Domain: sandstorm.io
Stories and comments across the archive that link to sandstorm.io.
Comments · 14
-
When the publisher serves the crap
You're not APK; I can tell because your writing style doesn't match. But I'll quickly answer why his DNS blocklist solution (whether installed locally or through Pi-hole) isn't quite a complete solution by itself:
Sometimes the publisher itself serves this crap.
A DNS blocklist works when a third-party script displays the popup. But if the same site (e.g. files.slashdot.org serves both things essential to the website's operation (such as style sheets and images) and the popup script, trying to block it will either throw out the baby with the bathwater or send you back to the Netscape 1 web.
Furthermore, the syntax of his preferred blocklist format requires listing each individual hostname to block, not all names in a domain. if the third-party script comes from a random subdomain with a dozen or more hex digits that gets resolved by a wildcard in the DNS zone, this sort of blocklist can't handle all possibilities. The Sandstorm application suite already uses random subdomains for session separation.
-
Not every Sandstorm is Darude
Malware using a "domain generation algorithm" contains a formula to deterministically calculate registrable domains* that the botnet operator will register in the near future. Those can be predicted through the method described in the paper, and it's rate-limited by the non-zero price of registering a domain, so you might see a new domain every day or so.
The same cannot be said of subdomains,* such 94c22ef3.bigbucksads.example, 08e7061d.bigbucksads.example, 3c068f47.bigbucksads.example, and 0327f573.bigbucksads.example. These are generated in real time and resolved using wildcard DNS, as it costs effectively nothing to register 4.2 billion distinct subdomains of an already existing domain. In fact, the Sandstorm framework uses the subdomain to hold a randomly generated session ID.
* A "public suffix" is one of the labels in Mozilla's Public Suffix List, such as org. A "registrable domain" is defined as a domain name that contains exactly one more label than a public suffix, such as slashdot.org. A "subdomain" is a domain name that contains at least one more label than a registrable domain, such as hardware.slashdot.org.
-
This could be a big win for users of Free Software
If this allows end users to install Sandstorm, and the project becomes popular because of it, it could be a big push for open source & Free software.
A big hurdle to overcome for using 95% web applications found in Git is managing to install them in the first place, if you don't already have a web development stack running in your desktop.
With a platform like Sandbox, anyone could install server-based web applications on their Windows PC, making using Free Software finally as convenient as any walled garden app store.
For every time you here a developer saying "people should really run their own server and keep their data there", this could be a step in the right direction to make this really happen.
-
Re:libreoffice
The obvious future is your office suite running in a browser. I haven't used LibreOffice in years because Google Docs is just too convenient. I'm considering setting up Sandstorm with EtherCalc and Etherpad because they're pretty much at the basic level of functionality I need in a spreadsheet and word processor application. I don't use 10% of Microsoft Excel's features so the open source alternatives like Ethercalc/pad are good options for me.
-
Re:libreoffice
The obvious future is your office suite running in a browser. I haven't used LibreOffice in years because Google Docs is just too convenient. I'm considering setting up Sandstorm with EtherCalc and Etherpad because they're pretty much at the basic level of functionality I need in a spreadsheet and word processor application. I don't use 10% of Microsoft Excel's features so the open source alternatives like Ethercalc/pad are good options for me.
-
Re:libreoffice
The obvious future is your office suite running in a browser. I haven't used LibreOffice in years because Google Docs is just too convenient. I'm considering setting up Sandstorm with EtherCalc and Etherpad because they're pretty much at the basic level of functionality I need in a spreadsheet and word processor application. I don't use 10% of Microsoft Excel's features so the open source alternatives like Ethercalc/pad are good options for me.
-
Re: As an app developer...
connecting to user-owned devices with self signed certs
Now that Let's Encrypt exists, why are "user-owned devices" even using "self signed certs" anyway, as opposed to buying a domain and using an ACME client to obtain a certificate that's trusted by default? Though the Certbot client requires a device to run a web server reachable from the Internet because it uses the HTTP challenge, the Dehydrated client also supports the DNS challenge, which requires only the domain's DNS server to be reachable.
The only case I can see where LE wouldn't work is Sandstorm, which requires a wildcard certificate because it uses a different subdomain for each user session. Using LE with Sandstorm would hit LE's rate limit very quickly.
-
Sandstorm
I run an instance of Sandstorm, which is software you can install on a Linux server that lets you run other apps. Some features:
* One-click installs of any of 47 apps, like WeKan (similar to Trello) and Davros (similar to Dropbox) and Etherpad (which you probably already know about) and Piwik (similar to Google Analytics).
* Total self-hostability, with auto-configured free HTTPS certificates and dynamic DNS if you want.
* Security sandboxing of the apps against each other and away from the Internet, so malicious apps can't leak your data back to the app's author.
* A way to "share" an instance of any app, like on Google Docs.
* Total open source-ness.
