diff --git a/docs_projectinca/astro.config.mjs b/docs_projectinca/astro.config.mjs index 123d759..e086214 100644 --- a/docs_projectinca/astro.config.mjs +++ b/docs_projectinca/astro.config.mjs @@ -45,6 +45,7 @@ export default defineConfig({ items: [ { label: 'Glossary', link: '/references/glossary/' }, + { label: 'Whitepaper', link: '/references/inca_whitepaper/' }, { label: 'Disclaimer', link: '/references/disclaimer/' }, ], }, diff --git a/docs_projectinca/src/content/docs/references/img/devops.png b/docs_projectinca/src/content/docs/references/img/devops.png new file mode 100644 index 0000000..183380c Binary files /dev/null and b/docs_projectinca/src/content/docs/references/img/devops.png differ diff --git a/docs_projectinca/src/content/docs/references/img/image1.png b/docs_projectinca/src/content/docs/references/img/image1.png new file mode 100644 index 0000000..a24070e Binary files /dev/null and b/docs_projectinca/src/content/docs/references/img/image1.png differ diff --git a/docs_projectinca/src/content/docs/references/img/image4.png b/docs_projectinca/src/content/docs/references/img/image4.png new file mode 100644 index 0000000..df63275 Binary files /dev/null and b/docs_projectinca/src/content/docs/references/img/image4.png differ diff --git a/docs_projectinca/src/content/docs/references/img/qsss_overview.png b/docs_projectinca/src/content/docs/references/img/qsss_overview.png new file mode 100644 index 0000000..81af868 Binary files /dev/null and b/docs_projectinca/src/content/docs/references/img/qsss_overview.png differ diff --git a/docs_projectinca/src/content/docs/references/img/redundant_net.jpg b/docs_projectinca/src/content/docs/references/img/redundant_net.jpg new file mode 100644 index 0000000..6f6539b Binary files /dev/null and b/docs_projectinca/src/content/docs/references/img/redundant_net.jpg differ diff --git a/docs_projectinca/src/content/docs/references/img/release_schedule.png b/docs_projectinca/src/content/docs/references/img/release_schedule.png new file mode 100644 index 0000000..ef44cdb Binary files /dev/null and b/docs_projectinca/src/content/docs/references/img/release_schedule.png differ diff --git a/docs_projectinca/src/content/docs/references/img/smartcontract3_flow.jpg b/docs_projectinca/src/content/docs/references/img/smartcontract3_flow.jpg new file mode 100644 index 0000000..c5b4054 Binary files /dev/null and b/docs_projectinca/src/content/docs/references/img/smartcontract3_flow.jpg differ diff --git a/docs_projectinca/src/content/docs/references/img/storage_today.png b/docs_projectinca/src/content/docs/references/img/storage_today.png new file mode 100644 index 0000000..be3e068 Binary files /dev/null and b/docs_projectinca/src/content/docs/references/img/storage_today.png differ diff --git a/docs_projectinca/src/content/docs/references/img/webgateway.jpg b/docs_projectinca/src/content/docs/references/img/webgateway.jpg new file mode 100644 index 0000000..a14706a Binary files /dev/null and b/docs_projectinca/src/content/docs/references/img/webgateway.jpg differ diff --git a/docs_projectinca/src/content/docs/references/img/webgw_scaling.jpg b/docs_projectinca/src/content/docs/references/img/webgw_scaling.jpg new file mode 100644 index 0000000..a0c0af5 Binary files /dev/null and b/docs_projectinca/src/content/docs/references/img/webgw_scaling.jpg differ diff --git a/docs_projectinca/src/content/docs/references/img/word_records.png b/docs_projectinca/src/content/docs/references/img/word_records.png new file mode 100644 index 0000000..7bbe65b Binary files /dev/null and b/docs_projectinca/src/content/docs/references/img/word_records.png differ diff --git a/docs_projectinca/src/content/docs/references/img/zero_knowledge_proof.png b/docs_projectinca/src/content/docs/references/img/zero_knowledge_proof.png new file mode 100644 index 0000000..9f0df3a Binary files /dev/null and b/docs_projectinca/src/content/docs/references/img/zero_knowledge_proof.png differ diff --git a/docs_projectinca/src/content/docs/references/inca_whitepaper.md b/docs_projectinca/src/content/docs/references/inca_whitepaper.md new file mode 100644 index 0000000..cf092c2 --- /dev/null +++ b/docs_projectinca/src/content/docs/references/inca_whitepaper.md @@ -0,0 +1,1040 @@ +--- +title: Internet Capacity Whitepaper +description: The whitepaper presenting the Internet Capacity project +--- + +## Introduction + +This document introduces the fourth iteration of the ThreeFold Grid: Project Internet Capacity. The ThreeFold Internet Capacity project represents a complete self-healing and autonomous decentralized cloud, based on open-source work and decades of work in the IT and cloud businesses with more than 500 million USD of exits for various projects and products. Our team achieved various feats in the world of cloud computing and the ThreeFold enterprise represents our cohesive integration of all the technology we've built, an all-encompassing knowledge base that we've learned in the past years. Our team is dedicated to bring forth to the world technology and ecosystems that will enable everyone, everywhere, no matter the creed or situation, to thrive with freedom and security within the worldwide cloud landscape. + +A major aim of the Project Internet Capacity is to maximize and enable strong collaboration with projects from the DePIN space. We believe that ThreeFold is ready and has rock solid technology to offer to the DePIN space. We think that what ThreeFold has to offer is comptabile to this space and that we can work in parallel and under many if not all projects in the DePIN space. ThreeFold now has the necessary support from a lot of parties. We are entering a new exciting phase: Project Internet Capacity. + +This white paper will provide a clear portrait of the project at this precise moment in time, as well as the direction we are taking and the upcoming achievements we set in our way. Our roadmap is filled with concrete technological advancements and we are now adding a clear focus to the project: ensuring that the tech we so dearly created throughout the years is accessible to anyone to further their Internet capacity sovereignty. + +### Problems & Solutions + +Cloud is growing at an unprecedented rate, the evolution of edge cloud and AI are huge drivers. There is a real need to provide a more decentralized offering with higher standards of security and equality. + +ThreeFold provides a new way to deploy AI and Cloud capacity (storage, compute and network). Internet capacity Providers (we call them Farmers) deploy capacity, and developers use this capacity. Applications can be deployed on this network of capacity in neutrality and with data sovereignty. + +The aim of the ThreeFold project is to provide an alternative Cloud and Internet experience: + +- We want to help bring the Internet to the 3 billion people who don’t have reasonable access yet. +- Allow everyone to build on top (open source), equality is important +- Give everyone their personal 3Bot to make the Internet more easy and safe to use without the need for manipulation. The Internet should be a tool, not take over our life. +- Green = up to 3 to 10x energy savings (by using the 3Bot concept) + +Today, the technology is live in its 3rd generation and this document presents its 4th generation. The current grid has been connected in more than 60 countries across the globe. + +![Alt text](./img/image4.png) + +### The Internet is Broken + +Today's Internet is broken. The promise of a neutral peer-to-peer network connecting the entire planet remains unfulfilled. Instead, people became products and data became like digital oil, fueling another extractive and unsustainable industry. + +This Internet largely relies on massive centralized data centers that exist only in a handful of regions and are mostly controlled by a handful of large corporations. Nearly half the planet remains unconnected, and the current model can't scale with ever-increasing demand from those who are connected. + +While blockchain and web3 represent an important improvement for the future of the Internet, these +technologies are not a complete solution. The next generation Internet will need to handle massive amounts of data and computation in a way that's independent from the legacy web2 infrastructure and the corporations who own it. + +ThreeFold enables anyone to participate in the creation and the utilization of a regenerative, safe, and sovereign Internet infrastructure. Upon that foundation, any digital experience or application can be hosted in a way that's efficient and secure. +People today can become co-owners of a powerful decentralized computing network by connecting their hardware to a network made possible by ThreeFold's unique software, including a unique autonomous operating system. Likewise, individual communities can form their own independent Internet network that serves as one node in a global mesh. ThreeFold has the potential to serve every person on Earth. + +The baseline of this model is both abundance and freedom: abundance of knowledge and digital resources as well as freedom to access and publish information. Simultaneously, it allows individuals and groups to really own and control their data, in a way that's private and indestructible. The original promise of the Internet: a peer-to-peer participatory network that can meet the needs of all of humanity for generations to come. + +The TFGrid, in essence, is built of ThreeFold Nodes and 3Bots. ThreeFold Nodes are computers which run our operating system called Zero-OS and provide a given amount of compute, network and storage capacity. Farmers (miners) receive rewards for hosting a ThreeFold Node and connecting to the standard Internet. 