Sandstorm News

August changelog: what's new in Sandstorm

By Asheesh Laroia - 13 Sep 2016

August’s most visible change is that when new users join a Sandstorm server, some apps are installed automatically. By default, and on Oasis, users can jump into Davros, Etherpad, Rocket.Chat, and Wekan, and they can create collections using the Collections app. The server administrator can choose which apps come preinstalled for their users. We hope this helps people quickly become productive with Sandstorm!

We made some underlying technical changes this month, too. The most significant is that we migrated to Meteor 1.4, which allowed us to switch to the most recent long-term supported version of nodejs, node 4. This required some substantial upheaval behind the scenes. It also enabled a change we’ve wanted to make for a long time: users of our sandcats.io free HTTPS service now use ciphers supporting perfect forward secrecy. If you test your own sandcats-enabled server on the Qualys SSL Labs server test, you’ll see that your grade has improved from an A- to an A!

Sandstorm servers have automatic updates enabled by default, so to get these updates, you don’t have to do anything. Sandstorm checks for updates and smoothly switches to the latest code every 24 hours.

Here’s the full August changelog!

v0.179 (2016-08-26)

• A user can now request deletion of their own account, unless they are a member of a Sandstorm for Work organization. Deletion has a 7-day cooldown during whith the user can change their mind.
• Admins can now suspend and delete accounts from the admin panel.
• Apps can now request that an offer template be a link with a special protocol scheme that can trigger a mobile intent, allowing one-click setup of mobile apps. Apps will need to be updated to take advantage of this.
• Identity capabilities now have a getProfile() method, allowing a grain to discover when a user’s profile information has changed without requiring the user to return to the grain.
• Fixed that admins were unable to un-configure SMTP after it had been configured.
• Fixed problems in sandstorm-http-bridge that could make notifications unreliable. Affected apps will need to rebuild.
• Increased expiration time for uploading a backup from 15 minutes to 2 hours, to accommodate large backup files on slow connections.
• Fixed email attachments from apps having incorrect filenames.
• Fixed various styling issues.
• Various ongoing refactoring.

v0.178 (2016-08-20)

• The grain list can now be sorted by clicking on the column headers.
• Many improvements to mobile UI. (Still more to do.)
• Your current identity’s profile picture now appears next to your name in the upper-right.
• Fixed desktop notifications displaying grain titles incorrectly.
• Fixed spk publish throwing an exception due to a bug in email handling.
• Improved accessibility of “Sandstorm has been updated - click to reload” bar.
• When an app returns an invalid ETag header, sandstorm-http-bridge will now log an error and drop it rather than throw an exception.
• Updated to Meteor 1.4.1.
• Oasis: Fixed appdemo not working for Davros.

v0.177 (2016-08-15) [bugfixes]

• Changes to SMTP handling in v0.175 caused Sandstorm to begin verifying TLS certificates strictly. Unfortunately, the prevailing norm in SMTP is loose enforcement and many actual users found Sandstorm no longer worked with their SMTP providers. This update therefore relaxes the rules again, but in the near future we will add configuration options to control this.

v0.176 (2016-08-13) [bugfixes]

• Fix web publishing to alternate hosts, broken by an API change in Node.

v0.175 (2016-08-13)

• Grain sizes now appear on the grain list.
• Added sandstorm uninstall shell command.
• Upgraded to Meteor 1.4 and Node 4.
• Sandcats: HTTPS connections now support ECDHE forward secrecy (as a result of the Node upgrade). Qualys grade increased from A- to A.
• Bell-menu notifications now also trigger desktop notifications.
• The collections app has been added to the default preinstall list for new servers. (We highly recommend existing servers add it in the admin settings, too.)
• No apps will be automatically installed on dev/testing servers (e.g. vagrant-spk).
• Switched to newer, better mail-handling libraries.
• Fixed the “close” button on the email self-test dialog.
• Fixed the “dismiss” button on notifications behaving like you’d clicked the notification body.
• Errors during a powerbox request will now be shown on-screen rather than just printed to the console.
• Fixed that uploading a backup left a bogus history entry, breaking the browser’s back button.
• Fixed powerbox search box, which was apparently completely broken.

v0.174 (2016-08-05)

• Admins can now choose to pre-install certain apps into new user accounts. For all new servers and Oasis, our four most-popular apps will be pre-installed by default: Etherpad, Wekan, Rocket.Chat, and Davros. Admins can disable this if they prefer, and servers predating this change will not pre-install any apps by default (but the admin can change this).
• offer()ing a grain capability now works for anonymous users, which means anonymous users can use the collections app. This app will be officially released shortly.
• Identicons are now rendered as SVGs rather than PNGs, which makes them much more efficient to generate. This in particular fixes the noticeable pause when the sharing contact auto-complete first appears for users who have many contacts.
• Updated to Meteor 1.3.5.1 (1.4 / Node 4 coming soon!).
• Fixed that Sandstorm sometimes temporarily incorrectly flashed “(incognito)” in place of the user name when starting.
• Sandstorm for Work: Non-square whitelabel icons now do something reasonable.
• Various refactoring.
• Somewhat improved styling of bell-menu notifications. (More work to be done.)

