ipnetwork/ipinterface tests hit the capabilities page
<zarvox>
but otherwise, not yet
<zarvox>
I'm inclined to punt on adding the test until after the admin UI change, since the workflow/forms/etc. will likely change, but I agree it'd be worthwhile to have tests for the more and more of Sandstorm's functionality
<zarvox>
In other news, Meteor 1.3 is likely to be released soon! Today was quoted, but they still have a number of bugs open against the RCs, so I'd be surprised if it actually landed today.
zeroish has joined #sandstorm
<mnutt>
ES6 support! very cool.
<mnutt>
sounds like it's still on node 0.10, but that it's next on the todo list