rustyrazorblade has joined #sandstorm
rustyrazorblade has quit [Quit: rustyrazorblade]
<oao> i'm wondering if there is a way to disable guest access yet.
rustyrazorblade has joined #sandstorm
rustyrazorblade has quit [Client Quit]
<paulproteus> oao: Hi oao. There isn't yet. I'm curious -- would you also want to disable anonymous sharing links too?
<paulproteus> Thanks for asking; it's always nice to get feedback.
<paulproteus> Also oao I think I expressed that in a harsh-sounding way but I mean it in a curiosity-piqued, intrigued way.
<paulproteus> (-:
mnutt_ has quit [Quit: mnutt_]
<oao> i didn't interpret that as harsh at all
<oao> i'm not sure what an anonymous sharing link is in this context, so i don't know the answer to your question.
<oao> the reason i want to disable guest access is because i just don't want anyone else to use my server, or really to know anything much about its existence at all !
<paulproteus> AGotcha. Gotcha.
<paulproteus> ...
<paulproteus> Gotcha.
<paulproteus> An anonymous sharing link is what happens when you go to:
<paulproteus> * http://demo.sandstorm.io/ , then click Install apps, then install Etherpad (for example),
<paulproteus> * Then create a new Etherpad grain, then click
<paulproteus> * Share access, then click
<paulproteus> * Get shareable link, then click
<paulproteus> * Create, and end up with e.g.
<paulproteus> This link confers authority to the receiver to view/edit (in this case) this particular document.
<paulproteus> I'd call that an anonymous sharing link, since it's usable by a non-logged-in user.
<paulproteus> There is a "Sign in" link in the top right, and if someone does sign in, their name will show up on the pad.
<paulproteus> The fact that their name can show up is what I'd call "guest access".
<paulproteus> But maybe what you'd prefer is to only show "Sign in" when showing a grain?
<paulproteus> Interestingly, nothing I can see in https://docs.sandstorm.io/en/latest/administering/ covers this, so it's completely understandable to not have seen this.
<paulproteus> (Also I wrote much of what's in the administering/ section of the docs.)
dwrensha has joined #sandstorm
<oao> ah, i suppose that i can rely on myself (being the only logged-in user) not creating any of those, i don't need to disable them explicitly.
<oao> but right now, someone can go to the domain of my sandstorm instance and click "log in w/email" and then they are using the system as a guest, which i want to avoid.
<dwrensha> oao: note that such a user can neither install apps nor create grains
<oao> great, but they're still using some degree of resources and it presents a potential attack surface
<dwrensha> Right now we don't have a way to further restrict guest access. I could imagine adding such a feature in the future.
<kentonv> oao: They really aren't using any resources...
<kentonv> oao: they are prohibited from doing anything that would consume resources unless you invite them to
<oao> well, speaking as a user, i'd really like to turn it off. at minimum it's misleading.
<kentonv> we could certainly communicate the meaning better
<kentonv> I think what confuses people about sandstorm is that we have separate notions of "identity" and "accounts". Logging in merely proves your identity, but does not give you an account. Almost every other web app is different in that regard.
<kentonv> the reason people can log into your server is because you might want to share things with them, and they may need to prove that they are the people you shared with
<kentonv> but logging in is only proving who they are, nothing else.
mnutt_ has joined #sandstorm
<mnutt_> paulproteus: sorry to pepper you with questions today, but when vagrant-spk dev, somehow when I send it a SIGINT manually it’s not the same as ctrl-c’ing it from the console. any idea why that would be?
<mnutt_> (I’m working on some tooling that automatically stops and restarts vagrant-spk dev when files change)
<mnutt_> I can kill the whole process group, but then nothing gets cleaned up
<kentonv> mnutt_: that's probably more of a question for me. Unfortunately I don't know why that would be! O.o
<kentonv> isn't SIGINT to the pgroup exactly what ctrl+c does?
<mnutt_> kentonv: ok! I thought I’d ask in case it was being intentionally handled. I’m going to see if maybe vagrant is doing something special with it.
<mnutt_> somehow SIGINT to the pgroup seems to kill all of the processes without any sort of cleanup
<kentonv> oh hmm, I guess when going through vagrant-spk there's another layer that I don't know much about
<kentonv> I was just thinking of when using spk directly
<mnutt_> or rather, ctrl-c does, sigint doesn't.
