kentonv changed the topic of #sandstorm to: Welcome to #sandstorm: home of all things Say hi! | Have a question but no one is here? Try asking in the discussion group:
Ristovski has left #sandstorm [#sandstorm]
<isd> I'm not actually sure what the intent of that comment is wrt to methods defined on SandstormDb itself; the big thing to avoid is directly acccessing those from outside of the class.
<isd> Maybe a thing to explicitly call out for feedback when you make a pr.
<ill_logic> So what I'm trying to sort out now, and which I feel like I might have had an issue with when I was trying this long ago
<ill_logic> is that this.collections.grains.find, from within this admin page we're on, implicitly filters for the querying user
<ill_logic> So I see zero for every user by the logged in admin. I tried switching to a different admin.
<ill_logic> And I debugged to make sure that the other grains weren't showing up.
<ill_logic> I'm trying to see what might be done differently in other parts of the codebase.
<isd> You may have to separately do Meteor.publish for the data you want.
<isd> But, calling it a night. later.
<JacobWeisz[m]> I want someone to put Pihole in a Sandstorm app.
<JacobWeisz[m]> I am sick of repairing my Raspberry Pi SD card.
<xet7> JacobWeisz[m]: You could boot RasPi from external USB harddrive? Or maybe that's too much setup
sam_w has quit [Ping timeout: 240 seconds]
sam_w has joined #sandstorm
<JacobWeisz[m]> Yeah, there's options. But the easiest is to run it where I run everything else.
<xet7> Yes of course
<kentonv> isd, how confident are we that ttrss was the only user of raw HTTP via hack-session?
<JacobWeisz[m]> I think we're pretty confident with regard to market listed apps? not isd though
<kentonv> good enough for me
<JacobWeisz[m]> I know with regards to client side he actually tested every market app, but httpGet is much harder to accidentally use.
<JacobWeisz[m]> I was curious if you anecdotally knew of any private app usage of httpGet.
<kentonv> I don't remember any in particular but it's very possible I forgot about something?
<JacobWeisz[m]> Any idea why our test failure count creeped up? It was higher as of the previous release too.
<kentonv> hmm the client-side lockdown is probably going to break the app index, which fetches author profile info from keybase on the client side....
<JacobWeisz[m]> Hopefully then nobody else ever used httpGet and we won't have to wait too long to remove the undo switch.
<JacobWeisz[m]> re: app index, seems likely then.
<JacobWeisz[m]> That one is definitely going to cause some pain yet. I think we may want to patch some of the apps before landing it, but I don't know. A lot of affected apps have non-responsive devs.
<kentonv> oh hmm, it was marked ready-for-review so I merged it. Should I unmerge it?
<JacobWeisz[m]> I think I meant it was ready for your review/thoughts. All of the breakage is listed in the thread, I am curious how you feel about it.
<kentonv> well, it's a matter of deciding how much breakage we're ok with
<kentonv> I mean
<kentonv> TBH I don't have a strong opinion. It sounds like a fair amount of testing has been done and at least we know what we're getting into.
<JacobWeisz[m]> Ian stated he was comfortable with the amount of breakage, FWIW.
<kentonv> well, you and Ian should monitor for reports of breakage and if we need to do a quick release to flip the default setting, we can do that.
<JacobWeisz[m]> Presumably our worst case is that someone really needed functionality that this broke, and can flip the switch. And we can appReplacement key a fix without incredible amounts of pain.
<JacobWeisz[m]> Ian and I figured leaving the switches for these changes not documented in the error messages will mean that if anyone needs them they will come find us and report a problem.
<kentonv> I guess personally I would have put together an allowlist of known packages that rely on external resources
<kentonv> but it's not me doing the work, so... :)
<JacobWeisz[m]> I think we'd rather fix the fallout if actual problems appear than leave a lot of what could be argued is a security hole. Some of these apps I definitely wonder if they still have active users.
<isd> There wasn't really any catastrophic breakage iirc; the worst was some latex formatting probably wouldn't work on a couple apps (but sharelatex was fine)
<kentonv> lol some rando decided to "approve" a 5-year-old PR I made against the app market...
<kentonv> (and yes, that's a PR against the original repo owned by the outsourced developer. Which they ignored, so we forked the repo...)
<JacobWeisz[m]> Way to pad out that contribution activity profile!
<simpson> That's not a suspicious profile at all~
coyotebush has quit [Remote host closed the connection]
<TimMc> They might be a novice who was not sure what it meant/would do and just yolo'd it.
strugee has quit [Ping timeout: 240 seconds]
nwf has quit [Ping timeout: 240 seconds]
nwf has joined #sandstorm
nwf has quit [Ping timeout: 256 seconds]
nwf has joined #sandstorm
_whitelogger has joined #sandstorm