
Sandstorm – An open source platform for personal servers - reinhardt1053
https://sandstorm.io/
======
amirmc
Things like Sandstorm are really important as they allow people options
without becoming a full-blown sysadmin. Just look at how many crowd funding
ideas are based on 'personal cloud' concepts.

However, we also need to work on the fundamental problems to make it easier to
build decentralised products in the first place (not everything is a web-app).
Namely, how such apps are built, how they store/sync data, and how we deal
with identity. The current tools simply aren't designed for the world we're
heading towards, so we need to re-evaluate our assumptions. On top of this is
the need for business models that don't rely on mass data collection (eg
advertising) -- we can't rely on everything being open source but the
underlying infrastructure must be.

There are many ways forward and the particular approach I'm taking is based on
unikernels and creating a modern stack to deal with the above issues directly.
There's more info at [http://amirchaudhry.com/brewing-miso-to-serve-
nymote/](http://amirchaudhry.com/brewing-miso-to-serve-nymote/)

If anyone happens to be at FOSDEM this weekend I'd be happy to chat about
these ideas in person.

~~~
lewisl9029
In terms of storage, here's something I've been working with for one of my
current projects:

[http://remotestorage.io/](http://remotestorage.io/)

Open protocol for synchronized personal storage. It uses a decentralized model
where users provide and pay for their own storage. Could be game-changing if
it takes off.

~~~
edwintorok
I've quickly read through your RFC, and since I've recently added support for
Content-Range to LibreS3[0] that is the first thing I looked for, and sure
enough you support it.

Although it is not clear to me why you need to use webfinger to announce
Content-Range support. There is Accept-Ranges header, or you can detect that
you get a 200 instead of a 206 reply on a Range request for GET.

For PUT RFC7233 says "A server MUST ignore a Range header field received with
a request method other than GET." so I'm not sure how that would work there,
can you give an example?

[0] [http://blog.skylable.com/2015/01/build-your-own-cdn-with-
sky...](http://blog.skylable.com/2015/01/build-your-own-cdn-with-skylable/)

~~~
lewisl9029
I should have probably made it a bit more clear that I'm only working WITH
remoteStorage on one of my side projects, and am not one of its developers. =)

------
themoonbus
Here is how to write a landing page.

Big letters: "Sandstorm makes it easier to do XYZ" or "Sandstorm lets you do
XYZ by doing XYZ"

E.g. "Sandstorm lets you run your own personal web applications without
needing a background in IT!"

or "Sandstorm lets you to install personal web apps as easily as you install
mobile apps!"

3 examples of what this could actually mean for 80% of your users "Run your
own Dropbox!" "Host your own WordPress Blog!" "Get a mailbox to match your
personalized email address!"

THEN drill down into what it actually is (Sandstorm is a open source platform
that makes it easier to run and manage your own personal server, yadda yadda),
and its more specific features, such as usability, security, etc.

(This advice operates under the assumption that "individuals" are your main
target audience.)

~~~
larrybud
+1 I went to Sandstorm's home page, and spent the first 5 minutes trying to
figure out what it is & what it does.

"Sandstorm is an open source platform for personal servers". Ok, fine, but
what is it REALLY? What does it do? Why is it better than (hosting / VPS
hosting / AWS / Docker / PaaS)? Give me some examples of what I can do with
it.

Sorry, you lost me with your home page.

~~~
CalRobert
It's better because the internet was supposed to be a bunch of computers
talking to each other. It was a beautiful vision. Instead, it's been
centralized on two levels:

FB/Google/Instagram etc. serving content, and AWS/DigitalOcean owning the
hardware for those intrepid individuals who want to roll their own solutions.

The internet wasn't supposed to be Amazon, Google, and Facebook all talking to
each other. It's scary that ISP's don't even want you to host your own
(modest) server. It's SUPPOSED to be a bunch of computers networked together!
Sandstorm makes it easier to live that vision where you own the hardware, or
at LEAST have full control over your cloud. It doesn't necessarily need to be
your home computer - a colo'ed odroid (or RPi if your needs are modest) would
do the trick too. As more and more of the internet is gobbled up by VPS
services I think it's important that the average Jane or Joe can still put
together their own website, blog, game server, etc. and not be reliant on a
company for it.

