Gladius – Episode 10
Q&A with the CTO of Gladius, Alex Godwin:
Owen Scott: What type of data will reside on the blockchain? I understand that content for caching purposes will reside on the nodes (on their filesystems?) to assist with caching requests, but what type of data will reside on the blockchain?
Alex Godwin: We will store encrypted IP address info, bandwidth ability, uptime, blacklists, reputation, pricing, pool features, as well as client data
Owen Scott: I saw the use of the Ethereum network and a smart contract to support the relationship between proxies and service providers and of course the customers, but is there any part of your architecture that would rely on a private blockchain, so that the entire network is comprised of private and public chains?
Alex Godwin: We are currently only planning on having a public chain
Owen Scott: How will nodes distinguish between malicious traffic and legit traffic during an attack? Are malicious attackers identified by IP address and those addresses added to a blockchain and shared among nodes?
Alex Godwin: There are a few ways to do that, we’re currently talking to someone who has been working on a DNS anycast system with data output capability. Using that data we could detect attacks on the DNS side and mitigate it using the nodes. Nodes would be responsible for detecting application layer attacks though (using OWASP etc.)
Owen Scott: Will the node software include firewall code that simply drops the packets from the malicious attackers?
Alex Godwin: Yes.
Owen Scott: What protocol are the nodes communicating over between each other to keep abreast of a fast-moving and shifting attack?
Alex Godwin: For most long term storage (blacklists etc.) we will use the blockchain, but for short term and fast moving attacks that is currently being decided, it will likely need to be quite custom though. Needs to have low overhead (so it doesn’t compromise mitigation), high speed, and resilient to tampering.
Owen Scott: In the pay-as-you go model, do you mean that companies would initially sign up for the protection, and thereby be added to the network , and not have to pay an ongoing fee to be part of the network? If not, how do the nodes get compensated for the inevitable caching updates that would need to take place, almost in real time, to keep the site(s) current? Or does the node software just use available bandwidth and as such there is not a lot of cost associated with that?
Alex Godwin: Companies will pay a flat per GB cost (and possibly a per pool signup fee for large amounts of data/traffic) As for the nodes compensation on storage updates, that will essentially be built into their compensation for bandwidth because it will be quite minimal in comparison to other traffic they get.
Owen Scott: Referring to the above question – would there be a sliding scale what companies pay determined by the amount of content that is being cached? In a telegram chat, one response was that providers could charge what the market would bear. Would Gladius feature smart contract templates, or transparent front-ends that would allow providers to set fees according to bandwidth and disk space for caching?
Alex Godwin: We’re currently developing a front end that will allow a pool manager to control all of those parameters through their browser (or desktop app if they prefer). Our goal with all of this is to make it as customizable as possible, so being able to choose to set a price for storage or not.
Owen Scott: Finally, we see 2,000+ members on your telegram channel, an enthusiastic community on BitCoinTalk, and most goodwill in the community. Excellent job! Did Gladius team up with an ICO services company to prepare for the launch?
Alex Godwin: Thank you! We’ve worked with the marketing team at InboundJunction through this whole process and they’ve been a massive help in that department.
Gladius ICO Analysis
In this week’s episode we are going to focus again on a highly technical ICO which has some special fascination for me because it seeks to address a number of issues that IT people like myself face when managing things like servers, networks, but which very much affects all users of the Internet. And as is the custom with this podcast, we are going to go down a slightly technical path as some background before we begin to discuss the ICO itself, which I hope you will find interesting.
