ChanServ changed the topic of #sandstorm to: Welcome to #sandstorm: home of all things Sandstorm and Cap'n Proto. Say hi! | Have a question but no one is here? Try asking in the discussion group: https://groups.google.com/group/sandstorm-dev | Channel logs available at https://libera.irclog.whitequark.org/sandstorm
<ocdtrekkie> Could be worse. Had someone share an output of a project via Google Drive. About 60 files in the shared folder.
<ocdtrekkie> Turns out nobody at Google cared much about the Drive sharing experience if you aren't logged into a Google account: Each file had to be downloaded individually.
<vision2profits> Yes I know about that with Drive, that's why I'm about to start a full cleanup of everything I've stored on Google and get everything backed up locally
<vision2profits> I heard about Backblaze but I don't know enough yet to know if it's secure (viable) as a cloud backup
<ocdtrekkie> Currently I have a NUC and NAS located geographically distant in a trusted location which syncs my stuff point to point.
<ocdtrekkie> But not everyone has access to a trusted geographically distant site for a backup location, unfortunately.
<vision2profits> what exactly is a NUC?
<vision2profits> small form factor low watt computer?
<ocdtrekkie> It's an x86 machine, but yeah, a really small one. Like 5" square, runs off a laptop power adapter.
<ocdtrekkie> This sorta thing
<vision2profits> I have one that is a LXD server currently. I love the low watt portable datcenter. I just switched my router to a GL-AR750S-EXT which already has Openwrt already installed.
<vision2profits> I'll be travelling a few months at a time and want to take my setup with me
<vision2profits> Love the idea of portable homelab
<ocdtrekkie> Yeah I used to dream of having a big server at home until I heard them running. I use a fleet of NUCs for various things. My Sandstorm server is one, my backup server is another, I have one acting as a Pi-hole, one a Windows domain controller, and one in my car. Most of them are budget/used/off-brand models, so all pretty low-end.
<vision2profits> I'll find out how practical at some point, but for now is learning
<ocdtrekkie> The one running Sandstorm is my only fairly high-end one.
<vision2profits> I have no interest in a big server or a rack
<vision2profits> that's what I'm going to purchase next
<ocdtrekkie> My Sandstorm server is a NUC7i5BNH which is a 7th generation Core i5. I forget how much RAM I threw in it, but probably 8 GB if I had to guess.
<ocdtrekkie> The other ones are mostly either Gigabyte Brix units I got dirt cheap with Celeron processors or some Datto-branded units which are whitelabeled Zotac models.
<xet7> Does current version of Go have Google telemetry embedded?
<ocdtrekkie> No, and they have backed off plans to include it enabled by default.
<ocdtrekkie> The expected proposal for it will require people explicitly opt into sharing stuff with the Go team.
<ocdtrekkie> It is the rare (perhaps singular?) example of Google listening to feedback that told them not to do a thing.
<xet7> Well, I have already burned myself many times trying to code with Go, just having crashes, not getting code to build, etc.
<xet7> Although, currently I run many Go binaries with bash script
<xet7> And Go removes support for older operating systems
<xet7> I'm trying to add support for more operating systems
<xet7> Is somewhere working examples how to do Javascript Async/Await as nested or parallel structure, and as one step after another?
<vision2profits> would Sandstorm run on a Pi4?
<vision2profits> or is it too low end?
<ocdtrekkie> Currently Sandstorm only works on x86_64 based platforms.
<vision2profits> perfect thanks. I'll have to find something else to run on it
<ocdtrekkie> It's plausible we might eventually have an ARM version, but it would also require we repackage all of the apps for it.
<vision2profits> the Pi seems to run a bunch of different stuff and there's a lot of videos of people pushing it's limits. But then again just can you can doesn't mean you should
<ocdtrekkie> Yeah I honestly won't use a Pi for anything anymore. I know you can do SSDs with them now, but I'll never do SD card boot anything again.
<ocdtrekkie> But it's a super popular platform to start with, so it'd be nice to support it someday.
<vision2profits> Well I inhereited one and it seems it least it could run PiHole or Adguard
<ocdtrekkie> I've never tried Adguard but I'm a big fan of the LCARS theme for Pi-hole
yarmo has quit [Quit: yarmo]
strugee has quit [Quit: ZNC - http://znc.in]
strugee has joined #sandstorm
yarmo has joined #sandstorm
<isd> xet7: when was the last time you were having issues building Go programs? It used to be a huge pain, but since Go modules became standard it's usually pretty smooth these days
vision2profits has quit [Quit: Connection closed]
vision2profits has joined #sandstorm
<vision2profits> I've been going over the Docs and some seem slightly dated so I'm not sure if I understand them correctly. Is it possible to use either a custom domain or subdomation for a sandstorm instance?
<ocdtrekkie> Yeah, you can use your own domain. Our documentation around Let's Encrypt support and stuff is pretty lacking though.
<vision2profits> It looks like I can do it using Cloudflare tunnels or Nginx reverse proxy manager is that correct?
