Here is what the author posted on HN regarding releases:
> Hi all, Cap'n Proto author here. Thanks for the post.
Just wanted to note that although Cap'n Proto hasn't had a blog post or official release in a while, development is active as part of the Sandstorm project (https://sandstorm.io). Cap'n Proto -- including the RPC system -- is used extensively in Sandstorm. Sandboxed Sandstorm apps in fact do all their communications with the outside world through a single Cap'n Proto socket (but compatibility layers on top of this allow apps to expose an HTTP server).
Unfortunately I've fallen behind on doing official releases, in part because an official release means I need to test against Windows, Mac, and other "supported platforms", whereas Sandstorm only cares about Linux. Windows is especially problematic since MSVC's C++11 support is spotty (or was last I tried), so there's usually a lot of work to do to get it working.
As a result Sandstorm has been building against Cap'n Proto's master branch so that we can make changes as needed for Sandstorm.
I'm hoping to get some time in the next few months to go back and do a new release.
Please consider something like https://sandstorm.io for document sharing instead of Google docs. Google docs is a popular doxing tool. It is very suspicious to see a Google docs link in this sub in particular. As someone who shouldn't have a gun in the house (history of depression), I want to keep my armed allies safe. You guys are our last line of defense of shit his to fan.
Integration among disparate open source projects will always be a problem, but I know of two projects that offer a kitchen-sink-type home-server-in-a-box:
To be honest, I haven't actually used either. But, I know they exist and look like they fit a niche. Thought, I'm not sure how safe/successful an OOTB mail server (and esp. VPN) is.
Would you prefer if he said:
curl $url > script.sh; bash script.sh
?
Would you prefer if he said "download [this]($url) script and run it in a shell"?
The fact is that the majority of people don't audit every random script they run. curl | sh
just skips the bullshit.
>This bug has HUGE potential for exploitation, and you can bet that those who would exploit it have been working furiously to take advantage before the window of opportunity closes.
No it doesn't. First off, an attacker would need to be MITMing your traffic already, which is a whole security exploit in and of itself. Second, they would need to get around the tls of ops link, which is anoher security exploit. Finally, they would need to have seen this post in particular in order to know which script to replace. And yet, somehow, you think they would be incapable of replacing any hash op posted? Not likely.
Among legit security experts, curl|sh
is considered a non issue. See for example this post: https://sandstorm.io/news/2015-09-24-is-curl-bash-insecure-pgp-verified-install
https://sandstorm.io/ has this feature. I didn't try it yet though. There is a way to make your own packages for it https://docs.sandstorm.io/en/latest/vagrant-spk/packaging-tutorial/ .
And ofc Nginx, that has login-pass and client SSL certificate authentication
The main point of these sorts of things is reducing management burden. Clicking one button to install an app and integrate it with your account is far easier than figuring out how to install, setup, and configure each app you want to host. Add the fact that Cloudron manages your application updates for you so selfhosting isn't also your full time job (and you don't have to worry about each of your individual apps being potentially vulnerable at any given time) is well worth investing in a platform to manage that, and even kicking over a few bucks for updates.
Things like Cloudron.io and Sandstorm.io are what make it possible for average users, who don't know how to configure their own Nginx to selfhost. And having a free plan is a great way to ensure people can try it out, figure out what fits their workflow, and then hopefully move up to a bigger plan.
As usual, hat tip to the Cloudron folks for doing a great job.
That sounds very suitable, thank you!
I'm looking at having several tens of users, certainly less than thousands, but with very low usage, so a small VPS should work well.
I've read some conflicting views in this subreddit about using tools like YunoHost or Sandstorm.io. It seems like they make things easy, but not simple, and if you can handle docker you'll probably get a solution that's easier to keep up to date.
I'm quite happy working with Docker Compose, If you can share your configuration that would be great.
