00:11 <isd> Reminder: office hours in a little under an hour

01:04 <isd> Reminder: office hours now

02:38 <abliss> oh snap... let me guess, the fuse in spk-dev doesn't capture a file if it only get stat()ed and never opened

02:39 <abliss> so if your app is written in python, when you run 'spk dev' it will stat e.g. `lib/python3.6/os.py` but then notice it is older than `/usr/lib/python3.6/__pycache__/os.cpython-36.pyc`, so it will only open the latter, so only the latter ends up in the .spk pack file

02:40 <abliss> but, if you then try to run that pack file, it'll fail to stat the original os.py, and then decline to use the os.pyc file, and you're screwed

02:41 <abliss> and then it crashes with `Could not find platform independent libraries <prefix>`

02:42 <abliss> surely i'm not the first person to hit this? unless literally nobody has ever tried to use `[vagrant-]spk dev` on an app with literally any python inside?

02:47 <isd> I thought it created empty files in that case? not sure. If you spk unpack, are the files there?

02:47 <isd> I've definitely done spk dev on a python project before.

12:42 <abliss> nope, os.py doesn't show up if i spk unpack (and doesn't show up in /var/sandstorm/apps/$hex when i install)

12:58 <abliss> my vagrant vm seems to have spk from sandstorm v262 fwiw

15:14 <isd> I think that's current.

15:14 <isd> You could try putting stuff in alwaysInclude to dodge the issue. That's weird though.

15:38 <abliss> whelp https://github.com/sandstorm-io/sandstorm/blob/master/src/sandstorm/union-fs.c%2B%2B#L326-L340

15:38 <abliss> looks like only zero-size files get added in response to stat.

15:40 <abliss> Maybe this is only a problem if you use python in a venv? maybe if you use the system python, it will eventually read() the system os.py... maybe only a venv is self-contained enough to skip straight to the pyc

15:42 <abliss> ... nope, strace seems to indicate that even outside a venv, python never actually calls open() on `/usr/lib/python3.6/os.py` . so i'm confused how anyone's ever successfully used `spk dev` with python.

15:42 <abliss> maybe really old versions of python didn't have this behavior?

15:43 <isd> So am I.

15:43 <isd> What version are you on?

15:44 <abliss> py3.5 and py3.6 both seem to have this behavior

15:44 <isd> Oh wait, 3.6 duh

15:45 <isd> My approach here would probably be to just use alwaysInclude. But yeah, I'm now really confused about what changed.

15:46 <abliss> well i can't really alwaysinclude beacuse i don't have a good list of which .py files are needed... even if i did, it'd be a list thousands long that i wouldn't want to maintain in my pkgdef

15:47 <abliss> i guess i could write a script that crawls the sandstorm-files.list and converts each .pyc back to a .py by guessing where it's probably located

15:47 <isd> You can give it a directory.

15:47 <abliss> it's still dozens of directories when you include all of my transitive python dependency packages... and lots of them i don't even want

15:48 <abliss> at this point i'm kind of inclined to add a command-line flag to spk dev to include all stats

15:49 <isd> I feel like an option in th sourceMap might make more sense.

15:49 <abliss> ooh, good idea

15:49 <abliss> it's a bit of a mixture of concerns...

15:50 <abliss> like in theory you could use `sourceMap` and `spk pack` and never use `spk dev` (assuming you hand-write your `sandstorm-files.list`

15:50 <abliss> but there's already a comment about `spk dev` inside the default `sourceMap` so the concerns are already slightly mixed

15:52 <abliss> this would be a good question for kentonv to weigh in on. (executive summary: `spk dev` doesn't include files that are only stat()ed but never open()ed, unless they are zero-byte. This doesn't work for python since it will stat() os.py but then only ever open os.pyc. I'm suggesting an optional mode to make it include all stat()ed files, not just the zero-byte ones. Should it be a command-line flag to `spk dev` or a flag on

15:52 <abliss> the `sourceMap` in the pkgdef?)

15:53 <isd> Maybe it put it in manifest.metadata instead, next to the fileList field?

15:54 <isd> That way it's also grouped near alwaysInclude, which is nice in that it keeps all of the autodetection-related things together.

