<kentonv>
I seem to recall it saying only "this came from the internet, are you sure you want to run it?", to which of course I'm always going to say yes
<kentonv>
but maybe I haven't looked closely at the message since before windows 7
<warren>
I agree most people ignore it, for that reason Apple changed the default to reject it, unless you go into options and disable that protection.
<warren>
all of those installers and linux packages at least give the user an option to cryptographically verify it
mattl has joined #sandstorm
<warren>
which you've now done with the PGP verified installer, so thank you.
<warren>
(I didn't look into how you did it yet, looking now.)
rustyrazorblade has quit [Client Quit]
<kentonv>
anyway, the blog post was not directed at you. Sorry if it came off that way. It's more directed at the people throwing insults at us on twitter without really thinking about it.
<kentonv>
I agree code signing is important and I'm glad you pushed us to do it
<kentonv>
many of the people complaining most loudly and offensively, though, weren't concerned about code signing
<kentonv>
the same people happily download google-chrome.deb and install it without checking any signature
<kentonv>
I think, also, that we have a responsibility not just to provide the signatures but also to teach users how to check them. I have not yet been able to find _any_ linux software download site that discusses how to check PGP signatures. Even Debian's, where their base ISOs are distributed over plaintext HTTP, mentions PGP nowhere on the page.
mort___ has quit [Quit: Leaving.]
<paulproteus>
kentonv and I worked on a that a lot FWIW. Tails's download page has you do a GPG check against a key that is named in the same web page as the download URL comes from, so the same CloudFlare attack would work against the instructions on that page, as I understand it (if the attacker is willing to rewrite page contents on the downloads page).
<paulproteus>
s/on a that a lot/on that a lot/
<paulproteus>
"that" == "Teach users how to check them"
<kentonv>
I would welcome someone adding this to release.sh and our docs. :) Or I can put it on my todo list but I think I need to context switch back to other tasks for a while before I get to it.
<warren>
You could have the first step of the release script start gpg-agent, and the last step kills it?
<paulproteus>
So (a) if you want to do this, send asheesh@sandstorm.io an email soonish with subject line "Use me for demo" (b) please try to join in a reasonably timely fashion
<zarvox>
Or you can type your passphrase a few times, that's fine too. :)
<paulproteus>
"this" == "join a rocket chat, say hello"
<paulproteus>
I figure it's a better demo to show email-based invites to a grain rather than URL token
<paulproteus>
(But it's OK if you can't promise (b) , it's cost-free for me to invite a lot of people)
<zarvox>
You could invite people in the audience.
<kentonv>
paulproteus: I could probably do it
<warren>
Does it have any protection against me spamming a million addresses with that invite? =)
<paulproteus>
I kind of don't want to show the audience members the "Big blue screen if you're not logged in" bug.
<zarvox>
Fair.
<paulproteus>
I've done a lot of live demos in my time : D
<warren>
(sorry, hard to resist inconvenient mention of ways of breaking things)
<zarvox>
I mean, if you invite a million people, and they all show up in that chat room, that will make our numbers look amazing
<neynah>
^
jacksingleton has quit [Ping timeout: 250 seconds]
<warren>
a million customers? I totally need to invest in this company!
<paulproteus>
Denial of Shares attack
<paulproteus>
i,i ^
<warren>
Does that also automatically instantiate 5k EC2 instances and load balance it?
<kentonv>
you'll need to warn me when it's time to start refreshing my email though
<paulproteus>
kentonv: K I'll ping you on IRC
<zarvox>
"or just paste the link into IRC and let the crowd go wild"
<paulproteus>
I don't want to show the URL token UI for sharing because I think that's a weird fit with a private chat app.
jadewang has joined #sandstorm
<paulproteus>
I think I private chat apps to work where I add people one by one.
<paulproteus>
s/I think I/I think I expect/
<zarvox>
makes sense
<zarvox>
I forget if you were around when I was muttering about how maybe you should be able to add people to your contacts if you've participated in a grain with them, since apps can effectively reveal everyone's identity to everyone else
<paulproteus>
Wasn't but I delegate my opinion about contacts to you for now
<paulproteus>
This talk is basically an ad for web-based open source products (in the sense of "product" (web apps) vs. open source libraries) and I think it is extremely worth watching.
<paulproteus>
It also discusses why people self-host things, which is super interesting too.
<kentonv>
what a great lead-in for you
<paulproteus>
Yeah but the answer is "easy integrations & apps that users can modify" which IMHO we need a story for.