3Bots are personal gateways providing access to the decentralized web3 universe while also making sure that the data of users can never get corrupted nor lost. +This new Internet, as we call it, is fully compatible with the existing one. Indeed, ThreeFold has successfully developed a peer-to-peer cloud operating system running on bare hardware, directly using the computer native resources. + +Our aim is to build a robust, sustainable, and genuinely decentralized Internet capacity layer, including storage and computing resources, for any blockchain project to thrive on, and much more. The following document will outline in further detail the possibilities that ThreeFold offers. + + +## Project INCA: A Sovereign Internet + +Imagine a world where YOU are the Internet. + +Imagine a world where communities can build and own their own Internets from scratch – which would deliver all the needs for a better future life. +This Internet is here! It includes: + - A regenerative, safe, sovereign Internet infrastructure layer = ThreeFold (TFGrid). + - A set of experiences (applications) and information to allow everyone on an equal basis to learn, +create, exchange, travel, … basically to experience an abundance-based world. + +Abundance is our baseline: + + - An abundance of free information, education, and knowledge (e.g. books, journals, studies), information about our planet (e.g. maps, databases), and creativity (e.g. music, video, digital art, immersive museums). + - Access to all applications required for your personal and professional digital life. + - You can safely communicate with the world. + - You can freely exchange anything for anything else (money for goods, goods for goods, money for money, etc.). + - No need for manipulative marketing – you can find anything for free and promote everything for free. + +This decentralized Internet lets you co-own a supercomputer at the edge, which gives you unlimited access to advanced digital experiences in high quality, such as augmented reality (education, shopping, …), virtual reality (online meetings, travel, concerts, …), metaverse (a metaverse owned by you), and more. + +You can keep your full digital life history in your personal ultra-secure archive. All the data is yours, forever. + + +### Why A New Internet? + + +Fundamentally, the current Internet cannot keep up with emerging demand. + +The digital economy and our future as digital citizens are wholly dependent on the Internet. However, today’s Internet and cloud infrastructure is too centralized, cannot grow fast enough to meet growing demand nor support future use cases, and promises neither data sovereignty nor equality. + +More than 80% of today's Internet infrastructure is owned by less than twenty (20) organizations. The lack of ownership of our own data and the consequent commercialization of that data is a major concern for individuals, communities, and governments alike. The future neutrality and democratization of the Internet is an absolute necessity in this regard. + +The Internet is growing like crazy. Today, the Internet is mainly delivered out of hyperscale data centers, which are massive buildings containing up to millions of servers. They consume excessive amounts of energy and are expensive to build. Simply increasing the number of data centers is not a realistic solution. + +There are not enough data centers today and this won't change in the short term: it is too expensive and too complex of an undertaking. +They are not glocal (close to the source where required) and they are too centralized: as such, they present a single target for hackers. + +Data centers are not war-proof; they are vulnerable to attack and catastrophes (e.g. Sudan, Ukraine). + +ThreeFold is different. We present an Internet where communities can build and own their own Internet capacity. + + +### Project Vision + +Our vision is to create a truly decentralized internet where every user has control over their data and digital interactions. We envision a global network of interconnected servers and nodes, collectively known as the grid, that democratizes access to computing power and storage. This network will be the backbone of a new digital era, characterized by sovereignty, security, privacy and inclusivity. + +Through our Internet Capacity token ($INCA), we aim to facilitate a robust and scalable ecosystem that supports the free and open exchange of internet capacity for cloud service providers hosting on the grid and builders and users deploying on it. + +### Mission Statement + +We promote the growth of a decentralized cloud network that is community-driven and inclusive. Our mission is to empower individuals and organisations with secure, private, and autonomous access to computing resources. Everyone deserves fair access to the cloud. + +A unique combination of technologies provides a resilient and censorship-resistant infrastructure that ensures data integrity, privacy, and seamless hosting of data and applications. We are committed to fostering innovation, enhancing digital sovereignty, and creating a more equitable internet for all. + +### Values + +The ThreeFold Internet Capacity project is defined by strong values that are rooted in a planet and people first philosophy. + +**Digital Sovereignty** + +We believe in the autonomy of cyberspace. The internet should be free from external control and interference, allowing users to govern their own digital spaces. + +**Universal Access** + +Access to the internet is a fundamental right. We strive to ensure that everyone, regardless of location or socioeconomic status, can connect to the digital world. + +**Privacy and Security** + +Every user has the right to privacy and security online. We are committed to protecting personal data and ensuring safe digital interactions. + +**Open Innovation** + +The internet should be a platform for innovation and creativity. We support open-source projects and collaborative efforts that drive technological advancement. + +**Free Expression** + +Freedom of speech is essential in cyberspace. We defend the right to express ideas and opinions without fear of censorship or retribution. + +**Decentralization** + +Power should not be concentrated in the hands of a few. We advocate for decentralized networks and systems that distribute control and foster resilience + +**Transparency** + +Transparency builds trust. We promote open governance and clear communication about how digital platforms operate and make decisions. + +**Community Governance** + +The internet community should have a say in how cyberspace is managed. We encourage participatory decision-making processes that reflect the diverse voices of users. + +**Digital Literacy** + +Empowering users with knowledge is crucial. We support education and resources that help people navigate and utilize the internet effectively and responsibly. + +**Sustainable Development** + +The growth of the internet should be sustainable. We are committed to practices that minimize environmental impact and promote long-term digital health. + +### Team + +Our team brings together +30 years of experience in cloud automation, Internet storage, and infrastructure services. We are a passionate group on a collective mission to make the world a better place for the people around us. + +We were fortunate to be part of the first rollout of the Internet in the early 1990’s. + +Our team has multiple world records for scaling projects on the Internet and invented the first data deduplication system for backup, the first ultra scalable distributed storage system using forward-looking error correcting codes, one of the first cloud systems, the first always-consistent distributed database, and the first decentralized operating system using blockchain technology. The team has achieved over +500m USD in exits to Sun Microsystems, Western Digital, Verizon, Symantec, and others. + +Our ThreeFold system brings us back to the Internet as originally conceived. A collaborative and community-based network of compute, storage and network resources, peer-to-peer connected and delivered by all. Only this time, we can use advanced technologies and structures which were only developed very recently. + +### Exits + +Our team has extensive experience in building cloud businesses, having successfully exited multiple companies in this space. Combining a recurring revenue model with the community engagement and certified commercial capacity of the TFGrid creates a compelling narrative and a robust business proposition. + +![Alt text](./img/image1.png) + +At Hostbasket, we managed a successful recurring revenue model with 30,000 customers. If executed properly, such models have the potential for exponential growth. At Dedigate we were managing super big projects. At Q-Layer we basically invented the basics of cloud. At Amplidata we developed an incredibly scalable and safe storage