<kentonv>
TimMc, anthropy, if you sign up for 1 month and then immediately switch back to the "free" plan, it does the "cancel at end of current pay cycle" thing, so effectively you will end up having paid $9 one-time.
<kentonv>
we do have a bitcoin wallet which was listed in our indiegogo campaign and is still valid. But note that we aren't set up to provide any kind of receipts or anything for that. But you're free to send it bitcoin if you want.
<kentonv>
since we're not actually paying any engineers anymore, cash either pays to keep servers up or goes into long-term savings for when we are once again able to pay engineers again
<anthropy>
ooh, yes I did miss that in fact. Looks interesting, for me at least heh, Blackrock looks really cool, though I don't see much documentation on it yet
<kentonv>
currently the code only actually works on Google Cloud since that's where Oasis runs. Needs some modification for other environments, mainly to teach it how to start up VMs.
<anthropy>
Ah yes, makes sense. Google's cloud is an interesting choice, don't know many applications deployed on there besides google's own stuff
<kentonv>
I used to work for Google, so I know a lot about their hardware and also the security measures they've implemented, and, well, I trust them over other providers.
<anthropy>
maybe it could be modified to use vagrant or puppet or something alike to start up what it needs
<kentonv>
there's actually a vagrant driver but it's mean for testing
<anthropy>
ah neat, definitely makes sense to use that service then :)
<kentonv>
like when Google says they encrypt all your data at rest by default, I know what that means since I helped write the key management code. :)
<kentonv>
though I hope to write better code to do fine-grained encryption in Blackrock.
<anthropy>
hehe :) that's quite awesome
<anthropy>
does sandstorm do any encryption on the data you store in it?
<TimMc>
You know how the sausage is made *and* you trust it? That's actually quite high praise. :-)
<kentonv>
at present, Sandstorm and Blackrock don't encrypt data. You should host it on a machine that does full-disk encryption.
<kentonv>
but Sandstorm is designed in such a way that we could add some very powerful encryption
<anthropy>
I have /opt on a separate encrypted partition
<kentonv>
fine-grained encryption -- each grain would be encrypted with a different key
<anthropy>
oh neat, would that be easy? then it could be deployed on places like AWS and Azure
<kentonv>
and we can do key management such that only the people with whom that grain is shared can possibly derive the key starting from the storage at rest
<anthropy>
that's pretty awesome
<kentonv>
then we'd let you set a master password on your account for encryption purposes
<kentonv>
and we could say "if you aren't logged in, Oasis can't access your data"
<anthropy>
would it still be possible to share grains if you have an encrypted account?
<anthropy>
I mean as in, with the public
<kentonv>
yes. Because each grain has a separate key. So when you share it with someone, we would encrypt a copy of that key to them (with their account's master key)
<kentonv>
yeah, sharing to the public basically means making the key public
<kentonv>
but it's just for that grain
<kentonv>
not your account key
<kentonv>
that's what's cool about fine-grained encryption
<anthropy>
sounds like it's well designed for all use cases :D
<kentonv>
it works really well with capability-based security in particular
<kentonv>
like in https://github.com/sandstorm-io/sandstorm/pull/2870 , if you connect a grain to a remote HTTP API that requires authentication (e.g. a password, or an OAuth token), it stores those credentials encrypted in the main database
<kentonv>
and the capability token that the app eventually receives is the decryption key
<kentonv>
so if the app storage is also encrypted
<kentonv>
then your remote credentials are protected all the way down
<anthropy>
I upgraded my sandstorm oasis account as donation :)
<anthropy>
can I set it back to free right away?
<kentonv>
yep
<kentonv>
thanks. :)
<anthropy>
thank You! sandstorm is exactly what I've been looking for for... well a long time heh :P the amount of calendar apps and homebrew things and other mediocre solutions I used to avoid public clouds before this I've long lost track of lol