<simonv3>
Also, I’m not sure whether there’s still that offer of helping apps with logos?
neynah has joined #sandstorm
<neynah>
simonv3 yes, do you need some logo help? :)
<simonv3>
haha, that was like a conch was blown or something :P
<simonv3>
neynah: I would love some logo help!
<simonv3>
It’s an app called Annotate that is for annotating images
<neynah>
simonv3 does this app already exist or is it new? As in, am I putting together existing graphics or do you need something designed from scratch?
<asheesh>
simonv3: FWIW I'd prefer that clicking on the image results in a "Add comment" thing I can (X) out, and then if I click "Add comment" I get a number *and* the text area at the same time.
<asheesh>
Having said that, you're welcome to say, "That's cool Asheesh, make that true in your fork" (-;
<simonv3>
asheesh: instead of just click and get the thing popped up? that makes sense
<simonv3>
it’s bothered me, so it’s probably feedback I should take on board :P
<asheesh>
(-:
<simonv3>
or at least, if the user doesn’t add a comment text, don’t add the annotation
<asheesh>
That could work possibly
<simonv3>
but I think yours is less magical and so probably better
<asheesh>
"obviously" the next thing I want out of this is the ability to add a few images to this, so I make a little annotated screenshot tour of an app
<asheesh>
And then to be able to static-publishing-publish it so I can "just email a link to my parents"
<simonv3>
Well, if you add install the app yourself you can add as many images as you like
<asheesh>
and then I can show my Dad how to fix the whatever
<asheesh>
Oh! OK!
<asheesh>
On it _right now_
<asheesh>
annotate.spk is OK but I vastly prefer out.spk
<asheesh>
out.spk is a better app
<asheesh>
(kidding! that's just the filename I always use)
<simonv3>
But, I think there should be an indicator of how many images and a quick view of the images at the top)
<asheesh>
+1
<asheesh>
I don't see how, on my own grain, to add annotations
<asheesh>
Maybe the owner can't add annotations; if so, well, OK; I'd prefer to have some clear separation of "Upload mode" and "Annotate mode" and have a toggle-switch somewhere that lets me switch into that.
<asheesh>
"Click here to select an image" => "Click here to select another image", if having multiple ones is possible; otherwise it seems to me that I can modify which image is being annotated but not add multiple images.
<asheesh>
FWIW feel free to tell me my feedback is too detailed or to just stop!
funwhilelost has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<asheesh>
It took me a few clicks to figure out that clicking the "No description supplied" text wouldn't edit it; I figured since there was a pencil next to it, and it was formatted strangely (italics), clicking the text would edit it.
bb010g has joined #sandstorm
<asheesh>
I love that it rescales the image to my browser.
<asheesh>
I wish I knew that before resizing my browser, since otherwise I was a little afraid to rescale my browser, but it's OK to learn that by doing.
<asheesh>
I'd prefer that the "Add an image" box go to underneath the image, or otherwise somewhere not quite the top of the page, since now I'm excited about the image I uploaded rather than excited about adding more images.
<asheesh>
I think what I really want is a confirmation message in the top, once I upload a picture, that says
<asheesh>
"One image added. Click ( + ) to add more images. Annotation is enabled"
<asheesh>
and then clicking the small ( + ) gives me the big drag & drop target back.
<asheesh>
I have somehow created two (6)s at the "Testing Annotate"
<asheesh>
I guess deleting comment areas allows me to get duplicate numbers.
<asheesh>
OK well I think that concludes my feedback essay for now. simonv3 if you have other questions, or clarifying questions, then feel free to ping me here.
<asheesh>
I can turn them into GitHub issues if that's helpful, simonv3.
<asheesh>
jadewang: https://www.uproxy.org/ is the app I was thinking of that my friend bemasc hacks on sometimes
<asheesh>
uproxy is basically Sandstorm for your proxy server
<jadewang>
cool
<asheesh>
So they were tentatively excited about replacing the Sandstormy parts with actual Sandstorm.
<simonv3>
asheesh: that would be helpful yeah
<simonv3>
that’s all good feedback
<asheesh>
simonv3: BTW uh also EFF laywers would possibly use this if it supported importing a Word document.