15:56 <isd> In theory you could make the package smaller by just including empty .py files and making sure their timestamps were older than the corresponding .pyc files

15:58 <abliss> yeah , i was thinking about that... haven't come up with a good way to do it that isn't finicky

15:59 <abliss> and given that the package already has 25MB of stuff, i'm not super concerned about the weight of the extra .py files. we'll have to see if the comment is really accurate that "it is normal to stat() every file in a directory when listing that directory" , to see how much other bloat is added

16:00 <abliss> what would be awesome is a flag to python that says "if you can't find the .py file, assume the .pyc file is current" but I couldn't find anything like that

16:00 <abliss> i found a lot of stackoverflow questions from people saying "how do i distribute an app with only .pyc files and not .py files" and the answer is always "you don't"

16:03 <isd> From what I'm seeing the reasons are things like incompatibility between python versions (not an issue because we're bundling it with the python interpreter anyway) and usually the person asking the question wants to avoid shipping .py files because they're shipping proprietary software and they don't want to provide source, but .pyc files are really easy to decompile, so this doesn't really help them anyway.

16:04 <isd> So I'm not sure those answers apply to us

16:04 <abliss> right, i do think it would work if python would support it, but i doubt there's any easy way to make the python executable do what we want.

16:05 <isd> It probably compresses well anyway

16:06 <isd> It might be nice to have some python-specific tooling that just understands python dependencies so we don't have to rely on the fuse nonsense in the first place

16:06 <abliss> oh, i wouldn't touch the python dependency ecosystem with a ten foot pole

16:07 <isd> tbh I really kinda don't like the fuse thing.

16:07 <isd> I guess I'm just thinking of something that does a pip freeze and includes those packages, rather than trying to muck with file detection.

16:08 <simpson> abliss: Python in general is only defined on .py files. .pyc files are a CPython implementation detail. Indeed they are not portable.

16:08 <abliss> sure, but i'm bundling a cpython interpreter inside a .spk file. i don't care about portability at all here.

16:12 <abliss> ooh, i know: since i'm only using .py files from within my venv and never from the real /usr/lib , maybe i can just touch every single .py file to freshen it before starting spk dev,

16:14 <isd> Stupid hacky idea that we should never ever implement: We could set the permissions on files that were only stat()'d to 0 (not even readable by owner) and just include them as sparse files in the package even if they're zero size. This way the metadata can still be read, but they don't take up space. Obviously the permissions will be off, but we don't fully preserve that as-is.

16:15 <isd> I mostly mention this because it amuses me, not because it's actually a resonable idea.

16:17 <abliss> yeah, i was thinking about the sparse file too. permissions shouldn't matter right? assuming it never got opened (or rm'd or whatever), swapping out the contenst for zeroes shouldn't disturb anything

16:19 <isd> The danger is that if the app does try to open() it later, even though it didn't in spk dev, then if the contents are wrong it could result in bugs that are hard to understand, vs. a simple "permission denied"

16:20 <abliss> true... i mean, in general, if an app tries to open() something at runtime that it didn't open() during spk dev, there are going to be hard-to-understand bugs

16:20 <abliss> that seems kind of inseparable from the basic idea of spk dev :)

16:20 <isd> Like I said, I really don't like the fuse thing.

16:21 <isd> But "can't open the file" is much easier to understand than "the file unexpectedly contains a bunch of zeros wtf"

16:21 <abliss> it is awfully convenient though.

16:21 <abliss> (and even if you did it with an LD_PRELOAD or a ptrace or other hack besides fuse, the basic underlying problem would remain. it's inherent in "automatic dependency discovery". the alternative is completely specifying every file you depend on, a la bazel)

16:22 <isd> I mean, you could do it at a higher level of abstraction than bazel. But you'd need more knowledge of the tools involved

16:23 <abliss> bazel's already pretty highly abstract IMO :)

16:23 <kentonv> abliss, the problem with including stat()ed files is that it's pretty common for various frameworks to stat() everything in a directory when listing it even if they don't intend to use the contents. But maybe adding zero-size files (or even sparse files, to fake the file size) could make sense?

16:23 <kentonv> (NOTE: I haven't read most of the conversation)

16:23 <isd> I guess what I mean is being able to just say "packages referred to by requirements.txt" and not have to fuss with what that menas.

16:23 <isd> means

16:23 <abliss> yeah, that's why we were thinking of making it optional.

16:24 <abliss> sparse files to make the file-size correct is what we're currently discussing

16:24 <kentonv> making things optional is kind of sad because then the developer has to think about it

16:24 <simpson> abliss: For example, Nix uses a higher level of abstraction; the *build* of the build tools is sandboxed, and extensionality is used to infer which parts of the filesystem are actually relevant. But you must be okay with /nix and abandoning FHS.

16:24 <isd> zero-size files wouldn't help here, since the files in question are not zero size.

16:25 <abliss> true. i'm gonna try my current idea of force-refreshing every .py file during my "build.sh" , that may obviate the entire issue for this .py/.pyc problem thanks for showing up kentonv

16:25 <abliss> i think he meant "if a file is only stat()ed but never opened, make a new zero-size file with most of the other attributes the same"

16:26 <isd> I'm generally in favor of not trying to make the flaky heuristic thing more complicated. I think the right answer here is "if spk dev isn't doing what you want, you have to specify stuff explicitly, sorry."