<vision2profits> or can I do a wildcard A record for the domain and point it to my subdomain.sandcats.io subdomain?
<ocdtrekkie> So nobody has ever documented using it with Cloudflare tunnels but I imagine it should be possible.
<ocdtrekkie> Nginx reverse proxy is a very common setup, since originally Sandstorm didn't terminate any SSL that wasn't using Sandcats.
<ocdtrekkie> The history there is that Sandstorm and the Sandcats service predate wildcard certificates being supported by Let's Encrypt... there was no free way to get a wildcard cert.
<ocdtrekkie> Sandstorm Development Group had a deal with GlobalSign to issue wildcard certificates for Sandcats subdomains. So Sandcats provided both dynamic DNS and wildcard certificates for free for Sandstorm servers.
<ocdtrekkie> By the time the GlobalSign agreement expired, Let's Encrypt had launched wildcard support, so that was implemented in Sandstorm, both for Sandcats subdomains as well as custom domains, and Sandcats is really just dynamic DNS now.
<vision2profits> yes I read about that, fascinating as I just read about wildcards just tonight (I had heard the term but didn't know what it meant)
<ocdtrekkie> But the documentation has not caught up.
<vision2profits> what would you say Sandstorm as a project needs the most right now?
<ocdtrekkie> Probably developers (both for apps and the platform) more than anything else. The maintenance burden for both Sandstorm itself and the various app packages is fairly significant. We mostly mitigate the need to update apps for security patching reasons, but it still "looks bad" when we have apps that aren't the latest versions, and fitting apps not written for Sandstorm into Sandstorm often entails some patching.
<ocdtrekkie> I think we will be looking at seeing if we can get some grant-type funds in the future so we can pay for people to do some of the less fun things that all entails.
<ocdtrekkie> But I do think there's a lot of value in the documentation stuff. Some of the Nginx, Sniproxy, etc. docs we have are... pretty old... and I still refer to them fairly often when helping people troubleshoot. Especially with CGNAT and everything out there, figuring out how to use some of the more modern tools out there like Cloudflare Tunnels, Tailscale, etc. and having docs on how to do that would probably open up Sandstorm to a lot of users
<ocdtrekkie> that would otherwise have difficulty with it.
<vision2profits> You're talking to someone behind CGNAT, has no clue how to setup Tailscale or NPM yet and just installed Sandstorm on a local server (old Asus laptop running Ubuntu server and is currently stuck at the setup/ token/ lol. I was able to get it going on a VPS but I want to use that one for clients to get accustomed to using it
<vision2profits> I want to self host and am not sure how to get past this.
<vision2profits> My router actuall has Openwrt installed on it and has vpn settings:  VPN OpenVPN Client
<vision2profits> OpenVPN Server
<vision2profits> WireGuard Client
<vision2profits> WireGuard Server
<vision2profits> Internet Kill Switch
<vision2profits> VPN Policies
<vision2profits> Tor
<ocdtrekkie> Yeah I remember. I think I wrote some notes either here or to the list which I expect would be most of what you'd need to get it working over Cloudflare Tunnels, but nobody I know has tested doing it. Or if they have, told anyone about it. :P
<vision2profits> I wonder if any of these will help me get past CGNAT to setup the token?
<vision2profits> I'm going to generate another token and try to set the path variable in CF tunnel and use the server ip on port 80 and see if it works to get setup
<ocdtrekkie> The big thing is that your BASE_URL and WILDCARD_HOST should be set as the browser should see it. So I believe you would set those based on the domain that you CNAME to the tunnel address.
<ocdtrekkie> And BIND_IP should probably just be 0.0.0.0
<vision2profits> I wonder if it would work better in Docker?
<vision2profits> I'll see what I can figure out tomorrow, thanks for the help
vision2profits has quit [Quit: Connection closed]
<ocdtrekkie> Sandstorm won't even run in Docker. Container platform in a container is no bueno. :) Full VMs will work fine though.
<ocdtrekkie> If you do play with the tunnel stuff though, happy to help be a second set of eyes at minimum, and if you get it working, we'd be wildly thrilled to see either a blog post or documentation on how to set it up.
<ocdtrekkie> Unfortunately, I don't think CGNAT is going to go away any time soon.
ssingh has joined #sandstorm
ssingh has quit [Client Quit]
ssingh has joined #sandstorm
ssingh3 has joined #sandstorm
ssingh3 has quit [Client Quit]
ssingh has quit [Quit: Connection closed]
<TimMc> So sandstorm-in-sandstorm wouldn't work? :-)
<TimMc> I don't know much about Linux cgroups and whatnot, but is this a situation like SQL's GRANT permission?
<xet7> Well, you could start qemu in some grain, but...
<TimMc> heh
cwebber has quit [Remote host closed the connection]
vision2profits has joined #sandstorm
<vision2profits> Hi
<vision2profits> What exactly is the benefit for a developer putting their app in Sandstorm? Does it require a technical learning curve orders of magnitude higher than what they may be accustomed to?