<asheesh>
They don't have a Sandstorm install at the moment, but apparently most of what the EFF lawyers care about is sharing & commenting on Word documents. Which, I guess, lawyers, makes sense.
<simonv3>
Word documents would be tricky because then - is this is a word processor?
<simonv3>
Whereas PDFs is read only
<asheesh>
I think "export to PDF then upload to Annotate" is a pretty OK workflow, yeah.
<simonv3>
I’ve actually been reading a couple of papers and scribbling in the margins and sad that I will lose those notes when I inevitably get rid of the printouts
<simonv3>
which is what made me think that
<asheesh>
I think I once applied to Y Combinator with the idea of making a web annotations platform. They did not accept me.
<asheesh>
Good Sandstorm app; not so good startup. (-:
<digitalcircuit>
Reminds me a bit of Xournal, though I imagine the Sandstorm app needs significantly less features :)
<asheesh>
Right! I ran into one of the hypothes.is folks at a party two nights ago, iirc.
<asheesh>
Although I don't see them on the https://hypothes.is/team/ page so maybe I'm mistaken, who knows.
mnutt has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
mnutt has joined #sandstorm
mnutt has quit [Client Quit]
<asheesh>
BTW, simonv3, I'm curious - what OS does your main laptop run?
<asheesh>
Basically I'm curious because if it's non-Linux, then I get to be proud and happy that zarvox and I have worked on vagrant-spk over the past year, and it's been fruitful in getting this awesome app!
<asheesh>
(-:
<asheesh>
This app is great.
<zarvox>
:D
<simonv3>
yeah, it’s Mac
<asheesh>
: D
<asheesh>
AFK a bit!
<asheesh>
Glad that the tooling is working well enough for you!
<simonv3>
it is! Meteor-Sandstorm is pretty smooth once you’re offloading the user permissions (which was a bit of a pain with Quick-Survey)
amyers has joined #sandstorm
synchrone has quit [Ping timeout: 256 seconds]
<zarvox>
simonv3: I appear to be able to delete Asheesh's comments on Annotate when I open the shared test grain you linked in your email as an incognito user. Expected or unexpected behavior?
<asheesh>
IMHO expected, but might be worth stating up top or in a little (i) info box link
amyers has quit [Ping timeout: 248 seconds]
<mrdomino>
hmm possibly stupid question: is capability revocation implemented? i'm not seeing any obvious way in the UI to revoke access to people who currently can access a grain, only to delete URLs
<digitalcircuit>
mrdomino: did you share via identity card, or URL? If the former, I think it's a known bug that'll be fixed. If the latter, someone could just visit the old link again so you have to delete the URL.
<digitalcircuit>
(Identity card being the auto-complete on email address thing)
<mrdomino>
heh, both
<mrdomino>
but suppose we're talking about the URL case. if i delete the URL, can people whose identities are listed, but who signed up via the URL, still access the grain?
<digitalcircuit>
No, at least not according to testing on my end (i.e. accidentally deleting the wrong URL). I might be wrong here.
<mrdomino>
ok, good to know
<digitalcircuit>
Migrating URL access to identity card access would be useful. kentonv was discussing the identity card auth earlier; maybe it'll change in the future?
<kentonv>
currently if you revoke the URL it transitively revokes everyone who received access through it. In the future, revoking the URL will prompt you to ask if you want to revoke them, or to restore their access via direct shares.
<digitalcircuit>
Sweet!
<kentonv>
and yeah, it's a bug that you currently can't revoke someone shared by identity. dwrensha is fixing it this week.
<kentonv>
weirdly, no one noticed until Saturday and since then we've had 3-4 reports of this
<mrdomino>
yeah, strange. good to know!
<digitalcircuit>
I had noticed it a bit earlier, but I wasn't sure if I needed to submit a formal test and bug report, or could just mention it here until I could do the former. Now I know :)
<mrdomino>
d'oh, groove basin is trying to do a shm_open for some reason
mrdomino has joined #sandstorm
peterood has quit [Quit: Connection closed for inactivity]
simonv3 has quit [Quit: Connection closed for inactivity]
mnutt has joined #sandstorm
amyers has joined #sandstorm
simonv3 has joined #sandstorm
<simonv3>
zarvox: asheesh not surprised, but I should have thought that through. Maybe I’ll limit the “delete” functionality of annotations/comments to the owner.
