<XgF>
asheesh: I totally want a Sandstorm distro which runs Sandstorm and has preconfigured autoupdates, etc. (Personally I'd say Alpine Linux is a perfect base for such appliances - its' tiny, container people are starting to love it)
<kentonv>
XgF: I totally want to make a linux distro where Sandstorm is init. Wouldn't be hard.
<kentonv>
Sandstorm already packs its own userspace, so...
<gwillen>
Are grain titles (as they appear in the Sandstorm chrome, between the sandstorm logo and the 'share' button) per-user labels, or are they intended to be global for the grain?
<gwillen>
I assumed the latter but they seem to be the former
<gwillen>
asheesh: ^ (also, why are you called asheesh today)
<warren>
gwillen sees an earlier version of the title, which I later renamed.
<warren>
I see the renamed title.
<warren>
He renamed it again, and upon reload I don't see the new name.
<kentonv>
the title is initially based on the upstream title but the recipient is able to rename it as appropriate for themselves without affecting what other users see
<gwillen>
hmmm, *nods*
<kentonv>
admittedly the UI around this could be clearer
itscassa|away has quit [Ping timeout: 264 seconds]
<gwillen>
I did find it quite confusing, yeah -- it seems like any time I acccess a /shared/ link, I pick up whatever the sharer's current title is?
<gwillen>
But when I access a /grain/ link my title remains unchanged?
<gwillen>
but I'm not totally sure
<warren>
perhaps a global name should be shared, with an optional private name?
<kentonv>
gwillen: hmm, that sounds possible and I'm honestly not sure if it's intended
<gwillen>
The thing that makes this unfortunate for Wekan is that the app itself doesn't track any kind of title for the boards
<gwillen>
so the sandstorm title is all we have to go on
<gwillen>
kentonv: heh, *nods*
<gwillen>
This was me testing while logged-in sharing to someone who's logged-out
<gwillen>
I don't know if a logged-in person sharing with another logged-in person who already has a title would override it
<kentonv>
well obviously the intuitive thing is for everyone to see the title set by the owner, but that has spoofing issues
* gwillen
nods
<gwillen>
ideally the app would have a title within the app that's clearly app functionality and not sandstorm chrome, which would make sense to be a global thing you can edit
<gwillen>
but of course if the app doesn't, sandstorm can't easily fix that
<warren>
If you don't have a global name that is changeable after shared, then this is quite different from the user expectation of people coming from Google Docs.
itscassa|away has joined #sandstorm
<warren>
IMHO, good luck making a UI that is is intuitive and understandable with this different behavior.
mnutt has quit [Quit: mnutt]
<gwillen>
(I agree that the current interface is quite unintuitive, but I also agree that the spoof risk is real and that merely changing the behavior to do the other thing may not be the best choice.)
<warren>
The spoof risk is really an issue with Google Docs?
<kentonv>
the problem with phishing is that no one ever does anything about it, and so it keeps being a problem
<warren>
with Google Docs only those with edit access and rename it
<kentonv>
that doesn't help
funwhilelost has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<warren>
If your intent with the title is to prevent spoofing, then it should show other details like (owner: $name)
<warren>
I hope we can discuss this design more later, as this is rather unacceptable to me in the long-term.
<kentonv>
honestly 95% of the time you set the title before sharing and never change it
<warren>
I don't know about the percentage, but for those who expect to be able to rename things they will see this as a bug.
<kentonv>
I'm happy to discuss better solutions but I think you're exaggerating the impact a bit.
<warren>
Compromise might be: 1) Global renaming by the creator only. 2) Local renaming should be visibly different, with a secondary title?
<warren>
Or doc permissions could grant separate owner and editor privs, where only owners can rename the global name.
<kentonv>
in an ideal world petnames would be expected behavior. Is it possible for us to teach users how petname systems work, perhaps by presenting things differently?
<kentonv>
If you e-mail me a word doc and I save it, I don't expect that you can rename the file on my hard drive. The doc title as shown in my grain list is like a file I've saved.
<kentonv>
presenting the files with the owner's name next to them pushes the issue to a different layer: now I need a petname system for people. Which I suppose we intend to build anyway, since that's where it's arguably most important.
<kentonv>
it's also not always clearly OK to reveal the owner's name to a viewer, though, so that's another issue
<warren>
as a collaboration tool I fully expect to be able to refine not only the content but also the title
<warren>
names matter, and sometimes after developing content you think of a better name
<warren>
in fact, nearly always for me
<kentonv>
well, please file a bug and we'll try to think of something better
<kentonv>
actually I'll file a bug
<warren>
"it's also not always clearly OK to reveal the owner's name to a viewer" you reveal everything else (the content), why not the title?
<kentonv>
by "owner's name" I mean "owner's identity"
<gwillen>
unrelated to the whole above thing, I'm getting very interesting behavior from the wekan port right now... I left the page open for a long time, and now it's "flapping"
<gwillen>
it's trying to open the board, failing, and reloading itself, in a tight loop
<gwillen>
(the sandstorm chrome is not doing this, but the wekan page in the frame is, I believe)
<warren>
gwillen: related to the browser client cert?
