Pages:
Author

Topic: Cloudsmash.io - Decentralized VPS Cloud Open To The Public - page 2. (Read 3461 times)

member
Activity: 107
Merit: 30
I've just negotiated deals for two new peering points;

North Carolina, USA (AS174 - Cogent, AS7018 - AT&T, AS8175, A23336, AS8100)

Frankfurt, DE (AS33891 - DE-CIX, AS6939 - Hurricane Electric)

I'm in the process of getting another two up and running, one in Chicago, IL and one in Buffalo, NY.

member
Activity: 107
Merit: 30

I have been using sunbreak's service for over a year. First rate and professional!!

:thumbsUp

Thanks for the shout out.
hero member
Activity: 530
Merit: 500
Count me in on this project! Wink

I am very interested and now this might actually get me to finally get into the cloud now. Grin
Just send me what you have for me to do and I will do it so to be part of it!
Thank you very much. Smiley
Awaiting your application process. Cool
member
Activity: 107
Merit: 30
Anyone have any other questions?
member
Activity: 107
Merit: 30
Will you be doing anything with Intel CAT to block cross-VM CPU cache attacks, especially on the handful of machines in this initial round?

https://www.researchgate.net/profile/Yuval_Yarom/publication/291830462_CATalyst_Defeating_Last-Level_Cache_Side_Channel_Attacks_in_Cloud_Computing/links/56a6b0d408aeded22e3544ff.pdf

a system that uses CAT to protect general purpose software and cryptographic algorithms.

Their approach can be directly applied to protect against a malicious enclave. However, this approach also does not allow to protect enclaves from an outside attacker.

- https://arxiv.org/pdf/1702.08719.pdf

- https://news.ycombinator.com/item?id=13995374

I'm aware of cache side channel attacks and the complications they introduce in a multi-tenant virtualization environment. For now unless you are using a fairly modern CPU that supports Intel's SGX extensions and are running an operating system and/or hypervisor that utilizes them then you are exposed to this type of attack.

Feel free to correct me, especially if you have more detailed information. My understanding is that SGX extensions and features like CAT are only now being tested in mainline Linux kernel releases. I believe CAT support was added in Linux 4.10. The kernel we compile for ourselves is based on the mainline distribution. All effort is made so that features like these will be utilized if your hardware supports it.

If you are a consumer shopping for virtualization resources, this is one of the things you will be able to specify as a criteria.

For example, you could search for providers who were offering virtual machines that specifically exposed AVX, SSE3 and AES-NI instructions.

Searching for a provider that supported SGX and CAT would be yet another CPU feature that could be added to the search criteria.

member
Activity: 107
Merit: 30
2017 Copyright. All Rights Reserved.

The Sponsored Listings displayed above are served automatically by a third party. Neither Parkingcrew nor the domain owner maintain any relationship with the advertisers.

Privacy Policy

The above is the information displayed by your website http://www.cloudsmash.io are you no longer using the domain name or you no longer do this business ?

I just acquired the domain the other day. The name for the service had not been determined until very recently. I took suggestions from people and the 'cloudsmash' name was deemed the best fit. As stated in a previous message, I am still looking for help with a web front end development. Would you like to volunteer?

I think clearly giving information on what the compensation structure is would go a long way. I can't personally help out here, but may help find biters, rather than just tossing out that you need help.

The person renting out their machines would set their own prices and receive the entire rental amount minus a small commission.

The larger the network the smaller the commission percentage will be. The goal is to get the commission down to 2%, it is currently undetermined what percentage we will start at. I can say with confidence that it will definitely not be more than 10% initially, hopefully less.
legendary
Activity: 1988
Merit: 1007
2017 Copyright. All Rights Reserved.

The Sponsored Listings displayed above are served automatically by a third party. Neither Parkingcrew nor the domain owner maintain any relationship with the advertisers.

Privacy Policy

The above is the information displayed by your website http://www.cloudsmash.io are you no longer using the domain name or you no longer do this business ?

I just acquired the domain the other day. The name for the service had not been determined until very recently. I took suggestions from people and the 'cloudsmash' name was deemed the best fit. As stated in a previous message, I am still looking for help with a web front end development. Would you like to volunteer?

I think clearly giving information on what the compensation structure is would go a long way. I can't personally help out here, but may help find biters, rather than just tossing out that you need help.
newbie
Activity: 1
Merit: 0
Will you be doing anything with Intel CAT to block cross-VM CPU cache attacks, especially on the handful of machines in this initial round?

https://www.researchgate.net/profile/Yuval_Yarom/publication/291830462_CATalyst_Defeating_Last-Level_Cache_Side_Channel_Attacks_in_Cloud_Computing/links/56a6b0d408aeded22e3544ff.pdf

a system that uses CAT to protect general purpose software and cryptographic algorithms.

