ChanServ changed the topic of #sandstorm to: Welcome to #sandstorm: home of all things Sandstorm and Cap'n Proto. Say hi! | Have a question but no one is here? Try asking in the discussion group: https://groups.google.com/group/sandstorm-dev | Channel logs available at https://libera.irclog.whitequark.org/sandstorm
<iFire[m]> It's a HTTP/1 problem yes. https://portswigger.net/web-security/request-smuggling
<iFire[m]> I agree
<iFire[m]> they recommend stop using http/1
<ocdtrekkie> HTTP/2+ will be blocked by any responsible corporate environments for the next several years at least.
<ocdtrekkie> Which is to say, if you're Google, it makes sense to support both for the benefits they get from using it for some connections, but deprecating HTTP/1 isn't realistic.
<ocdtrekkie> I suspect HTTP/1 will outlive HTTP/2 and HTTP/3
<iFire[m]> It is not clear how to block HTTP/2 without TLS MITM
<ocdtrekkie> I mean, a lot of enterprise networks do MITM TLS.
<iFire[m]> sorry to be arguing, I totally agree that sandstorm should use http/1
<iFire[m]> and HTTP/2 is about being easier to approach udp, if udp is blocked
<iFire[m]> * and HTTP/2 is about being easier to approach [than] udp, if udp is blocked
<iFire[m]> and UDP is hard
<ocdtrekkie> In most cases for Sandstorm networking features, it's more just "not implemented" though that is also synonymous with "blocked" for a sandboxing platform, I suppose. ;)
<iFire[m]> One of the ways to use DLTS or WebRTC is via ICE/TURN/STUN proxying
<ocdtrekkie> There are a lot of cool applications I want on Sandstorm which need wider network support.
<iFire[m]> time to check if anyone mentioned baserow.io
* iFire[m] goes to the forums
<ocdtrekkie> We have one developer who has gotten Postgres running in a Sandstorm app, that's likely to be one of the funner problems to packaging Baserow, though I know it's possible.
<ocdtrekkie> Django requires some middleware work, but such packages have been built, we have a couple Django apps.
<iFire[m]> Is it something I can poke at within a few hours like today?
<iFire[m]> I'm not sure where the pitfalls are
<ocdtrekkie> I think you'd have to search the dev list but someone shared a repo which got Postgres working in a Sandstorm grain.
<ocdtrekkie> https://github.com/babybuddy/babybuddy-sandstorm is the most recent app using the Django middleware.
<ocdtrekkie> https://groups.google.com/g/sandstorm-dev/c/j8CzPRzClGs/m/qnTZ9PykAgAJ is the Postgres discussion and link.
<iFire[m]> Would it be ok as a hello world to get something that already is packaged in sandstorm but using postgresql?
<ocdtrekkie> I don't think there are any released apps using Postgres.
<iFire[m]> I mean take amysql packaged app and use their maintainer configs for postgresql
<ocdtrekkie> That might be a pretty good way to try it out.
<iFire[m]> I think monica hq can switch to postgresql
<iFire[m]> open to easier suggestions
<ocdtrekkie> I know rs22 did some custom stuff to package it, but it's a very recent package so it's likely to work well.
<iFire[m]> I'm not a big fan of mongdb, but I'm closing my eyes and pretending it just works
<ocdtrekkie> (We generally consider vagrant-spk packaging to be the "easiest" way to experience Sandstorm app packaging, but plenty of apps use other tools.)
<ocdtrekkie> If you are comfortable with Docker, it may actually be a little more comfortable to work with than our other approaches. :)
<iFire[m]> UNIX domain socket connection to postgresql
<iFire[m]> I know Kubernetes enough to be dangerous..
<iFire[m]> so docker is ok
<ocdtrekkie> I am passably able to navigate a Linux OS. :)
<ocdtrekkie> But sometimes I can point people in the right direction for Sandstorm specific things.
<iFire[m]> some trouble with a missing gpg key
<ocdtrekkie> Ah, you probably need to rekey it to play with it too much.
<ocdtrekkie> That is all of our package signing stuff. Should be possible to mostly remove it, though you'll also probably need a new appId.
<iFire[m]> 4/4 on the docker image after I stripped that code and the removing the gpg folder and theasc
<iFire[m]> * 4/4 on the docker image after I stripped that code and the removing the gpg folder and the asc
<iFire[m]> * 4/4 on the docker image after I stripped that code and removing the gpg folder and the asc
<iFire[m]> on line 40
<iFire[m]> * on line 40 RUN yarn run production
<ocdtrekkie> https://docs.sandstorm.io/en/latest/developing/publishing-apps/ covers both our app publishing keys and author signing, for reference:
<iFire[m]> I think the sandstorm team typically creates a package similar to LEMP, I'd replace mariadb with postgresql
<ocdtrekkie> We generally discourage the use of MySQL in Sandstorm packages, but a lot of apps expect it.
