kentonv changed the topic of #sandstorm to: Welcome to #sandstorm: home of all things sandstorm.io. Say hi! | Have a question but no one is here? Try asking in the discussion group: https://groups.google.com/group/sandstorm-dev
isd has quit [Ping timeout: 244 seconds]
isd has joined #sandstorm
frigginglorious has quit [Ping timeout: 256 seconds]
DanC has joined #sandstorm
<DanC>
tuning in to see what's up lately...
<DanC>
last office hours notes are from September 15, 2020 but I see a Nov 10 invitation...
<DanC>
mavo looks cool
<JacobWeisz[m]>
Hey DanC! There were a couple office hours where Ian and I were the only people around lately.
kentonv has quit [Quit: Leaving]
<JacobWeisz[m]>
But there are a few cool bits of development going on.
kentonv has joined #sandstorm
<DanC>
full disclosure: I got a notice that my monthly "Thank you for your $n/month contribution to Sandstorm Community" and wonder if it's going to good use.
<JacobWeisz[m]>
DanC: I believe we have a little over $100 in the Community fund. It's not enough to do much with yet, so we haven't submitted anything expense-wise against it.
frigginglorious has joined #sandstorm
<isd>
Yeah, the office hours meetings have kindof petered out. attendence waned, and we got into this pattern where we basically just went around and told eachother stuff we'd already seen in IRC...
_whitelogger has joined #sandstorm
<DanC>
well, it's fine for office hours to peter out as long as a few cool bits of development are going on and the relevant communication is happening somehow
<DanC>
anything blog-worthy since 08 Aug 2020 ?
<JacobWeisz[m]>
IRC is the best way to keep up. The big thing that will be blog worthy is Ian's new seccomp filter work.
<DanC>
is IRC logged? I kinda thought it was but I don't see it in the /topic
<JacobWeisz[m]>
We have a libseccomp based blocklist of Linux syscalls, and Ian is switching to a bpf_asm-based whitelist.
<DanC>
weird. I guess i have to agree with Chip Morningstar's claim that github issue search sucks
<kentonv>
DanC, does your wish involve new features in Sandstorm or just finding the time to set it up?
<DanC>
mostly finding time, I think...
<DanC>
... though I just read that backups are an unsolved issue
<isd>
The more interesting thing is making it a proper whitelist, using bpf asm itself is just to make that easier to work with.
<kentonv>
we support Let's Encrypt on arbitrary domains now, and for backups I think the best solution is to use a filesystem or device that supports atomic snapshots...
<isd>
Yeah, I have some ideas longer term for a more integrated solution, but that's probably the best for now. Alternately you could schedule backups for a low-traffic period (say 4:00 am) and just shut down sandstorm while doing the copy, if you're already set up on a system with no snapshots.
<DanC>
yes, I read both of those backup suggestions, thanks.
<DanC>
I don't trust myself to do it alone.
<DanC>
At work, I instituted a two-man-rule for sysadmin on production machines.
<DanC>
at my previous job, I just completely avoided responsibility for servers.
<DanC>
this is one of the main issues for self-hosing in general: a sysadmin-to-user ratio of 1-1 is more or less infeasible.
<TimMc>
Tarsnap works fine as long as you can install on a snapshotting filesystem and the necessary invocations for taking and releasing snapshots reliably. But "reliably" has been a problem for me for ZFS.
<TimMc>
I'm going to try LVM next.
<DanC>
LVM is kinda cool, except that cool is a dangerous thing when it comes to sysadmin. I tried to save myself some time moving data from one disk to another with some LVM migration thingy and... well, I lost the data.
<kentonv>
FWIW my sandcats server is on Digital Ocean and they have a built-in snapshotting thing that you just switch on and it works...
<DanC>
yeah... I guess I could take my monthly sandstorm contribution and use it that way
<kentonv>
I'm just pointing out options, no need to get sarcastic
<DanC>
? I didn't mean to be sarcastic at all.
<DanC>
I used to pay for sandstorm oasis; when that shut down, I went self-hosted but kept sending the money to the project. The project doesn't seem to benefit much from the money and would probably benefit more from a more active user.
