asheesh changed the topic of #sandstorm to: Welcome to #sandstorm: home of all things sandstorm.io. Say hi! | Channel glossary: "i,i" means "I have no point, I just want to say". b == thumbs up. | Public logs at https://botbot.me/freenode/sandstorm/ & http://logbot.g0v.tw/channel/sandstorm/today
neynah has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
<ocdtrekkie> HeyItsMeUrIRC_: Regarding the vagrant-spk PR, it might be worth explaining why node7 needs to be a different stack than the stack you updated to node 6.
<HeyItsMeUrIRC_> Some apps and npm packages only work with v6
<ocdtrekkie> Well, I mean, some apps and packages only work with even older versions too.
<ocdtrekkie> Like Meteor is it's own stack, but I read that it can use Node 4, but not Node 6.
<ocdtrekkie> Anyways, I do, as a point of note, recommend descriptions with PRs to explain why they are important. Especially because sometimes they're read by people like me who don't actually know anything.
mnutt_ has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 248 seconds]
jrmg has joined #sandstorm
jemc has quit [Ping timeout: 248 seconds]
jrmg has quit [Quit: Textual IRC Client: www.textualapp.com]
<efishta2> back, home from worky. neynah, to answer your answer belatedly, i run selfhosted.
aeternity has quit [Ping timeout: 245 seconds]
aeternity has joined #sandstorm
<efishta2> I share a link out to a grain. User registers, now has access to the grain. So they essentially have administrative access to that grain (say for wordpress...) now, am I correct? They can use that grain, publish and allow other users to register INSIDE the app, using its own facilities. Am I understanding this correctly?
<ocdtrekkie> Something to that effect, if that's how the permissions for that app or sharing link are set.
<efishta2> correct, depending on how the application is coded, I understand that.
<efishta2> So, let's take another example Etherpad is an online collaborative word processor, from what I understand. I learned earlier that each Etherpad document is isolated within its container. At this point, since all users are separae on Sandstorm, I take it etherpad uses some other method of collaborating.
<ocdtrekkie> I'm not sure I understand what you're asking.
<efishta2> I'm gonna mess with its some, instead of asking innane hypotheticals
<ocdtrekkie> That is almost certainly the best way to "get" how Sandstorm works. :)
<ocdtrekkie> An Etherpad container knows who is accessing it because when you connect to the grain, you can either have Sandstorm reveal your identity to the app, or present you as an anonymous user to it.
<ocdtrekkie> The code that allows multiple users to work collaboratively on it is part of Etherpad's design, not Sandstorms. There are definitely some Sandstorm apps they are not really coded with realtime collaboration in mind.
<efishta2> OK so etherpad interfaces with Sandstorm's user authentication/authorization system, and that's how sharing and collaborating works? So say in a Wordpad instance, which isn't necessarily designed for collaboration, this invited user can now edit pages on it with the same permissions, that a fair assumption/
<efishta2> The applications themselves, according to how I understand what you wrote, use Sandstorm's user integration facilities, not their own.
leeola has quit [Quit: Connection closed for inactivity]
<ocdtrekkie> Yeah, sometimes there's a little work there to gut the existing user system to just accept what Sandstorm tells it the user is.
<ocdtrekkie> The simpler the existing user management is, the simpler it is to connect to Sandstorm. An app I ported, Scrumblr, simply generates a user ID on the spot when a user visits the board, and shows them as connected. The Sandstorm modification grabs the user's display name from Sandstorm and drops it into that field, basically.
<ocdtrekkie> EtherCalc technically has no permissions, but it has a URL you can edit from, and a URL that is view only, IIRC. It basically just only offers view-only users the view-only URL.
jadewang has joined #sandstorm
isd has joined #sandstorm
<efishta2> Okay, I see now. So there's a sharing and collaboration aspect that Sandstorm facilitates and secures, but it can also just as easily be used for personal use.
<efishta2> Even more interesting.
<ocdtrekkie> I personally use it very similarly to how I used to use Google Drive. Most of my documents and stuff on it are for personal use, but I have a couple I share out with people when I need to.
jadewang has quit [Ping timeout: 256 seconds]
aldeka_limechat has quit [Remote host closed the connection]
<efishta2> Noted. Likely my use as well, but was intrigued by the possibilities. Just a week ago I got nextcloud running on dreamhost, since I'd forgotten they offer "unlimited" bandwidth and storage, though I'm still a little weirded out by no clear cut privacy settings there apart from encryption, which has the keys on the same server...
