<asheesh>
Thanks to neenah and zarvox for marathon meeting about nailing down what admins see when they first install Sandstorm.
<neenah>
Haha I forgot I joined as neenah... Ty to asheesh & zarvox for the thorough discussion! I made a lot of improvements to the UI in a very short period of time.
<BigShip>
Hi, I'm having a weird error when I start up a grain. I get "Error: remote exception: expected result >= minBytes; Premature EOF C++ location:(remote):?? type: failed" instead of the grain loading
<kentonv>
BigShip: what app? Or is it all apps?
<BigShip>
All apps
<kentonv>
on oasis, or self-hosted?
<BigShip>
Self hosted
<kentonv>
any interesting errors in the server log? You can see it in the admin settings.
<BigShip>
"capnp/rpc.c++:122: info: returning failure over rpc; exception = kj/async-io.c++:120: failed: expected result >= minBytes; Premature EOF"
<kentonv>
how much RAM does your system have?
<BigShip>
2GB in this system
<BigShip>
I have a working install on my own machine with 8GB of RAM. This particular install that I'm having trouble with is on a VPS on scaleway
<kentonv>
hmm. The error basically means "disconnected" -- unfortunately not very informative.
<zarvox>
is that the supervisor crashing?
<kentonv>
well, why would all the supervisors crash?
<kentonv>
but yes, it could mean something is crashing
<zarvox>
trying to do something that the VPS provider disallows
<kentonv>
BigShip: can you open the grain log for a failed grain? Click the monitor icon in the top bar while the grain is open (even though displaying an error)
<BigShip>
"...*** couldn't connect to grain (Error: remote exception: expected result >= minBytes; Premature EOF) ***"
<BigShip>
Same thing :/
<BigShip>
zarvox: I don't think so, they're pretty big on the whole self hosting thing. I'm not sure what they would be blocking
<kentonv>
we use some crazy linux kernel features
<kentonv>
is this a shared-kernel host or is it a VM?
<BigShip>
kentonv: VM as far as I can tell
<kentonv>
for one of your grains, try: cat /opt/sandstorm/var/sandstorm/grains/<grainId>/log
<kentonv>
I'm hoping the supervisor is printing some error message here
<kentonv>
wow, OK, I've never seen people compile a kernel without seccomp support
<kentonv>
but apparently that's the case here
<kentonv>
unfortunately we can't set up a sandbox without seccomp
<kentonv>
I would complain to scaleway. This is an important security feature.
<BigShip>
dang okay
<BigShip>
thanks so much for your help :)
<kentonv>
BigShip: by the way, was this a fresh install or did this server work previously?
<kentonv>
there was a security bug in ebpf recently, which is used by seccomp, so I wonder if scaleway thought "we'll just disable seccomp entirely!"...
<BigShip>
kentonv: fresh install. I have a personal server that works just fine from home. Just wanted to migrate to a vps so better access
<kentonv>
ok, probably they've always had it disabled then
<BigShip>
kentonv: I'll contact their support and see what they say. Thanks again!
<kentonv>
no problem
docaedo has joined #sandstorm
<kentonv>
sorry that it's not working!
<asheesh>
Fascinating scrollback; thanks BigShip for stopping by.
<BigShip>
kentonv: Hey, it's certainly not Sandstorm's fault. This program is awesome. Doing my best to package codiad for it right now. My friends and I are loving it
<BigShip>
asheesh: I have a feeling you'll be seeing me around a lot more :)
<asheesh>
BTW I get that you're busy with other things, but this conversation makes me want to say:
<asheesh>
Someone in the community should make a "WorksWithSandstorm.com" domain, which is a single-serving domain of a grid of hosting providers and if their VPSs work properly with Sandstorm.
<BigShip>
asheesh: don't get too excited. I'm only just getting into the better parts of linux so packaging is pretty rough for me
<asheesh>
np - you were the one earlier having difficulties with PHP stuff being writable, yeah?
<asheesh>
BTW, where are you based?
<BigShip>
asheesh: yeah! I forgot you helped me earlier. I'm on the east cost of the USA
mnutt has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<kentonv>
BigShip: cool stuff!
