Six Reasons Sandstorm.io is Rocking the World of Open Source Web Apps

Transcript

1. SANDSTORM.IO SIX REASONS IT'S ROCKING THE WORLD OF OPEN SOURCE

   WEB APPS Daniel Kraft - @frigginglorious

2. OVERVIEW Distribution made awesome Security is covered Data privacy Ease

   of use Best of Self-Hosting & SaaS Sandstorm is actual magic

3. ABOUT ME University of Wisconsin - Stout Information and Communication

   Technology Full Stack Dev Ecommerce for a Packaging Company Mostly work with PHP, JS Open Source Ideologue

4. NOW... WHO THE HELL ARE YOU? Infosec Development Sharepoint Administration

5. "Sandstorm is an open source operating system for personal and

   private clouds."

6. THE PERFECT PLATFORM For single-purpose or single-use APPLICATIONS

7. Q: Alright... WTF does that mean? A: Let's check it

   out.

8. LET’S SPIN UP SOME GRAINS! Reveal.js based slideshow editor Trello

   Clone Google Docs/Drawings alternatives File Storage/Sharing GIT server & Web Interface Slack alternative Jukebox/Radio Server Voxel Editor CMS, Ghost and Wordpress RSS reader

9. SANDSTORM'S PURPOSE… For every great web application installed, there is

   a sys admin with at least a dozen headaches. An easy alternative is to pay a monthly fee for a company to take care of those headaches for you. But in response to that, the guys at Sandstorm have said it best:

10. "For open source software to make sense, the user has

    to be running their own instance. Software-as-a-Service and open source web apps just don’t make sense together: it’s not really open source if you can’t run modified code, and the high barrier to entry shuts out hobby projects or anything unwilling to be monetized."

11. UNDER THE HOOD C++ Backend Meteor JS Frontend Full Stack

    Javascript Responsible for all the real-time features Cap’n Proto Remote Procedure Call Possible wizardry

12. DEVELOPERS Developed by Kenton Varda An ex-googler Cool Core Team

    of Sandcats Smart Bay-area peeps freenode #sandstorm on IRC

13. (now... on with the show) DISTRIBUTION

14. The App Market

15. What's in an app? A Fully-contained, packaged file Installed, then

    instantiated into grains App maket is just a list of all developed grains

16. SECURITY

17. APPLICATION-LEVEL SECURITY "Fine-grained security" "contained and mitigated to the maximum

    extent possible" "isolates individual resources within an app"

18. ONLY ENFORCES ACCESS Sandstorm allows apps to implement their own

    TYPES of access to a grain commonly Read and Write access Apps themselves are responsible for making sure the TYPES of access are enforced.

19. SHARING MODEL EXAMPLE Someone shares their Etherpad document, and you

    have write access. You share this doc with "Bad Manners Billy" to view. Billy shares their view access to 10 people. Revoking Billy's access also revokes those 10 peoples access.

20. 95% OF SECURITY ISSUES AUTOMATICALLY MITIGATED, BEFORE THEY WERE DISCOVERED

    https://sandstorm.io/news/2016-02-29-security-track-record

21. PLATFORM ACCESS Guest Only access to a given grain Can't

    upload or spin up new grains Invited User Install apps Upload Apps Spin up new grains Admin Change other user's access level

22. USER ACCESS A user's grains are only accessible by them,

    and who they choose to share access (except server root) This applies to admins Administered on a grain-by-grain basis "Capability-based Security"

23. FROM USER PERSPECTIVE Matches their process Single-task apps doing single

    tasks One unified interface

24. FROM DEVELOPER PERSPECTIVE What do you mean Security? Keep on

    coding for results Packages Localized Dependencies Selectively includes for small size Just make sure you think in sandboxes!

25. DATA PRIVACY

26. SAVING USERS FROM THEMSELVES Apps will explicitly request permissions, just

    like an Android app

27. Please place tinfoil hat on head.

28. WHAT IF Single Point of Failure: The (Fictional) Day Google

    Forgot To Check Passwords Dropbox dropped all of it's users passwords? This happened in 2011: https://www.youtube.com/watch?v=y4GB_NDU43Q http://venturebeat.com/2011/06/21/dropbox-files-left- unprotected-for-four-hours-due-to-software-bug/

29. It is now safe to remove tinfoil hat.

30. NOT MEANT FOR CLOUD Scanningcabinet to organize mail & documents

    Who would use it? Configure App Engine server, deploy code Distribute with SaaS? upload your paper mail to server run by some guy No thank you. https://sandstorm.io/news/2014-07-21-open-source-web-apps- require-federated-hosting

