# I am the Watcher. I am your guide through this vast new twtiverse.
#
# Usage:
# https://watcher.sour.is/api/plain/users View list of users and latest twt date.
# https://watcher.sour.is/api/plain/twt View all twts.
# https://watcher.sour.is/api/plain/mentions?uri=:uri View all mentions for uri.
# https://watcher.sour.is/api/plain/conv/:hash View all twts for a conversation subject.
#
# Options:
# uri Filter to show a specific users twts.
# offset Start index for quey.
# limit Count of items to return (going back in time).
#
# twt range = 1 217
# self = https://watcher.sour.is?uri=https://twtxt.net/user/ocdtrekkie/twtxt.txt&offset=117
# prev = https://watcher.sour.is?uri=https://twtxt.net/user/ocdtrekkie/twtxt.txt&offset=17
@mckinley FWIW, spam on IRC is really, really prevalent, and IRC has limited systems to handle it. I know they'll let you cloak your info with regards to other users seeing it, but trusting them with it is somewhat important to them managing the server.
@abucci That sounds awful. I had to give Signal my phone number, but I assume that's so people can find my account? It couldn't reroute messages within my phone.
@prologic Awful. Glad I didn't risk that installing Signal over here. Heck, my phone still dials emergency services, unlike Pixels at various points.
@abucci > this app basically took over my phone number
Is this an Android-specific thing? What the heck?
@mckinley Technically they were git forking mysteries, no GitHub involved. :P
New styling on desktop looks real good here!
@prologic I'll be there. I need to finish my PR at the same time though. Been busy.
Okay fine, @mckinley, I'll update my feed source. I get the message.
I feel like wikis push me to hierarchical organization. My replacement is far messier: I open random Sandstorm documents, leave some notes, and hope I'll remember enough of what I named it to search for it. :D
@prologic Definitely didn't pick up that you were joking... was slightly worried you might be offended by my honesty there! I am warming to HedgeDoc for some things, particularly meeting notes and blog drafting, but yeah, DokuWiki is what I use for my personal infrastructure docs. Network configs, manuals for obscure hardware, etc.
I will probably take another look after Todo or something, if you're going to base your kinda core app experience for self-hosting on some of these, I should probably provide specific notes. :P
@prologic tbh, your wiki felt a little half-baked when I tried it. I actually had given up on it and was playing with someone's fork of it where they were going to build it out a lot more... and then they also abandoned it, I think. But that was also a bit ago, I don't know if you've done more since.
@akoizumi DokuWiki is my strong vote, I believe the actual data format is just text files, which is quite nice.
@mckinley Is Mastodon a "legacy" social network in this context too? :P
@mckinley Wait is this even real? I block so much I haven't seen an experience like this in twenty years.
@prologic TestFlight also says Goryon expires in 4 days so an iOS push is also probably well warranted.
Yarn.social call notes: Nobody showed up, so @prologic just kept teaching me Go stuff.
Yep, that's the joke, lol.
@prologic Still the plan. Figured we'd go to the same bat-channel if you have no objection!
@jason FWIW, the chat has no strong topic setting, and it can go pretty much anywhere. I am probably the only regular Windows user who attends, lol. It's at midnight for me too!
@mckinley Key takeaway here is we need more attendees so that chat doesn't devolve into being about Windows.
@jason The call is 19 minutes from now, if people show up.
@mckinley Sounds like we need to hunt down more attendees. o_o
@mckinley Yeah, my understanding is he's out, so if it's just us, it's just one personal talking and one person typing. I'm not totally opposed to that though, I don't... have a lot better to do?
No call tonight, I assume?
@prologic I am *crushed*. No problem, happy birthday and stuff! Believe me, I have plenty more to do with this computer now.
@prologic Alright well I couldn't rebuild the old OS intact. Windows is hard to fix once broke. But I've got my fresh install on my new drive, feels very shiny, home automation is back online. Should be good for Friday!
@abucci @prologic Google is deeply dependent on its corporate culture. It depends on both it's amenities and the internal social structure to keep people working there and to keep them there for extended hours. Google's entire thing collapses if people aren't there for the free food.
@hecanjog Who knew birds were anticapitalist?
@prologic Well, SPKs carry all the parts of a Linux OS (except the kernel itself) to operate the app, and while presumably the container environment itself would have to be reimplemented, I think Cap'n Proto would really be the only like... hard dependency to an environment being able to run a Sandstorm app, as it's the protocol Sandstorm apps talk through to the outside world.
@prologic I was thinking if Cap'n Proto can work on GoNix, then Sandstorm apps could conceivably also work...
@prologic I don't backup my boot drive, but it also generally doesn't have a lot of significant data of value. It is also still readable, apparently SSDs do that when they expect to fail, so I am currently backing it up anyways.