<BigShip>
kentonv: based on some of their releases, and the fact that support for x84 is rather new for them, I think they just haven't gotten to seccomp yet
<BigShip>
*their announcements
relicanth has joined #sandstorm
relicanth has quit [Client Quit]
<kentonv>
well, it's weird, because it seems like they went out of their way to disable it. I wonder if they were trying to build a really lean kernel or something, so disabled lots of features that they thought weren't needed, but didn't realize that seccomp is actually important.
<BigShip>
kentonv: oh good god. They have a series of boot scripts that allow you to change the kernel you boot off. Randomly tried one that's labeled for docker and now it works.
<kentonv>
haha
<asheesh>
: D
<kentonv>
BigShip: where is the list? I'm curious to see.
<BigShip>
The last picture is about all the info you get
docaedo has quit [Ping timeout: 248 seconds]
<kentonv>
ok, new theory: these guys are linux nerds who compile their own kernel all the time and think that everyone needs to choose the best kernel build for them rather than have just one. Like car nerds who are always tinkering with engines.
<BigShip>
Hahaha possibly
docaedo has joined #sandstorm
mnutt has joined #sandstorm
<XgF>
kentonv: Scaleway does mini-dedicated servers, and at least for their ARM nodes the disk is served up over NBD. Boots up their kernel and initrd and that mounts your FS over nbd and starts up your init
<kentonv>
XgF: I used to run my LAN party machines that way. :) But why disable seccomp?
<XgF>
I dunno. Maybe the aforementioned recent bug?
<XgF>
But you're not even running in a VM so they shouldn't care =/
<XgF>
Maybe they started with allnoconfig? :P
<kentonv>
like I said, crazy kernel tweakers. :P
BigShip has quit [Quit: Page closed]
jemc has quit [Quit: WeeChat 1.4]
jemc has joined #sandstorm
amyers has joined #sandstorm
amyers has quit [Remote host closed the connection]
amyers has joined #sandstorm
KooBaa has joined #sandstorm
frigginglorious has quit [Quit: frigginglorious]
BigShip has joined #sandstorm
BigShip has quit [Ping timeout: 252 seconds]
amyers has quit [Ping timeout: 250 seconds]
KooBaa has quit [Ping timeout: 244 seconds]
frigginglorious has joined #sandstorm
digitalcircuit has quit [Remote host closed the connection]
digitalcircuit has joined #sandstorm
sydney_untangle has quit [Ping timeout: 250 seconds]
frigginglorious has quit [Quit: frigginglorious]
frigginglorious has joined #sandstorm
wolcen_ has quit [Ping timeout: 276 seconds]
KooBaa has joined #sandstorm
KooBaa has quit [Ping timeout: 244 seconds]
home has joined #sandstorm
home has quit [Remote host closed the connection]
mnutt has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
frigginglorious has quit [Quit: frigginglorious]
msoucy has quit [Ping timeout: 250 seconds]
msoucy has joined #sandstorm
ecloud has joined #sandstorm
GeorgeHahn has quit [Read error: Connection reset by peer]
jadewang has quit [Remote host closed the connection]
KooBaa has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 276 seconds]
KooBaa has quit [Ping timeout: 244 seconds]
jemc has quit [Ping timeout: 246 seconds]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 264 seconds]
KooBaa has joined #sandstorm
xet7 has quit [Quit: Leaving]
Try`0xff is now known as Tryum
NwS has joined #sandstorm
KooBaa has quit [Ping timeout: 244 seconds]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 252 seconds]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 244 seconds]
Isla_de_Muerte has joined #sandstorm
NwS has quit [Disconnected by services]
Isla_de_Muerte is now known as NwS
KooBaa has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 260 seconds]
raoulzecat has joined #sandstorm
KooBaa has quit [Ping timeout: 244 seconds]
sydney_untangle has joined #sandstorm
amyers has joined #sandstorm
asmyers has joined #sandstorm
amyers has quit [Ping timeout: 268 seconds]
raoulzecat has quit [Ping timeout: 276 seconds]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 244 seconds]
raoulzecat has joined #sandstorm
mnutt has joined #sandstorm
raoulzecat has quit [Ping timeout: 260 seconds]
frigginglorious has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 240 seconds]
KooBaa has joined #sandstorm
KooBaa has quit [Ping timeout: 244 seconds]
raoulzecat has joined #sandstorm
raoulzecat has quit [Remote host closed the connection]
raoulzecat has joined #sandstorm
frigginglorious has quit [Quit: frigginglorious]
frigginglorious has joined #sandstorm
BigShip has joined #sandstorm
<BigShip>
Good morning/afternoon/evening!
