
Reviving Sandstorm - anotherevan
https://sandstorm.io/news/2020-02-03-reviving-sandstorm
======
mkj
Back in 2017 wildcard https certificates were expensive which made self-
hosting Sandstorm trickier.

Now Letsencrypt support free wildcards so perhaps it'll be easier for
Sandstorm to get momentum.

Sandstorm uses a new hostname for every session
[https://docs.sandstorm.io/en/latest/administering/wildcard/#...](https://docs.sandstorm.io/en/latest/administering/wildcard/#why-
a-new-hostname-for-every-session-rather-than-for-every-document)

~~~
zenhack
At the time sandcats took some of that burden off, so you could still self-
host without having to wrangle with the cert stuff yourself:

[https://docs.sandstorm.io/en/latest/administering/sandcats/](https://docs.sandstorm.io/en/latest/administering/sandcats/)

...but yeah, now that let's encrypt does wildcards it'll be easier to do it on
your own domain. I'd like to see sandstorm have some nice integration for this
in the future.

(sandcats still works of course, and is still a good option to get started if
you don't want to mess with DNS and certs right off the bat).

~~~
indigodaddy
The (free) sandcats domain/service didn’t die with the paid service/business?
I had just assumed it had.. if it’s still around and still free that’s very
cool.

~~~
kentonv
Yes, I have no plans to shutdown sandcats. I do have plans to rewrite the
server side to use Let's Encrypt and Cloudflare Workers* in order to make it
easier and cheaper to operate, but even with the current implementation it's
no big deal to keep running.

* I'm also the tech lead of Cloudflare Workers.

------
chrisMyzel
Thumbsup for sandstorm - my conpany is extensivly using it with a small team
and external clients.

For those who dont know what it is:

Single Sing On with an App Store. Better explained:

You create one account and then can create/edit/share/copy projects of
completely unrelated software . So lets say you create a gitlab installation,
3 etherpad projects, 5 wekan (trello clone) boards and then share them with
your team/client/family by just adding their email adresses - awesome tool!

~~~
reagent_finder
Was somewhat disappointed it wasn't a 2020 version of the Darude song, but
this is nice as well.

~~~
davidjgraph
"Single Sing On" sounds very close to what you want.

~~~
EGreg
It has some of the best orchestration out there.

------
augustl
I hope we never stop trying to find a solution to what just _has_ to happen
some day: everyone should have their own server.

If I make an app, I can safely assume that the user has a bank account, an
e-mail address, etc. What would happen to the app economy if we could also
assume that the user had a server? Imagine all the apps that would be made
possible if the app makers didn't have to pay for and scale a back-end
service!

Sandstorm.io, [https://solidproject.org](https://solidproject.org) by Tim
Berners-Lee, many people have tried, hopefully someone will succeed.

~~~
smacktoward
_> If I make an app, I can safely assume that the user has a bank account_

Sure, but that doesn't mean you assume that the user _operates their own
bank._ They have some third party they trust to hold their money for them.
There are risks to that, but in practice it turns out those risks are much
less grave than the risks associated with everybody holding their life savings
under their mattress.

This is why I've always been skeptical of the "everyone should have their own
server" vision: servers require _administration_ , administration requires
technical skills that most people will never have, and even lots of those that
do have them aren't necessarily skilled _enough_ to be able to keep them
reliable and secure. For all those people, having some professionals at a
third party deal with that stuff will yield better results than DIY will.
There are risks here too, but it'll probably be easier to mitigate them via
regulation than it would be to teach everyone in the world to speak Unix.

(The one way out of this trap would be if we could come up with some kind of
server that _did not_ require administration -- that had guaranteed 100%
uptime, that never required security updates, that scaled automatically to
meet any level of demand, that didn't have physical parts that wear out over
time, etc. It's telling that the closest thing we have to that today is less a
server and more something like AWS, which... requires trusting a third party.)

