00:06 <TimMc> (I had a moment of consternation before I realized that I had not yet allowed scripts from my new domain...)

00:30 <kentonv> TimMc, are you using nginx only for SSL termination, or other stuff too?

00:31 <TimMc> Just SSL termination.

00:32 <ocdtr_web> I assume there is a security benefit of some sort (if only eliminating a middle-man) of going straight to googlesource, but dang if https://github.com/google/boringssl isn't a lot easier to browse/search. :P

00:32 <kentonv> Sandstorm can actually handle that directly now, even for non-sandcats domains

00:34 <kentonv> TimMc you can give Sandstorm your key/cert by doing this at the JS console while logged in as admin: Meteor.call("setTlsKeys", { key: "<private-key-pem>", certChain: "<certificate-pem>" })

00:34 <kentonv> then set HTTPS_PORT=443 and EXPERIMENTAL_GATEWAY=true in sandstorm.conf

00:34 <TimMc> No way!

00:35 <TimMc> That still doesn't get me the ability to recognize and handle both timmc.sandcats.io and sandy.parsni.ps though, does it?

00:35 <TimMc> (redirecting the former to the latter)

00:36 <kentonv> for some extra security, you can give it a password-protected private key, and set the password using PRIVATE_KEY_PASSWORD= in sandstorm.conf (this way, a Mongo DB leak doesn't leak your TLS keys)

00:36 <ocdtr_web> TimMc: That counts as "other stuff too", see above. ;)

00:36 <kentonv> TimMc, sorry, no, it can only handle one certificate

00:38 <TimMc> OK, cool. It's only the migration period where that's useful anyhow.

00:38 <kentonv> which is only a few days, but yeah

00:45 <isd> kentonv: I'm staring at web-session.capnp, and am confused by the options method; the return value seems to be all webdav related stuff, but I'd otherwise expected it to correspond to the HTTP OPTIONS verb, which isn't webdav related at all. Have I misunderstood something?

00:45 <kentonv> isd, it was added mainly for the needs of supporting WebDAV

00:46 <kentonv> for sandstorm UI sessions, OPTIONS is basically irrelevant. For API sessions, the correct OPTIONS results are basically the same across all apps.

00:47 <isd> What will it do if an app doesn't implement it?

00:47 <kentonv> return a suitable default

00:47 <isd> (I'm poking at trying to wrap web-session so I can get it to talk to standard Go http.Handlers again...)

00:47 <isd> Ok. I'll probably just skip it until I deal with the webdav stuff then.

00:47 <kentonv> basically if you aren't implementing a DAV app, you don't need to implement options

00:48 <kentonv> since OPTIONS is really all about access control and that's Sandstorm's territory.

01:00 <TimMc> For my own education, I created an nginx config that will handle migrating to a new base domain: https://github.com/timmc/commapps/commit/6140206b4fa7d45df180af740d30e5a1b0194cad

02:25 <ocdtrekkie> I love UWP apps. They give me that warm Sandstormy feeling when I'm on Windows.

02:26 <ocdtrekkie> Someone finally made a Discord app that works with UWP. Which is great, because the default behavior of Discord's official app is creepy as all getout.

02:26 <ocdtrekkie> (Specifically, by default, Discord looks at what games you have running and reports it below your username.)

02:27 <digitalcircuit> ocdtrekkie: Is that feeling similar to the Flatpak/Snap (non-classic) sandboxing story on Linux?

02:28 <ocdtrekkie> digitalcircuit: Fairly likely. Linux repos in general feel cleaner with adding and removing software, mind you.

02:28 <ocdtrekkie> But yeah, UWP apps have to declare permissions they want access to, and you can individually shut any and all of them off by app.

02:29 <ocdtrekkie> A lot of functionality like sniffing what you're doing in other apps is just completely not possible with a UWP app.

02:33 <ocdtrekkie> Like, to give you an idea of Discord's default creep factor, it has a "feature" to pull credentials for services it can connect to from other apps installed on your PC.

02:42 <kentonv> I just discovered a directory with 240886 mongo log files in it

02:42 <kentonv> `bash: /bin/rm: Argument list too long` is not an error I've ever seen before

02:42 <kentonv> (that was for `rm mongo.log.*`)

02:43 <ocdtrekkie> lol

02:43 <kentonv> I had to do: ls | grep '^mongo.log.' | xargs rm

02:44 <ocdtrekkie> First time I wrote a cron script or two for my server I didn't know it was gonna save a file every time it ran with the output.

02:44 <kentonv> little known xargs feature: if the argument list is too long, it will break it up into multiple invocations

02:44 <ocdtrekkie> ...Fun to clean that up when I noticed it.

02:45 <kentonv> wow, apparently deleting the mongo logs was all I had to do to fix the CPU-pegging issue.

02:45 <digitalcircuit> "xargs --show-limits" is rather neat, too.

02:46 <kentonv> maximum argument length: 2094666

02:46 <kentonv> holy crap

02:47 <kentonv> that's a lot of arguments

02:59 <kentonv> the stripe-based payments code used by Oasis is now in the Sandstorm repo. Just needs a config UI and then people could sell hosting on their own private servers...

03:05 <ocdtrekkie> You're gonna have to start doing UI again soon. :P For SSL config too.

18:17 <ccx^xmpp> find -name 'mongo.log.*' -delete

18:19 <ccx^xmpp> find has this "fill argument list" feature too btw: -exec mycommand '{}' +

21:46 <georgeowell> kentonv: awesome!

21:51 <georgeowell> did anyone hear how the letencrypt wildcard stuff was developing?

22:03 <sknebel> in testing, but not going live end of february, maybe mid-march

22:03 <sknebel> https://community.letsencrypt.org/t/acmev2-and-wildcard-launch-delay/53654/2

22:03 <georgeowell> thanks

23:51 <TimMc> I ended up just getting a $42 wildcard cert to tide me over.

23:51 <TimMc> (actually 2, because I screwed up the first time)