As with any dangerous new technology, it's fortunate that Urbit is not yet fully armed and operational. It's our plan to introduce Martian computing gradually, to avoid producing serious social unrest. He who controls the spice controls the universe. While Martian code is not in any real position to dominate the universe, it cannot be described as Martian with a straight face, unless clearly designed to dominate the world. After all, it's already dominating Mars!
— C.G Yarvin, 2010
Red Horizon is a unique venture into the Urbit hosting ecosystem by Chorus One. The aim of the project is to provide reliable and secure Urbit hosting for millions of users, in anticipation of a day in the future when demand for Urbit ships grows to the point that truly scalable hosting is needed. Our strategy is to enable an approach to hosting that can be extended to a datacenter scale, and use the experiences of real people to ensure that our architecture is suitable for every class of Urbit user.
The name “Red Horizon” suggests a vision of the future in which the principles of Urbit Maximalism have become common sense in the tech industry. Urbit Maximalism can be broadly defined as a state of affairs in which all software either:
- Is Urbit
- Runs on Urbit
- Implements Urbit
Within our project, the third item is most important to us. We
specialize in software that hosts, transports, and wrangles the
urbit program. In the future, software that implements
Urbit will be critical infrastructure to the functioning of global
society. We are choosing to research and build this kind of software
today in order to position ourselves well in this anticipated
The key program that we research and develop in the Red Horizon team is called Satellite. Satellite is a bespoke program for orchestrating a cluster of Urbit ships in a hybrid environment of bare metal and cloud Unix machines. Satellite is written with an attitude of agnosticism towards business logic concerns, such as users and payments. It is intended to be generic software appropriate for a broad array of potential licensing models.
We decided to build Satellite in response to concerns within the Urbit hosting community, most prolifically expounded by Wexpert Systems, that traditional orchestration tools such as Kubernetes and Nomad were not suitable to Urbit hosting at scale. Where most orchestration tools specialize in handling Docker images, Satellite is built specifically to handle Urbit ships.
The aim of Satellite is to abstract the full lifecycle of an Urbit ship in a hosted environment behind a unified API. This API obscures the details of physical resources and locations from the caller, treating the entire cluster as one server containing a fleet of ships. Messages bound to a particular ship are routed through Satellite’s mesh network until they reach their destination. In addition to tracking the lifecycle state of each ship, Satellite nodes maintain consensus on which Urbit IDs are already booted somewhere in the cluster, in order to prevent double-booting.
Satellite is intended to power our own retail product, as well as a developer API for other companies building products on Urbit to include hosting as a modular component of their offering. At this stage, its codebase is proprietary to us and not available to the general public. As the Urbit hosting market, and Satellite itself, matures, we are open to licensing the codebase to key partners, or open sourcing the project entirely.
The purpose of Red Horizon’s offering of Urbit hosting to the public, in addition to our business partnerships, is to research the needs of Urbit hosting for every possible use case, and to develop a Satellite that can handle all of them. By putting our fleet under the pressure of real uses, and reporting on real problems, our users provide substantial value to our project. Because of the value these insights provide towards our long-term vision of creating scalable Urbit hosting for millions of users, we are happy to do the lion’s share of our current hosting business without payment.
Our product primarily consists of a dashboard for managing the credentials to a running Urbit ship, which uniquely belongs to the owner of an account at redhorizon.com. This includes a URL at a redhorizon.com subdomain, and an access key (a kind of master password) to the ship.
To the general public, we offer an onboarding package to Urbit that
includes the key components of what we find most interesting in
Urbit userspace today. This includes Tlon’s Landscape product,
Uqbar’s development suite, and some basic utilities such as
All of these applications are free and open source software, and can
be uninstalled or reinstalled by our users if they choose.
In contrast to vertically integrated hosting outfits such as Tlon and Holium, neither of which should be considered direct competitors to our business, we have only the mildest of opinions about what our users should be doing on Urbit. We do not develop in Urbit userspace and have no plans to do so. While we continue to work to ensure that new users on the network can make the most out of their access to the network, we rely entirely on the community to create the on-Urbit experiences that are truly valuable.
