<paulproteus>
I'll probably file a bug against sandstorm-website unless we have another better place to file this, even though sandstorm-website is "just" the website, not the blog.
<zarvox>
...valid.
<dwrensha>
I thought that "hero images" were the fashionable thing these days?
<zarvox>
while we're on website usability: calls to action on the homepage should be in accent colors, so they stand out
<paulproteus>
Sure, but no text at _all_ is a little extreme.
<gwillen>
dwrensha / kentonv: I enjoyed your post on delegation, and I'm pleased that you precisely countered my objections :-)
<snolahc1>
Hi all, we're having a Sandstorm presentation and demo tomorrow in Paris, and the guy who should have helped me can't do it, and i'm now in lack of the principles slides. Has anyone some slides i could rely on ? Thanks :)
<paulproteus>
There's lots of Q&A there, starting at 0:40:00 or so, so you don't have to watch the full talk necessarily.
<paulproteus>
I, for one, find it very useful to get familiar with other presentations on a topic; that way, I end up with a bunch of strongly-held opinions about how to present it better than that, and then I find myself motivated to act on those opinions. (-:
<snolahc1>
i like your way of thinking/doing stuff
<paulproteus>
I have lived through lots of last minute stress, so I can empathize with your situation.
<paulproteus>
That is not necessarily something to be proud of, but at least I can tell you what I'd do. (-:
<paulproteus>
I also like to use YouTube's "speed" feature to watch presentations at 2x (or faster, with VLC).
<paulproteus>
Similarly you're going to end up knowing, _after_ the talk, how you could have done it even better.
<paulproteus>
That'll be fine.
<snolahc1>
paulproteus, i do it often while listening to scientific/technical stuff
<paulproteus>
Ah, great.
<paulproteus>
How big is your audience? What's their background?
<snolahc1>
i think we'll be ~50, mostly devs and sysadmins
<paulproteus>
Cool, so they'll appreciate you doing a demo, and answering questions.
<snolahc1>
but as it's a "technical enlightenment" talk, maybe we'll have some end-users too :)
<snolahc1>
yeah i find your project really interesting and i try to help with the (so) little time i have left
<paulproteus>
( :
<paulproteus>
BTW, if you have any questions you think people will ask, and you're not totally sure how you'll answer them, feel free to ask (here or by private message).
<snolahc1>
i'm off focusing on the links you gave me, see ya in minutes with more questions ever :p
<paulproteus>
Great (-:
<ocdtrekkie>
I mostly did the lightning talk version, slightly expanded, and I did it with Hacker Slides so I could do a Sandstorm talk on Sandstorm.
<ocdtrekkie>
But I filled it with lots of fluff talk on my own part.
<ocdtrekkie>
I demo'd the install process with Sandcats from a fresh EC2 instance, which took like three minutes or something like that.
<ocdtrekkie>
To a web accessible URL that people could try.
<paulproteus>
Right-o. I like that idea.
amyers has quit [Ping timeout: 256 seconds]
<ocdtrekkie>
That worked pretty well in practice, and people did seem impressed how easily and quickly that worked (rehearse this), so if you have a longer talk, it's a great way to eat five minutes.
<paulproteus>
What other questions can I answer on this page about Sandcats?
<ocdtrekkie>
Emphasize that it's optional.
<ocdtrekkie>
It will be key to state any Sandstorm.io-run services that connect to a self-hosted instance are completely optional and provided for the use of those who are okay with them. Probably such and such statement about whether or not any data is collected or something.
<ocdtrekkie>
Basically, assume your reader is paranoid, because half of us are.
<paulproteus>
( :
<paulproteus>
This is legit helpful feedback!
<paulproteus>
ocdtrekkie: reload?
<ocdtrekkie>
Random other question that rumbled around my head one day: Can one reverse-engineer Sandcats.io to general use dynamic DNS? :P
<paulproteus>
Yes, totally (-:
<paulproteus>
The place to start for that is to steal code from the Python-based test suite.
<paulproteus>
"steal" used loosely; it's Apache License 2.0, like the rest of Sandstorm.
<paulproteus>
We don't have a Terms of Service written up; maybe I should.