We've tried them (they didn't really take off - and that was before someone had the clever idea of grafting a volatile, speculative token to the side of it):
https://en.wikipedia.org/wiki/Diaspora_(social_network)
Edit: also https://en.wikipedia.org/wiki/CAP_theorem is kind of a cold, hard shower for most dapps if they ever want to progress beyond toys. FB and twitter have literally spent billions fighting those constraints and they have the benefit of centrally managed hardware, networks and data stores (fun fact: a lot of reddit is powered by Cassandra - a distributed data store originally developed by FB. As you will know from using reddit - it's far from perfect despite being developed by the best minds in the industry and, in the case of reddit, being constantly looked after by sysadmins in a highly optimised and centrally managed datacentre).
Couldn't be more wrong. Sandstorm is bascially a platform to install and run self hosted apps. Apps are securely isolated in containers and use central authentication and sharing mechanisms provided by Sandstorm. See https://sandstorm.io/features
We have a tracking issue here. It should be a reasonably straightforward job, as gj::Promise<T,E>
is not very different from Box<futures::Future<Item=T,Error=E>>
, but there's enough code that it will take a non-trivial amount of effort. So far, the existing code (based on gj) has worked well enough for my use cases, so migrating to futures-rs has not felt terribly urgent to me.
Note that if you would like this or any other capnproto-rust feature to be prioritized and are willing to pay $$ for it, we at Sandstorm now offer an official way for you to make that request: https://sandstorm.io/news/2016-12-01-sandstorm-solutions.
Sandstorm is another option.
If you install it, you get:
File sync, via an app called Davros.
A Trello-like task management app, called WeKan
The ability to host websites via WordPress or Ghost, but snapshotted as static HTML websites for security & performance.
Single sign-on to all these things, Google Drive-style.
The ability to let your friends join your server and make their own things, sandboxed securely away from your things.
I often tell people it's an open source alternative to Google Drive that's more customizable and more oriented toward privacy. I hope you'll give it a shot.
Disclosure: I work on the project, and for the company behind it.
Not bad. A container only runs when you're actively using it, i.e. (usually) only when you have it open in the browser. App assets are shared read-only between all instances of the app, so the marginal storage overhead is only the data specific to that grain (= document, board, whatever).
Sandstorm is somewhat RAM-hungry, but it hasn't been a huge problem in practice. RAM is getting cheaper all the time, so it's well worth the cost.
Moreover, we're working on some tricks which will greatly reduce the RAM usage: the idea is to run one copy of the app through its startup phase (where it parses/JITs all its code), snapshot, then start from the snapshot in the future. This can actually allow the in-memory data structures to be shared copy-on-write between instances of the app.
Also note that there are some performance advantages to Sandstorm's approach, though they apply more to a cluster scenario than to a single-machine personal server: https://sandstorm.io/how-it-works#performance
<4realz triggerd="hard"> Just when I thought you couldn't find anything more BS than companies throwing the word "secure" around in their products even when they have nothing to do with security. On second thought this obnoxious smarmy mascot is enough to not consider reading anything on the site.
For static content, publishing to blockchains seems like an interesting technology: https://github.com/williamcotton/blockcast
You might be more interested in Sandstorm, which is meant to make deployment of popular Web services easy: https://sandstorm.io/
I'm personally looking forward to some sort of distributed P2P content/service publishing scheme where users can easily rent out storage space and compute cycles to each other with little overhead.
EDIT: wordin'
Ohh I guess you are gonna love sandstorm.io! Sandstorm allows sandboxing open source webapps and running them securely under your hub. It already has a few useful apps (like emails, wordpress, rss reader and spreadsheeteditor), but I am sure there will be many more when their ecosystem grows. You will basically be able to do a lot more than with Google's services, it is gonna be awesome!
Family-oriented apps all seem to be web services or phone apps with freemium, ad-supported or you-are-the-product "free" data-mining revenue models.
For self-hosting, you probably need to tweak an open source business project. Take a look at https://sandstorm.io/ and their Wekan project and task manager. Looks like Trello, but self-hosted and open.