<iFire[m]> forgot to install buildah
<ocdtrekkie> MySQL is fine in monolithic Sandstorm apps (where someone is likely to only use a single instance/grain) but it really sucks for Sandstorm apps using our granular security model.
<ocdtrekkie> MySQL tends to have like a 100 MB minimum grain size, so it can kinda suck if each document is in it's own grain.
<iFire[m]> wave a flag if this conversation is incompatible with your timezone
<ocdtrekkie> I'm in an ER waiting room, so I'm good for a few hours of boredom.
<iFire[m]> `sudo ./build` step of the monica sandstorm works
<iFire[m]> I'll do my best to be entertaining
<ocdtrekkie> I'm also playing an MMO on my phone.
<iFire[m]> fun!
<isd> postgres should work fine, but it's less trodden than other dbs in sandstorm, so if you're looking for a smooth "I want to try packaging a django app for the sake of hello-world packaging" I would recommend mysql if supported, or better yet sqlite.
<isd> We tend to push sqlite for the reasons ocdtrekkie mentioned, but existing apps sometime do not support it so you're stuck.
<isd> mysql is used by many sandstorm apps and is thus well-trodden territory.
<isd> A couple hours is plenty to do a toy package for learning where stuff is.
<isd> (toy/simple)
<isd> Re: webrtc, it actually isn't blocked right now, since the browsers don't actually provide a way to do that. I am working with folks at w3c trying to fix this though, so if you rely on it I may brake your app at some point. I'd like to provide a shim for common use cases though, and there's some ongoing work to make data connections in the browser Transferrable, so they could be obtained by Sandstorm. A conversation might be useful re: what
<isd> things to pay attention to to make sure updating to the shim isn't too painful.
<isd> Though that's only for stuff in the browser; there's no way to get the server in on the udp connection.
<isd> you can request an IpInterface from sandstorm, which admin users can provide. At some point I'd like to supply some utility apps and such for delegating this further, so you could request a more limited interface (prob. offering a UdpPort...). It shouldn't bee to hard to build an app that does the delegation, but there are so many things on my list.
<isd> (relevant interfaces are in ip.capnp)
<iFire[m]> I got my self build monica sandstorm to install
<iFire[m]> now to try switching monica to postgresql. Then swap monica for baserow.io and postgresql
<ocdtrekkie> The stuff I linked should help get you going with Postgres, but if you have any difficulties, let us know.
<iFire[m]> I'm currently trying to modify the sed to be postgresql
<iFire[m]> got postgresql-11 in the apt install list
<iFire[m]> what is the policy for database passwords
<iFire[m]> username: app, password: app and db: app
<ocdtrekkie> We often use stupid passwords or disable authentication on databases inside the sandbox. Provided you aren't opening access to them they should be unreachable by anything not local to your grain.
<iFire[m]> first run. time to see where it fails
<iFire[m]> It was not clear how to run the postgresql server while also running php-fpm
<iFire[m]> and nignx
<iFire[m]> * and nginx.
<iFire[m]> without systemd or any init scripts
<iFire[m]> I'll post my work in progress and call it a night
TMM_ has quit [Quit: https://quassel-irc.org - Chat comfortably. Anywhere.]
TMM_ has joined #sandstorm
garrison has quit [Ping timeout: 245 seconds]
larjona_ has quit [Ping timeout: 245 seconds]
garrison has joined #sandstorm
zarvox has quit [Ping timeout: 245 seconds]
zarvox has joined #sandstorm
blowfist has quit [Ping timeout: 245 seconds]
larjona has joined #sandstorm
blowfist has joined #sandstorm
TMM_ has quit [Quit: https://quassel-irc.org - Chat comfortably. Anywhere.]
TMM_ has joined #sandstorm
xet7 has quit [Remote host closed the connection]
xet7 has joined #sandstorm
xet7 has quit [Read error: Connection reset by peer]
xet7 has joined #sandstorm
xet7 has quit [Remote host closed the connection]
<kentonv> Meteor developer claims that Node has deprecated and plans to remove the `http` package, in favor of fetch(). I can't find any evidence of this and it would be completely insane if true.
<ocdtrekkie> Unfortunately, Meteor is probably low popularity enough they could decide to do completely insane things, lol.
<kentonv> no no, he claims that *node* is removing `http`
<kentonv> Node is pretty popular. :)
<ocdtrekkie> Oh... yeah, that's insane.
<Corbin> "insane" is too loose. This sounds specifically like a *delusion*: A sincere belief in something falsifiable.
<kentonv> I confirmed from a core Node developer (who happens to be joining the Cloudflare Workers team tomorrow!) that this is not true
falsifian has quit [Quit: Reconnecting]
falsifian has joined #sandstorm
XgF has quit [Remote host closed the connection]
XgF has joined #sandstorm
xet7 has joined #sandstorm
xet7 has quit [Remote host closed the connection]
larjona_ has joined #sandstorm
larjona has quit [Ping timeout: 258 seconds]
xet7 has joined #sandstorm