DDOS, MIrai and “One Very Angry Gamer”
Last October – to be precise October 21, 2016, a very large part of the internet appeared to go completely dark for a few hours in the morning, and then a few hours again later in the day. What I mean by that is that almost 70 sites were unavailable – and I’m not talking about mymomandpopwebsite.com – I’m talking about – and here’s a very short list – Amazon, CNN, The New York Times , Boston Globe, HBO, Paypal, Netflix, Zillow, Yelp, Twitter, Visa – even the entire Swedish Government if you can imagine. You may ask, how did this happen and why? A couple of interesting things – first, all of these massive companies used one DNS provider named Dyn – remember, DNS is the Domain Name System, which is a service that allows you to type amazon.com into your web browser which then translates your request to Amazon into a routable IP address, which then allows your request to make it way, accurately and without fail, to the servers that Amazon runs to provide you with a way to buy you latest required thing you need that you hope will make your life a little better. And this company, named Dyn as a company that we used to use about ten years ago as a free service to change DNS records for our home routers when the IP address changed, but which grew into a very large company to service very large customers. You can go see the list of companies affected by visiting ico41.com and checking out the corresponding blog post for this podast if you are curious. But here’s the crazy thing – amazingly, it turned out to be one apparently very angry gamer, who was mad at Playstation that resulted in the largest Distributed Denial of Service attack every perpetuated – and this person remains anonymous. So you might wonder how this is possible. All this person did – was they first installed the Tor web browser, which is a tool that allows your activity to be anonymous through a clever series of obfuscating nodes that make it very difficult to trace backward from when you came – as it were – and then this person used the Tor browser to enter what is know as the so-called Dark Net and then they paid about $7500 to rent the notorious “Mirai” botnet for a few hours. Maybe you are wondering what the Mirai botnet is. Another fascinating story, actually, in that the Mirai botnet consists of at least tens of thousands – maybe hundreds of thousands, now way of knowing actually devices used by normal people in their efforts to use the internet. Things like home routers, smart DVD players, and especially Closed Circuit Television Cameras – all of which are installed by people who don’t take the time to change the default password. The source code for the Mirai malware was released on GitHub, which then allowed both malicious and benign people to download and use the code to not only launch attacks and start businesses on the dark web to rent out their Mirai infected botnets, but also allowed benign actors to launch competing software to wrestle control of these compromised devices and protect them, or attempt to protect them. If you happen to be interested in this sort of squalid side of the Internet, you can visit ico41.com and check out the blog post for this podcast episode and click on the some of the links there to places like GitHub, where people have posted chats from forums where hackers brag about their exploits – like the fact that their first scans using Mirai uncovered something like 380,000 new bots. In any case, this company Dyn managed to mitigate some of the attack by using what are known as Content Distributed Network services – where various parts of their networks were protected by distributed servers serving their content from a variety of other locations – not just one place. But even with all of that protection, the companies still lost millions of dollars and millions of people had no access to those services for hours – and ultimately the fact remains that most likely, this attack stopped mainly because the person renting out the bot army probably couldn’t afford to pay for more than a few hours of the botnet army. So, it’s not like those 100,000 devices were all fixed and it’s probably accurate to say that there’s little or nothing to stop this from happening again.
So what does all of this have to do with the ICO we are reviewing this week? Well, if you think about what happened just in that one attack – it’s very doubtful that this angry gamer intended to take down almost 70 of the largest companies – it’s just that those companies used this one company named Dyn for their DNS. So any project that seeks to provide distribution of resources would work toward mitigating this problem. And also, in case you didn’t know – those so-called Content Delivery Network systems which are in place to protect sites and which are also responsible for the ability for millions of people to use Amazon every day and still have great performance — are very expensive services. And there’s not a lot of them. So this all leads us to this weeks ICO, which is …
Gladius
So there’s the concept – the Gladius network will be powered primarily by the Ethereum blockchain, which will incentivize people who wish to be rewarded by contributing their bandwidth, computing power, and disk storage to run a node. The nodes provide a variety of services, which are basically what we referred to earlier as Content Delivery. You should understand that content delivery is mainly from a geographic perspective. Meaning, if you are a fair-sized company that maintains servers in NY, LA, Miami and Chicago, you don’t want the people in Oregon visiting your site to be waiting the 125 milliseconds for images and text to be sent to you by the New York site – you want them to be using the Los Angeles site, which might take maybe a third of the time. And more than that, how great would it be if the static content, like images and video were actually loaded from Portland, Oregon, for those Oregonian users? That’s what a Content Delivery Network can do, and that’s what Gladius is intending. Now … traditionally, Content Delivery Networks like Akamai have a very high overhead. I myself used to work in a large data center that served as not only a hosting center for the likes of Ebay and Blizzard Entertainment, but also provided important routing services and large network pipes between major cities. All of the fifteen or so data centers in the company I worked for had Akamai servers in those data centers – and I can tell you that hosting a bank of servers in a data center and consuming a great deal of bandwidth is not a cheap proposition. It’s for that reason that content providers like Akamai and Cloudflare charge a LOT of money. So what if instead of expensive servers in large data centers, the content delivery network was powered by thousands of regular people who make a little bit of money to provide the services that big companies like Akamai and CloudFlare currently provide. The main service is content delivery, which provides a lot more speed for browsing websites, but also included in this service is protection from Denial of Service attacks we discussed earlier.
