May changelog - what's new in Sandstorm
By Asheesh Laroia - 31 May 2016
This month features a big change: when you delete grains, they are sent to a “Trash” area, where they are held for 30 days before being deleted permanently. I personally have clicked “Delete” on the wrong grain by accident, so I’m very happy with the new feature! This way, I can undo it.
Self-hosters will also appreciate the totally-redesigned admin interface. Visit /admin on your server and you’ll see that it’s easier to navigate and visually cleaner.
Here’s the full changelog. As always, you can visit your Sandstorm server and find the changelog under the “About Sandstorm” section.
v0.164 (2016-05-20)
- Self-hosting: The admin settings UI has been completely revamped.
- Fixed grain debug log auto-scrolling.
- Sandcats: Fixed obscure ASN.1 type issue in CSRs that was causing Globalsign API to complain.
- Fixed bug where logging in via Google or Github while viewing a sharing link which you had already redeemed previously would lead to an error.
v0.163 (2016-05-15) [bugfixes]
- Fixed subtle bug introduced in 0.162 which caused shared grains to refresh every minute.
v0.162 (2016-05-14)
- Implemented “trash”. Deleted grains go to the trash where they can be recovered for up to 30 days.
- Grains can now be deleted from the grain list, without opening them first. Multiple grains can be selected for deletion at once.
- An app can now request that the “who has access” dialog be displayed.
- Fixed bug where after an upload failed, future uploads would show the same error despite not having failed.
- Tweaked the “logout other sessions” button to give better feedback that the request is in-progress.
- When visiting a Sandstorm server that hasn’t been set up yet, you’ll now be redirected to the setup wizard.
- The API endpoint now allows the authorization token to be specified as part of the path, for cases where setting the
Authorizationheader is not possible (especially cross-origin WebSocket).
Case Study: Sandstorm for journalists
By Jade Wang - 23 May 2016
Jason Hernandez is a journalist who often covers sensitive topics like mass surveillance for the North Star Post. And given the nature of his work, he and his colleagues are justifiably concerned about the information security, not just between journalists and sources, but also drafts and storage of source materials. So, when Jason was visiting the SF Bay Area, he dropped by Sandstorm meetup to talk about the Sandstorm server he set up so he and his colleagues so that they can still enjoy the benefits of web applications, like real-time collaboration, while keeping control over their data.
Lightning Talk: Jason Hernandez talks about how North Star Post uses Sandstorm
Are you using Sandstorm for your work? I’d love to hear more about how you’re using Sandstorm and share your story. Drop me a line at [email protected] and tell me about it!
Are you in the Bay Area? Hope you can make it to the next Sandstorm meetup: RSVP here
Or share your Sandstorm use case at local meetups in: Boston, New York, Berlin, Zurich, or Wellington.
Richard Caceres talks about designing open source apps
By Nena Nguyen - 16 May 2016
We had the pleasure of having designer, developer, and app author Richard Caceres speak at our Sandstorm.io meetup in San Francisco on March 24, 2016.
In his talk Richard emphasized the value of free and open source software, he shared design principles that app authors should follow (to create a more cohesive user experience across apps), and he also demoed a newly updated version of his TextEditor app.
“Every app would benefit from allowing you to customize the CSS. I think that’s really important. In TextEditor, you can do that now.”
Watch Richard's full talk to hear more about:
- What makes good free software
- Why you should develop apps for Sandstorm
- The importance of design for apps
- Examples of successful open source design
- Visual guidelines for apps
- New TextEditor features (like customizable CSS)
- And more!
You can follow the slides here:
As a follow-up to his talk, Richard has also recently announced x-gui, a library of web components for building consistent web apps.
Try out TextEditor for yourself and don’t forget to leave a review!
How self-hosted analytics preserve user privacy
By Asheesh Laroia - 12 May 2016
Filippo Valsorda just published an overview of why to use Piwik for web analytics instead of Google’s product. He reflects on the fact that he saw 18% more pageviews with Piwik compared to Google Analytics, seemingly because self-hosted analytics get past ad-blocking browser extensions. I want to reflect on the privacy implications of running your own analytics and explain the nuts and bolts of how Piwik runs on Sandstorm.
Here’s what Piwik on Sandstorm looks like.
How a web analytics service works
For a website (let’s say example.com) that that embeds Google Analytics’ Javascript tracking code, a web browser like Chrome takes the following steps:
-
Download the HTML content of example.com.
-
Notice a SCRIPT or IMG tag going to Google Analytics.
-
Download the Google Analytics tracking code from Google, whose purpose is to tell Google Analytics the URL of the page that included it. One main purpose of web analytics is to see a chart of which pages are popular, so it stands to reason that if Google runs the analytics tool, Google needs to know what page is being viewed.
