<dwrensha>
Yeah, I think `ByteSteam.done()` is basically `shutdown_write()`
<isd>
"Call after the last write to indicate that there is no more data."
<isd>
it's a FIN.
<zarvox>
okay, then I guess this should be testable internally
<zarvox>
I think we'd still probably be better off testing against a separate TCP client/server, rather than testing both IpNetwork and IpInterface at once, because a test failure will only tell us that something is broken, not which module it's broken in
<asheesh>
The test suite can embed a little nodejs TCP server :)
<zarvox>
it already embeds a little nodejs TCP client (tests/commands/assertTcpConnection.js), so I imagine that wouldn't be terribly much work, and would make for decent symmetry
DanC_ has quit [Quit: ubuntu maintenance]
aldeka_limechat has quit [Remote host closed the connection]
<liam>
Phabricator took so long to start (on my admittedly cheap hardware) that the supervisor shut it down before it fully started up.
<liam>
Is that supposed to be possible?
<asheesh>
I guess you can't do keepalives to a grain that hasn't started yet? That's a surprise to me, anyway.
<liam>
well, i haven't set up any keepalives at all
<liam>
it actually corrputed the grain since it shut it down mid migration
<dwrensha>
liam: if you have a browser tab waiting for the grain to start up, the supervisor should not shut it down
<liam>
hmmm that's what i thought, and that's what i did, but i still saw 'grain shutdown requested'
<liam>
maybe i did something wrong
<liam>
is it possible to have sandstorm-files.list omit lines from pkgdef -> alwaysInclude?
larjona has quit [Ping timeout: 244 seconds]
davidjgraph has joined #sandstorm
jemc has quit [Ping timeout: 255 seconds]
davidjgraph has quit [Ping timeout: 240 seconds]
phoenix1796 has joined #sandstorm
larjona has joined #sandstorm
<liam>
creating the repository on disk is, for some reason, requiring phabricator.base-uri to be defined :|
<asheesh>
The correct answer is: empty string!
<asheesh>
(liam - is that a permissible value?)
<liam>
it's not
<liam>
php empty() is how they're determining 'required' values
<liam>
i also tried "." and it says it's an INVALID value, but it seems to not prevent it from creating the repo
<asheesh>
What about "//"?
afuentes has joined #sandstorm
<asheesh>
"//" is the empty scheme-independent URI, I believe.
<asheesh>
(yes, we're in the land of hacks here)
<liam>
but it still needs a domain name
<liam>
/domain.com/
<liam>
ffff //domain.com/
<asheesh>
Does it necessarily need a domain? Earnest question: why do you say it does need a domain name?
<liam>
html 'src' attribute path parsing
<liam>
src="//somesite.com/someresource.js"
<liam>
only infers the protocol from the main request
phoenix1796 has quit [Quit: Connection closed for inactivity]
afuentes has quit [Ping timeout: 276 seconds]
davidjgraph has joined #sandstorm
davidjgraph has quit [Ping timeout: 250 seconds]
digitalcircuit has quit [Quit: Signing off from Quassel - see ya!]
digitalcircuit has joined #sandstorm
mrdon has quit [Ping timeout: 255 seconds]
mrdon has joined #sandstorm
isd has quit [Ping timeout: 265 seconds]
mrdon has quit [Ping timeout: 250 seconds]
davidjgraph has joined #sandstorm
davidjgraph has quit [Ping timeout: 248 seconds]
isd has joined #sandstorm
lukexj has joined #sandstorm
davidjgraph has joined #sandstorm
<asheesh>
liam: Wow, I just launched a Phabricator grain.
<asheesh>
Pretty cool.
davidjgraph has quit [Ping timeout: 276 seconds]
<lukexj>
i need a cheap vps i can run with sandstorm
<lukexj>
any good hosts?
<xet7>
lukexj: Have you tried DigitalOcean?
<lukexj>
i want to get the github student pack in the near future
<lukexj>
i cant use the DO credit on a old account
<lukexj>
so i've refrained from getting a DO account
<xet7>
lukexj: Have you contributed to Sandstorm?
<lukexj>
no i haven't, why?
<lukexj>
i dont even know how to program
<xet7>
lukexj: I have conntributed with translations, code etc. Open Source contributions are good for your resume.
