mquandalle has quit [Quit: Connection closed for inactivity]
natea has joined #sandstorm
simonv3 has quit [Quit: Connection closed for inactivity]
gopar has joined #sandstorm
gopar has quit [Quit: Leaving]
natea has quit [Quit: natea]
jadewang has quit [Remote host closed the connection]
simonv3 has joined #sandstorm
gopar has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 240 seconds]
<bb010g>
paulproteus:
gopar has quit [Remote host closed the connection]
<meonkeys>
anyone have an example nginx config handy? I want to put a reverse proxy in front of my sandstorm and also terminate HTTPS. Ah, gotta deal with websockets, too.
<paulproteus>
But note that there isn't a fork, in this case; mquandalle maintains the Sandstorm packaging for WeKan (new name of libreboard) as part of the main WeKan repo.
xcombelle has quit [Remote host closed the connection]
<ocdtrekkie>
mquandalle : check chat logs for the last hour, fyi
<mquandalle>
ragesoss: Yes, you can restore archived cards throw the board menu (top right) > “Archived elements”
<mquandalle>
And xet7 already figured out that the translation are on transifex, so I have nothing to add
<ragesoss>
mquandalle: ah, I see.
<ragesoss>
mquandalle: I was looking for something in the card option, when open the archived card by clicking on it from the list of recent activity.
<ragesoss>
eg, something in the same menu from which I selected archive.
<mquandalle>
I guess for purely wekan related question, it's better to use https://gitter.im/wekan/wekan (gitter provides a IRC bridge btw)
<ragesoss>
mquandalle: okay, thanks.
* mquandalle
Yes, I should add a restore button on the card itself
<mquandalle>
I have probably missed some discussions the last few months, does the sandstorm http bridge exposes the user avatar somehow?
<dwrensha>
mquandalle: yes! you now get a X-Sandstorm-User-Picture header
<dwrensha>
... containing a URL to the avatar
<mquandalle>
that's cool! Is it handled by the meteor sandstorm-user-accounts package?
<dwrensha>
I suppose it ought to be. It isn't yet.
<mquandalle>
Reading the http header is straightforward anyway
<mquandalle>
I'll implement that for the next rc
<xet7>
mquandalle: Should you announce to libreboard website / issue tracker that development continues at wekan project at github and transifex?
<mquandalle>
I'll redirect libreboard.com to wekan.io once the final v0.8 is released
<xet7>
ok
jadewang has quit [Remote host closed the connection]
<kentonv>
dwrensha: when I open an app, the initial query string sent to the app comes from the previous route, e.g. ?highlight=... from the applist route
<xet7>
mquendalle: In translations there's string "Toogle Board Sidebar", should that be Toggle ?
<kentonv>
dwrensha: this in particular completely breaks hackercms
<kentonv>
(on first install, at least)
<dwrensha>
define "previous route"
<dwrensha>
oh, I see
<xet7>
mquandalle I mean (not mquendalle)
<kentonv>
it seems the grain route executes before the address bar location has actually been updated?
<dwrensha>
I guess that's what I get for using window.location
<dwrensha>
it doesn't seem to happen for me
<dwrensha>
at least when I just tried it.
<kentonv>
hmm
<mquandalle>
xet7: yep it's a typo, I will fix it thanks
gopar has joined #sandstorm
<kentonv>
dwrensha: I may have uncovered the problem by optimizing away waits that usually happened here
gopar has quit [Max SendQ exceeded]
gopar has joined #sandstorm
<dwrensha>
kentonv: I could avoid this problem if I had a way to convert IronRouter's Javascript-Object-ified query back into a string that goes in a URL
<dwrensha>
kentonv: I suppose it wouldn't be too hard to write a function that did that
<kentonv>
dwrensha: mayyyyybe, but I worry about apps that use non-compliant query formats... hmm
<kentonv>
dwrensha: I guess it only applies to apps that are using the sandstorm URL passthrough feature in the first place, so they can be fixed...
<dwrensha>
kentonv: maybe when we grab the window.location, we should not use it if the path doesn't start with /grain/ or /shared/, as appropriate
<dwrensha>
or we should defer grabbing it until just before we construct the GrainView
<dwrensha>
or both of those things
<xet7>
mquandalle: I translated all Finnish strings, you can pull from Transifex to your GitHub repo.
<mquandalle>
Cool, thank you
<mquandalle>
I should finish the french strings :)
<xet7>
:)
<kentonv>
dwrensha: I suppose there's no reason to "defer" ever, because if we got to the grain via Router.go() then we know it won't have any special path...
<dwrensha>
kentonv: are you referring to the `Meteor.defer(openView)` thing?
