00:36 <kentonv> this Intel hardware bug thing sure is exciting

00:36 <TimMc> Oh, which one?

00:37 <mokomull> I kind of wanted to screw around with it and see what I can figure out, but people smarter than me will be publishing in a couple days anyway, it seems.

00:39 <kentonv> TimMc, https://lwn.net/SubscriberLink/741878/929c269a8b3c56f2/

00:39 <kentonv> Linux seems to be implementing a huge change to fundamental memory management in a huge hurry

00:39 <kentonv> it's estimated to reduce overall performance by ~5%, yet it's being rushed out and backported as we speak

00:40 <kentonv> ... and it's only going to be enabled for Intel CPUs, non AMD.

00:40 <mokomull> and merged in like an rc5 or rc6 IIRC

00:41 <kentonv> connecting the dots, it looks like Intel CPUs have a bug that lets an unprivileged process read arbitrary physical memory through the kernel memory mappings (which are supposed to be inaccessible in user mode)

00:42 <kentonv> so the solution is to actually switch page tables when switching between user and kernel modes

00:42 <kentonv> so that the kernel is not even mapped in user mode

00:45 <kentonv> if you have users you don't trust on your Sandstorm server, you're gonna want to update the kernel as soon as the updates become available from your distro

00:45 <kentonv> unfortunately the sandbox can't protect you from this one

00:46 <kentonv> (that is, if you have users you don't trust whom you've permitted to install their own apps -- probably not very common for self-hosted servers)

00:49 <mokomull> hm, looks like it's backported to 4.14 so far, but not older. Kind of a fiddly bit to backport...

00:55 <kentonv> they're working on it.

00:55 <mokomull> I assume as much.

00:56 <mokomull> I'd just gone googling around to see what the status was :)

01:53 <kentonv> mokomull, it looks like 4.4 and 4.9 may have received the patchset (or at least part of it) today https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/

02:04 <TimMc> Ahhh, this thing, I'd heard some mutterings about it.

02:05 <TimMc> "Major kernel changes written in a hurry" makes me nervous; I hope the cure is not worse than the disease.

02:07 <kentonv> well, you could always go buy an AMD processor if you want to avoid the whole thing...

04:27 <NoGoGoats> hello!

04:27 <kentonv> hi

04:29 <Kbuzz> allo

04:29 <NoGoGoats> I'm trying to get started with sandstorm. I can't seem to connect to the server via the URL. Does anybody have a moment to help me troubleshoot?

04:29 <NoGoGoats> Been working on this for number of hours and have been utilizing https://docs.sandstorm.io/en/latest/administering/install-troubleshooting/ as a guide

04:30 <kentonv> ok. First, did you choose to use sandcats.io?

04:31 <NoGoGoats> yes, and Whois reports are correct public IP address from my server

04:32 <kentonv> ok. Where is your server physically? E.g. in a cloud hosting service, or in your house, or... ?

04:33 <NoGoGoats> an in-house server. Ports on the router are open to the local IP of the server 443, 80, 6080, 30025

04:35 <NoGoGoats> The only thing special is it Virtualized through proxmox

04:36 <kentonv> if you try to visit the *internal* IP of the server on port 80 or 443, does it respond? (presumably with an error due to wrong hostname)

04:38 <NoGoGoats> I'll double check and AFK

04:57 <NoGoGoats> okay I'm back

04:57 <NoGoGoats> Local IP goes to "Sandstorm static publishing needs further configuration (or wrong URL)"

04:59 <NoGoGoats> so I believe it does respond

05:02 <NoGoGoats> @kentonv

05:02 <NoGoGoats> @kentonv

05:02 <NoGoGoats> kentonv

05:02 <NoGoGoats> @kentonv thanks for helping me out on this.

05:03 <kentonv> ok, so it seems the problem is that your router isn't routing the public IP to the internal one

05:05 <kentonv> NoGoGoats, many home routers have a problem where they won't correctly route a connection addressed to the public IP if the connection comes from the internal network. So it may be that you only can't see your server from your own network, but if you tried to access it from outside, you'd see it.

05:05 <NoGoGoats> that's my guesstimate as well. That's where sandstorm is Virtualized Via proxmox.but that is reachable via a dedicated internal IP address which my router is using for port forwarding. For instance I can SSH fine using the same internal IP for the VM.

05:05 <kentonv> maybe try accessing the sandcats domain from your phone, with wifi turned off, and see if it gets through

05:05 <NoGoGoats> okay I'll give it a shot I'll try it on my cell phone.

05:05 <kentonv> :)

05:12 <NoGoGoats> it looks like that did the trick. I bet clearing out my browser cash will resolve this issue.

05:12 <NoGoGoats> if it wasn't a routing problem because I tried it with Wi-Fi enabled first. :) thanks so much for your help!

11:51 <logicfish> hi, i can't get this to work - when i enter-grain there's no permisions to view files under /var/lib https://github.com/logicfish/sandstorm-octobercms/