By tweak I don't mean under-the-hood coding, but rather customizing the options.
Pour l'auto-hébergement, autrement que les VPS ou les soluces proposés dans le fil, je te conseille de regarder vers leboncoin/ebay et les mini pc type WYSE ou Intel Desktop board, tu peux les avoir à pas cher, c'est sur que ça consomme plus (environ 18W de TDP pour un Wyse 5010) que des cartes ARM genre Pi ou Odroid, mais au moins c'est une architecture x64 (requise pour Sandstorm.io).
Ma config à 30 balles :
Wyse 5010 (client léger)
pas de ventilo = pas de bruit
CPU : AMD G-T48E 1.4 GHz dual core
RAM : 4go SODIMM DDR3 (1 slot)
I/O : un port Gigabit Ethernet, et des USB
Mémoire flash : 16Go (SATA) ( j'upgraderai avec avec un ssd plus gros)
il me reste un port mini PCIEe et un sata dispo si besoin...
j'ai installé ubuntu server dessus puis sandstorm sans difficultés...
Dans ton cas je te conseille :
garde ton NAS pour le stockage multimédia ou les sauvegardes, relie le avec un mini pc (fanless basse conso conseillée) avec un serveur installé dessus, et tu est paré ( ajoute un onduleur si besoin).
I collaborate for my podcasts (and do all my other 'cloud storage', mind you) with Sandstorm.io which you can selfhost. It has Etherpad, EtherCalc, Wekan (a kanban board), Davros (a file storage app), etc. wrapped up in one authentication scheme.
Fair warning, if you don't want to use it's built-in (free) wildcard cert and dynamic DNS service, configuration can end up getting a bit more sophisticated than average, because you do need a wildcard certificate for it to work.
Personally I moved most of my stuff to Sandstorm.io (https://sandstorm.io). I haven't tried the importer yet, but AirbornOS (https://www.airbornos.com/) just added a Google Drive Import button. :D Nextcloud or ownCloud is always a solid recommendation.
Lots of great hosting platforms for documents these days.
Pay someone else, this is way beyond just simple front-end stuff and if you want it done in a timely manner then you're going to require a team of devs if you want your own solution.
If this is more of a learning experience and you want to dedicate time to it (i'd estimate at least 2 years based on your current level that's if you're going full-time dev) then i'd advise to get something like sandstorm and build on the source code already there.
EtherCalc is a really solid piece of open source software. You can use it at https://ethercalc.org/ or host it yourself.
Or, if you want a little bit more capable platform with stronger security, account management, other apps, etc., you could consider something like Sandstorm.io https://sandstorm.io or Cloudron.io https://cloudron.io, both of which offer EtherCalc as an app.
I'm not OP, but I run my own personal servers (https://sandstorm.io/ promises to make this easier for many) and I share his point. I only run windows for gaming (and for the occasional work related issues, but I could use a VM for those).
My point is, there are those of us who don't touch any of the big companies more than we have to. And Microsoft is the largest pain point among them due tot heir market dominance, which is why they get so much more flak.
A good approach might be to use Rocket.Chat through Sandstorm. If you set up a Sandstorm server, you can then add a bunch of potentially useful apps including chat, file sharing, project planning, and shared calendars.
Developer here. We plan to have two solutions for that - running Lavaboom in https://sandstorm.io/ and a script that will be available soon (up to two weeks). If you have any issues with running Lavaboom in Docker, feel free to create an issue here: https://github.com/lavab/oss/issues - it'll help me to improve the documentation.
pfSense for network virtualization. I have the same switches. I have some of the ports on the CRS328 set up for VLANs. The CRS317 works best when treated as an unmanaged switch. Each Proxmox host (I have a few) has gigabit to a VLAN trunk port on the CRS328 and 10gig to an SFP+ port on the CRS317. I use a pfSense VM in Proxmox to handle the VLAN routing. With suitable firewall rules in pfsense you can have VMs in Proxmox that can see each other but not other VLANs or the rest of your network. Proxmox lets you specify the VLAN tag for a VM right through the web UI.
sandstorm.io for self hosted web apps
You could deploy mycroft to add a good voice agent to your home assistant setup.