We also seek to cooperate with partners across the ecosystem to offer different classes of Urbit onboarding experiences. We have developed an integration, for example, with Uqbar’s Pongo product, which allows users to claim a running Urbit ship with Pongo pre-installed, and use Urbit rapidly using only a mobile phone. We are also collaborating with Vaporware Network, in conjunction with several other hosting providers, in order to provide a unique Web3 experience in which an NFT is associated directly with a hosted Urbit ship.
We plan to offer a developer API that allows application developers on Urbit to use our platform to onboard and host users to their app. We envision the Red Horizon Developer API to be a modular component of many Urbit applications, with our infrastructure as a “black box” that abstracts away the infrastructural requirements that Urbit applications normally presuppose as part of their distribution.
Companies developing products on Urbit that require a smooth,
hosting-enabled onboarding experience should not hesitate to reach
out to Red Horizon. Send a DM to
~tiller-tolbus on Talk
with any inquiries.
The philosophy driving Urbit development, on every level in which Urbit development occurs, is driven by the self-evident principle of a user’s ownership of their own data. In a hosting context, this means that a unique “pier”, a directory containing an Arvo noun, belongs essentially to the user who owns its respective Urbit ID, and can be treated as portable by its user.
To respect a user’s ownership over their pier, a hosting provider must meet specific criteria. We hold ourselves strongly to these criteria and denounce as untrustworthy any hosting company that does not.
- Each pier is associated with one unique user, and belongs essentially to that user.
- If this user requests that their pier be exported to them, this request is honored.
Our account management system associates an email address with each pier. We are committed to the safekeeping of each pier associated with an email address for the duration of their service with us, and at least one year thereafter. If an export is requested, we will not withhold a user’s pier from them unless required to by law.
Privacy and Security
While we remain committed to offering the most private and secure Urbit hosting service possible, there are limitations to Urbit itself that prevent us from making the strongest of guarantees. Users concerned about privacy and security should be aware of these limitations.
The Urbit virtual machine, by default, stores all of its data values in plain text. For Urbit to store data encrypted by client-side keys, an application developer must manually specify and design for it. Most Urbit applications do not make any special effort into obscuring their data from hosting providers, and so hosting providers have physical access to a vast portion of their users’ data.
While we can set in place policies, procedures, and access levels that protect user data, there is no technological limitation preventing unauthorized access to a ship hosted with a provider. Furthermore, it is likely for a user’s private information, such as which applications they use and with whom they communicate, to become incidentally visible to support engineers who work on their ship.
Without question, a user’s relationship to their hosting provider is a trusted relationship.
There are also well-known security flaws in Urbit OS that users should be aware of. For example, an Urbit instance is trivially subject to DDoS attacks, and a dedicated attacker who wishes to interrupt service could potentially make any Urbit ship unusable for a period. In addition, there is not yet a system of permissions that can give an application less than full control over the system in which it runs, creating a deep attack vector with any software providers the user is subscribed to. These and other known security problems are discussed at Urbit.org.
Due to these technological complications, we have not yet committed to a firm privacy or security policy. We look forward to guaranteeing user privacy and security in the strongest possible terms, while acknowledging the technical practicalities that affect every hosting provider.
Our business model at this stage is best classified as a research business. In specific, we are researching the necessary capabilities of an Urbit hosting provider operating at a large scale, and operating at a small scale in order to test and perfect these capabilities.
At the time of this writing, our opinion is that the collection of applications and experiences available on Urbit today do not resemble a paid product. At the same time, we expect this business to generate profits in the future, although we do not know exactly when. A likely outcome is that our hosting indefinitely continues to have a limited free version available to the general public.
We guarantee at least one year of free hosting to all of our users. We are guaranteeing our free hosting option to remain available to all users until at least June 2024.