~~~
zenhack
The key thing is the user has somewhere they can actually _run your app_ ; it
doesn't necessarily have to be their own box, it could be one provided by a
friend or a hosting provider. That said:

> The one way out of this trap would be if we could come up with some kind of
> server that did not require administration

To a large extent this is actually a goal of sandstorm.

I'd contest some of your requirements though: /Nobody/ has 100% uptime, even
AWS. And most individuals are not in a position where an outage is going to
cost them millions. It might suck, but people trudge through worse problems
with their PCs; no reason a personal server ought to be different. So I think
the bar is a bit lower than you suggest; I think it's possible to get a server
to the point where it can be "administered" by someone who's capable of
"administering" a laptop.

We're obviously not there yet; you still need to set up a Linux box before
installing Sandstorm itself, and we don't really have a great Story wrt
backups yet. But Sandstorm itself is already mostly fire-and-forget; it auto-
updates itself, our security track record is rock solid, and I can't remember
the last time I had to do anything that felt like sysadmin work for my
Sandstorm box. There are a couple things I think still need to happen:

1\. We need an automatic backups & recovery story.

2\. We can't require the user to install Linux first; we'd need a "sandstorm
distro" so folks can do the whole business together. The OS should be hardened
by default and self-update with Sandstorm, as well as integrate with the admin
panel for scheduling reboots.

3\. Ideally, there'd be hardware you could buy that's just already running the
sandstorm distro.

------
gitgud
I loved sandstorm and used it extensively a few years ago; it was amazing to
single-click install instances of apps like; "Wekan", "Dokuwiki", "Wordpress".

The reason I stopped using it was development... It was amazingly hard and
confusing to develop a "hello world" application for Sandstorm.

Sandstorm had a great GUI and workflow for users, but it seemed like new
developers on the platform were ignored... which reduced the growth of the
platform and eventually killing it

Glad to see it's being revived though and maybe I'm smart enough to make my
own Sandstorm-Compatible app now!

~~~
ocdtrekkie
We are definitely very interested in improving app development and new
contributor onboarding with Sandstorm. If you do revisit it and hit
difficulties, please reach out on IRC or the mailing list!

------
xrd
I just installed it. I've been wanting to play with Sandstorm for a while for
two reasons: 1) seemed like a lot of people were excited about it and 2) I
could not figure out what it was.

Regarding 2) I wondered: was this the "new heroku." Or, better than zeit? Or
better than docker?

I still don't know.

After installing it, I went to the marketplace and looked at the set of apps.
Looks like there is button to quickly install piwik (alternative to Google
Analytics). It worked really well. There is a spreadsheet app. A git server.

But, I can do basically the same thing by going to the marketplace in Google
Cloud Compute and choosing GitLab, or Wordpress, or whatever.

Sandstorm looks ugly. I know that does not mean it is better or worse, but GCE
certainly looks more professional when I install one of their marketplace
apps.

So, what am I missing about Sandstorm? If I choose apps like GitLab or
Wordpress where there is a documented and easy way to migrate my data so that
I can easily move off GCE and over to another provider. Then I feel that my
lock-in risk is mitigated, but is there something else that Sandstorm gives me
here that I'm missing?

~~~
cfallin
> But, I can do basically the same thing ... what am I missing about
> Sandstorm?

The big difference, in my mind, is that each app is integrated with a
permissions/capabilities model and strongly sandboxed by individual instance
or document. Sandstorm itself handles logins, and handles capabilities to
access documents; then e.g. there's no way that Etherpad can accidentally leak
your doc to someone else unless you've granted a Sandstorm-level permission to
that person.

It sort of flips from the "walled-garden app" model, where the app is the
boundary and individual docs and users are within the app, to the traditional
"computer with filesystem" model, where the user login and the file with
permissions are system-level concepts. (Except instead of "file", they call it
a grain, and it's a separate instance of Etherpad or Gogs or whatever.) That's
also what makes this more than just Docker containers -- deeper integration
into the app.

