I've been working on packaging Datasette, an app I've been very interested in for a while. I have a package which isn't friendly to use but proves the concept, and the lead developer is interested in helping fill those gaps in usability with some small plugins.

https://github.com/simonw/datasette

https://github.com/ocdtrekkie/datasette-sandstorm

...and allow users to grant access via a popup. I have much of this implemented on my media-csp branch.

Total

(This got a little complicated since there was wrapup stuff not really in any category. Will probably leave milestone metrics below as "out of date" unless people are very interested.)

• Estimated Originally: 17.5-44.5 hr
• Currently: 38 hrs at the point of experimental app release. Will update after it's in the market in case I need to fix things.

Milestones (out of date)

This section got out of date as far as hours, and it'll probably take more time than it's worth to get back up to date. But keeping around in old state in case anyone cares.

Get started on spk based on Ian's vagrant-spk version

• Convert vagrant-spk -> spk
  • Estimated: 2-4 hr
  • Actual: 3 hr

Caveat on vagrant-spk -> spk:

• Figure out why spk packed version can't find any files in the package.
  • Not /usr/bin/bash, not launcher.sh, nothing.

Based on Kenton's changes:

• Sandstorm Packaging Stuff

  • Graphics, md files, pkgdef, etc
  • Estimated: 1 hr

• Trivial items

  • Remove excessive logging and console warnings
  • Estimated: .5 hr

• Style

  • Style tweaks, some for avoiding cutting things off (avatar in sidebar, which Kenton added to ep_author_neat)
  • Estimated: 1-4 hr
    • Pessimistic end of estimate: the new version could be styled sufficiently differently that these tweaks are nontrivial to replicate.

• Minifying/Caching/Performance

  • Upstream etherpad (as of the old version, at least) minifies on runtime. Kenton's etherpad minifies during the build phase (need to run etherpad outside of Sandstorm manually to trigger it), saving results to ./cache which gets packaged. At runtime, it uses ./cache and and bypasses all minifying.
  • Estimated: 2-6 hr
    • This seems like something that may or may not have changed a fair amount under the hood over the years.
  • Actual (so far): 10hr

• Dependencies

  • Install plugins, including two modified plugins (ep_comments_page and ep_author_neat) from source. (these have their own milestones)
  • Install sqlite3 and capnp.
  • Estimated: 1-10 hr
    • Long side of this estimate is based on updated plugins causing surprise problems.
  • Actual: 4 hr

• Migrating dirty.db -> sqlite

  • Dirty.db is Etherpad's default database. Etherpad-Sandstorm used it for very early versions. We ideally should still migrate for the sake of those folks.
  • Estimated: .5 hr
    • I don't see how changes in the latest Etherpad could create surprises here given that this migration runs in the kickoff script.

• Sandstorm Profile Integrations

  • Automatically populate author name and avatar. Make avatar available in ep_author_neat (see below).
  • Estimated: 2-4 hr
  • Actual: 4hr

• Sandstorm Auth/Permission Integrations

  • Replace Etherpad identity and permission with Sandstorm's
  • Estimated: 2-4 hr
    • Would be faster, except I worry there may be new places that I have to patch in this permission. Risk may be unauthorized access.
  • Actual: 3.5hr

• Sandstorm Activities Integrations

  • Posting Sandstorm activity on edit
  • Estimated: .5 hr
  • Actual: .5hr

• Assorted

  • Settings - initial messages and other cosmetics, basic configs. One text change (which Kenton has noted may warrant translation). Redirect to a document instead of the Etherpad home page.
  • Estimated: 1-2 hr
    • Gonna check for new settings. Something interesting could come up.

• ep_author_neat

  • UI/styling bugfixes and tweaks. Alter behavior for attributing a paragraph to an author. Show avatar in the sidebar (using changes in etherpad-lite).
  • Estimated: 2-4 hr
    • Some competing upstream changes
  • Actual: 4 hr

• ep_comments_page

  • UI/styling bugfixes and tweaks. Sandstorm permission: comment. Sandstorm activity: comment.
  • Estimated: 2-4 hr
    • Upstream made a lot of commits
  • Actual: Way over, but I'll count 4 hr

https://github.com/zenhack/incremental.js

I put together a preliminary version of the above in a couple days a while back. There are a couple of bugs to shake out, and I'll want to battle test it, probably as part of the UI for ocap-merkledag. But once I've gained some confidence I have interest in possibly using this as part of Sandstorm core, as I think it will make the UI code much easier to work on & maintain.

Thanks to FundOSS, our OpenCollective now has a sizeable $4,878 to work with to fund Sandstorm development. I think that it's critical that we translate this funding into progress in short order, so that people feel their investment has actually gone to where it belongs.

