By Kenton Varda - 03 Jul 2014
We have a bunch of updates for you today.
We’ve ported a number of interesting apps to Sandstorm and will begin releasing them within the next few days. First up will be Mailpile – yes, e-mail in Sandstorm! Expect a full announcement on Monday, and other app announcements over the following days and weeks.
The Sandstorm team is no longer just me. I’d like to introduce all the new faces that you now see on our front page:
We also have a couple of key advisors. These guys are contributing advice, resouces, and the occasional patch in their spare time; Sandstorm is not affiliated with their respective employers.
Jason has implemented the ability to back up and restore grains (app instances) from you Sandstorm server. Just click the new download icon on the top bar when viewing a grain. You will get a zip file containing the grain’s storage, which you can re-upload to the server (or to a different server) later on.
Sandstorm can now be installed and run without root privileges or setuid binaries. To accomplish this, we use Linux’s “UID namespaces” feature, which essentially allows other sandboxing features to be accessed by an unprivileged user.
Unfortunately, if you are developing Sandstorm apps, it is still necessary to install Sandstorm with root privileges because the dev tools rely on FUSE and FUSE filesystems cannot currently be mounted inside UID namespaces. We hope the Linux kernel will eventually add this feature.
Due to the use of UID namespaces, Sandstorm now requires Linux kernel version 3.13 or better. The installer will verify that you are ready to run Sandstorm.
Thanks to Andy for contributing much of the work on this.
We’ve now enabled a basic seccomp filter to disable some dangerous system calls. Seccomp is a Linux feature that makes sandboxing more secure by disabling system calls (OS features) that apps don’t need. A typical web server uses only a tiny fraction of Linux’s system calls. By disabling the rest, we make sure that if a kernel exploit is found in one of them, it won’t allow an app to escape its sandbox.
For now, we’ve disabled a few calls that provide complicated functionality that has been the subjects of vulnerabilities in the past, and that no web server rightly needs. We plan to expand on this in the future, eventually implementing a small whitelist and probably moving many system calls to userspace. All of this will be totally transparent to apps.
Again, thanks to Andy for getting this started.
Linux Weekly News wrote about Sandstorm last week!
By Kenton Varda - 04 Jun 2014
Sandstorm now supports apps that publish content to your personal web domain, such as blogging apps and content management systems.
While we already had an app that claimed to do this (the “Hacker CMS” app), it previously required manual configuration of nginx to actually serve the content. Users of alpha.sandstorm.io actually had to ask me to manually set things up. But as of build 0.20, you can host your site in a completely self-service way.
To try it out, install the latest version of Hacker CMS from the app list and click the “Setup DNS” button. (If you already have the app installed, install it again to get the latest version; we’re still working on automatic updates.)
Hacker CMS is still mostly a tech demo, and we’d like to replace it with ports of some better-known blogging platforms. That said, our own blog at blog.sandstorm.io is actually hosted using Hacker CMS.
Want to write your own app that does web publishing? Check out the wiki page to see how.
We’ve been hard at work improving Sandstorm’s developer experience. Some highlights include:
spk tool.Everyone who was on the mailing list as of yesterday should have received an invite to alpha.sandstorm.io by now. Please let me know if you are on the list but didn’t receive one. Sorry it took so long! We will continue sending invites to new sign-ups as long as we can handle the server load.
We are @SandstormIO on Twitter and Sandstorm.io on Google+. We want to keep the mailing list non-spammy, so follow us there for more frequent updates!
By Kenton Varda - 12 May 2014
Sandstorm employs a native-code sandbox. App servers may be written using any technology stack that runs on Linux. The app provides all of its own libraries; all Sandstorm provides is a filesystem and HTTP routing.
Up until now, porting apps to Sandstorm was a rather tedious process involving carefully figuring out dependencies and building a chroot environment. But now, we’ve written a tool that automates the process. It’s so easy that if you have a traditional web app server already running on your Linux machine, you can probably turn it into a Sandstorm app package in five minutes or less.
The trick is actually quite simple: we run your app in a special version of the Sandstorm sandbox running on top of a FUSE filesystem that detects exactly what files your app tries to open, satisfies those dependencies just-in-time, and then makes a list so that you can build a package later. By default, the tool just pulls binaries and libraries from your local system. Just make sure to test all of your app’s features in dev mode, and you should have a complete package.