system. +While traditionally running a hosting business, such as AI or Cloud services, comes with significant capital expenditure (CAPEX), that's not the case for us. Our unique advantage lies in the super cost-effective compute, network, and storage capacities we have developed over our 5-year history. Through building the ThreeFold Cloud, we have streamlined our resources and infrastructure, thus significantly reducing our overhead costs and enabling us to offer highly competitive rates. + +### World Records + +Our team is working on re-inventing layers of the Internet for more than 30 years. While we were doing so this has resulted in some world records and innovative products. + +Here is an overview of those achievements: + +![](./img/word_records.png) + +### Timeline and Roadmap + +- 2017: Launch of ThreeFold Token (TFT) on our own blockchain +- 2018: Launch of ThreeFold Grid 1.0 +- 2018: +5000 CPU cores, +10.000.000 GB storage capacity deployed (only for test workloads) +- 2019: Launch of ThreeFold Grid 2.0, TFT moves to Stellar blockchain2021 Q3: +17.000 CPU cores, +80.000.000 GB storage capacity deployed +- 2021 Q4: Nov 11, 1000 farmers milestone, 1000 farmers provide capacity on TFGrid +- 2021 Q4: Launch of ThreeFold Grid 3.0 testnet +- 2022 Q1: Marketing & public launch of our ThreeFold Grid version 3.0 (first availability for commercial use) +- 2022: Introduction of Internet of Internets Concept +- 2022 Q4: Signed head of terms with a country for a digital freezone +- 2023 H1: Announcement of the first country-wide agreement for ThreeFold Grid deployments +- 2024 Q4: (Expected) Launch of ThreeFold Grid 4.0 with Project Internet Capacity + +## Partners + +Our great partners make the grid what it is: a community-driven, open-source and decentralized cloud for all. + +We are proud of our partners stemming from all sectors of the industry. Our ecosystem is always expanding and we're always ready for new collaborations. + +We present here some of our amazing partners. This also serves to showcase the different use cases possible on the grid. + +### Holochain + +[Holochain](https://www.holochain.org/) is a framework for creating and powering distributed applications, incorporating peer-to-peer content distribution protocol, cryptography, and hash tables. It avoids scalability issues, and is extremely environmentally friendly. + +### Digital Free Zone + +The [OurWorld Digital FreeZone](https://ourworld.tf/), established in Zanzibar, is a groundbreaking partnership between ThreeFold and the government of Tanzania. This initiative aims to create a free sovereign digital and economic area, fostering innovation, growth, and prosperity. + +### Earth Wallet + +[Earth Wallet](https://www.earthwallet.io/) is a cutting-edge digital wallet solution designed to empower users with secure and decentralized control over their digital assets. With a focus on accessibility, security, and sustainability, Earth Wallet offers a seamless and user-friendly interface for managing various cryptocurrencies. + +### Elestio + +[Elestio](https://elest.io/) is an innovative platform dedicated to providing cutting-edge decentralized applications (dApps) and services to users worldwide, with a focus on accessibility, security, and user empowerment. Users of the grid can thus access Elestio's services from anywhere in the world. + +### Sikana + +[Sikana](https://www.sikana.tv/en), a platform dedicated to providing education for all, has delivered over 400 million lessons through free educational videos. This partnership will empower communities worldwide with knowledge and skills, irrespective of their financial or geographical limitations. + +### Tanzania Sovereign Internet + +ThreeFold is proud to announce its partnership with the government of Tanzania to establish a [sovereign internet](https://www.ictc.go.tz/), an unprecedented initiative poised to revolutionize Tanzania's startup ecosystem fostering digital freedom via a collaborative peer-to-peer platform. + +### Vverse + +[Vverse](https://www.vindo.ai/) is an innovative platform that aims to create a virtual universe where users can explore, interact, and create in immersive virtual environments. It leverages cutting-edge technologies such as virtual reality (VR), augmented reality (AR), and blockchain. + +## Token + +Here is an overview of the INCA token. + +### Tokenomics and Distribution + +There can never be more than 4 Billion INCA. + +- 50% of supply for Farming + - People expanding the network with Router & Node capacity over the multiple releases +- 14% Million for community grants + - We want to expand and build our project in first place together with the community +- 1.5% Million for community expansion specifically for INCA + - Promotion of the TFGrid +- 5.5% for liquidity providing (DEX, marketmakers, ...) +- 11.5% originating from "Original Technology Acquisition" + - ThreeFold and INCA is the result of technology developed in a tech company, which got acquired many years ago, this resulted in a token grant for the stakeholders of that company +- 17.5% for team and contributor rewards + - It's for people who help to expand the Grid (starting now) + - A lot of it is to reward our partners to help launch the INCA Tokens & the TFGrid + +### Release Schedule + +The following table shows planned release, some of the mechanisms and details are still being worked on. + +![](./img/release_schedule.png) + +Accelerated Vesting means: if INCA gets above 0.5 USD per INCA (50%), the vesting accelerates in proportion to the percentage (e.g. 0.6 CHF per INCA = 60$ acceleration). At 1 CHF per INCA (100%) and more, the acceleration is 100%. + +### Grants + +While there are currently no grants defined yet for our INCA release, we present here the overall grant program. + +660,000,000 INCA is available for Grants (over all releases). This is subject to change as we define the project. + +Please contact us to let us know on which projects you would like to work, below you can see a suggested Distrubution of grants. + +The grant distribution in percentage would be as follows: + +- Community Expansion Projects: 20% +- Development of Hardware for INCA: 20% +- Organization of Rewards for Hackathlons: 10% +- Organization of Localized Chapters: 15% +- Development of Code: 30% +- Training, Product Marketing: 5% + +#### Grant Voting Process + +We present the general grant voting process. This is subject to change as we implement the project, but it can serve as a good overview of the process. + +- Go to INCA Connect +- See the projects +- Vote yes or no for a given project +- Vote requests for projects need to be live for a minimum of 2 weeks +- Votes are not free + - Minimum 5 USD, but preferred 10 or more + - The proceeds of votes go back to the treasury +- Each project defines + - Minimum number of votes + - Voting fee + - If dedicated account + - Proper description + - Vesting scheme +- Everyone can see the projects on the Project INCA Projects website and comment if logged in and accepted as commenter or moderator +- We need simple majority to have a positive vote +- Once we have a positive vote, the money goes in the account created for the project + - There can be vesting on it, with acceleration, etc. +- Supported chains + - We start by supporting Stellar + - Then we will also support Solana + + +## Consensus Mechanisms + +### Proof-of-Capacity + +ThreeFold Nodes (computers) deliver storage, compute, and network capacity as the basis for our new Internet. + +Our unique operating system, Zero-OS, measures the capacity as provided by a farmer and this gets registered in our blockchain. + +> TFT Reward per Month = ThreeFold Node Capacity * TFT Reward per Unit of Capacity / Month. + +This TFT Reward Amount : + +- is recorded in the blockchain at the moment of a ThreeFold Node’s registration and verification. Every hour, our operating system and blockchain verifies the available capacity. +- is calculated so that it generates, per month, more or less 1/5 of all TFT needed to buy all capacity at the point of registration,e.g. if a ThreeFold Node can generate commercial value of 100 USD per month for all Internet capacity and the TFT price is 0.1 at that point, then 100*0.1/5 is more or less the amount of TFT that will be rewarded (generated) per month. +This means TFT is by design undervalued in relation to utilization at connection. +- is agreed upon by the DAO per Regional Internet to make sure there is consensus. +The farmer can receive boosters rewards (still to be defined) if certain achievements are reached, e.g. uptime, good bandwidth to Internet, good utilization, etc. There is no link between farming & utilization. + + +#### How It Works + +The Proof-of-Capacity records Internet resources from the ThreeFold Node: + +The ThreeFold Blockchain (TFChain) uses work algorythm called "Proof-of-Capacity" to verify the Internet capacity provided by ThreeFold Nodes. Put simply, PoC verifies, on an ongoing basis, that farms are honestly representing the Internet capacity they provide to the network. + +**See Proof-of-Capacity in action** by visiting the [ThreeFold Grid Node Finder](https://dashboard.grid.tf/#/deploy/node-finder/) which represents the best resource to view POC-related data. + +#### What is proof-of-capacity? + +POC allows