SporeStack: Disposable, anonymous servers, via Bitcoin and Python
Code lets developers test applications without a hosting account
Hardware infrastructure, once the foundation of computing giants like IBM, has become an abstract commodity thanks to cloud computing, virtualization, and containerization.
Through large service providers like Amazon Web Services, Microsoft Azure, and Google Cloud Platform, or smaller ones like DigitalOcean, Linode, and Vultr, developers can now launch and destroy servers or mere functions using "serverless" architecture, without significant cost.
Teran McKinney, a Texas-based systems engineer with a professed fondness for Ayn Rand, is taking disposable infrastructure a step further with a service called SporeStack that allows developers to deploy servers anonymously, paid for in Bitcoin.
McKinney describes SporeStack, introduced earlier this month, as a JSON API for launching servers. The software allows those with Bitcoins to purchase a temporary server by sending a payment through coinfee.net, a Bitcoin-based payment processor McKinney developed.
Doing so requires just a few command line instructions.
SporeStack creates servers lasting from 1 to 28 days hosted by Vultr, but without the need for a Vultr account. McKinney, in an email interview with The Register, acknowledged that the service is slightly more expensive than Vultr through a standard account – a 768MiB SporeStack server for a month costs just under $10, compared to $5 on Vultr – though there's no sales tax for SporeStack.
The ability to launch servers without providing personal information sounds like an invitation to spam, but McKinney said he doubted the economics would be appealing.
"I used to work at Rackspace," said McKinney. "While I'm sure it happened, I cannot recall a time that a spammer (or similar) used our servers and paid. They would sign up with a fake credit card and get a month of free service, unless they were shut down early (and they usually were)."
The benefit of Bitcoin, McKinney said, is the lack of built-in transaction reversibility, which makes certain kinds of fraud more difficult.
"There has been some interest which seems more grey, though I've had no reports of misuse," said McKinney. "Since they are paying up front, they are risking losing out if the server has to be shut down for spam, denial of service, etc."
The service has not been designed for Tor-level anonymity. If someone launches SporeStack without a VPN or Tor, that person's IP address could be logged somewhere. "I don't log IP addresses, but in theory, someone could be watching that," McKinney said.
But SporeStack's reason for being has more to do with convenience than anonymity. McKinney sees the ability to spin up servers without an account as a selling point. He suggests SporeStack might be useful for doing network testing in another geographical area or for creating a VPN for the day in order to work in a coffee shop without worrying about the security of the Wi‑Fi.
"I've been working towards launching a site that uses SporeStack to build a server just for you, and sends your browser an OpenVPN configuration file," said McKinney. "It should launch OpenVPN and connect you right to it. It'd probably cost about a dollar for the day, maybe less."
McKinney sees SporeStack enabling development and infrastructure scaling without significant upfront capital. "If you are clever, you could use a Coinfee split payment to pay for your server and take a cut at the same time," he said. "You would never pay for the server – the user would."
Servers are only the beginning, said McKinney, who hopes to spur demand for payments via APIs. The idea is that people would not need accounts, the associated databases, or passwords.
Many large technology companies have started to explore disposable servers, McKinney said. "Rather than having a server for a long time and upgrading it, they just become proficient at deleting and creating," he said. ®
Sponsored: Becoming a Pragmatic Security Leader