<paulproteus>
"integrations" =approx= powerbox
<paulproteus>
"apps that users can modify" = "we need to spend some time ensuring vagrant-spk builds are reliable" (maybe, not quite sure what I am going for)
<paulproteus>
And/or "App extensions"
<paulproteus>
(add-ons? was that the name?)
<paulproteus>
Also he basically is saying that Docker is the FTP-upload-some-PHP of 21st century web hosting
<paulproteus>
Which is a fascinating concept.
<paulproteus>
</rocket.chat talk>
<paulproteus>
OK these iHealth people are maybe pretty interesting too.
simonv3 has joined #sandstorm
<paulproteus>
zarvox: this is a css-in-js shop fwiw
<paulproteus>
this == ihealth
<paulproteus>
"at first I must admit that CSS in Javascript can be very awkward, but after I tried I learned you can do a lot more in CSS-in-JS so long as you have good foundations and planning in the beginning"
<paulproteus>
The React components described in this talk are super-duper interesting.
<iqlinx>
something open source :) that i can integrate into my a site..
iqlinx has quit [Ping timeout: 246 seconds]
simonv3 has quit [Quit: Connection closed for inactivity]
gopar has quit [Remote host closed the connection]
joshbuddy has joined #sandstorm
larjona has joined #sandstorm
ckocagil has quit [Ping timeout: 240 seconds]
patrickod has quit [Ping timeout: 240 seconds]
erikmaarten has joined #sandstorm
DanC_ has quit [Ping timeout: 264 seconds]
DanC_ has joined #sandstorm
bb010g has quit [Quit: Connection closed for inactivity]
mort___ has joined #sandstorm
mort___ has left #sandstorm [#sandstorm]
ckocagil has joined #sandstorm
joshbuddy has quit [Quit: joshbuddy]
patrickod has joined #sandstorm
patrickod has quit [Ping timeout: 240 seconds]
larjona has quit [Quit: Konversation terminated!]
patrickod has joined #sandstorm
patrickod has quit [Ping timeout: 240 seconds]
uppermgmt has joined #sandstorm
<uppermgmt>
hello all, wondering if anyone has advice, trying to flip my sandstorm instance to a subdomain, i have the ui functioning, but if i try to open a grain i just get the spinner in that panel of the UI
<uppermgmt>
no errors in server log, i do see this in firefox js console though: Firefox can't establish a connection to the server at wss://apps.rm-rf.ca/sockjs/732/0pn_y2se/websocket.
<uppermgmt>
dns working for both apps.rm-rf.ca and *.apps.rm-rf.ca
<erikmaarten>
uppermgmt: nice address :)
<erikmaarten>
anyone here who knows how the Sandstorm package definition file works?
kentonv has quit [Ping timeout: 246 seconds]
<uppermgmt>
erikmaarten: ty :)
<dwrensha>
uppermgmt: are you using nginx?
<dwrensha>
that sounds like the kind of problem that happens when nginx is not forwarding websockets correctly
<uppermgmt>
dwrensha: hmm yes ia ctually am
<uppermgmt>
dwrensha: looking into connection header now, thanks
<erikmaarten>
dwrensha, think I've gotten the hang of it already. Maybe you could help me get a Keybase invite though so I can deal with keys and signing?
<dwrensha>
oh, I see your email :)
<dwrensha>
I'll send you one right now
<erikmaarten>
great, thanks!
<uppermgmt>
damn, fixed my websockets warning, but still spinning trying to load grains
<dwrensha>
uppermgmt: any errors on the server now?
<uppermgmt>
dwrensha: sandstorm.log looks ok
<dwrensha>
and your browser console?
<uppermgmt>
mongo seems happy, browser console is clear as well
<uppermgmt>
well
<uppermgmt>
SyntaxError: unreachable code after return statement
<uppermgmt>
i do have that but that didn't look like a legit problem
<dwrensha>
heh, are you using Firefox?
<uppermgmt>
i am
<dwrensha>
try closing the developer tools and reloading
<uppermgmt>
no change, i dont get that Tracker.autorun message sadly
<uppermgmt>
it just tested chrome real quick, still stuck with spinner when trying to load a grain
<dwrensha>
it's puzzling that there are no errors being logged...
<dwrensha>
which user owns /opt/sandstorm/var/sandstorm/socket ? Try `ls -l /opt/sandstorm/var/sandstorm/`
<uppermgmt>
root:sandstorm on everything in there
<uppermgmt>
should be user of nginx?
