I've been lurking since the Indiegogo campaign a few years ago, and I check in every once in awhile to see Sandstorm's status. I've been sad to see that it's largely stalled. A few months ago I was working on a tech security research project and discovered the object-capability model which has led me back here.I'd like to start conversation on bringing life back to the Sandstorm project.
I really miss working on Sandstorm apps. Here are some things I'd like to build but haven't because, quite frankly, I don't want to deal with the pain of having to host and secure them on more traditional infrastructure:
* A web-based podcatcher. I want to start a podcast on my desktop, resume listening on my phone, and maybe pick up later on my Xbox. Maybe the podcast files are exported via WebDAV so I can access them locally. My feeds can be imported and exported, and I never have to worry about the service changing or shutting down.
* A public transit schedule display that, given static GTFS data and an optional GTFS real-time feed, shows me arrival and departure information sliced and diced according to the needs of people who actually rely on public transit. So many of these systems are probably built by engineers who take Lyfts or single trains to their desks and start designing. I want an instant dashboard of all real-time bus departures within half a mile of where I am now. Don't make me click through individual stops or plot a route. Show me the information I need and let me decide what to do with it.
* An app that lets me scan barcodes with my phone via Web RTC,
looks up the code to identify the object, and stores that
information server-side. So often I get a brand of something I
like, but because I can't see the container, I don't remember what
it was. I'd love to scan it, save it, and not worry about losing
that data when my phone is lost, my PC wiped, etc.
All of these require outbound network access and some sort of keepalive support. I know outbound networking has always been available if I'm willing to learn CapnProto, learn whether a binding exists for my language, potentially write from scratch any networking code my app needs...I think we may have gotten outbound proxy support at some point late in the game, but I had trouble getting this to work IIRC.
I hate to put this out there since I know it conflicts with one of Sandstorm's primary design goals, but I think the increased security made it somewhat unattractive for me to develop for past a certain point. And while I understood the concern of apps phoning home and spying on users, I didn't want to phone home and spy on myself, or *anyone* for that matter. I wanted an SPK I could upload to my server and start receiving podcasts, or building a better bus schedule, or... The alternative isn't that I've written either and hosted it on my VPS. The alternative to the above is that I just haven't written either at *all*, because I don't want to build a one-off app for my bus schedule and open source it for others to try hosting, nor have I built my podcatcher because I'd rather focus on my core need and not authentication/security. I think Sandstorm was, and potentially still is, a good argument for the case that 70% security was a massive leap over 0%, but starting at 95%/99% made it a hard enough sell such that I'd consider Sandstorm for a handful of use cases but rule it out for many more. And saying that makes me a bit sad.
I'd love to see it revived, though. I wonder what some meaningful
steps forward might be?
--
You received this message because you are subscribed to the Google Groups "Sandstorm Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sandstorm-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sandstorm-dev/CAEAeJWxWQbR9D5%2Bg56MPrkuZOByGvDHANdozcD3kFeOYc6SbDA%40mail.gmail.com.
That’s kind of what I'd expect, since many apps will only look to speak with a short list of domains.
Sent from my Windows 10 device
--
You received this message because you are subscribed to the Google Groups "Sandstorm Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sandstorm-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sandstorm-dev/157524351520.908.14814592529273726164%40localhost.localdomain.
Quoting David Chizmadia (2019-12-01 22:46:14)
> That could probably be generalized to a whitelist block in the
> sandstorm-manifest.capnp that would identify the protocol and the
> whitelisted URIs. Part of the SPK installation process could be a
> dialog between the installation admin and the Powerbox to select the
> protocol handler (if there is more than one) and authorize the URIs for
> the handler. That pattern would be familiar to anyone who has installed
> apps on their smartphone - if at a (potentially) finer level of
> granularity than usual.
I agree generally; this technique could be used for other protocols. I
think doing it at install/first start time is probably the wrong default
though, as it is easier for a user to understand requests if they come
in the context of using the app. So a first-access policy as a default
makes more sense to me.
Of course, especially with server apps it may be the case that the app
will first need the capability sometime when the user is not there to
grant it, so sometimes requesting access up front is unavoidable.
> Slightly off this subtopic, but relevant to the Subject line, I was
> recently browsing through the LibreOfiice website and discovered that
> they have a version of the suite intended as an open source version of
> Google Docs that is in search of a platform that would handle
> cybersecurity and other enterprise-grade considerations. My first
> thought was that it would be a fantastic "Killer App" for Sandstorm.
Interesting. Link? I didn't find it quickly poking around on the website
myself. It does seem like the perfect thing for someone to try to port.
-Ian
--You received this message because you are subscribed to the Google Groups "Sandstorm Development" group.To unsubscribe from this group and stop receiving emails from it, send an email to sandstorm-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sandstorm-dev/479ef656-d283-4d47-a4f0-411687f915eb%40googlegroups.com.
in the near future. Kenton would have to update or transfer Etherpad. Davros is very abandoned right now.
This wouldn't support 2/3 of my use cases, unfortunately. Transit feed URLs vary per agency, and podcast URLs are arbitrary.
If the app can whitelist URLs via wildcard, that should be fine. I'd hope users would understand the need to whitelist all URLs for a podcatcher, or for a transit schedule needing to fetch feeds and data from arbitrary places. But, while I could lock certain apps to specific URLs, I couldn't for these two.
To unsubscribe from this group and stop receiving emails from it, send an email to sandstorm-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sandstorm-dev/157532182884.887.16013839353107910732%40localhost.localdomain.
--
You received this message because you are subscribed to the Google Groups "Sandstorm Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sandstorm-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sandstorm-dev/f8fd952d-bc32-40b9-b109-5ea52e398148%40www.fastmail.com.
To unsubscribe from this group and stop receiving emails from it, send an email to sandstorm-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sandstorm-dev/157557660177.11687.15819991046486418538%40localhost.localdomain.
To view this discussion on the web visit https://groups.google.com/d/msgid/sandstorm-dev/CAAWRcS9KiCO8mvJ1phhEcbL58nKyzZTn%3DOaQKfu8bVD6q3Kutw%40mail.gmail.com.
I'd like to imagine we could come up with some sort of developer-supporting model using GitHub Sponsors or Patreon or Bountysource or such. Sandstorm-the-company obviously didn't take donations, but presumably Sandstorm-the-community-project could.
Long term, if we can get things organized enough, it might make sense to
consider joining the Software Freedom Conservancy or some other umbrella
organization, to make donations and logistical stuff easier. But I think
we need to breathe some life into the project before it makes sense to
think about that.
One big worry I have is that the Sandstorm codebase is not in an excellent state of cleanliness.
Also worrying is that it's all built on Meteor, which itself is a somewhat stalled project.
--You received this message because you are subscribed to the Google Groups "Sandstorm Development" group.To unsubscribe from this group and stop receiving emails from it, send an email to sandstorm-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sandstorm-dev/41ac94a2-01ab-4c08-a81a-c8c03b1538b1%40googlegroups.com.
I did mean, that rewrite is a dirty word. Nothing should be rewritten, ever. It's just same work and bugfixes again.
Original author of Wekan tried to rewrite Wekan, got tired in rewrite, so I had to continue maintain Wekan.
https://github.com/wekan/wekan/wiki/FAQ#what-was-wekan-fork--wefork
I have multiple failed rewrite attempts, it just is not possible.
https://github.com/wekan/demo/wiki/Roadmap
Also see:
https://www.joelonsoftware.com/2000/04/06/things-you-should-never-do-part-i/
BR,
xet7
...for now we should just get Sandstorm itself moving again.