<asheesh>
I guess this is to test the ownCloud web backend, not any mobile apps.
<asheesh>
Never mind.
kentonv has quit [Excess Flood]
xet7_ has joined #sandstorm
<zarvox>
looks like the owncloud:// scheme is used in an OAuth flow, or to open a file at a particular path.
bb010g has joined #sandstorm
xet7 has quit [Ping timeout: 268 seconds]
kentonv has joined #sandstorm
<mnutt>
I can confirm that owncloud ios client works with sandstorm v0.148!
<asheesh>
egad!!!
<asheesh>
(and with davros!)
<asheesh>
(you get the credit!)
<mnutt>
haha yeah thanks
<mnutt>
I didn't know about the owncloud:// scheme, I wonder how that works
<kentonv>
reminder to asheesh, don't accept any updates until the release is live everywhere. :)
<asheesh>
kentonv: ++
<kentonv>
(presumably the new Davros build will error out on older Sandstorm)
<asheesh>
"everywhere" == "twenty-four hours, gosh I love auto-updates"?
<mnutt>
yeah, at least in the past, if you passed an offerTemplate with properties it didn't recognize it would reject it
<kentonv>
asheesh: 24 hours from push, plus Oasis update which will probably be tomorrow evening
<asheesh>
bd
<mnutt>
I'll have a davros update ready to go by then. I'm thinking completely rip out the credentials in the url, to normalize across clients and fix the scrolling problem. it's slightly more annoying to paste 3 times with desktop owncloud, but probably worth it for consistency's sake
<asheesh>
mnutt: FWIW I do use the big URL for copy-pasta w/ "owncloudcmd" on the command line.
<asheesh>
Having said that, I always wished I was using "rsync" or "unison" instead of "owncloudcmd".
<asheesh>
I'm OK if you "break my use-case,
<asheesh>
I'm OK if you "break" my use-case, fwiw
<mnutt>
yeah, I'm glad owncloudcmd exists but I hate it
<asheesh>
I kinda have no idea how it works so I sort of hate it too.
<mnutt>
there's no rsync-style "don't modify source" flags, so I'm never sure if it's going to just wipe out my totally important files on my computer
<asheesh>
It does succeed at doing some weird thing I don't understand involving file splitting.
<asheesh>
and then rejoining on the server.
<asheesh>
Unless I misunderstand its output.
<asheesh>
Exactly, me too re: "just wipe out"
<mnutt>
oh, it's pretty scary. it chunks up large files into 5MB pieces using some homegrown method that I had to implement
<mnutt>
there's a checksum at the end, but still
<mnutt>
I'm taking advantage of a controlled environment on the sandstorm side and actually writing the pieces in place via seek(). I've done quite a bit of testing with smashbox but it still worries me.
<asheesh>
BTW, howdy sugarpuff, nice to e-meet you, don't know if we've chatted!
<mnutt>
haha, yes, the second one. I do not test on animals, only computers and humans.
bb010g has quit [Ping timeout: 268 seconds]
* digitalcircuit
got really confused at first :)
bpierre has quit [Ping timeout: 268 seconds]
fkautz has quit [Read error: Connection reset by peer]
<zarvox>
so the OAuth flow looks like oauth2 to me - given a code as a query param to the appropriate redirect URI, the app fetches an access token and a refresh token
KCinJP has joined #sandstorm
azirbel has quit [Ping timeout: 268 seconds]
<zarvox>
doesn't look like you can use the URI scheme to shortcut entering the host/username/password though
bb010g has joined #sandstorm
fkautz has joined #sandstorm
<asheesh>
BTW fkautz I was at ping's birthday party yesterday! And he's happy someone is playing with "zest" <http://zesty.ca/zest/>, if you do decide to do so!
bpierre has joined #sandstorm
azirbel has joined #sandstorm
sugarpuff has quit [Ping timeout: 268 seconds]
sugarpuff has joined #sandstorm
joshbuddy has quit [Quit: joshbuddy]
<zarvox>
I love how that example output thread is a bunch of capabilities folks (including my advisor from Berkeley!) discussing object capabilities 13 years ago
<mnutt>
zarvox: yeah, I looked at it for a brief while, saw yet another place where they manually string-parse URLs rather than using the built-in libraries, remembered that I had wasted an entire weekend of my life putting together a patch for them, and closed the project.
<mnutt>
I'm just glad it works now, thanks to sandstorm. you guys rock.