<efishta2> wonder if I'll ever be able to use that nextcloud install as storage/replication for a Sandstorm file sharing grain at some point.
<ocdtrekkie> efishta2: Davros, one of the file storage apps on Sandstorm, is actually compatible with the ownCloud sync clients.
<ocdtrekkie> I don't think it's been updated to work with the Nextcloud versions yet.
<ocdtrekkie> But that is more just using their client apps with Sandstorm's server.
<efishta2> right, but still pretty cool to use a single client (once nc client is supported) for both accounts
<efishta2> I could just upload encrypted backups of Sandstorm's VM to NC weekly, lol. That'd have some usefulness at least.
<efishta2> backing up the cloud to the cloud, holy crap
<HeyItsMeUrIRC_> Is there any up-to-date Wiki software?
<ocdtrekkie> "Up to date"... probably not.
<ocdtrekkie> But they could be updated. :D
<ocdtrekkie> Actually, they're not too old.
<ocdtrekkie> The MediaWiki package is from November 2016, the DokuWiki package is from October 2016.
xet7 has quit [Quit: Leaving]
neynah has joined #sandstorm
<efishta2> jebus, I go to upload a .txt file on Blogger and I find I can't do that. A single .txt file. Totally closed off. The nerve. Hah
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 240 seconds]
<efishta2> stumbled upon kentonv's blog entry for his LAN party sized house. That's flipping awesome!
<kentonv> :)
<kentonv> it's not as big as it looks
mnutt_ has joined #sandstorm
<efishta2> correction: LAN Party *optimized* house. Indeed that's the wording you used on the post as well.
HeyItsMeUrIRC_ has quit [Ping timeout: 276 seconds]
funwhilelost has joined #sandstorm
wolcen has joined #sandstorm
jadewang has joined #sandstorm
funwhilelost has quit [Ping timeout: 276 seconds]
wolcen has quit [Ping timeout: 240 seconds]
jadewang has quit [Ping timeout: 255 seconds]
bennyw has joined #sandstorm
bennyw has quit [Client Quit]
ill_logic_ has joined #sandstorm
ethane has joined #sandstorm
ethane has quit [Client Quit]
wolcen has joined #sandstorm
afuentes has joined #sandstorm
jadewang has joined #sandstorm
mysticmode has joined #sandstorm
mysticmode has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
isd has quit [Quit: Leaving.]
afuentes has quit [Ping timeout: 260 seconds]
nwf has quit [Ping timeout: 245 seconds]
mysticmode has joined #sandstorm
mysticmode has quit [Client Quit]
davidjgraph has quit [Read error: Connection reset by peer]
davidjgraph has joined #sandstorm
nwf has joined #sandstorm
bennyw has joined #sandstorm
<bennyw> "i,i"
<ocdtrekkie> Hi!
<bennyw> Hey everyone, I'm a beginner with sandstorm.io, but loving it. Am I in the right place?
<bennyw> I want to package an existing app for sandstorm and have a couple of questions, if anyone has time.
<neynah> bennyw: Hi! :)
<bennyw> Do you think this app is too complex to be on sandstorm? https://github.com/InvoicePlane/InvoicePlane
jadewang has quit [Remote host closed the connection]
mnutt_ has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<kentonv> bennyw, that looks like a great Sandstorm app!
<kentonv> it should be relatively easy to get working since it doesn't talk to external services at all, so you don't have to worry about requesting permissions. You will still need to modify it to remove the login screen and look at the headers for identity info.
bennyw has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
bennyw has joined #sandstorm
<bennyw> Thanks kentonv! Exactly what I was going to ask! I'm giving a go over the next few days
<ocdtrekkie> Any questions you have, absolutely feel free to bring them here, and float around until someone answers them. :)
<bennyw> Thanks man! Will try over the next few days :)
bennyw has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
elensil has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 264 seconds]
newrain has joined #sandstorm
<newrain> hello all
<newrain> I usually don't read the torrent of update e-mails I get, but I've been very interested in sandstorm after reading how unique it is, and exploring its apps. I am sad that it may not go forward as quickly from the latest news. I really like this platform, and prefer it over google apps. I am wondering if there are any security risks with the projec
<newrain> nd I hope sandstorm continues onward. Will put bitcoin into hat.