<kentonv> I guess vagrant-spk is python which turns ctrl-c into a kind of exception
<mnutt_> actually, vagrant may just make an interactive ssh session, and that may be what is trapping the sigint. hm...
zarvox_ has quit [Ping timeout: 260 seconds]
zarvox has joined #sandstorm
<paulproteus> Hey kentonv if you're around...
<paulproteus> I'm running into:
<paulproteus> ==> default: /opt/sandstorm/latest/usr/include/sandstorm/web-session.capnp:145: error: Parse error: Empty list item.
<paulproteus> ==> default: /opt/sandstorm/latest/usr/include/sandstorm/supervisor.capnp:52:20-30: error: Not defined: Capability
<paulproteus> When trying to build a capnproto RPC demo program to show how to build a C++ binary that does Cap'n Proto RPC with vagrant-spk today.
<paulproteus> mnutt_: The first thing I'd try is finding the SSH process with your process manager (e.g. ps) and sigint-ing it
<paulproteus> Per https://github.com/sandstorm-io/sandstorm-rawapi-example/issues/1 I'll try capnproto from git.
<paulproteus> But grumble, this really should work with a release of some kind; I'm using 0.5.3 because it's the most recent.
<mnutt_> paulproteus: it works, although it kills vagrant-spk pretty hard
<paulproteus> kentonv: I figure directions I give people should point people at with vagrant-spk for web publishing should point to a release.
<paulproteus> mnutt_: : D
<paulproteus> I kind of love you successfully toppling vagrant-spk, a tower cake of my own (co-)creation.
<paulproteus> (while successfully accomplishing what you want)
<mnutt_> haha you should see the process tree on this thing
<paulproteus> So probably I should have the Python code trap SIGINT and then SIGINT the 'vagrant ssh' which would hopefully SIGINT the ssh.
<paulproteus> Next question - if you SIGINT the ruby (vagrant ssh) does that do the job?
<paulproteus> I would like to have less of a tower cake sometime I suppose, but life is short and this monster seems to basically work.
<paulproteus> Thanks mnutt_ btw for asking your questions.
<paulproteus> I presume many people have questions and instead of asking them angrily walk away.
<paulproteus> Which is totally their prerogative.
<mnutt_> paulproteus: oddly, SIGINTing ruby neither stops vagrant-spk nor does it manage to kill the spk process running inside the VM
<paulproteus> I agree re: oddly.
<paulproteus> What is vagrant even doing then?
<paulproteus> Does it suffice for now to have some way ato afchieve this, even if it results in hilarious stacktraces?
<mnutt_> yeah, I think so. it’s a bit undesirable because it may hide actual exceptions thrown by vagrant-spk, but good enough for now
<paulproteus> If you're willing to file a bug, I'd love that.
<paulproteus> github.com/sandstorm-io/vagrant-spk
<mnutt_> sure, sounds good
<paulproteus> For some reason I find myself struggling to compile capnproto within a vagrant-spk box.
<paulproteus> For this I am rewarded with:
<paulproteus> ==> default: .text._ZN2kj1_20TransformPromiseNodeINS0_4VoidEN5capnp8ResponseIN9sandstorm18HackSessionContext18GetPublicIdResultsEEEZNS5_15GetPublicIdMain3runEvEUlT_E_ZNS9_3runEvEUlSA_E0_ED2Ev
<paulproteus> ==> default: [_ZN2kj1_20TransformPromiseNodeINS0_4VoidEN5capnp8ResponseIN9sandstorm18HackSessionContext18GetPublicIdResultsEEEZNS5_15GetPublicIdMain3runEvEUlT_E_ZNS9_3runEvEUlSA_E0_ED2Ev]
<paulproteus> Ah hah.
<paulproteus> ==> default: pkg-config: not found
<paulproteus> ...if I were smart, I would apt-get build-dep capnproto
<paulproteus> OK, great, it works once I have that.
<paulproteus> Now testing w/ 0.5.3 rather than master!
<paulproteus> Nope, seems to require master. OK fine.
<paulproteus> mnutt_: At some point, I want your review on some docs I'm writing.
<paulproteus> For one thing, I'm trying to orient docs toward the general style of https://docs.sandstorm.io/en/latest/developing/http-apis/
<mnutt_> sure thing. for vagrant-spk?