~~~
apenguin
Unfortunately, I don't see how this solves the problem. The main problem for
me is this part of my ISP's ToS: "Users may not run any type of server on the
system."

Further, every ISP I've ever had has had some such clause. I'd have to get a
business plan to actually be allowed to run a server. So who is this, or any
home server software, even for?

(Or at least, who in the US)

~~~
kentonv
Sandstorm is not necessarily about running the server at home (though you
can). It's more about being able to choose what is on your server and control
how your data is stored and accessed, whether on a home machine or running in
a datacenter.

~~~
ausjke
I think I can use apt-get/rpm/etc to control what's on my server already these
days?

~~~
kentonv
Sure, but only if all of the following are true:

1) You understand how to use the Unix shell and everything else that goes into
maintaining a Unix machine.

2) You have the time to do it. (This is what has always stopped me, FWIW.)

3) You are willing to spend money on a machine that has sufficient resources
to be responsive when you use it but sits idle 99% of the time since you're
the only user.

These obstacles are what drive people to SaaS, where they no longer have
freedom to install arbitrary software.

------
ozh
Sounds cool but I think the WordPress implementation is TERRIBLE: it depends
on a WordPress fork that is completely outdated, instead of downloading an up-
to-date fresh archive.

~~~
paulproteus
I agree -- the current WordPress package needs work. Thank you for trying it
and looking into it!

Community-wise, one thing we're going to need, as Sandstorm grows, is an
ecosystem of app package maintainers. Part of what we're hoping is that more
developers of the apps themselves will maintain the Sandstorm ports, like
Audrey Tang is maintaining the EtherCalc port.

Tech-wise, one thing we're going to need is a solid story for how Sandstorm
packages will easily stay up to date with the latest changes as the upstream
author releases new updates.

I work on+for Sandstorm, and I'm also a Debian developer. Debian is not a
shining example with regard to either of the above, and I'm sure we can do
even better at Sandstorm.

~~~
tokenizerrr
Is it possible to run arbitrary Docker containers? If so, that could be a
solution.

~~~
paulproteus
It's not currently possible to run arbitrary Docker containers through
Sandstorm, since we prefer app packages (we call them SPKs) to be:

* Self-contained -- if the app needs MySQL, bundle it;

* Able to run with external network access unavailable -- this improves security, since even if an app gets compromised, it's not a big deal since it can't leak any data out to the world;

and a few other constraints that are more technical than philosophical.

[https://github.com/sandstorm-io/sandstorm/wiki/Porting-
Guide](https://github.com/sandstorm-io/sandstorm/wiki/Porting-Guide) hints at
them, but I don't quickly find a reference for all these constraints. I'm
likely to write such a reference in the next few days/weeks, though.

~~~
ohyeshedid
These preferences of yours appear to be a step back from installer scripts
like Softaculous. Fantastico, etc.

It's a nifty/fun project, but why in the world would I bundle MySQL with a
simple blog platform?

It seems like you're trying to reinvent the wheel, and making it less
functional in the process.

~~~
kentonv
We actually don't want apps to bundle MySQL -- we'd prefer they use sqlite. :)
But the point is, it's up to the app. The app gets a slice of filesystem and
they can use whatever infrastructure they want to store stuff to it.

We want the experience for users to be install app, use app, without worrying
about setting up databases and such. We also want to enforce isolation between
apps so one app cannot access another's data, and that's a lot easier to do if
they aren't sharing a database. Considering these desires, it makes sense to
say that apps should simply bundle their database of choice.

------
rdtsc
Btw the main developer, Kenton Varda, is also the author of Cap-n-Proto -- a
pretty neat serialization & RPC format.

[https://capnproto.org/](https://capnproto.org/)

I was playing with that and stumbled on Sandstorm a while back.

~~~
swah
He likes LAN parties: [http://kentonsprojects.blogspot.com/2011/12/lan-party-
optimi...](http://kentonsprojects.blogspot.com/2011/12/lan-party-optimized-
house.html)

~~~
vtempest
I was there! Small world. I would definitely use sandstorm if I wasn't an IT
guy.

------
SimplyUseless
On their github page, it still shows a warning about not using it for mission
critical applications.

