04:05 <abliss> "This means you have to install Meteor 1.8.2 in addition to the latest version in order to build Sandstorm. :( " -- how? the docs suggest `curl https://install.meteor.com/?release=1.8.2 | sh` but the first thing this prints is `Removing your existing Meteor installation.`

04:17 <isd> As I understand it, the way meteor is structured there's a sort of "version manager" that will automatically pull in versions of the framework that you're actually using. So if you install 1.8.2 and then try to build an app that's marked as using 1.10, it will just pull that in

04:18 <isd> The reason we need to specify 1.8.2 explicitly is because we're not actually using meteor 1.8.2, we're just using the older node it ships with to run the font thing.

04:18 <isd> It's all very upsetting.

04:19 <isd> Probably if you had a dev setup from before up upgraded past 1.8.2, it would continue to work (which is why I didn't notice this had even gone in until someone tripped over it and opened an issue)

04:20 <abliss> well i had a working build some weeks ago, and now i can't build because i don't have meteor 1.8.2. (Of course, it takes 20 minutes of "make" before it will deign to fail and tell me.)

04:22 <abliss> i ran the curl and restarted make , and that was 31 minutes ago, so i oughta be finding out pretty soon whether that worked.

04:22 <isd> Best of luck.

04:24 <abliss> actually wait, maybe it is done? i forgot that i went 'continuous' this time and it doesn't give you any indication that it finished.

04:25 <abliss> does 'make continuous' not create a sandstorm-0.tar.xz ?

04:30 <kentonv> abliss, it doesn't. It only compiles the C++ code, and when it's done with that, stops and waits for something to change requiring rebuilding.

04:31 <abliss> i see... so the only practical way to make is `make continuous & make ` ?

04:52 <abliss> oh right, now i remember why i nuked some old meteor versions... ~/.meteor is 3Gb!

04:53 <kentonv> `make continuous` should only be used when you're hacking on the C++ code

04:53 <kentonv> if you want to build a bundle, `make` or `make fast` (which sets xz compression level to zero on the final output) will do it

04:55 <abliss> when you're hacking on the C++ code.... or if you ever plan to `git pull` in someone else's work which touches the git code, right?

04:56 <abliss> because if any of the C code is touched at all, your `make` starts over from scratch with zero reuse, right?

04:58 <kentonv> sure, if you expect to be making incremental changes to the C++ code and you don't want to rebuild the whole thing when that happens, you leave `make continuous` running in the background.

05:38 <isd> I tend to habitually do make continuous when I sit down to hack for the day. This way I don't have to think about in advance whether I'm going to need it.

05:39 <isd> Also, wow, my ~/.meteor is twice that.

17:12 <JacobWeisz[m]> Anyone know if the LDAP login is sent from the server or the client? If my LDAP server is on the local network configured with a local IP, can I use those credentials when visiting Sandstorm from a remote network?

17:18 <JacobWeisz[m]> Answered my own question. It presumably handles all of it on the Sandstorm server's network. Because with LDAP configured to use a local IP address, I authenticated against it from a remote network.

17:19 <JacobWeisz[m]> For my home PCs I am setting up Active Directory so I can centrally manage them and user accounts on them.

17:20 <JacobWeisz[m]> Seemed like an opportune time to play with LDAP configuration since my Sandstorm server lives in the same network.

17:58 <xet7> I should also sometime learn LDAP

17:58 <xet7> I don't know about it

17:58 <xet7> and some just add issues about Wekan LDAP

17:59 <xet7> JacobWeisz[m]: Can you look at Wekan LDAP issues?

18:00 <JacobWeisz[m]> I am kinda an LDAP noob, to be honest. I can now say I've tested Sandstorm's LDAP though.

18:01 <JacobWeisz[m]> I can look at the issues though and see if I have any thoughts.

18:01 <xet7> Thanks!

18:05 <JacobWeisz[m]> I want to look at the LDAP docs for Sandstorm too. I remember finding the push for SAML/ADFS off-putting as a Windows admin. Though I configured this without using docs at all, FWIW.

18:11 <xet7> JacomWeisz[m]: What do you think, should I make paid Windows installer for Wekan? Would someone buy it? I could make survey about it.

18:11 <xet7> JacobWeisz[m]: ^

18:49 <JacobWeisz[m]> I opened a PR for probably the only real omission the docs has for LDAP to Active Directory. The prepopulated username field isn't used by Active Directory.

18:52 <JacobWeisz[m]> xet7: Is there currently no such installer? I imagine you could go after more enterprise customers with a Windows server install and good LDAP/Active Directory support.

18:54 <JacobWeisz[m]> Where I work we do not care if something is open source, but having paid support is critical.

18:56 <JacobWeisz[m]> And we are probably not going to even entertain something that runs on Linux unless its an appliance/virtual appliance.

18:57 <xet7> Currently there is no such installer

18:57 <JacobWeisz[m]> The appliance strategy is how a lot of enterprise vendors get away with shipping Linux: The business that buys it just sees the web interface.