ThreeFold Farmers to earn reward according to their contribution. Farming is the "work" itself, the act of providing Internet capacity to the network and making it accessible via our TFDAO and TFChain. + +The PoC algorythm records four different types of Internet capacity: + +- Compute Capacity (CPU) +- Memory Capacity (RAM) +- Storage Capacity (SSD/HDD) +- Network Capacity (Bandwidth, IP Addresses) + +#### Why Proof-of-Capacity? + +PoC comes with a number of benefits, including: + +- Energy efficiency: earning reward in form of TFT does not waste energy, farming TFT is a carbon_negative operation. +- Lower barriers to entry with reduced hardware requirements: no need for elite hardware to stand a chance for earning rewards. +- Decentralized: allows anyone to connect a ThreeFold Node to the network. TFGrid runs as a DAO. + +The main advantage of PoC to farmers it makes it really easy to run a ThreeFold Node. It doesn't require huge investments in hardware or energy and everyone earns a fair reward for their contribution. It is more decentralized, allowing for increased participation, and more ThreeFold Nodes doesn't mean increased returns, like in mining. + +#### How Does Proof-of-Capacity Work? + +1. A farmer boots hardware with Zero-OS (multiple boot methods available) +2. Zero-OS is a low level OS, with no shell, farmers cannot access Zero-OS +3. Zero-OS reports used IT capacity towards TFChain +4. TFChain and TFDAO will calculate rewards as required for the farmer (TFGrid 3.1.x) +5. TFChain will mint the required TFT and send them to account on TFChain of TFFarmer. +6. Everyone can use the ThreeFold Node Finder to see where capacity is available. This info comes from the TFChain. + +> DISCLAIMER: ThreeFold Foundation organizes this process. This process is the result of the execution of code written by open source developers (Zero-OS and minting code) and a group of people who checks this process voluntarily. No claims can be made or damages asked for to any person or group related to ThreeFold Foundation like, but not limited to, the different councils. This process changes for TFGrid 3.X once the TFDAO is fully active. + +> Important note: The ThreeFold Token ($TFT) and Internet Capacity Token ($INCA) is not an investment instrument. TFTs are used to buy and sell IT capacity on the ThreeFold Grid. + +### Proof-of-Utilization + +ThreeFold Token ("TFT") is an Utility token and gets generated by ThreeFold Farmers, see proof-of-capacity for more information. + +Each ThreeFold Grid user can now use this capacity. The ThreeFold Chain ("TFChain") - ThreeFold Blockchain will track the utilization of this capacity. This process is called Proof-of-Utilization. Each hour the utilization is being tracked on the blockchain and charged to the capacity's user. + +#### What is Proof-of-Utilization? + +Proof-of-utilization is the underlying mechanisms that verifies the utilization of Internet capacity on the ThreeFold Grid. + +Every hour, the utilization is recorded in TFChain and the user is charged for the Internet capacity used on the ThreeFold Grid. Discount calculated in line with the amount of TFT users have in their accounts on TFChain. + +#### How Does Proof-of-Utilization Work? + +1. A user reserves Internet capacity on a given set of 3Nodes. +2. Zero-OS records the reserved and used CU, SU, NU and IPAddresses in correlation with TFChain records. +3. The TFChain DAO will charge the costs to the user in line with discount mechanism +4. TFT from the user account are burned/distributed in line to table below. + +| Percentage | Description | Remark | +| ---------- | -------------------------------------- | ------------------------------------------------------------------------ | +| 35% | TFT burning | A mechanism used to maintain scarcity in the TFT economy. | +| 10% | ThreeFold Foundation | Funds allocated to promote and grow the ThreeFold Grid. | +| 5% | Validator Staking Pool | Rewards farmers that run TFChain 3.0 validator nodes. | +| 50% | Solution providers & sales channel | managed by ThreFold DAO | + +> Note: While the solution provider program is still active, the plan is to discontinue the program in the near future. We will update the manual as we get more information. We currently do not accept new solution providers. + +##### TFGrid Capacity Utilization + +- Each solution provider and sales channel gets registered in TFChain and as such the distribution can be defined and calculated at billing time. +- For billing purposes, ThreeFold DAO will check if it is from a known sales channel or solution provider. If yes, then the billing smart contract code will know how to distribute the TFTs. If the channel of solution provider is not known, then the 50% will go to the ThreeFold Foundation. +- For Certified Farming, ThreeFold Tech can define the solution & sales channel parameters, these are channels as provided by ThreeFold Tech. +- Burning can be lowered to 25% if too many tokens would be burned, ThreeFold DAO consensus needs to be achieved. + +##### Other Ways TFT are Required + +- Anyone building solutions on top of the TFGrid can use TFT as a currency to charge for the added value they provide, this gives an extra huge requirement for TFT. +- Some will use TFT as a store or exchange of value, like money, because TFT is a valuable commodity. The hoarding of TFT means that TFT are not available to be used on the TFGrid. + +## Ecosystem + +We present an overview of the INCA ecosystem. + +### INCA Cockpit: Cloud Marketplace + +We are introducing a market place and our next generation grid v4.0 (INCA). + +This will make it a lot more easy for 3rd parties to use our infrastructure + +The currency as used on the marketplace is INCA, there will be a bridge between TFT and INCA + +#### Benefits + +- Better utilization of hardware capacity. +- Farmers can define their own price, means market mechanism define price in relation to quality and supply +- Easier for users to find right priced service +- Easier to monitor and enforce SLA's +- Easier to track utilization and expansion +- Can and will be extended to other Internet/cloud Services + + +#### Pricing + +#### Slice Concept + +A Cloud, Storage or AISlice is a part of a server/computer (TF or INCA Node) which delivers a service which has well defined properties in relation to capacity, pricing, serviceabity, capabilities. + +These Cloud, Storage or AISlices can be bought by the INCA/TF Community through the INCA marketplace. + +#### AI Slices + +An AI box is a unit of AI capacity (GPU or future TPU driven). + +The mininal GPU supported for now is a Nvidia 4090 or comparable +An AI box can be launched in our Zero-OS and can enable any possible AI workload. + +#### Cloud Slices + +A cloudslice is a unit of compute, fast storage and memory. There are unlimited different configurations of cloudslice. + +A configuration of a machine defines the cloudslice which can be made. + +A cloudslice can be aggregated to make a bigger cloudslice. + +The default cloudslice has: + +- 4GB memory +- 2 virtual cores of CPU +- Minimal 50 GB of fast storage (can be more, as to be defined by provider) +- Minimal availability of 1 mbit/s bandwidth at all times + +#### Storage Slices + +A storageslice is a unit of ZDB storage as can be used as backend for Zero-Stor (our quantum safe storage system). + +The default cloudslice has: + +- 100GB of storage + +A storagehour is like a kwatth unit for electricty, it represents a storageslice being used for 1h and billed as such. + +INCA Hosts (our cloud providers) can price the StorageHour themselves in a chosen currency. + +### INCA Connect: Token Wallet + +INCA Connect is a mobile app that serves as a gateway to the INCA ecosystem and its various products and services. + +Some key features and benefits of the INCA Connect app are: + +- 2FA Authenticator: + - INCA Connect is a passwordless 2FA authenticator that ensures a user is who they claim to be. +- Decentralized: + - The app is decentralized, allowing users to access the INCA Network platforms and their fully private digital wallet. +- Private Digital Wallet: + - Users can manage their INCA tokens and view their transaction history on the TF chain. +- Support Chat: + - The app provides a support chat where users can get answers to their questions about INCA-related topics. +- News Section: + - The app features a news section where users can find the latest INCA news and updates. + +## Farming + +The process of farming consists of a person or a company offering compute, storage and network capacity to the network. + +- Farmers buy INCA Nodes +- They connect the INCA Nodes to internet and get rewards for providing capacity +- Farmers earn rewards mainly for utilization, but there are also lots of rewards available for providing capacity. +- Farmers help their community to get access to sovereign Internet and cloud applications on an unbreakabale and co-owned Internet and cloud. + +### INCA Nodes + +To become an INCA farmer, all you need is to acquire an INCA node, whether it is a DIY or certified node, and connect it to the grid. Farmers will receive INCA rewards based on the capacity they bring to the grid and the utilization they get on their nodes. + +#### Certified Nodes + +We offer certified nodes that are essentially plug-n-earn. Once