How Sandstorm Works: Containerize data, not services

This is very interesting. It combines a number of older ideas. Even the core idea behind their service, IIRC, existed in commercial products and academic research at various times. The security model looks like how MILS Architecture systems were describes for servers combined with capability work. I also like that they&#x27;ve heard of and use PowerBox&#x27;s. :)<p>Worth watching or following up on later maybe.

The general idea is very interesting, but the drawback I see is that this architecture makes it impossible for apps to do work that accesses multiple grains.<p>Search would be the most obvious example. This was solved pragmatically by implementing it in the framework and not in the apps, but that approach doesn&#x27;t seem to scale for me. What if certain types of grains require application-specific indexing? What if there are other tasks that cross grain boundaries but only make sense for a specific app?<p>Additionally, this limitiation makes it critical to get the definition of what is a grain right from the very start, when you design your app - once you realized you got the granularity wrong, I figure it would be very hard to split or merge existing grains to change it.<p>If I remember correctly, the Sandstorm documentation itself had examples for a word processor and for a photo editor app. However, while a grain for the word processor represents a single document, a grain for the photo editor is a photo gallery. So choosing granularity is not always trivial.

I love Sandstorm, but IMO, the requirement of a wildcard certificate is a small drawback in setting it up on my server. I know I can use sandcats.io but if I am using something like Sandstorm, I want complete control over my data, including domains. (I am now using sandcats though so there&#x27;s that but I wish I could get a wildcard cert for free or from Let&#x27;s Encrypt :)