<newrain> t from these changes? Should I remove my files? I will continue using sandstorm and spreading the word as an alternative to the big hosts that use their user data to enrich their learning algorithms (and worse). I work in this business and know some of the practices. Anyway, I just wanted to say that I love your tools, I love the security system, a
newrain has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
larjona_ has joined #sandstorm
M|tar has joined #sandstorm
neynah has quit [*.net *.split]
larjona has quit [*.net *.split]
minus has quit [*.net *.split]
[d__d] has quit [*.net *.split]
Mitar has quit [*.net *.split]
dongo has quit [*.net *.split]
kxra has quit [*.net *.split]
M|tar is now known as Mitar
rolig has quit [Ping timeout: 240 seconds]
dongo has joined #sandstorm
[d__d] has joined #sandstorm
rolig has joined #sandstorm
kxra has joined #sandstorm
aeternity has quit [Ping timeout: 260 seconds]
minus has joined #sandstorm
aeternity has joined #sandstorm
larjona_ has quit [Quit: http://quassel-irc.org - Chatee cómodamente donde sea.]
larjona has joined #sandstorm
jadewang has joined #sandstorm
FredFredFred has joined #sandstorm
FredFredFred_ has quit [Ping timeout: 255 seconds]
jadewang has quit [Ping timeout: 258 seconds]
FredFredFred_ has joined #sandstorm
FredFredFred has quit [Ping timeout: 252 seconds]
FredFredFred has joined #sandstorm
FredFredFred_ has quit [Ping timeout: 255 seconds]
afuentes has joined #sandstorm
dagelf has quit [Remote host closed the connection]
dagelf has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 240 seconds]
aeternity has quit [Ping timeout: 240 seconds]
aeternity has joined #sandstorm
FredFredFred_ has joined #sandstorm
FredFredFred has quit [Ping timeout: 245 seconds]
aeternity has quit [Ping timeout: 240 seconds]
aeternity has joined #sandstorm
samba_ has joined #sandstorm
samba_ has quit [Client Quit]
FredFredFred has joined #sandstorm
FredFredFred_ has quit [Ping timeout: 252 seconds]
aeternity has quit [Ping timeout: 240 seconds]
aeternity has joined #sandstorm
aeternity has quit [Ping timeout: 260 seconds]
aeternity has joined #sandstorm
aeternity has quit [Ping timeout: 240 seconds]
aeternity has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 240 seconds]
<afuentes> has anybody here being able to use radicale both caldav and carddav with any linux client? I think I tried all combinations of options with all clients I came across
davidjgraph has quit []
aeternity has quit [Ping timeout: 240 seconds]
FredFredFred_ has joined #sandstorm
aeternity has joined #sandstorm
FredFredFred has quit [Ping timeout: 260 seconds]
aeternity has quit [Ping timeout: 252 seconds]
aeternity has joined #sandstorm
aeternity has quit [Ping timeout: 255 seconds]
aeternity has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 240 seconds]
aeternity has quit [Ping timeout: 240 seconds]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 240 seconds]
ocdtr_web has joined #sandstorm
<ocdtr_web> So logbot.g0v.tw seems to no longer track the channel, and botbot.me is just annoyingly buggy at displaying logs.
<ocdtr_web> botbot.me's issue may just be a browser incompatibility thing though, because it seems to work okay in Firefox.
wolcen_ has joined #sandstorm
FredFredFred has joined #sandstorm
FredFredFred_ has quit [Ping timeout: 240 seconds]
mnutt_ has joined #sandstorm
jadewang has joined #sandstorm
wolcen has quit [Quit: Leaving]
wolcen_ is now known as wolcen
jadewang has quit [Ping timeout: 240 seconds]
ill_logic_ has quit [Ping timeout: 240 seconds]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 240 seconds]
aeternity has joined #sandstorm
mysticmode has joined #sandstorm
aeternity has quit [Ping timeout: 240 seconds]
leeola has joined #sandstorm
mysticmode has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
mysticmode has joined #sandstorm
aldeka_limechat has joined #sandstorm
wolcen has quit [Ping timeout: 240 seconds]
n8a has quit [Ping timeout: 255 seconds]
n8a has joined #sandstorm
jemc has joined #sandstorm
jemc has quit [Client Quit]
jemc has joined #sandstorm
jadewang has joined #sandstorm
elensil has quit [Quit: Leaving.]