<paulproteus> I find https://docs.sandstorm.io/en/latest/developing/web-publishing/ kind of rambly and I'm working on turning it more into the form of the http-apis/ document.
<paulproteus> I guess if you have any thoughts on https://docs.sandstorm.io/en/latest/developing/http-apis/ since we pointed you at it recently, I'd love to hear them.
<mnutt_> I think the biggest challenge with web-publishing is when you get to “Obtain a HackSessionContext capability”. I’d guess many users up to this point have been following the guides and running their HTTP servers on port 8000 using the legacy bridge and now they’re required to interact with capnp directly. It may be good to have a link to “set up a capnp library in your language” or something.
<paulproteus> bd
<paulproteus> I'm going to provide vagrant-spk copy-pasta to get a program they can exec() and capture the output of, and that will give them what they need.
<paulproteus> (Which happens to be written in C++.)
<paulproteus> That program is dwrensha 's tool that comes bundled with the WordPress package.
<mnutt_> that’d be great, and go a long way towards making it simple. you just shell out to it from your app and it returns a publicId via stdout?
<paulproteus> Ya
<paulproteus> I'm also writing a PHP sample app that demonstrates this.
<paulproteus> Q. Why PHP? A. Because although it's terrible, it's reasonably easy for everyone to read IMHO.
<paulproteus> FWIW. But I can be convinced other things are a good idea.
zeroish has quit [Read error: Connection reset by peer]
<mnutt_> shelling out is certainly easier in just about any language other than node
<paulproteus> It's also semi a pain from Python but at least it's a pain I understand.
<paulproteus> I would prefer to have cross-language copy-pasta for languages with Cap'n Proto RPC bindings, too, in that doc.
dcb has quit [Quit: dcb quit]
dcb has joined #sandstorm
<paulproteus> Going to bed now; will read later! Ciao!
<mnutt_> later!
larjona has joined #sandstorm
mnutt_ has quit [Quit: mnutt_]
larjona has quit [Quit: Konversation terminated!]
larjona has joined #sandstorm
bb010g has quit [Quit: Connection closed for inactivity]
larjona has quit [Ping timeout: 250 seconds]
larjona has joined #sandstorm
xet7 has quit [Ping timeout: 264 seconds]
larjona has quit [Remote host closed the connection]
larjona has joined #sandstorm
xet7 has joined #sandstorm
XgF has quit [Quit: No Ping reply in 180 seconds.]
XgF has joined #sandstorm
Mark- has joined #sandstorm
Mark- has left #sandstorm [#sandstorm]
mnutt_ has joined #sandstorm
<mnutt_> paulproteus: I was thinking a bit more about web publishing last night, any reason not to go the offer templates route?
<mnutt_> or you could just use postMessage directly and receive the publicId as a response
mnutt_ has quit [Quit: mnutt_]
xet7 has quit [Remote host closed the connection]
xet7 has joined #sandstorm
fonfon has joined #sandstorm
rustyrazorblade has joined #sandstorm
fonfon has quit [Remote host closed the connection]
rustyrazorblade has quit [Quit: rustyrazorblade]
rustyrazorblade has joined #sandstorm
<paulproteus> [also when does mnutt sleep!?]
<larjona> now, I suppose :)
<paulproteus> (-:
xet7 has quit [Quit: AndroIRC - Android IRC Client ( http://www.androirc.com )]
xet7 has joined #sandstorm
fonfon has joined #sandstorm
fonfon has quit [Ping timeout: 246 seconds]
simonft has joined #sandstorm
<simonft> hey all, sandstorm should start a webserver, correct?
<paulproteus> Is that logically equivalent to, "In normal operation, Sandstorm runs a web server"? If so, yes.
<paulproteus> The port that the Sandstorm web server binds to is defined in /opt/sandstorm/sandstorm.conf in the PORT=6080 (or PORT=80 etc.) line.
<paulproteus> And as always hi simonft.
isd has joined #sandstorm
<simonft> hello
<simonft> weird, I spun up an aws instance, ran the sandstorm install script, and that ip doesn't respond to port 80 or 443. It looks like something is listening on those ports though.
<paulproteus> Yeah -- AWS blocks all ports by default.