[https://github.com/sandstorm-io/sandstorm](https://github.com/sandstorm-
io/sandstorm)

~~~
ocdtrekkie
Well, it's kinda an Alpha. Goes without saying, doesn't it?

------
leonardinius
It's the case of me scrolling the site and reading most of the GH readme - and
still getting almost no idea what status it is, what is the goal/vision and
how I might use it..

"We do LXC stuff in secure and user friendly way" is the message?

~~~
paulproteus
Here's my own summary, which if you like it, I can try harder to make sure
becomes more prominent somewhere:

Sandstorm is a way to run web apps as containers, gloriously sandboxed from
each other, and moreover a web interface to install them easily and allow the
user to create multiple instances of a web app easily.

It intends to grow features relating to sharing instances -- so that an
instance of a web app is as easy to share with someone else as a Google Docs
link -- and grow features relating to supporting more network protocols -- so
that apps can safely communicate with the outside world, mediated by the
person using Sandstorm.

Right now, the target audience is people who like running web apps like
WordPress or Ethercalc on their own server. In the future, the target audience
will grow to include companies whose IT departments want to enable users to
install web apps safely without asking IT first -- they'll know it's safe due
to the glorious sandboxing.

~~~
jorjordandan
How is glorious sandboxing different from regular sandboxing? Is there a
'glorious' certification?

Just kidding - looks pretty awesome!!

------
debacle
I don't understand what this is. Can someone explain? What the hell does "This
is the only way to make Open Source web apps viable." mean?

~~~
ocdtrekkie
The primary idea being that open source web apps can be used without having to
be a server admin. Non-technical users can install apps on a Sandstorm server
as easily as installing apps on their phone.

~~~
cben
More details: [https://blog.sandstorm.io/news/2014-07-21-open-source-web-
ap...](https://blog.sandstorm.io/news/2014-07-21-open-source-web-apps-require-
federated-hosting.html) The central point (IMO) was economical: self-hosting
frees developer from expenses. Trivial installation is just a pre-requisite
for self-hosting to be acceptable.

------
e12e
First(?) discussion on hn:
[https://news.ycombinator.com/item?id=7460828](https://news.ycombinator.com/item?id=7460828)

After about a year -- how tied up is sandstorm to meteor? I confess I have
issues with the our-way-or-the-highway nature of meteor (our js, our db, our
app-server) -- even if I can see that it does appear to give some pretty nice
benefits for rapid prototyping.

I'd love to see sandstorm as a handful of small tools with various uis on top:
command line, web, etc. Seems like it should be possible to do with (on the
extreme end) go and and a berkley/sqlite db+file system for images?

~~~
kentonv
Sandstorm's front-end UI is built on Meteor, but this doesn't affect apps --
they can be written using any stack. We have apps written in Meteor, Express,
Rails, PHP, Python, C++, and Rust.

Meteor is actually amazingly modular if you look under the hood. We use it in
a fairly default configuration, but it's easy for me to see how I would go
about using a different database or a different templating language. Those
people write high-quality code.

Eventually I would like to ditch Mongo and instead have Meteor speaking Cap'n
Proto RPC to a Cap'n Proto database. I don't expect that I'll have much
trouble getting Meteor to do this.

> I'd love to see sandstorm as a handful of small tools with various uis on
> top: command line, web, etc.

Hmm, not sure I understand what you're suggesting. Sandstorm is all about UI
and running web apps, so it seems to me that a "command-line interface to
Sandstorm" would really be a whole different project. :)

------
jorjordandan
Would a sandstorm app prevent you from using say, Google analytics or new
relic without getting a users permission?

~~~
rdrey
I don't think Sandstorm wants to be a platform on which you host your large
user-facing app. Instead it wants to be the platform on which you can install
your personal wiki, ipython notebooks, your streaming media library, etc.

You as the owner of the Sandstorm instance will control whether the apps on
your instance can send data to Google for Google Analytics, for example.

If you invite someone else to use an app on your Sandstorm instance, they will
trust _you_ with their data and you can decide whether the apps on your
instance share the data with Google or not.

~~~
jorjordandan
Ah, that makes much more sense now! I think they need to figure out a better
way to spell out their value proposition.

------
seagreen
Does anybody have any thoughts on the differences between Sandstorm,
Camlistore, and Tent?