n8a has quit [Ping timeout: 255 seconds]
mysticmode has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
jadewang has quit [Ping timeout: 258 seconds]
wolcen has joined #sandstorm
wolcen has quit [Ping timeout: 240 seconds]
CaptainCalliope_ has quit [Remote host closed the connection]
justincormack has quit [Remote host closed the connection]
ripdog has quit [Remote host closed the connection]
KCinJP has quit [Remote host closed the connection]
phildini_ has quit [Remote host closed the connection]
AZero has joined #sandstorm
AZero has quit [Ping timeout: 268 seconds]
leeola has quit [Remote host closed the connection]
cstrahan has quit [Remote host closed the connection]
AZero has joined #sandstorm
AZero has quit [Ping timeout: 268 seconds]
n8a has joined #sandstorm
AZero has joined #sandstorm
jadewang has joined #sandstorm
<AZero> Can get LDAP options without cost since it is going non-pay options?
jadewang has quit [Ping timeout: 240 seconds]
<ocdtr_web> AZero: LDAP is already free on the current version of Sandstorm.
<ocdtr_web> The change was pushed over the weekend, in version 0.202
<AZero> nice! - thank you!!
<AZero> do you know if there is a screensharing app?
<AZero> like webex
<ocdtr_web> Presently there is not.
<AZero> ocdtr_web: Thanks :D
leeola has joined #sandstorm
<ocdtr_web> A lot of the Sandstorm features to handle network traffic to outside resources is still in development, so more often than not, Sandstorm apps tend to be relatively self-contained.
<ocdtr_web> I would love to have a screen sharing app running through Sandstorm though.
<ocdtr_web> I know that presently if you are an admin on a Sandstorm server you can grant a raw IpNetwork interface to a Sandstorm grain, which can do arbitrary network things.
<ocdtr_web> I know the IRC Idler app uses that, for example.
<AZero> yes - thought rocketchat might do it. It is super helpful to just show people what you are talking about
<AZero> but you'd need it secure
<ocdtr_web> It does seem to be listed in their docs... with nothing written: https://rocket.chat/docs/user-guides/screensharing
<ocdtr_web> I've actually never tried any of the video/audio features of Rocket.Chat in Sandstorm, I don't know if they're included or not in the Sandstorm package.
<AZero> lol yes - that is why I asked because I did see that and was confused when I could not figure how to use it
<ocdtr_web> I don't even have a webcam to test the video feature with. :/
<ocdtr_web> It might be good to file an issue with Rocket.Chat about their screensharing documentation.
<ocdtr_web> Because either they should document it if it works, or state in the documentation that it does not work yet if it is not ready.
cstrahan has joined #sandstorm
CaptainCalliope_ has joined #sandstorm
<AZero> Looks like they have some issues open in their github that imply it does work. I have not tested it in either sandstorm or a basic install
<AZero> I agree though, I will get a bit further along and see the limitations and report the documentation issue at least
dwrensha has joined #sandstorm
<dwrensha> kentonv: Oasis seems to be having some problems. If I try to create a new Wekan grain I get a spinner forever.
wolcen has joined #sandstorm
mnutt_ has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
aeternity has joined #sandstorm
<dwrensha> huh. And now it seems to work okay.
<TimMc> AZero: If you want someone to try testing that with, let me know. (Although... I use Firefox ESR and possibly an older Chromium, so there's a chance I might not have browser support.)
<strugee> hey Sandstorm company folks - sorry to hear you're going away! but I gotta say I'm really happy the project will live on. Sandstorm's a great project
mnutt_ has joined #sandstorm
<ocdtr_web> dwrensha: I have had some slow-spinning Wekan setups before. I am not sure if that is just Wekan being slower on first load or not.
<strugee> btw kentonv: https://github.com/sandstorm-io/sandstorm/tree/master/roadmap/platform/mobile#todoproject-sandstorm-app reminds me of a blog post I wrote a couple months ago
<dwrensha> ocdtr_web: the first symptom I noticed was some unresponsive sharelatex grains
<ocdtr_web> strugee: The long-term item in there makes me really happy to see people thinking about, personally. I'm gonna click on your blog post in a moment.