<kentonv>
dwrensha: you said we could "defer grabbing it until ...", I'm saying there's no need
<kentonv>
dwrensha: If window.location.pathname is not /grain/id, then assume there will never be a patth
<kentonv>
I'm implementing this now
<dwrensha>
`Router.go(grainview.route())` can have a query
jadewang has joined #sandstorm
<kentonv>
dwrensha: yes, but we never use it to open a grain route with a query
<kentonv>
and why would we ever, when we have no idea what any app's path schema might be
<dwrensha>
if a grain does setPath("/?foo=bar"), and then the user navigates to a different grain, and then closes that other grain, then we do `Router.go(grainview.route())` and there is indeed a query
<kentonv>
but we don't create a new iframe there
<kentonv>
so it doesn't matter
jadewang has quit [Remote host closed the connection]
<dwrensha>
kentonv: Ah. I agree.
<kentonv>
dwrensha: oh, but it doesn't work in the case of promoting a share link to a grain url
<kentonv>
gr
<kentonv>
ok I think I should use the route parameters after all
<kentonv>
yeah and it looks like resolve() from that file re-stringifies it
<dwrensha>
Url.toQueryString()
<kentonv>
we want the hash too
<dwrensha>
IronRouter gives us that with this.params.hash
<kentonv>
actually I just discovered this.originalUrl
<kentonv>
I don't want to use this.params.hash myself because who knows if it's urlencoded, etc.
<kentonv>
hmm I don't know how this.url and this.originalUrl differ
<kentonv>
it looks like either one of them gives us what we want
<kentonv>
wtf, this.url is actually different from this.originalUrl, but when I do console.log(this) they both appear the same
<kentonv>
I guess this.url is modified after the log statement, and the dev console shows the current state of the object rather than the state when it was logged
<kentonv>
grr
<zarvox>
Yeah, devtools console shows objects by reference. It's occasionally obnoxious.
jadewang has joined #sandstorm
<kentonv>
what I really don't understand is why iron router is modifying this.url *after* the call... weird
<kentonv>
anyway, things work now, yay
mnutt_ has quit [Quit: mnutt_]
mnutt_ has joined #sandstorm
<dwrensha>
yusss "remote: GitLab: You are not allowed to push code to protected branches on this project."
<dwrensha>
permissions are going to work in GitLab
<paulproteus>
We are insane, which I mean appreciatively.
<paulproteus>
As AGWA has been telling me: "The Sandstorm team is very bold!"
<paulproteus>
: D
<paulproteus>
BTW the ca-browser forum mailing list is a barrel of laughs.
<paulproteus>
Mostly in good ways.
isd has quit [Quit: Leaving.]
<paulproteus>
"We have not planned what our next releases will hold, so we just don’t have any information about when/if we are going to address this in future versions of Windows/Edge." This is simultaneously a very reasonable thing to say and surely a very frustrating thing for the world to hear.
<kentonv>
well I think I just improved oasis performance but we'll see
<paulproteus>
(Said by an @microsoft.com address)
<paulproteus>
kentonv: so long as the performance gains don't require the <KEYGEN> tag I am for them!
NOTevil has quit [Quit: and out the window I go...]
mnutt_ has quit [Quit: mnutt_]
mnutt_ has joined #sandstorm
simonv3 has joined #sandstorm
neynah has joined #sandstorm
mnutt_ has quit [Quit: mnutt_]
mnutt_ has joined #sandstorm
gopar has quit [Remote host closed the connection]
<zarvox>
My subjective experience is that Oasis performance is massively improved. Props to kentonv.
<kentonv>
well... I think it may be that traffic decreased, too
<paulproteus>
OK so the sandcats machines had pending security updates I hadn't done.
<paulproteus>
I am doing them now, but I wonder: is there something people know/like for noticing machines that need that, and then alerting the admin?
<paulproteus>
For some reason I seem to want to babysit the machine and run apt-get upgrade manually and reboot it, rather than treating it like a Docker container that I auto rebuild and deploy or however things are supposed to be done in the twenty-first century.
<paulproteus>
(the security updates were a DoS issue in powerdns, fwiw)
<zarvox>
doesn't Debian have some support of unattended upgrades thing?
<paulproteus>
Yeah, but I'm just not totally sure I want them totally unattended.
<paulproteus>
Maybe I should have more faith than that.
<paulproteus>
Googling for [dashboard for machines that need upgrades] doesn't seem to show me the thing I am looking for.
<paulproteus>
I'd be happy enough if e.g. unattended-upgrades emailed a grain email address, and that thing had a central list of sad machines.
<paulproteus>
I'm also sort of implying this should be a Sandstorm app, which I do believe is true.
<zarvox>
Hmmm, the email target could be, but the monitoring piece would have to run on the host uncontained, no?
<paulproteus>
"run on the host uncontained" -- yeah, I'm imagining I e.g. apt-get install unattended-upgrades on each machine, and configure it to email a grain.
<paulproteus>
So yeah, unattended-upgrades on each host would not be restrained/contained/grained/etc.
<paulproteus>
(that's one way to do it)
<paulproteus>
(which I'd be fine with)
natea has quit [Quit: natea]
<xet7>
Is it possible for me to setup Sandstorm multi-server setup to my own servers using GitHub Open Source version?