<ocdtrekkie>
I was just wondering how long it'd be until you might have to contend with someone doing that to save money from paying for the service for someone else. :P
<kentonv>
or you can just run a dummy Sandstorm server on a non-public port
<kentonv>
DNS is not expensive to run. :)
<ocdtrekkie>
It might be plausible to at least have :legal: saying such-and-such "this is only to be used for Sandstorm instances" so if you end up with a problem for some reason, you have the legal such and such.
<ocdtrekkie>
kentonv: I always figured many of these DNS services were halfway scams with how much cost they charge for the services provided and such.
paroneayea has quit [Read error: Connection reset by peer]
paroneayea has joined #sandstorm
<kentonv>
ocdtrekkie: honestly if people want to advertise for us by using sandcats.io as their domain for a non-sandstorm server then hey, I'm cool with that.
<kentonv>
but yeah, this service is super-cheap to run
<paulproteus>
I dunno, it's not 100% free in engineering time (-;
<dwrensha>
yay I am now signed up to receive Sandstorm Announcements emails
<ocdtrekkie>
\o/
<kentonv>
dwrensha: now you'll know when you send an announcement! :P
mort___ has left #sandstorm [#sandstorm]
<ocdtrekkie>
Good post, I was curious why such buttons were available to people shared with.
<ocdtrekkie>
Now I know.
<dwrensha>
for what it's worth, I found the "two separate mailing lists" thing confusing back in the early days
<paulproteus>
dwrensha: By "the early days" do you mean "in 2014" or "when you were a teenager"?
<paulproteus>
Honest question; not sure what you mean.
<dwrensha>
ha
<dwrensha>
I mean like March 2014
* paulproteus
nods.
<dwrensha>
waaaay back then
<ocdtrekkie>
I am enjoying the fact that I can send a public link out.
<ocdtrekkie>
And actually see who read it.
<dwrensha>
ocdtrekkie: it's not transitive yet
<dwrensha>
working on that
<ocdtrekkie>
What do you mean?
<dwrensha>
I mean if people who open your link reshare
<dwrensha>
you won't get to see who they reshare to
<ocdtrekkie>
Ahhhhh.
<ocdtrekkie>
Honestly, it's just nice for even direct-only. That when I send a bunch of people a link, I can see who actually bothered to do so.
<kentonv>
ocdtrekkie: also, eventually you won't be able to see people on that list if you haven't connected with them before, since otherwise it's a bit of an information leak
<kentonv>
ocdtrekkie: that is to say, you shouldn't be able to harvest identities of people you don't already know by tricking them into clicking links
<ocdtrekkie>
kentonv: By "connected" you mean?
<kentonv>
ocdtrekkie: some sort of evidence that you already know them, and so revealing their name or other profile data to you isn't new information
<ocdtrekkie>
Re: "harvest identities", ideally one should have control over their display name, and the tab doesn't display anything further than that.
<dwrensha>
well, they'll count in the tracking of unique visitors, but you won't be able to get identify info
<ocdtrekkie>
I kinda think people's display name at borderline info is fair game for someone visiting your link.
<ocdtrekkie>
And so, like, what happens when people to go an app like Wave? Such an app reads and stores that sort of info directly, does it not?
<kentonv>
ocdtrekkie: what would happen is, if the person isn't already connected to you, Sandstorm would prompt them to ask if they want to reveal their identity or be anonymous.
<kentonv>
an annoying interstitial, but it's necessary
<ocdtrekkie>
Do you not assume the API provides that info to apps, and therefore an app could be storing that info in a format retrievable by it's owner?
<ocdtrekkie>
Ah.
<ocdtrekkie>
So then apps will need to learn how to handle anonymous users, if they don't already have that capability?
<paulproteus>
i,i Anonymous Squirrel, like Google Docs
<kentonv>
ocdtrekkie: anonymous users are supported today. Try opening a share link in incognito.
<ocdtrekkie>
Yeah, I know how Google does it. But obviously an app will need to learn that two Anonymous Squirrels may not be the same person.
<kentonv>
currently the sharing UI shows no indication of anonymous users, but eventually we want to show a count of how many users have used the link
<paulproteus>
There's a X-Sandstorm-User-Id that's != X-Sandstorm-User-Name that should cover things.