It seems there are a number of problems here. We need:

1\. Better data stores 2\. Better server environments 3\. Better ways to share
data with others

I wonder if Camlistore's approach might not be the cleanest, since it doesn't
try to bundle (1) and (2) together.

EDIT: Not to get too sappy, but any of these would be _fantastic_ compared to
our current Web 2.0 disaster, and I'm glad Sandstorm is picking up steam.

~~~
kentonv
Camlistore and Tent are both complimentary to Sandstorm. Sandstorm gives you a
way to run apps easily, Camlistore is a structured storage system which other
apps could connect to, and Tent is a federation protocol that apps could use
to talk to each other. I'd like to see this all converge at some point. :)

~~~
seagreen
That's awesome news.

I'm suspicious there's too much overlap between Camlistore and Tent for them
to both be useful, since they each do data storage and sharing, but that's not
your problem:)

------
CalRobert
This is exactly what needs to exist. I recently set up Ghost, Owncloud, and
Gitlab on a personal server (odroid U3) that sits under my couch at home, and
it's really rewarding to own the hardware which is my "cloud". However, it
should be easier, and possible for anyone. Good for you guys.

~~~
maninalift
ghost what?

~~~
e12e
Incidentally, running containers is probably a great way to "install" the
ghost libc vulnerability[1] (assuming you're basing off of base-images made
before the bug was patched, and you haven't updated your containers/images).

I'm not sure neither vagrant nor docker have this really fixed -- that is:
easily patching the base system/image (and still be confident that the app
keeps running).

Is there an easy way to update a container based off of a (possibly few
generations remote) base-image? Eg: You've pulled down a bare-bones, official
CoreOS/Ubuntu/Debian/RedHat image from docker -- set it up for your use-case
(say made a base image with your own CA-cert bundled, wired it up for
kerberos/ldap/AD, maybe set up a trusted ssh-server ca-cert) -- then made a
handful of images based off that: db, cache, and web-app.

Is there an easy way to patch the base image and all descendants? I assume all
state should be in other volumes, so maybe this is easier than I think?

At any rate, it is something to keep in mind -- that grabbing images are
great, but updates are still needed!

As other mention, the ghost refereed to by gp, is a blogging platform.

[1]
[https://news.ycombinator.com/item?id=8953545](https://news.ycombinator.com/item?id=8953545)

~~~
kentonv
Well, bad news, good news, and curious news:

Bad news: Sandstorm packages do not have any particular separation between
"base system" and "app"; your app package is simply one big archive of the
entire userspace filesystem needed. This is something we might conceivably do
in the future, but for now we like the simplicity.

Good news: Once the app maintainer publishes an updated package, it is trivial
to update your local app instances in-place. Much like installing apps on
Android, the system just swaps out the old package for the new one without
touching the user data. We are confident enough in the robustness of this that
we plan to implement auto-updating of apps, again like Android (though you'll
be able to turn it off if you prefer).

Curious news: With Sandstorm, it often (not always, but often) doesn't matter
if an app has vulnerabilities. Each app instance is initially only accessible
by its owner, and only accessible to others if the owner explicitly shares
with them. Often, the people you are collaborating with aren't threats --
they're your friends.

Apps that public a public web site -- like Ghost (the blog platform, not the
glibc vulnerability :) ) -- actually do so strictly as static content.
Sandstorm serves the content for them, without executing any of the app's
code.

Admittedly, this starts to break down if you want to have a public web site in
which users can make persistent changes -- say, post comments.

Of course, if someone does compromise one of your app instances, it's only
that instance. The rest of your server remains safe, since each app is in an
isolated container.

None of this is to say that patching exploits doesn't matter, but security is
not about absolutes, it's about risk management. It's significantly less
likely that a bug in a Sandstorm app will lead to real damage.

------
davidjgraph
There's a lot of focus of how sandstorm allows you to run web applications
easily without having to setup the back-end that they need without SS.

There is an additional edge case, that's of web applications that don't have a
back-end at all, ours falls into that category. Our web app is a by-product of
two of our commercial products, but we don't actually have user management,
storage, etc.

Online we integrate with Google Drive and Dropbox, but you can't create an
account with us and store your data with us. Sandstorm allow people to deploy
our web app, whereas you can't at all, previously. It saves us months of work
creating and maintaining the functionality it provides.

------
69_years_and
Sandstorm - this is wickedly cool, tried the demo and it worked great, can't
understand all the 'do this, do that' comments. As someone who is just
learning to play with docker - just finished dockerizing all my vps apps so
the first thing I think of is there a Dockerfile to build this or a docker
image - off to have a look for one. Awesome stuff - like the collection of
apps you have ready to go. Maybe you have fixed the landing web page in the
meantime but I had no trouble understanding what you are about. 100.times
upvote.