<zarvox>
mnutt: oof
fkautz has quit [Ping timeout: 268 seconds]
<zarvox>
thanks to you! Davros is great and usable and an essential part of Sandstorm infrastructure (some of our testsuite's test app .spks are hosted in Davros grains!)
bpierre has quit [Ping timeout: 268 seconds]
<asheesh>
mnutt: s/closed the project/closed the pull request/ ?
<mnutt>
no, they did that part for me :)
codebam has quit [Ping timeout: 268 seconds]
bpierre has joined #sandstorm
sugarpuff has quit [Ping timeout: 268 seconds]
<mnutt>
it also gave me some things to think about in terms of open source mobile apps. they're GPL, but it's pretty disingenuous. they are allowed to submit their app to the app store because they have a CLA that gives them the ability to relicense it and submit to apple. you can fork it, but you can't actually get your app in the app store because it goes against the license.
<mnutt>
it's not their fault or anything that apple has those terms, but the app being GPL is pointless
Zertrin_ has quit [Ping timeout: 268 seconds]
<kentonv>
wait, the app store disallows GPL apps?
joshbuddy has joined #sandstorm
<kentonv>
or what?
<mnutt>
the iOS app store places restrictions on redistribution, so you can't satisfy the terms of GPL
<kentonv>
weird
Zertrin has joined #sandstorm
<mnutt>
VLC was in the app store for a while, but got pulled because one of VLC's open source contributors sued to get it removed since apple was not honoring the redistribution part
<mnutt>
awesome, the first 100 people to ask for it would get a working Davros iOS client
codebam has joined #sandstorm
codebam has quit [Excess Flood]
fkautz has joined #sandstorm
bb010g has quit [Ping timeout: 268 seconds]
bpierre has quit [Ping timeout: 268 seconds]
<mnutt>
I'm going to start sending CSP in Davros, it won't break anything when sandstorm adds CSP support, right?
<mnutt>
I guess sandstorm would need to guarantee that CSP header sent was at least as high as the one sandstorm requires
<asheesh>
Which seems pretty straightforward IMHO.
bpierre has joined #sandstorm
<zarvox>
Yeah, right now we ignore the app's CSP response and substitute our own
<asheesh>
Time for a hug report
<zarvox>
but we should merge them
<zarvox>
we already have one
<zarvox>
IIRC
<mnutt>
yeah. capnp ftw.
<zarvox>
also we should tighten the CSP sandbox, but that's probably a SandstormApi version bump, since it'll break everything that e.g. uses Google Web Fonts or CDN'd jquery and so on
codebam has joined #sandstorm
<zarvox>
so there's some backwards-compatibility work to be done there
bb010g has joined #sandstorm
<asheesh>
My take is: +1 to something apps can opt into that is safer
<asheesh>
We don't even need to communicate this to users yet, but it lets app authors be part of the transition ecosystem.
<asheesh>
I imagine someone like ocdtrekkie going around and mass-patching apps to do a bump or whatever, and then filing bug reports.
<mnutt>
I have a vague feeling that CSP can fix my challenges with safely displaying unsafe content in an iframe, but can't quite figure out how
<zarvox>
sounds like you want iframe sandboxing
<mnutt>
yeah, I just want to make sure that the content can _only_ be accessed from the iframe
<mnutt>
sandbox="allow-forms allow-scripts" seems like it. (it removes allow-same-origin, so can't use cookies)
hunterm__ has quit [Ping timeout: 268 seconds]
<zarvox>
Hmmm. The Sandstorm proxy might require allow-same-origin, because that's how it tracks sessions.
hunterm__ has joined #sandstorm
codebam has joined #sandstorm
<zarvox>
(we set a cookie "sandstorm-sid" on the randomized session subdomain)
<mnutt>
yeah. but it seems like you could conditionally turn it off if you were just displaying a single piece of content
<zarvox>
But then if you allow same origin and allow scripts and are on the same domain, then you can break out of the sandbox.
<mnutt>
it wouldn't work to have it off all the time, though
<zarvox>
it'd be interesting if the way to do this was via some concept of subsessions, which gave you a new session on a new hostname
<zarvox>
I suspect we'll need something like that if we ever want to do embedding of grains inside others (Jade asks periodically about a potential "tabify" app, that is just a collection of particular grains in tabs)
hunterm__ has quit [Ping timeout: 268 seconds]
Rym has quit [Ping timeout: 268 seconds]
<zarvox>
hmmm, actually, how would that work with CSP today? if you wanted to iframe a different origin, you'd have to allow it in the CSP response, but you don't know what other origins you might want to frame at the time of the first request...