Admittedly, I'm one of its authors too. So feel free to take this with a grain of salt. But I do use it every single day.
Also if your friends don't want to self-host, but want to use the same apps as you, the Sandstorm.io company runs a hosting service.
-
Sandstorm
I run an instance of Sandstorm, which is software you can install on a Linux server that lets you run other apps. Some features:
* One-click installs of any of 47 apps, like WeKan (similar to Trello) and Davros (similar to Dropbox) and Etherpad (which you probably already know about) and Piwik (similar to Google Analytics).
* Total self-hostability, with auto-configured free HTTPS certificates and dynamic DNS if you want.
* Security sandboxing of the apps against each other and away from the Internet, so malicious apps can't leak your data back to the app's author.
* A way to "share" an instance of any app, like on Google Docs.
* Total open source-ness.
Admittedly, I'm one of its authors too. So feel free to take this with a grain of salt. But I do use it every single day.
Also if your friends don't want to self-host, but want to use the same apps as you, the Sandstorm.io company runs a hosting service.
-
Re:collaborative editing is in the pipeline
Actually, I use sandstorm.io + Etherpad, Ethercalc, and Hacker Slides.
I have mod points but I would rather say thanks for the pointer to sandstorm.
The use of randomized hostnames for separation to increase security is an interesting design choice, but it will have to be self-signed wildcard certs because wildcard certs are still pretty pricey.
I gave the demo at https://demo.sandstorm.io/ at a run through, it is actually a pretty neat framework.
I noticed mongo mentioned in the the debug log, I need to take look at the code because I hear Postgres does NoSQL pretty well these days.
Over the years slashdot comments have really gone downhill, just when you are about ready to give up reading the comments you discover something cool.
Thanks! -
Share the source, and make it easy to install
Hi anonymous person,
Getting more eyeballs on your code is a marketing problem. So:
* Give us here a link to your code, and
* Make it easy to run your code.
* Then, you can try to reach people who care about that problem domain and tell them to use your code.
To make it easy to run the app, I suggest you create a package for Sandstorm, which is an open source project that makes web apps easy & secure to run. I work on the project, so feel free to decide I'm biased! But do take a look at https://apps.sandstorm.io/ and see how easy it is.
You can reach me (for packaging help) at community@sandstorm.io and find our packaging tutorial here: https://docs.sandstorm.io/en/l...
Best of luck!
-
Share the source, and make it easy to install
Hi anonymous person,
Getting more eyeballs on your code is a marketing problem. So:
* Give us here a link to your code, and
* Make it easy to run your code.
* Then, you can try to reach people who care about that problem domain and tell them to use your code.
To make it easy to run the app, I suggest you create a package for Sandstorm, which is an open source project that makes web apps easy & secure to run. I work on the project, so feel free to decide I'm biased! But do take a look at https://apps.sandstorm.io/ and see how easy it is.
You can reach me (for packaging help) at community@sandstorm.io and find our packaging tutorial here: https://docs.sandstorm.io/en/l...
Best of luck!
-
Re: Same old RMS
Good point. I'm contributing money to the development of services and software that give me the features I want to use without tracking me. But my contributions are not proportionate - if I spent $600 on a traditional Android phone and donated $20 to Replicant, and most of the world doesn't even do that, then obviously Replicant won't take off.
I bought a subscription to the https://sandstorm.io/ service, because it's an attempt at making host-your-own web services more secure and more simple for non-technical people. I plan to use their own Sandstorm hosting for services I'm comfortable with making public, and host my own Sandstorm instance out of my house for services I want to (try to) protect from surveillance.
I backed the own-mailbox kickstarter ( https://www.kickstarter.com/pr... ) because if it works it will dramatically simplify hosting my own secure mail with PGP for communication with other PGP users and messages guarded by https links and passwords for communication with non-PGP users.
I think the real long term solution, besides Replicant, is true peer to peer networks that are harder to snoop like ZeroNet, mesh networks like Hyperborea, and peer to peer networks that run on distributed digital currency like MaidSafe and Ethereum.
I think one convenience that sucks people into proprietary ecosystems is voice recognition software like OK Google, Apple's Siri, Microsoft's Cortana, and Amazon's Alexa, but there's hope in the form of the Mykroft project ( https://www.kickstarter.com/pr... ) and Qt 5.6 beta will be getting speech recognition features.
The last nut to crack is search, and that's a tough one. I tried the distributed search engine Yacy for a while, but it didn't work well enough to be usable. I use the DuckDuckGo search engine, which at least has the benefit of being tiny next to the search giants. But DDG tends to not reference recent information or weigh it poorly against older information, so if I need to see something that happened in the last year most of the time I'm forced to go directly to Google. -
Re:Great! !
Like any other web-based service, you'd be better off running this on actual server space (your own VPS perhaps, or on Sandstorm). But you could certainly run it on your home computer and just access it from within your own network.