~~~
kentonv
Thanks!

------
Hello71
> No protection from getting your job done: Security can often be a hassle,
> getting in the way of your work. Sandstorm is different. When you tell a
> Sandstorm app to talk to some other app, or to talk to the internet,
> Sandstorm sees your intent and automatically grants it access. So, you are
> never interrupted by a prompt asking "Do you want to allow this app to the
> thing you just told it to do?" And yet, the apps only get the permissions
> you actually wanted them to have.

So... the program is psychic?

~~~
RaleyField
> So... the program is psychic?

No, it's just based on DOS.

------
sarciszewski
> Contributors: Jasvir Nagra <img src=x onerror=alert()>

Nice try :)

~~~
kentonv
I love that Jas (being on the Google security team) just instinctively XSS's
any form he fills out, and I love that our code just leaves his tag there,
properly escaped, for all to see.

------
MayanAstronaut
Looks great but memory usage is ambiguous. What if I load a data structure to
over the 1gb allocation?

If I need to load a 1.2gb dictionary the whole thing topple?

~~~
kentonv
There is no 1GB limit. I think you might be confused about compute units?
Compute units are just a measure of RAM usage over time -- a compute unit is
1GB of RAM used for one hour. An app can use more than 1GB of RAM; it will
just consume compute units faster. E.g. an app using 2GB will consume a
compute unit in 30 minutes.

This all relates to our upcoming managed hosting. Self-hosted installs are not
metered since it's your own hardware.

[https://blog.sandstorm.io/news/2015-01-14-compute-
units.html](https://blog.sandstorm.io/news/2015-01-14-compute-units.html)

------
polynomial
This looks incredibly useful for things we're currently trying to make Docker
do. Huge potential here.

~~~
qiqing
Hey polynomial, I'd love to learn more about your use case. Drop me a line at
jade at sandstorm?

------
bmoresbest55
I am not really sure why this is so exciting to everyone. I have seen a couple
comments asking what this software does, explicitly. I will admit I like the
idea of personal servers but I am not sure how to apply this potential amazing
software to my life. Suggestions?

------
alfg
Very cool project. I've played around with this same idea, but as a CLI
package manager, rather than a webapp.

I think it would be cool to have custom VPS image, where you can install
webapps to it from the CLI out of the box easily. Sort of like homebrew, but
for your personal servers.

Congrats!

------
api
I've been following this for a while and really like it. Have yet to try an
install but probably will once it's more mature.

Dumb question: why not build on and leverage Docker? I'm sure you have an
answer. I'm just curious.

~~~
kentonv
Indeed, we have a whole blog post about that. :)

[https://blog.sandstorm.io/news/2014-08-19-why-not-run-
docker...](https://blog.sandstorm.io/news/2014-08-19-why-not-run-docker-
apps.html)

------
kornakiewicz
What's make me curious - do you plan enable option for selling apps? As a
developer I would be more than happy to allow user install my app, but since I
am not charity I would like to earn some money on it as well.

~~~
kentonv
Yes, we'll have an app store much like iPhone/Android. Open source apps will
have the option of using a "pay what you want" model, but we'll also allow
proprietary apps with fixed prices and maybe even subscription-based.

~~~
kornakiewicz
Great to read. Fingers crossed for the project.

------
bovermyer
This is actually pretty fantastic. I loved how quickly I could get an app up
and running.

I assume that the paid version has a better app search/browse experience? The
demo list, while cool, was pretty long and uncategorized.