Check out the porting guide for details.
Glad you asked. Obviously, pulling whatever happens to be installed on your own machine into a package is a huge hack. A serious project will probably want to do something more hermetic and reproducible. Sandstorm supports that just fine. You can configure excatly where the dev tool looks for dependencies; it doesn’t have to be your own root directory. So, set up a chroot environment in whatever way suits you, and point it at that.
You could, for example, use Docker. Once you’ve set up an appropriate Docker container for your app, point the Sandstorm dev tool at it and build a package. But it’s also possible to use the package management systems of various Linux distros directly. We didn’t want to constrain you to any one toolchain, because we know everyone has different tastes.
Many people have asked how Sandstorm is different from Docker. The answer is in the user interface. Docker is essentially a set of command-line tools for building chroot environments and deploying them. It is meant to be used by developers and sysadmins, to deploy software that might have any arbitrary number of users or, indeed, not be user-oriented at all. Docker is awesome at what it does, but what it does is actually not at all the same thing as what Sandstorm does.
In contrast, Sandstorm is a user interface for a personal cloud server. It is perfectly possible for a non-technical end user to install new apps to their Sandstorm instance and use them. Moreover, Sandstorm provides and integrated login and sharing model, so that individual apps do not have to implement this themselves. The Sandstorm platform sits between the user and the app, so when an HTTP request arrives at the app, it is already annotated with information about the user’s identity and permissions as authenticated by the platform. Eventually, Sandstorm aims to provide a user interface that allows end users to connect their apps to each other and to other users’ app securely through an intuitive UI – think OAuth, except streamlined because all the apps already share an authentication system. Meanwhile, until two app instances have been connected by the user, they are completely isolated from each other, so that you need not worry that one insecure app might compromise your whole server.
By Kenton Varda - 22 Apr 2014
It’s been nearly a month since Sandstorm launched, and we’ve been busy. Here’s what’s new!
When Sandstorm launched, some people thought it odd that our message of freedom from other people’s servers was followed by an invitation to use ours. To clear the air a bit, we’ve now made it ridiculously easy to install your own Sandstorm server on your very own Linux machine:
curl https://install.sandstorm.io | bash
Follow the on-screen directions and you’ll be up and running in seconds. No need to build code nor edit config files. In fact, your Sandstorm installation will even (if you choose) automatically keep itself updated, so you never have to deal with it again. (Of course, you can still get the full source code on Github if you prefer.)
Of course, not everybody has a Linux server lying around, or wants their cloud apps hosted off their home internet connection, or wants to pay the typical $50/mo for a cloud VM instance powerful enough to run Sandstorm well. That’s why we also want to offer managed instances that don’t require any of that.
To be clear: when you use our server, you are still in control. You can upload any app you want. We do not serve ads, and we will not mine your data. We let you move your data from our servers to your own at any time. It’s like having your own VM on AWS except without the config files and the updating and the security issues.
Eventually, we plan to charge a small fee for managed instances as a way to cover our upstream hosting costs and fund development. But, for our early alpha testers, the service is free.
Speaking of using our servers…
Despite the limited scope of our initial announcement, we ended up with an order of magnitude more people on our waiting list than we anticipated. If you signed up and haven’t received an invite – alas, that’s most of you – I apologize!
We have not yet implemented the ability for Sandstorm to scale to multiple machines. However, we recently increased the capacity of our main machine such that we should be able to invite a lot more people, and we’ll get to work on multi-machine scaling soon. Be sure to get on the mailing list if you want an invite – or just want to stay updated.
Some awesome contributors have written/ported a few new Sandstorm apps:
Install these and other apps to your Sandstorm instance from the app list.
Porting apps is still a somewhat weird and ad hoc process. Usually the code doesn’t need to change much, but figuring out the app’s dependencies for packaging purposes takes some sleuthing. We’re working on better tools which will make this process much easier; stay tuned.
By Kenton Varda - 24 Mar 2014
Today I’m announcing the release and launch of the alpha version of Sandstorm.io. See the site for more.