A macOS VM. An OpenCore iso makes this fairly easy. You can google the OSK key if you don't have a Mac to pull it from.https://www.nicksherlock.com/2020/06/installing-macos-big-sur-on-proxmox/
There is multiple approaches to make the installation of apps easy:
I would not recommend to run docker in production because of my security concerns but other people might not agree with my opinion and may be right to do so. I am not an expert on virtualization nor security.
Another option would be to replace your individual services with sandstorm. It nicely integrates auth for all apps. It only works with apps that have been adapted to support it, but it's pretty popular and there are quite a few popular ones.
Time to download the whole E621 database. And If I have additonal space I would download some ISO files for Projects where you don't really need internet. If you don't understand what I mean here is one Example: Sandstorm
It's all in doing as u/chriscook8 said.
My issue was I could never find something that was actually useful and I couldn't bring myself to make a superfluous system (read: reinvent the wheel) just because I could. So I gave myself actual targets like making a stack to host something like Sandstorm (https://sandstorm.io), installing a LAMP, MEAN or other stack that would later host a note taking system, or a blog or game server. PiHole is a good utility to have and fun to set up, etc.
Everyone is different though, so if you're someone I could tell "Hey, make your own configuration management software" or "Setup Chef and Ansible on a cluster of 10 servers just because you can" and you are happy to do that and learn from it, by all means do. That puts you in a better situation than someone like me!
The big thing about getting hired is having background. I've trained guys with bachelors that are fresh out of school that can't figure things out for themselves because they thought school gave them all the tools. Most places these days are actually avoiding people who put all their stock in paper backing their skills and want people who really can show they've done the work before. My current project personally is creating a sort of "live portfolio" that I can link someone to and they can explore things like my github repos and play around with my VM environment.
What ever you do, just always try to learn, exposing yourself to new tools and methods are what saves you when you're in a pinch and makes you a valuable resource when the old timers are at a loss.
Maybe try a combination of solutions, e.g Turnkey like other user mentioned and sandstorm.io...Fragmentation in solutions has existed since the beginning of time and there will likely never be a one size fits all sort of thing.
Have you looked at Sandstorm? It's intended to be used as a way to provide web services, so no mail server or other such application support, but it's got WordPress and other prebuilt setups in its repos.
If you want more flexibility, try building docker containers for your most commonly deployed applications and use those to quickly spin up a new instance.
Its merely security through obscurity, which might be your thing. Most of the SIP brute forcing we see is directed towards our IPv4 address, with the occasional attempt towards our rDNS domain. Setting up Fail2Ban and configuring LetsEncrypt are much more practical steps to take than trying to use DNS as a way to hide, reminds me of Sandstorm.io's silly use of the same technique. DNS will leak your "secret" subdomain like a sieve by the way.
Well, securing your server is not a one time job. You need to monitor it continuously. Instead of thinking of services or individuals to secure your server, I would recommend to first start off with a platform that has security features baked into it.
I suggest: 1) using SaaS :-) Of course, you wouldn't be here if you wanted that.
2) sandstorm is the main trendsetter here in terms of security though I am bit hesitant to suggest it to you since it's very technical at this point and still pre-alpha. https://docs.sandstorm.io/en/latest/using/security-practices/ and https://sandstorm.io/news/2017-03-02-security-review
3) cloudron has most of the basics covered (https://cloudron.io/references/selfhosting.html#security). I eagerly await their 2FA support...
This is pretty much the idea behind https://sandstorm.io/how-it-works. Check it out, /u/rain5.