<strugee> I'd *love* to see a gapps-style package that would give you a couple options, so you could choose between e.g. Sandstorm, Nextcloud, etc. and the system would make everything Just work (tm)
<ocdtr_web> I left Android because it was too painful to run it as an open OS, and it's pretty much the worst OS when you consider the other closed OSes.
<strugee> ocdtr_web: ikr! me too <3
<ocdtr_web> I'm actually currently on Windows 10 Mobile, but given that my carrier hasn't had a new Windows 10 Mobile device in over two years, I'm kinda being chased by the reaper on this OS.
<strugee> the way I feel about Android is the way Winston Churchill felt about democracy:
phildini_ has joined #sandstorm
<strugee> > Democracy is the worst form of government, except for all those other forms that have been tried from time to time.
<strugee> ocdtr_web: ouch. my condolences :P
<ocdtr_web> I honestly love the OS, comparatively.
<ocdtr_web> I just can't get a modern device running it.
<strugee> interesting
<strugee> I actually genuinely prefer Android
<strugee> not sure why
<ocdtr_web> It has funny quirks sometimes too. Like Microsoft supports CalDAV and CardDAV, but technically doesn't.
<strugee> :/
<strugee> yikes
<ocdtr_web> I had to add it as an iCloud account, and then change the server address.
<ocdtr_web> The support is there, and it works, but it isn't listed as an open standard. :D
<strugee> loll
<ocdtr_web> strugee: I had Android for... seven years. 2009 to 2016.
justincormack_ has joined #sandstorm
<ocdtr_web> I feel like Android in 2009 was better than Android in 2016.
<ocdtr_web> Probably the biggest issue is not just the Googlifying bit cloud-wise, but that there is incredibly pressure in the Android community to follow Google's style and interaction models, and I feel they've gone downhill a lot.
<ocdtr_web> If I could get current security fixes in an Android 4.1 phone, I'd still carry Android today probably.
<ocdtr_web> In Android's golden years, there were a lot more options.
<TimMc> Whoa, one of the things you can do in Rocket Chat is send someone permission to access a grain via the chat UI!
<TimMc> slick
<kentonv> TimMc, indeed, that was one of the first uses of the Powerbox.
<kentonv> we need a better icon for it since most people don't know what the + will do
jadewang has joined #sandstorm
KCinJP has joined #sandstorm
<TimMc> You could just have a little sandstorm logo, honestly.
<TimMc> If someone already knows that the little video camera icon means sending a video file (as opposed to having a video chat) they'll know what that means.
<TimMc> (And if they know they're using sandstorm, I guess...)
ripdog has joined #sandstorm
jadewang has quit [Ping timeout: 255 seconds]
jadewang has joined #sandstorm
neynah has joined #sandstorm
samba_ has joined #sandstorm
Jan\ has joined #sandstorm
Jan2 has quit [Ping timeout: 255 seconds]
neynah has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
wolcen has quit [Ping timeout: 240 seconds]
aeternity has quit [Ping timeout: 258 seconds]
aeternity has joined #sandstorm
samba_ has quit [Ping timeout: 256 seconds]
<ocdtr_web> This week I'd like to remind everyone to keep their warranties up to date. As so far this week I've had three PCs and two network devices go out. Oh, and hey, there was that Cisco thing where a bunch of their devices have a hardware defect they'll only replace if you have a service agreement. :)
leeola has quit [Quit: Connection closed for inactivity]
afuentes has quit [Ping timeout: 240 seconds]
jemc has quit [Ping timeout: 255 seconds]
HeyItsMeUrIRC has joined #sandstorm
<HeyItsMeUrIRC> I managed to get a few minutes
planetguy has joined #sandstorm
TC02 has quit [Ping timeout: 252 seconds]
sybr has joined #sandstorm
sybr has quit [Client Quit]
syb has joined #sandstorm
<syb> Hi! I have installed a Sandstorm instance on my server. How can I change the limit of the images uploaded?
<syb> For instance for the logo or the avatars....
<syb> ?
<HeyItsMeUrIRC> Sorry, but it appears that's not available at the moment
<syb> 64 Kib is too restrictive...
