pull down to refresh
The issue is the hardware for budget VPS's is bad overall.
Yes. Same for most dedicated server places you see advertised.
There's no cost competitive way to do that with existing cloud providers [..] another thing to manage.
I've done the AWS vs Colo calc many times for large systems over the years. The differentiator is always labor (and duration.) Though I think that the additional risk with the TEE systems are the endless streams of hardware vulns. It's been bad for both Intel and AMD these past few years.
I was looking late last year into getting hosting for a minimum Zen 5 box that I can get secured access to to set up the enclave host. This would right now cost about 20M sats over 2 years (because minimum 24mo contract); a huge commitment for a simple FOSS dev to make, perhaps even prohibitive, especially for just another development project. Those 24 cores are way too heavy too. Apple M4 is the only affordable-ish enclave-capable solution, but that doesn't help with developing things for AMD or Intel, at all.
So I'm a bit on the fence about the capabilities we need to securely run an LN node; have been for a longer time. The only solution is to not maintain much outbound liquidity on an insecure public node, and instead run a private mobile node channel for inbound. I know you hate these but in lieu of having a stable, secure home to host things, or a hosted fully secure enclave, this is all I can think of :-/
Remote hands are free or pretty cheap if you get a cabinet, you just need to provide very clear instructions of what to plug in where, unskilled labor will rack and plug. If you thought out the layout before shipping it should be done in under an hour.
Off-lease hardware on eBay, configure locally, then ship with plug and play instructions to the colo.
Older Dell R-series etc are practically given away, the risk is pretty minimal since you own the hardware and configured the OS etc. The bulk of the risk imo is in the channel states rather than the keys.
Maintenance and dealing coordinating resources for hardware failures is another job then though.
That said Lightning is inherently a hot wallet, the mental model people have of keeping large amounts in it are completely wrong... you're closer in thinking to use it as a proxy of sorts. You can have nearly unlimited inbound capacity on a VPS you barely trust and then swap it back to chain automatically at a given threshold, ensuring you never keep too much hot for more than a few seconds.
Keeping a lot of outbound hot would be where mobile becomes acceptable since you may want to manually approve spends.
There's a few colo providers that have specialized racks for mini PCs, including mac mini's and pi's. Good for individuals, but not really dense enough for scaling as a service. That gets back to the bigger risk of channel state corruption with SPOF, but a more sophisticated user can mitigate that with streaming backups... the more casual users you really need to ensure there's no SPOF in getting writes to disk.
Hmm, seems one would have to scrape and resell from the subscriptions if they weren't to implement LN themselves. If those are protected by IP that's a blocker, otherwise 10 articles for $35 would work to sell per-article $3.50, but the time limit is an issue. Would be an interesting sales hat to put on to convince some of those journals provide LN endpoints, I had some interest from defense sector for doing that with satellite data... long cycle though.
That's one problem, but the issue more generally is marginal hardware.
AMD and Intel both have TEE options which can be used with containers, with the right hardware that shouldn't be too much lift to leverage. The issue is the hardware for budget VPS's is bad overall. An evenbigger risk with Lightning is the channel state storage, most of those boxes aren't redundant PSU with A/B power. Cheap supermicros or blades that have SPOF's throughout the stack. To roll your own iron correctly you need enterprise class hardware for the redundant PSU's, a A+B PDU's in the cabinet, and hyperconverged/SAN storage with redundant switches etc. There's no cost competitive way to do that with existing cloud providers, which brings me back to having to outlay for a cabinet which is yet another thing to manage.
Doable with a migration trigger