<mnutt_>
asheesh: cool, I’ll have to take another look. 1password’s browser integration is just so good but I’ve been hoping an open source option can take its place
<mnutt_>
random question: has sandstorm considered supporting letsencrypt when it comes out of private beta in december?
<asheesh>
Yes! It's "just" a matter of time and priorities.
<asheesh>
It "shouldn't be too hard" for some non-us person to submit a patch to pre-meteor.js to do some hilarious thing where for inbound HTTPS requests, static publishing domains block until they get a Let's Encrypt cert, then use that.
<asheesh>
The infrastructure is all there given how sandcats HTTPS works.
<asheesh>
For the main shell UI, Let's Encrypt doesn't do wildcards yet, so it doesn't make sense to use it for the BASE_URL.
<asheesh>
BTW if you never read the code that powers sandcats HTTPS, but you know node, you are in for a *treat*!
<asheesh>
I'll paste a few lines here to whet your appetite:
<asheesh>
function sandstormMain() { monkeypatchHttpAndHttps();
<asheesh>
}
<mnutt_>
ahh, I guess the wildcard thing is somewhat of a blocker
<mnutt_>
actually I came across that a few days ago!
<asheesh>
Yay approximately!
decipherstatic has joined #sandstorm
<mnutt_>
I’m guessing it’s due to not wanting to hack up meteor itself too much?
decipherstatic has quit [Remote host closed the connection]
decipherstatic has joined #sandstorm
<asheesh>
Yeah -- we don't want to modify Meteor itself if possible, is the idea.
<asheesh>
Plus the "hard part" is not so much the monkey patching as the SNICallback stuff.
<asheesh>
Now admittedly we *should* move this logic into an npm module or something.
<mnutt_>
btw in my personal setup I use sovereign (a collection of ansible scripts that set up a bunch of google alternatives) and am trying to slowly move as much as I can over to sandstorm
<asheesh>
Ooh, nice.
<asheesh>
I've definitely heard of Soverign; many people seem to like it a lot.
<mnutt_>
and it’s tough because some things (z-push for mail notifications) require listening on 443 / 80
<mnutt_>
ah, that could have worked too I guess. I was hoping to let sandstorm continue to handle ssl itself, but maybe it’s just as easy to terminate with haproxy?
<asheesh>
Basically haproxy looks for SNI, and then passes the request (at the TCP level) to Sandstorm.
<asheesh>
So then you can move Sandstorm's HTTPS_PORT to a different port, and haproxy will receive the HTTPS request and Sandstorm will still handle HTTPS.
<asheesh>
Crazy as that sounds.
<mnutt_>
cool, I didn’t know haproxy could understand SNI
<asheesh>
(I haven't tested this! But that's what it seems like.)
ocdtrekkie has quit [Remote host closed the connection]
aldeka has quit [Remote host closed the connection]
ocdtrekkie has joined #sandstorm
aldeka has joined #sandstorm
augustl has quit [Ping timeout: 246 seconds]
azirbel has quit [Ping timeout: 246 seconds]
roflbox has quit [Ping timeout: 246 seconds]
prosodyCagain has quit [Write error: Connection reset by peer]
indiebio has quit [Quit: No Ping reply in 180 seconds.]
coyotebush has quit [Remote host closed the connection]
indiebio has joined #sandstorm
coyotebush has joined #sandstorm
roflbox has joined #sandstorm
azirbel has joined #sandstorm
augustl has joined #sandstorm
prosodyCagain has joined #sandstorm
<jkbbwr>
kentonv: I want it at compile time not runtime
<jkbbwr>
kentonv: but I guess Any could work
isd has quit [Quit: Leaving.]
<jkbbwr>
kentonv: if I can do generics like
<jkbbwr>
or wait
<jkbbwr>
I can switch on an int and have any data field
<jkbbwr>
interesting
bb010g has joined #sandstorm
<kentonv>
jkbbwr: Not quite sure what you're getting at, but FWIW Cap'n Proto supports generics.
<jkbbwr>
kentonv: I define a Transaction 'message/struct/table' I want the client (3rd) party to define their own transaction objects
<jkbbwr>
These get wrapped inot the Transaction thing, that gets wrapped into a network envelope
<kentonv>
jkbbwr: well, do generics do what you want here?
