jadewang has quit [Remote host closed the connection]
jadewang has joined #sandstorm
mort___1 has joined #sandstorm
mort___ has quit [Read error: Connection reset by peer]
mort___ has joined #sandstorm
mort___1 has quit [Read error: Connection reset by peer]
mort___1 has joined #sandstorm
mort___ has quit [Read error: Connection reset by peer]
bb010g has joined #sandstorm
mort___1 has quit [Read error: Connection reset by peer]
ArcTanSusan has joined #sandstorm
mort___ has joined #sandstorm
ArcTanSusan has quit [Quit: ArcTanSusan]
jadewang has quit [Remote host closed the connection]
paroneayea has quit [Ping timeout: 255 seconds]
paroneay` has joined #sandstorm
mort___ has quit [Read error: Connection reset by peer]
mort___ has joined #sandstorm
paroneay` is now known as paroneayea
paroneayea has quit [Changing host]
paroneayea has joined #sandstorm
jadewang has joined #sandstorm
mort___ has quit [Read error: Connection reset by peer]
mort___1 has joined #sandstorm
posix4e has joined #sandstorm
<posix4e>
sandstorm/supervisor.c++:1130: warning: ip_tables kernel module not loaded; cannot set up transparent network forwarding. woops!
gopar has quit [Quit: Leaving]
ArcTanSusan has joined #sandstorm
mort___ has joined #sandstorm
mort___1 has quit [Read error: Connection reset by peer]
<kentonv>
posix4e: none of our current apps use that, but if you're writing one that does, then yeah, you'll need to modprobe ip_tables
ArcTanSusan has quit [Quit: ArcTanSusan]
mort___ has left #sandstorm [#sandstorm]
erikoeurch has joined #sandstorm
<posix4e>
kentonv: just in my mediagoblin logs
joshbuddy has joined #sandstorm
erikoeurch has quit [Ping timeout: 252 seconds]
mort___ has joined #sandstorm
darius has quit [Ping timeout: 255 seconds]
mort___ has quit [Quit: Leaving.]
mort___ has joined #sandstorm
mort___ has quit [Quit: Leaving.]
mort___ has joined #sandstorm
eloib_ has quit [Ping timeout: 255 seconds]
mort___ has quit [Ping timeout: 276 seconds]
jadewang has quit [Remote host closed the connection]
eloib_ has joined #sandstorm
joshbuddy has quit [Quit: joshbuddy]
paulproteus has quit [Ping timeout: 256 seconds]
garrison has quit [Ping timeout: 256 seconds]
paulproteus has joined #sandstorm
garrison has joined #sandstorm
garrison has quit [Changing host]
garrison has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 276 seconds]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 276 seconds]
mort___ has joined #sandstorm
mort___ has quit [Ping timeout: 255 seconds]
dwrensha has joined #sandstorm
dwrensha has quit [Ping timeout: 245 seconds]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 265 seconds]
mort___ has joined #sandstorm
amyers has joined #sandstorm
amyers has quit [Remote host closed the connection]
amyers has joined #sandstorm
decipherstatic has quit [Remote host closed the connection]
erikoeurch has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 264 seconds]
mort___ has quit [Quit: Leaving.]
mort___1 has joined #sandstorm
mort___1 has quit [Read error: Connection reset by peer]
jadewang has joined #sandstorm
mort___ has joined #sandstorm
mort___ has quit [Read error: Connection reset by peer]
mort___ has joined #sandstorm
jadewang has quit [Ping timeout: 258 seconds]
mort___ has quit [Client Quit]
natea has quit [Quit: natea]
<erikoeurch>
beta still on track for release this week?
natea has joined #sandstorm
asmyers has joined #sandstorm
amyers has quit [Ping timeout: 244 seconds]
darius has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 258 seconds]
asmyers has quit [Ping timeout: 276 seconds]
<posix4e>
too bad I can't control nginx forwarding from sandstorm
joshbuddy has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 244 seconds]
asmyers has joined #sandstorm
dwrensha has joined #sandstorm
jadewang has joined #sandstorm
asmyers has quit [Ping timeout: 244 seconds]
* paulproteus
waves
<paulproteus>
posix4e: What sorts of nginx forwarding are you looking to control?
<paulproteus>
And/or what are you trying to do? Trying to make sure I understand people's use cases for Sandstorm.
<kentonv>
erikoeurch: Yes, if you count tomorrow.
