Asheesh Laroia

I'm Asheesh, someone who cares a lot about getting more people using and contributing to free software. These days I live in San Francisco, working for & on Sandstorm.

Accepted Talks:

In this structured session, task-seekers will describe what they like doing, meet currently-active contributors, and find fun, productive things to do as part of the Debian project. If you're excited about contributing to Debian, or if you already are contributing but need help with something, this is the session for you.

Event structure

In detail:

  • All participants will sit down in a round-table BoF setting.

  • Mentees will introduce themselves, including answering a brief questionnaire.

  • The moderator (Asheesh) will summarize the mentee remarks.

  • Mentors will then find mentees who they can offer tasks to. These tasks should be short enough that they can be productively reviewed/merged/uploaded by the end of Debconf.

If you want newcomers to help your Debian subproject, then this is a great event for you!

The event will be a success if mentors and mentees work together, outside the session, over the course of the conference.


  • "Mentee" means someone who is looking for something new to do within the Project.

  • "Mentor" means someone who can offer help, or can offer a task as well as review of the mentee's success at the task, to help them learn.


  1. What's one thing you know about the Debian Project?
  2. What's one thing you like about Debian?
  3. What's one thing you want to learn more about? Not necessarily an element of Debian, just something in your life that you want to learn more about.

This talk covers how web app packaging works for the free software project. This talk covers how Sandstorm achieves one-click installs of web apps for unprivileged users. To do this, Sandstorm's packaging tools do a few strange things:

  • Every app package is a tiny Debian derivative, often as small as 20MB.

  • Apps have no Internet connectivity to the outside world.

  • Sandstorm uses a FUSE filesystem to identify which files are needed to run the app.

  • An app bundles all its needed services, as well as files, resulting in one MySQL service per app.

  • Users click and run one instance of an app like Etherpad per document, which is all handled transparently via a web app, a strategy that has neutralized 95% of 0-day web app vulnerabilities, based on our analysis.

  • Developers on Mac OS and Windows can create packages for Sandstorm, even though Sandstorm is Linux-only, due to an emphasis on Linux VMs in our development tools.

Somehow we manage to make this scale reasonably well. Additionally, it is popular with upstream authors: of the >50 web apps packaged for Sandstorm, about 1/3 are maintained by their upstreams.

This talk focuses on how the Sandstorm packaging tools work, with community insights as well as technical ones, with the hopes of showing Debian how to more effectively package web apps for end users.

Sandstorm is the Google Docs alternative that Tor and Debconf use, and you can learn about it at this BoF. It's implemented as a a web app package manager built so that end-users can use whatever software they want, with aggressive sandboxing.

I'm on the development team and one of the admins of and would love to discuss it with fellow Debian people. is something any Debian community member is invited to use for their own personal use (and you can self-host it, too). You can use it for:

  • Personal documents (fully private to you), with Etherpad or Ethercalc or other tools

  • File sync, using Davros + ownCloud clients

  • CardDAV/CalDAV sync with Radicale

I'd love to show how you can use or self-host a Sandstorm install yourself, or listen to your feedback! has a few admins, and if you want to talk about becoming an admin, we can talk about that, too.