1. The UI was very sloppy. For the user, one had to learn many new concepts (what is a webkey? why do apps not work on mobile?)
2. New app developer model meant that it was impossible to create apps easily without insane complexity. If you see all the apps, they had to fork from the main code base and generally lagged behind because packaging for sandstorm required a LOT of work.
3. The web frame that they added around each app was annoying. This frame could not be disabled and thus made many use cases like having a public forum, blog impossible.
4. Their own infrastructure was not self-hosted including using github (when gitlab exists), google groups (when nodebb app exists). They continued to use irc despite having a rocket.chat app as the main showcase. They should be dogfooding.
The alternatives today are at https://github.com/Kickball/awesome-selfhosted#self-hosting-.... I recommend https://cloudron.io. They focus simply on installing things and don't invent a new developer model (it's based on docker)
1. We know the UI needs work and have plans to improve it. We are very aware that webkeys are not user-friendly; they were always meant as a stopgap measure while we build better UI. Some things about mobile here: https://github.com/sandstorm-io/sandstorm/tree/master/roadma...
2. The amount of work an app port requires varies a lot depending on the type of app. Self-contained apps that don't talk to the outside world can often be ported in a few minutes. But, indeed, some apps need work to integrate with the appropriate Sandstorm APIs. We've been working to make this easier by, for example, setting up an HTTP proxy inside the app which can make communicating with external OAuth services mostly transparent, while still respecting the Sandstorm permission model. With better tools we think we can automate most things, we just haven't gotten there yet.
3. There are multiple Sandstorm apps which let you post e.g. blogs with no Sandstorm UI frame around it. We have some features in-progress which extend this to more apps. But note that part of the goal of Sandstorm is to generalize a lot of the UI such that apps don't have to repeatedly build the same things, like login, access control, notifications, etc. We need to hang that UI somewhere, hence the need for that frame. But we have ideas that will make it look a lot more like an integrated part of the app UI in the future.
4. We dogfood a lot. We write design docs in Etherpad, manage tasks in Wekan, etc. Our github, google groups, and IRC existed before Sandstorm was functional. The main reason we haven't switched over is because switching is costly and it seems like there are better things we could do with our time.
About 4), please do consider the fact that this is the exact same issue most of your users face. We have existing wordpress blogs, forum that we would like to migrate but cannot. Most apps have import/export which is broken (including wordpress which is supposedly mature) :/
But we're getting close on this one. We recently made some big strides implementing the Powerbox, which allows apps to request permissions to talk to each other and to the outside world. We've also implemented the basics of the in-app HTTP proxy which allows HTTP communications to feel transparent. With a little more work, an app like Wordpress could make a powerbox request to connect to your old Wordpress blog in order to migrate data.
Honestly, a lot of what's wrong with Sandstorm boiled down to "we need the Powerbox to do that, and we haven't had time to fully implement it yet, because we need to focus on things that generate revenue in the short term." We finally implemented some critical pieces of the Powerbox in the last month (app-to-app powerbox is now functional) and, as the Powerbox was always my favorite part of the whole design, I'll probably be working on it more soon.
One of the UI changes that I would make is that Oasis defaults to the free plan. I actually selected a paid plan on the website, but decided to wait and see if the free plan met my needs. It seemed like it did, so I never took the time to upgrade.
Not exactly true. We had a handful of paying customers for Sandstorm for Work, and we have enough paying customers of Oasis to pay for all of Sandstorm's services. But not enough to pay for employees -- people are expensive. :/
We have experimented with ways to push people towards paid plans on Oasis, but it's a tricky balance between revenue and user growth. I agree we should experiment further.
I imagine a lot of people feel this way, and may be inclined to donate in addition to or instead of their Oasis account.
Am pretty convinced by the Sandstorm model, hope that the future works well for the team.
This is the same reason I'd use Node or Rails, not some niche web framework no one has heard of. Or Swift or Java, not OCaml, say. And so on.
I wish there was a solution to this chicken-and-egg problem, so that genuinely new and better ideas like yours take off.
Open-source helps, but isn't enough, since there are so many abandoned open-source projects, and I don't want to take on the responsibility of maintaining Sandstorm if the team moves on to other things.
In hindsight, do you feel that your potential customers made the same decision?
