So who wants to let others host some arbitrary code execution Docker containers in their datacenter for some crypto currency?
I think back to the episode of Futurama where they go fishing in the middle of the ocean, and Bender asks if they're in international water. Then he radios a boat that comes picks up a package from him and he says, "Guess what you guys are now accessories to."
> So who wants to let others host some arbitrary code execution Docker containers in their datacenter for [money]?
I believe they're called hosting companies. ;)
SCNR.
More serious answer: When we pitched AWS on running Codius they pretty much said the same thing: credit cards aren't just used for payments but also to keep spammers out. So we may need some kind of trust system eventually. But it seems to work ok for now. (Port 25 outbound is blocked and DDoS from Codius is more expensive than other options. Codius costs about the same as EC2 and hiring a botnet or adding a few dozen iframes to your reasonably popular website is much cheaper.)
This seems to be solving an actual interesting problem (running untrusted applications on anonymous compute, at scale). A scraper, for example, would be the killer application for such a platform.
But the cryptocurrency integration looks tacked on, or orthogonal to the problem -- which will hamper the adoption, or even turn away application makers otherwise interested.
One of the smartest thing I’ve seen in the crypto realm was the realization by the Codius folks some years ago that smart contracts are something that would benefit from an “off chain” execution framework/platform, independent of any specific blockchain.
Hence, the cryptocurrency part is purposely orthogonal to Codius. I don’t think it’s tacked on, it’s more agnostic and it’s up to end users to decide what if any blockchain integrations they want.
The potential for Codius (and yes, it is an ambitious vision, with a long way to go) is a framework where you could deploy much more functional and powerful distributed applications than would ever be possible with a blockchain based approach like etherium.
I don't know if what it's promising is actually possible. Ultimately you need to trust that the machine/node which claims to be running your code is in fact running it as-is and not running some hacked version of it which behaves the same superficially but is actually collecting all your user passwords behind the scenes.
The node can always lie by perfectly adhering to the protocol but doing something completely different behind the scenes. You can hash, sign or encrypt the code as much as you like but that has nothing to do with verifying that the hardware is actually running that code.
Maybe with homomorphic encryption this will be possible but AFAIK this technology is not even close to ready for such use cases.
The way all distributed systems work is that you hope that some hosts may be malicious but not too many and not in a coordinating fashion.
So in Bitcoin for example, Bitmain has 41% of the hashing power and a bunch of pools have 10% but you just assume they won't work together to defraud you. And turns out, you're pretty much right, that's never happened.
Codius just improves on that security model by letting you choose however many hosts you want by whatever criteria you want.
How do I verify that the host is executing my application correctly?
They talk about smart contracts[1] but there is a huge difference between a single host executing an app and having the whole Ethereum network reaching consensus on the execution of a smart contract.
Well, the "whole Ethereum network" doesn't really matter. What matters are the handful of Ethereum nodes run by pools that currently represent a majority of mining power. Sure everyone else runs the code to verify the output but that's trivial. You can do that for any deterministic application you have the source code to. The important thing for most applications is ordering the inputs which boils down to: Which nodes did you select and how does your application come to consensus? With Ethereum, your selection is made for you: around 10 nodes have more than 1% hashing power and even among those, they are very unevenly weighted - three of them have a majority. With Codius, host selection is up to you, so you can select 10 nodes with even weighting or 100 nodes or whatever you're willing to pay for. As for the consensus algorithm: proof-of-work has some terrible characteristics (need to wait for multiple blocks, random block intervals, expensive, subject to front-running.) You can get a much better performing system using a BFT consensus protocol like Honeybadger.
Edit: Sorry, this reply sounds a bit harsh / dismissive of Ethereum. That's not what I intended. After eight years in blockchain I just get frustrated when people assume that just because they don't know who they are actually trusting that that means the system is "trustless". It's not, no consensus system is.
In fact, I would argue that any system where people aren't aware of who they are trusting is going to be worse in the long run because nobody is paying attention to the governance of that system.
Technically proof of output could be used by running it on multiple nodes and comparing output, but for anything but idempotent reads this will be difficult. Also for anything that needs any privacy this is fraught since unless you're running hardware obfuscation (sgx or similar) every workload is possibly observable by the 3rd party who is running the workload, including the client who is connecting. Ssl? Keys are on the host...