31. EASE OF USE

32. INSTALLATION REQUIREMENTS Any Linux Must be x64 1GB RAM (preferably

    2GB)

33. INSTALLATION SSH to server curl https://install.sandstorm.io | bash

34. VERY EASY! But be careful about piping things to bash...

35. INSTALLATION COMPLETE! Follow prompts: Type Your Name Type Your Email

    Address Pick a Subdomain

36. USER AUTHENTICATION Click That Link Google - "Configure" Go to

    Continue to follow instructions https://console.developers.google.com/

37. BEST OF BOTH WORLDS

38. SAAS++ Spin up a blog and publish it in less

    than a minute. (Static publishing seems to need some work yet.)

39. APPS FOR FREE! (also hosting for free) http://oasis.sandstorm.io

40. WANT TO CUSTOMIZE? App code is always linked!

41. MAGIC DEVELOPMENT (some restrictions apply)

42. - Common app responsibilities like authentication, authorization, document management, scaling,

    backups, encryption, and more are handled automatically by the platform. https://sandstorm.io/developer

43. WHAT IT'S GOOD FOR: Single use or single task apps.

44. ABOUT GRAINS All mutable data is stored in a /var/

    folder

45. PORTING OR DEVELOPING APPS

46. “Sandstorm supports any programming language that runs on Linux, not

    just PHP, such as Meteor, Python, Rails, Node, PHP, C++, Go, Rust, and more.” - https://docs.sandstorm.io/en/latest/vagrant-spk/packaging-tutorial/

47. PROCESS Initialize Vagrant-spk tool Import your code Include dependancies Run

    Vagrant & test vagrant-spk up && vagrant-spk dev Package vagrant-spk pack ../sweetAppBro.spk

48. WHAT IS VAGRANT? Local VM Built for development

49. TO READY ENVIRONMENT Install Git, Virtualbox, and Vagrant-spk Setup the

    VM Clone boilerplate from github git clone git://github.com/paulproteus/php-app-to-package-for- sandstorm https://docs.sandstorm.io/en/latest/vagrant-spk/installation/ https://docs.sandstorm.io/en/latest/vagrant-spk/packaging- tutorial/

50. DIESTORM The premiere RPG-dice-rolling app for Sandstorm. https://github.com/frigginglorious/dieStorm

51. server/serverFun.js As app starts up, declares function Meteor.startup(function () {

    Meteor.methods({ checkSandstormUserPermissions: function () { var sandstormUser = this.connection.sandstormUser();

52. both/rolls.js Globally instantiates the Mongo Database Table. The data is

    entirely containerized, and a lazy hack like this couldn't affect your server, any other sandstorm grains, or give any access to data that they wouldn't already have! Rolls = new Meteor.Collection('bolls');

53. client/dieStorm.html data is set to populate here, and each new

    item is passed to the "boll" template < table id="passDataResult"> {{#each bolls}} {{> boll}} {{/each}} < /table>

54. client/dieStorm.html lists each die roll as it's added to the

    Mongo Collection < template name="boll"> < tr class="rollList"> < td class="aDate">{{ formatDate createdAt }} < /td> < td class="aUser">{{ username }}< /td> < td class="aType"> rolled a d{{ dieType }}< /td> < td class="aRoll">{{ theRoll }}< /td> < /tr> < /template>

55. client/serverCall.js Template.userRoll.onCreated(function userRollOnCreated() { Meteor.call('checkSandstormUserPermissions'); });

56. client/serverCall.js Tells the HTML template to grab the Mongo Collection,

    and how to display it. Template.userRoll.helpers({ bolls: function() { return Rolls.find({}, { sort: { createdAt: -1 } }); }, });

57. client/serverCall.js Click event, send data Template.userRoll.events = { 'click .aDie':

    function (event) { whichDie = event.target.innerHTML; var guyID = Meteor.sandstormUser().id; var guy = Meteor.sandstormUser().name; Meteor.call('rollIt', whichDie, guyID, guy, function (err, response) { if (err) { return;

58. both/rolls.js Finally, Store the Roll. rollIt: function(d, guyID, guy) {

    var theRoll = d20.roll(d); Rolls.insert({ theRoll: theRoll, dieType: d, createdAt: new Date(), owner: guyID, username: guy,

59. GO FORTH AND PORT Downlaod project code Fix database calls

    Remove or Replace authentication

60. (Please Send A Designer)

61. THANK YOU!