See also: https://github.com/sandstorm-io/sandstorm/tree/master/roadma...
The reason a traditional "Sandstorm account" option has been skipped is I believe because they felt things like 2FA and such and other security features common to accounts like Google and GitHub would take a lot of work to implement themselves and that these already offered that.
It has also always been on their roadmap to figure out a way to do some sort of GPG login or something.
1. Sandstorm has not "gone"! It is still here, will still be worked on, and all of the current services they run will continue to run!
2. As much as I am a fan of Sandstorm's approach first and foremost... I've been following news from Cloudron and they are pretty cool too. When I first looked at them they were closed source, and now they are open and supporting self-hosters and everything.
And I love the UI, but I pretty much... hate modern UI.
Oasis upkeep requires only a few minutes of my time each week, and that's mostly for the purpose of pushing an update.
Software (at least software for consumption, mot for creative work) moves from desktop to cloud + mobile devices in droves. And there is no widely successful FLOSS app ecosystem that works in that direction. Basically I want to be able to get a server, install it at home or maybe in the datacentre, and I want to be able to install FLOSS server-side software that works through the web browser and mobile apps. Think my own pinboard.in, feed reader, IRC or Slack-type server, dashboard etc. Sure you can do it with Linux right now, but the amount of work you have to do configuring all this is well beyond the simplicity of 'apt-get install'. The closest thing to this is what QNAP and Synology do, but their systems are proprietary.
Sandstorm has the potential to be that system and did a lot of things well, package installation experience probably the most notable. What I did not like is the grain model. I understand the security reasons behind it, but it felt like a straitjacket and URLs were ugly. There was no accompanying mobile apps (not Sandstorm's fault per se, but something to think about when building systems like that in the future)
By the way, I really appreciate the honest style of the message. Sentences like
Unfortunately, Sandstorm the business has now run out of money, and we have been unable to raise more.
are refreshing in contrast to the usual "the next chapter of our journey" speeches.
I'm mainly excited because Sandstorm makes indie web apps viable. I've been amazed to see how quickly members of the Sandstorm community can spin up sophisticated apps like collaborative editing or file sharing. If you have a framework like Meteor to handle sync, and Sandstorm handles authentication and sharing, then you can make a serious multi-user app in a weekend.
Even better, once you've made your app, you don't have to worry about security or scaling. So a junior developer could make an app which stores my sensitive financial information, and I'd still try it because I trust Sandstorm to keep my data safe even if the app is poorly written.
Sandstorm's foundation is solid, and I think a few UI and developer-happiness improvements will make this a reality. Wishing the team all the best!
I'm in a similar place, and just recently wrote an article on the RethinkDB/Parse shutdowns and spoke on the Changelog podcast about it as well: https://hackernoon.com/the-implications-of-rethinkdb-and-par... .
Given what I say there, I actually want to encourage the sandstorm team to not give up yet - they are in the right space. Maybe wait out a year, and then hustle some marketing/bizdev/enterprise/government sales, they are in the right space and have some big opportunity ahead. Sometimes, being too early can bite though, but please please try again - don't give up.
As a great example of this, look at Bitcoin. Crypto currencies were all the rage in the 90s and went nowhere. A decade and a half later... the market timing matched up, and it exploded.
1. Parse, to non-developers, was a wild success - not a failure. An $85M exit ( https://angel.co/parse ) on a $7M investment, that is a 10X+ return in 3 years. This doesn't seem to be talked about much, especially compared to the darling Firebase.
It represents exactly what an affluent ecosystem would want: A business savvy and technically proficient team that can be sold off to the highest bidder that investors vet. However, it is a "shut down" in the eyes of developers because the tool was overlooked.
2. Sandstorm is so advanced that it isn't quite understood yet, partly because nobody has invented the catchy phrase for it (even if they did, the timing is still too early). While most first-world users now have multiple devices, they only use 1 at a time, and they don't see these two problems: (A) They don't know their devices should sync more than what Apple tells them they should (B) They don't know that their devices, which they own physically, should be their private servers for all their services.
That is why I think Sandstorm shouldn't give up, because with the addition of 5B+ new people coming online, I don't care how scalable Google/Amazon/Apple/Microsoft are, things are going to be a lot more powerful/reliable/customer-satisfaction if people own and run their own services (fully automated by things like sandstorm). This isn't just a privacy/ownership thing, it is a customer expectation "thing" - using a service is like using a public bathroom, but owning that service is like using your apartment's bathroom. It doesn't matter how gross/nice any 1 experience is, ultimately the consistency of expectation wins out.