Google has a strong privacy policy, and this information typically falls under the heading of “Information we get from your use of our services,” and I am personally OK with sharing this information with Google Analytics.
Some people like staying private
According to W3Techs, more than 50% of all websites use Google Analytics. This has a somewhat surprising result: Google’s analytics service knows about a huge fraction of all web page visits. After all, any central analytics service can see the webpage visits for all the sites using it. They can even see traffic patterns that each individual site operator cannot.
Some web surfers want to keep their surfing information private. They may be OK with the site owner knowing that someone visited, but Google is not the site owner. They may see data as a toxic asset, per Bruce Schneier. Many of them use web browser add-ons like Privacy Badger.
As a website operator, this puts you in a bind. If you want to use Google Analytics to get a graph of which pages are popular, you need to share your users’ surfing patterns with Google. Google doesn’t distribute Google Analytics as software you can run; they only run it as a central service.
A different way to do web analytics is to use software running on a server that you maintain. This is called self-hosting web analytics.
The easiest way to do that is to do what Filippo Valsorda said: run a Sandstorm server and install Piwik from the app market, and copy-paste something into your website.
Today, that’s possible with a few presses on a touchpad. Getting to that point involved some fascinating challenges.
How to share an API token you cannot see
One design goal of Sandstorm is that apps are confined. An app in Sandstorm never learns a URL that outsiders can use to reach it. That way, the app must rely on Sandstorm for access control, which means the “Share access” button can always show the users who has access. Sandstorm can provide one interface for granting and revoking access across all apps.
However, Piwik needs a way to show a URL that a website operator can embed into their website, so that website visitors can be tracked by Piwik!
To get past this Catch-22, Drew Fisher built a new Sandstorm feature called offer templates. Piwik asks Sandstorm to show a templated message, and an IFRAME from Sandstorm appears with that token placed into the templated message. Drew’s Piwik package was the first to use it, and it’s become the most common way for apps on Sandstorm to create copy-pastable instructions for how to connect to their APIs.
When to make IP addresses available
Another obstacle was IP addresses. Piwik needs to know the IP address of visitors so it can create a visual map to show website operators where in the world their visitors come from. However, we didn’t want every Sandstorm app to be able to collect this data without user intervention. Drew added a way for client-side Javascript to optionally share the user’s IP address, while keeping the defaults safe. I’ll quote him here:
Normally, we strip the remote address from requests, since most applications shouldn't need it. However, for those that benefit from it (like analytics), clients can opt into passing their IP on to the backend by adding an "X-Sandstorm-Passthrough: address" header to their request. This would be a privacy leak for WebSession, since the grain can give the client scripts which would send the header, but ApiSession requires a user action, so it's safe here.
In the context of the above, an ApiSession covers requests that come in via an app’s HTTP APIs such as Piwik’s tracking system, and a WebSession covers requests that come in from the grain owner clicking around, such as a site owner viewing their statistics.
Enabling the community
When we finished, we had built a foundation that other apps could build upon. You can try Hummingbird, Michael Nutt’s real-time analytics tool, and Radicale, Aleksandr Bogdanov’s package that enables calendar and contact synchronization by combining a few tools.
If you want to make an open source web app that anyone can self-host safely, start at the Sandstorm Developer Hub. Sandstorm supports any programming language or stack, like PHP or Meteor or Rust, that runs on Linux. You’ll find a packaging tutorial and detailed information about offer templates. And if you just want to start using Piwik, check it out on the app market.
Sandstorm lets university IT be the hero
By Asheesh Laroia - 06 May 2016
Picture yourself running a university IT helpdesk. When professors come to you, you point to the tech tools your colleagues have already deployed. It takes a long process to get something new approved. You know that’s been limiting professors’ creativity, but you haven’t known what to do about it.
Then one day, Sandstorm comes along.
Now educators are empowered to help themselves. They can make course websites with Ghost, teach students how to typeset documents using ShareLaTeX, or create shared folders for classes using Davros. They can even use GrooveBasin to set up a collaborative radio station for a music history course.
All that happens on your Sandstorm server, running safely within the institution.
Can you help spread the word?
Néna Nguyễn just finished designing a page with the information educators need about Sandstorm. I’m writing because I need your help reaching educators and technologists to share it with.
Can you think of an IT staffer or professor who is wondering how to get access to a wider variety of software available at their institution? If so, please send them a link to https://sandstorm.io/go/education. I just sent it to the head of IT at my alma mater’s CS department.
If they ask you about security or privacy, you can tell them that Sandstorm is self-hostable open source software, integrates with LDAP/SAML single sign-on, and automatically mitigates 95% of security issues, before they are even discovered. For more on Sandstorm’s security design, read our security practices documentation.
Thanks!