<simonft> ah, yes, I knew that at some point
* simonft fixes
<paulproteus> At some point I plan to introduce a check for that common issue into the install script.
<paulproteus> And yeah -- it even does port 443 by default, if you use a foobar.sandcats.io domain name, and has a valid HTTPS cert, etc.
<paulproteus> BTW things are about to get wacky
paulproteus is now known as asheesh
<asheesh> OK! I'm asheesh now.
<dwrensha> have you ever noticed that you never see asheesh and paulproteus in the same room at the same time?
<simonft> I took me a couple years to notice that
<simonft> *it
<asheesh> Dr. Paul Proteus to you, dwrensha
<simonft> Is there a way to make a mediawiki install publicly viewable?
<asheesh> simonft: Your options are:
<asheesh> 1. Create a public sharing link that some well-known URL redirects to, or
<asheesh> 2. Modify the MediaWiki package to use the static HTML web publishing feature.
<asheesh> #1 is actually semi-reasonable. It's what we do with the Sandstorm "Garply build bot" documentation wiki.
<simonft> I'm looking at replacing the wiki for the co-op I used to be at in Madison. It previously had a mediawiki installed, which got spammed to death. Later I switched to moinmoin, but migrating that turned out to be really hard when I changed servers.
<simonft> I am hoping that sandstorm has a simple way to do this.
<simonft> asheesh: use the static html publishing feature of sandstorm, or of mediawiki?
<asheesh> Of Sandstorm
<kentonv> asheesh: the cap'n proto errors are probably because you tried to build using a release version of Cap'n Proto, but Sandstorm depends on the latest git head.
<asheesh> Yeah; I guess my real question is, :crying_cat_face: why depend on git head :crying_cat_face:
<asheesh> But yeah, I switched to master!
<asheesh> And my life is great again.
<kentonv> because we add features specifically to use in Sandstorm all the time, and doing a release is a lot of work because Windows.
<asheesh> (I wonder if I can decrease that work re: Windows, based on my vagrant-spk Windows EXE generation experience)
<kentonv> not likely. Because what I really meant was that MSVC is a lot of work.
<simonft> asheesh: is "read more" linking to the right place here? https://docs.sandstorm.io/en/latest/developing/handbook/#apps-can-publish-static-html-to-the-world
<asheesh> https://docs.sandstorm.io/en/latest/developing/web-publishing/ now contains accurate info on how to have a great time with the C++ getPublicId helper that dwrensha wrote, even for people who basically haven't heard of C++.
<asheesh> simonft: lemme see
<asheesh> simonft: nope fixing
<dwrensha> oh, I should add the node-capnp example that I wrote for singli
<asheesh> bd dw
<asheesh> == bd dwrensha
<dwrensha> gets HackSession and then calls httpGet()
<xet7> simonft: do you know any low-resource-usage wiki software? We had problem that moinmoin used too much resources when caching data to RAM, Apache website on same server became unavailable.
<asheesh> Fundamentally I don't think running a wiki behind Sandstorm fixes wiki spam. But it probably helps at lot for now, since I don't think wiki spam bots know how to sign in to Sandstorm.
<simonft> asheesh: would they be able to edit if they signed in?
<xet7> What wiki is available on sandstorm?
<asheesh> It depends on how you configured the wiki permissions via Sandstorm sharing.
<simonft> also, they'd need a google account, which has anti-spam stuff
<asheesh> Agreed re: "need a Google Account which has anti-spam stuff"
<simonft> xet7: mediawiki only I think
<simonft> xet7: and I've not run a high traffic wiki at all.
<asheesh> Note that this is not a use-case we've strongly considered, but if people were to try to use Sandstorm this way, we'd probably think more about the use-case!
<asheesh> https://github.com/sandstorm-io/sandstorm/pull/928 is a better link but same wiki
<simonft> asheesh: could I a make nginx proxy to a public sharing link?
<asheesh> You could, although since Sandstorm is happy to bind ports 80 + 443, it's not clear why you'd involve nginx
<simonft> I could get rid of the /grain/<stuff>
<asheesh> Not clear to me at the moment, that is.
<xet7> simonft: I have looked at http://fossil-scm.org integrated wiki, but I'm still searching also for other options also. I'd prefer something that is not PHP.