So yes, there is something systematic to VC-backed startups (like Parse, they're ultimately a hiring/resume gig - or randomly big industry creators, like Dropbox, Uber/Lyft, AirBnB), and there is something systematic to Open Source and developers (we often value different things). Developer Tools aren't particularly unique, other than the fact that they are either industry causing/creating architectures, or unfortunately on the tail end of a dying architecture. They are black and white in their success, high risk, with no middle ground - and since risks often fail, and humans are loss averse, the failures often seem to outweigh or overwhelm the successes. The important thing to remember though is that the winners cause and create prosperity for entirely new industries/sectors, for people and companies around the world, and for generations to come.
The basic issue is that everyone wants "cloud" apps, so that their emails and chats appear on their phones and their tablets or home computers. But unfortunately it seems we leapt straight from the PC paradigm where your email is stored on your computer straight to the "centralized, 3rd party cloud" paradigm, where Google owns all your stuff. But with a "cloud" that you still control, tough problems like end-to-end encryption fall away, since it only needs to be encrypted from one person's cloud to another, while the messages themselves could be synced between all the user's connected devices.
Linux was a beautiful, world changing thing. If we could establish an open-source platform seeking to replicate a lot of things Google and Facebook do now, but without the privacy implications, that could be equally world changing.
Sandstorm, at least as far as I understand it, definitely has the vision right, so I'm hoping despite Sandstorm for Work not panning out, the technology will continue to grow.
So if we're left with a small crowd who does care, they're also largely the same crowd who feels comfortable getting a DO droplet and apt-get installing whatever app.
I fee bad for the sandstorm guys, seems like they put a lot of energy into it, but they approached it as an engineering challenge rather than from a market research "build what people want" challenge.
However, I don't believe you can really make revolutionary changes based on the "lean startup", "do lots of market research and test everything with metrics" strategy. It's absolutely a great way to make incremental improvements -- even big ones -- but not paradigm shifts.
Sandstorm's vision is a long-term one, and it actually isn't primarily focused specifically on self-hosting, privacy, or even FOSS, but rather on creating infrastructure that allows decentralized software to stand on equal or greater footing compared to centralized services. There is a lot of work that needs to be done for this to function, and you can't justify it by saying "look, these customers asked for it" -- you justify it by laying out the vision and saying: "Look, there will be these clear enormous advantages if this works."
For reference, here's our technology manifesto: https://sandstorm.io/how-it-works
This is always a tough sell, because people rarely agree on hypothetical outcomes that can't be measured in advance. And if it were clear, someone would be doing it already. So, I don't expect you to agree. But I'm going to keep working on it.
While that's great from a CS/FOSS/EFF/hacker perspective, the question is what's necessary for such software to be on equal ground in the eyes of ordinary users? My guess is that the decentralized/centralized split isn't (yet?) it, but rather the UX and functionality. Few open source end-user apps are entirely original and cutting edge; most are poor knockoffs of commercial products or are failed commercial products that got open sourced.
To me that's why sandstorm didn't make much sense. I applaud your efforts, I really don't want to rain on your parade -- I poured my sweat and tears into a startup that failed as well so I get it -- I'm just reacting to what seemed like not-honest-enough reasons for failure on the website. It's really important to know what didn't go right for next time lest you make the same mistakes again.
We've used open source apps to seed the app market, because we can do that without the upstream developers' help. We also are big fans of open source ourselves, obviously, and I feel open source is especially disadvantaged in a SaaS world, so Sandstorm will make it more competitive. But in the end what I really want is high-quality decentralized software in general.
You know more than me, but isn't of the key ideas of the Lean Startup to validate your assumptions, which everyone has? Write them down and validate them ASAP to de-risk your project. For Sandstorm some could be:
- Developers are willing to bet on an unproven company/project/platform.
- Users are willing to create Sandstorm accounts.
- Developers are willing to build on top of Sandstorm rather than owning all the data and customer relationship.
But +1 for "people rarely agree on hypothetical outcomes that can't be measured in advance." Well said.