Then there's the risk to the host, which could be side channeled in the best case scenario where isolation is sound, and completely owned in the worst case where containers are... containers.
Lofty idea but extremely difficult without making it a tiny domain. There are multiple billion-dollar crypto projects aiming to do trusted distributed compute and so far none have shown anything but the most basic use cases.
AFAIK Codius doesn't provide any tool to compare outputs from different hosts. Even if the outputs from different hosts is the same, you don't have a proof that the output is correct. For me the point is: why would I use a machine managed by an anonymous person/organization, with no guarantees on execution (and QoS in general) while I can run stuff on AWS EC2, where at least I have a contract with Amazon.
> Codius billing is resource-driven, you should see a very strong correlation between the load on your servers (and the number of servers required) and the amount of money earned.
from https://codius.org/docs/running-a-host/why
Codius incentive system is weird to me. I am incentivized to be a "host" and run a codius node so I can make money when people use it, and I am incentivized in maximizing my profit by faking the amount of resources used by the apps I host.
I am not incentivized to be a "guest": how can I verify that the billing is correct? How can I verify that the host is running my application correctly?
> AFAIK Codius doesn't provide any tool to compare outputs from different hosts.
I'd love to see somebody make a browser extension that does just that!
There are a bunch of important ecosystem pieces missing from Codius still. Keep in mind that this current release of it just came out a month ago.
If I had a magic wand, the next things I'd introduce would be a Codius namespace system (have the design in my head but haven't had time to write it down) which can securely resolve an identifier like "alicescontract" to a JSON document like {"hosts":[...],"manifestHash":"...","hostPublicKeys":[...],"threshold":5}
(For the blockchain geeks in the audience: Note you wouldn't need consensus for that because names are not fungible, so some weak form of consistency would be fine.)
Then I would add a feature to Codiusd which allows a host to look up that identifier and then depending on the JSON become a proxy to that contract. What that would mean is that you could go to alicescontract.[any-codius-host] in your browser and that host would do the work of collecting responses from all the other hosts and respond once it has `threshold` matching replies. You could use whatever host you trust most as your proxy or, for the super-paranoid, you could run your own host and use that.
There are further optimizations of course but I'll stop here.
Disregarding the difficulties and knowledge required to do so (yes, I know that's a big thing), it's still way easier than PP in unsupported countries.
> I can imagine some use cases, but since you've been thinking about this a lot longer
I don't know the future but I'm happy to give you my prediction in case it's interesting for you now and hilariously entertaining when we look back in ten years.
> 1. Use cases
We built it for fun but I could see myself using to quickly spin up small little hobby projects, kinda like how you might use Heroku.
We've also talked about the idea of "open services". Think "open-source" where the source code is free, "open hardware" where the blueprints are free, so this would be services where both the code and the data are free. You could fork the whole service including data kinda like a blockchain but without having to have the overhead of a decentralized service. You don't need Codius for that but open-services seem to mash more nicely with the anyone-can-pay mentality of Codius than just running on someone's AWS account.
Another use case is if somebody wants to create a decentralized application, today they have to run around recruiting hosts. I used to work at Ripple and we'd run around and ask people to please run validators. It required a whole team and a lot of Powerpoint to get to a decent number. Many other projects like BigchainDB went through a similar process. Codius basically makes this a one click affair, you just upload to whatever hosts you want, publish the source code and anyone can verify that the hosts claim to be running the code you say you uploaded. So people have to trust a majority of the hosts (which all distributed consensus systems provably require) but not you as the uploader.
Another idea we had was beneficial digital organisms. We already have "viruses", i.e. programs that replicate without permission. But Codius provides a platform where programs can run by paying without having to steal computing resources. So you could imagine programs that earn money and then pay to run longer or on more hosts.
> 2. Long term vision for different paths along which you might see this evolve?
I just started a company called Coil which is building tech so websites can make money. I think this could come together with Codius to make websites that earn money from users visiting them and then pay for their own hosting. Those websites could in principle survive their creators by centuries. I think that's pretty cool.
Obviously, all of these ideas have been talked about by others long before Codius but my pitch for Codius would be that it's a nice and pragmatic, web-y way to do it vs the clunky, blockchain-based approach.
> How do I verify that the host is executing my application correctly?
You can't verify what an individual host does. So you can either upload your application to a single host that you trust to run it (like everyone has been doing happily for decades) or you can write your application to be Byzantine fault-tolerant and upload it to multiple hosts.