Company and Team
Like many of the ICO’s we cover in this podcast, the company itself is very new – the linkedin company page shows 7 employees and that it was started in May of this year. And like most other ICO’s it’s all about the team. There are 12 members of the team, split about 50/50 between core member and advisors. The core team members are young – some still in college, but with obvious talents, since the github repositories are full of code that you can download and compile. As you’ll find when we talk about the community response to this ICO, this core team has benefited from their advisory board, which consists of people who have good experience in advising blockchain projects, and who have had success in communicating this one. The advisory board in this case not only includes experienced marketers and business people but also technical advisors with deep experience in programming on the blockchain, which helps to explain the repositories we see on GitHub.
Responsive Team
I found the team to be quite responsive on Telegram and answered my questions immediately and in detail through an email with the CTO that I’ll paraphrase below in various places, and which I will also post on the blog that goes with this podcast at ico41.com.
The Whitepaper
This particular whitepaper speaks to me on a few levels – one, because I have spent a fair amount of time as a network engineer, and worked in data centers where we combated things like denial of service attacks, and because one of the companies I have worked for has used and paid good money for Content Delivery services, I understand the problems they are trying to solve with this whitepaper. I feel that they did a good job in describing those problems to people who may not fully understand the need and the components of a content delivery service, and also did a good job laying out the business case, which we’ll discuss a little later.
There was a little bit of high-flown rhetoric that was a bit amusing, particularly the part about the 8 seconds of attention span – but the point can be made that it’s quite true that no one these days has time to watch a web page being loaded – if that page isn’t up instantly, those visitors are gone. I can attest to this myself, where at one point I had some bad javascript on a website once that was grabbing the wrong versions of some image files – the larger versions (which shouldn’t have been on the site anyway!) – and as soon as we fixed the script to pull the right files traffic of more than three seconds increased by about 1000% overnight. All in all, this paper is good balance between the business aspects of delivering such a server, and technical challenges and architecture.
The Road Map
The Road map consists of several Phases.
Phase 1 will end around March of 2018 and in that period we should see the second version of the smart contract, as well as a second version of the client and node pool software. Right now these items exist on Github, and even in the code comments they admit that there are some missing items that will be developed after the sale – such as the ability to have a little more control over the node software. They also plan to have fully encrypted communications by then.
Phase 2 takes us through August of 2018 where that stage will see the finalization of the network so that it’s commercially viable on a large scale. By large scale, they mean the ability to protect hundreds, or even thousands of websites. As well, we will see the scalability of node pools, which will allow more sites to be protected. We will also see the removal of any centralization – and we understand this, because there’s a little bit of the chicken and egg issue when building a distributed network – wherein you need to have the full functions of the network running before people will join … to build the full network. So these functions necessarily have to take place with some centralization in the early part of development. It’s good to see in a whitepaper this acknowledged and planned for. You don’t see this that often. We will also see at this time the auto-payment and a bid/ask system for the marketplace. We’ll talk a little more about the marketplace in the business viability section of this analysis.
The final phase is December of 2018, where they plan to release an open source network builder for closed systems. This is interesting because it allows private networks to take advantage of the content delivery aspects of the service, and would allow any company to download the software and start using it privately. They also plan multi-pool support for companies that will pay for an added layer of protection.
What’s interesting is that some of these features are tied to funding goals which I won’t enumerate here, but which you can review yourself with the whitepaper. It’s good to see that at the lowest level of funding, which is four million dollars, we see the fundamentals of the service, which is a content delivery network, DDOS defense, and load balancing.
Token Sale
The name of the token is Gladius with a symbol of GLA. What’s interesting about this particular sale is that the sale was restructured – mainly around the timing of it, but the extension also allowed for some bonus improvement. In a series of articles on Medium, it was explained that the token sale pre-sale was extended to November 23rd of this year – that represents a three-week extension. The public sale begins November 24th and ends December 30th of this year. In the presale, there is a cap of 28,333 ETHER, which right now represents about $8 Million dollars. There is a sliding scale of bonus pricing for the token based on number of tokens purchased by the contributor – you can find this on Medium , but I’ll explain that starting with 1 ETHER to 16, there’s a 20% bonus at 600 GLA per ether, and if you contribute more than 335 there is a 40% discount – so, big reward there.
What is interesting about this pre-sale and which I actually like a lot is the vesting period. This, of course, is to discourage pumping and then dumping the tokens. There’s no vesting period for small contributions like 1 ETH or up to 16 but if you contribute 335 or more, it’s a two-month vesting period.