<zarvox>
need dynamic CSP rules :/
simonv3 has joined #sandstorm
Rym has joined #sandstorm
wolcen has quit [Ping timeout: 276 seconds]
hunterm__ has joined #sandstorm
fkautz has quit [Ping timeout: 268 seconds]
Rym has quit [Quit: Connection closed for inactivity]
bb010g has quit [Quit: Connection closed for inactivity]
frewsxcv_ has quit [Ping timeout: 268 seconds]
frewsxcv_ has joined #sandstorm
codebam has quit [Ping timeout: 268 seconds]
wolcen has joined #sandstorm
codebam has joined #sandstorm
decipherstatic_ has joined #sandstorm
decipherstatic has quit [Ping timeout: 268 seconds]
codebam has quit [Ping timeout: 268 seconds]
codebam has joined #sandstorm
simonv3 has quit [Ping timeout: 268 seconds]
simonv3 has joined #sandstorm
kxra has quit [Ping timeout: 246 seconds]
kxra has joined #sandstorm
codebam has quit [Ping timeout: 268 seconds]
codebam has joined #sandstorm
KCinJP has quit [Ping timeout: 244 seconds]
KCinJP has joined #sandstorm
KooBaa has joined #sandstorm
<mnutt>
I'm trying to publish and getting "No such grain for public ID: api [404]failed to connect to app index" is this due to disabling new apps until oasis gets updated? if so, I'll just wait until tomorrow
KooBaa has quit [Ping timeout: 260 seconds]
<kentonv>
mnutt: hmm, that sounds bad
<kentonv>
mnutt: I broke it. :(
<mnutt>
no worries, I'll publish tomorrow
<kentonv>
mnutt: thanks for noticing this, I guess it's time to push another bugfix
<mnutt>
it depends on the offer-template updates anyway
<kentonv>
(I broke the non-token-specific API endpoint)
<kentonv>
I guess all our tests automatically started using the token-specific one
azirbel has quit [Read error: Connection reset by peer]
<kentonv>
it's one of those three-release days.
azirbel has joined #sandstorm
<kentonv>
mnutt: can you try again now?
<mnutt>
kentonv: it worked
rolig has quit [Ping timeout: 246 seconds]
<kentonv>
mnutt: hooray
<kentonv>
also might want to run `sandstorm update` on any servers where you're running Davros currently. >_>
<mnutt>
will do
<kentonv>
(otherwise they might be failing to sync until the update happens naturally)
jparyani has quit [Ping timeout: 244 seconds]
rolig has joined #sandstorm
jparyani has joined #sandstorm
neynah has joined #sandstorm
<digitalcircuit>
So that's how to manual update - useful to know :)
<mnutt>
I don't suppose you want to hear about the typo in the release notes for 0.149 ;)
frewsxcv_ has quit [Ping timeout: 268 seconds]
<kentonv>
mnutt: bah. OK, fixed in master. Not going to push a new release for that, of course.
frewsxcv_ has joined #sandstorm
<digitalcircuit>
Nothing like a late-night (at least here) bugfix party?
bpierre has quit [Ping timeout: 268 seconds]
bpierre has joined #sandstorm
<mnutt>
playing around with the ios owncloud auto photo upload feature pushing to davros. it's a little wonky but it works, which is awesome
<kentonv>
mnutt: whoa I might have to see if the Android client does that
<kentonv>
then turn off auto-upload to Google Photos
<dwrensha>
we only check the user agent for the shared API host
<synchrone>
hi everyone
<mnutt__>
ah, great! I missed that.
<synchrone>
I can't seem to figure out this small nginx issue of why it would redirect using full Location: http://... while I had "return 302 /my/relative/url" in the config...
<synchrone>
I've been fighting this like 2h straight, to no avail
<synchrone>
considering checking the sourcecode, if nothing else comes up..
<mnutt__>
that's weird, and I don't have any idea, but is it possible that there is further nginx handling on /my/relative/url? (like if you GET /my/relative/url directly, it's not 302ing from there, right?)