That also gives you flexibility to have a bunch of different instances of a
single app, and IIRC, they have functionality to import/export those instances
in a well-defined format from one host to another.

At least, that's what I remember from playing with it 4 years ago. In any
case, I got the impression that the model was much more secure, and flexible,
than just "install Gogs on vanilla Linux".

~~~
xrd
This is such a great comment. Tying together all the different login systems
and making it work with a bunch of different systems behind those
authentication systems is such a pain in the ass. Maybe Sandstorm tried to
promote that as the key benefit at some point and it didn't resonate, but
their site right now says "Sandstorm is an open source platform for self-
hosting web apps" which does not differentiate it at all.

If I knew that I could create a private walled garden with a bunch of
disparate apps that are all connected, that I would have been excited about.
That's hard work they did, and it is a shame they don't promote that up front.
I'm confused who they think they are talking to, since "open source apps"
would only appeal to developer/sys-admin people anyway.

~~~
kentonv
I mean, that is described on the front page, under "How is it different?"

Communicating everything that any potential user might want to know in a
single sentence turns out to be really hard.

------
unixhero
I went to Cloudron for my selfhosted needs. It works great. But years before I
was using Sandstorm, and it was always rock solid. Would love to come back to
Sandstorm in the future!

It would be very important to describe and make it much easier for the
community to ship self hosted Sandstorm packages.

------
sascha_sl
If the failure of Sandstorm has shown one thing, it's that people will not
maintain forks of software if the layer you're integrating with is too
complex.

I'd much prefer if Sandstorm just shipped with an IdP and contributed OIDC
implementations to downstream projects.

~~~
ocdtrekkie
We've definitely had varying levels of success with this. Sometimes an app has
a switch or two for being on Sandstorm and a .sandstorm directory in their
repo, and you can more or less "vagrant-spk pack" it and it's good to go. One
of the things we're interested in with vagrant-spk updates is ensuring the
flow to update old apps is a lot smoother.

Others have a fair bit more difficulty, but I think it comes down to market
share: If a lot of their users are on Sandstorm, they're going to care about
maintaining a Sandstorm package. If the Sandstorm project isn't as widely
used, people aren't going to be that excited to do all the extra work for
packaging.

Wekan has Sandstorm packages as part of the release pipeline: Every single
release is submitted to the Sandstorm app market, actually. But Wekan is both
considered a core app for Sandstorm, and has been available on Sandstorm since
it's very early days as a project, so the group of users using Wekan on
Sandstorm has always been pretty healthy.

~~~
sascha_sl
It's a bit like providing a snap.

I know exactly one non-cannonical project that maintains a reliable out of the
box experience for snaps, Nextcloud. And that's because they use and package
it themselves.

Yet I'm never quite sure if I'm about to shoot myself in the foot installing
any other snap.

Same with Sandstorm. When I ran Mattermost for a bit I was initially shocked
how seamless and fast it worked, followed by immediate disappointment that
apparently just a handful of versions had been patched and it was lots of
major versions behind by now.

------
hobofan
That's sounds more like "here are a bunch of new features coming soon" rather
than reviving the project.

Will anything significantly change in contribution activity going forward? Are
there again some people working full-time on Sandstorm, which is realistically
necessary for a project of this size? The announcement doesn't say anything
about that.

~~~
zenhack
There's some talk of trying to figure out funding stuff, though none of it is
super organized yet. I personally set up a GitHub sponsors profile and a
couple folks are donating. I could see us getting organized enough to scrounge
up money for at least one person but we'll see.

But, even without that, I _do_ think there's a reason to be hopeful that this
is more than a momentary stir. The company shut down so suddenly and without
really on-boarding new contributors, and I think much of the problem was that
of getting over the hump of "all of the people who've worked heavily on this
codebase disappeared at once." I think it might not have stalled in the first
place if there were a couple folks outside the company who had been doing
regular work on the platform. I still feel like our bus factor is a little low
wrt to hacking on core, but I'm hopeful that we can get to a point where
there's enough shared knowledge that we won't end up in quite that kind of
slump again.