<TimMc> vision2profits: Speaking only as someone who has used Sandstorm, not packaged apps for it, I think the main benefits are: 1) You don't have to implement user & permission management; 2) users don't have to find someone willing to evaluate and run the app, just someone willing to run Sandstorm; and 3) users feel more safety in experimenting with unknown apps.
<TimMc> I don't think the packaging sounds very hard, but there's certainly stuff to learn.
<ocdtrekkie> The biggest benefit for app developers is that they do not have to run a service to host it. Normally if you build a web app for people to use, you have to pay to keep it on the web.
<ocdtrekkie> That's fine if you are building something people will pay for a subscription to use, but isn't great for open source projects.
<ocdtrekkie> The learning curve is, I would argue, easier. But it is different. You do need to either learn to interact with our API or how to use tools that interact with our API (we have several helpers for app packagers that let them avoid learning Cap'n Proto and such). However, a lot of garbage standaone app developers have to build and account for can be completely ignored if you are building an app solely to run on Sandstorm.
<ocdtrekkie> User authentication is literally just reading HTTP headers which are already provided and assuming they are accurately representing the user (because the platform handles that), you no longer have to concern yourself with loading and storing multiple documents within your app, as Sandstorm users can create more than one trivially.
<ocdtrekkie> Something like Etherpad generally comprises of both the document editor, as well as both authentication and some sort of interface to name, select, save, etc. files. In Sandstorm we don't need any of that, just the document editor saving a single document.
<vision2profits> So by service you mean Github or similar?
<ocdtrekkie> Yeah, I mean like, if you take Canva for example. Canva runs on some cloud servers somewhere that the Canva developers have to pay for. They pay for the processing, storage, data transfer.
<ocdtrekkie> Obviously they charge money for subscriptions to it, and that's how they afford that and make money.
<ocdtrekkie> But an open source project that doesn't want to charge money pretty much either has to get people to run it on their own, or eat the loss of running it and hope to get donations.
<vision2profits> So when I used this install script it asked if I wanted to develop (something about locally) would that setup sandstorm for local development and possibly allow me to connect to it to get it setup?
<ocdtrekkie> You generally don't want to use a developer install option unless you intend to use it that way. It enables dev accounts which have no password.
<ocdtrekkie> So what method are you hoping to use to connect to it?
<vision2profits> the other option is to develop a marketing strategy that solves a problem for people that doesn't lead with "it's completely free"
<vision2profits> people pay for solutions and Sandstorm solves problems people are only vaugely aware of, but they know they're there
<vision2profits> the other thing is that if you really think about it. People are in what constitutes an abusive relationship with the mainstream apps and services they use. For example, say you're a small business and you build an audience of 500+ people. Only a tiny fraction will see your messages to the audience you built. Even if you boost the post it goes not
<vision2profits> to your audience but to a cold audience you specificy demographically but you get the idea. And people keep going back to it and expecting it will be diffferent
<vision2profits> On a Facebook group
<vision2profits> same with TOS and Privacy Policies, etc
<vision2profits> but when you can show them the 50 connections their router opens to ads and tracking when the go to a website and let them know that's most likely how their credit card number got stolen and used in a gas purchase 3 states away...
<vision2profits> and the complete hassle of re-ordering cards and time spent on the phone, etc.
<vision2profits> Then they're receptive to using something different, at least that's been my experience so far
vision2profits92 has joined #sandstorm
vision2profits92 has quit [Client Quit]
vision2profits30 has joined #sandstorm
vision2profits30 has quit [Client Quit]
vision2profits has quit [Ping timeout: 276 seconds]
<ocdtrekkie> Yeah, the biggest issue is a lot of people currently do not want to run their own. Sandstorm Development Group used to run a public Sandstorm server you could pay to have an account on, but I don't know of anyone currently offering that.
<TimMc> Maybe someone can make a turnkey Sandstorm-as-a-service script.
<TimMc> Something that anyone can use to set up a small to midsized paid Sandstorm instance in EC2.
<TimMc> With Cavern, I'm thinking of making something like that -- I'd be happy running it as a small break-even venture, and enabling others to do the same.
<ocdtrekkie> I think that'd be nice, there's a few challenges in doing it. The other thing I think would be cool would be to talk to folks like masto.host about running managed Sandstorm server installs for people the way they sell Mastodon hosting.
<ocdtrekkie> Sandstorm is so low maintenance it would probably be super easy to operate.
<Ryuno-KiAndrJaen> <TimMc> "Maybe someone can make a turnkey..." <- Aral is exploring that direction with Kitten
<TimMc> Ryuno-KiAndrJaen: Ah, good! It's a model I haven't really seen explored.
<TimMc> software-as-a-service-as-a-script :-P
<TimMc> name needs work
<tian2992> <TimMc> Maybe someone can make a turnkey Sandstorm-as-a-service script.
<tian2992> <TimMc> Something that anyone can use to set up a small to midsized paid Sandstorm instance in EC2
<tian2992> the docker install script worked quite well for me
kentonv has joined #sandstorm