You really can't graft it onto a normal OS though. At best, you can use SELinux to whitelist what each app can access.
Sandstorm. Securely run web apps (such as Wordpress, GoogleDocs alternatives, Kanban boards, etc.) as easily as installing apps on your phone.
Tagspaces combined with Owncloud. Makes for a pretty nice note-taking system in a browser, but admittedly not very good on Android (no app). I assume it is similarly poor on iPhone. But it does allow you to take notes in markdown format (among others), which is great for code! Much better than other Owncloud notes apps in this regard. Drawback is that you need access to an Owncloud install, but perhaps that isn't too hard to roll yourself using something like sandstorm?
If you self-host Sandstorm (a package manage for self-hosted apps) you'll find that Sandstorm turns WordPress into a static site generator.
https://apps.sandstorm.io/app/aax9j672p6z8n7nyupzvj2nmumeqd4upa0f7mgu8gprwmy53x04h has more info on the WordPress package; https://sandstorm.io/install/ has more info on the install.
I think we should be working on developing a "personal cloud" platform, where people could take an old laptop/VPS and host their SaaSS there.
Oh wait, I remember, that's sorta what sandstorm.io/ is doing. yeah, let's do that
I completely agree with the fire / flood comment.
I'm hopeful that things like https://sandstorm.io and https://camlistore.org/ help us...
...I can't even imagine how much data is not backed up, and how many unused bytes there are in the hard drives of the world.
The best way to understand Sandstorm is to try the demo:
Go to https://sandstorm.io/
Click "Try the Demo"
Now, start the demo, and install Etherpad, and create a new Etherpad document. Should take you about 90 seconds tops. No config files; just click.
Because until recently, nobody's cared enough. I'm not sure enough people care even now. However, the project to look out for in this space is Sandstorm - still very alpha, but the idea is to build a platform where you can host your own email server and webmail, your own document hosting, website, etc etc.
I notice that the word web appears exactly once in the comment thread, as far as I can find. So I'll propose an answer:
Web apps that are as easy to install on our personal servers as Android/iOS apps are. So easy that you don't have to be a sysadmin or developer to install them. Packaging these apps should be so easy that when a developer writes a random personal project, you can make it available for others to install without doing anything complicated.
One way to get there is https://sandstorm.io/ -- where (full disclosure!) I just started working yesterday. It's an open source project that lets you install dozens of web apps, all safely sandboxed from each other, with the click of a mouse.
But I'm sure there are other, web server-centric ideas people have, and I'd love to hear them in replies.
despite being a longtime cli user, running a vps for a year teached me alot just by maintaining a standard stack.
would I be in your position, I'd give sandstorm.io a try and use some of the webservices the "platform" offers.
You might want to keep track of Sandstorm.io - It's a bit like Docker in that it uses jails, but it's a lot more portable and has greater security between the "grains" than Docker has between it's subunits.
As one comment on HN said, "This makes it easy for developers to distribute cloud apps without having to manage users, billing, hosting, security or any of that SaaS boilerplate. Just code the app and distribute it for your users."
I found this interesting for people who'd like the control of having their own server without the command line: https://sandstorm.io/
I'm not affiliated with them at all, I haven't even tried it myself (I'm a command line dude myself) but I liked the idea enough to support on indiegogo and spread the word
I think it already exists.
I might start contributing in some capacity, but my current personal focus is on networks.
Right now Sandstorm is focused on the idea of a private you-control-it cloud, which I think it a fantastic idea and much needed. But I think it could evolve into something more than that in time.
Once Sandstorm is more mature, I'm thinking that I might put together a quick and dirty test environment and see how it works... if I can find time. That depends on other things.
I realize I'm being a bit of a drive-by contrarian here, but hey. I've had this idea for a long time, so I figured I'd pitch it out into the ether. Maybe it's stupid, or maybe it's not, or maybe it'll inspire somebody to think of something else that's different but better.
Edit: I just thought of a name for my blog!