~~~
hobofan
Yeah, you are probably right. Building up a bigger bus factor, and some
momentum are probably more important than going at it again with full swing.

I wish you the best of luck, and really hope that Sandstorm succeeds! Thanks
for putting in the effort!

------
brylie
It would be cool to use Sandstorm to host public-facing apps, so content could
be browsed without logging in. For example, hosting a public discussion, chat,
or wiki with the simplicity of Sandstorm. From what I recall though, Sandstorm
security sandboxing makes it difficult/impossible for Sandstorm hosted apps to
be visible to the general public. Has this changed? Is my recollection
incorrect?

~~~
ocdtrekkie
You are not incorrect, and that's definitely something we've talked about
addressing, because it's a common request. We have a workable flow for
publishing static web pages from Sandstorm, but even that requires manually
configuring DNS entries somewhere. We've talked a bit about what would be
required to get a dynamic grain available at a well-known subdomain.

There's obviously some security cost to doing that, but it's a cost most
people would accept in the context of a grain they want to make easily
findable to the public.

~~~
orblivion
I should add/clarify that if you're talking about dynamic grains (active
discussions, wikis, etc, as opposed to mere statically published sites), it is
also already possible to share those publicly. They're just at weird looking
URLs. Hence the interest in a "well-known subdomain" feature to improve that.

~~~
brylie
Thanks for the clarification. Supporting user-friendly domains is really
important.

------
ohiovr
I have a self hosting project ready in the wings but I don't know how to make
it self sustaining or useful (economically to me as I am poor as it is) if I
made the source public. It is also not clear to me how to sell it as a closed
source application. Please have a look here:
[https://wharfie.org/](https://wharfie.org/)

~~~
ocdtrekkie
The main thing you have to figure out, especially if you want to make money on
it, is what it offers that existing solutions don’t. A lot of self hosting
options exist, and many of them are free and open source.

So why would someone pay for your project? Even a very novel solution like
Sandstorm, which six years later has no real equal in the security department,
struggled with convincing people to pay for it.

------
amalcon
I just want to say thank you to everyone who's worked on this. I've been a
believer since the crowdfunding campaign, and a user since Oasis came to be
(RIP).

While there are some warts, and development has been slow for a while, the
project is fundamentally sound and still quite useful.

------
api
The thing that always killed it for me was the utterly bizarre arbitrary
federated login requirement in an otherwise self hosted system. It meant it
was impossible to use on an intranet, not to mention defeating the self hosted
purpose.

~~~
ocdtrekkie
Besides avoiding having to manage its own authentication system, one important
future direction is federation. So ensuring you can associate accounts as
being ‘the same person’ on multiple servers is a significant boon for the
future.

As a community, many of our conversations and notes are spread across five or
six servers in different people’s control. We’d like a better experience for
that long term.

Email login is pretty good now though if you don’t want to deal with Google or
GitHub, and now that LDAP and SAML is available for free, intranet is pretty
doable with standard conventions known to most IT departments.

~~~
mathnmusic
Cloudron.io's approach seems far more easier for developers to adopt. Every
webapp runs in a Docker container and auth/user management is delegated to a
single-sign-on service. But it's not open-source.

Sandstorm explains why they don't use Docker:
[https://sandstorm.io/news/2014-08-19-why-not-run-docker-
apps](https://sandstorm.io/news/2014-08-19-why-not-run-docker-apps)

But the problem with the ease of adoption remains.

~~~
ocdtrekkie
Cloudron is definitely easier to build and integrate apps for than Sandstorm.
And it is open source now, although automatic updates require a license.

However, Sandstorm’s security model is a step beyone what something Docker
based can offer.

