<cmr>
dwrensha: which files are needed? I think it's util, grain, web-session, web-publishing, persistentuiview, ip, hack-session, email, and api-session.
jemc has quit [Ping timeout: 246 seconds]
<cmr>
Suppose Alice creates two grains, G and H. In G, she does some actions to offer a persistable capability C which she imports into H. She gives Bob access to H. She shuts her computer down, ending her sessions. Bob continues to use H, and does an action which causes it to try and do something with C (P1). Bob then shuts his computer down, ending his sessions. Later, he opens H again, and tries to do
<cmr>
something with C (P2).
<cmr>
At P1, is G still alive? If not, what happens with that capability?
<cmr>
At P2, will G be made alive?
<Zarutian>
cmr: intresting question. Are grains orthogonally or otherwise persisted between sessions?
<cmr>
Zarutian: All the state which C needs to fulfill its interface is persisted between sessions, let's say.
<Zarutian>
I thought that was given.
<cmr>
And when H is shutdown, it will save() C and persist that.
<cmr>
Oh, you're not talking about my scenario, but about grains themselves?
<cmr>
I have no idea how grains work yet :)
<cmr>
I'm trying to tease that out.
<vidios>
Makes it sound as though G is dead at both p1 & p2 then...
<Zarutian>
does it use C to persist or is the capabability C persisted with each grain instance. That I do not know but I do know that it will illuminate the path to an answer to questions originating from your scenario.
<cmr>
vidios: that is my suspicion, however G will only be dead at P1 if C being alive does not keep G alive.
<vidios>
... right
<asheesh>
Ah btw hi vidios
<vidios>
\o
<asheesh>
Are you sure that your app is broken for you but not for me? That's so weird.
<cmr>
However C keeping G alive means Bob is now "sapping" CUs from Alice, "indirectly".
<cmr>
This could either be part of the sharing model, or disallowed.
<asheesh>
FWIW anyone viewing a grain owned by Alice uses up Alice's CUs.
<cmr>
Right, so Bob viewing H will use Alice's CUs.
<Zarutian>
CUs? Computing Units?
<cmr>
Zarutian: yes, the hypothetical resource quota of sandstorm.
<dwrensha>
as things currently are, though, I think that the grain will be spun down after a few minutes if nobody has a web session open on it
<Zarutian>
dwrensha: when does the starting up that grain due to a persistent capability occur? when a grain that has such is started or when it is used?
<dwrensha>
so I think the capability would stop working, and start throwing "disconnected" exceptions?
<cmr>
Is a cap still valid after a save()? So one can save() a newly received cap, and continue to use it, restoring it if it becomes disconnected?
<cmr>
Zarutian: When it is used, it seems.
<dwrensha>
often the first thing one does with a cap is to save it
<dwrensha>
you can still use it after that
<cmr>
Where "use" = restore()
<cmr>
dwrensha: Ok, that is sensible.
mnutt_ has joined #sandstorm
kentonv has quit [Read error: Connection timed out]
<Tuxick>
maybe this message means i really need a wildcard record?
<Tuxick>
in that case the error message needs some fixing
<Tuxick>
sorry, need wildcard cert?
<dwrensha>
yes, you will need a wildcard cert to use sandstorm over HTTPS
<Tuxick>
ok, so it does some internal check, yet doesn't log or report?
jemc has joined #sandstorm
<Tuxick>
ok, i'll see if i can produce a self signed one
<dwrensha>
The error that you're seeing is Sandstorm reporting that its wildcard host does not work.
<dwrensha>
Tuxick: Does your browser dev console report any errors?
<Tuxick>
well, after that there's "Until you fix it, you will not be able to use any apps. Learn more. You'll need to adjust DNS, SSL/TLS certificates, or edit the sandstorm.conf file."
<dwrensha>
How could this message have been more helpful?
kentonv has quit [Read error: Connection timed out]
kentonv has joined #sandstorm
<Tuxick>
because it starts with telling me wildcard is wring while it isn't, and then mentions 3 things that might need looking at
<Tuxick>
anyway, created selfsigned wildcard for haproxy, still same problem
jadewang has joined #sandstorm
<Tuxick>
"or edit the sandstorm.conf file" is about as vague as it can get
mnutt_ has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
aldeka has quit [Remote host closed the connection]
ocdtrekkie has quit [Remote host closed the connection]
ocdtrekkie has joined #sandstorm
aldeka has joined #sandstorm
<dwrensha>
Tuxick: I'll suppose that your wildcard host is "sandstorm-*.example.com" ...