Sandstorm for Work is Ready

By Kenton Varda - 31 Aug 2016

Today, we’re announcing that Sandstorm for Work is no longer in beta. Companies large and small – ourselves included – have been getting work done using Sandstorm for months. It’s time for you to join us!

What is Sandstorm for Work?

Do you wish you could use web services like Google Apps, Slack, Trello, Dropbox, and others, but can’t for security, privacy, or compliance reasons? Frustrated by the setup and maintenance costs of most self-hosted solutions? Need to integrate with your corporate single-sign-on (LDAP, SAML, Active Directory) and enforce company-wide access control policies?

Sandstorm is a suite of web-based productivity software which you can deploy on your own servers with minimal effort. Any user can install the apps they need with a few clicks – like installing apps on your phone. Apps run inside secure sandboxes with single-sign-on and uniform fine-grained access control. And everything stays up-to-date automatically, so you can set it and forget it.

Sandstorm for Work is Sandstorm plus the ability to integrate with your corporate single-sign-on, priority support, and other features businesses need.

Pricing

During the beta period we listened to your feedback on pricing, and we’ve decided to make some changes:

1. We’ve set a new list price of $10/user/month.
2. For a limited time, we are offering an additional 50% off if you choose annual billing.
3. Free trials now last 60 days.

Get Sandstorm for Work »

Discounted and free keys

We only think you should be paying for Sandstorm if it is helping you make money. To that end:

• Non-profits with paid employees can receive Sandstorm for Work at half price: $5/user/month.
• Educational institutions supporting faculty and students pay $5/month for each faculty member and $1/month for each student.
• Volunteer groups can receive Sandstorm for Work completely free.
• Home users can also receive Sandstorm for Work for free; if you run an LDAP or SAML server for your own family, then we want your Sandstorm server to be able to take advantage of it.
• Bulk discounts are available for large organizations and resellers.

If any of these situations describe you, tell us about it and we’ll set you up.

Core productivity suite

Sandstorm now bundles our four most-popular apps. Every user can immediately edit documents with Etherpad, create task boards with Wekan, create a chat room with Rocket.Chat, and synchronize & secure their files with Davros.

On Sandstorm, these apps can integrate in ways that aren’t possible when they run stand-alone. For example:

• Activity, comments, and mentions are merged into a single notification stream, so it’s easy to keep track of what your teammates are working on across all apps at once.
• You can gather related data from across apps into collections to be shared as a unit.
• You can share data from any app directly and securely to a chat room in Rocket.Chat – click the button just to the left of the chat box. No need to generate nor copy/paste a secret link – and no need to worry about that link falling into the wrong hands.
• Sandstorm for Work’s priority support covers these apps in addition to Sandstorm itself. If you have a problem, just let us know and we’ll work with the upstream developers to get it fixed on your behalf.

Extended app library

There are currently 61 apps and growing available on Sandstorm, and you can easily make your own. Need to run surveys, create spreadsheets, make diagrams, take notes, typeset scholarly papers, host code, publish web pages, or run wikis? We have all that, and more.

Unprecedented security

Sandstorm is the only server platform that uses fine-grained containerization, which protects you against security bugs in apps, so you can safely let your users install the apps they need, relying on Sandstorm’s automatic exploit mitigation and network isolation to keep data safe.

Automatic updates

As always, once you’ve installed Sandstorm for Work, Sandstorm and apps will be kept up-to-date automatically, with no action needed on your part. Sandstorm is getting better every day, and your users will get those benefits without you lifting a finger.

Still open source

Sandstorm for Work is 100% open source software with a thriving community. That means it will never disappear or stop working. Read more in our original announcement.

Get Sandstorm for Work »

Decentralization is about diversity

By Kenton Varda - 17 Aug 2016

Lately, there has been a flurry of activity around decentralizing the web. Summits have been held. New projects – and companies – have been started. Having worked on this issue for several years now, we’re excited to see it becoming increasingly mainstream.