~~~
polyglotnetwork
> And it is open source now

I don't think so. Here's their license:
[https://git.cloudron.io/cloudron/box/blob/master/LICENSE](https://git.cloudron.io/cloudron/box/blob/master/LICENSE)

~~~
ocdtrekkie
Oh, that’s unfortunate. It looks like they replaced the AGPL with that 11
months ago. It used to be open source!

------
chillpenguin
Glad to see it! I always thought sandstorm was a really cool concept.

------
honksillet
what is sandstorm?

~~~
rflrob
It’s not clear to me the extent to which developers should assume people will
be coming from HN and have some background on their project for the
uninitiated. This post is almost perfectly devoid of any hooks that might give
people a hint of what it is, but on the other hand, for a “not dead yet” post,
probably the people who will be most excited do in fact know what it is.

~~~
setr
Given that this article does not exist alone, but rather within the context of
the broader website, readily available by means of the ever-present header
with links, I believe it is safe to assume that any reasonably intelligent but
unknowing user can do the research on their own.

Additionally, as long as the question "WTF IS THIS??" is not forbidden in the
HN comments, even those lacking the domain knowledge, or a sufficiently useful
description on the site itself or a useful Wikipedia page, I think the extent
to assume is fairly low.

That is, I think it's safe to assume the internet, and its users, exist, and
that the reader is sufficiently intelligent to make use of the resources
available to them, when writing a post to publish online, if it's not
intentionally an introductory post

------
Rafuino
I'll admit, I first thought this was about reviving the popularity of Darude's
hit song...

------
Yuval_Halevi
I like the idea of making self-host web apps simple to non-technical people.

Is it a non-profit organization or an actual company? I didn't find anything
about the pricing plan

~~~
orblivion
Right now it's just Free Software that you install on your own server. Any
pricing involved (for normal users) had only ever been a high storage space
account on Oasis, a sort of example server that was run by Kenton, the
original creator of Sandstorm. However Oasis is basically shut down now,
because really the whole point is self-hosting anyway. (I say "for normal
users" only because there was once a business plan involving potentially
getting companies to pay for premium services, iirc)

Sandstorm was (maybe technically still is?) a company with a business plan.
However that's effectively been disbanded. From 2017:
[https://sandstorm.io/news/2017-02-06-sandstorm-returning-
to-...](https://sandstorm.io/news/2017-02-06-sandstorm-returning-to-community-
roots)

Nowadays it's a community project, still getting security updates from Kenton.
Spinning out some sort of non-profit funding situation, probably unaffiliated
with the initial company, is plausible. Right now it's all speculative though,
which is why you won't see anything about it on the site.

------
aubergene
How does Sandstorm compare with Freedombox

[https://freedombox.org/](https://freedombox.org/)

------
pjkundert
If you like Sandstorm, you’re going to love
[https://holo.host](https://holo.host).

~~~
Groxx
At a brief glance, this appears to be a coin-based / blockchain-dweb app
ecosystem. Which is _absolutely massively_ different, though a relative
handful use-cases overlap (and blockchain apps do indeed cover some of those
quite nicely).

------
foreign-inc
As a naive user, I could never understood what sandstorm really is. Does it
run apps locally? How does it work in general?

------
phlhar
Wow very nice, didn't know about Sandstorm. I'll try it out!

------
tonymet
so disappointed this was not about Darude

------
bitwize
Doodoodoodoodoot.

Dut doodoodoodoodoot.

Oops, apparently that's the wrong Sandstorm...

------
hadlock
I got really excited expecting some javascript implementation of Darude
Sandstorm

------
symlinkk
I don’t see a purpose to this in an era of Docker. They say their mission is
to make it easy to host your own web apps, and provide some security around
those apps, but Docker makes this easy as well and also provides a small
amount of insulation around containers.