<synchrone>
I test it without using "follow-redirect" user agent's functionality
<dwrensha>
the "rewrite" nginx thing doesn't return a 302, if I remember correctly
<dwrensha>
it handles the request as if it had come in on the other path
<synchrone>
301 or 302 depending on the last argument
<synchrone>
aaand I don't need the internal nginx redirect, as per .well-known RFC
<synchrone>
i need that http 301\302 code
<synchrone>
all the way out to the clients
<kentonv>
hmm, I'm not sure we have any good reason for _not_ telling the app its base path
<kentonv>
synchrone: in your sandstorm-pkgdef, what is the value of bridgeConfig.apiPath?
<synchrone>
//
<synchrone>
"/"
<synchrone>
since I'm using /radicale from both iframe and API endpoints, I figured I'd rather not handle both usecases
<kentonv>
synchrone: what if you remove apiPath? I believe this causes API sessions to fall back to web sessions, which receive the base URL
<synchrone>
aren't iframe and API sections served by very different code paths?
<kentonv>
synchrone: the protocol between Sandstorm and the app is mostly the same, except that at session start Sandstorm will explicitly request an API session first and then fall back to WebSession if ApiSession is rejected.
<kentonv>
when requesting ApiSession, it provides a different set of session parameters which don't include the base path, but probably should
<synchrone>
wouldn't it require sandstorm-sid cookie in WebSession?
<kentonv>
no
<kentonv>
you're thinking of a different layer of the code
<mnutt__>
jparyani: I think I may have gotten to the bottom of the lychee large file uploading issue
<mnutt__>
(php was setting its own limits)
<kentonv>
synchrone: try building with no apiPath and see what happens... I bet you'll get a correct Host and X-Forwarded-Proto in that case, which fixes your problem
<kentonv>
synchrone: and then we'll look into fixing things so that API sessions get these parameters too in a future Sandstorm release
<synchrone>
I solved my problem by finding a way to respond with a relative URL, which fits my app better. But for the sake of other people, who might need their X- values I will check that too
<kentonv>
ah, ok, I thought you were still having trouble getting nginx to accept the relative URL
<jparyani>
Awesome mnutt__. What's the setting?
jacksingleton has joined #sandstorm
<asheesh>
mnutt__: (and then, can we fix it in vagrant-spk so others don't have this problem?) (-:
mnutt__ has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<synchrone>
ah, that's not from vagrant-spk, but from `spk`
mcpherrin has joined #sandstorm
<kentonv>
in theory vagrant-spk is supposed to pass through arguments to spk but it looks like it is not doing so correctly here
<synchrone>
ok, i temporarily "embargoed" (man, I love this wording) the v8 update
<kentonv>
synchrone: FWIW we know not to accept it until after the Oasis push
<synchrone>
I was curious to test this. Never had a reason so far )
<kentonv>
heh, you may be the first to actually use it!
<synchrone>
?experimental=true now shows an empty page :D
<synchrone>
ooh, JS errors
<kentonv>
the app market is kinda rickety
<kentonv>
not a high priority to fix currently
mnutt__ has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<synchrone>
aand here I hit the 5 grain limit on Oasis again
<synchrone>
@kentonv: I don't mean to push but, could you respond to that email asheesh sent you on 17th of February?
<kentonv>
synchrone: Hmm, I did, but for some reason you weren't CC'd on Asheesh's email and so reply-all didn't get to you.
<kentonv>
synchrone: your Oasis account should now be on the mega plan and show a credit for 1 year of service
<synchrone>
My PlanCurrent Plan:Free
<synchrone>
should I relogin?
<kentonv>
no, hold on
digitalcircuit has quit [Remote host closed the connection]
<kentonv>
synchrone: refresh now?
digitalcircuit has joined #sandstorm
KooBaa has joined #sandstorm
<kentonv>
synchrone: Actually, it seems I don't know how you are logging in. I gave the bonus to an account attached to your email address, but I notice now it hasn't been active since November, so that's probably not your main account.
mnutt__ has joined #sandstorm
digitalcircuit has quit [Read error: Connection reset by peer]
<synchrone>
PMd you the details
digitalcircuit has joined #sandstorm
jacksingleton has quit [Ping timeout: 260 seconds]
joshbuddy has quit [Quit: joshbuddy]
jacksingleton has joined #sandstorm
<mnutt__>
asheesh: I'll see if I can figure out a way to generalize it. right now vagrant-spk doesn't take over php.ini