But what, exactly, are we trying to solve? Most people think it has something to do with privacy, and maybe also security. Some argue that data ownership and mobility are the most important things. Sometimes this leads decentralization projects to focus on data storage while neglecting compute. Some projects even propose that so long as storage is decentralized, it doesn’t matter where the software actually runs.

Privacy, security, ownership, and mobility are all important, but I feel there is a much more important goal that is often poorly understood:

The most important reason to decentralize is software—and developer—diversity.

By “diversity”, I mean this: Who can develop software that other people can plausibly use? Is it primarily mega-corps like Apple and Google? VC-backed startups? Or can one random person, working in their spare time, build just the right app and reach millions of people? Can a community of unfunded volunteers build an open source app that wins because it is the best? Can an employee of one company, having built a useful internal app to solve a problem they had, give (or sell) that app to another company in the same position, without a lot of hassle? Can a teenage fan of a particular video game build an app that assists players of the game, and then share that app with the rest of the game’s community?

All of the above happens regularly with mobile and desktop apps, but it is far more difficult on the web.

We live in a time when our tools are so good that a single competent application developer working weekends can create almost any web application you can imagine. However, rarely can that single developer also run a secure, scalable service and a business around it. As a result, when software is delivered as a service, the only software that is available is that which was deemed a priori to be sufficiently lucrative to interest a mega-corp like Google or a VC-backed startup. Therefore, the only software services we get come courtesy of these gatekeepers. Experimental, indie, or amateur projects are rare. Novel services serving a small niche community are rare. Services designed by people who aren’t well-represented in the tech industry are rare. Community-driven open source projects basically aren’t viable.

The only way to solve these problems is by decentralizing the software (not just the storage). Software must be provided as a package – not as a service – with each user running their own private copy. It doesn’t really matter if the user chooses to deploy to “the cloud” or to their own machine, as long as they can run any package they want. It is, however, important that the means to deploy software be accessible even to non-technical users, so that everyone can participate and developers can reach a wide audience. Deploying an app on your server must therefore be as easy as installing an app on your phone, and must be “secure by default”.

This is the focus of Sandstorm.

Share many as one, with the Collections app

By David Renshaw - 09 Aug 2016

Starting work on a project in Sandstorm often means creating many grains, each pertaining to a different aspect of your work. In a typical project, you might have a spreadsheet, a chat room, a kanban board, and several source code repositories. Sandstorm makes it easy to share these grains with your collaborators, but until recently, you would need to share each grain to each collaborator separately — a task that could quickly become tedious. What if you want to share the entire project as a single unit?

Now that we have released the Collections app, we have a satisfying answer to that question; to share many grains at once, you add them to a collection.

A collection is a list of grains. Any collaborator with whom you share a collection gets access to all of the grains in it. On the flip side, when you remove a grain from the collection, your collaborators lose access to that grain. Moreover, when you revoke a collaborator from the collection, that (now former-) collaborator loses access to all of the collection’s grains.

And since a collection is itself a grain, sharing one works just like sharing anything else on Sandstorm, through the “Share access” button.

Powerbox makes it possible

The fact that we have implemented collections as an app may come as a surprise, since the notion of a collection might seem fundamental enough to deserve being baked-in as a core feature of Sandstorm. However, Sandstorm bakes in an even more fundamental notion: the idea that grains can refer to and coordinate with one another. The embodiment of this idea is the powerbox, an interface — mediated and auditable by the user — through which grains can exchange capabilities.

When you click the “Add grain” button in a collection, the collection in fact initiates a powerbox request. Sandstorm then asks you, the user, to choose a grain with which to fulfill the request.

Once you select a grain, the collection receives a reference to that grain. It can then use that reference to retrieve metadata such as the grain’s icon and the the name of the app that created the grain. Crucially, it can also offer the reference to your collaborators, so that your single “Add grain” action can result in all of your collaborators receiving access to the grain. The behind-the-scenes details of how this all works can be found in our technical documentation.

Other apps can use the powerbox in the same way. You could write an alternative implementation of collections, either by starting from scratch or by forking ours. Apps whose primary purpose has nothing to do with collections can also benefit from the ability to request and offer grain references. For example, a chat room could be enhanced by the ability to embed Sandstorm-aware links to other grains. Indeed, the latest release of Rocket.Chat does just that.

Built with Rust

Although a fast startup time and a small memory footprint are important performance goals for any Sandstorm app, they are especially important for the Collections app, as it provides such a central piece of functionality. Collections need to be lightweight so that their integration with the rest of Sandstorm can feel seamless. Our primary strategy for achieving such performance has been to develop the Collections app using the Rust programming language, interfacing directly with Sandstorm’s Cap’n Proto interfaces . Rust has worked well so far, and along the way we have produced some libraries and examples to help others also get started using it for Sandstorm app development.

