
Codius – Open Hosting Protocol - greensam
https://codius.org/
======
SheinhardtWigCo
What protocol? I see a website promising a glorious crypto-future and a git
repo with virtually no code in it. Seems vaguely familiar.

~~~
djsumdog
Looks like some TypeScript around hyperd and docker:

[https://github.com/codius/codiusd](https://github.com/codius/codiusd)

So who wants to let others host some arbitrary code execution Docker
containers in their datacenter for some crypto currency?

I think back to the episode of Futurama where they go fishing in the middle of
the ocean, and Bender asks if they're in international water. Then he radios a
boat that comes picks up a package from him and he says, "Guess what you guys
are now accessories to."

~~~
justmoon2
> So who wants to let others host some arbitrary code execution Docker
> containers in their datacenter for [money]?

I believe they're called hosting companies. ;)

SCNR.

More serious answer: When we pitched AWS on running Codius they pretty much
said the same thing: credit cards aren't just used for payments but also to
keep spammers out. So we may need some kind of trust system eventually. But it
seems to work ok for now. (Port 25 outbound is blocked and DDoS from Codius is
more expensive than other options. Codius costs about the same as EC2 and
hiring a botnet or adding a few dozen iframes to your reasonably popular
website is much cheaper.)

------
anilgulecha
This seems to be solving an actual interesting problem (running untrusted
applications on anonymous compute, at scale). A scraper, for example, would be
the killer application for such a platform.

But the cryptocurrency integration looks tacked on, or orthogonal to the
problem -- which will hamper the adoption, or even turn away application
makers otherwise interested.

~~~
grosjona
I don't know if what it's promising is actually possible. Ultimately you need
to trust that the machine/node which claims to be running your code is in fact
running it as-is and not running some hacked version of it which behaves the
same superficially but is actually collecting all your user passwords behind
the scenes.

The node can always lie by perfectly adhering to the protocol but doing
something completely different behind the scenes. You can hash, sign or
encrypt the code as much as you like but that has nothing to do with verifying
that the hardware is actually running that code.

Maybe with homomorphic encryption this will be possible but AFAIK this
technology is not even close to ready for such use cases.

~~~
justmoon2
The way all distributed systems work is that you hope that some hosts may be
malicious but not too many and not in a coordinating fashion.

So in Bitcoin for example, Bitmain has 41% of the hashing power and a bunch of
pools have 10% but you just assume they won't work together to defraud you.
And turns out, you're pretty much right, that's never happened.

Codius just improves on that security model by letting you choose however many
hosts you want by whatever criteria you want.

------
silviaotar
How do I verify that the host is executing my application correctly?

They talk about smart contracts[1] but there is a huge difference between a
single host executing an app and having the whole Ethereum network reaching
consensus on the execution of a smart contract.

[1]: [https://codius.org/docs/overview/for-
contracts](https://codius.org/docs/overview/for-contracts)

~~~
tgtweak
Technically proof of output could be used by running it on multiple nodes and
comparing output, but for anything but idempotent reads this will be
difficult. Also for anything that needs any privacy this is fraught since
unless you're running hardware obfuscation (sgx or similar) every workload is
possibly observable by the 3rd party who is running the workload, including
the client who is connecting. Ssl? Keys are on the host...

Then there's the risk to the host, which could be side channeled in the best
case scenario where isolation is sound, and completely owned in the worst case
where containers are... containers.

Lofty idea but extremely difficult without making it a tiny domain. There are
_multiple_ billion-dollar crypto projects aiming to do trusted distributed
compute and so far none have shown anything but the most basic use cases.

~~~
silviaotar
AFAIK Codius doesn't provide any tool to compare outputs from different hosts.
Even if the outputs from different hosts is the same, you don't have a proof
that the output is correct. For me the point is: why would I use a machine
managed by an anonymous person/organization, with no guarantees on execution
(and QoS in general) while I can run stuff on AWS EC2, where at least I have a
contract with Amazon.

> Codius billing is resource-driven, you should see a very strong correlation
> between the load on your servers (and the number of servers required) and
> the amount of money earned. from [https://codius.org/docs/running-a-
> host/why](https://codius.org/docs/running-a-host/why)

Codius incentive system is weird to me. I am incentivized to be a "host" and
run a codius node so I can make money when people use it, and I am
incentivized in maximizing my profit by faking the amount of resources used by
the apps I host.