you have a node, simply plug it to a power source and the internet to connect to the grid. Farming rewards are attributed to farmers for offering capacity and for the utilization it generates. + +We present the basic features of our certified nodes. This is subject to change. + +- SILVER + - 16 GB of Memory + - 1,000 GB of SSD + - 4 Logical CPU Cores +- PLATINUM + - 64 GB of Memory + - 2,000 GB of SSD + 10,000 GB of HDD + - 16 Logical CPU Cores +- AI + - 64 GB of Memory + - 4,000 GB of SSD + 10,000 GB of HDD + - RTX 4900 GPU + +#### DIY Nodes + +It is possible to build DIY nodes to connect to the INCA grid. Our manual covers the necessary information to build DIY nodes. + +### Network Map + +We are planning on creating a network map to visualize all INCA nodes and also devices from partners. + +### Reward Simulation + +We will provide a reward simulator for farmers. This will enable farmers to estimate farming rewards based on utilization. + +## Architecture + +### ThreeFold Grid + +The ThreeFold Grid is the co-owned infrastructure layer, and can be seen as a decentralized cloud. Farmers provide storage, compute, and network capacity to the people around them and earn for it. Farmers can be commercial entities or anyone using our open-source software to deploy nodes in their homes, schools and offices. + +3Bots live on top of the ThreeFold Grid and act as Web2 and Web3 gateways as well as self-healing bots for IT workloads. They are private virtual assistants that help users achieve a convenient, secure, and authentic digital life. They assist Web3 developers in achieving quicker results by alleviating concerns related to decentralization, scalability, storage stability, and performance, among other things. + +3Bots communicate directly with each other and the rest of the world (existing centralized services) as well as existing blockchain technologies. The data is stored using a novel storage technology which makes sure it is safe and can never get lost, yet it is only owned by you and not even a quantum computer can hack it. + +### ThreeFold Node + +Together we have the chance to build a new Internet, which consists of a network of ThreeFold Nodes. A ThreeFold Node is a standard computer which runs our Operating System called Zero-OS. + +Your ThreeFold Node has a certain amount of compute, network and storage capacity, a Farmer (miner) receives rewards for hosting a ThreeFold Node and connecting to the standard Internet. Today, you can become a farmer on our global proof of concept TFGrid network (version 3.0). See the [Internet Capacity website](https://internetcapacity.org) for more information. As of now, about 60,000 virtual CPU cores and 25,000,000 GB of storage are active on the TFGrid. + +A ThreeFold Node boots over the Internet network and runs our own stateless Zero-OS operating system. The Zero-OS allows the deployment of any IT workload in a safe way. Not only that, but any IT workload which can run on Linux is supported. Zero-OS supports many compute, storage and network primitives (virtual machines, deduped filesystems, quantum safe filesystem, planetary-scalable networks, containers, Kubernetes, etc.). + +## Technology + +We present an overview of the technology developed over the years. + +### Quantum Safe Storage: QSFS + +The Quantum Safe Storage Algorithm is the heart of the Storage engine. The storage engine takes the original data objects and creates data part descriptions that it stores over many virtual storage devices (ZDB/s). + +Data gets stored over multiple ZDB's in such a way that data can never be lost. + +Unique features + +- Data always append, can never be lost +- Even a quantum computer cannot decrypt the data +- Data is spread over multiple sites. If these sites are lost the data will still be available +- Protects from datarot + +#### The Problem + +Today we produce more data than ever before. We cannot continue to make full copies of data to make sure it is stored reliably. This will simply not scale. We need to move from securing the whole dataset to securing all the objects that make up a dataset. + +We are using technology which was originally used for communication in space. + +The algo stores data fragments over multiple devices (physical storage devices ). + +The solution is not based on replication or sharding, the algo represents the data as equasions which are distributed over multiple locations. + + +#### How Data Is Stored Today + +![alt text](./img/storage_today.png) + +In most distributed systems, as used on the Internet or in blockchain today, the data will get replicated (sometimes after sharding, which means distributed based on the content of the file and spread out over the world). + +This leads to a lot of overhead and minimal control where the data is. + +In well optimized systems overhead will be 400% but in some it can be orders of magnitude higher to get to a reasonable redundancy level. + +#### The Quantum Safe Storage System Works Differently + +![alt text](./img/qsss_overview.png) + +We have developed a new storage algorithm which is more efficient, ultra reliable and gives you full control over where your data is stored. + +Our approach is different. Let's try to visualize this new approach with a simple analogy using equations. + +Let a,b,c,d.... be the parts of the original object. You could create endless unique equations using these parts. A simple example: let's assume we have 3 parts of original objects that have the following values: + +``` +a=1 +b=2 +c=3 +``` + +(and for reference the part of the real-world objects is not a simple number like `1` but a unique digital number describing the part, like the binary code for it `110101011101011101010111101110111100001010101111011.....`). + + +With these numbers we could create endless amounts of equations: + +``` +1: a+b+c=6 +2: c-b-a=0 +3: b-c+a=0 +4: 2b+a-c=2 +5: 5c-b-a=12 + +etc. + +``` + +Mathematically we only need 3 to describe the content (value) of the fragments. But creating more adds reliability. Now store those equations distributed (one equation per physical storage device) and forget the original object. So we no longer have access to the values of a, b, c and we just remember the locations of all the equations created with the original data fragments. + +Mathematically we need three equations (any 3 of the total) to recover the original values for a, b or c. So do a request to retrieve 3 of the many equations and the first 3 to arrive are good enough to recalculate the original values. Three randomly retrieved equations are: + +``` +5c-b-a=12 +b-c+a=0 +2b+a-c=2 +``` +And this is a mathematical system we could solve: + +- First: `b-c+a=0 -> b=c-a` +- Second: `2b+a-c=2 -> c=2b+a-2 -> c=2(c-a)+a-2 -> c=2c-2a+a-2 -> c=a+2` +- Third: `5c-b-a=12 -> 5(a+2)-(c-a)-a=12 -> 5a+10-(a+2)+a-a=12 -> 5a-a-2=2 -> 4a=4 -> a=1` + +Now that we know `a=1` we could solve the rest `c=a+2=3` and `b=c-a=2`. And we have from 3 random equations regenerated the original fragments and could now recreate the original object. + +The redundancy and reliability in this system results from creating equations (more than needed) and storing them. As shown these equations in any random order can recreate the original fragments and therefore redundancy comes in at a much lower overhead. + +In our system we don't do this with 3 parts but with thousands. + +##### Example of 16/4 + +Each object is fragmented into 16 parts. So we have 16 original fragments for which we need 16 equations to mathematically describe them. Now let's make 20 equations and store them dispersedly on 20 devices. To recreate the original object we only need 16 equations. The first 16 that we find and collect allows us to recover the fragment and in the end the original object. We could lose any 4 of those original 20 equations. + +The likelihood of losing 4 independent, dispersed storage devices at the same time is very low. Since we have continuous monitoring of all of the stored equations, we could create additional equations immediately when one of them is missing, making it an auto-regeneration of lost data and a self-repairing storage system. + +> The overhead in this example is 4 out of 20 which is a mere **20%** instead of **400%** . + +#### Content Delivery + +This system can be used as backend for content delivery networks. + +E.g. content distribution policy could be a 10/50 distribution which means, the content of a movie would be distributed over 60 locations from which we can lose 50 at the same time. + +If someone now wants to download the data, the first 10 locations to answer will provide enough of the data parts to rebuild the data. + +The overhead here is more, compared to previous example, but stil orders of magnitude lower compared to other CDN systems. + +#### The Quantum Safe Storage System Can Avoid Datarot + +Datarot is the fact that data storage degrades over time and becomes unreadable e.g. on a harddisk. + +The storage system provided by ThreeFold intercepts this silent data corruption ensurinf that data does not rot. + +#### Zero Knowledge Proof Storage System + +The Quantum Safe Storage System is zero knowledge proof compliant. The storage system is made up of / split into 2 components: the actual storage devices use to store the data (ZDB's) and the Quantum