<kentonv>
I believe all cash contributions are going to isd, and pretty much all new code is coming from isd, so I think he could say best which is more useful. :)
<JacobWeisz[m]>
Ian and I have control of the OpenCollective org.
<isd>
ocdtrekkie took lyre off the account a while back, since we haven't heard from him
<kentonv>
ah, good
<isd>
But yeah, that money is kindof just sitting there, as there's not really enough to do anything with it.
<DanC>
it's enough to buy a few pizzas. The money is yours if you want it, as far as I'm concerned, isd.
<isd>
I feel generally awkward waying in on this since there's an obvious possible conflict of interest, but yeah, most donations are going to me via github sponsors
<isd>
weighing
<JacobWeisz[m]>
In theory we could also spend it on operating costs, but Kenton is bearing those at the moment.
<JacobWeisz[m]>
And it would not cover much operating costs.
<DanC>
I see no conflict of interest between "isd does good work on the sandstorm project" and "isd should get the $$". Better to shut down opencollective? Or maybe I should just change where I send my $$
<JacobWeisz[m]>
I think there is an ideal future where we have multiple developers to pay out to.
<isd>
Yeah, but we're not there yet.
<JacobWeisz[m]>
OpenCollective also has some neat new features like holding IP rights.
<JacobWeisz[m]>
But yeah, if Ian wanted to invoice for what was in there, we could pay it out, and in the future if there are other developers we could split it differently.
<DanC>
sometimes seeding the tip jar is helpful, so I suppose there's some possible benefit of leaving the few bucks that are there where they are
<isd>
...which I don't think we really need. It seems like a waste of money to keep paying for the trademark if there's no business behind it, and the copyright is kinda meaningless, because apache license.
<JacobWeisz[m]>
Oh, DanC, did you see OpenID Connect support is in a PR?
<isd>
Yeah, there's that.
<JacobWeisz[m]>
That's a community contribution you might find interesting.
<kentonv>
actually it may be helpful to have somewhere to transfer trademarks and copyrights when the company finally dissolves
<isd>
there have been a few other things that have happened from not-me; Troy added a thing to the postMessage API. Some localization stuff.
<kentonv>
investors would like to see any IP assets go to a non-profit, rather than to, say, me personally
<isd>
How much does it actually cost to upkeep the trademark?
<JacobWeisz[m]>
kentonv: That was a potential thing I imagined that being of interest. It's a manual "message the OpenCollective folks" process but its there.
<isd>
I guess assinging them to opencollective makes sense.
<isd>
But yeah, DanC, if you want to point the donations at my GitHub sponsors account, I would certainly welcome that. Has the benefit of GitHub covering payment processing fees too (and the matching fund, for one more month)
<isd>
I'll probably have to start trying to actively promote it a bit more when the matching fund expires if I want to sustain this.
<JacobWeisz[m]>
Matching has been a big reason for the last year I've pushed "send Ian money direct" over the OpenCollective.
<DanC>
oh! we could still get the matching benefit if (a) I submit an expense for what's there, (b) I send it to Ian's github sponsor account.
<isd>
...I wish I had more finished, user-visible things to talk about. A lot of what I've been working on is internals and/or long term things.
<isd>
The seccomp patch is a precursor to me starting to work on arm support; I wanted that on firmer footing before I started trying to port in earnest.
<DanC>
I have no problem with the way you have chosen to spend your development effort. (though I share your wish)
<isd>
There's a lot of stuff like that, where there's like 2-4 follow on projects before it becomes user visible.
<DanC>
quite.
<TimMc>
My team at work does basically nothing *but* that kind of work. We have to do a lot of communication/outreach to justify it to the org. :-P
<isd>
Other things include: a typecript declaration generator for node-capnp, which will make internal refactoring a lot easier, some steps in capnp-C++ towards websocket support which will get us towards a public programmatic API someday...
<TimMc>
ARM support sounds amazing. How many apps would be compatible with that, though?
<isd>
I keep trying to tackle $feature and finding that it would be 10-100x easier if we did $obscure_thing first.