<ngf>
Need help why cant I receive a Token after installing SandstormIO as self-hosted server
amyers has joined #sandstorm
koenig_DGQ has joined #sandstorm
<koenig_DGQ>
hi!
<koenig_DGQ>
kentonv: I am back. Did you find anything with the davros grain?
<dwrensha>
koenig_DGQ: kentonv probably won't be awake for a few more hours
<dwrensha>
I tried restoring that grain, and it worked fine for me
<dwrensha>
koenig_DGQ: what browser have you been using?
<koenig_DGQ>
dwrensha: oh, info said Budapest :-)
<koenig_DGQ>
I use Chrome here
<koenig_DGQ>
I can try with other browsers
<koenig_DGQ>
Yup, this seems to be Chrome related. Firefox works just fine
<dwrensha>
interesting!
<dwrensha>
you said you're on Windows?
<koenig_DGQ>
That does not change my original issue. I cannot connect the ownCloud client (Windows 7 64 bit) using the credentials from sandstorm (now retrieved with Firefox). I always get "Connection terminated"
<koenig_DGQ>
yup. Strange that a browser change should get me a 404
<koenig_DGQ>
I treid a chrome instance with all plugins deactivated. That changed nothing
<koenig_DGQ>
So, I have two problems. Do you want me to file them in a tracker somewhere or do you keep it on IRC just yet?
<dwrensha>
the Davros issue seems to me like the right place to report these things
<dwrensha>
ngf: what kind of "Token" do you mean? an admin token for viewing the admin interface?
amyers has quit [Remote host closed the connection]
<maurer>
dwrensha: So, maybe I'm being silly, but what's the advantage of assembling the word from bytes?
<dwrensha>
How else can we deal with endianness?
<maurer>
Hm, I guess that makes sense.
<maurer>
I guess the "real" answer would be to use a constant function from the byteorder crate
<maurer>
but I don't know if the byteorder crate is using that feature yet
<dwrensha>
tell me more about "constant function"
<dwrensha>
that sounds better than a macro
<dwrensha>
but I was under the impression that such things don't exist yet in Rust
<dwrensha>
or at least not in the generality that we need
<maurer>
I could have sworn it showed up in 1.6
<maurer>
lemme try to find it
<maurer>
but basically it was a kind of function that was sufficiently deterministic that the compiler could use it to populate a const val at compile time
<dwrensha>
error: const fn is unstable (see issue #24111)
<maurer>
Hrm, OK
<maurer>
guess it's not stabilized yet
<maurer>
yeah, macro is probably the best approach
<maurer>
Well, I guess it's at least something to look forward to in the future.
canuky has joined #sandstorm
<canuky>
Question: Just enabled HTTPS for our existing sandcats.io Sandstorm server (oet.sandcats.io) ... our former landing page was oet.tru.ca ... that URL now gives the 'This Sandstorm server's main interface is at: https://oet.sandcats.io' message. What is the easiest way for me to redirect anyone coming to oet.tru.ca to oet.sandcats.io ?
<frigginglorious>
canuky: not sure if its the best, but heres the easiest
<frigginglorious>
simple php redirect
<frigginglorious>
oh, you might need to remove a C_NAME record from your DNS settings, actually.
funwhilelost has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
Tcf has joined #sandstorm
xet7 has joined #sandstorm
rustyrazorblade_ has joined #sandstorm
funwhilelost has joined #sandstorm
paroneayea has quit [Read error: Connection reset by peer]
funwhilelost has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
funwhilelost has joined #sandstorm
synchrone has quit [Ping timeout: 252 seconds]
paroneayea has joined #sandstorm
bb010g has joined #sandstorm
* asheesh
waves.
canucky has joined #sandstorm
<canucky>
Me again - still unclear on what I should do to resolve this issue ... we used to have a landing page at 'oet.tru.ca' - this landing page had a link pointing to oet.sandcats.io:6080 ... made the HTTPS changes, which results in former URL oet.tru.ca giving the DNS TXT message
<asheesh>
Ho canucky !
<asheesh>
I was just going to get in touch with you.
<canucky>
Is a PHP redirect the best way to ensure our users coming in via the old URL (oet.tru.ca) get redirected to oet.sandcats.io?