<lukexj>
I dont even know how to program
<lukexj>
i want to get started
<lukexj>
but i just donnt know where to start
<lukexj>
its all kindof confusing to me
<xet7>
lukexj: Do you have some project/app/website that you would like to program?
<lukexj>
not yet
<lukexj>
i guess i should come up with ideas first of all
<xet7>
lukexj: Is there programming included in your studies?
<lukexj>
im in 9th grade
<lukexj>
i dont have any kinds of programing classes in school
<xet7>
lukexj: You can get free Python-based webhosting from https://www.pythonanywhere.com and use it with webbrowser. You could try web2py web framework that's has web admin interface, and go though this page about what all is possible: https://github.com/vinta/awesome-python
<xet7>
lukexj: Python skills are in high demand at job market currently
<lukexj>
how do i get started?
<xet7>
just a moment, I'm finding link from my notes
<xet7>
lukexj: Ok it seems that link I was searching has turned into paid version, do I don't use that
<xet7>
lukexj: that web2py documentation starts from basics
<lukexj>
but thats only web2py
<lukexj>
what about just normal python
<xet7>
lukexj: web2py documentations has page about normal python
<xet7>
lukexj: normal python is used to program web2py
<xet7>
lukexj: then after you have that, look at anything what is possible at https://github.com/vinta/awesome-python and try using those code in your web2py app
<lukexj>
oh
<lukexj>
i'll check it out later
<lukexj>
im tired af right now
<xet7>
lukexj: When you have any problem how to do something in Python, just google search the task or error message, you will find answers
<xet7>
lukexj: Ok go get some rest. With these you'll get started.
<lukexj>
what about codecademy
<lukexj>
or codeschool?
<xet7>
lukexj: Going trough those could take more time
<lukexj>
but would it help?
<lukexj>
im a linux user and i dont know how to program xD
<lukexj>
not even bash]
<xet7>
lukexj: There's no need to have multiple tutorials in the same subject, or at the beginning learn more that one programming language, you just get confused and tired it you try that
<xet7>
lukexj: With Python you can do practically anything
<lukexj>
what about the book Learn Python the hard way?
<xet7>
lukexj: That's probably longer to read than you need at this point
ThePurgingPanda_ has joined #sandstorm
<lukexj>
and still im only 16 i got time to learn and go to college and shit
ThePurgingPanda has quit [Ping timeout: 244 seconds]
<xet7>
lukexj: Sure, but going web2py documentation route will get you started faster. When programming, most often asked is "how much time does it take", "is it ready yet". You may think you have infinite time available, but that's not true.
<xet7>
lukexj: web2py includes a lot of ready-made functionality so you get much features in little amount of code, so it's easier to maintain and takes less time to read.
<xet7>
lukexj: And by having Python skill you can get well-paid job
<xet7>
lukexj: Web2Py sanitizes all input. That means, if somebody tries to hack your web2py app by inserting something strage to your webpage, it does not break your web2py app. All error messages are logged to adming interface, and will not be shown to website users.
Jan\ has quit [Read error: Connection reset by peer]
<xet7>
lukexj: The link I was searching is https://www.dataquest.io , they also have some free content
<lukexj>
i'll check them out after i get some rest xet7
<lukexj>
thanks
pie__ has joined #sandstorm
pie_ has quit [Ping timeout: 255 seconds]
pie__ has quit [Ping timeout: 265 seconds]
pie_ has joined #sandstorm
amyers has joined #sandstorm
amyers has quit [Read error: Connection reset by peer]
amyers has joined #sandstorm
amyers has quit [Remote host closed the connection]
amyers has joined #sandstorm
amyers has quit [Remote host closed the connection]
amyers has joined #sandstorm
xet7 has quit [Quit: Leaving]
afuentes has joined #sandstorm
sydney_untangle has quit [Quit: bbl]
sydney_untangle has joined #sandstorm
sydney_untangle has quit [Read error: Connection reset by peer]
sydney_untangle has joined #sandstorm
nwf has quit [Quit: WeeChat 1.5]
nwf has joined #sandstorm
amyers has quit [Ping timeout: 250 seconds]
jemc has quit [Ping timeout: 265 seconds]
jemc has joined #sandstorm
amyers has joined #sandstorm
phoenix1796 has joined #sandstorm
xet7 has joined #sandstorm
wuch has joined #sandstorm
tannercollin has quit [Ping timeout: 244 seconds]
asmyers has joined #sandstorm
amyers has quit [Ping timeout: 244 seconds]
wuch has quit [Quit: WeeChat 1.5]
amyers has joined #sandstorm
asmyers has quit [Ping timeout: 250 seconds]
asmyers has joined #sandstorm
xet7_ has joined #sandstorm
amyers has quit [Ping timeout: 240 seconds]
Telesight has joined #sandstorm
not_a_nickname has joined #sandstorm
phoenix1796 has quit [Quit: Connection closed for inactivity]
afuentes has quit [Ping timeout: 244 seconds]
Telesight has quit [Quit: Leaving.]