<jkbbwr>
kentonv: Ill have to answer in like 10 hours, Im very late to bed :) sorry for bothering you late. If you are around 12pm GMT I will try to be clearer
<kentonv>
probably not, that'll be 4AM here. :) But maybe later tomorrow.
rhapsodhy has quit [Remote host closed the connection]
rhapsodhy has joined #sandstorm
jleo_ has joined #sandstorm
fkautz_ has joined #sandstorm
decipherstatic_ has joined #sandstorm
pod_ has joined #sandstorm
decipherstatic has quit [Quit: No Ping reply in 180 seconds.]
saneki has quit [Quit: bye]
bb010g has quit [Ping timeout: 448 seconds]
fkautz has quit [Ping timeout: 448 seconds]
hunterm has quit [Ping timeout: 448 seconds]
pod has quit [Ping timeout: 448 seconds]
jleo has quit [Remote host closed the connection]
pod_ is now known as pod
saneki has joined #sandstorm
ArcTanSusan has quit [Quit: ArcTanSusan]
xet7 has joined #sandstorm
fkautz_ is now known as fkautz
hunterm has joined #sandstorm
bb010g has joined #sandstorm
ArcTanSusan has joined #sandstorm
itscassa|away is now known as itscassa
itscassa is now known as itscassa|away
aldeka has quit [Remote host closed the connection]
ocdtrekkie has quit [Remote host closed the connection]
aldeka has joined #sandstorm
ocdtrekkie has joined #sandstorm
aldeka has quit [Ping timeout: 240 seconds]
ocdtrekkie has quit [Ping timeout: 250 seconds]
<Jan\>
how am I supposed to use roundcube if I can't even set server settings
<Jan\>
jparyani: ^^
jus_ is now known as jus
<jkbbwr>
Why can I not just access the builder directly in java
<jkbbwr>
Why do I need this messagebuilder and go through factories
<jkbbwr>
dwrensha: ping
niekie has joined #sandstorm
<niekie>
Hello :)
<niekie>
I am currently experiencing a slight issue, hope someone might be able to help. I currently configured my new Sandstorm server and got a *.sandcats.io subdomain -- however, I set the Sandstorm server to listen on one IP of my server with multiple IP addresses available. The sandcats.io subdomain is now pointing to the main IP of the server, instead of the BIND_IP configured. Is there any way I can fix or work around that and make the sandcats.io
<niekie>
point to the proper IP?
<niekie>
(the main IP is already running a different HTTP/HTTPS server, so... can't use that IP for Sandstorm)
<dwrensha>
Jan\: what settings would you like to configure in RoundCube?
<Jan\>
dwrensha: mail server addresses ?
<dwrensha>
jkbbwr: the "factories" are unavoidable, I think, due to the way that Java generics work, by type erasure
<dwrensha>
jkbbwr: but maybe "witness" would be a better name than "factory"
<Jan\>
niekie: that is the point of using a different port
<niekie>
Jan\: yeah, though since I have a different IP available I figure that might be preferrable over using a different port.
<dwrensha>
niekie: Sandcats does some kind of automatic updating of the DNS entry
<dwrensha>
niekie: updates happen every few minutes or so, I think
<dwrensha>
niekie: I'm not sure how it decides what value to update to, though
<niekie>
Jan\: currently using a different port while figuring out how to use another IP properly, though.
<niekie>
dwrensha: alright, thanks :)
<dwrensha>
niekie: my first guess would be that it uses value of BIND_IP
<Jan\>
dwrensha: I don't see "the SMTP Url field under Admin Settings"
<dwrensha>
Jan\: do you have admin rights on the server you're using?
<Jan\>
yes
<niekie>
dwrensha: apparently not :(
<niekie>
dwrensha: tried that.
<Jan\>
dwrensha: oh its in general tab!