<kentonv>
paulproteus: x-sandstorm-user-id isn't sent for anonymous users
<paulproteus>
o
<kentonv>
I'm not entirely sure that an app *should* be able to identify repeat anonymous users. That seems not anonymous, then.
<kentonv>
OTOH, we do plan to do such tracking at Sandstorm's level just for the purpose of giving you a count of unique users.
<kentonv>
eventually people will be able to create new identities that they can use when visiting apps, so if you wanted a "persistent anonymous" identity, you'd do that
<kentonv>
in that case the app would see the user not as anonymous, but also not as their "real" identity.
<ocdtrekkie>
So is there going to need to be some sort of friend/follow/group system for acknowledging that it's okay to share identity info?
<ocdtrekkie>
And if two users are connected, will you skip the "share info with this grain" popup for a user visiting a grain owned by a user they previously connected to? Or assume every grain is it's own case?
tantalum has quit [Quit: Leaving]
<paulproteus>
Hey snolahc1 how's it going?
<kentonv>
ocdtrekkie: it's not entirely clear yet. I would prefer not to show an interstitial for every invite if we can avoid it.
<XgF>
Is the feature to "share with privileges" in yet? Do I need to run a sandstorm upgrade on my server?
<kentonv>
XgF: Yes, been in for a few weeks, and we just did a blog post about it today.
<XgF>
I don't see anything new in the sharing UI?
<kentonv>
XgF: Do you see the share button? Only some apps support multiple permission levels.
<XgF>
Yes
<kentonv>
OK, so you have the Sandstorm update.
<XgF>
Server is running 0.78. Which apps have permission levels now?
<kentonv>
Etherpad, Gitweb, and Groove Basin
<kentonv>
you may need to re-install the apps from the app list to have them update.
<kentonv>
since we don't have push updates for apps yet
<XgF>
Gotcha
<XgF>
Does the "Shared with me" list work yet? :-)
<kentonv>
XgF: yep
<kentonv>
if you received the share via a new-style sharing link
<XgF>
Gotcha. Need to prod user to upgrade their grain :P
<kentonv>
yes. Note that the old /grain link won't work once they upgrade, until they send you the new-style link to restore your access.
<kentonv>
(btw the "shared with me" section works for all apps, not just ones that support varying permissions)
<ocdtrekkie>
prod: sandstorm.io/vote should get upgraded. ;)
<ocdtrekkie>
Oh, so, kentonv, on "information leaks" category, would "last updated" be considered a leak?
<ocdtrekkie>
I'm wondering why it isn't on the Shared With Me tab.
<kentonv>
ocdtrekkie: I don't want to update /vote because everyone who has bookmarked the grain URL will lose access. :/
<dwrensha>
ocdtrekkie: do you mean "last used"?
<kentonv>
ocdtrekkie: I think "last used" is missing there simply for technical reasons. But we should probably hide the column if it's going to be empty.
<ocdtrekkie>
That, dwrensha.
<XgF>
The longer its' left the more people create bookmarks =/
<ocdtrekkie>
^^
<paulproteus>
i,i sandstorm needs a redirect app
<kentonv>
dwrensha: presumably we can't implement that column without a "join" which would be slow, so maybe we should hide the column or make it "last opened" or something?
<ocdtrekkie>
Wtb fancy grain with old sharing model that redirects.
<ocdtrekkie>
paulproteus: Same thought. :D
<ocdtrekkie>
kentonv: I mean, to me, in a collaborative document, the only value on Last Used would be knowing that there may be an update to the work.
<kentonv>
Hmm arguably we could cause old /grain URLs to populate the "shared with me" tab without having them actually upgrade to the new model.
<ocdtrekkie>
When *I* last used it isn't incredibly valuable.
<ocdtrekkie>
How long do you intend to support the legacy model working, kentonv?
<XgF>
The "easy" option might just be to make a special share (to which you redirect unauthorized users) on upgrade. I'm not sure how wothwhile that is for a small number of grains
<ocdtrekkie>
And is it problematic to have an "old sharing model" type legacy code lying around when we're still in Alpha?
<kentonv>
ocdtrekkie: yeah, but there is a valid question of information leaks, and also the "shared with me" items are in a separate table from the grain metadata and so we can't easily sort them by the true "last used" anyway
<kentonv>
ocdtrekkie: old model will probably continue to work forever.