A lot of what Sandstorm is aiming to do is still in development feature-wise, and then people have to build apps on top of that. So I'd say this is a long haul destination here. But the key point is: Open won't win because it's more private, or more free. It'll win when it's better.
My hope is someday everyone will use Sandstorm (I'm an optimist), and maybe you'll use Sandstorm on Google's servers or Apple's servers or whatever but you can all access the same apps everywhere, whether you're in someone else's cloud or hosting your own.
They're notoriously hard to make money from, though. Luckily that's not a concern for us anymore. :)
I hadn't heard about this project before, but for a long time I've been thinking it would be nice to have some form of sand-boxed, probably Node based local cloud system.
I think you under-estimate the difficulty to install services locally. Sure popular packages are usually easy, but things with even a little bit less support can take days to get right.
This. Generally it's people who don't self-host that usually claim that web apps are just a 'apt-get install' away.
That's changing, more people are keep their mouths shut more often on social media because they know their data is being scooped up.
I think it's a matter of educating more customers; they have no idea that it's even possible to host their own Google or Facebook in some instances.
Maybe it isn't a big market but the market does exist and it does require more customer education and awareness raising. It's a harder sell than enterprise sales.
I don't really agree with some of the critiques posted here regarding the UI and UX. Sure, it could have used further improvements, but I feel it's simple, functional, and intuitive enough. Not at all a critical shortcoming imo (well, perhaps for use cases where mobile support is essential).
For me a limiting factor is that some of the apps do not have feature-parity with their regular version. In particular, plugin support, which is very important for example for WordPress, ShareLaTeX, and IPython.
Another thing is the pace in which new apps are packaged for Sandstorm, and the trust that there will be regular and timely updates. Of course this also depends very much on the community, and the ease with which things can be packaged, but it felt like app porting lost a bit of momentum.
Regarding the future of the project, are there any other potential avenues for financing further development, other than buying Oasis hosting?
I very much want to see this project continued!
For my part, I don't need any financial incentives -- I'll keep coding regardless.
It is not directly said in the post, but it sounds like you are trying to still make it work in the long run by minimizing the team and going with the slow organic growth that you have?
No criticism intended there, I personally think that would be great and in the long run probably the most healthy way to make something so idealistically grounded like Sandstorm work.
Oasis brings in enough revenue to cover Sandstorm's serving costs (for Oasis itself, Sandcats, updates, etc.). Oasis is also very low-maintenance for us, since Sandstorm in general is designed to be easy to maintain. So there's no reason to shut it down.
Our other paid offering, Sandstorm for Work, brought in very little revenue, so it made more sense to make it free to drive growth.
I do believe there's a future business in Sandstorm, perhaps centered around the app market and supporting paid apps. I believe that as long as we keep improving Sandstorm, a few years down the road we may be in a place to revive the business. But mainly I want to keep working on it because, honestly, I really enjoy it, especially now that I don't have to think about boring business-y stuff. :)
Charging for ldap always felt a bit wrong to me - supporting open federated standards is kind of a selling point of Sandstorm in the first place - leaving it out felt like "demanding" payment rather than providing a tantalizing service I'd want to pay for.
People point at wordpress - which are a successful business built on a rather terrible code-base, along with a rather nasty walled garden with a half-open gate (the theme ecosystem). A better model might be Ghost - they also offer paid hosting, but doesn't draw such a hard line between self-host and "ghost host" IMNHO. (I don't know how well Ghost works in terms of revenue, though).
Would you be able to share some number wrt. hosting costs and current recurring revenue? How many paying users do you have, and how many more would you need to pay for the size of team you'd like?
Our hosting costs from Google Cloud are confusing because currently we have some startup credit (which will expire in about six months), and the way they account for that in invoices is weird... But if I'm reading right, we spent $1552 in January, before applying the credit. We also pay for $35 for Cloudflare, $35 for G Suite, $25 for Github, $80 for Sendgrid, $50 for Mailchimp, $50 for eShares, and probably some things I'm forgetting at the moment. So, around $2000 monthly. We also pay an undisclosed but surprisingly small amount for Sandcats.io TLS certificates which we pass on free to users.
To support any full-time developers we'd need Oasis paying users to increase by at least 10x, so something like 2500. Yesterday was a very big news day for us, which resulted in 6 new signups.