16:28 <isd> I'd really like to see a nix-spk or such.

16:29 <isd> Also: with docker-spk I found that if you use alpine as the base image then even without spk-dev's pruning the package sizes are still not ridiculous usually

16:30 <isd> A lot of the bloat that spk dev gets rid of is from base-system stuff that's too big

16:32 <abliss> dang, doing a global freshen at the end of my `build.sh` didn't work

16:32 <isd> You'd need to do it in launch.sh

16:33 <abliss> no, the idea was to do it after all my python runs (pip install, etc) , but just before spk-dev starts up

16:33 <abliss> the idea is not to force-include every .py file, but to force-freshen every .py file, so that the ones that actually get imported (and only those) will be opened

16:33 <isd> Oh, you mean to make sure the app actually open()s the files.

16:34 <abliss> i'm guessing python outsmarted me, and touching os.py isn't enough to invalidate os.pyc

16:34 <isd> Maybe it's doing something special for system directories?

16:35 <isd> Honestly I'd just add /usr/lib/python3.6 to alwaysInclude and be done with it.

16:36 <abliss> that's 94MB

16:38 <isd> Ok I guess that is a bit much. I remember it being a lot smaller when using the alpine images.

16:38 <abliss> ah, i think i missed os.py itself in my find-and-touch touch

16:39 <abliss> build.sh doesn't have root access to touch /usr/lib/python3.6 stuff. i'll have to do it in setup.sh

16:40 <isd> I think you could just do sudo

16:40 <isd> Pretty sure the vagrant user can do that without a password.

16:41 <isd> setup.sh will probably not do what you want, since it runs before the build and therefore might not actual result in the file it touches being as new as needed.

16:42 <abliss> well currently my build.sh is empty, so the end of setup.sh should be fine right?

16:43 <isd> Yeah I guess so

16:44 <abliss> actually, i guess i need to touch all the /usr/lib stuff in setup.sh , and touch all the ./venv/ stuff in build.sh

16:47 <isd> It might actually hurt startup times to force it to read the .py files.

16:48 <abliss> i'm just forcing it to read them in the spk dev phase, not in the actual app

16:48 <isd> Sure, but if they're newer than the pyc files when it runs, it's going to go through the same logic

16:49 <abliss> does spk pack preserve mtimes?

16:49 <abliss> if so, it should detect that the pyc files are newer

16:49 <isd> I don't think the app can update the pyc files in the system directories, because it's a read only file system

16:49 <abliss> wahoo, freshening in setup.sh works, i have os.py in my sandstorm-files.list

16:50 <isd> It might not be that bad in comparison to everything else it's doing on startup though

16:53 <abliss> wow, the spk went from 23Mb to 27Mb, that's quite surprising. I have a hard time believing there's 4Mb compressed of .py files in there.

16:54 <isd> I don't :P

16:56 <isd> What's the diff in your sandstorm-files.list? is there anything other than .py files added?

16:58 <isd> I really wish nix could handle dynamically gathering dependency info better.

16:58 <abliss> mostly. looks like a couple new icons snuck in there

16:58 <isd> I'd like some tool to discover the dependency graph and just put it in a .lock file or such

16:58 <abliss> 970 new files added, almost all. py

17:00 <abliss> ahhh, and a 2Mb webfont, sigh

17:00 <abliss> for the emoji. smh.

17:01 <abliss> anyway! success! I have an .spk that seems to work. I put it up on https://github.com/abliss/sandstorm-synapse/releases/download/sandstorm-v0.0.0-rc2/matrix-000.spk in case anyone is curious to try it out.

17:04 <isd> Neat!

17:04 <isd> Might want to url decode the user's name; it's showing my display name as Ian%20Denhardt

17:05 <isd> https://thelibrary.sandcats.io/shared/5fkG9EY1XLneDHMW1TdBHCPn7Dmti2Dh-bnNDgY0W2p

17:06 <isd> Hm, I wonder if we can get video calls to work with this.

17:07 <isd> Requesting browser permissions doesn't seem to work through the iframe

17:11 <isd> Definitely some rough edges.

17:13 <abliss> oh tons. i'm just chuffed to have any edges at all :)

17:14 <isd> Still, it's exciting.

19:16 <abliss> desktop notifications also get denied without prompting due (i think) to the iframe. Is there a general way to make chrome allow iframes to do cool stuff?