My understanding is that FundOSS intends to run another round in 3-6 months, which I feel should guide our disbursement rate somewhat, though until the next FundOSS is running, we should assume it may be a one-off, and try to raise our own recurring funding on OpenCollective. But if we were so lucky as to be able to run FundOSS again and come out similarly in 3-6 months, then we should look to spend $750-1,000 a month.

I think we should establish a list of appealing projects that can be completed in roughly a month or less, and assign a rough dollar value, based on the expected time needed and our goal disbursement rate (above). We should then determine a way for the community to indicate their preferences/ranking, such that we can prioritize spending on projects which the community is excited about. I think Framadate might be a suitable poll app for this, since people can vote for multiple options, though it falls short of ranked-choice or single-transferable voting.

Obviously the two biggest perks to running community funding this way compared to Ian's sponsors page is: We can easily distribute this to any community developer participating, and the community can direct the priorities of development rather than leaving it open-ended.

Kenton and Ian left additional review notes on sandstorm-io/sandstorm#3391 and I believe I can polish this up into a merge-able state. But I haven't done it yet.

A while back I wrote: https://github.com/zenhack/capnpc-node-typescript

...I should update the README; it's pretty much ready for prod, and I just need to integrate it into our build system, at which point we'll have types for everything that uses capnp.

On my grain-settings branch, I am working on adding a per-grain settings page, where we can put stuff like managing a grain's capabilities & scheduled jobs, and anything else that makes sense (periodic backup policy comes to mind, someday)

On the bpf_asm branch on my fork I have some WIP on two related things:

• Converting the seccomp filter from libseccomp to bpf assembly (sandstorm-io/sandstorm#2989)
• Make it into a whitelist, rather than a blacklist.

This is a fork of uWiki, seen here: https://github.com/sdassow/wiking

It's added a lot of features and polish from the original version I tried packaging in the experimental market. But the security improvements he added have been throwing me off. I had to get the "DNS rebinding protection" feature able to be shut off, and then I hit the CSRF issue. I'm hoping Ian's fix in the last release will unblock this, but I haven't tested it again yet.

Another app I've been interested in for Sandstorm is 2FAuth, which allows you to use TOTP tokens in the browser. A while back I asked if they had a way to bypass the login for it, and I was informed this past week you can now authenticate by HTTP header, which should be very compatible with Sandstorm.

https://github.com/Bubka/2FAuth

Mostly in service of ocap-merkledag, I've been making some improvements to haskell-capnp, and there are some more that would benefit from it.

A lot of this is performance work, or reworking of APIs to make writing performant code more ergonomic.

Currently, I have a "it runs" branch at https://github.com/ocdtrekkie/drawio/tree/sandstorm and I have the packaging key.

The biggest issue here is to stage.sh (https://github.com/ocdtrekkie/drawio/blob/c9bbab5c11eaf879ff473e63533cfbaeaa043062/etc/sandstorm/stage.sh) explicitly copies files to use in the Sandstorm package... some of them I had to comment out, which means those features are renamed or moved. And a lot of new files aren't copied, so it's likely the package has a lot of holes I need to audit and test.

It would be nice to have the bundle for each Sandstorm release be a reproducible build.

My work on a nix expression for Sandstorm might help here, but another approach could be to use a Dockerfile, along with more conventional tools.

Kenton pointed me to https://github.com/fasterthanlime/capnp-ts/tree/rpc as a mostly-ready version of a pure-typescript capnproto rpc implementation. I poked at it, and the current version doesn't build; it looks like there are still a few TODOs. It also needs to be changed to not require node's finalizer support in order to run in the browser.

I'd like to get that work finished up so we can use capnp client side, both in sandstorm and for some apps.

We're close to closing the client-side loophole, but it's currently not possible to block WebRTC with CSP; that will require changes to web standards (and browsers, obviously). I'm trying to get some discussion going in the w3c about making this happen, it looks like there was some effort in this direction that stalled:

w3c/webappsec-csp#287 (comment)

Related to #12, it would be nice if blocking the exfiltration hole provided by webrtc didn't prevent apps from making legitimate use of the functionality. Furthermore, right now (even without a block for that in place) if someone wanted to write a video conferencing app, they would run into the problem that iframes can't request mic & camera access, so I'd like to have some answer for how apps can do that sort of thing.

My ideal for this is that we'd be able to use postMessage() to transfer the relevant browser objects, so apps could request access to these from Sandstorm, much like they do for powerbox requests.

Related issue with w3c folks: w3c/webrtc-extensions#64

https://github.com/vivekg13186/block-cad-desktop

https://github.com/zenhack/ocap-merkledag is the foundation of my plans for Sandstorm's backup system, but in the shorter term it even a less integrated version as an app would be useful as a data-dumptruck for my own backups. Soonish I hope to get an MVP of this out. This will consist of a Sandstorm app with basically no UI other than an offer iframe, and a command-line tool that you can use to shove stuff into it. From there I'll build a UI and such, but this issue is for the MVP.