Safe Storage engine. + +![Alt text](./img/zero_knowledge_proof.png) + +The zero proof knowledge compliancy comes from the fact that all of the physical storage nodes (3Nodes) can prove that they store a valid part of the data that the quantum safe storage engine (QSSE) has stored on multiple independent devices. The QSSE can validate that all of the QSSE storage devices have a valid part of the original information. The storage devices however have no idea what the original stored data is as they only have a part (description) of the original data and have no access to the original data part or the complete original data objects. + + +#### Mount Any Files In Your Storage Infrastructure + +The QSFS is a mechanism to mount any file system (in any format) on the grid, in a quantum secure way. + +This storage layer relies on 3 primitives: + +- [0-db](https://github.com/threefoldtech/0-db) is the storage engine. +It is an always append database, which stores objects in an immutable format. It allows history to be kept out-of-the-box, good performance on disk, low overhead, easy data structure and easy backup (linear copy and immutable files). + +- [0-stor-v2](https://github.com/threefoldtech/0-stor_v2) is used to disperse the data into chunks by performing 'forward-looking error-correcting code' (FLECC) on it and send the fragments to safe locations. +It takes files in any format as input, encrypts the file with AES based on a user-defined key, then FLECC-encodes the file and spreads out the result +to multiple 0-DBs. The number of generated chunks is configurable to make it more or less robust against data loss through unavailable fragments. Even if some 0-DBs are unreachable, you can still retrieve the original data, and missing 0-DBs can even be rebuilt to have full consistency. It is an essential element of the operational backup. + +- [0-db-fs](https://github.com/threefoldtech/0-db-fs) is the filesystem driver which uses 0-DB as a primary storage engine. It manages the storage of directories and metadata in a dedicated namespace and file payloads in another dedicated namespace. + +Together they form a storage layer that is quantum secure: even the most powerful computer can't hack the system because no single node contains all of the information needed to reconstruct the data. + + + +This concept scales forever, and you can bring any file system on top of it: +- S3 storage +- any backup system +- an ftp-server +- IPFS and Hypercore distributed file sharing protocols + + + +#### Architecture + +By using our filesystem inside a Virtual Machine or Kubernetes, the cloud user can deploy any storage application on top e.g. Minio for S3 storage, OwnCloud as online fileserver. + +Any storage workload can be deployed on top of the zstor. + +### Quantum Safe Network: Mycelium + + +Mycelium is an end-2-end encrypted IPv6 overlay network written in Rust where each node that joins the overlay network will receive an overlay network IP in the 400::/7 range. + +The overlay network uses some of the core principles of the [Babel routing protocol](https://www.irif.fr/~jch/software/babel). + +The planetary network called Mycelium is an overlay network which lives on top of the existing Internet or other peer-to-peer networks created. + +In the Mycelium network, everyone is connected to everyone. End-to-end encryption between users of an app and the app runs behind the network wall. + +Mycelium is an overlay network which lives on top of the existing Internet or other peer-to-peer networks created. In this network, everyone is connected to everyone. End-to-end encryption between users of an app and the app runs behind the network wall. + +Each user end network point is strongly authenticated and uniquely identified, independent of the network carrier used. There is no need for a centralized firewall or VPN solutions, as there is a circle-based networking security in place. + +#### Features + +- Mycelium, is locality aware, it will look for the shortest path between nodes +- All traffic between the nodes is end-2-end encrypted +- Traffic can be routed over nodes of friends, location aware +- If a physical link goes down Mycelium will automatically reroute your traffic +- The IP address is IPV6 and linked to private key +- A simple reliable messagebus is implemented on top of Mycelium +- Mycelium has multiple ways how to communicate quic, tcp, ... and we are working on holepunching for Quick which means P2P traffic without middlemen for NATted networks e.g. most homes +- Scalability is very important for us, we tried many overlay networks before and got stuck on all of them, we are trying to design a network which scales to a planetary level +- You can run mycelium without TUN and only use it as reliable message bus. + +#### Key Benefits + +- It finds shortest possible paths between peers +- There is full security through end-to-end encrypted messaging +- It allows for peer-to-peer links, like meshed wireless +- It can survive broken Internet links and re-route when needed +- It resolves the shortage of IPV4 addresses + +Whereas current computer networks depend heavily on very centralized design and configuration, this networking concept breaks this mold by making use of a global-spanning tree to form a scalable IPv6 encrypted mesh network. This is a peer-to-peer implementation of a networking protocol. + +The following table illustrates the high-level differences between traditional networks like today's Internet, and the Planetary Network created by ThreeFold: + +| Characteristic | Traditional | Mycelium | +| --------------------------------------------------------------- | ----------- | -------- | +| End-to-end encryption for all traffic across the network | No | Yes | +| Decentralized routing information shared using a DHT | No | Yes | +| Cryptographically-bound IPv6 addresses | No | Yes | +| Node is aware of its relative location to other nodes | No | Yes | +| IPv6 address remains with the device even if moved | No | Yes | +| Topology extends gracefully across different mediums, i.e. mesh | No | Yes | +| Post Quantum Safe | No | Yes | + +#### What are the problems solved here? + +The Internet as we know it today doesn’t conform to a well-defined topology. This has largely happened over time - as the Internet has grown, more and more networks have been “bolted together." The lack of defined topology gives us some unavoidable problems: + +- The routing tables that hold a “map” of the Internet are huge and inefficient +- There isn’t really any way for a computer to know where it is located on the Internet relative to anything else +- It is difficult to examine where a packet will go on its journey, from source to destination, without actually sending it +- It is very difficult to install reliable networks into locations that change often or are non-static, i.e. wireless mesh networks + +These problems have been partially mitigated (but not really solved) through centralization - rather than your computers at home holding a copy of the global routing table, your ISP does it for you. Your computers and network devices are configured just to “send it upstream” and to let your ISP decide where it goes from there, but this does leave you entirely at the mercy of your ISP, who can redirect your traffic anywhere they like and to inspect, manipulate, or intercept it. + +In addition, wireless meshing requires you to know a lot about the network around you, which would not typically be the case when you have outsourced this knowledge to your ISP. Many existing wireless mesh routing schemes are not scalable or efficient, and do not bridge well with existing networks. + +### Zero-OS Operating System + +Z-OS (Zero Operating System) is a lightweight and secure operating system designed specifically for running workloads on the ThreeFold Grid. Z-OS provides a minimalistic and containerized environment for applications, enabling efficient resource allocation and management. With Z-OS, developers can deploy their applications easily and take advantage of the scalability and resilience offered by the ThreeFold Grid. + +ThreeFold built this decentralized autonomous operating system (OS) from scratch, starting with just a Linux kernel, for the purpose of dedicating hardware capacity to users of the TF Grid. + +Based on ThreeFold’s open-source technology, Zero-OS is a stateless and lightweight operating system that allows for an improved efficiency of up to 10x for certain workloads. Our OS achieves unparalleled levels of efficiency and security. With no remote shell or login and extremely small footprint, Zero-OS ensures that hosted workloads are protected from administrative exploits and human intervention. + +All 3Nodes are booted with Zero-OS to provide the storage, compute and network primitives for our open-source peer-to-peer Internet infrastructure. Due to the unique design of Zero-OS, any server-like hardware with an AMD or Intel processor can be booted and dedicated to the network. + +Zero-OS runs autonomously on 3Nodes once booted, requiring no maintenance or administration. The process is actually quite simple, also enabling people without technical skills to join the TFGrid by connecting a node in their home or office with full data sovereignty and security. + +#### Zero-OS