<dwrensha>
root:sandstorm is probably correct
<dwrensha>
nginx talks to sandstorm over a TCP socket
<dwrensha>
er, maybe "AF_INET socket" is the right way to refer to it. What I mean is it has an IP address and a port; it's not a Unix domain socket that has filesystem permissions.
<uppermgmt>
ahh ok
<dwrensha>
I'm trying to think about what else could be wrong...
<dwrensha>
do you mind sharing you /opt/sandstorm/sandstorm.conf?
<dwrensha>
*your
<uppermgmt>
sure
<uppermgmt>
one second
<uppermgmt>
sent
xet7_ has quit [Ping timeout: 240 seconds]
xet7_ has joined #sandstorm
<erikmaarten>
dwrensha, started tracking you on Keybase for good measure, not really sure yet of how it should be used.
<erikmaarten>
Anyway, an actual question about pkgdefs - I get a parse error, saying a group was expected, is a group simple a list of things enclosed in ()?
<dwrensha>
"PNG image. You may specify one or both DPI levels."
<erikmaarten>
ah, got it
<erikmaarten>
thanks!
* dwrensha
helps uppermgmt with self-signed certificate issues in private chat
<dwrensha>
fortunately, paulproteus is working on a better HTTPS solution
<erikmaarten>
I've followed the example of BrowserQuest (when it comes to icons) and checked against the package.capnp specification, can't quite see that anything is wrong.
<erikmaarten>
But I get a "failed: couldn't read file for embed"
<erikmaarten>
I take that back, found the problem
<erikmaarten>
app submitted!
<dwrensha>
\o/
erikmaarten has quit [Quit: Leaving]
itscassa|away has quit [Ping timeout: 268 seconds]
mort___ has joined #sandstorm
itscassa|away has joined #sandstorm
patrickod_ has joined #sandstorm
patrickod_ is now known as patrickod
patrickod is now known as pod
itscassa|away has quit [Quit: Enough, I'm out.]
<paulproteus>
(whoa neat, what package was erikmaarten working on?) (thanks dwrensha for helping all these people!)
itscassa|away has joined #sandstorm
groxx has quit [Quit: Connection closed for inactivity]
gopar has joined #sandstorm
itscassa|away has quit [Ping timeout: 268 seconds]
<erikmaarten>
paulproteus, re your question earlier, I've been making an app for the board game Go
kentonv has joined #sandstorm
jadewang has joined #sandstorm
<paulproteus>
erikmaarten: Oh neat!
<paulproteus>
I uh what language is it written in
larjona has joined #sandstorm
<paulproteus>
Which is to say, I think I may have seen that erikmaarten elsewhere, but then I actually got confused about if this was the programming language or the game and my brain threw an exception and I figured I'd retry later.
<maurer>
May not be a useful analogy to most folks, since Zephyr was oldschool when I was in undergrad
<geofft>
yeah, it was initially built to interop with zephyr (and match the design patterns of the barnowl UI)
<geofft>
but that analogy is literally true.
rustyrazorblade has quit [Quit: rustyrazorblade]
<larjona_>
paulproteus I got today the sandstorm.io stickers, thanks!
joshbuddy has joined #sandstorm
<neynah>
Yay!
rustyrazorblade has joined #sandstorm
larjona_ is now known as larjona
joshbuddy has quit [Ping timeout: 264 seconds]
rustyrazorblade has quit [Quit: rustyrazorblade]
NOTevil has quit [Quit: Leaving]
<keturn>
oh I see there's already been talk about the thing I was going to ask
joshbuddy has joined #sandstorm
<keturn>
that is, "zulip's been open source for like an hour now, can I run it on Sandstorm yet"
<keturn>
oh and I see the Hackpad open-sourcing finally happened as well
rustyrazorblade has joined #sandstorm
rustyrazorblade has quit [Client Quit]
rustyrazorblade has joined #sandstorm
itscassa|away has quit [Quit: Enough, I'm out.]
<paulproteus>
Ya
<aldeka>
lol
<paulproteus>
It's all very exciting things.
larjona has quit [Quit: Konversation terminated!]
<paulproteus>
OK so I have Sandstorm auto-renewing certificates.
<paulproteus>
However, it does so too often!
<paulproteus>
Luckily I'm still using the GlobalSign dev API.
<paulproteus>
Oh, right, because I defined "renew if needed" as "always renew".
<paulproteus>
Need to now define what "if needed" means.
rustyrazorblade has quit [Quit: rustyrazorblade]
itscassa|away has joined #sandstorm
<paulproteus>
For those who are curious: I seem to have gotten Sing Li and Kenton and Gabriel in a chat room where some further Rocket.Chat.Spk work is happening.