The key things that Codius provides that make this possible are:
- Host provides the hash of the manifest which shows exactly what it's running down to the container image hashes. -> This removes trust from the uploader. So I can upload a BFT application to 10 hosts and you can convince yourself to trust it if you can convince yourself that the code is legit and too many of those hosts won't collude. That's not possible with traditional hosting because the uploader generally gets admin rights at ALL hosts they upload to.
- Standardization, so you can upload to many hosts without speaking a dozen different APIs.
> How do I make sure that a host is billing me the right amount of money?
You pay when you upload and your client is enforcing a certain max rate. The host could turn off your contract before the agreed-upon time so if you're worried about that you could only pay for e.g. two hours at a time using some cron job.
In practice, a lot of this will come down to host selection. If a host has been legit, reliable, etc. for years, it's unlikely to suddenly decide to screw you out of $10. That's why we think host trackers like codiushosts.com will play an important role. We're working on building our own host tracker as well.
> You can't verify what an individual host does. So you can either upload your application to a single host that you trust to run it (like everyone has been doing happily for decades) or you can write your application to by Byzantine fault-tolerant and upload it to multiple hosts.
There is a difference between trusting someone and have a contract with someone. If I use EC2, I'm using AWS, and they have policies and laws they have to comply with (data privacy is one of the first one that pops up in my mind). Technically, nothing stops a AWS engineer to put their hands in my application; Legally, they cannot do it, so they are liable if I find it out.
I'm not saying that AWS is the best. I'm saying that compared to AWS, Codius gives me less guarantees.
> [...] That's not possible with traditional hosting because the uploader generally gets admin rights at ALL hosts they upload to.
A Sybil attack seems to be quite cheap on Codius. I can have 10 hosts managed with 10 different identities and make people think the app is legit.
> Standardization, so you can upload to many hosts without speaking a dozen different APIs.
I don't mind having more tools to achieve that, but Docker/Kubernetes standardized the way devops deploy apps, you can use them on different cloud providers (or on your own machine[s]).
> You pay when you upload and your client is enforcing a certain max rate. The host could turn off your contract before the agreed-upon time so if you're worried about that you could only pay for e.g. two hours at a time using some cron job.
There is still no proof that the host charged me the correct amount of money. Even if I cap the money I put in the system, a host can still charge me much more than it should be.
> In practice, a lot of this will come down to host selection. If a host has been legit, reliable, etc. for years, it's unlikely to suddenly decide to screw you out of $10. That's why we think host trackers like codiushosts.com will play an important role. We're working on building our own host tracker as well.
Maybe I'm thinking too much about "blockchain" when I think about Codius, but reading "Decentralized apps" and "Smart contracts/programs" in the homepage doesn't help, I'd remove it.
> I'm not saying that AWS is the best. I'm saying that compared to AWS, Codius gives me less guarantees.
Codius isn't supposed to give you any guarantees but Codius hosts might.
Imagine you're a Codius host. You make money when people upload contracts. If you think you can make more money by legally agreeing not to screw with your users' uploads, you may just do that. IANAL, so I'm not sure exactly how you would do it but I imagine you could have the CLI print a tabulated summary of the hosts' terms and conditions that you could agree to and thereby enter into a binding contract.
Whether this is a good idea and whether people will actually do this, I don't know but there are definitely hosting companies who are interested in running Codius hosts. So as an uploader you'll be able to choose to upload to reputable hosting companies or to whoever you want. There are pros and cons to either option.
> A Sybil attack seems to be quite cheap on Codius. I can have 10 hosts managed with 10 different identities and make people think the app is legit.
Point taken. I remember a few years ago there was a story going around about some botnet you could rent with 400000 hosts. So this isn't anything new. If people abuse Codius, we'll think about ways to make that less attractive. But I think it's not so unprecedented to have distributed networks you can run arbitrary code on that we have to worry about breaking the Internet. I hope.
> Maybe I'm thinking too much about "blockchain" when I think about Codius, but reading "Decentralized apps" and "Smart contracts/programs" in the homepage doesn't help, I'd remove it.
Totally fair point. I think the main thing is that when we created the website there was a lot less "blockchain fatigue" than there is no, so the next redesign will definitely emphasize more of the pragmatism and less of the blockchain magic.