<kentonv>
ocdtrekkie: it's not terribly hard to keep working
<ocdtrekkie>
It just seems weird to have "old" models during an alpha.
<ocdtrekkie>
I'd almost expect breaking changes during an alpha!
<paulproteus>
s/expect/hope for/
<paulproteus>
that's what the _fun_ is!
<ocdtrekkie>
lol
<XgF>
And I imagine that the number of grains still using it will become so negligible it costs more than its' worth very soon
<kentonv>
ocdtrekkie: well sure, but as it turns out we are actually using the alpha for production work. :)
<ocdtrekkie>
Well, I mean, I use a few grains for more "production" use than "test" use. (Not sensitive data, and usually backed up if important.)
<ocdtrekkie>
But it still seems odd to have something like the sharing model not "just" change at this stage.
<ocdtrekkie>
Though I appreciate the added effort to seamless behavior, I suppose. ;)
<kentonv>
it really is not much code to maintain. It's just like... "if (old model) perms = defaultPerms; else perms = computePerms();"
<ocdtrekkie>
What's funny, is I almost feel like the last eight or ten statements of this is a complaint, but really it's just a notation that I expect worse customer service than this.
<ocdtrekkie>
;)
<paulproteus>
++
erikoeurch has quit [Ping timeout: 245 seconds]
<kentonv>
I'm pretty sure the very first etherpad spk I built will still work today.
<ocdtrekkie>
I am going to like test that in like a year with a bunch of old SPKs for fun. ;)
<ocdtrekkie>
Random note: I am going to be able to move back to Windows Phone again when 10 comes out. The Quassel client, my mail client, and the Sandstorm-modified RSS client are mostly why I carry my Android, and they're all open source and I can compile them for Windows someday soon.
<ocdtrekkie>
:D
<ocdtrekkie>
(See random note about how sometimes being open source is just a perk because you can move it to a closed platform easier or something.)
<kentonv>
ocdtrekkie: note you will need to build our forked version of the TTRSS client
<ocdtrekkie>
kentonv: Of course.
<XgF>
I'm not sure running Android apps on Windows is going to be any better than running Andorid apps on Android
<XgF>
Especially when those Android apps expect Androidy things and interact badly
<ocdtrekkie>
XgF: I don't really expect Android apps to be the shining example of user experience on Windows Phone.
<ocdtrekkie>
But I'll suffer through some Android to fill in the occasional gap in what I use that's native to Windows.
<ocdtrekkie>
(Though I guess nobody even realized Candy Crush Saga on WinPhone is written for iOS, and has been out for six months and has a 4.5 star rating)
<ocdtrekkie>
So depending on the app and what it needs to do, it might or might not work okay or absolutely terribly.
<ocdtrekkie>
I assume they intend to monkey patch a few things there for you.
<XgF>
Monkey patching the contacts interface would be quite the challenge
<XgF>
I mean, the platform pretty close to just exposes a raw SQLite database
<phildini>
does anyone want to sign up for my self-hosted server so I can test the new sharing stuff?
<ocdtrekkie>
phildini: Sure. Though I should be heading out the door now.
<phildini>
eh. if you've got a place to be, it can happen later. ;)
<ocdtrekkie>
XgF: Yeah, Iunno what they're going to do. IIRC, Amazon has done some weird stuff before to make Google API calls redirect to Amazon services and stuff like that on their forks.
<XgF>
Yeah, Amazon provide emulations for Google Play Services, but to be honest GPS integration is way less incestuous than the platform itself
<kentonv>
phildini: Note that you don't actually need to invite people to share with them.
<ocdtrekkie>
It'll be fun to import apps and see which work and which explode horrifically. :D
* XgF
feels like his 1gbit/s home network is insufficiently fast
<ocdtrekkie>
Heh, I have 100 meg currently, but I'm going to have to reduce it when my promotional period ends.
<paulproteus>
phildini: waah I was trying to type in there
<phildini>
I'm curious to see what happens.
<paulproteus>
I'm mashing keys but it's no use
<XgF>
I'm on 150mbit/s down @ £39/mo. I could probably get it cheaper if I took out phone and TV too
<XgF>
But currently I'm shuffling 1.5TB around as I've upgraded my storage array so it's taking its' sweet time
<ocdtrekkie>
XgF: Ooooh, internal. Yeah, I Gigabit all the things internally, I just don't do that much between machines to be honest.