<gwillen>
oh, hm.
<gwillen>
it seems like no, because I just opened the link in a new tab, told it to go ahead and present the cert, and I'm seeing the same behavior
<gwillen>
huh... after a ton of failures it eventually decided to go
<gwillen>
this was after I had the laptop suspended for a long time, so I wonder if it queued up a bunch somehow or something based on the time it was disconnected? I dunno, but now it works.
<gwillen>
oh, I think warren's right that this is somehow related to our use of client certs
<gwillen>
so probably this is not sandstorm-relevant in normal installs. (The final error it gave to a request, before it started working, was a cert error.)
<kentonv>
gwillen: is this on Oasis or your own server?
<gwillen>
kentonv: that failure was on blockstream's own server using client certifiates, and I think warren's right that it was actually some kkind of client cert issue
<kentonv>
sorry, asked the question before I had read everything. It was obvious by the end. :)
<kentonv>
we tweaked the session resumption logic in the last release so I was worried something regressed
M-hrjet has quit [Remote host closed the connection]
<kentonv>
meteor apps have the problem that they refresh themselves if opening the web socket returns a 4xx
<kentonv>
did the client cert issue cause 4xx errors?
<gwillen>
kentonv: yes, it appears that it did, although chrome's network tab didn't reflect that until the very end for some reason
<gwillen>
it just kept saying 'cancelled'
<gwillen>
but I've had that problem with it before
<gwillen>
and the very last failed request did get a 400 back
<kentonv>
gwillen: the old problem *should* have been fixed by the latest update
<kentonv>
used to be that there was a race when resuming from suspend where the app could decide that it was 404 before Sandstorm had a chance to start it back upu
<kentonv>
but now Sandstorm should put the app on hold for up to 15 seconds while it waits for the backend to reappear
<gwillen>
*nod*
eternaleye_ has joined #sandstorm
eternaleye has quit [Ping timeout: 265 seconds]
M-hrjet has joined #sandstorm
eternaleye_ has quit [Ping timeout: 265 seconds]
isd has joined #sandstorm
mnutt has joined #sandstorm
jadewang_ has quit [Remote host closed the connection]
rhapsodhy has quit [Remote host closed the connection]
rhapsodhy has joined #sandstorm
spangattack has joined #sandstorm
larjona_ has joined #sandstorm
saltthefries has joined #sandstorm
larjona_ has quit [Quit: Konversation terminated!]
saltthefries has quit [Quit: Leaving]
XgF has quit [Quit: No Ping reply in 180 seconds.]
XgF has joined #sandstorm
jadewang has quit [Remote host closed the connection]
XgF has quit [Ping timeout: 255 seconds]
XgF has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 255 seconds]
hersche has joined #sandstorm
<hersche>
hello people, since this night i like to setup a instance of sandstorm.. beside the "proper" sandcats.io-cert is not that proper, i could log me in and switch around. my main-problem seems to be on installing new apps from market. they do a downloading, unpacking, finishing - but there's no icon and as i wanna start, they ask me for create a new do
<hersche>
cument, which loads forever
<hersche>
it's like this for EVERY app
<hersche>
what's my wrong, could that be something with unissued certs?
funwhilelost has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
NOTevil has joined #sandstorm
aaronr has quit [Remote host closed the connection]
aaronr has joined #sandstorm
exius has joined #sandstorm
<exius>
hello all
<exius>
anyone know how to successfully share a draw.io grain so that both users can edit it simultaneously with everything saved to the hosting server?
<exius>
or is that not a feature of draw.io?
<dwrensha>
draw.io does not support real-time collaboration
<dwrensha>
at one point, some people were talking about attempting to make that happen via ShareJS
<dwrensha>
I'm not sure how far they got
<exius>
i see
<exius>
when i shared a grain, it's view only
<exius>
how can the other user use it?
<dwrensha>
hm... I see. draw.io doesn't seem to be good at even non-real-time collaboration
jadewang has joined #sandstorm
<dwrensha>
it's misleading -- you open a shared grain and appear to be making edits, but nothing gets persisted
<dwrensha>
:(
jadewang has quit [Ping timeout: 255 seconds]
funwhilelost has joined #sandstorm
<exius>
yeah
<exius>
i wonder why it doesn't even work as expected with sandstorm's flagship features, even as draw.io as a partner
_jax_ has quit [Ping timeout: 250 seconds]
jadewang has joined #sandstorm
_jax_ has joined #sandstorm
neynah has joined #sandstorm
neynah has quit [Client Quit]
neynah has joined #sandstorm
funwhilelost has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
mnutt has quit [Quit: mnutt]
mnutt has joined #sandstorm
simonv3 has joined #sandstorm
<asheesh>
zarvox: w/r/t DNS fail, what to do?: the Meteor code could exit with a particular exit code that indicates to run-bundle that /etc/resolv.conf is sadness, and then run-bundle sighs, does a copy, and restarts node
<asheesh>
Also zarvox I kind of think I should work with you on turning the installer-tests framework into a release-validation-on-various-OSs-tests thing.