Installation + +The Zero-OS is delivered to the 3Nodes over the internet network (network boot) and does not need to be installed. + +##### 3Node Install + +1. Acquire a computer (server). +2. Configure a farm on the TFGrid explorer. +3. Download the bootloader and put on a USB stick or configure a network boot device. +4. Power on the computer and connect to the internet. +5. Boot! The computer will automatically download the components of the operating system (Zero-OS). + +The actual bootloader is very small. It brings up the network interface of your computer and queries TFGeid for the remainder of the boot files needed. + +The operating system is not installed on any local storage medium (hard disk, ssd). Zero-OS is stateless. + +The mechanism to allow this to work in a safe and efficient manner is a ThreeFold innovation called our container virtual filesystem. + +For more information on setting a 3Node, please refer to the [Farmers documentation](../../../../documentation/farmers/farmers.md). + + +#### Unbreakable Storage + +- Unlimited history +- Survives network, datacenter or node breakdown +- No silent corruption possible +- Quantum safe (data cannot be decrypted by quantum computers) as long as quantum computer has no access to the metadata +- Self-healing & autocorrecting + + +If you deploy a container with simple disk access, you don’t have it. +Performance is around 50MB/second, if a bit more CPU is given for the distributed storage encoder, we achieve this performance. + +#### Zero Hacking Surface + +Zero does not mean is not possible but we use this term to specificy that we minized the attack surface for hackers. + +- There is no shell/server interface on zero-os level (our operating system) +- There are no hidden or unintended processes running which are not prevalidatedOne comment: still ssh server running with keys of a few people on each server, not yet disabled. To be disabled in the near future, now still useful to debug but it is a backdoor. The creation of a new primitive where the farmer agrees to give access to administrators under analysis. This way, when a reservation is sent to a node, a ssh server is booted up with chosen key to allow admins to go in. + +#### Zero Boot + +> Zero Boot = Zero-OS boot process + +ZOS Boot is a boot facility that allows 3nodes to boot from network boot servers located in the TF Grid. This boot mechanism creates as little as possible operational and administration overhead. ZOS Boot is a crucial part for enabling autonomy by *not* having the operating system installed on local disks on 3nodes. With a boot network facility and no local operating system files you immediate erase a number of operational and administration tasks: + +- to install the operating system to start with +- to keep track of which systems run which version of the operating system (especially in large setups this is a complicated and error prone task) +- to keep track of patches and bug fixes that have been applied to systems + +That's just the administration and operational part of maintaining a server estate with local installed operating system. On the security side of things the benefits are even greater: +- many hacking activities are geared towards adding to or changing parts of the operating system files. This is a threat from local physical access to servers as well as over the network. When there are no local operating system files installed this threat does not exist. +- accidental overwrite, delete or corruption of operating system files. Servers run many processes and many of these processes have administrative access to be able to do what they need to do. Accidental deletion or overwrites of crucial files on disk will make the server fail a reboot. +- access control. I there is no local operating system installed access control, user rights etc etc. are unnecessary functions and features and do not have to be implemented. + +#### How + +In this image from fs, a small partition is mounted in memory to start booting the machine, it gets IPXE (downloads what it needs), and then 0-OS boots. +After that, going to the hub, downloading different lists. + +There is 1 main flist that triggers downloads of multiple flists. Read more [here](../../../../documentation/developers/flist/flist.md). +In there all the components/daemons that do part of the 0-OS. +Also the download of the zos-bins, i.e. external binaries are triggered this way (https://hub.grid.tf/tf-zos-bins). + +The core components of zero-os can be found in: [Zero-OS repo](https://github.com/threefoldtech/zos/tree/master/bins/packages) = If something changes in the directory, a workflow is triggered to rebuild the full flist and push it to the hub. + +When a node discovers there is a new version of one of these lists on the hub, it downloads it, restarts the daemon with the new version. +Over the lifetime of the node, it keeps pulling on the hub directories to check whether new daemons/flists/binaries are available and whether things need get upgraded. + +#### Features + +The features of ZOS Boot are: + +- no local operating system installed +- network boot from the grid to get on the grid +- decreased administrative and operational work, allowing for autonomous operations +- increased security +- increased efficiency (deduplication, only one version of the OS stored for thousands of servers) +- all server storage space is available for enduser workloads (average operating system size around 10GB) +- bootloader is less than 1MB in size and can be presented to the servers as a PXE script, USB boot device, ISO boot image. + + +#### Deterministic Deployment + +- flists concept (deduped vfilesystem, no install, ...) + +The Dedupe filesystem flist uses fuse = interface which allows you to create the file system interface in user space, it is a virtual filesystem. +Metadata is exposed. The system sees the full tree of the image, but data itself not there, data is downloaded whenever they are accessed. + +There are multiple ways to create an flist: + - Convert an existing docker image which is hosted on the docker hub + - Push an archive like a tjz on the hub + - A library and CLI tool exist to build the flist from scratch: doing it this way, the directory is locally populated, and the flist is then created from the CLI tool. + - A [GitHub action](https://github.com/threefoldtech/publish-flist) allows to build a flist directly from GitHub action, useful for developers on GitHub + +Be aware that the flist system works a bit differently than the usual deployment of containers (dockers), which doesn't do mounting of volumes from your local disk into container for configuration. +With flists you need to modify your image to get configuration from environment. This is basically how docker was originally intended to be used. + + - Smart contract for IT + The smart contract for IT concept is applicable to any workload: containers, VMs, all gateways primitives, volumes, kubernetes and network. + It is a static agreement between farmer and user about deployment of an IT workload. + + - no dynamic behavior for deployment at runtime + + - no process can start unless the files are 100% described on flist level + +#### Zero-OS Protect + +- The operating system of the 3node (Zero-OS) is made to exist in environments without the presence of technical knowhow. 3nodes are made to exist everywhere where network meet a power socket. The OS does not have a login shell and does not allow people to log in with physical access to a keyboard and screen nor does it allows logins over the network. There is no way the 3node accepts user initiated login attempts. +- For certified capacity a group of known strategic vendors are able to lock the [BIOS](https://en.wikipedia.org/wiki/BIOS) of their server range and make sure no-one but them can unlock and change features present in the BIOS. Some vendors have an even higher degree of security and can store private keys in chips in side the computer to provider unique identification based on private keys or have mechanisms to check wether the server has been opened / tampered with in the transportation from the factory / vendor to the Farmer. All of this leads to maximum protection on the hardware level. +- 3nodes boot from a network facility. This means that they do not have local installed operating system files. Also they do not have a local username / password file or database. Viruses and hackers have very little work with if there are no local files to plant viruses or trojan horses in. Also the boot facility provides hashes for the files sent to the booting 3node so that the 3node can check wether is receives the intended file, no more man in the middle attacks. +- The zos_fs provides the same hash and file check mechanism. Every application file presented to a booting container has a hash describing it and the 3node on which the container is booting can verify if the received file matches the previously received hash. +- Every deployment of one or more applications starts with the creation of a (private) [znet](../../primitives/network/znet.md). This private overlay network is single tenant and not connected to the public internet. Every application or service that is started in a container in this overlay network is connection to all of the other containers via a point to point, encrypted network connection. + +### Smart Contract for IT + + +From TFGrid 3.0, the 'Smart Contract for IT' concept for reserving capacity is fully decentralized and runs on TF-Chain, the ThreeFold blockchain infrastructure on Parity Substrate. + +#### Architecture + +Two main components play a role in achieving a decentralised consensus between a user and a farmer. + +- TFGrid Substrate Database Pallet TFGrid +- TFGrid Smart Contract + +The TF-Grid Substrate Database will keep a record of all Entities, Twins, Nodes and Farmers in the TF-Grid network. This makes it easy to integrate the Smart Contract on Substrate as well since we can read from that storage in runtime. + +![flow](./img/smartcontract3_flow.jpg) + +The Smart Contract on Substrate works as following: + +#### 1: Deploy a Workload + +To deploy a workload, the user interacts with this smart contract pallet and calls: `create_contract` with the input being: + +The user must instruct his twin to create the contract. *This program containing his digital twin is yet to be defined.