~~~
kentonv
Yeah the demo "app list" is just a placeholder. We're working on an "app
store" with self-service uploads, searchability, paid apps, pay-what-you-want
for open source apps, etc. Once it is ready it will be available to everyone,
whether you use self-hosting or managed.

~~~
bovermyer
I appreciate this very, very much. You have my attention.

------
j_s
The easiest way to get your own LibreBoard while they straighten out their
DMCA from Trello! :)

[https://news.ycombinator.com/item?id=8936701](https://news.ycombinator.com/item?id=8936701)

------
JimXugle
There's also YunoHost, a project with similar goals. I've played around with
it, but it seems to be beta quality.
[https://yunohost.org](https://yunohost.org)

------
cyberrodent
From [https://demo.sandstorm.io/demo](https://demo.sandstorm.io/demo) : "We
only have one machine. It may get slow or crashy under excessive load."

~~~
kentonv
And indeed, when we were #1 on HN yesterday morning with hundreds of apps
running concurrently, it got a bit slow and crashy. :) But things cleared up
after the traffic died down a bit.

Our upcoming managed hosting service will, of course, use multiple machines
with automagic scaling.

------
iamwil
How do you get individually installed apps to selectively share data with
other installations? I imagine something like diaspora tried solving this
problem. Is there a general solution for any app?

~~~
kentonv
This is something we're still building (Sandstorm is still in alpha), but what
we have in mind we call the Powerbox.

The idea is that one app can say to the system "I implement such and such
protocol at such and such endpoint". Later on, some other app can say "I need
something implementing such and such protocol". The system itself displays a
picker, showing the user all of their other apps that may satisfy the
requirement. When the user makes a choice, the requesting app is told how to
contact the providing app and is implicitly given permission to do so, whereas
prior to the exchange the apps had no ability to talk to each other. The user
can inspect these connections later and potentially revoke them.

This is a whole lot easier for the user than going to the providing app and
editing an ACL, then going to the requesting app and giving it an endpoint
address, etc.

The way this is implemented under the hood is in terms of Cap'n Proto
capability-based RPC. Blog post on that:

[https://blog.sandstorm.io/news/2014-12-15-capnproto-0.5.html](https://blog.sandstorm.io/news/2014-12-15-capnproto-0.5.html)

~~~
iamwil
That's pretty neat it's like the android intent system.

How does the system get the list of all other apps that satisfy the
requirement? I'm guessing all apps register with sandstorm server somewhere
that has a centralized list of other servers?

It'd be neat to have standard protocols, in the same way we have standard
media types.

~~~
kentonv
The system knows about other apps installed on your server, but not
necessarily apps on other servers. To connect to something on another server
you will usually want to obtain a Cap'n Proto capability to it. You might do
this through, say, a messaging app that has the ability to embed capabilities.
Your friend sends you a message with a capability to some object on their
server, and then your messaging app publishes that capability on the receiving
server, such that it will now appear in the powerbox for other apps on that
server.

Alternatively (less cool, but more practical), you might just drop a URL into
the Powerbox and Sandstorm will connect to it and turn it into a capability.

------
3zzy
As a designer, the website gave me an 'aha- moment, nicely done! :)

------
idiotclock
Would this also work for a GNU Social or pump.io service? Or diaspora?

~~~
ocdtrekkie
One of the Sandstorm devs is already working on porting Diaspora. pump.io has
been mentioned as a possible thing to port.

------
falcolas
I'm a DevOps developer, so keep that in mind as you read below.

Sandstorm looks insecure and inefficient, but that probably won't matter.

The ease of use for the end user trumps all. Users will love this, but I'm not
looking forwarding to having to administer boxes running Sandstorm, though.

I imagine there will be a fair bit of work from my end to re-building apps so
they can take advantage of tuned settings, shared services, caches, and the
like. Plus figuring out a way to automate the usual securing, managing,
monitoring, and cleanup around the Sandstorm environment.

Identifying bottlenecks will be fun too, though my first instinct will
probably be to look at the Cap'n'Protocol bridge which Sandstorm runs
everything through.

~~~
jerf
"Sandstorm looks insecure and inefficient, but that probably won't matter."

You may need to expand on that. It is not clear that you know what they're
doing with sandboxing, etc. If you are, then I'm definitely interested in your
further criticism, if this was a knee-jerk response I think it's unjustified.

"I imagine there will be a fair bit of work from my end to re-building apps so
they can take advantage of tuned settings, shared services, caches, and the
like."

Are you building apps that you expect people to deploy to their personal
servers on a routine basis? For normal DevOps folks working inside of a
corporation, Sandstorm is a complete non-event. It's not targeted at any part
of your pipeline. The fact you're asking about bottlenecks makes me wonder a
bit if you understand where this is targeted, too; frankly Sandstorm could
slow everything it runs down by a factor of 10 and I wouldn't notice. My VPS
that I would run sandstorm on is 99.9% idle anyhow, if not 99.99%.