My SSD has died, so I may or may not have a working dev environment by Friday. :|
@prologic , GoNix ponderances: If Docker runs, would non-GoNix-compatible apps run successfully in said Docker containers? is go-capnp something that would run in GoNix, considering I believe the Go side is just the bindings?
@prologic That might work, I do want to make sure my environment is set up first.
Hey @prologic if I was gonna try to write one or two small web apps with Go, could I waste your time on a call to get me started?
I drafted a take about this concept to eventually go on the Sandstorm blog, not my own. My own blog is a joke. :D
Sometimes apps shoehorn the user-id field into like their email or password fields, and then use either username or preferred-handle for the display name depending on the type of app.
The only thing particularly more complicated for Sandstorm is that we don't control the uniqueness of a user's preferred handle, so you do need to user the user-id field for authentication, and then ensure the username is unique inside the app.
@abucci @prologic For the record, there's a drastically better alternative than powerline for many US homes: MoCA. A pair of Motorola MM1025 adapters can shove 2.5 Gbps down an old coaxial cable, incredibly reliably. I use some older MM1000s (1 Gbps) to get between my basement and the second floor.
@prologic Safari being stupid is often a good bet.
If you are using the default iOS Calendar though, you can copy the URL, go to Add Calendar within the app, and then Add Subscription Calendar.
@prologic You'd think! I usually do most of my actual set up of calendars and contacts on desktops, really only use my phone for consuming said information.
I suspect you can curl/wget it if you want to see what it contains.
@prologic Intriguing! It downloads on Firefox, but you aren't actually supposed to download it, you're supposed to let your calendar subscribe to it. (Sandstorm API URLs aren't generally supposed to be accessed via normal browsers... there might be user agent code for that, not positive.)
(I wrote this Yarn entirely in parenthesis and it disappeared.) Note: These aren't hidden on the iOS app!
(I wrote this Yarn entirely in parenthesis and it disappeared.) You see my entire message as the conversation ID, basically?
(If I start writing) I kinda think this is a bug?
(If I start writing) a post in parenthesis, it assumes it's a Yarn ID and hides it.
(I wrote this Yarn entirely in parenthesis and it disappeared.)
Apparently if I write a Yarn entirely in parenthesis, I write a blank Yarn... But if I edit it, the text is still there. Test post to follow.
Apparently if I write a Yarn in parenthesis, I write a blank Yarn... (test)
(Calendaring is hard, so those who actually read the file will notice it's set as 12 AM in America/Chicago... I should probably edit it to be based around UTC, or James' time if he does any daylight savings stuff and intends the call to follow it accordingly... but if I amend this, and you subscribe, your calendar will get the updates!)
Calendaring is hard, so those who actually read the file will notice it's set as 12 AM in America/Chicago... I should probably edit it to be based around UTC, or James' time if he does any daylight savings stuff and intends the call to follow it accordingly... but if I amend this, and you subscribe, your calendar will get the updates!
@prologic We forgive you! Call was poppin' today!
@lyse Framadate is an open source tool for this.
@prologic Yeah I have two options for static hosting I like: One is a Dropbox like file store, drag-drop files and they're statically hosted, the other is a GitWeb instance where you can just push updates to it for static hosting.
@carsten Another good option to bear in mind is the DomainConnect protocol, depending where you buy your domains: https://www.domainconnect.org/
It supports basically an open standard protocol of updating your DNS from a local script, and they provide both a Python script and a .NET app to do it.
@prologic There's a few places users will tend to prefer a monolith (social networks and feed readers come to mind), but anything document-based it makes a *huge* difference. The biggest downside is that since "starting the web server" happens every time you open an document, apps have to start very very fast. It's why we prefer SQLite over MySQL heavily, for example. Also, MySQL has a lot of overhead per-database, which makes file sizes annoying large, for example.
From a size, isolation, and performance standpoint, a lot of your small Go apps fit very well in the model already. :)
There's some interesting impacts here: If you don't share a document with anyone else, there's really zero way any vulnerabilities in the app itself can be exploited in any way, it's not even running unless you open it via Sandstorm. So it's safe to use these apps basically forever even without security updates.
The other big one is performance: Since apps are only running while you're accessing them, there's no performance cost to having a lot of different apps "installed" on your server. The cost of installing an app on your server is the storage, and CPU/memory is only impacted on demand.
In a normal Docker setup, a flaw in Etherpad could lead unauthorized users to access documents they shouldn't be able to, or of course, edit documents without permission, including documents they weren't supposed to have access to. Since Sandstorm spins up Etherpad containers on demand, if a user doesn't have access to a document via Sandstorm, the server isn't even loaded/running anywhere, and nobody can access it. When we do spin it up, the authorized user gets a container with... only the one document they have access to. A flaw in Etherpad could let a read-only user exploit their way into editing, but only, again, for the one document they already had access to.
Also, Sandstorm spins up these containers on ethereal randomized subdomains, and requires a unique authorization cookie on your browser to access them when they're up. So they're also very difficult to access even when they're spawned without authorization.
If you consider an application like Etherpad, which by default, one would run and have dozens, hundreds, or thousands of documents, and you might host it at etherpad.yourdomain.com. And it's always running, and it's data is always available, and it's using system resources. Additionally, you might want to share some documents with people, so people might have access to your Etherpad instance, but maybe only read-only, and only to some documents, or whatever.
Essentially the key concept is to move as much of the management of security and access to the platform, and not the individual application. Sandstorm assumes the applications might be insecure, or even actively malicious, and so we want them as inaccessible and locked down as possible all the time.
With a platform like YunoHost without virtualization, an RCE in an app could compromise everything on your server. A Docker-host like Cloudron or Umbrel, an RCE in an app could compromise all of the data in that app. More often than not, an RCE in a Sandstorm app grants zero ability to compromise anything at all. This means Sandstorm very rarely cares that apps have any good security practice at all: In most cases it just doesn't matter.
So, @prologic, I feel like I should convince you that your self-hosting solution you build should use containerized documents (Sandstorm calls them "grains" for kind of good reasons, but documents is usually applicable). This would have twofold benefits: 1. Your platform would be more secure/better. 2. Apps you build for it would probably be reasonably straightforward to also run on Sandstorm.
This is why I'm moving a bunch of my "sites" to basically internal-only apps on my Sandstorm server. I never really needed anyone else to have access anyways.
I mean, I am US Central, but I'm used to basing things on Eastern time so it's not a big deal, lol.
@mckinley Yeah, I just get a few hundred news items a day, I worry adding twts will double the daily backlog even if only following a few people.
@prologic I found the Atom feed, but I'm worried it might be *too* noisy, I don't want to overwhelm my feed reader too much. Hmm...
@mckinley I may try to be there, wife may have other plans.
Sandstorm currently has no special behavior for local networks versus over the Internet: All things use the public IP and supports Let's Encrypt. Access hence somewhat depends on hairpin routing, but certificates are no issue. On my home network, I actually adjusted my DNS to route my Sandstorm with local IPs internally, mind you, so it works when the Internet is down.
The way Sandstorm generally addresses the initial-user setup problem is that you can generate an "admin-token" from the CLI to log in administratively one time, and do whatever account setup (or OAuth configuration recovery) that you need to do.
I'm kinda curious where they failed out on this, considering it's a ready-to-deploy app they support on Vultr, from the looks of it.
@prologic Ooooh, that's... hairier than I thought it would be. The whole "apps currently use hardcoded IPs thing" is also super weird.
@prologic This sounds like a non-ideal user experience. Any idea what happened there or no?
@prologic Obviously Yarn should be on Sandstorm, but as much as I knock other selfhosting platforms you could get on them very easily. Cloudron, Umbrel, etc. are basically just Docker hosts at the end of the day, but it'd put Yarn in front of everyone who uses those platforms for self-hosting.
@prologic Probably weitten by someone who pulled all their repos off GitHub in protest. lol
@rob There's nothing that inherently blocks the federal government from passing a law banning abortion here, it's just a claim the court establishing a right to abortion was an overreach. Bear in mind, both parties are willing to claim it should be a state's rights thing... until they're in the position to enforce their view federally.
@prologic I'll just have to hope Yarn becomes popular enough for someone to make a native iOS client app.
@mckinley I prefer Jitsi's UI but it performs fine. Bear in mind I didn't hear or see anything on that call though.
@mckinley Did you do this from memory or like... did you take notes? O.o
I don't like all that Google UI design slapped onto my otherwise decent phone. :P
I installed Goryon, and it looks like someone shoved an Android app onto my iPhone.
Material design on my iPhone? *Gross* Feedback cc: @prologic
@prologic I can join! Like 38 minutes from now, right?
@prologic So in actuality they already do: Nobody would be caught dead running vCenter without a valid support contract. Of course, that's in addition to the upfront purchase.
Switching to fully subscription largely means disregarding the initial purchase, in favor of a higher yearly bill.
@prologic The best part is the announcement they intend to rapidly shift VMware to subscriptions. So the acquisition hasn't even closed and they've already announced they're buying it just to bleed customers dry.
Literally the first time I remembered on the right day, lol.
@prologic I was gonna join the call... but I'm tired. That's probably a good list though, question is how many are willing to pay how much towards those goals. More users would definitely help.
Hmmm, what would you do with funds you raise?
And since the cut is just a portion of donated funds, there's really no cost to having it set up. It costs nothing if you aren't bringing anything in via it.
@prologic OpenCollective is pretty solid if you want to accept donations, it takes away a lot of the legal questions at a modest cut. Sandstorm has one, we will be using it more soon.