03:07 <iFire[m]> It's a HTTP/1 problem yes. https://portswigger.net/web-security/request-smuggling

03:07 <iFire[m]> I agree

03:08 <iFire[m]> they recommend stop using http/1

03:09 <ocdtrekkie> HTTP/2+ will be blocked by any responsible corporate environments for the next several years at least.

03:10 <ocdtrekkie> Which is to say, if you're Google, it makes sense to support both for the benefits they get from using it for some connections, but deprecating HTTP/1 isn't realistic.

03:10 <ocdtrekkie> I suspect HTTP/1 will outlive HTTP/2 and HTTP/3

03:18 <iFire[m]> It is not clear how to block HTTP/2 without TLS MITM

03:19 <ocdtrekkie> I mean, a lot of enterprise networks do MITM TLS.

03:21 <iFire[m]> sorry to be arguing, I totally agree that sandstorm should use http/1

03:21 <iFire[m]> and HTTP/2 is about being easier to approach udp, if udp is blocked

03:21 <iFire[m]> * and HTTP/2 is about being easier to approach [than] udp, if udp is blocked

03:22 <iFire[m]> and UDP is hard

03:23 <ocdtrekkie> In most cases for Sandstorm networking features, it's more just "not implemented" though that is also synonymous with "blocked" for a sandboxing platform, I suppose. ;)

03:24 <iFire[m]> One of the ways to use DLTS or WebRTC is via ICE/TURN/STUN proxying

03:24 <ocdtrekkie> There are a lot of cool applications I want on Sandstorm which need wider network support.

03:24 <iFire[m]> time to check if anyone mentioned baserow.io

03:26 <ocdtrekkie> We have one developer who has gotten Postgres running in a Sandstorm app, that's likely to be one of the funner problems to packaging Baserow, though I know it's possible.

03:27 <ocdtrekkie> Django requires some middleware work, but such packages have been built, we have a couple Django apps.

03:27 <iFire[m]> Is it something I can poke at within a few hours like today?

03:27 <iFire[m]> I'm not sure where the pitfalls are

03:28 <ocdtrekkie> I think you'd have to search the dev list but someone shared a repo which got Postgres working in a Sandstorm grain.

03:29 <ocdtrekkie> https://github.com/babybuddy/babybuddy-sandstorm is the most recent app using the Django middleware.

03:32 <ocdtrekkie> https://groups.google.com/g/sandstorm-dev/c/j8CzPRzClGs/m/qnTZ9PykAgAJ is the Postgres discussion and link.

03:35 <iFire[m]> Would it be ok as a hello world to get something that already is packaged in sandstorm but using postgresql?

03:36 <ocdtrekkie> I don't think there are any released apps using Postgres.

03:36 <iFire[m]> I mean take amysql packaged app and use their maintainer configs for postgresql

03:37 <ocdtrekkie> That might be a pretty good way to try it out.

03:37 <iFire[m]> I think monica hq can switch to postgresql

03:37 <iFire[m]> open to easier suggestions

03:38 <ocdtrekkie> I know rs22 did some custom stuff to package it, but it's a very recent package so it's likely to work well.

03:38 <iFire[m]> I'm not a big fan of mongdb, but I'm closing my eyes and pretending it just works

03:39 <ocdtrekkie> (We generally consider vagrant-spk packaging to be the "easiest" way to experience Sandstorm app packaging, but plenty of apps use other tools.)

03:39 <iFire[m]> https://github.com/rs22/monica-sandstorm

03:41 <ocdtrekkie> If you are comfortable with Docker, it may actually be a little more comfortable to work with than our other approaches. :)

03:44 <iFire[m]> https://github.com/LorenzoAncora/monica/blob/master/config/database.php#L61

03:44 <iFire[m]> UNIX domain socket connection to postgresql

03:44 <iFire[m]> I know Kubernetes enough to be dangerous..

03:45 <iFire[m]> so docker is ok

03:46 <ocdtrekkie> I am passably able to navigate a Linux OS. :)

03:46 <ocdtrekkie> But sometimes I can point people in the right direction for Sandstorm specific things.

04:01 <iFire[m]> some trouble with a missing gpg key

04:01 <ocdtrekkie> Ah, you probably need to rekey it to play with it too much.

04:02 <iFire[m]> https://github.com/rs22/monica-sandstorm/blob/master/Dockerfile#L22

04:02 <ocdtrekkie> That is all of our package signing stuff. Should be possible to mostly remove it, though you'll also probably need a new appId.

