01:38 <isd> I'm not actually sure what the intent of that comment is wrt to methods defined on SandstormDb itself; the big thing to avoid is directly acccessing those from outside of the class.

01:40 <isd> Maybe a thing to explicitly call out for feedback when you make a pr.

02:02 <ill_logic> So what I'm trying to sort out now, and which I feel like I might have had an issue with when I was trying this long ago

02:03 <ill_logic> is that this.collections.grains.find, from within this admin page we're on, implicitly filters for the querying user

02:03 <ill_logic> So I see zero for every user by the logged in admin. I tried switching to a different admin.

02:03 <ill_logic> And I debugged to make sure that the other grains weren't showing up.

02:03 <ill_logic> I'm trying to see what might be done differently in other parts of the codebase.

02:22 <isd> You may have to separately do Meteor.publish for the data you want.

02:22 <isd> But, calling it a night. later.

03:26 <JacobWeisz[m]> I want someone to put Pihole in a Sandstorm app.

03:26 <JacobWeisz[m]> I am sick of repairing my Raspberry Pi SD card.

04:48 <xet7> JacobWeisz[m]: You could boot RasPi from external USB harddrive? Or maybe that's too much setup

06:32 <JacobWeisz[m]> Yeah, there's options. But the easiest is to run it where I run everything else.

07:27 <xet7> Yes of course

16:02 <kentonv> isd, how confident are we that ttrss was the only user of raw HTTP via hack-session?

16:05 <JacobWeisz[m]> I think we're pretty confident with regard to market listed apps? not isd though

16:06 <kentonv> good enough for me

16:08 <JacobWeisz[m]> I know with regards to client side he actually tested every market app, but httpGet is much harder to accidentally use.

16:08 <JacobWeisz[m]> I was curious if you anecdotally knew of any private app usage of httpGet.

16:09 <kentonv> I don't remember any in particular but it's very possible I forgot about something?

16:10 <JacobWeisz[m]> Any idea why our test failure count creeped up? It was higher as of the previous release too.

16:11 <kentonv> hmm the client-side lockdown is probably going to break the app index, which fetches author profile info from keybase on the client side....

16:11 <JacobWeisz[m]> Hopefully then nobody else ever used httpGet and we won't have to wait too long to remove the undo switch.

16:12 <JacobWeisz[m]> re: app index, seems likely then.

16:13 <JacobWeisz[m]> That one is definitely going to cause some pain yet. I think we may want to patch some of the apps before landing it, but I don't know. A lot of affected apps have non-responsive devs.

16:14 <kentonv> oh hmm, it was marked ready-for-review so I merged it. Should I unmerge it?

16:15 <JacobWeisz[m]> I think I meant it was ready for your review/thoughts. All of the breakage is listed in the thread, I am curious how you feel about it.

16:16 <kentonv> well, it's a matter of deciding how much breakage we're ok with

16:16 <kentonv> I mean

16:17 <kentonv> TBH I don't have a strong opinion. It sounds like a fair amount of testing has been done and at least we know what we're getting into.

16:17 <JacobWeisz[m]> Ian stated he was comfortable with the amount of breakage, FWIW.

16:18 <kentonv> well, you and Ian should monitor for reports of breakage and if we need to do a quick release to flip the default setting, we can do that.

16:19 <JacobWeisz[m]> Presumably our worst case is that someone really needed functionality that this broke, and can flip the switch. And we can appReplacement key a fix without incredible amounts of pain.

16:20 <JacobWeisz[m]> Ian and I figured leaving the switches for these changes not documented in the error messages will mean that if anyone needs them they will come find us and report a problem.

16:20 <kentonv> I guess personally I would have put together an allowlist of known packages that rely on external resources

16:20 <kentonv> but it's not me doing the work, so... :)

16:22 <JacobWeisz[m]> I think we'd rather fix the fallout if actual problems appear than leave a lot of what could be argued is a security hole. Some of these apps I definitely wonder if they still have active users.

16:33 <isd> There wasn't really any catastrophic breakage iirc; the worst was some latex formatting probably wouldn't work on a couple apps (but sharelatex was fine)

17:05 <kentonv> lol some rando decided to "approve" a 5-year-old PR I made against the app market... https://github.com/tableflip/sandstorm-app-market-public/pull/34

17:05 <kentonv> (and yes, that's a PR against the original repo owned by the outsourced developer. Which they ignored, so we forked the repo...)

17:08 <JacobWeisz[m]> Way to pad out that contribution activity profile!

17:09 <simpson> That's not a suspicious profile at all~

20:21 <TimMc> They might be a novice who was not sure what it meant/would do and just yolo'd it.