<DanC>
I was standing by for feedback on the opencollective -> github sponsor idea, but I figure I might as well submit the expense and see if it gets approved. But now opencollective is asking me to choose between reimbursement and an invoice. hm. reimbursement, maybe.
<isd>
TimMc: Right now, zero.
<TimMc>
haha oof
<TimMc>
So there would also need to be some kind of architecture-aware packaging?
<isd>
ocdtrekkie: interested in your thoughts on procedure re: the opencollective thing. I don't have a great understanding of the platform.
<isd>
TimMc: yeah, that's I think the harder part actually. I'm always thinking about how we can make our dev tooling better in general, but a lot of that is background-mind stuff that's harder to concretize. Porting the platform itself is a lot more obvious.
<DanC>
"expenses will not be paid without a valid receipt". backtrack...
<isd>
I want to get folks using build tools that are more reliably reproducible than what vagrant-spk does, so we can feasibly make stuff work across architectures without too much fuss beyond recompiling.
<JacobWeisz[m]>
I am not sure if trying to pipe the OpenCollective balance through GitHub Sponsors would be questionable from a "don't cheat the system" standpoint.
<JacobWeisz[m]>
My lean is that it probably isn't worth it.
<TimMc>
DanC: While user-accessible, per-grain backup sounds like a great Sandstorm feature, backup of Sandstorm as a whole seems like a separate concern to me -- and I still need it for the other services I run (such as a Jabber server).
<DanC>
INVOICE #28958 submitted.
<DanC>
sounds to me like "use FS snapshots" is as good as it gets for the forseeable future. I'd be happy for the docs to be updated to reflect that and be done with it.
<TimMc>
My current approach is to have an encrypted partition that all the service data lives on (/srv/commdata or some such) and I could just layer LVM onto that as well, which is a common combination.
<isd>
We should probably have an FAQ re: backups somewhere.
<JacobWeisz[m]>
(The tar command, it's slow but it works)
<DanC>
how slow?
<JacobWeisz[m]>
We could probably have some suggestions re: snapshotting file systems.
<DanC>
pls do
<JacobWeisz[m]>
I think I spend 30 min backing up my server, and it's really not that big a server.
<JacobWeisz[m]>
But part of that is probably my NAS' limitations.
<JacobWeisz[m]>
Which is what I back up to.
<DanC>
I'm sure I can spare 30 min of availability on a regular basis.
<DanC>
I do need to sleep :)
<JacobWeisz[m]>
Heh. I mounted an SMB share on my NAS on my Sandstorm server's file system, and use that tar command to backup directly to that.
<JacobWeisz[m]>
I think I made a "script" that surrounds that with the Sandstorm stop and start commands.
<JacobWeisz[m]>
And if I wanted to, I could put that on a schedule, and then there we go.
<TimMc>
I use tarsnap, so the data is going from a 10+ year old HDD to The Cloud; last run was 20 minutes to back up 13 GB of service data (41 MB new, 4 MB compressed new).
<JacobWeisz[m]>
It is still a mind-blown thing to me that snapshotting file systems is unusual on Linux.
<TimMc>
same
<JacobWeisz[m]>
Yeah, my server is about 15 GB compressed, I think.
<TimMc>
I currently get these dangling ZFS snapshots that foul up the script, and I still haven't added monitoring to alert me if backups start failing. -.-
<DanC>
JacobWeisz[m], abliss , isd thoughts on INVOICE #28958 ? i.e. routing my contributions to isd with a github match?
<DanC>
oh... I see JacobWeisz[m] ' s comment above just now...
<DanC>
ok. fair enough.
<kentonv>
I don't see why it would be "cheating the system", FWIW
<DanC>
I managed to come up with a somewhat reasonable thing to invoice for: office hours organization. You'd have to trust me that I'd reinvest the money :)
<isd>
I'm fine with it.
<kentonv>
oh, I guess that does seem questionable. I would think the invoice should say what it's actually for.
<DanC>
the invoice is for my time / effort to set up office hours
<kentonv>
it's not though. It's payment to ian. Which is a perfectly reasonable thing for us to be spending money on.