<asheesh>
You have a few options.
<asheesh>
Oh man, I guess you can't create 'sandstorm-www' TXT records on oet.sandcats.io:6080... since we own that and you don't.
<asheesh>
That's kinda tragic.
<asheesh>
Otherwise I'd "just" suggest you add some DNS TXT records.
<asheesh>
If this server runs nginx, then yeah, I'd set up something on port 6080 that redirects people to a different URL. I'd use nginx for that, and I can try to provide such a config if it helps.
<asheesh>
Also good morning, great to hear from you canucky
<canucky>
Sure - looking for whatever approach may be best
<canucky>
Good afternoon :) ( logged in from the Atlantic Timezone )
<asheesh>
Yeah, I'd go with the nginx (or Apache) redirect approach. If you need help with it, just ask, and I am happy to provide.
<asheesh>
Crucially it sounds like you'll be happiest if Sandstorm does *not* listen on port 6080.
<asheesh>
(You can move Sandstorm to port 80 and port 443!)
<canucky>
That's what I have presentlyt
<canucky>
oet.sandcats.io
<asheesh>
Got it, so then what software is listening on port 6080?
<asheesh>
... oh you *do* want oet.tru.ca port 80 to redirect to oet.sandcats.io ?
<asheesh>
(port 80 , which would then itself redirect to https, port 443) ?
<canucky>
yes - that's the ticket
<asheesh>
BTW if you want I can hop on a video call and you can show me the conf files.
<asheesh>
But I can also try to draw a diagram.
<canucky>
Sure - videocall would be great
<asheesh>
OK, give me ~ 5 min. Just making sure I know how names<=>usernames are mapping, you're Grant, right? If so then I have your video chat info from last time we talked.
<mnutt__>
I don’t suppose anyone has looked into making sandstorm’s web UI work in offline mode? It seems like it may conflict with the iframes implementation?
<asheesh>
I would *love* to see that, and I think it's an architectural question to ask kentonv about.
rustyrazorblade_ has quit [Quit: rustyrazorblade_]
mnutt has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<zarvox>
Yeah, that sounds like it'd need ServiceWorkers, which would need stable hostnames, and also a way to sandbox ServiceWorkers.
<zarvox>
dwrensha: cool to hear that we no longer need AlignedData with the dummy field!
canuky has joined #sandstorm
<canuky>
appears I broke something ... removed 6080 from sandstorm.conf ... rebooted and now getting https://oet.sandcats.io/
<asheesh>
You do still have PORT=80 (and no comma) right?
<asheesh>
I don't know what we do in the case of comma but nothing after it.
<asheesh>
Also read the Sandstorm logs.
<asheesh>
/opt/sandstorm/var/log/sandstorm.log
<asheesh>
I see what we do. We crash.
<asheesh>
Feb 02 18:24:20 rose sandstorm[26770]: *** Uncaught exception ***
<asheesh>
Feb 02 18:24:20 rose sandstorm[26770]: sandstorm/run-bundle.c++:230: failed: invalid config value PORT; portList = 6080,
<asheesh>
Feb 02 18:24:20 rose sandstorm[26770]: stack: 0x4e9523 0x50552c 0x5054f9 0x5054ea 0x4a526f 0x4a4d8a
<asheesh>
(Just tested it on my personal Sandstorm install.)
<asheesh>
canuky: ^
<asheesh>
canuky: Also if you're going to go the static publishing route for doing the redirect, you probably do want port 6080 bound, but you do have the two options anyway.
<asheesh>
Oh dear, OK. It's failing. So the question is, why is it failing?
<asheesh>
Let me go read run-bundle.
<asheesh>
Hmm.
ecloud_ has joined #sandstorm
<asheesh>
Do you have other programs listening on port 80?
<asheesh>
zarvox/kentonv: Is there any good advice for going from "stack: 0x4f1312 0x4f12ca 0x473c1e" into actual line numbers? Should I trust line numbers from a run-bundle crash?
bb010g has quit [Ping timeout: 240 seconds]
ecloud has quit [Ping timeout: 240 seconds]
bb010g_ has joined #sandstorm
<kentonv>
asheesh: addr2line, but for non-debug builds it won't be able to give you line numbers, but there's a flag (-f?) that will at least give you function names
bb010g_ is now known as bb010g
<asheesh>
Cool, kentonv, that's a big help!
