In-reply-to » So, @prologic, I feel like I should convince you that your self-hosting solution you build should use containerized documents (Sandstorm calls them "grains" for kind of good reasons, but documents is usually applicable). This would have twofold benefits: 1. Your platform would be more secure/better. 2. Apps you build for it would probably be reasonably straightforward to also run on Sandstorm.

There’s some interesting impacts here: If you don’t share a document with anyone else, there’s really zero way any vulnerabilities in the app itself can be exploited in any way, it’s not even running unless you open it via Sandstorm. So it’s safe to use these apps basically forever even without security updates.

The other big one is performance: Since apps are only running while you’re accessing them, there’s no performance cost to having a lot of different apps “installed” on your server. The cost of installing an app on your server is the storage, and CPU/memory is only impacted on demand.

⤋ Read More
In-reply-to » So, @prologic, I feel like I should convince you that your self-hosting solution you build should use containerized documents (Sandstorm calls them "grains" for kind of good reasons, but documents is usually applicable). This would have twofold benefits: 1. Your platform would be more secure/better. 2. Apps you build for it would probably be reasonably straightforward to also run on Sandstorm.

In a normal Docker setup, a flaw in Etherpad could lead unauthorized users to access documents they shouldn’t be able to, or of course, edit documents without permission, including documents they weren’t supposed to have access to. Since Sandstorm spins up Etherpad containers on demand, if a user doesn’t have access to a document via Sandstorm, the server isn’t even loaded/running anywhere, and nobody can access it. When we do spin it up, the authorized user gets a container with… only the one document they have access to. A flaw in Etherpad could let a read-only user exploit their way into editing, but only, again, for the one document they already had access to.

Also, Sandstorm spins up these containers on ethereal randomized subdomains, and requires a unique authorization cookie on your browser to access them when they’re up. So they’re also very difficult to access even when they’re spawned without authorization.

⤋ Read More
In-reply-to » So, @prologic, I feel like I should convince you that your self-hosting solution you build should use containerized documents (Sandstorm calls them "grains" for kind of good reasons, but documents is usually applicable). This would have twofold benefits: 1. Your platform would be more secure/better. 2. Apps you build for it would probably be reasonably straightforward to also run on Sandstorm.

If you consider an application like Etherpad, which by default, one would run and have dozens, hundreds, or thousands of documents, and you might host it at etherpad.yourdomain.com. And it’s always running, and it’s data is always available, and it’s using system resources. Additionally, you might want to share some documents with people, so people might have access to your Etherpad instance, but maybe only read-only, and only to some documents, or whatever.

⤋ Read More
In-reply-to » So, @prologic, I feel like I should convince you that your self-hosting solution you build should use containerized documents (Sandstorm calls them "grains" for kind of good reasons, but documents is usually applicable). This would have twofold benefits: 1. Your platform would be more secure/better. 2. Apps you build for it would probably be reasonably straightforward to also run on Sandstorm.

Essentially the key concept is to move as much of the management of security and access to the platform, and not the individual application. Sandstorm assumes the applications might be insecure, or even actively malicious, and so we want them as inaccessible and locked down as possible all the time.

With a platform like YunoHost without virtualization, an RCE in an app could compromise everything on your server. A Docker-host like Cloudron or Umbrel, an RCE in an app could compromise all of the data in that app. More often than not, an RCE in a Sandstorm app grants zero ability to compromise anything at all. This means Sandstorm very rarely cares that apps have any good security practice at all: In most cases it just doesn’t matter.

⤋ Read More

So, @prologic@twtxt.net, I feel like I should convince you that your self-hosting solution you build should use containerized documents (Sandstorm calls them “grains” for kind of good reasons, but documents is usually applicable). This would have twofold benefits: 1. Your platform would be more secure/better. 2. Apps you build for it would probably be reasonably straightforward to also run on Sandstorm.

⤋ Read More
In-reply-to » The vast majority of visits to my web server are: - Me - People or bots looking for vulnerabilities - Web crawlers

This is why I’m moving a bunch of my “sites” to basically internal-only apps on my Sandstorm server. I never really needed anyone else to have access anyways.

⤋ Read More
In-reply-to » @prologic I found the Atom feed, but I'm worried it might be too noisy, I don't want to overwhelm my feed reader too much. Hmm...

@darch@neotxt.dk @prologic@twtxt.net Sunday 21:00 UTC is about the only window that works for me–I have the baby most of that day. I can steal a bit of time during the work week on Mon-Thu between 13:00 and 21:00 UTC. Fridays are a little too tough schedulewise to think about 🤯

⤋ Read More

👋 Hello @allanjackob@twtxt.net, welcome to twtxt.net, a Yarn.social Pod! To get started you may want to check out the pod’s Discover feed to find users to follow and interact with. To follow new users, use the ⨁ Follow button on their profile page or use the Follow form and enter a Twtxt URL. You may also find other feeds of interest via Feeds. Welcome! 🤗

⤋ Read More
In-reply-to » @prologic I found the Atom feed, but I'm worried it might be too noisy, I don't want to overwhelm my feed reader too much. Hmm...

Also, check out the hash of the parent twt. Quads!

Never mind, I just realized it’s gqqq, not qqqq

⤋ Read More
In-reply-to » @prologic I found the Atom feed, but I'm worried it might be too noisy, I don't want to overwhelm my feed reader too much. Hmm...

@prologic@twtxt.net Midnight for you is okay? Maybe if I got up that early on Saturday for the meeting I would actually go find some garage sales like I always mean to do.

Also, check out the hash of the parent twt. Quads!

⤋ Read More