<isd>
Yeah, the only fiddly thing is the "clean" way to do that would be for me to submit an invoice for my time, and they pay me. The bit that's maybe questionable is DanC using the invoice mechanism to get the money back out so he can send it to me via GitHub sponsors and get the match, which is a big wonky. I'll defer to everyone else's opinion's on this, if y'all can come to a consensus.
<isd>
a bit wonky
<kentonv>
Is there no way the collective could directly pay to github to sponsor you?
<DanC>
INVOICE #28958 is definitely an invoice for my time for setting up office hours.
<DanC>
I did see "custom payout method" but I don't know if that could route to github
<isd>
I doubt it. I think you also can't do one-time payments via GitHub sponsors, which makes it not really fit with their model; the best you can do is do a recurring thing and the shut it off/lower it a month later.
<DanC>
isd is welcome to the money either way, IMO. Either he can submit an invoice to opencollective or you can approve my invoice and I'll reinvest, with a github match.
<kentonv>
DanC, imagine that later on someone decides they don't like us and they want to sue us, for some reason, and then they subpoena the collective's records to fish for impropriety to build their case, and they find this weird invoice backdated 11 months. They ask about it in deposition, and you have to tell them truthfully that it was really a way to get money to Ian. Even though nothing bad has actually happened, the litigious person now can point at thi
<kentonv>
s in court and say "look at these shady dealings!!!"
<isd>
I think if you're going to do the invoice and then pay out separately you should probably not try to obfuscate it on the thing; I don't really have a problem with abusing the available bits of the UI to get the machine to do what we want, but I don't want to put something in there that makes it look like we were trying to hide something.
<DanC>
I have to tell them no such thing. It's an invoice for setting up office hours. I am happy to say so in a deposition.
<DanC>
(I have been deposed before, FWIW)
<kentonv>
so have I
<isd>
Also, bear in mind this whole IRC chat is a matter of public record.
<DanC>
yup.
<DanC>
either the project thinks my time to set up the office hours is worth what I put in the invoice or not. (it's well below the rate I charge other clients)
<isd>
Probably no one but us will even look at the description. If they do, I don't think this is doing us any favors.
<DanC>
this has been a little bit entertaining, but I suppose it's mostly a waste of your time. sorry.
<isd>
Hm, there's a "refund" button on the transactions.
<isd>
That's perhaps a better solution.
<kentonv>
If the actual, real motivation is to pay Ian, then that's what the invoice has to say. It doesn't work to create a pretend motive, even if that motive "could have" been legitimate.
<kentonv>
refund seems more reasonable, yeah
<isd>
DanC, ocdtrekkie, if refunding sounds good to you two I can go ahead and do that
<isd>
(I think I'll have to refund each payment individually, but there's only 12 of them)
<DanC>
sure, sounds good to me
<JacobWeisz[m]>
That's entirely legitimate, IMHO.
<kentonv>
Right. In this case, DanC wants the money back because he's realized he's been sending it to the wrong place and it isn't going anywhere useful. He's not wrong. What he does with it next is up to him.
<DanC>
yes, it evidently hasn't been useful
<kentonv>
In general I would always grant a refund in that kind of circumstance unless they cash had already been spent or earmarked for something.
<isd>
Hm, I refunded the latest one, but now I don't see refund buttons on the others anymore? I swear there was a button on the older transactions too...
<JacobWeisz[m]>
We could accept a invoice requesting a refund for the remaining bills, I suppose?
<JacobWeisz[m]>
Perhaps refunds have a deadline for the payment processor's purpose.
<isd>
Maybe. I could have sworn before I clicked the first one they each had a refund button... I'll stare at it again when I'm less tired, but I guess if we're stuck I can just invoice for the rest and we can forgo the match...
<kentonv>
I dunno, if refunds have a built-in deadline I'd be hesitant to try to work around that by other means. Could be there's a reason for that deadline.
<kentonv>
that said I remember times when I refunded many months' worth of payments to oasis users
<isd>
Yeah, I would find it surprising if I couldn't refund last month's...
<JacobWeisz[m]>
Docs suggest your fiscal host has to be contacted to do refunds?