<posix4e>
paulproteus: might be a way to do it. But imagine I setup a wordpress and i'm using my own domain (foo.com). I buy and ssl cert for foo.com and setup ngnix forwarding. What would be cool is setup bar.foo.com to point to one sandstorm (grain is that the right word?) and a baz.foo.com another without having to edit ngnix.conf
<posix4e>
paulproteus: In general i'm curious of how to manage the non js resources
<posix4e>
Basically the node server just gets a tcp connection to the actual client
<erikoeurch>
kentonv: sure, tomorrow counts! Weekend means more spare time to play around with it anyway :-)
<paulproteus>
I used to use a Quassel Android client until a mini server catastrophe made me slightly IRC homeless.
<posix4e>
*nod
<posix4e>
I wonder, I can obviously run weechat from a screen seession on that machine
<posix4e>
But is that really the sandstorm way?
<posix4e>
I have only really used sandstorm to run node apps and it's built in infra
<kentonv>
erikoeurch: note we'll start by inviting only the "mega instance" buyers from the indiegogo campaign, followed later by large, ..., preorderers, ...
<paulproteus>
i,i mega.com
<kentonv>
erikoeurch: the whole process could take a month or two, depending on how many problems we encounter
<paulproteus>
(oh wait mega.com isn't what I thought it was, but is amusing in its own way)
<paulproteus>
anyway posix4e you can soon use the Sandstorm API for keeping apps alive in the background.
<paulproteus>
I think that actually landed while I wasn't looking.
<paulproteus>
If so, we should add it to some developer docs.
<posix4e>
yea i think that plus dns support will definetly be a big game changer
<posix4e>
OK final question
<posix4e>
or more of a statement
<paulproteus>
or more of a proclamation
<posix4e>
I've tried using the restore/backup stuff
<paulproteus>
(-;
<posix4e>
haha
<posix4e>
But putting on my super lazy hat
<paulproteus>
It'd be nice to have a mass-backup-restore operation that was part of the Sandstorm CLI perhaps.
<posix4e>
Ideally I could make snapshotting to a local mount(like nfs) or to s3 or to something for the entire machine, or a group of machines would be huge
<posix4e>
haha
<posix4e>
you beat me to it
<posix4e>
it would do a lot for cloud freedom
<posix4e>
if you could just move between different infra trivially
<paulproteus>
Doubly so since your Sandcats domain would follow you, actually...
<erikoeurch>
kentonv: right, then I guess it's not quite time to get excited yet
<paulproteus>
So FWIW the things needed for this are (a) stop Sandstorm (b) tar up Sandstorm (c) untar it in the new place (d) something something init scripts
<kentonv>
erikoeurch: sorry. :(
<posix4e>
paulproteus: does that work. Because if that's documented somewhere it's totally doable
<posix4e>
that's the level of simplicity that's fine for v1
<paulproteus>
Yeah, that should work fine. I'd like to have a better story for (d)
<kentonv>
paulproteus posix4e: I think mass backup built on the existing per-grain zipping is more useful
<posix4e>
kentonv: I agree that may be fine
<posix4e>
kentonv: but it didn't work when i tried it
<kentonv>
backing up the whole FS is something any outside tool can do easily enough
<erikoeurch>
kentonv: no worries!
<posix4e>
kentonv: I'm talking less tools and more docs
<posix4e>
kentonv: although a tool is fine
<kentonv>
meanwhile per-grain backups allow, say, recovering from a semi-borked sandstorm install, or something
<paulproteus>
Yeah, exactly. I think telling people "It's in alpha, and here's how you can backup/restore/move a Sandstorm, if you have a shell on it" is a good idea.
<paulproteus>
"Obviously" posix4e you should test this out, and then add a note to the wiki page.
<posix4e>
yea totally down, migration can be manual
<posix4e>
replication is also interesting
<posix4e>
although then you are playing the game that the persistence layer should be playing
<kentonv>
I do think we should have an API where an app can obtain encrypted backup zips of all your other apps, in order to, say, upload them to a cloud backup service
<paulproteus>
/usr/bin/yes
<posix4e>
kentonv: following up on that idea
<posix4e>
kentonv: at the risk of feature creep, if you could just give the interface a s3 or file location or something
<posix4e>
kentonv: and it does regular snapshots
<paulproteus>
posix4e: Yeah, I would love to see that.