<mrdomino>
i missed the mention of me on retreat! irssi helpfully tells me that someone mentioned me though
ThePurgingPanda_ has quit [Ping timeout: 248 seconds]
<isd>
O.O think I found another bug in IRC idler. I'm seeing 7 copies of amyers right now, 4 of asmyers, and duplicates of several other people. will have to fix that.
<isd>
My alpha got delayed because of some last-minute blockers.
<zarvox>
liam: I'm really liking this thing where I play with phabricator, and then file issues with short writeups, and then some hours later they're fixed in master :D
ThePurgingPanda_ has joined #sandstorm
ThePurgingPanda has quit [Ping timeout: 248 seconds]
ThePurgingPanda has joined #sandstorm
ThePurgingPanda_ has quit [Ping timeout: 250 seconds]
ThePurgingPanda_ has joined #sandstorm
ThePurgingPanda has quit [Ping timeout: 276 seconds]
<mrdomino>
woot!
<mrdomino>
published
ThePurgingPanda has joined #sandstorm
ThePurgingPanda_ has quit [Ping timeout: 265 seconds]
lukexj has quit [Remote host closed the connection]
sydney_untangle has quit [Remote host closed the connection]
sydney_untangle has joined #sandstorm
isd has quit [Remote host closed the connection]
isd has joined #sandstorm
lukexj has joined #sandstorm
ThePurgingPanda_ has joined #sandstorm
ThePurgingPanda has quit [Ping timeout: 250 seconds]
ThePurgingPanda has joined #sandstorm
ThePurgingPanda_ has quit [Ping timeout: 276 seconds]
this_is_my_nick_ has joined #sandstorm
<this_is_my_nick_>
Hey, a question
<this_is_my_nick_>
If you try to set up SSL according to this link
<this_is_my_nick_>
It assumes that you are running nginx.
<this_is_my_nick_>
But if you install sandstorm on Ubuntu using the installer
<this_is_my_nick_>
the server seems to be node.
<this_is_my_nick_>
Is there documentation on how to install sandstorm using nginx, or
<this_is_my_nick_>
how to set up SSL on node?
<dwrensha>
right, that's because a default install will use Sandcats for SSL
<dwrensha>
interesting question
<dwrensha>
I don't think there's currently a way to avoid the need for a reverse proxy in the non-sandcats case
<dwrensha>
I mean, in theory it should be possible, but we don't support it currently
<dwrensha>
asheesh would know better than I what would be involved in adding support for that
asmyers has quit [Read error: Connection reset by peer]
asmyers has joined #sandstorm
afuentes has joined #sandstorm
<this_is_my_nick_>
Ok. So I guess I will set up a reverse proxy then.
<asheesh>
Howdy all.
<this_is_my_nick_>
Thanks.
<asheesh>
Nice to e-meet you this_is_my_nick_!
<this_is_my_nick_>
HI.
<asheesh>
Yeah - I wrote the sandcats HTTPS support (in node) and the docs on reverse proxying, and I'm happy to answer questions about them!
<asheesh>
Also I'm totally willing to hear feedback about how to make the docs less confusing.
<asheesh>
But yeah - doing HTTPS for non-sandcats, you'll need nginx (or another reverse proxy) in front.
<this_is_my_nick_>
Cool. I will try that and I will let you know if I have any thoughts/problems. :-)
davidjgraph has joined #sandstorm
<isd>
Does sandstorm absolutely require user namespaces, or can I get by without them if I run it as root? Would sometimes be nice to be able to dispense with vagrant, but I'm running arch, so I don't have user namespaces.