<kentonv>
also I think -C demangles C++ symbols
bb010g has quit [Quit: Connection closed for inactivity]
<asheesh>
canucky: I have to handle something unrelated over the next 30 minutes, but I do want to make sure we get to the bottom of this. So I'll ping you in ~30 minutes and we'll see where we are. I'm also busy 1p-1:30p but can make time outside of that however is needed.
<canucky>
right on - thnx
<canucky>
will keep poking away at this and keep my IRC window open
<jadewang>
wow, lastpass's UI and outdated docs take lack of user testing to a whole new level
<jadewang>
if anyone here writes or packages a lastpass replacement for Sandstorm, I will personally bake you a cake
<jadewang>
it can even be gluten free if you want
<mrdomino>
now *that* is tempting
<mrdomino>
clipperz sounded pretty uninterested in running on sandstorm
<mrdomino>
so i may have to just write like a web wrapper around pass
<canucky>
Question about DNS TXT entries ... I have a Ghost site at 4zeu8cyfcqyju4xwggw0.oet.sandcats.io
<asheesh>
chezmichel: Hi! OK so are you willing to share your sandcats hostname with me, first things first?
<asheesh>
canucky: Great, then what's the question? : P
<asheesh>
(but also the Davros app has really really good directions on setting up DNS TXT record stuff, so I would actually try to get a Davros grain working first)
<asheesh>
(props to mnutt for making something massively usable IMHO)
<chezmichel>
hum i don't know
<canucky>
ok ... will look there first
<asheesh>
FWIW I'm the person who wrote the Sandcats software, if that makes you trust me more.
<asheesh>
But anyway you can send it in a private IRC message; don't have to share here, or email to asheesh@sandstorm.io
<chezmichel>
asheesh but in first time i have a htaccess, but i didn't understand what is it
<chezmichel>
so second time i had 404 not found and now all time 404 not found
<chezmichel>
okay thx :)
<chezmichel>
have you got fail2ban in your htaccess ?
neynah has joined #sandstorm
<asheesh>
Sandstorm doesn't use fail2ban nor htaccess, fwiw.
<chezmichel>
okay
<asheesh>
If you can tell me your hostname I can try to see what you see, which might result in me being more helpful!
<asheesh>
I'll stop asking about it, but that's one thing anyway.
<asheesh>
When you visit the URL, do you see the Sandstorm logo?
<chezmichel>
chezmichel.sandcat.io
<asheesh>
Or do you see some totally non-Sandstorm thing?
<asheesh>
OK, cool!
<asheesh>
So it looks to me like you have another web server installed as well. Maybe we can figure out how to have that server play nicely with Sandstorm.
<asheesh>
What is the value of PORT=... in /opt/sandstorm/sandstorm.conf ?
<asheesh>
canucky: Cool, keep me posted
<asheesh>
And what is the value of BASE_URL=... in /opt/sandstorm/sandstorm.conf ?
<asheesh>
Typically Sandstorm will set itself up on port 6080 when there's another web server, but it looks like port 6080 is firewalled on that computer, so no one can reach Sandstorm.
<chezmichel>
i think it's my fault
<asheesh>
That's fine; I can help anyway.
<chezmichel>
i look my server because i use VM with promox (NAT, SNAT ...)
<chezmichel>
thx
<asheesh>
proxmox looks great. I wish I had something like that in ~2006 when I was setting up a server for me and some friends.
<asheesh>
Is Sandstorm running on a different VM within the server?
<asheesh>
If so, that might explain things, yeah.
<chezmichel>
sandstorm is just in VM jessie
<chezmichel>
in /opt/sandstorm/sandstorm.conf okay i see
<asheesh>
Great - so then probably it thinks it has port 443 & port 80 available, but isn't reachable over the Internet, and needs some ports forwarded
<asheesh>
FWIW in your case I would start by disabling HTTPS and making HTTP work OK, since that's easier to debug.
<chezmichel>
it's possible to change sandcats.io by my domain ?
<canucky>
But still getting the DNS TXT message ghost.networkeffects.ca ...
