<paulproteus>
"[PATCH v2 00/14] x86: Rewrite exit-to-userspace code" by Andy Lutomirski
<paulproteus>
The most interesting line is the first one, imho: This is the first big batch of x86 asm-to-C conversion patches.
posix4e has joined #sandstorm
<posix4e>
Man I wish you guys weren't linux only. It's so hard to keep my linux box from getting hacked
<posix4e>
with all this damn linux 0day
colinsullivan has joined #sandstorm
<posix4e>
colinsullivan: hey duder
<colinsullivan>
hai
<colinsullivan>
Hey all, a question about workflow for running Wordpress on sandstorm:
<colinsullivan>
Previously when running Wordpress, I have edited the theme in a git repo, then push these files to the production server. Is there a recommended workflow for updating a Wordpress theme when running in the context of Sandstorm?
<posix4e>
paulproteus: btw colin is helping me with the wordpress we wanna blog about
<paulproteus>
I like that their "Look we're better than everyone" icons are one at a time and show just a sentence or two.
<paulproteus>
(In the "Unparalleled scalability" etc. underneath the main header)
<posix4e>
Interresting where's the source?
<paulproteus>
It's proprietary ho ho ho merry Christmas
<posix4e>
wow, so my wallet disappeared thought nothing of it. Then I noticed my irc server got hacked. I called ib to cancel my login token and the guy was all like you are logged in. I'm all NO I AM NOT OMG
<posix4e>
Was about 5 minutes from loosing my life savings
<posix4e>
*losing
<paulproteus>
posix4e: Oh wow.
<posix4e>
That's the annoying thing about sandstorm, i really h8 linux. A lot
<posix4e>
i'd love to host this stuff on openbsd
<posix4e>
but i'm old
<posix4e>
so
<posix4e>
*shrug
<paulproteus>
: D
joshbuddy has quit [Quit: joshbuddy]
joshbuddy has joined #sandstorm
amyers has quit [Ping timeout: 265 seconds]
NwS has joined #sandstorm
natea has quit [Quit: natea]
<ocdtrekkie>
I gave Mailpile $23 so I can vote to tell them not to GPL.
<ocdtrekkie>
I think this is hitting a new bar for opinionated Interneting.
<paulproteus>
So I guess we really should write up a "Docker vs. Sandstorm" blog post in more depth.
<paulproteus>
Other: "I think it makes it easy to run useful web applications on your server, not to run the server itself.
<paulproteus>
"
<paulproteus>
"I guess I might think of the hardware rather than the software"
<keturn>
initial reaction to loading the web page: "it's a kitty!"
<paulproteus>
Note that it says "Designed for Humans" even though that makes me personally barf because that seems to be popular elsewhere and I'm losing the barfwar or however that works.
<paulproteus>
So anyway, I'm curious if others have that feeling. If we're all lucky, I'm the only one who feels this way.
<paulproteus>
: D
<paulproteus>
(besides, "Secure by Default" makes me think "OK, these people are people I can live with.")
<keturn>
barfwar ... I mean it's hard to put a good media campaign on a barfwar
<keturn>
people looking dashing in uniform, explosions, big engines of destruction; those all can be made attractive. but barfing?
<paulproteus>
Arguably we should mention the dyndns stuff on the front page somehow/somewhere, kentonv.
<paulproteus>
"I also think that "install apps like" should be followed by what the apps do, rather than the names of them. Many users may not have heard of them."
<paulproteus>
Interesting point, friend of mine in another channel.
<paulproteus>
Could be a reason to replace the names of the apps with the purposes of the apps, even if we still link to the app's site.
<keturn>
yeah, those aren't human-words
<paulproteus>
"Install apps like EtherCalc, GitLab, Etherpad, LibreBoard,
<paulproteus>
erm, didn't mean to paste that _quite_ yet.
<paulproteus>
"Use your server to create spreadsheets, code hosting, text documents, project plans, and more as easily as you'd install apps on your phone."
<ocdtrekkie>
Red button is an improvement for sure.
<paulproteus>
"wow, if even ocdtrekkie likes it"
<ocdtrekkie>
60-second demo is a nice way to put it. Doesnt overpromise either, even though you can do it in ten.
<ocdtrekkie>
I tend to get a reputation for criticism. ;) I only criticize because I care.
erikoeurch has quit [Ping timeout: 255 seconds]
<keturn>
I'd missed the fact that you've ... what is the verb for when something is sandstorm-enabled ...
<keturn>
but that thing, you did with Wave
<paulproteus>
Porting
<paulproteus>
"Packaging" is the thing where you make it distributable. "Porting" is related code changes.
<XgF>
paulproteus: The Linux syscall handling code scares the crap out of me
<XgF>
It does SOOOOO MUCH STUFF and I don't understand why
<XgF>
Linux syscalls have ridiculous overhead beyond that imposed by the hardware too
<paulproteus>
"60 second demo" "set an expectation of a quick whiz through the features", so OK, I should get on that I guess!
<XgF>
Like on x86_64 getpid() takes something like 1000 cycles, and being very charitable to Linux I can only account for ~250 of those
<XgF>
(100: syscall+sysret, 50: swapgs and other x86_64 bullshit, 50: dispatching crap & seeing if you need to do special stuff, 50: more than enough to chase down the process struct)
joshbuddy has quit [Quit: joshbuddy]
<paulproteus>
elsewhere
<paulproteus>
21:49 < simonft> paulproteus: omg, will this form actually get me sent cat stickers?
<phildini>
I mean... I really like trello? what am I supposed to be looking at and liking?
<kentonv>
pretty much the list of things trello business class offers are the list of things we plan to offer in the Sandstorm enterprise product.
<paulproteus>
It reminds me phildini of our conversation a little bit ago about the importance of user management.
<phildini>
oh! If those are the enterprise features you're planning to roll out, especially around user permissions, mega +1
<phildini>
possibly, and I know this is shocking, +2!
<ocdtrekkie>
simonft: Can confirm.
nickmeharry has quit [Quit: Lost terminal]
warren has joined #sandstorm
<zarvox>
paulproteus: #3 "Deactivate users" seems like a decent answer to the "what happens when someone leaves the company?" question
<warren>
kentonv: Sandstorm looks pretty cool, only problem was after sent the link to our security infra guy, he blew up when he saw curl piped into shell. =)
<paulproteus>
This is excellent nerd-sniping for kentonv because now he will ask you what exactly about it is less secure than intalling from a package.
<kentonv>
sigh
<kentonv>
there is no real, practical problem with curl | sh, but there is a huge array of imagined problems.
<kentonv>
(assuming HTTPS, at least)
<paulproteus>
Anyway, we'll have some GPG signed tags and maybe some debs and RPMs.
<zarvox>
Also we should do a keysigning, to get kentonv into the strong set.
<warren>
kentonv: you put all this effort into making the product ultra-secure, only to have the first step be sadly insecure. I agree keeping that easy one command install option is fine. Just add a fully verified documented install method below it.
<kentonv>
warren: it's not insecure.
<kentonv>
not any more so that most package managers
<warren>
<gmaxwell> paulproteus: doesn't leave a transferable proof. I can claim sandstorm rooted me, but no one knows.
<warren>
<gmaxwell> (and of course, HTTPS security is basically paper thin, since anyone that can MITM the server towards the internet can get a valid cert)
<warren>
<gmaxwell> (not that GPG is unicorns and rainbows)
<warren>
<gmaxwell> but regardless, it's bad optics, the install instructions look like they're by crazy people who don't know or care about security; which isn't an accurate or good impression.
<warren>
<gmaxwell> (as evidence by the fact that warren says that our companies IT security guy blew up at it. :P )
<paulproteus>
Yeah, I'm pretty seriously +1 that it's at very least an optics problem.
<kentonv>
I'm willing to accept that it's an optics problem.
<warren>
Keep it and add fully a verified nerd method below it. problem solved.
<kentonv>
install.sh is available on github...
<kentonv>
should we just link to that?
<warren>
dude chill, it'll be fine with instructions below the easy install that say "git clone that" "gpg verify this tag" and "run this ..."
<kentonv>
oh uh sorry, I am not angry or anything
<kentonv>
I'm just commenting
<kentonv>
like there was no sarcasm there, it was a serious question
<kentonv>
I guess tone is hard to read over IRC. Sorry.
<warren>
oh my mistake too
<warren>
Are you folks all in the SF Bay Area?
<maurer>
In terms of deployments, if you want to play with ~new technology~ you could examine nixops
<kentonv>
yes, our office is in Palo Alto
<maurer>
It'd be pretty easy to package sandstorm with nixops
<warren>
kentonv: cool, I move to the area Monday to work at a MTV startup
<maurer>
kentonv: I know for a fact that you aren't all there though :P
<paulproteus>
Though drenshaw is based in Pittsburgh.
<zarvox>
just out of curiosity, is "gpg verify this tag against this key that's documented in the same place as the source you're retrieving" actually any different from "just trust this on first use", if you don't do the web-of-trust thing?
<warren>
zarvox: nerds can verify the key has a GPG signed path through people they know
<maurer>
zarvox: not fundamentally, but a lot of external package management systems give the ability to put the exact key for the repo and such
<maurer>
warren: Very very very few people will have the ability to do that
<maurer>
warren: and I say that as a person who has a GPG key signed by ~20-30 people
<zarvox>
Yeah, I'm in the strong set, and can do this. I just don't see people other than like Tor or Bitcoin devs actually caring. Or are you in one of those sets?
<kentonv>
I suppose we could have a link like "fully-verified secure install for nerds" (does "for nerds" sound affectionate or insulting?), and then we can explain how to verify starting from my GPG key as listed on keybase.io...
<zarvox>
(not that we shouldn't support it for those folks! they're great too!)
<paulproteus>
It's OK, the few that are in that set are in it bascially because we care.
natea has joined #sandstorm
<maurer>
kentonv: I think that for nerds has become affectionate, but iono
<paulproteus>
"if you're extra security-conscious"
<maurer>
Someday I should bother to get into the strong set
<kentonv>
(another is "I don't know if you're competent to write good shell scripts")
<warren>
kentonv: aside from verifying gpg tags of your own repo, the scripts in that repo shouldn't blindly grab and execute things from other URL's.
<maurer>
Also, evidently good I signed my ex-gf's key, it's my only path to asheesh (!)
<paulproteus>
Things I never thought I'd red.
<paulproteus>
read.
<paulproteus>
OK now I need to make the demo more demo-y
<maurer>
(fair warning though, I am not really a superpro with sandstorm - I'm a user in the worst sense of the word. The only real reason I'm here is that I'm a coder who uses capnproto)
<warren>
kentonv: https://github.com/bitcoin/bitcoin/pull/3191 super simple way ... after you grab things from elsewhere, echo "2a9eb3cd4e8b114eb9179c0d3884d61658e7d8e8bf4984798a5f5bd48e325ebe openssl-1.0.1c.tar.gz" | sha256sum -c
<maurer>
(so I may not be the best way to judge sandstorm users)
<kentonv>
warren: Sure but where do we present that hash?
<warren>
kentonv: it's just in the scripts that grab stuff from elsewhere, where you error out if it fails
<warren>
you could wrap it with a "download" script, you run it like "download FILENAME HASH", and the download script tries/retries an entire mirror list, checks the hash and succeeds/fails
<zarvox>
that might not be totally compatible with the "release channels" concept
<warren>
I didn't look at how your install stuff works yet
<warren>
but you get the idea
<zarvox>
though I guess you could embed every release tarball's shasum in the installer script, and keep appending?
<kentonv>
yeah I can design something, just that it's going to take some work to support a complete verification path from PGP, and also support updates
<zarvox>
I guess you'd also have to update the install script on every release.
<warren>
that's entirely reasonable to do
<zarvox>
"but how do you know the shasum until you've tagged the release?" ;)
<warren>
For things you tag yourself, you verify the GPG signed tag
<ocdtrekkie>
Realistically isn't the only way to totally ensure something is safe is to read all of the code yourself and understand it, and then build it yourself?
<ocdtrekkie>
Assuming you have the requisite skill.
<warren>
What I'm describing is how you ensure the sandstorm users actually install what you expected them to install.
<warren>
auditing what they install is a separate problem
<zarvox>
For the GPG-signed tags, I suppose that would require that the installer depend on GPG being installed, and bootstrapping trust in the asymmetric key...somehow.
<warren>
Asheesh blessing the key is all the nerd cred I care about.
* paulproteus
chuckles.
<warren>
paulproteus: btw, I'm organizing a coalition of security conscious companies who are interested in joint funding a fully self-hosted, FOSS replacement for Slack. A number of them are concerned about Slack's previous security disasters where logs were stolen ...
<warren>
That'd be a pretty powerful thing to have in Sandstorm's toolkit too.
<ocdtrekkie>
++ that
<ocdtrekkie>
Sandstorm has Let's Chat now, which I think is similar.
<warren>
Aside from needing to find more funding coalition members, I also need to find qualified firms to implement it.
<paulproteus>
warren: What you're describing sounds pretty Sandstorm-y.
<zarvox>
There's another Slack clone in Meteor while we're at it.
<warren>
ocdtrekkie: let's chat needs a lot of work
<paulproteus>
If Sandstorm handles the access control, then you might not need as much hardening at the app level.
<ocdtrekkie>
LOL
<warren>
http://getkaiwa.com/ This shows a lot of promise too ... interestingly their git history begins around the time Slack was last hacked.
<kentonv>
ok, so basic idea we've outlined: (1) binary packages are signed using ed25519 for verifying updates, (2) install.sh contains and checks the hash of the package it plans to download (we update install.sh for each release), (3) we publish a signature of each install.sh using our GPG keys which can be verified by WoT via the "verified install for nerds" link.
<warren>
sounds like a good outline, I'd be happy to suggest tweaks after you have it up.
joshbuddy has joined #sandstorm
<kentonv>
now the question is how to prioritize this. It's probably a couple days of work and we have a lot going on.
<warren>
Sadly what's needed to fully replace Slack is more than just the web app. We also need to develop the replacement clients for Android and iOS.
<warren>
kentonv: I didn't ask to rush anything, it'll be good to morph toward that in the next 3 months
<paulproteus>
Yeah warren, Kaiwa is super interesting.
<warren>
paulproteus: it is also super basic right now, and a pain to setup
<paulproteus>
To make it work on Sandstorm, it would presumably need an XMPP driver in Sandstorm.
<warren>
It isn't clear that the XMPP backend approach that Kaiwa uses is the best. The Slack replacement coalition would need to assess if any existing solution should be improved, or something should be written to spec.
<paulproteus>
Yeah.
<warren>
I should create a codeword for "Slack replacement coalition"
<warren>
Caribou?
<paulproteus>
I _swear_ that was the last codeword I heard people using.
<paulproteus>
I forget what it referred to!
<warren>
(Bitcoin)
<paulproteus>
foreheadslap
<paulproteus>
I'm semi-inclined to say, rather than having a coalition, you should "just" find two vendors, and tell them to both make Slack clones and get them into the for-pay Sandstorm app marketplace (although they're FOSS) and sell to these companies.
<paulproteus>
However, the for-pay Sandstorm app marketplace does not yet exist.
<ocdtrekkie>
warren: With so much mobile work to do, it'd seem sane to me to pick the web app that needs the least overhauling, do that, save effort on reinventing the wheel, and focus on what's missing.
<paulproteus>
We do plan to make it the Sandstorm for-pay app marketplace.
<ocdtrekkie>
But I suppose that requires at least one has the basics of what you're looking for.
<warren>
ocdtrekkie: the Kaiwa approach if we decide is best might be good, because the Android app with full XMPP support is already good. Then it's a matter of making the web app not suck, and iOS.
<warren>
paulproteus: I think everyone who wants self-hosted chat wants all the same basic requirements, so they'd be willing to fund a clear goal "Give me all the features that Slack already does." no need to have two competing vendors.
<warren>
paulproteus: I'm curious to learn more about Sandstorm's plans when I'm in town. I wonder if Caribou could be a killer app that attracts lots of customers to your platform, made even more powerful with single sign-on with many other useful apps.
<paulproteus>
Yeah, I think basically we are very on board with that.
<kentonv>
+1
<warren>
I'll visit your office. Wherever that is.
<warren>
kentonv: small suggestion ... login to nickserv and get a cloak. You're security conscious company and you're telling the entire world your home IP address. =)
* XgF
likes showing off his shiny IPv6 address
<XgF>
Oh, apparently Freenode's IPv6 transport has flaked again =/
<warren>
I probably shouldn't be talking about Caribou in public channels, because there are things Slack can do to respond to this that would sabotage our ability to get coalition partner funding.
<ocdtrekkie>
warren : LibreBoard brought a ton of folks to Sandstorm.
<ocdtrekkie>
Good linkage to LibreBoard would be a cool thing too.
<warren>
Caribou would bring a ton of customers who want to replace a thing they are currently paying for.
<ocdtrekkie>
Slack and Trello are both things that totally mystify me. They store sensitive pre-public data about your products. That's among the most sensitive data a company has.
<ocdtrekkie>
Hosting it on some random startup's server is... Insane.
NwS has quit [Ping timeout: 272 seconds]
<warren>
<MAJOR COMPANY THAT HANDLES OTHER PEOPLE'S MONEY> used Slack. Slack was hacked ~February, targeting that company's logs. After the hack they continued to use Slack because there was nothing better and they felt their productivity would suffer to switch.
<warren>
Part of the problem is Slack wasn't engineered from the get go for security.
<warren>
That would have to be a Caribou requirement.
<warren>
The option to self-host it or buy SaaS is the next major improvement.
<warren>
(I heard about the hack 3rd hand, I might not know all the details.)
<warren>
Sandstorm auto-updating Caribou on <random startup's server> would be a lot better than most things that people deploy.
<ocdtrekkie>
warren: I know the existence of Microsoft, Apple, and Google teams that were not known about previously were all uncovered through simply poor design on Slack's part.
<ocdtrekkie>
Because it used to show you which teams you could request participation in just by entering an email address ending in that domain. So you type in a fake @google.com address, and see Google's Slack teams. They fixed it, but it just made me weep for the state of the industry.
<warren>
indeed
<ocdtrekkie>
One would want to assume Microsoft, Apple, and Google would all know better.
<warren>
let's create a Caribou Slack team, because it'd be super productive there. =)
<ocdtrekkie>
lol
<XgF>
ocdtrekkie: That was actually opt-in behavior of Slack!
<XgF>
I bet people didn't undertsand the implications :P
<XgF>
But yeah, putting all of this data on some random company's server confuses the hell out of me
<ocdtrekkie>
Okay, I'll just return to my Microsoft, Apple, and Google should know better point, XgF. :P
coyotebush has quit [Remote host closed the connection]
<XgF>
(I feel its' slightly better paying, say, Microsoft to host your Exchange/Lync servers, FWIW, since Microsoft should know WTF they're doing)
<warren>
lots of people would pay <trusted SaaS provider> to host their Caribou
<ocdtrekkie>
XgF: My biggest wonder, was why companies who pitch their own collaboration tools were using Slack internally. That's embarrassing.
<XgF>
I don't udnerstand what the big value proposition of Slack is FWIW
<warren>
Supposedly Slack was originally a failed video game startup's internal chat tool...
<warren>
XgF: for lots of companies it boosts productivity a lot... just one of those things you need to experience
coyotebush has joined #sandstorm
citruspi has quit [Ping timeout: 272 seconds]
<ocdtrekkie>
warren: But what makes it... not just using IRC? Or <insert chat client here>?
* warren
uses jedi mind trick.
<ocdtrekkie>
It seems like it's saying chat replaces email, basically. "emails saved" makes me lol.
<XgF>
They want me to *put my files in there*?!
<warren>
At my last two companies, with both office and remote employees, people are using it literally all day and night to collaborate.
<warren>
There's social clubs that use it heavily.
<warren>
There's open source teams that use it heavily.
<XgF>
Sure, but what does it get me that group chat/channels in <IM tool> doesn't?
<ocdtrekkie>
^^
<warren>
That's easier to understand if you experience it ...
<warren>
(i'm tired)
<XgF>
What are the additional features? File sharing?
<ocdtrekkie>
I work with CCP Games "all day and all night" via Skype. Not really "better" persay, in terms of security and hosting, but at least I know who Microsoft is.
<warren>
the user experience is very nice, search is very good, you can attach files in channels or PM's
<warren>
the unread line and sync behaves perfectly on the web client, android client and ios client
<XgF>
(It doesn't help for me that they keep on touting trheir integration with cloudy stuff like Google Docs and Dropbox which are banned by my employer)
<warren>
their business model is: 1) create a team for free! 2) oh great this is super productive 3) oh shit, I need to pay to see/search my scrollback? OK then.
<ocdtrekkie>
warren: Can you get your data out of the free version?
<XgF>
Oh, the roach motel business model!
<ocdtrekkie>
Hey, anyone remember ProBoards? "Your forums are free with banner ads, but it's $20 for your data."
<warren>
ocdtrekkie: I heard it's possible if you know where to poke manually, haven't tried myself
<XgF>
ocdtrekkie: Or ezboard before them (with the added bonus that their forum sofwtare was the world's worst)
<warren>
kentonv: btw, can you recommend a web design firm? the guys our company hired have been terrible
<XgF>
It seems like a lot of their selling point is "We are great for sharing your documents", excep we already have document management tools :-)
<kentonv>
warren: Not really. We did our own site, for better or for worse.
<warren>
kentonv: pretty nice job
<kentonv>
(hired a designer but she's now coming on full-time)
<warren>
ah
<kentonv>
thanks
natea has quit [Quit: natea]
citruspi has joined #sandstorm
<warren>
In one of my projects the users created a Slack team and suggested I join it. I refused and told them to create a self-hosted chat app.
<warren>
but I don't trust them to maintain a self-hosted app in a secure manner
<warren>
Sandstorm could solve that ...
<kentonv>
:)
<warren>
(their lead developer refusing to join their Slack team pretty much killed it)