<paulproteus>
Hi xet7! At the moment, no, the multi-server setup that we're using for the hosting service isn't open source.
<paulproteus>
That tooling is a separate product we codename Blackrock, and we're aiming to sell licenses to it as a way to support the work on the open source Sandstorm software.
<xet7>
Is it possible to make automated backups at fixed intervals from sandstorm server to separate server?
<paulproteus>
The answer for now is yes-ish and I'd like to make it "yes" soon, but haven't done that yet.
<paulproteus>
The yes-ish answer is based on the fact that /opt/sandstorm contains the full state of the Sandstorm install.
<paulproteus>
So if you snapshot that, you have a backup.
mnutt_ has quit [Quit: mnutt_]
<ocdtrekkie>
Well, you have to backup said snapshot. Snapshots aren't backups, etc.
<ocdtrekkie>
paulproteus : Almost to my thing where I am talking.
<dwrensha>
Hm... the bad news about GitLab is that now a single running grain consumes upwards of 600MB of RAM
<ocdtrekkie>
Wheee train.
<zarvox>
oof
<ocdtrekkie>
dwrensha : That is sad.
<zarvox>
for a single ruby process? or is that for multiple processes?
<ocdtrekkie>
Just because of matching upstream version?
<paulproteus>
ocdtrekkie: whoa yay awesome.
<paulproteus>
dwrensha: That's pretty hilarious re: 600 MB of RAM!
<dwrensha>
three separate ruby processes need to load basically the entire app
<dwrensha>
one for the sidekiq queue and two for the unicorn workers
<zarvox>
oh, the unicorn workers should hopefully be sharing pages
<dwrensha>
and there do need to be two unicorn workers to avoid deadlock, because the pre-receive hook calls back to the main server through an HTTP request
<zarvox>
is this 600 VIRT, RES, or SHR?
<dwrensha>
RES
<dwrensha>
each process is like 150MB
<dwrensha>
er, so maybe 500MB
<dwrensha>
total
<paulproteus>
"obviously" the HTTP request that activates the second process should be socket-activated (??)
jdenz has joined #sandstorm
<paulproteus>
So that only when that request gets made does the second process start existing.
<dwrensha>
paulproteus: that wouldn't help
<paulproteus>
Aw.
<dwrensha>
well, it would help if we could dynamically create only the needed workers
<dwrensha>
but I don't know how to do that
<paulproteus>
I don't know how to do it either.
<paulproteus>
Except arguably inetd.
<dwrensha>
multiple workers are only needed on `git push`, I think
<paulproteus>
Oh but then how to get the socket into Ruby hmm not sure.
<zarvox>
I thought unicorn just had a worker pool that it fork()'s from the master that is responsible for holding the code image and the sockets.
rustyrazorblade has quit [Remote host closed the connection]
<paulproteus>
Oh yeah that could work, like unicorn min-workers=1 max-workers=2
<paulproteus>
So then it notices when to have more workers and makes them as needed.
<paulproteus>
Also possibly you could nginx-route the API paths to a separate worker pool (?).
<paulproteus>
I also don't know that I believe this matters a lot yet.
<dwrensha>
"this" being RAM consumption?
<jdenz>
Hi. Quick question about SSL on a self-hosted instance using sandcats.io for DNS ... I'm stuck on this part of the process "Obtain or generate a key and TLS certificate with example.com and *.example.com in subjectAltName." from here: https://docs.sandstorm.io/en/latest/administering/reverse-proxy/ I can get the site to load via https, but when I attempt to load a grain, I get the "This connection is untrusted" error with no way to allow the exception.
<paulproteus>
Oh hi jdenz !
<paulproteus>
Sorry, I saw your message elsewhere just hadn't gotten to it yet.
<jdenz>
It's not a problem.
<jdenz>
I figured I'd ask via email and then try hear later if I didn't get a response.
<paulproteus>
jdenz: Are you intending to have your sandcats machine to have HTTPS that's trusted by most browsers, or is self-signed OK for your needs?
rustyrazorblade has joined #sandstorm
<paulproteus>
(Assuming that you can get it to work at all.)
<jdenz>
self-signed are ok
<paulproteus>
OK if I send you private messages here on IRC?
<jdenz>
Yes, thanks.
<dwrensha>
I'm going to play around with the unicorn config to see if I can get the memory usage lower...
<paulproteus>
OK I think that's all the help I know how to give. Of these, fwiw, my favorite is http://dst.lbl.gov/~ksb/Scratch/openssl.html#ca but I wish easy-rsa had a great tutorial somewhere that were Sandstorm-oriented.
<jdenz>
Thank you. I'm looking at those links now. I'll let you know which worked for me.
<zarvox>
It's like editing the component hierarchy live.
<mquandalle>
Having spent too much time fighting the meteor/blaze data contexts and missing component API, I'm also super excited by the whole react ecosystem
simonv3 has quit [Quit: Connection closed for inactivity]