I am _not_ incentivized to be a "guest": how can I verify that the billing is
correct? How can I verify that the host is running my application correctly?

~~~
justmoon2
> AFAIK Codius doesn't provide any tool to compare outputs from different
> hosts.

I'd love to see somebody make a browser extension that does just that!

There are a bunch of important ecosystem pieces missing from Codius still.
Keep in mind that this current release of it just came out a month ago.

If I had a magic wand, the next things I'd introduce would be a Codius
namespace system (have the design in my head but haven't had time to write it
down) which can securely resolve an identifier like "alicescontract" to a JSON
document like
{"hosts":[...],"manifestHash":"...","hostPublicKeys":[...],"threshold":5}

(For the blockchain geeks in the audience: Note you wouldn't need consensus
for that because names are not fungible, so some weak form of consistency
would be fine.)

Then I would add a feature to Codiusd which allows a host to look up that
identifier and then depending on the JSON become a proxy to that contract.
What that would mean is that you could go to alicescontract.[any-codius-host]
in your browser and that host would do the work of collecting responses from
all the other hosts and respond once it has `threshold` matching replies. You
could use whatever host you trust most as your proxy or, for the super-
paranoid, you could run your own host and use that.

There are further optimizations of course but I'll stop here.

------
thomasfromcdnjs
The idea that anyone can pay the bill is fantastic. I suppose only the crypto
world can facilitate such a system.

~~~
icebraining
Why do you suppose that? Just set up a Paypal donation button that feeds into
the account that pays for hosting.

~~~
omeid2
Not "anyone" can use PayPal.

~~~
noselasd
Not "anyone" can use crypto currencies either.

~~~
Semaphor
Disregarding the difficulties and knowledge required to do so (yes, I know
that's a big thing), it's still way easier than PP in unsupported countries.

------
justmoon2
Codius co-creator here, AMA!

~~~
inputcoffee
This looks interesting. Is it basically a hosting site you can pay for with
crypto?

This makes other things possible: anyone can pay for it using crypto etc?

I can imagine some use cases, but since you've been thinking about this a lot
longer, can you say a little about:

1\. Use cases

2\. Long term vision for different paths along which you might see this
evolve?

Thanks in advance

~~~
justmoon2
> I can imagine some use cases, but since you've been thinking about this a
> lot longer

I don't know the future but I'm happy to give you my prediction in case it's
interesting for you now and hilariously entertaining when we look back in ten
years.

> 1\. Use cases

We built it for fun but I could see myself using to quickly spin up small
little hobby projects, kinda like how you might use Heroku.

We've also talked about the idea of "open services". Think "open-source" where
the source code is free, "open hardware" where the blueprints are free, so
this would be services where both the code and the data are free. You could
fork the whole service including data kinda like a blockchain but without
having to have the overhead of a decentralized service. You don't need Codius
for that but open-services seem to mash more nicely with the anyone-can-pay
mentality of Codius than just running on someone's AWS account.

Another use case is if somebody wants to create a decentralized application,
today they have to run around recruiting hosts. I used to work at Ripple and
we'd run around and ask people to please run validators. It required a whole
team and a lot of Powerpoint to get to a decent number. Many other projects
like BigchainDB went through a similar process. Codius basically makes this a
one click affair, you just upload to whatever hosts you want, publish the
source code and anyone can verify that the hosts claim to be running the code
you say you uploaded. So people have to trust a majority of the hosts (which
all distributed consensus systems provably require) but not you as the
uploader.

Another idea we had was beneficial digital organisms. We already have
"viruses", i.e. programs that replicate without permission. But Codius
provides a platform where programs can run by paying without having to steal
computing resources. So you could imagine programs that earn money and then
pay to run longer or on more hosts.

> 2\. Long term vision for different paths along which you might see this
> evolve?

I just started a company called Coil which is building tech so websites can
make money. I think this could come together with Codius to make websites that
earn money from users visiting them and then pay for their own hosting. Those
websites could in principle survive their creators by centuries. I think
that's pretty cool.

Obviously, all of these ideas have been talked about by others long before
Codius but my pitch for Codius would be that it's a nice and pragmatic, web-y
way to do it vs the clunky, blockchain-based approach.