<ocdtrekkie>
It rarely matters for me.
<XgF>
Same. Just This One Time
<ocdtrekkie>
lol
<XgF>
I'm borrowing my desktop as a "drive host" so its' currently booted from a Linux live USB stick so I can mount the old array and do the copy...
<ocdtrekkie>
I do have some data syncs but they're scheduled in the background and I don't notice if they take a long time.
<ocdtrekkie>
They just do it.
<ocdtrekkie>
Heck, I have over-Internet file syncs that I don't really pay attention to the run time of.
<phildini>
interesting... it says I have shared access with Kenton Varda... but I don't remember doing so?
<phildini>
did one of those links opt-in in some way?
<ocdtrekkie>
That means he signed in, and clicked your link.
<ocdtrekkie>
Whereas I don't list on there, because I am not signed in on your server.
<phildini>
ah! right.
<kentonv>
phildini: anyone can log in, but only people you invite can install apps or create grains.
<XgF>
I look forward to the day Sandstorm does federated identity :-)
<phildini>
kentonv: gotcha! Ok.
<XgF>
And I can hook it up to my home Active Directory server :-)
<ocdtrekkie>
kentonv: Theoretically, one can edit anonymously with a link, yes? Wouldn't it be a viable desire to allow anonymous viewing but require signin for editing?
<kentonv>
XgF: Well it already supports email login which is pretty federated. :)
<phildini>
I kind of wish I could see the links again from the list... it looks like my only option is to delete them?
<XgF>
kentonv: I mean where I can login to "my" account on another server and the "shared with me" stuff works remotely or such
<ocdtrekkie>
LDAP support is a popular request
<ocdtrekkie>
IMHO someone should see if either of the accounts-ldap packages will work with Sandstorm yet.
<XgF>
LDAP+Kerberos would be even cooler (but, seriously, do LDAP on its' own first :P)
<kentonv>
phildini: we actually don't store the links on the server. Only store hashes.
<phildini>
kentonv: I
<phildini>
I'm assuming this is a feature?
<kentonv>
phildini: yes. If someone gets a copy of your mongodb, they shouldn't be able to exercise all the sharing links.
<phildini>
I think I'm missing what you're protecting myself from by not letting me see the link again... ah.
<kentonv>
phildini: if the UI is annoying, we could consider doing something where we actually present you a new link each time but act like we're not. You'd only be able to tell if you actually compared with the previous link. :)
<kentonv>
phildini: but I think it's more useful for users to be able to see stats per-link and such
<phildini>
I'm uncertain if it's annoying or not.... my use case was, for this document, I set up a reader link and an editor link.
<ocdtrekkie>
My only notion, kentonv, is for links intended to be posted super-publicly, there's no reason for that security feature.
<phildini>
I could see cases where I would want those two links and only those two links, rather than creating over and over...
<ocdtrekkie>
You can store them elsewhere, phildini
<phildini>
true.
<ocdtrekkie>
But yeah, I mean, particularly for the public sharing use case the link not being available can be quirky.
<kentonv>
ocdtrekkie: eventually we should support "public" links where you can specify the path instead of having it be random
<phildini>
I realize this is probably upcoming, but it would be nice, for example, to be able to promote kenton's user account to app-install capability.
<ocdtrekkie>
phildini: You send him an invite.
<phildini>
right now, I know he has an account, but can't do any sort of user management on him.
<ocdtrekkie>
And he logs in.
<kentonv>
phildini: you can do that by sending me an invite. :)
<kentonv>
phildini: well... there isn't any user management right now
<phildini>
ocdtrekkie: assuming I know his email. you've signed in via the provider I set up, why can't I then promote you?
<phildini>
that's fair.
<ocdtrekkie>
There's probably a lot of decent admin/management functions to add in the future.
<phildini>
It's more "nice-to-have" then ZOMG need right now.
<kentonv>
phildini: you don't need to know my email. You could send me an invite link via IRC. It applies to whatever account I sign in as when visiting the invite link.