* A contract will always belong to a twin and to a node. This relationship is important because only the user's twin and target node's twin can update the contract. + +```js +contract = { + version: contractVersion, + contract_id: contractID, + twin_id: NumericTwinID for the contract, + // node_address is the node address. + node_id: NumericNodeID + // data is the encrypted deployment body. This encrypted the deployment with the **USER** public key. So only the user can read this data later on (or any other key that he keeps safe). + // this data part is read only by the user and can actually hold any information to help him reconstruct his deployment or can be left empty. + data: encrypted(deployment) // optional + // hash: is the deployment predictable hash. the node must use the same method to calculate the challenge (bytes) to compute this same hash. + //used for validating the deployment from node side. + deployment_hash: hash(deployment), + // public_ips: number of ips that need to be reserved by the contract and used by the deployment + public_ips: 0, + state: ContractState (created, deployed), + public_ips_list: list of public ips on this contract +} +``` + +The `node_id` field is the target node's ID. A user can do lookup for a node to find its corresponding ID. + +The workload data is encrypted by the user and contains the workload definition for the node. + +If `public_ips` is specified, the contract will reserve the number of public ips requested on the node's corresponding farm. If there are not enough ips available an error will be returned. If the contract is canceled by either the user or the node, the IPs for that contract will be freed. + +This pallet saves this data to storage and returns the user a `contract_id`. + +#### 2: Sending Data + +The user sends the contractID and workload through the RMB to the destination Node. + +The Node reads from the [RMB](https://github.com/threefoldtech/rmb) and sees a deploy command, it reads the contractID and workload definition from the payload. +It decodes the workload and reads the contract from chain using the contract ID, the Node will check if the user that created the contract and the deployment hash on the contract is the same as what the Node receives over RMB. If all things check out, the Node deploys the workload. + +#### 3: Reports + +The Node sends consumption reports to the chain + +The Node periodically sends consumption reports back to the chain for each deployed contract. The chain will compute how much is being used and will bill the user based on the farmers prices (the chain can read these prices by quering the farmers storage and reading the pricing data). See [PricingPolicy](https://github.com/threefoldtech/substrate-pallets/blob/03a5823ce79200709d525ec182036b47a60952ef/pallet-tfgrid/src/types.rs#L120). + +A report looks like: + +json +``` +{ + "contract_id": contractID, + "timestamp": "timestampOfReport", + "cru": cpus, + "sru": ssdInBytes, + "hru": hddInBytes, + "mru": memInBytes, + "nru": trafficInBytes +} +``` + +The node can call `add_reports` on this module to submit reports in batches. + +Usage of SU, CU and NU will be computed based on the prices and the rules that Threefold set out for cloud pricing. + +Billing will be done in Database Tokens and will be send to the corresponding farmer. If the user runs out of funds the chain will set the contract state to `cancelled` or it will be removed from storage. The Node needs to act on this 'contract cancelled' event and decommission the workload. + +The main currency of this chain. More information on this is explained here: TODO + +#### Notes + +Sending the workloads encrypted to the chain makes sure that nobody except the user can read his deployment data. It also facilitates a way for the user to recreate his workload data from the chain. + +#### Infrastructure as Code and DevOps + +Smart Contract on TFChain allows for efective DevOps deployments. DevOps is a process framework that ensures collaboration between Development and Operations Team to deploy code to production environment faster in a repeatable and automated way. + +In simple terms, DevOps can be defined as an alignment between development and IT operations with better communication and collaboration. + +![](./img/devops.png) + +### Web Gateway + +The Web Gateway is a mechanism to connect private networks to the open Internet in such a way that there is no direct connection between the Internet and the secure workloads running in the ZMachines. + +![](img/webgateway.jpg) + +#### Key Benefits + +- Separation between where compute workloads are and where services are exposed +- Redundancy: Each app can be exposed on multiple web gateways at once +- Support for many interfaces +- Helps resolve shortage of IPv4 addresses + +#### Implementation + +Some 3Nodes support gateway functionality (this is configured by the farmers). A 3Node with gateway configuration can then accept gateway workloads and forward traffic to ZMachines that only have Planetary Network or IPv6 addresses. + +The gateway workloads consist of a name (prefix) that first needs to be reserved on the blockchain. Then, the list of backend IPs. There are other flags that can be set to control automatic TLS (please check Terraform documentation for the exact details of a reservation). + +Once the 3Node receives this workload, the network configures proxy for this name and the Planetary Network IPs. + +#### Security + +ZMachines have to have a Planetary Network IP or any other IPv6 (IPv4 is also accepted). This means that any person connected to the Planetary Network can also reach the ZMachine without the need for a proxy. + +So it's up to the ZMachine owner/maintainer to make sure it is secured and that only the required ports are open. + +#### Redundant Network Connection + +![](img/redundant_net.jpg) + +#### Unlimited Scale + +![](img/webgw_scaling.jpg) + +The network architecture is a pure scale-out network system. It can scale to unlimited size, there is simply no bottleneck. Network "supply" is created by network farmers, and network "demand" is done by TF Grid users. + +Supply and demand scale independently. For supply, there can be unlimited network farmers providing web gateways on their own 3Nodes, and unlimited compute farmers providing 3Nodes for compute and storage. The demand side is driven by developers creating software that runs on the grid, system integrators creating solutions for enterprises, and so on. Globally, there is exponentially-growing demand for data processing and storage use cases. + +## Disclaimer + +This document represents a vision of the ThreeFold Internet Capacity project at a given time in space. It might not be representative of the future and is written as a best effort basis. This is not financial advice and we encourage everyone to do their own research. + +The information provided on this website and in any related materials is not intended as investment advice or a recommendation to buy or sell any security, including cryptocurrencies. The information provided is for general educational purposes only and should not be relied upon as the sole basis for making investment decisions. + +We make no warranties or guarantees regarding the performance or value of any cryptocurrency or blockchain-based asset. We do not guarantee that any investment will be profitable or that you will recoup your investment. + +By using this website and participating in the project, you acknowledge that you have read and understood the risks associated with investing in cryptocurrencies and blockchain-based assets, and you agree to use this website and participate in the project at your own risk. + +The whole project is open-source, mostly under the Apache 2.0 license. We encourage everyone to participate in the Internet Capacity project. + +By accessing this website and participating in the project, you acknowledge that you have read and understood this disclaimer and the risks associated with investing in cryptocurrencies and blockchain-based assets. + +If you have any questions or concerns about this disclaimer or the project, please contact us at [info@threefold.io](mailto:info@threefold.io). \ No newline at end of file