Sandstorm And The Social Web

29 May 2016

I’ve been gradually getting involved in Sandstorm lately. I’m working on an app to idle in IRC for me, and in support of that I’ve been working on Go wrappers for the sandstorm Cap'n Proto APIs, and contributing a few things to the Go Cap'n Proto libraries/compiler plugin. There are some folks interested in running federated social networking apps (e.g. pump.io or GNU Social) on Sandstorm, and I agreed to write up a few notes about the challenges in getting those applications to run on Sandstorm, so that’s what this post is about. A lot of this is just questions; I haven’t had a chance to dig into things the way I’d like.


First, a list of relevant bits of software, standards and protocols that I’m aware of. This is probably incomplete.



Implications for Sandstorm

First, some very concrete challenges:

I’m sure there are more.

There’s also a big conflict in approach that I expect to cause a lot of friction: Sandstorm takes a hard line on the principle of least priviledge. In contrast, what I’ve read of the federated social networking protocols doesn’t demonstrate much sophistication when it comes to security. Indeed, when I spoke to a handful of the W3C working group members at Libreplanet, I asked them about what their thoughts were on how to deal with some authorization use cases that I’d been puzzling over, and basically got “authorization is still something we’re thinking about.” There’s some basic sanity checks in the ActivityPub spec, but the last time I looked at it (a few weeks ago) it didn’t really provide much guidance on security issues. Security isn’t something that’s easy to bolt on to existing protocols, so this has me worried.

When I get the chance I’d like to dig into things a bit more and write a better-researched post, but these are my initial impressions.