<asheesh>
canucky: That should do the trick, but your local DNS resolver might have cached the absence of the entry if you ever missed it.
<asheesh>
Giving it ~30 minutes should typically be enough.
<canucky>
ok - will give it some time ... one more question - have a blank index.html file in Davros, but still not getting the contents listed
<asheesh>
Having said that, it is kind of sad that people run into this all the time.
<asheesh>
A blank index.html really should do the trick, so long as it's non-empty. Would you be willing to share the grain with me and I can take a look? You can type @asheesh in the share box and it should autocomplete.
<canucky>
still trying to resolve that oet.tru.ca redirect issue
<asheesh>
I'm in that pad we were using earlier today
<synchrone>
@asheesh: can you elaborate why the ua-filtering after all
<asheesh>
Yeah, was just going to get into that on the github issue.
<asheesh>
It's subtle, so here goes.
<synchrone>
(irc format suits for CS sec 101 better :) )
<asheesh>
(agreed)
<asheesh>
(also this like a 501 Experimental Hands-On Research thing, not 101) (-;
<asheesh>
Here are some facts.
<asheesh>
1. All API tokens get used on the same hostname (api.yoursandstorm.example.com) at the moment.
<asheesh>
2. The bearer token ("Authorization: Bearer asdfasdfasdfasdfa") is what routes, as well as authorizes the request.
<asheesh>
2.a. This strikes nearly everyone as crazy but one subtle upside is that it means there's really just one thing, not two things, so there's less room for error.
<asheesh>
3. CalDAV and CardDAV are treated as "the app exporting an API" to HTTP clients that are not web browsers.
<asheesh>
Really the definition of API in Sandstorm is, "HTTP requests whose response is not going to be rendered by a browser's normal text/html response processing"
<asheesh>
so far soo good synchrone ? If not, then ask questions now because it gets crazier soon.
<asheesh>
neynah: OK
<neynah>
ty! :D
<synchrone>
so far i'm with you
<asheesh>
Great synchrone.
<asheesh>
So we optionally allow apps to use HTTP Basic auth instead of an "Authorization: Bearer ..." header.
<asheesh>
This does mean that browsers can theoretically render these responses now.
<asheesh>
If someone knows that you're using CardDAV on api.oasis.sandstorm.io and you're unlucky enough to have entered the basic auth thing into your browser, and therefore it remembers it,
<asheesh>
someone on attacker.com can make a HTML page
<asheesh>
and if the app had a bug where GET-ing that resulted in card deletion, then you'd be very sad.
<synchrone>
GET would not be destroying your data and attacker.com won't see the response
<asheesh>
Right, but turns out you can do cross-origin POST as well.
<synchrone>
true
<asheesh>
So now you're really getting somewhere.
<synchrone>
but not see the response... but post might be modifying\deleting
<asheesh>
Right, yeah, modifying & deleting is already pretty bad.
<synchrone>
you'd have to be unlucky enough to auth your browser for Basic... which is wrong but you think it should disallow users by design from harming their own security
<synchrone>
Terminate these steps if header is a case-insensitive match for one of the following headers:
<synchrone>
includes UA but not Accept
<asheesh>
So FWIW this would be drastically easier if CalDAV/CardDAV clients "could just" use an authorization header that browsers don't accept.
<asheesh>
Of course, that's actually a lot to ask, I realize!
<synchrone>
mostly cause *Dav are old and unmaintained and their development is slow ...
<synchrone>
what's called "enterprisey"
<asheesh>
That and approximately no one thinks "Hey, what HTTP needs is special features that we will carefully refuse to implement in web browsers" (-:
<synchrone>
webbrowsers wanna be first-class platforms, and they have the right to
<asheesh>
"well then they can fix their confused deputy problems and then we'll talk"
<asheesh>
But yeah, indeed, HTTP is the web browser protocol.
xet7 has joined #sandstorm
<synchrone>
what about Origin header
<synchrone>
is it also contained with actual request, not just preflight?
<synchrone>
at least chrome does attach itit
<synchrone>
it's not settable via js
<synchrone>
ok, i'll be back in 2 hrs
<asheesh>
Right; I need to figure out how reliable that is. Thanks for digging into this, synchrone.
<asheesh>
mrdomino: ^ you might find this topic interesting/amusing.