Whether or not you are a developer, now is an exciting time to get involved with Sandstorm. The powerbox is still in its early stages, and the Collections app is a hint at the kinds of things it will enable. So try it out and let us know what you think!

July changelog - what's new in Sandstorm

By Asheesh Laroia - 03 Aug 2016

In July, we introduced a new Sandstorm feature: Apps can notify users when something interesting happens within a grain. For example, Etherpad uses this to tell you when someone leaves a comment on a document. This ActivityEvent API was designed by Kenton Varda and its visual elements were designed by Néna Nguyễn. You can read more in its Cap’n Proto definition; any app within Sandstorm can use it. The easiest way to try it out is to make a new Etherpad document, then open it in an incognito window, and use the incognito window to leave yourself a comment.

This change, and many more, went live during July. To keep your Sandstorm server updated, you can sit back and relax. In the default configuration, Sandstorm’s automatic updates will install updates within 24 hours of a new release.

Here’s the full July changelog!

v0.173 (2016-07-23)

• Sandstorm for Work: Added server whitelabeling features. Find under “Personalization” in the admin panel.
• Apps now receive profile pictures for all users. Users who have no picture get an identicon. Previously, apps were expected to generate identicons themselves.
• HTTP requests to / responses from apps now pass through any header prefixed with X-Sandstorm-App-. Also, X-OC-Mtime is whitelisted in responses, to improve Davros’ compatibility with ownCloud clients.
• Attempting to download a backup of a collection will show a warning explaining that this doesn’t do what you expect.
• Prevented guests from uploading grain backups. These uploads weren’t creating actual grains, but could use up server-side disk space.
• Fix bug in grainlist deduplification on app details page.
• Fixed that the admin page for managing a specific user only showed their login identities, not non-login identities. The main list showed both, but the non-login identities would disappear when clicking through to a specific user.
• The favicon is now transparent instead of white-background.
• The guided tour highlight of the “share access” button no longer blacks out the button on Firefox.
• The admin UI’s “Personalization” page no longer fails to save if you haven’t entered a Terms of Service or Privacy Policy URL.
• “204 No Content” responses from apps now preserve the ETag.
• Refactored powerbox client-side code to make it more pluggable.

v0.172 (2016-07-15) [bugfixes]

• Fixed a regression that caused accepting an app update notification to have no effect. Sandstorm will re-notify about missed updates within 24 hours.
• Fixed bugs preventing Sandstorm from working on IE10.
• Tweaked new activity event API.
• Major refactor of powerbox-related code.
• Bugfixes related to upcoming collections app.

v0.171 (2016-07-09)

• Activity/Notifications API: Apps can now inform Sandstorm when a grain has been modified. Sandstorm will then highlight the grain in the user interface to show that it has new content, and in some cases deliver notifications to interested users. Apps need to be updated to use the API, but an update to Etherpad will ship on Sunday with updates to Rocket.Chat and Wekan soon thereafter.
• Fixed regression where grain UIs would not refresh when the grain’s package was updated.
• Fixed bug where it was possible to have a “shared with me” copy of a grain you own show up in your grain list, which in turn caused other bugs.
• Fixed spurious deprecation warning in server logs and reduced the size of the Sandstorm bundle by 10% by eliminating redundant copies of the Connect framework which were being included due to npm dependency semantics.
• Fixed some modal dialogs stretching off the screen on mobile.
• Various code refactoring.
• Oasis: Fixed that save()ing a capability was producing a SturdyRef that could not be restored due to bookkeeping errors.
• Sandstorm for Work: The SAML XML blob is now available even if the SAML identity provider has not yet been enabled. This should make setup easier.

v0.170 (2016-07-02) [bugfixes]

• Meteor-based apps will no longer go into redirect loops when WebSockets are not working.
• Sandstorm for Work: Fixed SAML login failing when a user’s name contained non-ASCII characters.
• The Powerbox API has changed slightly to involve a server-side exchange after the client-side selection operation. This improve security. Existing powerbox-using apps will need to be updated – but no major apps are using it yet.
• When using email login and clicking the link (rather than copy/pasting the token), you will now be redirected back to the URL from which you initiated login.
• Improved design of profile editor UI.
• The user table in the admin panel can now be sorted by clicking column headers.
• Fixed “guided tour” hint bubble for installing apps showing for users who aren’t allowed to install apps.