<simonft> xet7: who are your users? If it were devs, I'd be using http://ikiwiki.info/
<asheesh> Ah hah simonft I see. Yeah, you could do that. I wonder if we'd all be better-off if the Sandstorm mediawiki package supported mwoffline.
<simonft> I'm sure we would. Any idea how much work that would be?
<asheesh> I don't super-duper know how much work it would be, but if you don't need to know _right_ now, then maybe the thing to do is to email sandstorm-dev with this question, and see what jparyani thinks.
<asheesh> I can also try to prototype it, and/or you can.
zeroish has joined #sandstorm
<asheesh> I do think this is the most Sandstorm-y way to run a wiki, and https://github.com/jparyani/mediawiki-sandstorm now uses vagrant-spk which is good news for other people (including me) being able to modify the package.
<asheesh> Howdy zeroish
<xet7> simonft: I converted our opensource project http://www.secretchronicles.de wiki already to static website, but we'd like to enable editing sometime later. Moinmoin was attacked by spambots, so I would like to prevent that.
<simonft> I'll try to put together an email to sandstorm-dev. What should it say? I want to do this thing, does anybody have an idea how?
<xet7> Is there ARM port of sandstorm?
<asheesh> Yeah, and specifically, would jparyani and/or anyone else be interested in patching the MediaWiki app to export a static HTML snapshot using e.g. https://sourceforge.net/p/kiwix/other/ci/master/tree/mwoffliner/ ?
<xet7> ARMv7
<asheesh> xet7: There isn't, alas, that I've seen; but moreover, each app package that we have in https://apps.sandstorm.io/ is architecture-dependent so it's not clear that a armv7 port of Sandstorm itself would be enough.
<asheesh> You'd need to also rebuild the app packages, and my feeling for now is that the Sandstorm community isn't at a state where multi-architecture support is something we can ask each app author to do, so we're probably not going to improve the app market to deal with multiple architectures.
<xet7> asheesh: Ok.
<asheesh> (yet; in the future, I can imagine this happening; but I don't particularly know when that would be)
xet7 has quit [Remote host closed the connection]
Guest39209 has joined #sandstorm
Guest39209 is now known as xet7_
xet7_ is now known as xet7
xet7 has quit [Remote host closed the connection]
<asheesh> i,i I almost feel like the value-add of Sandstorm is "Making PHP safe for enterprise"
<asheesh> (saying this because at the moment I am "in the market for" a self-hosted PHP email <=> addressbook merge Sandstorm app)
xet7 has joined #sandstorm
xet7 has quit [Read error: Connection reset by peer]
isd has quit [Ping timeout: 268 seconds]
rustyrazorblade has quit [Ping timeout: 260 seconds]
isd has joined #sandstorm
neynah has joined #sandstorm
<asheesh> howdy neynah btw I'm me now
isd has quit [Read error: Connection reset by peer]
isd has joined #sandstorm
<dwrensha> asheesh: if I wanted to file a Debian or Ubuntu bug regarding https://github.com/sandstorm-io/sandstorm/issues/1049, do you have any advice about where to even start?
<dwrensha> it looks like its the linux-libc-dev package that causing trouble
<warren> We're evaluating Wekan in Sandstorm within my company. It would be super helpful if we had the ability to share things to a list of usernames where those accounts are created not only in Sandstorm but also the Wekan so we can mention those users with @username without waiting for them to login once.
<warren> The equivalent workflow in Google Docs is sharing a new doc or adding a mention of @username of other people in the company without them first joining the document.
<kentonv> warren: we're working on it. For rocket.chat too, you may want to @ people who haven't been to the chat room yet.
<kentonv> we plan to implement a general way for apps to say to sandstorm "the user is currently typing in a context that allows @mentions and/or document attachments", and then Sandstorm can monitor keypresses and present an autocomplete interface, then pass along capabilities to the app as appropriate
<warren> cool!
neynah has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
xet7 has joined #sandstorm
<dwrensha> kentonv: does ekam keep a log of its compiler invocations? I want to see the flags that are being passed.
<kentonv> dwrensha: Edit compile.ekam-rule and add an echo >&2. :)
<kentonv> or write a wrapper script around your compiler and use it with CXX=
mnutt_ has joined #sandstorm
mnutt_ is now known as mnutt
xet7 has quit [Quit: Leaving]
larjona has quit [Ping timeout: 272 seconds]