<Jan\>
ok
<Jan\>
the first teab I mena
<jkbbwr>
dwrensha: the api is kinda britle and sorta confusing without more documentation. Sorry :x
<dwrensha>
jkbbwr: the Java is based on the C++ API
<dwrensha>
jkbbwr: perhaps too much so
<dwrensha>
jkbbwr: I think in Java we might be able to get away with not having outer MessageBuilders and MessageReaders
<dwrensha>
jkbbwr: because of garbage collection
<jkbbwr>
dwrensha: I think I managed to solve my problem by going back to protobuf3
<jkbbwr>
Sorry :(
<dwrensha>
heh, no problem
<dwrensha>
if you have more feedback I'd be interested to hear it
<jkbbwr>
dwrensha: in the future I mightw rite my own format. There have defo been some lessons learnt trying to get this project wroking
aldeka has joined #sandstorm
ocdtrekkie has joined #sandstorm
aldeka has quit [Remote host closed the connection]
ocdtrekkie has quit [Remote host closed the connection]
aldeka has joined #sandstorm
ocdtrekkie has joined #sandstorm
derf- has joined #sandstorm
bb010g has quit [Ping timeout: 240 seconds]
mattl has quit [Ping timeout: 240 seconds]
fkautz has quit [Ping timeout: 240 seconds]
mattl has joined #sandstorm
bb010g has joined #sandstorm
fkautz has joined #sandstorm
niekie has quit [Ping timeout: 240 seconds]
niekie has joined #sandstorm
amyers has joined #sandstorm
amyers has quit [Ping timeout: 264 seconds]
mnutt_ has quit [Quit: mnutt_]
amyers has joined #sandstorm
funwhilelost has joined #sandstorm
mnutt_ has joined #sandstorm
funwhilelost has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
bb010g has quit [Quit: Connection closed for inactivity]
jadewang has joined #sandstorm
jadewang has quit [Remote host closed the connection]
erikmaarten has joined #sandstorm
* asheesh
waves
eternaleye has quit [Remote host closed the connection]
ArcTanSusan has quit [Quit: ArcTanSusan]
M-hrjet has joined #sandstorm
M-eternaleye has joined #sandstorm
funwhilelost has joined #sandstorm
NOTevil has joined #sandstorm
<erikmaarten>
asheesh, are you there? Still have some problems with vagrant-spk + Meteor/node... can you help out a bit? :)
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 265 seconds]
M-eternaleye is now known as eternaleye
eternaleye has quit [Changing host]
eternaleye has joined #sandstorm
jadewang has joined #sandstorm
funwhilelost has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
funwhilelost has joined #sandstorm
geofft has quit [Read error: Connection reset by peer]
geofft has joined #sandstorm
bb010g has joined #sandstorm
mnutt_ has quit [Quit: mnutt_]
funwhilelost has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
funwhilelost has joined #sandstorm
<Jan\>
are the grains all encrypted on the server ?
amyers has quit [Ping timeout: 264 seconds]
ocdtrekkie has quit [Remote host closed the connection]
aldeka has quit [Remote host closed the connection]
erikmaarten has quit [Ping timeout: 240 seconds]
<Jan\>
dwrensha: ^^
<dwrensha>
Jan\: hi!
<Jan\>
dwrensha: are the grains all encrypted on the server ?
<dwrensha>
If you've installed Sandstorm on your server and haven't done any special setup, then no, the grains are not encrypted
jadewang has quit [Remote host closed the connection]
<zarvox>
I think at some point we intend to make it possible to encrypt storage with a per-grain key, and to make those keys encrypted with user keys, and possibly to make the user key something the user has to provide, which would make everything completely opaque to the servers when not in use, and only disclose the key/data to the nodes that need it when in use, but that's kinda more of a big-deployment thing
mnutt_ has joined #sandstorm
<zarvox>
If you really want things to be encrypted at rest with keys you control, then you probably need to set up LUKS (but most people don't want to do that for servers, because then it can't boot without you there at the console to provide it the encryption passphrase)
NOTevil has quit [Quit: quit()]
niekie has quit [Ping timeout: 240 seconds]
niekie has joined #sandstorm
jadewang has joined #sandstorm
<jadewang>
Jan\ === JJ?
<dwrensha>
jadewang: I believe these are two different people
<micahd>
different till proven identical
ocdtrekkie has joined #sandstorm
ocdtrekkie has quit [Ping timeout: 246 seconds]
eternaleye has quit [Ping timeout: 265 seconds]
kentonv has quit [Ping timeout: 265 seconds]
kentonv has joined #sandstorm
bb010g has quit [Quit: Connection closed for inactivity]
M-eternaleye has joined #sandstorm
maurer1 has joined #sandstorm
maurer has quit [Disconnected by services]
maurer1 is now known as maurer
dvn- has joined #sandstorm
xet7 has quit [*.net *.split]
dvn has quit [*.net *.split]
xet7 has joined #sandstorm
aldeka has joined #sandstorm
ocdtrekkie has joined #sandstorm
funwhilelost has quit [Quit: My Mac has gone to sleep. ZZZzzz…]