<syb> Thanks HeyItsMeUrIRC!
<planetguy> Does anyone know a Sandstorm app to host raw files statically?
<efishta2> man o man - increasing appreciation for Sandstorm ongoing... Been messing with Yunohost in addition to Sandstorm, but one thing I'm not happy about is that Yunohost, for some reason (I'm sure there is one, I just don't know it) requires running its own DNS, setting up a DNS zone, redirects, dynamic IPs etc. on the server instance itself. I was ini
<efishta2> tially hoping to use its built-in LetsEncrypt cert capability with a subdomain, but Sandstorm is ACTUALLY much much simpler to configure.
<ocdtr_web> syb: Out of curiosity, have you tried anything like tinypng or tinyjpg to shrink your images? It's amazing how small you can get an image file without impacting visual quality.
<ocdtr_web> planetguy: I believe you can do it with Davros, but you have to have an index.html file in the directory for the publishing feature to work. If I recall correctly.
<ocdtr_web> efishta2: It's actually really interesting how Sandstorm and some of it's alternatives prioritize certain types of setups and features. Sometimes you get an impression people developing these things are coming from totally different worlds.
<planetguy> Thanks, I'll give it a try
<efishta2> Agreed
<efishta2> I installed Sandstorm on Sunday but I'm kind of... well, fascinated with it, its history, what it's trying to accomplish, current progress, and so on. Open, direct communication by the dev team is a double bonus.
leeola has joined #sandstorm
johndoe123[m] has joined #sandstorm
<johndoe123[m]> Hello
<ocdtr_web> Hey johndoe123[m]!
jemc has joined #sandstorm
<johndoe123[m]> how are you ocdtr_web ?
<ocdtr_web> Shiny.
<johndoe123[m]> :)
<planetguy> ocdtr_web Thanks
<johndoe123[m]> I really enjoy Sandstorm. Im sure everyone of you here too, but I find it nice to say it to you
<johndoe123[m]> As soon as I am able to configure the reverse proxy with SSL I will use it completly :)
<ocdtr_web> johndoe123[m]: Well, say it to kentonv, not me. :D
<johndoe123[m]> kentonv: I really enjoy sandstorm, I guess you're one of the key member of the team...?
<ocdtr_web> Kenton's the lead developer. I am just a random critter around here.
<ocdtr_web> People here can definitely/usually help you with reverse proxy questions. I cannot, because I do not know.
mav2209 has joined #sandstorm
<ocdtr_web> But if you ask questions here and then hover around in the channel, someone will probably answer them.
<HeyItsMeUrIRC> efishta2 Welcome to the club
mav2209 has quit [Client Quit]
<johndoe123[m]> ocdtr_web: yes thank you, I finish to try some clue I have before asking some question. I need to understand some options that was given in the documentation of the apache2 reverse proxy
<ocdtr_web> Off to head home.
ocdtr_web has quit [Quit: Page closed]
<johndoe123[m]> and when I will have tried everything, I will bother some people here :)
<TimMc> Is there yet a reasonable way for me to do wildcard DNS and SSL for a home Sandstorm server?
<TimMc> reasonable == less than $20/yr
<AZero> i used alpha ssl
<AZero> but not that cheap
<AZero> something I considered but did not pursue was the cloudflare wildcard option. I am not sure if it will work though
planetguy has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
<TimMc> ugh, cloudflare
<TimMc> I don't like centralizing so much trust.
<AZero> I got a good deal here
<AZero> yep - just verified my confirmation, that is where I got mine
<TimMc> I wonder if just-in-time Let's Encrypt cert generation would incur rate-limiting for a home Sandstorm server that only has a handful of users.
<TimMc> 20 per week, ouch
FredFredFred_ has joined #sandstorm
<AZero> yeah - I never even thought of that
<AZero> I have a gigabit connection
<AZero> and not very many users
<AZero> like maybe 4 lol
FredFredFred has quit [Ping timeout: 245 seconds]
<AZero> probably something to consider down the line
<TimMc> oooh... *unless* sandstorm pregenerated those grain subdomains... do they need to be secret? could it just put up a batch of 100 subdomains as Subject Alternative Names?