<posix4e>
kentonv: that's the type of thing ops guys would pay for btw
<posix4e>
so there might be value in not making it all public
bb010g has quit [Quit: Connection closed for inactivity]
<posix4e>
not to be a facist
<posix4e>
but there's some set of features in the ops space where it's easy to sell software
<kentonv>
posix4e: that's exactly what you could build as an app on this API
<posix4e>
kentonv: right
<posix4e>
yep
<kentonv>
meanwhile we'll also build an app that uploads to a server counterpart which is also an app on some other Sandstorm server. :)
<kentonv>
like, say, our managed hosting service
<posix4e>
*nod
<posix4e>
So just to double around
<posix4e>
if i stop sandstorm
<paulproteus>
sudo service sandstorm stop
<posix4e>
and find /opt/standstorm | cpio -vpdum /dst i should be ok?
<paulproteus>
Uh wow huh I don't remember cpio flags
<posix4e>
err
<posix4e>
if i stop
<posix4e>
and cp -a to from
<erikoeurch>
kentonv: would it be complicated to get a distributed chat application running on Sandstorm? That is, instances running on different servers (well, grains)
<posix4e>
from /opt/sandstorm i'm good?
<paulproteus>
Yeah, that should be fine, posix4e.
<paulproteus>
"Obviously" you should try it by doing
<paulproteus>
Apparently rsync is noticeably faster, go figure.
<paulproteus>
But then again a commenter is shocked by this claim.
<kentonv>
note that whatever you're using, if your server is installed to start as root, you'll need to preserve permissions
<paulproteus>
Also is posix4e a shorthand for "POSIX for enterprise"? That's how I always read it.
<kentonv>
I read it as POSIX standard version 4e, or maybe article/rule 4(e)
<posix4e>
started with my nickname as posix3 actually
<posix4e>
then i did some work on the posix4 spec
<posix4e>
err
<posix4e>
wow
<posix4e>
that's not true
<posix4e>
implementing posix4 spec
<posix4e>
it was super buggy
<posix4e>
got so many complaints that the email i created to track it
<posix4e>
became my nic
<erikoeurch>
seems awful to be reminded of that everytime you send a message :)
<posix4e>
but i'm so lazy and change is hard. I roll with about 4 nics on the internet
<posix4e>
anyway
<posix4e>
but the posix4 stuff is all of the aio functions
<posix4e>
which to be honest, i'm very meh on
<posix4e>
But i'm meh on posix anyway. It's had its days(30 years) and it's in the way nowadays
<posix4e>
not that having posix is bad, but locking all storage into that paradigm forever is holding us back. It also makes room for crap tech like hcfs (hadoop compat filesystem) I should mention embaressingly i put a lot of code into hadoop
<posix4e>
as i used to work at cloudera, that whole project is so bad
<posix4e>
don't take it as criticism i just wanna be able to parrot your reasons
<posix4e>
was going to say you missed the message queues, but now i see the comment
<posix4e>
is that somthing you want a patch for?
<posix4e>
I mean stupid question, but should applications really even be doing shm calls?
brotheroddball has joined #sandstorm
<paulproteus>
Howdy brotheroddball
<brotheroddball>
Hello
<brotheroddball>
I have some questions about the paid hosting. My only real experience is with shared hosting, so I'm wondering about how to move all of my stuff over.
<paulproteus>
To some extent, the migration story is a bit of a work in progress. Also I'm in a meeting so I might be slow to respond.
<paulproteus>
But it varies app by app.
<maurer>
posix4e: I dunno the reason they made their decision, but given that capnproto is _already_ asynchronous, what do you need aio for?
<posix4e>
brotheroddball: i just wrote something up
<maurer>
(my understanding is that they are trying to only expose the world to you via capnproto)
<brotheroddball>
All right, cool. I'm not too worried about migrating apps. I'm using Ghost and WordPress for a couple of things. One static one-page site. But I was wondering about add-on domains.
<brotheroddball>
Can I direct more than one to my account, or to to different apps?
<patrickod>
been curious to try out sandstorm for a while, figured I'd lurk a bit to begin with :)
<patrickod>
thinking about maybe using it for some noisebridge infrastructure
<paulproteus>
Awesome patrickod
<paulproteus>
I'm in a meeting or else would love to chat more, but anyway I'm that Asheesh fellow who emailed noisebridge-discuss. Consider coming to the meetup in a week (-:
<patrickod>
my understanding is that sandstorm handles app auth?
<paulproteus>
Ya
<patrickod>
interdasting, wonder how I could migrate the existing wiki accounts we have.
<patrickod>
unsure if I'll make it to the meetup w/ 5mof, but I'd love to chat to you about it some more :)
<patrickod>
go do $meeting things, I'll be lurking !
joshbuddy has quit [Quit: joshbuddy]
joshbuddy has joined #sandstorm
<brotheroddball>
All right, cool. That's good info. I've been looking for scalable, decentralized, well-priced hosting with one-click app installs.
