<paulproteus>
kentonv: I hope/presume you'll submit that to Hacker News.
<kentonv>
paulproteus: did. 3 points, falling of /new now, not on front page.
<paulproteus>
Interesting!
<maurer>
The main reason I dislike curl | bash is that it means that I'm running an installer executable to install the package, which means you are potentially modifying my system in ways that are not automatically reversible
<maurer>
But that falls partially under the whole "package managers" thing
<maurer>
(it also means you're much more likely to be doing things that are "portable" in the sense of running on both ubuntu _and_ debian, rather than actually portable :P)
<geofft>
i,i we got both types of Linux, Ubuntu _and_ Debian
<maurer>
It's a little frustrating, because the nix-container story is surprisily similar to the sandstorm grain story, so you'd think they'd get along
<maurer>
:P
<larjona>
hi everybody. You are saving my day today with hacker slides being packaged in sandstorm.
<larjona>
Thanks
<paulproteus>
Feel free to send a thank-you message to Jack Singleton!
<paulproteus>
larjona: Thanks for dropping by to say that. It's so great to hear.
<larjona>
I see in sandstorm, at least in hacker slides, the only "save" button is "download backup". Is it ok or am I missing something (how to save documents)?
<paulproteus>
Documents are generally auto-saved; you can get to them from your dashboard, look for an "Open" button.
<larjona>
ok, nice
<larjona>
so double thanks
mort___ has joined #sandstorm
gopar has joined #sandstorm
neynah has joined #sandstorm
mort___ has quit [Quit: Leaving.]
isd has joined #sandstorm
joshbuddy has joined #sandstorm
jadewang has quit [Remote host closed the connection]
<ckocagil>
so, for a few apps I felt the need to set USER and HOME env vars in launch.py. would it be a good idea for sandstorm to provide them by default?
<gwillen>
and someone pointed out to me that curl doesn't appear to support HSTS
<gwillen>
(as like, \epsilon worth of point against the curl|bash idiom)
<gwillen>
and I'm trying to check this but I can't seem to figure out whether it does (and I can't find where it's keeping the certifiates if it does) so I'm curious if yinz know anything about that
home has quit [Remote host closed the connection]
<zarvox>
that would only help if you're curling the same site more than once, though, right?
<zarvox>
it's still TOFU on the first download, which is the likely case for initial package install...
<gwillen>
right
<gwillen>
only worth noting because HSTS is mentioned in the blogpost
<gwillen>
but you're right, most users will be first-time anyway
<ckocagil>
why does HSTS matter if you're always using an HTTPS link?
<gwillen>
that's a good question actually
jadewang has quit [Remote host closed the connection]
<NOTevil>
I did actually redirect curl to a file and looked over it before feeding it to bash.
<kentonv>
gwillen: Does curl normally keep any state between requests, e.g. cookies?
<gwillen>
no, it doesn't keep anything as far as I can tell
<gwillen>
unless you explicitly specify a cookie jar
<gwillen>
but really since most people will be doing this for the first time and explicitly specifying https... it also doesn't seem like it makes a real difference anyway
<kentonv>
I mentioned HSTS in the blog post mostly to emphasize that we're serious about HTTPS and won't even serve HTTP if you want us to. :)
<gwillen>
right
<gwillen>
hah! *nods*
<zarvox>
(also, if you curl non-HTTPS install.sandstorm.io you get not-the-installer)
<kentonv>
yeah we scold you for that. :)
<gwillen>
hah!
<ckocagil>
of course, a victim that gets MITM'd will miss the scolding
<kentonv>
ckocagil: Of course, so hopefully they copy/paste correctly in the first place.
<kentonv>
annoyingly Twitter removes "https://" from links when it displays them
<ckocagil>
lately I've been seeing the curl|bash pattern very frequently. I wish there was a tool that ensured HTTPS and also ran the code step-by-step, showing you what gets executed
rustyrazorblade has joined #sandstorm
rustyrazorblade has quit [Client Quit]
<maurer>
kentonv: Is there a way to make an object type that cannot be produced by anyone else? I'm trying to bind an existing library as a capnproto service, and would like to not have to roll my own opaque descriptors. However, if I use a totally transparent object, there's a chance someone else will send back an object the library did not create, which can't actually be used in calls to its native functions
<maurer>
kentonv: The best idea I have thus far is to give the object a special field which is an authenticated pointer (probably hashmac) to the internal object
<maurer>
so while it could in theory send a capability manufactured elsewhere, it'd still need to have an internal reference to the library
<maurer>
(field would basically be pointer + hashmac(pointer ++ object type)
<kentonv>
maurer: Yeah, if you want this to be secure, you need to do some sort of crypto. Cap'n Proto currently doesn't do any crypto.
<kentonv>
oh hmm
<kentonv>
you're talking about capabilities, not value types
<kentonv>
is that right?
<maurer>
Yes
<kentonv>
you can verify that a capability points locally and unwrap it.
<maurer>
I basically just want to say "When I ask for a Foo in this function, I mean local Foos only, nothing else will do"
<maurer>
Oh, cool
<maurer>
yeah, that would be sufficient
<kentonv>
I'm looking for the API I added for this
<kentonv>
it may have been post-0.5
<kentonv>
CapabilityServerSet
<kentonv>
you can create a CapabilityServerSet<MyType> and then use it when wrapping local objects as capabilities, then you can check if some particular capability came from the set
<kentonv>
and if so, unwrap it
<maurer>
Hm, if it's post 0.5, I may need to look into porting it into rust to use it, but thanks, I'll look into that API
<kentonv>
ah, yeah, probably needs to be added in rust. Not dependent on any protocol features, of course.