19:18 <abliss> https://www.fxsitecompat.dev/en-CA/docs/2019/notification-permission-requests-from-cross-origin-iframe-are-now-disallowed/

19:19 <abliss> https://groups.google.com/a/chromium.org/forum/m/#!topic/blink-dev/n37ij1E_1aY

19:20 <abliss> "More generally, permission requests from iframes cause significant confusion for users. It is difficult to distinguish between the main frame origin and the origin requesting the permission. The scope of the permission decision (within or outside an iframe) is also unclear, making it difficult to reason about when a granted or denied permission takes effect."

19:20 <abliss> Seems like they might entertain a carve-out when the iframe is a subdomain of the main frame?

19:21 <abliss> "Instead of using an iframe, affected websites can open a new window (i.e. a new main frame) to request notification permission. "

19:22 <abliss> Ugh, that's an ugly invasive change to every single app that wants any permissions. i wonder if we should add to the sandstorm shell a "pop ui frame out into its own window" button, and teach users to use that when requesting perms?

19:25 <abliss> or maybe we continue with the idea of using a js proxy object to "fix" localStorage. a similar proxy could perhaps intercept all notification requests (and camera/microphone and everything else that needs permission) and route them through to the root iframe?

19:36 <JacobWeisz[m]> There would be issues with asking people to pop out the iframe. Like the fact that they'd be granting permission to a ethereal subdomain and not the site they're using.

19:37 <JacobWeisz[m]> In the case of notifications, at least, I thought the genera consensus was that apps should use Sandstorm's notifications and then Sandstorm should have options for how to email or display them to the user.

21:46 <abliss> oh right, good point, i forgot about that!

22:30 <JacobWeisz[m]> I am not sure how well that would work with granting access to the camera or microphone though.

22:30 <JacobWeisz[m]> Does foo.com asking for access also grant it to bar.foo.com?

22:47 <kentonv> I think most permissions are keyed by full hostname

22:48 <kentonv> it'd be neat if there were a way to pass the permission from the parent frame to the child in the form of a capability... but I seriously doubt that's possible

22:51 <isd> Yeah, I'd be very surprised.

22:51 <isd> So many things are harder tthan they have to be because web.

22:57 <isd> Who do we have to talk to to get media stream objects to be Transferrable: https://developer.mozilla.org/en-US/docs/Web/API/Transferable ?

22:59 <kentonv> whatwg I guess?

23:00 <kentonv> but pretty much they build the things Google wants, not people like us

23:06 <isd> yeah, I think to have any real pull at all we'd probably have to actually being hacking on a browser or something.

23:43 <JacobWeisz[m]> If the server on Sandstorm works with apps/clients we avoid a lot of the challenges of working with browser/web issues.

23:43 <JacobWeisz[m]> I think the in-Sandstorm interface only needs to have the basics if the apps can work.

23:44 <abliss> yeah, high on my list is to patch the android riot.im port (and/or possibyl the new rewrite riotX) to use sandstorm webkey urls

23:44 <kentonv> ehhh personally I'm a big fan of doing everything in the browser, TBH

23:45 <kentonv> (just speaking for myself as a user)

23:45 <JacobWeisz[m]> I hate browsers doing audio video and notifications.

23:46 <JacobWeisz[m]> Personally I think notifications in particular should be deprecated entirely from browsers. I solely see them in the real world in use by malicious actors.

23:46 <isd> +1 for O(1) copies of chrome on my laptop.

23:47 <JacobWeisz[m]> Every old lady who thinks their computer is hacked just has 62 sites authorized to send popup ads via the notifications API.

23:47 <isd> The legitimate use cases are for things like chat apps. Which I would much prefer to be running in a browser over having another electron process going.

23:48 <JacobWeisz[m]> Well, chat apps shouldn't be written in Electron, IMHO. :P

23:48 <isd> Also, it's a lot easier to onboard some rando with an app I want to use if they don't have to install anything first.

23:49 <isd> I mean, I agree. I fire up riot only when I can't figure out how to do something in weechat nowadays

23:49 <isd> Basically entirely because of battery life concerns.

23:50 <abliss> how is weechat's matrix support on android?

23:50 <isd> No idea, I'm using it on my laptop

23:50 <abliss> oh

23:50 <isd> I've been using RiotX on android.

23:50 <abliss> is it stable? i'm still on the old riot.im app

23:50 <isd> It's missing some features, but it seems to work fine. I jumped on captaincalliope's reccommendation

23:51 <JacobWeisz[m]> Notifications in the browser though is something I've never seen someone want outside the tech bubble. And seen a ton a spam with. Iunno, I don't even want my web apps doing popup notifs.

23:54 <abliss> (riot.im through chrome on android is kinda usable, but the native experience is definitely better.)