02:05 <ill_logic> Error messages in the browser console aren't very useful here are they

02:06 <ill_logic> Is there a way to improve this?

02:28 <isd> ?

02:29 <isd> I feel like I'm missing some context.

03:47 <JacobWeisz[m]> Ian, any idea where the cert issue is for the person who moved their install?

04:22 <isd> Are we sure using create-acme-account is correct if they've already got a sandcats domain?

04:22 <isd> That seems suspicious, but I have no idea.

04:22 <isd> As you pointed out, they may be the first person to actaully try this...

04:23 <JacobWeisz[m]> Yeah, and all our "move your Sandcats" advice is old.

04:28 <isd> I'm trying to recover an old sandcats domain I don't use anymore, let's see how it goes.

04:45 <isd> So 1GiB of memory is apparently not enough to run sandstorm, even with no grains.

04:45 <isd> I feel like we ought to be able to do better than that.

04:49 <isd> I think I know why actually; it's falling over downloading apps, and I remmeber spotting some places where it seemed like we should be applying backpressure but aren't.

04:53 <isd> So, restoring the sandcats domain worked, but I had to do create-acme-account & renew certificate manually before any pages would actually load

04:53 <isd> (also, once it finished downloading the base apps it stopped using excessive amounts of memory)

04:53 <JacobWeisz[m]> Our basic apps have grown a lot since they were first pinned.

04:54 <isd> yeah, but it shouldn't keep them all in memory.

04:54 <JacobWeisz[m]> I suggested running those two commands and it didn't help them.

04:54 <isd> It sounds like they tried to copy over files from an old install, whereas I went through the sandcats recovery on a fresh one.

04:59 <isd> Opened an issue for the memory thing

14:24 <asheesh> Hey all!

14:24 <abliss> Hi asheesh! how goes?

14:25 <asheesh> Good! How about you abliss? :)

14:25 <asheesh> I saw the email about requesting testers for the Content-Security-Policy rollout. Wanted to ask if you've thought about using Content-Security-Policy-Report-Only as a way to track the errors in a log file, etc.

14:25 <abliss> can't complain! Yeah, Ian Denhardt has mentioned that idea.

14:26 <asheesh> If not, then I want to enthusiastically suggest the idea, as it has helped me in the past roll out a Content-Security-Policy, and offer non-coding help like Q&A or links.

14:26 <asheesh> Oh, good :)

14:26 <abliss> I think his plan is to have sandstorm intercept them and pop open a notification in the shell, like "Sandstorm has blocked external images to protect yoru privacy. Load them?" similar to gmail

14:27 <abliss> then if you authorize, it reloads the frame with a weaker CSP.

14:29 <asheesh> That's a decent approach. I would encourage considering something simpler yet more aggressive, which is that for the next 6-12 months, if you enable legacy mode in the CSP config option, Sandstorm logs violations to a file somewhere and doesn't do any smart work to process them. If that file exists, and you're an admin, you see a bell notification saying you should read that file and fix the apps that your users are

14:29 <asheesh> using.

14:29 <asheesh> Then, 6-12 months later, you disable the legacy feature, and don't ever allow people to go back to legacy mode.

14:30 <asheesh> I suppose this breaks one initial promise that Sandstorm will never break apps, but maybe I'm flexible about the precise definition of that.

14:36 <abliss> Yeah, I like that approach too.

14:39 <asheesh> Nice to see you all here! I may wander off in a while.

14:39 <asheesh> Hello to anyone I don't know :D

14:54 <JacobWeisz[m]> Aww, I missed Asheesh

15:03 <isd> :(

19:01 <ill_logic> Ian Denhardt: I mean that I'm getting client errors, and the report is something I can't really decipher. Server errors are a bit more clear.

22:15 <xet7> Aww, so nice Asheesh visited here :)

22:16 <xet7> Hope he comes here again sometime :)

22:25 <xet7> What? X-Frame-Options ALLOW-FROM is deprecated? What I should use instead?

22:28 <xet7> What Sandstorm issue number is about that CSP rollout?

22:34 <isd> (n.b. the X-Frame-Options message is not new)

22:34 <isd> https://github.com/sandstorm-io/sandstorm/issues/3424

22:37 <xet7> Well, Wekan still has settings for that X-Frame-Options ALLOW-FROM, with TRUSTED_URL=https://example.com and BROWSER_POLICY_ENABLED=true

22:38 <xet7> I have hard time keeping up with all the updates to browsers and npm packages. There are some security issue found in some npm package very often.