<TimMc> then you can do 2000 grains per week
<TimMc> kentonv: ^ pls :-)
<AZero> someone more familiar will have to tell you, no idea
<TimMc> crud: "Sandstorm not only hosts each grain at a separate origin, but actually creates a new origin for every session. That is, every time a user opens a document, it is hosted at a new one-off cryptographically-random hostname which expires shortly after the document is closed."
<TimMc> So your users would only be able to open 2000 grains per week.
<AZero> how many grains do you need?? that seems like a lot
<TimMc> Well, if you keep grains open, not so many, but if you repeatedly open a grain, each session would count towards that limit.
<AZero> oic, so 2000 sessions per week
<TimMc> Even just hitting refresh on a grain creates a new session.
<AZero> but the old one goes away and probably can be used
<AZero> so probably 2000 simultaneous
<TimMc> Yes, the old session is still active for a while, I can confirm that.
<TimMc> Sandstorm would never reuse the subdomain, though.
<TimMc> FSVO "never"
<HeyItsMeUrIRC> anyone have an spk of this? https://github.com/zenhack/irc-idler
<HeyItsMeUrIRC> can't package it atm
<HeyItsMeUrIRC> I'll take that as a no
HeyItsMeUrIRC has quit [Remote host closed the connection]
Jan\ has quit [Ping timeout: 240 seconds]
<johndoe123[m]> Hello again :)
Jan\ has joined #sandstorm
<johndoe123[m]> so I almost happy : I was almost able to configure the reverse proxy in https to use sandstrom
<johndoe123[m]> I have different website on my server, and I use the same self signed certificate. for one domain. But for sandstrom, should I generate a specific wildcard certificate expecially for the domain I installed sandstorm ? Or can I use the same ? (but for another domain)
<johndoe123[m]> s/different website/differents websites/
<ocdtrekkie> AZero: I am super curious if Cloudflare would solve the wildcard SSL problem. If you ever test it, please tell us.
<ocdtrekkie> TimMc: Domain name system tends to end up relying on a provider somewhere. Is there something inherently at issue with Cloudflare?
<ocdtrekkie> My only beef with them is that they refuse to support standard 2FA options because they seem like they have some deal with the Authy people.
<TimMc> I don't like that they are acting as man-in-the-middle for huge portions of what would normally be end-to-end encrypted traffic.
<TimMc> A single point of surveillance.
<ocdtrekkie> TimMc: Let's Encrypt would be a bad choice because it hurts the security of your Sandstorm grains some, because then a public list is being generated of what subdomains your grains are at.
<TimMc> *nod*
<ocdtrekkie> There are other protections in Sandstorm, so people couldn't just open your grains with that info, but it's potentially problematic.
<TimMc> Not only that, but with the pregeneration + SAN option, a user of one grain could see the other domains.
<ocdtrekkie> I do have the link to the SPK of IRC Idler, but he left channel only a few minutes after asking. :/ He'll be back, I guess.
<ocdtrekkie> johndoe123[m]: If your cert is for *.foo.com and you installed Sandstorm on *.bar.com you probably want a cert for where you have Sandstorm installed. I suppose it's up to your browser on how irritating it is to bypass "wrong certificate" warnings.
dwrensha has quit [Quit: leaving]
<ocdtrekkie> TimMc: I believe you need a cookie provided by the Sandstorm shell to open a grain.
<ocdtrekkie> Just knowing the subdomain of a grain is not enough to open it.
<TimMc> Sure. I was thinking more about the XSRF and clickjacking attacks that are mentioned in the Sandstorm docs where it discusses random grain origins.
<johndoe123[m]> ocdtrekkie: it's only because it display me the error message : "WARNING: This server seems to have its WILDCARD_HOST misconfigured. Until you fix it, you will not be able to use any apps. You can read more info in the Sandstorm docs and in your browser's Javascript console. You'll need to adjust DNS, SSL/TLS certificates, or edit the sandstorm.conf file. If you see no information in the JS console, or wish to test
<johndoe123[m]> if you have fixed the problem, reload this page to re-run the test. If you're still having problems, please file an issue."
<johndoe123[m]> up to now, I was able to use the others website without having to change anything, I was using the same self signed certificate
<johndoe123[m]> and I was only addng an exception in my browser. But, indeed, now it seams not enough
<johndoe123[m]> TimMc: tanks for the link
<kentonv> johndoe123[m], there's a trick you can use
<TimMc> Hmm, what link?