<maurer>
(yeah, basically the problem is I want to export an objecty interface, but the backend can't talk to the capnproto objects, so I can't actually describe an appropriate type restriction)
<kentonv>
it would be neat to be able to declare it in a type-safe way, but I think that requires a form of dependent types -- since you're saying that one capability's type specifies that it is associated with some specific server object (which is another value, not a type).
<maurer>
kentonv: You'd need tha absolute weakest form of dependent types, but yeah
<maurer>
you'd basically add a parameter to the capability that is "capability origin"
<maurer>
*capability type that its "capability origin"
<dwrensha>
i need to think about it, but it sounds more like existentials than dependent types to me
<maurer>
and then instantiate all the types you accept at that parameter
<maurer>
dwrensha: The reason it's a dependent type is because there's a value (the origin) in the type
<maurer>
kentonv: In any case, I think this might be a useful feature for exposing legacy libraries over capnp, I'll see whether it works out for me
<kentonv>
dwrensha: unrelatedly, have you talked to the rocketchat people about icons? If Nena should work on that she should start now.
<dwrensha>
Gabriel has not responded ... I'll try poking on a different channel...
<dwrensha>
Gabriel says: "that would be awesome!!!"
<kentonv>
so nena should generate some icons?
<kentonv>
do they have svgs to work from?
larjona has joined #sandstorm
<dwrensha>
neynah: Maybe you could join https://demo.rocket.chat and start a direct chat with gabriel.engel.rocket.team
<neynah>
yes they have high res graphics I can use. :3
<kentonv>
ok let's get this done ASAP. I'm worried that there's not much time left for them to complete the packaging once they have icons.
<zarvox>
neynah is on it :)
<neynah>
I can do it in within 10min ish
<kentonv>
cool. Can we get Gabriel to submit a version without icons in the meantime so I can review other aspects? (And to make sure there aren't other snags he hasn't reached yet.)
<kentonv>
I can message him if that makes sense
<dwrensha>
yeah, you should probably head over to demo.rocket.chat
<dwrensha>
he was also wondering what time y'all will be at the event
<kentonv>
I actually won't be there but Asheesh and Jade will be
<kentonv>
anyway, chatting with him now
joshbuddy has joined #sandstorm
NOTevil has quit [Quit: Leaving]
<neynah>
OK, I sent him a link for the graphics.
<kentonv>
paulproteus are you around?
<paulproteus>
kentonv: Yes
<kentonv>
what time are you heading to meteor?
<paulproteus>
Just got here
<kentonv>
ah hah
<paulproteus>
I even have a janky power supply I bought from Central Computer.
<paulproteus>
Battery 0: Unknown, 13%
<kentonv>
cool, go find gabriel and help him make a package. :)
<paulproteus>
Hah OK
<paulproteus>
(That's the output from `acpi` which is to say this power supply isn't quite "Charging" but it's also not "Discharging" so I guess it'll do!)
<kentonv>
nena sent him icons, so he should have everything now
<paulproteus>
bd
<kentonv>
let me know when there's something for me to approve. :)
rustyrazorblade has joined #sandstorm
jadewang has joined #sandstorm
isd has quit [Quit: Leaving.]
rustyrazorblade has joined #sandstorm
jadewang has quit [Remote host closed the connection]
rustyrazorblade has quit [Quit: rustyrazorblade]
bb010g has quit [Quit: Connection closed for inactivity]
jacksingleton has joined #sandstorm
rustyrazorblade has joined #sandstorm
rustyrazorblade has quit [Client Quit]
simonv3 has quit [Quit: Connection closed for inactivity]
<warren>
kentonv: posting here instead of more publicly in social media.
<kentonv>
warren: ?
<warren>
A major company with hundreds of thousands of user accounts had their entire domain registrar hacked with the purpose of hijacking their domain name. The domain was added to a Cloudflare account which will happily generate a SSL cert for almost any domain name. That was then pointed at a reverse proxy that was in turn pointed at the real server. This kind of attack can transparently steal passwords and replace the content of downloads. Please
<warren>
don't make assumptions like "HTTPS" is safe, especially when curl can't be further protected by HSTS.
prosodyC has quit [Ping timeout: 240 seconds]
<warren>
Quite frankly your tone in the blog post is arrogant.
simonv3 has joined #sandstorm
ckocagil has quit [Ping timeout: 240 seconds]
mattl has quit [Ping timeout: 240 seconds]
pod has quit [Ping timeout: 240 seconds]
<warren>
Good job on the fully verified install process.
<warren>
If I really wanted to nitpick, this sentence is unnecessarily defensive and not the entire story. "Realistically, downloading and installing software while relying on HTTPS for integrity is a widely-used practice. The web sites for Firefox, Rust, Google Chrome, and many others offer an HTTPS download as the primary installation mechanism."
<warren>
Nearly all of those binary downloads, Windows or Mac app installers, deb or rpm packages, are all cryptographically signed, they don't solely rely on HTTPS to protect the user.
<kentonv>
who checks those signatures?
<warren>
MacOS X mavericks and later refuses to run/install anything by default if it isn't signed by a blessed key registered through Apple, for example