<isd>
And I don't really want to build a custom kernel (and frankly I'm of the opinion that leaving them out is the right call, but it makes this hard).
<asheesh>
There is a secret kernel for Arch that does have them. "Arch Linux users. In #36969, the Arch Linux kernel maintainer indicated that they are not interested in supporting unprivileged user namespaces. Try the linux-lqx AUR package, or build your own kernel. Read the Arch Linux wiki page on kernels for more information." https://docs.sandstorm.io/en/latest/administering/faq/
<isd>
Yeah, I'm aware of that one. Should I take that as a yes to the absolutely require thing?
<asheesh>
linux-lqx I guess, then. I think that humorously it might be possible to patch-out Sandstorm's need for user namespaces, but don't tell Kenton I said that, and you'd probably want to make sure Sandstorm runs as UID 1000, since that's what the grains expect inside the namespace.
<asheesh>
But basically: yeah, it does absolutely require it.
<asheesh>
$ git grep CLONE_NEWUSER
<asheesh>
This shows somewhat few uses, but it's not something that I plan to make time to support at the moment, and Kenton is allergic to the idea of removing the need for CLONE_NEWUSER as far as I can tell.
<isd>
Relatedly: the version of debian in the standard vagrant-spk image has go 1.3.x, which is *ancient*, and I'm not really interested in supporting it.
<asheesh>
To support this on "real servers" (rather than dev servers where security might not matter), we'd need to rearchitect it to have a suid helper, as I understand it.
<isd>
So far I've just been cross-compiling irc-idler, but I'm about to add sqlite as a dependency, which will make that not utterly trivial to do.
dwrensha has quit [Ping timeout: 250 seconds]
<asheesh>
Plus line 34 of that file.
<isd>
cool, thanks.
<asheesh>
You're welcome! I at least got that complaint from Andrew Wansley and was lucky enough to be IRL with him at the time.
<isd>
IMO the suid helper is a far more sane approach. There are so many kernel APIs that you get access to because of user ns that have traditionally been root only; turning that on for the whole system seems like a much worse idea than having to write one small executable that needs to not have vulnerabilities...
<asheesh>
Yeah. The suid helper also means it'll work on RHEL 7, which I'm slowly coming to appreciate the importance of.
<isd>
asheesh: enterprise customers? :P
pie__ has joined #sandstorm
pie_ has quit [Ping timeout: 244 seconds]
<liam>
So, how does SS make money? Just SS for Work and (coming soon) Enterprise Oasis?
<liam>
on-prem oasis *
<asheesh>
At the moment, yeah, just SS for Work.
<xet7>
asheesh: Is it possible to install Sandstorm and it's app updates offline?
<zarvox>
Yes, the install script can take as an argument the Sandstorm bundle that you wish to install
<zarvox>
App updates less so, though you could theoretically run a mirror of the app index and point your server at it via the admin panel "App sources" page
<asheesh>
what zarvox said :)
<xet7>
Ok :) I'll try run a mirror, I'd like to try to create private network at home that some crypto ransomware can not infect
<zarvox>
Right now we haven't exactly documented the app index's API, but I think it's currently a single route that returns a JSON blob
<asheesh>
(: "this would make a great Sandstorm app" :)
<zarvox>
it *is* a Sandstorm app!
kxra has quit [Ping timeout: 250 seconds]
<asheesh>
D'oh, yes, I mean, "Trivial App Index Mirroring App" instead.
<asheesh>
Anyway. :)
<zarvox>
xet7: then once you've mirrored /apps/index.json, you'll also need to mirror /packages/<packageId> for each package ID in that json blob
<zarvox>
packages are content-addressable by packageId, so if you have cached a package by id before, it will never change
<zarvox>
I think that should be sufficient.
<xet7>
Somebody at twit.tv #twitlive IRC said that Sandstorm apps miss read-it-later app that has mobile support, replacing propietary alternatives. https://www.wallabag.org would be great for that purpose, if ported to Sandstorm. Afaik it uses PHP/MySQL on server.
<xet7>
I was answering to some Sandstorm questions at #twitlive this week tuesday, when was Security Now show.