Their approach can be directly applied to protect against a malicious enclave. However, this approach also does not allow to protect enclaves from an outside attacker.

- https://arxiv.org/pdf/1702.08719.pdf

- https://news.ycombinator.com/item?id=13995374
member
Activity: 107
Merit: 30
2017 Copyright. All Rights Reserved.

The Sponsored Listings displayed above are served automatically by a third party. Neither Parkingcrew nor the domain owner maintain any relationship with the advertisers.

Privacy Policy

The above is the information displayed by your website http://www.cloudsmash.io are you no longer using the domain name or you no longer do this business ?

I just acquired the domain the other day. The name for the service had not been determined until very recently. I took suggestions from people and the 'cloudsmash' name was deemed the best fit. As stated in a previous message, I am still looking for help with a web front end development. Would you like to volunteer?
sr. member
Activity: 364
Merit: 250
2017 Copyright. All Rights Reserved.

The Sponsored Listings displayed above are served automatically by a third party. Neither Parkingcrew nor the domain owner maintain any relationship with the advertisers.

Privacy Policy

The above is the information displayed by your website http://www.cloudsmash.io are you no longer using the domain name or you no longer do this business ?
member
Activity: 107
Merit: 30
So far I have received 6 beta applications. I forgot to mention how many I would be accepting, I should be able to do a total of 50 applicants at this time, 44 openings left. It all depends on what resources you actually want, but 44 is a pretty good estimate.

member
Activity: 107
Merit: 30
So far these have been pretty good questions, keep them coming!
member
Activity: 107
Merit: 30
I'm confused on the selling your own resources part. If you do this, do you pick your own prices, or is the system set up with predetermined pricing that you have to go with?

And there's a downside to this type of system: how can you ensure that users hosting someone's VPS won't access the files/MITM it?

In this first beta round we are supplying all of the hardware and the prices are set at very reasonable initial levels. During the second round when people are invited to contribute their own servers then everyone sets their own prices. It all comes down to if you can offer a similar resource for a price competitive enough for someone to be interested in renting it.

In bitcoin terms, this is almost exactly like sites like miningrigrentals.com where mining rigs are listed by price and you select based on their reputation, rental history and mining rig performances. All of those factors dictate what a fair asking price is.

Here's a list to see what I mean;

https://www.miningrigrentals.com/rigs/sha256

To answer your question about the physical security of the system;

- All of the information is encrypted on the disks.
- The encryption keys are not stored in memory or on the disks.
- The operating system only exists in memory and is stateless, reboot and it's gone.
- Fabric is authenticated, a system can be forcefully removed from the fabric and it would be unable to rejoin
- If you reboot it you only end up with drives containing encrypted data.
- If you pulled a drive while it was running you would only end up 1/6 of the data and that would be encrypted to.
- You can't monitor communications because the only traffic in and out of the box is encrypted as well.
- There are forms of memory encryption and compression at play as well, so rebooting another OS to read ram won't help you either.
- The kernel was compiled with minimal hardware support and drivers, no external busses at all (usb, firewire, serial, etc)

There are some additional attack vectors of concern. There is an active effort to address those as well.


Great answers, Smiley. Which leads to another... there's no redundancy, is there? What if, for example, someone's system crashes? HDD failure, other hardware failure, etc. I saw that it would be replicated if someone planned to go offline, but if it were unintended, it would need to be backed up for safety (otherwise killing the purpose of using it for most real-world scenarios, since we'd be running sites and other services), but that would require multiple VPSs to be paid for or something like that...

Just like your typical cloud provider, each server we are providing has been configured to be as reliable as possible with ecc memory, bonded networking, double parity storage, dual power supplies, ups and generator. The additional off-site redundancy is an extra layer of fault tolerance that is above and beyond what most cloud providers offer. Getting that kind of feature transparently relieves the user from having to manually implement it themselves (drbd, rsync, etc).

Without off-site redundancy hardware failure results in your virtual machine going offline. I've had this happen to my own vm's with multiple main stream providers. When the provider resolves the issue your instance is brought back online. Then you could re-evaluate if that provider is meeting your expectations. If not just migrate to another provider seamlessly with no downtime. Migration time would depend on the volume of data being transferred to the alternative provider.

The real potential for instance failure is fairly low, but not impossible. If the provider failed to meet their advertised SLA, then a portion of your rental fee would be refunded.

When a hardware contributor's machine boots it has to download and start the operating system, authenticate, join the fabric and mount the disks with the proper encryption keys. This process currently takes about 10 minutes.

