<kentonv>
seems like the second parameter is missing, actually: ownerId
<dwrensha>
kentonv: I agree
<kentonv>
anyway this is the code path for API tokens created directly by an app, which I don't think we support anymore, right?
<kentonv>
so dead code?
<dwrensha>
I'm not sure that we decided to drop support for such tokens
<dwrensha>
though I wouldn't be too sad to see them go
<dwrensha>
as I remember it, the thing that I changed is how permissions work with them
<kentonv>
I'm pretty sure I decided that they are a violation of our confinement goals (allows the app to leak a capability to itself as bits)
<paulproteus>
I'm vaguely +1 on removing anything we don't use. If we need things back, we can bring them back.
<kentonv>
and IIRC you said that you were no longer supporting them after some refactor...
<kentonv>
but anyway no one ever used them
<kentonv>
there were some potential use cases but because we decided they were problematic for confinement I think we avoided using them
<kentonv>
right this is why we created offer templates...
<dwrensha>
my recollection is that the thing I "broke" / "fixed" was that we used to trust the permissions in the userInfo directly
<kentonv>
offer templates wouldn't have been needed if we were still supporting this kind of token. :)
<dwrensha>
anyway, I'm on board with getting rid of these
<jdenz>
Here's what I've been able to do and understand up to this point in terms of trying to get my instance to load grains via SSL: http://pastebin.ubuntu.com/12259547/
<jdenz>
It successfully loads the main page, but I still can't get it to recognize the wildcards for the grains. I think the problem may be in line 40 (step #7) because it doesn't appear to be using the copied/edited openssl.cnf file to create that certificate. Am I close?
<paulproteus>
Howdy jdenz let me take a look
<paulproteus>
Huh, interesting.
<paulproteus>
The steps all look OK.
<paulproteus>
Is your nginx online somewhere?
<paulproteus>
Is it OK if I try connecting to it?
<jdenz>
Sure. I'll PM you the URL.
<paulproteus>
Thanks!
neynah has joined #sandstorm
neynah has quit [Client Quit]
simonv3 has quit [Quit: Connection closed for inactivity]
keturn has quit [Ping timeout: 246 seconds]
keturn has joined #sandstorm
jadewang has quit [Remote host closed the connection]
<kentonv>
dwrensha: nice! Hmm I guess we need the ability to map email addresses to Sandstorm users so that you can put profile pictures on the commits...
maurer is now known as UrGilgamesh
UrGilgamesh is now known as maurer
mquandalle has quit [Quit: Connection closed for inactivity]
gopar has quit [Remote host closed the connection]
jdenz has left #sandstorm [#sandstorm]
xcombelle has joined #sandstorm
larjona has joined #sandstorm
jadewang has quit [Remote host closed the connection]
larjona has quit [Remote host closed the connection]
larjona has joined #sandstorm
mort___ has joined #sandstorm
simonv3 has quit [Quit: Connection closed for inactivity]
<paulproteus>
So excited dwrensha I clicked "Star"
<dwrensha>
huh. So apparently ./run-dev.sh exposes the meteor app on all interfaces, not just BIND_IP.
natea has joined #sandstorm
larjona has quit [Quit: Konversation terminated!]
mnutt_ has joined #sandstorm
xcombelle has quit [Remote host closed the connection]
erikoeurch has joined #sandstorm
prosody has quit [Quit: Updating details, brb]
prosody has joined #sandstorm
NOTevil has joined #sandstorm
mnutt_ has quit [Quit: mnutt_]
jeffmendoza has joined #sandstorm
jadewang has joined #sandstorm
gopar has joined #sandstorm
mnutt_ has joined #sandstorm
jadewang has quit [Remote host closed the connection]
jadewang has joined #sandstorm
* paulproteus
stretches.
neynah has joined #sandstorm
<paulproteus>
Hey neynah -- I'm in SF today, but I wanted to make sure you have everything you need from me for the user-testing stuff. So feel free to chat with me about that now (here or GChat), or tell me what time works for you.
<neynah>
Will do paulproteus :)
<paulproteus>
bd
itscassa|away has quit [Ping timeout: 264 seconds]
itscassa|away has joined #sandstorm
<paulproteus>
Hmm I have been waiting ~10 sec for a sharing link on Oasis.
<paulproteus>
OK it did actually get created.
<paulproteus>
Weird, though, I wonder why it took so long.
mnutt_ has quit [Quit: mnutt_]
<paulproteus>
Nothing remarkable in the console. OK then.
<dwrensha>
paulproteus: yeah, I've noticed such behavior too.
<dwrensha>
and testrock is giving me 500s for everything
<paulproteus>
Oh yeah huh me too.
bb010g has joined #sandstorm
<paulproteus>
I have to say, I love filing tiny pull requests.
xcombelle has joined #sandstorm
larjona has joined #sandstorm
larjona has quit [Ping timeout: 256 seconds]
<paulproteus>
rockstor.com
<paulproteus>
is a home storage appliance thing built on btrfs. Looks neat.
<dwrensha>
today I learned that btrfs can be pronounced "butter F S"
<mcpherrin>
dwrensha: I don't think it "can be"; I think it "is" pronounced that way ;)
<paulproteus>
I think "betterfs" also is acceptable, according to the faq, iirc.
<maurer>
btw, is there a good way to create a capnproto interface to a library which cannot take remote objects as arguments?
<maurer>
e.g. if I have a library that produces Foos and Bars, and Bars take Foos as arguments in some of their functions, but the way that Bars use Foos uses internal interfaces not exported, how should I bind that?
<paulproteus>
Are you going to publish this app to the app market, btw?
<paulproteus>
Also I love that the video has the old UI, by which I really mean, I'm amazed that we have this new UI.
<ocdtrekkie>
Our existing Todo app didn't make it to the new market yet/ever.
<paulproteus>
Yeah oops that's my fault.
<paulproteus>
I'll fix that tomorrow.
<ocdtrekkie>
But yeah, jeffmendoza, you should add your talk to the wiki page.
mquandalle has joined #sandstorm
todayman has quit [Ping timeout: 240 seconds]
todayman has joined #sandstorm
gopar has quit [Remote host closed the connection]
<mquandalle>
Hola
<mquandalle>
kentonv: I'm looking at the sandstorm-accounts meteor package and I wonder why you create a dummy request to `/.sandstorm-credentials` from the client instead of using directly the capnproto API on the server?
<mquandalle>
maybe the capnproto nodejs client didn't exist at the time?
<kentonv>
mquandalle: meteor-spk apps use sandstorm-http-bridge, no cap'n proto
<jeffmendoza>
paulproteus: I wasn't going to publish the todos, because the checkboxes don't save, and I don
<jeffmendoza>
don't want to make it work now
<jeffmendoza>
I do intend on publish the source when I get some time
<kentonv>
mquandalle: and in any case, there's no "get the current user" call; the credentials come in attached to the request. So a request has to be made...
<mquandalle>
you can't make any capnp calls if you use the http-bridge?!
<kentonv>
mquandalle: sure you can
<paulproteus>
jeffmendoza: Cool (-:
<kentonv>
mquandalle: sorry, your question had false premises so the answer is confusing...
<mquandalle>
kein problem
<kentonv>
mquandalle: the user ID comes in as an HTTP header
<mquandalle>
but how do you get it if you don't use http-bridge?
<kentonv>
mquandalle: the incoming capnp RPC for the HTTP request has the info
<kentonv>
mquandalle: if you use http-bridge then that RPC is handled by http-bridge
<kentonv>
but outbound calls are a different, unrelated matter
<jeffmendoza>
ocdtrekkie: updated!
<mquandalle>
ok, got it
<kentonv>
mquandalle: what I really wish is that meteor didn't obscure the headers on the incoming websocket. Otherwise I could pull the credentials from there and not have the separate weird HTTP request.
<kentonv>
which would be much cleaner
<mquandalle>
IIRC there is a undocumented method to access the raw websocket on DDP connect
<mquandalle>
(never used it, I just think I read that in the source)
<kentonv>
perhaps we could try using that
<kentonv>
dwrensha: can you review the two PRs today? I'm sort of hoping I can push out this replication thing tonight...
<kentonv>
mquandalle: yeah, IIRC I couldn't get the sandstorm headers out of that
<mquandalle>
I see some method in the source that could be overwritten to get the raw socket, but I don't see any reasonable reason to break something that is working :)