<brotheroddball>
For Node apps and the like.
<brotheroddball>
I'm what you might call a "professional muddler" who doesn't believe that you should have to use the command line to install a CMS. :P
<brotheroddball>
At the same time, I wanna use the new stuff, so Sandstorm looks very interesting to me.
darius has quit [Ping timeout: 264 seconds]
<posix4e>
brotheroddball: I feel ya. I am new to sandstorm but i quickly have moved everything over. It's a big win for a lot of things but things are about to get much better
<posix4e>
brotheroddball: right now it seems as though we still have some limitations based on some apis not being made. Once those gaps are filled, it'll be a big game changer for not just indiweb.
<posix4e>
Soon to come apis
<brotheroddball>
Here's to moderate user-friendliness and leaving old models behind.
<posix4e>
and the other thing that you'll soon discover is that the sandstorm guys are doing old things in a new way that has hard to really grok benefits
<posix4e>
it's almost a form of trickery, but when the sandstorm api gets built out, the stuff under the hood is going to provide a powerful advantage
<posix4e>
i mean, as far as I can tell half the sandstorm guys are systems guys
<brotheroddball>
The only reason I don't automatically hate Node is because I played with Linux and the CLI a lot as a teenager. I'll probably never see this stuff. (Imagine if I'd had a normal childhood, with friends and stuff.)
<dwrensha>
posix4e: amluto is the expert on the seccomp stuff
<posix4e>
What do we think about vt instruction based process isolation ala (dune,libix) does javascript and traditional containers solve the problem. Or does clear linux and folks have a point?
brotheroddball has quit [Quit: Page closed]
<kentonv>
clear linux is possibly interesting as a way to implement a higher-security sandbox for apps deemed suspicious
<posix4e>
I mean, it provides kernel isolation right?
<posix4e>
Which you guys kinda already do
<posix4e>
to some extent i guess
<posix4e>
Might have an advantage where you are worried about side channels
<kentonv>
clear containers actually have guest kernels, as I understand it
<posix4e>
dax is worth knowing about, if only because it looks like nvdimms are going to be a thing
<posix4e>
whats old is new
<kentonv>
but basically it sounded like they got the overhead of VMs down low enough that we could consider using it, though we'd still want to use Linux containers (shared kernel) for most things
<posix4e>
So in clear linux, it's not that you don't have multiple kernels it's that they mostly can share memory (when they are the same)
<posix4e>
Arguably what's more interesting to me is libix/dune/arrakis
<posix4e>
I think kernel is a bad place for user facing io abstractions. It needs to get out of the way
<kentonv>
I'm not familiar with these
<kentonv>
and googling isn't working very well
<posix4e>
it was osdi winner in 2014
<posix4e>
one sec
<paulproteus>
Dune and libix are fascinating. Dune seems like it can't work on e.g. Google Compute Engine, though, since I don't get access to VT instructions there, as far as I can tell.
<posix4e>
They had to work with providers to build amazon and google vms which used some of that stuff. I haven't really looked into this in detail I just know the people.
<posix4e>
Yea
<zarvox>
Azul Systems is pretty cool.
<posix4e>
they are a garbage colelctor company
<kentonv>
I sort of feel like we have to use dune just because of the name.
<posix4e>
but the way that zing works is crazy!
<zarvox>
I have a friend/colleague from Berkeley who works there.
<posix4e>
phil?
<posix4e>
i know gil
<zarvox>
Yeah, the C4 paper is pretty awesome
<paulproteus>
kentonv: You're going to make everyone stare at me to find out why I'm chortling on this Caltrain.
<zarvox>
Yeah, Philip Reames!
<posix4e>
good guy
<zarvox>
indeed :)
<paulproteus>
patrickod: FWIW, Sandstorm's current MediaWiki package is best-suited to a private wiki, where only pre-selected people can edit, rather than the Noisewiki way of a publicly-editable wiki.
<posix4e>
kentonv: it's academic. We learned some good lessons. I think the other one is the work out of pdos http://pdos.csail.mit.edu/multicore/ if we wanna do better than linux
<posix4e>
we need to do these types of things
<paulproteus>
Sandstorm is best-suited to apps where you can have a sense of who is allowed to use them; for example, a Slack clone running on a Sandstorm for Noisebridge could be a great fit.
<paulproteus>
The WordPress package for Sandstorm doesn't allow comments, but has the upside that it publishes a static HTML snapshot, which means no one has to run racing to do upgrades, since the anonymous world can't interact with the WordPress PHP.