Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Sandstorm (Score 1) 132

I run an instance of Sandstorm, which is software you can install on a Linux server that lets you run other apps. Some features:

* One-click installs of any of 47 apps, like WeKan (similar to Trello) and Davros (similar to Dropbox) and Etherpad (which you probably already know about) and Piwik (similar to Google Analytics).

* Total self-hostability, with auto-configured free HTTPS certificates and dynamic DNS if you want.

* Security sandboxing of the apps against each other and away from the Internet, so malicious apps can't leak your data back to the app's author.

* A way to "share" an instance of any app, like on Google Docs.

* Total open source-ness.

Admittedly, I'm one of its authors too. So feel free to take this with a grain of salt. But I do use it every single day.

Also if your friends don't want to self-host, but want to use the same apps as you, the Sandstorm.io company runs a hosting service.

Submission + - Software Freedom Conservancy asks for supporters

paroneayea writes: Software Freedom Conservancy has is asking people to join as supporters to save both their basic work and GPL enforcement. Conservancy is the steward of projects like it, Samba, Wine, BusyBox, QEMU, Inkscape, Selenium, and many more. Conservancy also does much work around GPL enforcement and needs 2,500 members to join in order to save copyleft compliance work. You can join as a member here.

Submission + - Sandstorm now uses PGP and Keybase to authenticate server-side apps (sandstorm.io)

paulproteus writes: As of this week, Sandstorm now provides a cryptographic chain of trust that connects the app package you’re installing to the app publisher’s online accounts.

When you use Sandstorm to install a server app like the EtherCalc spreadsheet tool, Sandstorm lets you see that the app was made by the same Audrey Tang that owns audreyt on Github and au on Keybase, verified with PGP and Keybase. Frankly, it's the most usable PGP implementation I've ever seen. It's all open source and you can run it on your own box.

Comment Share the source, and make it easy to install (Score 2) 47

Hi anonymous person,

Getting more eyeballs on your code is a marketing problem. So:

* Give us here a link to your code, and

* Make it easy to run your code.

* Then, you can try to reach people who care about that problem domain and tell them to use your code.

To make it easy to run the app, I suggest you create a package for Sandstorm, which is an open source project that makes web apps easy & secure to run. I work on the project, so feel free to decide I'm biased! But do take a look at https://apps.sandstorm.io/ and see how easy it is.

You can reach me (for packaging help) at community@sandstorm.io and find our packaging tutorial here: https://docs.sandstorm.io/en/l...

Best of luck!

Submission + - Is curl|bash insecure? Sandstorm.io thinks not (sandstorm.io) 2

taikedz writes: I can see several flaws in these arguments, so much so that where I previously dismissed the curl|bash offer as non-indicative of Sandstorm's security otherwise, I am now not so sure.

What do you think? From the article:

Sandstorm is a security product, so we want to address that head-on.

When you install software on Linux, no matter what package manager you use, you are giving that software permission to act as you. Most package managers will even execute scripts from the package at install time – as root. So in reality, although curl|bash looks scary, it’s really just laying bare the reality that applies to every popular package manager out there: anything you install can pwn you.

Realistically, downloading and installing software while relying on HTTPS for integrity is a widely-used practice. The web sites for Firefox, Rust, Google Chrome, and many others offer an HTTPS download as the primary installation mechanism.

Submission + - apps.sandstorm.io: Open source web apps, installed with one click (sandstorm.io)

paulproteus writes: Sandstorm is an open source project whose mission is to bring open source and indie web apps to a wider audience. Most web apps exist in the software-as-a-service model, where the app author runs a hosting service. But for open source web apps, the developers aren’t a big corporation with resources to run servers for you, so you typically arrange your own hosting.

To make open source web apps viable, installing apps on a server needs to be so easy that everyone can do it, so today we launched a new, open source server app marketplace. You can use it to install any app packaged for Sandstorm, either on your own Sandstorm install or, also new today, on Sandstorm hosting.

Comment Re:Back doors & binaries (Score 1) 359

Only problem having the source code does not mean you can actually understand it. A lot of open source code is obfuscated, sometimes I'm wondering if its deliberate

The GPL handles this by requesting the "preferred form for modification." Consider reading the GPL sometime; it's a really well-written document that considers a lot of these issues.

Submission + - Sandcats.io: free dynamic DNS for Sandstorm users (sandstorm.io)

paulproteus writes: Sandstorm is open source server software that makes it easy to install web apps like Ethercalc or Let’s Chat. But that’s not much use if your server doesn’t have a name, and setting up DNS correctly for a server can be a complicated, fiddly process.

I've been working on sandcats.io, a free dynamic DNS service for Sandstorm users, and it's now ready. It now takes 120 seconds to go from an empty Linux virtual machine to a working personal server, DNS and all. I'm hopeful to get Slashdot's feedback!

Comment File a take-down notice (Score 3, Insightful) 180

YouTube has a standard DMCA complaints procedure. I recommend that Yoon Mi-rae and the label follow that process, partly because it actually works which is great in this case, and partly to give Sony a taste of their own medicine.

Here is the link: https://support.google.com/you...

(Note that I have a bunch of experience with the take-down process, including participating in an EFF lawsuit ~10 years ago; see https://www.eff.org/document/d... .)

Submission + - Thirteen open source workshops at colleges in 2013 (opensource.com) 1

paulproteus writes: Three years ago, Slashdot covered a "How To Get Involved In Open Source" workshop I helped run at the University of Pennsylvania. I'm part of the team that put that together, and in 2013, we ran 13 events, 7 of which were organized by women in CS groups. There's still no shortage of students that want to get involved, so read how we're going to run even more in 2014!

Comment This is w/r/t CPython, not random code in Python (Score 5, Informative) 187

The Slashdot summary is confusing, as is the eweek.com headline. Reading the article, it is clear that it is about the code that powers the official Python interpreter, AKA CPython, AKA /usr/bin/python. When I clicked the link, I thought Coverity had surveyed the entire world of open source Python code and discovered that Python programmers as a whole publish higher quality code than people who e.g. program in Ruby. That's not what the article's about.

It'd be great if the headline in Slashdot were to be fixed to say, "Python interpreter has fewer code defects compared to other open source C programs, says Coverity."

Slashdot Top Deals

Real Programmers think better when playing Adventure or Rogue.