~~~
falcolas
I addressed the security concern in a response to kentonv, please feel free to
comment more on that one.

> Sandstorm is a complete non-event.

I am speaking from the point of view of someone who may be asked to run and
manage Sandstorm servers. Either as a service to sell, or as a service for
internal customers. This is a very different use case than using it for just
myself.

And if I'm honest, this isn't something I'd need to or want to run for myself.
I'm comfortable with managing shared services and propping up web frontends.
So no, I am not the targeted user of this software; however, I am the one who
gets to write tools and processes to support those targeted users at some
point in the future.

~~~
kentonv
You might also be interested to know that for large-scale users we're
developing tools to manage Sandstorm clusters, with the goal of making _your_
life really easy. :) The idea was introduced as part of this blog post:

[https://blog.sandstorm.io/news/2015-01-15-sandstorm-1.3M-see...](https://blog.sandstorm.io/news/2015-01-15-sandstorm-1.3M-seed-
round-pay-it-forward.html)

------
relaxitup
kentonv, any chance of getting a nice extended (eg, support for more than just
text; file formats like images etc as well) (or even just regular) pastebin
app added to Sandstorm? Perhaps something like bepasty (
[https://github.com/bepasty/bepasty-
server](https://github.com/bepasty/bepasty-server) ) or Hosty (
[https://bitbucket.org/xrstf/hosty](https://bitbucket.org/xrstf/hosty) ).

~~~
kentonv
Absolutely, if you port it! ;) [https://github.com/sandstorm-
io/sandstorm/wiki/Porting-Guide](https://github.com/sandstorm-
io/sandstorm/wiki/Porting-Guide)

Or nominate it to our app committee, who votes on apps to port:
[https://sandstorm.io/vote](https://sandstorm.io/vote)

(The app committee is 32 people who purchased seats during our Indiegogo
campaign.)

------
mmccaff
The web page is beautiful.

It might help to emphasize where this sits between installing Docker images
from the repo, and using something like Webuzo or Softaculous to install
popular web apps.

------
jmsdnns
I really appreciate the humor in Cap'n Proto. That makes the dev team seem
like a fun group to hang with.

------
jorjordandan
The web site says apps cant perform psych experiments, and links to the
contentious facebook emotion split test. I'm pretty sure you'll be able to do
split testing on these apps...

That small criticism aside, I'm very curious how developing for sandstorm
would be different from from developing for a typical host. Anyone know the
major differences?

~~~
rdrey
Sure, you could write an app that does A/B testing, but the whole idea is that
people will use Sandstorm to run _personal_ servers/apps. And A/B testing your
own reaction to an app doesn't make much sense.

Runtime permissions of these apps will be easy to control, so the Sandstorm
platform will prevent apps from phoning home without your permission.

~~~
jorjordandan
Again thanks! But using Facebook was still a poorly chosen example of what
their apps won't do, since they aren't aiming for hosting large customer
facing apps like a social network. Perhaps that is what contributed to my
confusion in the first place. Now I have a better understanding of what it's
for.

------
nodejsisbest
Darude Sandstorm is going to conflict with this projects name a bit?

------
dominotw
The logo is very cute. I love it.

~~~
qiqing
Thanks! h/t to Néna Nguyễn :)

------
alinspired
on the first glance it's similar cpanel or plesk, but opensource, will take a
look!

------
daemonk
Is this like a cloud docker?

~~~
qiqing
We use the same Linux kernel features that Docker uses, but we use them
directly. Here's a deeper explanation:

[https://blog.sandstorm.io/news/2014-08-19-why-not-run-
docker...](https://blog.sandstorm.io/news/2014-08-19-why-not-run-docker-
apps.html)

------
netsurfer912
Darude - Sandstorm

(sorry)

------
shric
What's the name of the song?

~~~
iagooar
I thought that too, but was afraid to post it fearing the negative votes ;)

------
gregimba
This isn't really anything to write home about.