<asheesh>
Doesn't have to be now, but it does seem like the issue dwrensha ran into would have been nice to have gotten caught by tests.
* zarvox
nods
<asheesh>
Curious what you think. I'd be willing to be a little blurry right today/today and try to set that up. But I think I need a little help imagining how it would work, if you're willing to chat about that.
<zarvox>
I don't really like the approach of plumbing this failure mode between run-bundle and Meteor - Meteor only knows that it can't resolve hostnames, which could also be because e.g. the network is down because you're on a plane, and then the restart logic would just keep it from getting better when the network comes back
<asheesh>
Meteor could check that /etc/resolv.conf is a non-broken symlink, and only then do the restart, fwiw.
<asheesh>
Though I agree that maybe that's just how you live your life!!
<asheesh>
That is to say, if you decide the way your system is configured is that /etc/resolv.conf is _always_ a broken symlink, we've now created a restart loop for you.
<zarvox>
I wonder how systemd-nspawn handles this problem (name resolution in containers)
<asheesh>
Yeah, I was wondering the same.
<asheesh>
I was going to say I wonder about how Docker does it, but I prefer being curious about systemd-nspawn over being curious about Docker.
<zarvox>
Docker doesn't handle host-level changes very well at all.
bb010g has quit [Quit: Connection closed for inactivity]
simonv3 has quit [Quit: Connection closed for inactivity]
funwhilelost has joined #sandstorm
heliostatic has quit [Quit: Be back later ...]
heliostatic has joined #sandstorm
heliostatic has quit [Client Quit]
heliostatic has joined #sandstorm
heliostatic has quit [Client Quit]
NOTevil has quit [Ping timeout: 246 seconds]
mnutt has quit [Quit: mnutt]
Guss has joined #sandstorm
Guss has left #sandstorm ["Leaving."]
jadewang has quit [Remote host closed the connection]
xet7 has joined #sandstorm
xet7 is now known as xet7_
jadewang has joined #sandstorm
funwhilelost has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
funwhilelost has joined #sandstorm
<ckocagil>
asheesh: dwrensha: please cc me if you encounter unresolved chrome bugs, I can fix or assign them to the right people
<zarvox>
whoa, awesome! I didn't know you had bits on chromium, ckocagil!
<ckocagil>
zarvox: what can I say, I like open source! :-)
<zarvox>
:D
<asheesh>
ckocagil: er whoa I see : D
<asheesh>
"Sadly" it seems Chrome has fixed this bug, but it's not clear we have a plan for Safari!
<dwrensha>
Is the Safari bug independent? (I seem to remember that a some browsers share rendering code...)
<asheesh>
It's probably not independent; someone probably needs to test for the same bug against WebKit upstream and get that fixed+filed.
<ckocagil>
it isn't really 'upstream' at this point, but yeah
<asheesh>
But I don't know if how frequently users get updates to Safari; maybe it's a bad plan to rely on that since it is very a sad bug for Sandstorm users, but maybe Safari updates regularly.
<asheesh>
Yeah, I guess I just meant 'against WebKit'.
<dwrensha>
I'm confused. I thought this bug was introduced just a few months ago
<dwrensha>
if it made it into Chrome and Safari, shouldn't the fix also?
<dwrensha>
oh wait
<asheesh>
Oh, interesting.
<dwrensha>
no, I think I'm mistaken
<asheesh>
I guess maybe the same bug showed up independently in both?
<dwrensha>
we only noticed the bug a few months ago
<dwrensha>
after kentonv made some major changes to our css
<zarvox>
I'm not sure when the bug was introduced into Blink, and how much Blink/WebKit share code these days
<zarvox>
We might be able to avoid hitting the problematic case by reworking CSS.
<kentonv>
I definitely tested in safari at the time; I remember being surprised that the bug didn't happen there, suggesting that the bug never existed in webkit
<asheesh>
zarvox: "annoying question for you" - have you tested the new UI and the "Install apps now to start creating." button? It goes to /grain/new but when I go there I get "Unauthorized [403]"
<asheesh>
Feel free to tell me "Read more source, Asheesh"
<zarvox>
I thought I fixed all references to /grain/new to point to /apps instead, but perhaps I missed one.
<zarvox>
I apparently did not!
<asheesh>
Ya, just this one remaining.
<zarvox>
I'll fix it.
<asheesh>
I can fix or you can, shrug
<asheesh>
bd
<zarvox>
I think in general we prefer to use pathFor <routename> to explicit paths
<zarvox>
actually, hmm, I wonder if I should make /grain/new redirect to /apps
<zarvox>
something something "cool URLs"
<asheesh>
Did it used to work in the past for longer than ~1 week? If so, +0
<asheesh>
If not, -0, I think can we live without the redirect cruft if we only ever linked to it mistakenly.
<asheesh>
BTW indeed it did used to work, so +0 to redirect
<dwrensha>
grr... I just realized that my pgp public key basically has an advertisement for gpgtools embedded in it, in the Comment field
<kentonv>
dwrensha: I think everyone's does...
larjona has quit [Remote host closed the connection]