04:02 <iFire[m]> 4/4 on the docker image after I stripped that code and the removing the gpg folder and theasc

04:03 <iFire[m]> * 4/4 on the docker image after I stripped that code and the removing the gpg folder and the asc

04:03 <iFire[m]> * 4/4 on the docker image after I stripped that code and removing the gpg folder and the asc

04:04 <iFire[m]> on line 40

04:04 <iFire[m]> * on line 40 RUN yarn run production

04:04 <ocdtrekkie> https://docs.sandstorm.io/en/latest/developing/publishing-apps/ covers both our app publishing keys and author signing, for reference:

04:05 <iFire[m]> I think the sandstorm team typically creates a package similar to LEMP, I'd replace mariadb with postgresql

04:05 <ocdtrekkie> We generally discourage the use of MySQL in Sandstorm packages, but a lot of apps expect it.

04:06 <iFire[m]> forgot to install buildah

04:06 <ocdtrekkie> MySQL is fine in monolithic Sandstorm apps (where someone is likely to only use a single instance/grain) but it really sucks for Sandstorm apps using our granular security model.

04:07 <ocdtrekkie> MySQL tends to have like a 100 MB minimum grain size, so it can kinda suck if each document is in it's own grain.

04:07 <iFire[m]> wave a flag if this conversation is incompatible with your timezone

04:07 <ocdtrekkie> I'm in an ER waiting room, so I'm good for a few hours of boredom.

04:08 <iFire[m]> `sudo ./build` step of the monica sandstorm works

04:08 <iFire[m]> I'll do my best to be entertaining

04:08 <ocdtrekkie> I'm also playing an MMO on my phone.

04:12 <iFire[m]> fun!

04:30 <isd> postgres should work fine, but it's less trodden than other dbs in sandstorm, so if you're looking for a smooth "I want to try packaging a django app for the sake of hello-world packaging" I would recommend mysql if supported, or better yet sqlite.

04:30 <isd> We tend to push sqlite for the reasons ocdtrekkie mentioned, but existing apps sometime do not support it so you're stuck.

04:30 <isd> mysql is used by many sandstorm apps and is thus well-trodden territory.

04:31 <isd> A couple hours is plenty to do a toy package for learning where stuff is.

04:31 <isd> (toy/simple)

04:34 <isd> Re: webrtc, it actually isn't blocked right now, since the browsers don't actually provide a way to do that. I am working with folks at w3c trying to fix this though, so if you rely on it I may brake your app at some point. I'd like to provide a shim for common use cases though, and there's some ongoing work to make data connections in the browser Transferrable, so they could be obtained by Sandstorm. A conversation might be useful re: what

04:34 <isd> things to pay attention to to make sure updating to the shim isn't too painful.

04:35 <isd> Though that's only for stuff in the browser; there's no way to get the server in on the udp connection.

04:37 <isd> you can request an IpInterface from sandstorm, which admin users can provide. At some point I'd like to supply some utility apps and such for delegating this further, so you could request a more limited interface (prob. offering a UdpPort...). It shouldn't bee to hard to build an app that does the delegation, but there are so many things on my list.

04:37 <isd> (relevant interfaces are in ip.capnp)

04:38 <iFire[m]> I got my self build monica sandstorm to install

04:38 <iFire[m]> now to try switching monica to postgresql. Then swap monica for baserow.io and postgresql

04:43 <ocdtrekkie> The stuff I linked should help get you going with Postgres, but if you have any difficulties, let us know.

04:45 <iFire[m]> I'm currently trying to modify the sed to be postgresql

04:48 <iFire[m]> got postgresql-11 in the apt install list

04:54 <iFire[m]> what is the policy for database passwords

04:57 <iFire[m]> username: app, password: app and db: app

04:58 <ocdtrekkie> We often use stupid passwords or disable authentication on databases inside the sandbox. Provided you aren't opening access to them they should be unreachable by anything not local to your grain.

05:26 <iFire[m]> first run. time to see where it fails

06:16 <iFire[m]> It was not clear how to run the postgresql server while also running php-fpm

06:16 <iFire[m]> and nignx

06:16 <iFire[m]> * and nginx.

06:17 <iFire[m]> without systemd or any init scripts

06:17 <iFire[m]> I'll post my work in progress and call it a night

06:19 <iFire[m]> https://github.com/fire/monica-sandstorm/tree/postgresql

15:43 <kentonv> Meteor developer claims that Node has deprecated and plans to remove the `http` package, in favor of fetch(). I can't find any evidence of this and it would be completely insane if true.

15:52 <ocdtrekkie> Unfortunately, Meteor is probably low popularity enough they could decide to do completely insane things, lol.

15:52 <kentonv> no no, he claims that *node* is removing `http`

15:53 <kentonv> Node is pretty popular. :)

15:53 <ocdtrekkie> Oh... yeah, that's insane.

15:53 <Corbin> "insane" is too loose. This sounds specifically like a *delusion*: A sincere belief in something falsifiable.

15:54 <kentonv> I confirmed from a core Node developer (who happens to be joining the Cloudflare Workers team tomorrow!) that this is not true