raoulzecat has quit [Ping timeout: 260 seconds]
BigShip has quit [Client Quit]
BigShip has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 244 seconds]
wolcen_ has joined #sandstorm
mnutt has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
raoulzecat has joined #sandstorm
<asheesh>
Howdy BigShip !
frigginglorious has quit [Quit: frigginglorious]
raoulzecat has quit [Ping timeout: 260 seconds]
mnutt has joined #sandstorm
wolcen_ has quit [Ping timeout: 276 seconds]
<dwrensha>
today I learned that you can get a tree view of processes in `top` by pressing 'V'
<dwrensha>
this is the default view on Arch Linux, and I had been wondering about how to enable it on other distros
wolcen_ has joined #sandstorm
jadewang has joined #sandstorm
jemc has joined #sandstorm
KooBaa has joined #sandstorm
jadewang has quit [Ping timeout: 276 seconds]
<BigShip>
oh! that's pretty neat
<BigShip>
I usually use htop because of the pretty colors
<wolcen_>
BigShip: I like htop too, but fwiw, try pressing z in top.
<wolcen_>
BigShip: still not pretty, but colorful at least ;)
<BigShip>
wolcen_: oh god, what happens if you press z?
<BigShip>
oh, in top
<BigShip>
What do you all use for hosting? VPS, home servers, which distros?
notevil has joined #sandstorm
<dwrensha>
BigShip: I've been happy with Linode.
<dwrensha>
interesting... I just set up a new laptop with Fedora. The default setup for hard drive ecription makes three partitions
<dwrensha>
one for swap
<dwrensha>
one for /
<dwrensha>
and one for /home
<dwrensha>
only the /home one gets encrypted
<BigShip>
make sure you save the encryption key for /home somewhere safe
<dwrensha>
which is a bit sad in that my sandstorm grains will not get encrypted, because they live in /opt/sandstorm/
<BigShip>
you can also encrypt those if you want. It's just that /home encryption is standard
<BigShip>
at that point you may want to just look at full drive encryption instead though
<asheesh>
I'm definitely excited about usability stuff.
<asheesh>
Sadly I think that effort died on the vine, but I'm energized again by all the user-testing that neynah has been doing lately.
<asheesh>
I don't know that we've written much about the user testing except in the weekly goals that we email out to sandstorm-dev.
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 264 seconds]
<BigShip>
do you just sign up to be part of the google group to get those emails?
<asheesh>
Yup
<BigShip>
Snazzy
prettyvanilla has quit [Ping timeout: 248 seconds]
Tryum is now known as Try`0xff
prettyvanilla has joined #sandstorm
<asheesh>
BTW BigShip I self-host and use Google Compute Engine for now; I used to have a rackmount machine but I had some hard disk issues so I decommissioned it for now.
<BigShip>
asheesh: hmmm, how's the pricing on Google Compute?
<BigShip>
asheesh: if you decide you wanna try it out let me know. They're on an invite system right now
jadewang has quit [Ping timeout: 252 seconds]
frigginglorious has joined #sandstorm
raoulzecat has quit [Ping timeout: 260 seconds]
KooBaa has joined #sandstorm
wolcen_ has quit [Ping timeout: 276 seconds]
<zarvox>
dwrensha: my partition layout is usually 1) small /boot, 2) large LUKS-encrypted volume containing an LVM PV
<dwrensha>
PV?
<zarvox>
physical volume
<zarvox>
that physical volume is added to a LVM Volume Group (VG)
<zarvox>
and from that Volume Group I allocate partitions for swap, /, and /home
<maurer>
zarvox: Be aware that LVM these days requires a little bit of fiddliness to make sure you pass through TRIM
<dwrensha>
does "suspend" work?