In terms of the additional cost, if you replicate data offsite and reserve capacity for your instance in case of failure. Then you are utilizing double the resources, so it's double the price. You would have the ability to choose both your primary and secondary provider. There is technically no limit to the number of off-site replicates that you can have. You choose your level of fault tolerance and only pay for what you determine to be sufficient.
legendary
Activity: 1988
Merit: 1007
I'm confused on the selling your own resources part. If you do this, do you pick your own prices, or is the system set up with predetermined pricing that you have to go with?

And there's a downside to this type of system: how can you ensure that users hosting someone's VPS won't access the files/MITM it?

In this first beta round we are supplying all of the hardware and the prices are set at very reasonable initial levels. During the second round when people are invited to contribute their own servers then everyone sets their own prices. It all comes down to if you can offer a similar resource for a price competitive enough for someone to be interested in renting it.

In bitcoin terms, this is almost exactly like sites like miningrigrentals.com where mining rigs are listed by price and you select based on their reputation, rental history and mining rig performances. All of those factors dictate what a fair asking price is.

Here's a list to see what I mean;

https://www.miningrigrentals.com/rigs/sha256

To answer your question about the physical security of the system;

- All of the information is encrypted on the disks.
- The encryption keys are not stored in memory or on the disks.
- The operating system only exists in memory and is stateless, reboot and it's gone.
- Fabric is authenticated, a system can be forcefully removed from the fabric and it would be unable to rejoin
- If you reboot it you only end up with drives containing encrypted data.
- If you pulled a drive while it was running you would only end up 1/6 of the data and that would be encrypted to.
- You can't monitor communications because the only traffic in and out of the box is encrypted as well.
- There are forms of memory encryption and compression at play as well, so rebooting another OS to read ram won't help you either.
- The kernel was compiled with minimal hardware support and drivers, no external busses at all (usb, firewire, serial, etc)

There are some additional attack vectors of concern. There is an active effort to address those as well.


Great answers, Smiley. Which leads to another... there's no redundancy, is there? What if, for example, someone's system crashes? HDD failure, other hardware failure, etc. I saw that it would be replicated if someone planned to go offline, but if it were unintended, it would need to be backed up for safety (otherwise killing the purpose of using it for most real-world scenarios, since we'd be running sites and other services), but that would require multiple VPSs to be paid for or something like that...
member
Activity: 107
Merit: 30
I'm confused on the selling your own resources part. If you do this, do you pick your own prices, or is the system set up with predetermined pricing that you have to go with?

And there's a downside to this type of system: how can you ensure that users hosting someone's VPS won't access the files/MITM it?

In this first beta round we are supplying all of the hardware and the prices are set at very reasonable initial levels. During the second round when people are invited to contribute their own servers then everyone sets their own prices. It all comes down to if you can offer a similar resource for a price competitive enough for someone to be interested in renting it.

In bitcoin terms, this is almost exactly like sites like miningrigrentals.com where mining rigs are listed by price and you select based on their reputation, rental history and mining rig performances. All of those factors dictate what a fair asking price is.

Here's a list to see what I mean;

https://www.miningrigrentals.com/rigs/sha256

To answer your question about the physical security of the system;

- All of the information is encrypted on the disks.
- The encryption keys are not stored in memory or on the disks.
- The operating system only exists in memory and is stateless, reboot and it's gone.
- Fabric is authenticated, a system can be forcefully removed from the fabric and it would be unable to rejoin
- If you reboot it you only end up with drives containing encrypted data.
- If you pulled a drive while it was running you would only end up 1/6 of the data and that would be encrypted to.
- You can't monitor communications because the only traffic in and out of the box is encrypted as well.
- There are forms of memory encryption and compression at play as well, so rebooting another OS to read ram won't help you either.
- The kernel was compiled with minimal hardware support and drivers, no external busses at all (usb, firewire, serial, etc)

There are some additional attack vectors of concern. There is an active effort to address those as well.
legendary
Activity: 1988
Merit: 1007
I'm confused on the selling your own resources part. If you do this, do you pick your own prices, or is the system set up with predetermined pricing that you have to go with?

And there's a downside to this type of system: how can you ensure that users hosting someone's VPS won't access the files/MITM it?
member
Activity: 107
Merit: 30

I have been using sunbreak's service for over a year. First rate and professional!!

:thumbsUp

Thanks for the kind words.
member
Activity: 107
Merit: 30
I updated the original post with a revised description of the service based on feedback that I received. I hope it's easier to understand now.

Does anyone have any questions about the new write up?
legendary
Activity: 1876
Merit: 1000

I have been using sunbreak's service for over a year. First rate and professional!!

:thumbsUp
hero member
Activity: 663
Merit: 501
It's interesting, will be keeping up and seeing how this plays out.
Pages:
Jump to: