By Kenton Varda - 12 May 2014
Sandstorm employs a native-code sandbox. App servers may be written using any technology stack that runs on Linux. The app provides all of its own libraries; all Sandstorm provides is a filesystem and HTTP routing.
Up until now, porting apps to Sandstorm was a rather tedious process involving carefully figuring out dependencies and building a chroot environment. But now, we’ve written a tool that automates the process. It’s so easy that if you have a traditional web app server already running on your Linux machine, you can probably turn it into a Sandstorm app package in five minutes or less.
The trick is actually quite simple: we run your app in a special version of the Sandstorm sandbox running on top of a FUSE filesystem that detects exactly what files your app tries to open, satisfies those dependencies just-in-time, and then makes a list so that you can build a package later. By default, the tool just pulls binaries and libraries from your local system. Just make sure to test all of your app’s features in dev mode, and you should have a complete package.
Check out the porting guide for details.
Glad you asked. Obviously, pulling whatever happens to be installed on your own machine into a package is a huge hack. A serious project will probably want to do something more hermetic and reproducible. Sandstorm supports that just fine. You can configure excatly where the dev tool looks for dependencies; it doesn’t have to be your own root directory. So, set up a chroot environment in whatever way suits you, and point it at that.
You could, for example, use Docker. Once you’ve set up an appropriate Docker container for your app, point the Sandstorm dev tool at it and build a package. But it’s also possible to use the package management systems of various Linux distros directly. We didn’t want to constrain you to any one toolchain, because we know everyone has different tastes.
Many people have asked how Sandstorm is different from Docker. The answer is in the user interface. Docker is essentially a set of command-line tools for building chroot environments and deploying them. It is meant to be used by developers and sysadmins, to deploy software that might have any arbitrary number of users or, indeed, not be user-oriented at all. Docker is awesome at what it does, but what it does is actually not at all the same thing as what Sandstorm does.
In contrast, Sandstorm is a user interface for a personal cloud server. It is perfectly possible for a non-technical end user to install new apps to their Sandstorm instance and use them. Moreover, Sandstorm provides and integrated login and sharing model, so that individual apps do not have to implement this themselves. The Sandstorm platform sits between the user and the app, so when an HTTP request arrives at the app, it is already annotated with information about the user’s identity and permissions as authenticated by the platform. Eventually, Sandstorm aims to provide a user interface that allows end users to connect their apps to each other and to other users’ app securely through an intuitive UI – think OAuth, except streamlined because all the apps already share an authentication system. Meanwhile, until two app instances have been connected by the user, they are completely isolated from each other, so that you need not worry that one insecure app might compromise your whole server.
By Kenton Varda - 22 Apr 2014
It’s been nearly a month since Sandstorm launched, and we’ve been busy. Here’s what’s new!
When Sandstorm launched, some people thought it odd that our message of freedom from other people’s servers was followed by an invitation to use ours. To clear the air a bit, we’ve now made it ridiculously easy to install your own Sandstorm server on your very own Linux machine:
curl https://install.sandstorm.io | bash
Follow the on-screen directions and you’ll be up and running in seconds. No need to build code nor edit config files. In fact, your Sandstorm installation will even (if you choose) automatically keep itself updated, so you never have to deal with it again. (Of course, you can still get the full source code on Github if you prefer.)
Of course, not everybody has a Linux server lying around, or wants their cloud apps hosted off their home internet connection, or wants to pay the typical $50/mo for a cloud VM instance powerful enough to run Sandstorm well. That’s why we also want to offer managed instances that don’t require any of that.
To be clear: when you use our server, you are still in control. You can upload any app you want. We do not serve ads, and we will not mine your data. We let you move your data from our servers to your own at any time. It’s like having your own VM on AWS except without the config files and the updating and the security issues.
Eventually, we plan to charge a small fee for managed instances as a way to cover our upstream hosting costs and fund development. But, for our early alpha testers, the service is free.
Speaking of using our servers…
Despite the limited scope of our initial announcement, we ended up with an order of magnitude more people on our waiting list than we anticipated. If you signed up and haven’t received an invite – alas, that’s most of you – I apologize!
We have not yet implemented the ability for Sandstorm to scale to multiple machines. However, we recently increased the capacity of our main machine such that we should be able to invite a lot more people, and we’ll get to work on multi-machine scaling soon. Be sure to get on the mailing list if you want an invite – or just want to stay updated.
Some awesome contributors have written/ported a few new Sandstorm apps:
Install these and other apps to your Sandstorm instance from the app list.
Porting apps is still a somewhat weird and ad hoc process. Usually the code doesn’t need to change much, but figuring out the app’s dependencies for packaging purposes takes some sleuthing. We’re working on better tools which will make this process much easier; stay tuned.
By Kenton Varda - 24 Mar 2014
Today I’m announcing the release and launch of the alpha version of Sandstorm.io. See the site for more.