<zarvox>
where "partitions" is actually "Logical Volumes" or separate LVs
<maurer>
(assuming you have an SSD)
<zarvox>
suspend-to-RAM does not require re-entering your password
<zarvox>
suspend-to-disk I never use, but I believe probably works
<zarvox>
maurer: ahhh, interesting. I have not done anything in particular with TRIM, so perhaps I am affected by this!
raoulzecat has joined #sandstorm
<dwrensha>
zarvox: ah, I was forgetting about that distinction. I think suspend-to-RAM is the one I usually want.
amyers has joined #sandstorm
amyers has quit [Read error: Connection reset by peer]
<zarvox>
Then yeah, that Just Works™, since all the LUKS keys are kept live in kernel memory
amyers has joined #sandstorm
GeorgeHahn has joined #sandstorm
asmyers has quit [Ping timeout: 240 seconds]
<zarvox>
I'm not sure if I completely recommend the setup I described, FWIW. It protects swap, but it also means that if you are indeed swapping out, you're also CPU-bottlenecked while paging, because you have to encrypt the pages to/from disk
<zarvox>
which can result in a wildly unresponsive machine under memory pressure
<dwrensha>
I'm honestly tempted to turn off swap completely
<zarvox>
maybe I should try running without swap and see if the failure mode is better
raoulzecat has quit [Ping timeout: 268 seconds]
xet7 has joined #sandstorm
kecors has joined #sandstorm
kecors has quit [Quit: Leaving]
kecors has joined #sandstorm
kecors has quit [Ping timeout: 264 seconds]
wolcen_ has joined #sandstorm
<warren>
Hi folks, sorry I've been away for so long, insanely busy.
<warren>
Question ... do folks recommend a Sandstorm app that is like a pastebin but for images?
<BigShip>
warren: sort of like imgur?
<warren>
yes
<BigShip>
that's a pretty cool idea
<asheesh>
Davros is almost like that, if you enable static publishing.
<dwrensha>
I was going to say "Hacker CMS", but Davros is probably strictly better for this use case
frigginglorious has quit [Quit: frigginglorious]
kecors has joined #sandstorm
frigginglorious has joined #sandstorm
<BigShip>
warren: you could potentially use mediagoblin. It's more like imgur than pastebin, but it may be worth taking a look at
wolcen_ has quit [Ping timeout: 276 seconds]
wolcen_ has joined #sandstorm
raoulzecat has joined #sandstorm
<warren>
private imgur is exactly what I want
raoulzecat has quit [Ping timeout: 240 seconds]
BigShip has quit [Quit: Page closed]
tdc has joined #sandstorm
notevil has quit [Quit: seeya]
kecors has quit [Ping timeout: 268 seconds]
frigginglorious has quit [Quit: frigginglorious]
wolcen_ has quit [Ping timeout: 276 seconds]
<warren>
Where do I find the source of sandstorm packages? (what is defined to install)
<warren>
specifically I want to see what version of wekan is currently installed
frigginglorious has joined #sandstorm
tdc has quit [Quit: Bye bye]
frigginglorious has quit [Quit: frigginglorious]
Isla_de_Muerte has joined #sandstorm
NwS has quit [Disconnected by services]
Isla_de_Muerte is now known as NwS
maurer has quit [Ping timeout: 276 seconds]
maurer has joined #sandstorm
<xet7>
warren: Sandstorm App Market has on each package page links also to git repos etc.
<mnutt>
I have run into a similar issue with a package where I couldn't tell exactly which commits had been applied to a particular release. Packaging and version control aren't really tied together, so it's up to the person building the package to tag their commits with release tags. It would be pretty cool though if vagrant-spk had an option to either annotate the capnp definition with the current git sha or to tag the repo with the build number. but I also
<mnutt>
understand the arguments for not adding it.
<mnutt>
from HN today, lots of projects that would make good sandstorm apps: http://substance.io/
<asheesh>
Fascinating.
amyers has quit [Ping timeout: 248 seconds]
notevil has joined #sandstorm
frigginglorious has joined #sandstorm
frigginglorious has quit [Quit: frigginglorious]
frigginglorious has joined #sandstorm
mnutt has quit [Quit: My Mac has gone to sleep. ZZZzzz…]