> Yesterday was a very big news day for us, which resulted in 6 new signups.
Ouch. (otoh, a steady 2% daily growth is nothing to sneeze at - you'll be at 10x in 116 days!)
In all seriousness; best of luck. I think there should still be a bright future for sandstorm - a few more rounds of polish, a bit of luck and pr and sustainable growth should be very much in reach.
1. company is created around the project
2. other companies started using the project and find it handy
3. companies need maintenance and support: consulting companies start opening up shop and serving them
4. parent company gets more customers because they're the first/official supporting company
This similiar to the Wordpress model I think and they're fairly successful, they've got a whole ecosystem.
We have added the Sandstorm Technology Roadmap to the Sandstorm repo, where you can learn about everything Sandstorm has built and plans to build.
Perfect, now another company can take a chance on raising VC funds for this or bankrolling it themselves.
> Perfect, now another company can take a chance on raising VC funds for this or bankrolling it themselves.
Let's be honest: it would be nearly impossible for this to happen. If we couldn't get VCs to fund us, no VC is going to fund some other people -- who likely don't understand the codebase or the vision in anywhere near as much detail as we do -- to work on the same thing. Even with an extremely rational argument for why they'd be able to do better, the psychological barriers to investing in something that "already failed" are huge.
But if someone did try this, they should probably hire some people from the original team, I would think. :)
A more likely scenario is, if Sandstorm shows strong growth as an open source project to the point of being fundable again, then the original team (with maybe some added biz dev expertise) can restart the company in the future.
I sincerely wish you the best of luck. I think it's a valuable-to-society idea, even if it was hard to market.
The bulk of WordPress's revenue doesn't come from support or their plugin system, it comes from "premium subscription" services sold to their hosting customers and, to a lesser degree, advertising they show on hosted blogs (that aren't paying for premium subscriptions).
I think it is difficult to convince devs to pay for tools given the plethora of free options available. It's a stupid mindset even I suffer from, and I think only heavy marketing will work to convince devs of the advantages of a particular paid tool. I was convinced for Sandstorm, but didn't have a project I could use it for just yet, but I hadn't even heard of RethinkDB until a week before they announced the shut down.
That won't happen. But not for lack of trying!
My consulting company, Paragon Initiative Enterprises, has produced over a dozen high quality open source projects that make it easier to write secure PHP software.
For starters, we wrote an entire CMS that has secure automatic updates baked into its core as a first-class feature (including for extension developers): https://paragonie.com/project/airship
Worried about SQL injection? EasyDB makes it easy and intuitive to use prepared statements. https://github.com/paragonie/easydb
Need Content-Security-Policy headers quickly and easily? You want CSP-Builder: https://paragonie.com/project/csp-builder
Want all the security of libsodium with an even simpler interface and a separate class for dealing with the filesystem? Check out Halite: https://paragonie.com/project/halite
Want to stop CSRF (including replay attacks)? https://github.com/paragonie/anti-csrf
Want to quickly examine the differences between two PHP Archives (e.g. for reproducible builds)? https://github.com/paragonie/pharaoh
We even wrote the community's accepted interface for generating cryptographically secure random numbers in PHP 5 projects: https://github.com/paragonie/random_compat
And coming soon (pending an audit), a pure-PHP implementation of libsodium that will likely be adopted by WordPress so its automatic updates are Ed25519 secured: https://github.com/paragonie/sodium_compat
And even more: https://paragonie.com/projects
Guess how many clients we've gotten from all this open source software we wrote over the past two years that demonstrably improves the security posture of software written in PHP?
My solution: Our next project isn't going to be OSS, and it's unlikely that any of our future ones will be unless it's intended to be a giveaway.
The open source + consulting business model may sound good in theory, but it simply doesn't work. (Though, I will grant that it's possible that the "consulting about someone else's open source project" is more sustainable, due to near-zero investment in said project itself.)
I would love to see that happen with Sandstorm or other projects because maybe the consulting model doesn't work for the parent company but I'm sure there's hundreds of smaller consulting firms that would love to support it.
But that's not to say we need more beached whales.
Sorry to see it go this way, and sorry I couldn't help sooner.
A quick question, if I may: say I want to test Sandstorm, first on Oasis, but then I want to migrate to self-hosting. Is there a way to move all the data I stored on my Oasis instance to the self-hosted one?