18:57 <xet7> Wekan works with Windows version of Node+MongoDB

18:58 <xet7> it's just making installer, update etc gui

18:58 <JacobWeisz[m]> A good appliance is managing its own OS/security updates, but I'd generally prefer something that runs on Windows where I can manage it the same as the rest of the environment, and am not dependent on the vendor doing their job well.

18:59 <xet7> Many are installing Wekan to air gap internal network

19:00 <JacobWeisz[m]> (A lot of enterprise hardware appliances run on things like Pentium 4 chips in whitelabeled 1U server boxes running archaic CentOS builds.)

19:00 <xet7> CentOS 6 ?

19:02 <JacobWeisz[m]> I think it'd open up that market to you. Plenty of enterprise apps I see pretty much install Tomcat, Postgres, etc. on a Windows server.

19:04 <xet7> What kind of pricing those have?

19:06 <JacobWeisz[m]> Yeah, CentOS 6 is on way too many things. :P

19:12 <xet7> On those Enterprise systems, do they use macOS at all?

19:13 <xet7> Although, I think on Mac everything is deprecated too fast

19:19 <JacobWeisz[m]> I never have seen/used Macs in an IT environment. The printing company I used to work at had them prior to me working there, and got rid of them when Adobe improved their support for Windows like a decade ago.

19:19 <JacobWeisz[m]> I know Apple has tools for centrally managing Macs but I've never used them.

19:22 <xet7> I have spent many hours trying to support Macs. Once macOS upgrade corrupted local MySQL databases, with MySQL version upgrade. And some other times I spent many hours trying to get Mac show local Nginx+PHP+MySQL Drupal websites. I did get those working, after trying many things.

19:23 <JacobWeisz[m]> I am honestly curious what people in non-Windows environments use instead of Active Directory to manage accounts. I found Google's new Credential Provider for Windows announcement intriguing, as it suggests they're getting serious about managing Windows PCs without using AD.

19:24 <JacobWeisz[m]> If I have a network of Linux servers and machines today, what am I most likely to use to administer and manage accounts of non-IT users?

19:24 <xet7> Univention appliance has some web LDAP style gui for users, groups etc https://github.com/wekan/wekan/wiki/UCS

19:25 <xet7> Although, I think there is more proper features in version that has paid support

19:25 <xet7> it's web GUI

19:26 <xet7> Friend https://friendos.com/ has it's own web UI for managing users, roles, groups, permissions

19:27 <xet7> There are some other LDAP server distros that have more features than Univention

19:28 <xet7> Mostly I think Friend is the future, because it's very fast web+app desktop

19:29 <xet7> And they have own mini distro that boots directly to Friend desktop full screen

19:29 <xet7> It will be released to some GitHub repo sometime in the future

19:29 <xet7> At Friend desktop Wekan is in window

19:30 <xet7> Friend is fast websockets using server coded in C

19:30 <xet7> it also support PHP and other programming languages

19:30 <xet7> there is OnlyOffice with modifications for Friend

19:30 <xet7> music tracker app

19:30 <xet7> graphics editing

19:31 <xet7> etc etc

19:31 <xet7> iOS and Android app

19:31 <xet7> I have been thinking that maybe I could try to run Sandstorm as an app

19:31 <xet7> in window

19:32 <xet7> Wekan app is here https://github.com/wekan/FriendUPApp

19:32 <xet7> it's just defining Wekan url etc

19:32 <xet7> some html

19:33 <xet7> Although, I should translate Friend to Finnish

19:36 <xet7> But, I don't know the future

20:11 <isd> ocdtrekkie: The most common configuration I've seen is krb5 + openldap

20:11 <isd> So, same protocols, different implementation

20:13 <isd> I'm pretty sure these days it's even possible to connect windows clients to a Linux kerberos/ldap server setup

20:13 <isd> RedHat has put some effort into that, speaking of enterprise systems.

20:15 <isd> Usually people combine that setup with /home being an NFS mount

20:15 <JacobWeisz[m]> Okay, that's good to know.

20:49 <avffa> Hey all, I have a weird set up that doesn't seem to be accounted for in your docs. Was wondering if I could get some input. Sandstorm conf as follows:

20:54 <avffa> or it would follow if my paste sharing was working :D

20:56 <avffa> https://pastebin.com/bqghBz66

20:56 <avffa> there we go

20:57 <avffa> so my issue is that I want Sandstorm to handle SMTP but since it's bound to loopback I need a way to handle reverse proxying. I already have Nginx reverse proxying 443 and redirecting 80 to 443, and I'm almost certain there's a way to do it with Nginx so that it just passes all traffic on 25 to sandstorm

20:57 <avffa> just the config isn't apparent to me

20:58 <avffa> Perhaps this opens the dialogue for a suggestion, that SMTP could be bound to a different IP than the web interface

22:14 <isd> You probably want to pick a higher port for sandstorm to listen on and then have nginx do the forwarding to that. nginx needs to listen on the public-facing port

22:21 <avffa> Hmm yea I think when I configured it a couple days ago I tried forwarding from public to local