SEC Compliance
For me, like last week, which is also an IT-based ICO, I see this is as an extremely utilitarian token, and very little for the SEC to be upset with. There’s no evidence or promotion of this token as an asset that represents equity, and no promise of a return on investment. The token will power the network and incentivize small actors to join to distribute both the resources and the revenue. So from my perspective, this appears to be a purely utilitarian token, and I would be quite surprised if this ICO ran afoul of the SEC, given the types of ICO’s they have been targeting lately.
Reaction from the Community
The team has done a very good job with the community overall. For instance, there are over 2,000 members of the Telegram channel, and their Bitcointalk announcement post has eleven pages of comments – almost all of which are positive. The few concerns expressed about things like the age of the founders were very well answered – and I like some of the answers from non-team members like “What, you want the developers to be 100 years old? How are 100-year olds going to stay up all night coding!” But in addition to that, the founders themselves responded with the fact that they are surrounding themselves with older, perhaps wiser people – and from a look at the Telegram channel and team members on the website, they have done just that.
They did a good job over at Reddit, which in my opinion is really one of the most unforgiving channels and also the most useless forums we have. It’s become, in my opinion, a depressing spiral of trolling, and then draconian catch-22 rules to prevent trolling, which then filter out thoughtful users who don’t have the right amount of post karma – pretty bad. We’ll continue to use Reddit as a partial voice for the community, but we won’t count it nearly as much as we will compared to BitCoinTalk. Nevertheless, the team responded very well to a multi-bulleted post which brought up various concerns.
The Telegram channel, with it’s 2200+ members is where the real action is for this ICO, and the team managed to weather a minor storm when they made the decision to postpone the Pre-Sale of the ICO for three weeks. The primary reason they made this decision was strategic, and it has to do with the upcoming Segregated Witness version 2 that is coming up for Bitcoin – this is a major fork and is causing both the price of Bitcoin to sail through the roof as hardly anyone anywhere is letting go of their bitcoins until at least after the fork. As a result, these next few weeks are absolutely the worst time to launch an ICO. So the founders did a very wise thing in postponing this and they took some flak, but 90% of the people who responded understood the decision. Those that didn’t levied what I saw as unfair accusations of greed. And the terms of the postponement actually improved the sale, so this went over comparatively well in my opinion.
The team was very responsive, and I was able to get all of my questions answered last minute today by the CTO, because just like every other week, I’m way late on the my analysis. I will post the full Q&A on the ico41 website like I did with the CEO of bitJob. One of the things where the team might have done a better job is to have the people manning the bounty conversation over on bitcoin every bit as available and responsive as the ones in the Telegram channel. The team wisely insisted that bounty questions be reserved for BitCoinTalk – which is where they belong, because that’s a whole different level of conversation – which we’ve covered on this podcast before – but the people who are interested in bounty are generally a demanding lot, and so if there is anywhere you have to answer immediately, it’s there. I think, by the way, that the whole concept of bounty is definitely a double-edged sword. It probably helps in the long run, but you have to deal with a lot of people whose motivations are not entirely the well-being and success of your project. The bounty in this case was 7 bitcoins for all bounty participants – which at today’s prices means about $42,000. I guess we need to realize that for people around the world, this is something definitely worth clamoring for, no matter how small a slice of that you end up getting for your efforts.
All in all, there has been very positive reaction from the community.
Business Viability and Gotchas
One of the things that stands out for me with this ICO in terms of business viability is the service they are providing and the competition that is providing those services. For instance, there are other ICO’s that seek to decentralize large service providers like Amazon and Microsoft Azure for cloud-based file storage. I’m referring to SIA and Storj, but the problem there is that cloud storage of files is practically free – for instance, my Amazon Prime membership comes with FREE unlimited image storage. And something as small as iDrive costs $75/year for a TB of storage. With these kinds of prices, the people running storage nodes are having a hard time making it worth their while. But the services that are provided by the competition in this space are very, very expensive. So in terms of viability, the concept is certainly viable in terms of market.
As far as gotcha – the one thing I can see is that this will take awhile to get to the level at which a distributed network will reach the level at which it can compete against something like Akamai or CloudFlare. There will need to be a very large rate of adoption to reach that level, but as website owners begin to see the benefit of cached content, and particularly if users in Asia can jump onboard the network, the rate of adoption may increase, because the traditional content delivery networks don’t have much of a footprint in Asia.
Final Takeaway
For me, the final takeaway is this – this is a solid idea which is much needed, and which is a good use of the blockchain in terms of unseating a very powerful few – but also more immediately providing value to smaller customers who cannot afford expensive Content Delivery and protection against denial of service. And the team, to me, seems very solid, with an actual set of code that is available now, three weeks before their public sale. Thus, this is definitely one worth looking into, in my opinion.