
Sandstorm App update: New open-source self-hostable apps - andybak
https://sandstorm.io/news/2016-01-22-8-new-open-source-apps
======
jlgaddis
Looks nice and I'd love to try it out for my company -- hosted at first, then
maybe on-premises if we like it.

There's no pricing details on /business, though, only a "Contact Us" link.

So I'll do what I do every time this happens: click "Close Tab" and move on.

(I don't want to talk to your -- or anybody else's -- sales people. Ever. I
know I'm not alone either, so you're artificially limiting your user base if
you do this.)

~~~
kentonv
Sorry!

This isn't because we want to force you to talk to sales people (we don't even
have any sales people! just us techies here!). The problem is that
Sandstorm+Business is still in development, so there's nothing self-service
for us to offer you. We want people willing to contact us to do so so that we
can get their requirements and keep them updated, but if you don't want to
talk to us (understandable -- I'm the same way), then your best bet is to try
out the "individual" version now (which actually works OK for companies, but
doesn't yet have all the features listed on the /business page).

Within a couple months we'll ship this, and then you'll be able to get it set
up without talking to anybody. In fact, we plan to make it all part of the
same build, so if you install from
[https://sandstorm.io/install](https://sandstorm.io/install) today then the
features will appear over time...

(We're currently not actively working on a managed-hosting version of the
"business" features. We'll probably do that someday, but on-prem is a big
selling point so we're focusing on that for now. That said, many people use
[https://oasis.sandstorm.io](https://oasis.sandstorm.io) for work purposes
today.)

~~~
tw04
Seriously, you should consider making that somehow part of the "contact us"
link. Because even as someone not using the service, anytime I see "contact
us" I get the same disgusting feeling in the pit of my stomach that you want
me to contact you because you want to up-sell me.

At the very least, make it a link to "show pricing" and then on the next page
give an explanation of like - if you need X, it should cost approximately X.
Because we're still figuring things out, we may need to give you custom
pricing (from the geeks, not a sales guy, we promise!). "Contact Us" has
unfortunately become synonymous with shitty used-car negotiations.

~~~
knughit
If you don't trust their salespeople, why on earth would you trust them
claiming that they aren't sales people? Judge based on the available facts,
not superficial prejudices.

~~~
jonesb6
As stated above, I think it's not so much a lack of trust but a lack of
confidence in a company that can't give you a straight-up pricing structure on
their web page.

It screams "we'll charge you as much as we think you can afford", kinda like
those domain squatters. Oh you're a big company and want this random domain
name? $40,000 please.

~~~
ocdtrekkie
Most have set prices, but contact us for pricing is often because a company is
well aware the sticker shock on the price is going to drive most customers
off. Being on the phone when you share that price gives them more of a chance
to ease you into the number and try to justify it.

But in the case of Sandstorm devs, it's just that those features/that product
is still in development.

~~~
jonesb6
Yeah, but vendors should realize that users can see-through the facade. Seeing
"contact sales" makes me think of the sticker shock, and me being a cynic I
often expect the pricing offered to be much higher then it ultimately ends up
being.

~~~
kentonv
Ehh... I think you're being too cynical and that you're projecting. I also
think you're forgetting that this is a two-way street.

When Walmart calls your sales department, they aren't going to be suckered
into a high price. On the contrary, they have a procurement department whose
job is to negotiate the price _down_. They also probably have custom
requirements that they want met, so a self-service option wouldn't even work
for them.

Typically -- especially among "scalable" startups -- the "contact sales"
option is meant specifically for these big fish to utilize, while the smaller
fish get a self-service option with standardized pricing. This is what
Sandstorm will have in the future.

~~~
ocdtrekkie
I would say that I think there needs to be a more upfront accounting of
ballpark figures for 'contact sales' moments. Working as a SysAdmin, I've come
across points where you call, they want to set up a trial, you ask them how
much it's going to cost, and they keep saying 'well, depends on which options
you get and this and that, so it's hard to say'.

And I just wanna know if it's a four, five, or six digit figure for God's
sakes.

------
andybak
I'd love to hear from people that are using Sandstorm day to day.

The only thing stopping me that none of the current apps fill a need that I
currently have - although there are a few things I'm close on (I still use
Mozilla's etherpad but could easily switch if I can break my habit)

~~~
WhatIsDukkha
I use it daily for etherpad and ethercalc.

Lots of apps now that I need to explore and see where they fit for me.

Looking forward to kentonv <.< clearing the path for huginn

[https://github.com/cantino/huginn/issues/839](https://github.com/cantino/huginn/issues/839)

That seems like a killer app when wrapped in the smooth awesome deploy of
sandstorm.

~~~
kentonv
Huginn is tricky because it needs to talk to the outside world a lot and we
need ways to let it do so securely[0]. But we're closing in on getting that
done, and I can't wait to be able to port Huginn to show off how much more
secure it will be running inside Sandstorm. :)

[0] [https://docs.sandstorm.io/en/latest/using/security-
practices...](https://docs.sandstorm.io/en/latest/using/security-practices/)

------
nl
I think this is a great page:
[https://docs.sandstorm.io/en/latest/using/security-non-
event...](https://docs.sandstorm.io/en/latest/using/security-non-events/)

~~~
edtechdev
"Sandstorm Security Non-events

This page contains a partial list of security issues that have not affected
web apps when they run in Sandstorm -- typically because of the hardening we
do to apps, or because of the hardening we do against the attack surface of
the Linux kernel. The purpose is to demonstrate that our security practices
provide some degree of useful protection in the face of real-world
vulnerabilities."

------
mmanfrin
I understand the usecase of having your own google doc-like services or a note
taking device, but reading through the docs I got the picture that everything
used would be behind the user wall; is there any way to expose apps from
sandstorm as sort of standalone things? I.e., could I make
'forums.example.com', and the forums points to an install of nodebb, allowing
for access/registration outside of sandstorm?

I like the idea of having a system where I can deploy instances of open source
systems for me/friends to use on my own domain/server (like a small message
board or something), but if it's entirely behind the being-a-user-of-the-
sandstorm-instance first, then the utility is lessened.

~~~
ocdtrekkie
Out of curiosity, what would be the point of someone logging into NodeBB but
not your Sandstorm hosting it? Sandstorm takes care of the authentication by
design, so you can ensure your users are protected even if a bug is found in
the app in question. That's a large part of the benefit of it.

There might be some sense in a way to present it without the sidebar to go to
other apps or shared grains or some such, but I can't imagine you'd want to
not authenticate users with Sandstorm in that scenario.

~~~
mmanfrin
For instance if they don't want to sign up, just view content; or in the case
of the meteor digg-like app, requiring sign up before use is a major turn-off.
Or if I am away from my own computer but want to show someone something on the
bulletin board; I don't want to have to log in to the full system to get a
link to view (or a link to share) when the alternative is a normal self-hosted
app where I could go to _forum.mydomain.com_.

~~~
kentonv
Just to be clear (and expand on ocdtrekkie's comment):

\- Most apps today do _not_ require login when accessing a sharing link. It's
an important design goal for us that your friends don't have to create
accounts to collaborate.

\- <vaporware>We plan to add ways to bind grains to easier-to-remember names
in the future.</vaporware>

------
charlieok
If I could choose one app I'd love to see on sandstorm, I'd choose
[https://github.com/cantino/huginn](https://github.com/cantino/huginn)

Or to generalize just a bit, any good app in the category of "automate all the
things". With the recent demise of yahoo pipes, I'm not even sure there is a
decent hosted service available in this category anymore, unless IFTTT meets
your needs.

I think there's likely a lot of overlap between "people who want their own
server" and "people who want to set up automations tying together their
various devices and services".

I think Sandstorm sits in the sweet spot between "people who are not only
professional engineers but also want to spend the time and effort to maintain
a personal server" and "people who don't understand technology and/or will
just use what their peers use". Power users, basically.

So yeah. Huginn :)

~~~
kentonv
I agree! We plan to port Huginn just as soon as we have the infrastructure in
place so that it is able to request permission to talk to the various external
servers that it wants to talk to -- which will be pretty soon now. :)

~~~
charlieok
That was exactly the question I wanted to ask about sandstorm's capabilities.
Glad to read this :)

------
skybrian
I'm a fan but I haven't used it yet. I'm still a bit wary of either storing
data I actually care about (originals) or serving a public website from either
a self-hosted or startup-managed machine.

It would be nice to run Sandstorm apps that store their data and serve static
websites from Github. Occasionally they go down, but on the whole I'm more
confident that their hosting will be around for a long time.

Even longer term, backing up a grain to a git repo (not necessarily Github)
would be pretty nice.

~~~
ocdtrekkie
Sandstorm's hosting service (Oasis) is hosted on a service arguably/probably
more reliable than GitHub... Google Compute Engine.

The big difference between Sandstorm and say... GitHub hosting (if the code is
written for their APIs), is no matter whether I self-host or use Oasis, I can
easily move my data to a different storage medium later.

~~~
kentonv
Well... I am not going to claim that Oasis itself has better uptime than
Github. :)

(Although we have had very few unexpected issues, we still need to take Oasis
down briefly during updates. This is something I'm working on fixing, and
until then I try my best to schedule updates when people are asleep...)

As to GP's concern about longevity of the service, the key point is that
unlike any SaaS service, you can easily move your data off Oasis onto a self-
hosted server running only open source software, and end up with exactly the
same user experience you had before.

~~~
skybrian
It doesn't really work for me because then I'd be hosting it myself. Even with
Digital Ocean, I ended up shutting down a hobby website after a year because I
was the only one using it (and then rarely) and I didn't want to pay the
monthly fee anymore. App Engine would have been a better choice - everything I
put there is still running.

Sandstorm on Digital Ocean might be somewhat better since I could cram more
onto one instance, provided I was running multiple things there that I
actually used.

------
dikaiosune
I really like what Sandstorm is doing here, but the most attractive setup for
me (self-hosted on a box I physically control) is hampered by the asynchronous
up/down speeds of consumer internet. I already have a somewhat slow download
(~15Mbps), but my upload is 10% of that, and I'm not fond of the idea of
reducing all of my access speeds to my "cloud" data by 90% of what they
currently are.

~~~
kentonv
FWIW, this is why I generally recommend running on a "cloud" provider like
Digital Ocean rather than running physically in your own home. But of course
that requires trusting the provider, which is a trade-off.

<vaporware>Once we have all our federation plans in place it will be easy to
have multiple Sandstorm servers that connect to each other so that you can
restrict critical secrets (say, your PGP key) to your home machine while
putting less-critical stuff in "the cloud", but still have them all connect to
each other (essentially: federated Powerbox).</vaporware>

~~~
dikaiosune
s/vaporware/shut_up_and_take_my_money/

EDIT: Also, yes, a DO box with Sandstorm is what I have some amorphous period
of time this summer reserved for. Just not _as_ ideal for me as physically
controlling the box.

~~~
heavenlyhash
On the plus side, you can readily _start_ on one cloud now, pretty much drag-
n-drop to another cloud later if prices jump, and bring it home to your living
room whenever you want. The ability to click "download backup" and get a zip
that has 100% of your app state, ready for one-click restore to a functional
install, is _ammaaaazing_.

------
bsbechtel
I've kept an eye on Sandstorm for a while now...however, I get the feeling
that it is something I should want to use, but I can't find the use case that
warrants it. Can any of the developers here provide a little more context as
to when or where it might be useful? Is this kind of like a super simple
Docker competitor?

------
db48x
What's the state of the Powerbox? Is it available yet?

~~~
kentonv
Not quite, but here's a pull request:

[https://github.com/sandstorm-
io/sandstorm/pull/1459](https://github.com/sandstorm-io/sandstorm/pull/1459)