<ocdtrekkie>
I was going to note that now that we have an admin settings page (which in itself is a very new thing), things like the Install link and the "don't prompt if from this host" that specify sandstorm.io/apps should be configurable, in the future, for instance.
<ocdtrekkie>
But at this point, it's not a huge deal. Eventually people may run internal app "stores" for employees.
<ocdtrekkie>
So those sorts of things eventually shouldn't be assumed.
<ocdtrekkie>
I am very bad at actually leaving the office at the end of the work day.
<kentonv>
ocdtrekkie: regarding "require login to edit", we could theoretically implement something like that, with the caveat that people can always log in with a throw-away account/identity.
<kentonv>
ocdtrekkie: I'm also bad at leaving the office at the end of a work day!
<XgF>
kentonv: I'd quitel ike that for "our" use case where we have a channel shared etherpad document
<kentonv>
ocdtrekkie: sometimes I don't leave the office for two weeks at a time!
<ocdtrekkie>
kentonv: Well, that's true of any system, I can create throwaway Google accounts too.
<kentonv>
ocdtrekkie: but then... the office is my house.
<ocdtrekkie>
kentonv: Hah. At least your office has a bed.
<ocdtrekkie>
:D
<ocdtrekkie>
I am jealous of your commute though, kentonv.
<dwrensha>
I'm also bad at leaving the office at the end of a work day!
<ocdtrekkie>
I wonder how much of "login to edit" is a security feature, and how much of it is a "please sign in for the convenience of me knowing who just edited this".
<XgF>
In my case definitely the latter :-)
<ocdtrekkie>
As opposed to people who may be authorized to edit, who just don't sign in, and then nobody knows who did a thing.
<XgF>
Also about etherpad not piling up 1 million identities
<kentonv>
ocdtrekkie: yes, that's valid. So it's not security at all, it's more of a policy designed to nudge people towards identifying themselves.
<ocdtrekkie>
XgF: Best moment in Sandstorm development was the Etherpad update that ensured my entire private document from now on is the same color.
<ocdtrekkie>
It's the little things in life.
<ocdtrekkie>
kentonv: I think so, yes.
<kentonv>
we just have to make clear that it's not security and should not be mistaken for security
<ocdtrekkie>
Similar to your "please don't reshare this" concept?
<kentonv>
exactly
<XgF>
Half the use of Sandstorm appears to be hosting Etherpads :p
<ocdtrekkie>
So, click link, get "Please sign in to edit this" with a ((edit anonymously)) small link below
<ocdtrekkie>
XgF: It's really convenient.
<kentonv>
a little ironic since standalone Etherpad is almost exactly the same usage model
<kentonv>
(except that standalone Etherpad keeps having security vulnerabilities that Sandstorm mitigates...)
<ocdtrekkie>
Yes, but then I'd have to run Etherpad.
<XgF>
The other half appears to be hosting $RANDOM_APP to share photos
<ocdtrekkie>
And EtherCalc, which is the other half of my Sandstorm use. ;)
<ocdtrekkie>
kentonv: What could you do if you hijacked phildini's Google login exactly again?
<ocdtrekkie>
Other than "allow people to sign in with Google even though phildini didn't expressly want that to happen"?
<kentonv>
ocdtrekkie: possibly find out who is logging into phildini's instance and collect stats on them. But I'm not actually sure.
<kentonv>
ocdtrekkie: I am fairly sure (but not completely) that it would NOT let me otherwise bypass phildini's server's security.
<ocdtrekkie>
Could you get his domain in trouble with Google or something by doing naughty things on the same key or anything like that?
<XgF>
I think worst case *should* be that Google block the secret
<XgF>
And maybe you can cause people ot inadvertently log in to Sandstorm
<ocdtrekkie>
I kinda wonder if at some point Sandstorm itself should recommend disabling the non-configured login providers.
<ocdtrekkie>
Maybe on setting up your first provider, the others are disabled automatically.
<kentonv>
ocdtrekkie: we're going to move to having them disabled until you go to the admin page and configure them, now that it's possible to get to the admin page without logging in.
<ocdtrekkie>
Cool
<zarvox>
Hooray for local login tokens!
amyers has joined #sandstorm
<paulproteus>
In other random news, I have this deep urge to get to 50 members for the Sandstorm SF meetup.