<dwrensha>
I would expect the same "no such grain for public ID" thing
<dwrensha>
oh good
kentonv has quit [Read error: Connection timed out]
<dwrensha>
I guess your WILDCARD_HOST is "*.sandstorm.example.com", and your BASE_URL is "https://sandstorm.example.com" ?
<Tuxick>
yes
<Tuxick>
and PORT=80 but afaik that's the listen port anyway
<Tuxick>
default
<dwrensha>
hm... it's possible that the error you're seeing is spurious. Does it persist when you reload the page?
<Tuxick>
yes
<Tuxick>
i'm afraid this is either a long way of trial and error or getting into the source
<Tuxick>
since it's not telling much
<dwrensha>
I would maybe try continuing with the setup, ignoring the error, if that's possible.
<dwrensha>
I'm curious whether installing apps and starting grains will succeed or not
<Tuxick>
no it won't
<Tuxick>
since it leads to "You are not logged in as admin and there isn't a valid token specified"
<Tuxick>
so the error message is already wrong with first word
<Tuxick>
"WARNING" should be "FATAL ERROR"
<zarvox>
hmmm, is it odd that PORT=80 but BASE_URL is https:// ?
<Tuxick>
zarvox: it's listening on 80
<Tuxick>
haproxy on 443
<zarvox>
ahhh, 'k
<dwrensha>
zarvox: does that sound right? the setup wizard prevents you from proceeding if there is a wildcard host error?
<Tuxick>
in most systems i worked with "base url" is the url it sends to client
<Tuxick>
or part of it :)
<Zarutian>
dwrensha: just to sate my curiousity, can one reconfig BASE_URL to be at some .onion or .i2p address and there wont be leaks of other domain addresses?
<zarvox>
I don't recall the setup wizard preventing you from proceeding if there is a wildcard host error. But I've also mostly been testing local.sandstorm.io which definitely works :)
<dwrensha>
Tuxick: before you got to the "no such grain for public ID" page in your browser, did you have to click through any certificate warnings?
<Zarutian>
dwrensha: so one has to run it in something akin to whonix setup then. (Gateway VM running Tor and App VM running Sandstorm)
<Tuxick>
dwrensha: no, i told browser to accept
<Tuxick>
also with openssl s_client it didn't stop me from GET /
<zarvox>
IIRC openssl s_client doesn't require the cert to be trusted, it just tells you that your session doesn't chain to any trusted cert
<Tuxick>
btw i also tried :443 in WILDCAR_HOST
<zarvox>
and for the browser: XHRs and iframes to origins with what the browser deems "untrusted" do not cause prompts, so if you just clicked through a cert warning instead of installing the appropriate root cert, then you'd see that failure mode
<Tuxick>
well if it'd log ANYTHING i would have saved a lot of time
<dwrensha>
I'll open as issue about that right now
<Tuxick>
zarvox: afaict this is not something i can solve by installing root cert on client
* Zarutian
wonders if sandboxed iframes with srcdoc or src="data:..." still each get their own 'origin' at each instanciation, requires tunneling via postmessage between the enclosing sandstorm frame and such iframe. Might be a solution that uses the wildcard aproach as fallback for browsers that dont allow such.
<Tuxick>
tomorrow i'll see if i get same problem with nginx
<Tuxick>
pretty sure i will
* Zarutian
or an hook in sandstorm for when it requests a new random hostname, instanciate a new .onion or .i2p address
<dwrensha>
Tuxick: is there anything interesting in your server's log, /opt/sandstorm/var/log/sandstorm.log ?
<Tuxick>
nothing
<Tuxick>
that's what's annoying me
jadewang has joined #sandstorm
halindrome has quit [Ping timeout: 276 seconds]
mnutt_ has joined #sandstorm
<Tuxick>
anyway, bbl
halindrome has joined #sandstorm
jadewang has quit [Ping timeout: 276 seconds]
jemc has joined #sandstorm
kentonv has quit [Read error: Connection timed out]
kentonv has joined #sandstorm
mnutt_ has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
larjona has quit [Read error: Connection reset by peer]
larjona has joined #sandstorm
mnutt_ has joined #sandstorm
frigginglorious has quit [Ping timeout: 250 seconds]
frigginglorious has joined #sandstorm
kentonv has quit [Read error: Connection timed out]
kentonv has joined #sandstorm
jadewang has joined #sandstorm
mnutt_ has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
jadewang has quit [Ping timeout: 265 seconds]
mnutt_ has joined #sandstorm
frigginglorious has quit [Quit: frigginglorious]
frigginglorious has joined #sandstorm
mnutt_ has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
jacksingleton has quit [Ping timeout: 250 seconds]
mnutt_ has joined #sandstorm
jacksingleton has joined #sandstorm
jacksingleton has quit [Ping timeout: 244 seconds]