Sandstorm.io

Transcript

1. SANDSTORM.IO XKE 26/04/2016

2. WHAT IS ? SANDSTORM.IO 'cloud' applications made easy 'app store'

   model for (techie) end-users host on your own server or on oasis.sandstorm.io granular isolation

3. SEPARATION hosting, authentication, isolation application development

4. WHAT IS THE PROBLEM AGAIN? As of May 15, 2016,

   Revolv service will no longer be available. The Revolv app won’t open and the hub won’t work.

5. WHAT IS THE PROBLEM AGAIN? Open source apps o en

   not available in 'hosted' form and hard to install

6. WHAT IS THE PROBLEM AGAIN? One buggy app can compromise

   your whole server.

7. WHO MADE THIS? Kenton Varda Involved in Google Docs sharing

   @google Involved in protobuf @google

8. ANATOMY OF A SANDSTORM APP container-based more restricted than e.g.

   docker: seccomp restricts system calls no raw network access advanced features through an API

9. ANATOMY OF A SANDSTORM APP a container instance per 'document'

   ('grain') sharing controls provided by sandstorm HTTP API

10. ANATOMY OF A SANDSTORM APP Your app can be very

    simple Does not need authentication/user mgt Only needs to manage one 'document' per instance sqlite w :)

11. DEMO? This presentation :)

12. LICENSING Open Source Paid hosting on sandstorm.io Closed 'enterprise' features

    clustering

13. LARGER TRENDS isolation between apps

14. MORE ISOLATION

15. Desktop: AppArmor (ubuntu 'snaps') GrSecurity SELinux VMs (QubesOS) Containers? Mobile:

    Android/iOS permissions Server VM (Xen, KVM, etc) Containers (docker cgroups, seccomp) Cap'n'Proto