~~~
Polylactic_acid
I have spend at least 15 hours trying to self host things with docker with
little success. Its not nearly as easy as people make it sound. You don't just
"docker run ..." and away you go. You have to spend ages reading the manual
for each app, creating configuration files for the app you want to host and
then mounting them in to the container, then you have to set up a database,
reverse proxy, certificate renewal, and then you have to network it all
together.

And then half of the time the docker containers you need aren't built for ARM
so your RPI home server cant run it without building it all yourself or
finding an alternative container that is built. And then docker has no built
in update mechanism so you have to constantly manually check that nothing you
are using has any updates.

The only time docker actually is simple is when you use one of the "all in
one" containers that has everything you need but then it binds to port 80 and
443 and now thats the only app you can run.

Docker could be used in combination with a sandstorm style tool. The real
value in Sandstorm was meant to be that you didn't have to configure
everything, you just press "install" and it would be all done for you and kept
up to date.

~~~
esjeon
> I have spend at least 15 hours trying to self host things with docker

That only says you haven't spent enough time. Say, 15 hours would be just
enough to understand postgres _container_ and figure out the best working
configuration for you. Apps on top of it? Good luck spending extra 30 hours.

The thing is docker has never claimed that you don't need to learn about the
software you're gonna run. It simplifies only deployment (a.k.a. installing
and executing binaries) by providing uniform environment, and by making
configuration files more reproducible, but it never reduced the complexity of
software configuration.

But that doesn't mean Docker isn't a viable option for simplified server-
application deployment. All we need is a set of well maintained recipes. It's
just that there are too many recipes out there, unreviewed, untested,
unmaintained. If one central party takes the responsibility here, Docker (or
any other container solution) can outshoot Sandstrom in no time in terms of
both quality and quantity.

~~~
brnt
I'm afraid you're missing the people Sandstorm is targeted at. People who do
want a server, and a variety of services on that server, and the ability to
move the server to a hoster or local metal, but have no desire, and thanks to
Sandstorm no need, to acquire the skills you are referring to. People for
which a server is in support of their workflows, not a goal in itself.

You're right, a Dockerized alternative might be as good or better. But until
such a platform exists (I do not count Cloudron because it's closed source
now), it is not viable for the people Sandstorm is targeting.

------
grizzles
As a product it was a disaster. What I would do if I was going to turn it into
a company:

1) temporarily decrease the # of supported apps.

2) new custom react UI

3) call it project headless. try to discard a ton of code. keep the schemas,
fork the services, grpc/capnproto them etc, tear out the good bits of the
server sides of these apps. If an app has nothing special in it - discard it.

We all know in the long run this would be the least labor intensive way to
execute a project like this. I bet you'd get a huge amount of contributions
flowing in too.

~~~
ocdtrekkie
The community members working on it right now are focused on improving the
capabilities of Sandstorm for fellow self-hosting enthusiasts like ourselves.
We’re not building a company, so our priorities are a little different.

------
Animats
Article about dead project which doesn't describe what the project is.

~~~
Groxx
Yes. It's _particularly_ reasonable to assume that readers are minimally aware
of what they're reading on a "reviving a dead project" blog post IMO - why
would you assume readers have no idea what's being revived? Why would they
even be there?

More generally, it's a project-specific news section, it doesn't need to
introduce itself in literally every post - check the site instead.

------
chrismorgan
Concerning the presentation of this article, rather than its contents:

Source Sans Pro 300 is too thin for body text on most platforms. It’s
tolerable on Apple platforms with high-DPI displays due to their stroke
thickening (where they essentially ignore the font author and do their own
thing, though you could also argue that it’s just a form of gamma control),
but on other platforms like Windows it’s much too thin, to the point that on
many low-DPI monitors it’s genuinely painful to read.

Be very careful in general when using light font weights for body text. 400 is
a much safer option.

~~~
mkl
I think you're overgeneralising. I have terrible eyes and I'm using low-DPI
screen with normal zoom. I had no trouble.