Currently there is not a mass-download or mass-transfer feature; you have to do each grain one at a time. But you probably won't generate that many grains if you're just testing it out, so it ought to be OK. We plan to add mass-transfer in the future.
Here's what I mean. Suppose I develop an application that fits nicely into Sandstorm's grain-based model. But I don't want to give it away. And just as important, I don't want my users to have to deal with this weird Sandstorm thing. I want to sell the app as a SaaS subscription, like so many other web applications that people are used to. Yet, I don't want to deal with recurring billing, hosting my users' data, 24/7 availability, etc.
So I develop my product as a Sandstorm app, then pay Sandstorm to host it under my own domain, with Sandstorm being invisible to the user. As far as the user is concerned, it's a SaaS product that I'm providing, like any other SaaS product. But I don't have to implement recurring billing, back up users' data, worry about availability or security, etc.
Does this make sense to anyone else?
I do think there are permutations of fine-grained containerization which might be interesting as a PaaS but we consciously decided not to focus there, for better or for worse.
I wanted something like this: crowdfunding of apps, preferably open source.
But while I though it could fit well in on top of sandstorm I understand it would be hard to pull of in a balanced way.
> We no longer have a business model to protect, so the code can now be set free.
I'm pretty sure this is a big decider in whether a company open sources a piece of software.
The line you quote is actually with regards to Blackrock, which is our scale-out technology, which we never got around to selling (except indirectly by using it to run Oasis).
I would have loved it if they were successful and made a small fortune so as to encourage more innovative in this niche.
That said, seems they are once again proving what they are made of and making everything available as open source.
I want low maintenance from the user side. How much does Sandstorm fit this?
Also, as a side note i feel quite sad for Sandstorm. It's a difficult concept to monetize even if for continued development. Ie, even if i can be convinced that this will be "easy enough" to use, i'd be hard pressed to pay for a service.. i want to keep it on my network, that's the point to me. I'd have to donate, i suppose. Which is unfortunate.
Perhaps they could offer an encrypted backup solution? Eg, i want to self host, but they could easily store an encrypted and versioned backup of my entire sandstorm db? I'd pay for that! I'm doing that from someone anyway, why not sandstorm.io?
Extremely so. Installation is via an interactive process (no config files) and optionally automatically provisions DNS and TLS certificates for you (if you choose a hostname under sandcats.io). Once installed, Sandstorm auto-updates without any intervention. Apps are installed as easily as installing apps on your phone, and also auto-update. The system is intended to be feasible for non-technical people to manage.
I suggest trying it out. :) https://sandstorm.io/install
(Technically I'm sure nearly all of them would work, but you still need to choose between them, which means putting on your sysadmin hat for a bit.)
How do i fit in your long term goals?
If you'd like to help the project monetarily, you can sign up for an Oasis account, even if you intend to primarily use Sandstorm self-hosted.
That said, at present, we've stopped worrying about monetization and are only worried about making the platform better and getting more users. Simply installing a server and using it helps us! The more users we have, the more interest there will be from developers, and vice-versa.
Hope the team spends time and polish the presentation layer.
In order for Sandstorm to defend against app security vulnerabilities, we can't simply let the app handle its own access control, so we do need a place to hang this trusted UI.
What I'd like to do is have Sandstorm render a modern-style colored top bar with all the usual elements an app would put in it -- with the ability for the app to customize the color and contents to some degree. This top bar would feel like part of the app, but would be trusted, so we could put access control and account settings there, etc.
I'd always peak at updates whenever the name popped up but I was waiting for it to be more user-friendly. Outside of what sounds to be a lack of a sales/marketing team - the UX/UI is what prevented me from forking over cash.
I hope it works well enough to try and bounce back for a round 2. Best of luck.
Oasis pays for itself and Sandstorm is intentionally designed to be low-maintenance (for the benefit of self-hosters), so keeping it going is actually not very hard. We don't foresee any need to shut down any of Sandstorm's services.
FWIW, Oasis takes only a few minutes of work per week to operate...
Well, today I learned. A bit humbling I guess as someone who typically use more hours to support smaller infrastructure:-]
edit: Found this, https://docs.sandstorm.io/en/latest/vagrant-spk/packaging-tu...