kentonv changed the topic of #sandstorm to: Welcome to #sandstorm: home of all things sandstorm.io. Say hi! | Have a question but no one is here? Try asking in the discussion group: https://groups.google.com/group/sandstorm-dev
CcxWrk has joined #sandstorm
frigginglorious has quit [Ping timeout: 264 seconds]
zarvox has quit [Ping timeout: 264 seconds]
frigginglorious has joined #sandstorm
jryans has quit [Ping timeout: 265 seconds]
jryans has joined #sandstorm
frigginglorious has quit [Ping timeout: 256 seconds]
TimMc has quit [Ping timeout: 250 seconds]
TimMc has joined #sandstorm
mokomull has joined #sandstorm
TimMc has quit [Ping timeout: 264 seconds]
TimMc has joined #sandstorm
CcxWrk has quit [Quit: ZNC 1.7.4 - https://znc.in]
CcxWrk has joined #sandstorm
frigginglorious has joined #sandstorm
<JacobWeisz[m]> Woo!
frigginglorious1 has joined #sandstorm
frigginglorious has quit [Ping timeout: 265 seconds]
frigginglorious1 is now known as frigginglorious
<abliss> http/1.1 over capnp seems exciting. Could we replace httpGet in hack-session with a proper http proxy living inside the grain? it could tunnel all requests over capnp through sandstorm, with powerbox requests to auth new hosts? any hope for supporting http/2 and/or websockets?
<kentonv> abliss, HTTP/1.1 and HTTP/2 are different encodings of the same semantic protocol, so http-over-capnp is an alternative to both. But KJ doesn't have an HTTP/2 implementation so currently to proxy from HTTP/2 to Cap'n Proto would require two proxies, first to HTTP/1.1 and then to capnp
<kentonv> as for replacing Sandstorm's alternative HTTP-over-RPC protocol... maybe. The nice thing about Sandstorm's protocol is that it pulls apart the semantics of HTTP so that it's not a bag-of-headers. That's useful for sandboxing because we can be thoughtful about what features the sandbox is allowed to use. If we switched to the more general bag-of-headers protocol then we need to accomplish the same thing through header whitelisting, and sometime
<kentonv> s rewrites, which feels messier... but maybe less cognitive overhead?
<kentonv> of course, we'd still have to support the old protocol forever as well...
sknebel has quit [Ping timeout: 256 seconds]
<simpson> This new work seems like something that's easier to implement in other runtimes. I'm still not sure how I'd approach using Sandstorm's HTTP-over-RPC encoding ala carte.
<simpson> Or do I mean "ala mode"? Whichever one doesn't have whipped cream.
sknebel has joined #sandstorm
<isd> Some of this has been talked about before, but a big downside of the way web-session works is that it's hard to get existing http libraries to talk to it. By contrast, it would be fairly easy to write a wrapper for http-over-capnp so you could e.g. use any python wsgi app without modification
<isd> But I agree with kentonv's assesment re: advantages for the folks implementing the sandbox.
<isd> It's a bit of a shame that we're exposing that to app developers though.
<isd> It might be neat to experiment with an alternative to sandstorm-http-bridge that wraps apps in a membrane and catches calls to the web-session methods, converting them to capnp-over-http.
<isd> So apps could use something with less of an impedence mismatch with their http libraries, but not have to have an extra layer of indirection for the rest of sandstorm's capnp apis.
<isd> It's framed in terms of PL-level static types and talking about Haskell specifically, but what she's talking about is not far off from the design principles behind web-session I think.
<isd> simpson: mode has ice cream
<isd> I guess another possibility rather than a membrane that catches calls to web-session methods directly, we could catch calls to UiView.newSession, and if the session type is WebSession or ApiSession, we call out to the app with an alternate session type, wrapping the result.
<isd> abliss: re: a proxy inside the grain, the bridge does this already for powerbox-acquired http targets. Really we want to get rid of httpGet (and everything else in hack-session.capnp), and have everything go through the powerbox
nicoo has quit [Remote host closed the connection]
frigginglorious has quit [Read error: Connection reset by peer]
nicoo has joined #sandstorm
frigginglorious has joined #sandstorm
nicoo has quit [Remote host closed the connection]
nicoo has joined #sandstorm
frigginglorious has quit [Ping timeout: 265 seconds]