Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


jimaek is Giving Away 20 Globalping Probes Through December 5! WORLDWIDE! Enter to Win!
New on LowEndTalk? Please Register and read our Community Rules.

jimaek is Giving Away 20 Globalping Probes Through December 5! WORLDWIDE! Enter to Win!

raindog308raindog308 Administrator
edited December 5 in Announcements

image

You may have read about Globalping here on LET. Globalping is a global monitoring network being built out by the folks who brought you jsdelivr.

There's a hardware side to the project. Here's what their probes look like:

...and you can win one!

@jimaek is giving away 20 probes. Details:

  • Worldwide with free shipping!
  • Now through midnight, Monday, December 5, 2022
  • fill out this form for a chance to win!

@jimaek will answer any other questions...good luck and enjoy! And thank you @jimaek!

«13

Comments

  • This is cool!

  • JabJabJabJab Member
    edited November 20

    I see only one cable - is this PoE (or some other witchcraft?!) or just (poorly) staged for photo - there is some port next to LAN - USB (power) port I guess?

    // Anyway like I posted long time ago - I like the project, sad that I can't just buy device like that from China and flash firmware, but hey, I can "win" one here so I've sold my personal data, but with some additional comments to most likely make you skip me ;')

    Thanked by 2henix greentea
  • Kool stuff! Love to try on out. Filled the form...

  • Let's try luck :-)

  • yoursunnyyoursunny Member, IPv6 Advocate

    So, winner gets a botnet client that taps into their intranet?
    Globalping isn't necessarily evil today, but what if the creator gets abducted and is forced to deliver a malicious update to every hardware probe?

  • Sweet!

  • Looks cool.

  • @yoursunny said:
    So, winner gets a botnet client that taps into their intranet?
    Globalping isn't necessarily evil today, but what if the creator gets abducted and is forced to deliver a malicious update to every hardware probe?

    Put it on a separate VLAN that doesn't have access to the rest of your network. (that's a good idea for all IoT devices).

    @JabJab said: I see only one cable - is this PoE

    I hope it's PoE... There's too many small devices that need unusually large power bricks.

    Thanked by 1yoursunny
  • looks interesting

  • jtcxjtcx Member

    There's a USB-A port to the left of the ethernet cable, and a Micro USB OTG port and MicroSD slot on the back. I'm assuing the micro-usb is for power.

  • @JabJab said:
    I see only one cable - is this PoE (or some other witchcraft?!) or just (poorly) staged for photo - there is some port next to LAN - USB (power) port I guess?

    // Anyway like I posted long time ago - I like the project, sad that I can't just buy device like that from China and flash firmware, but hey, I can "win" one here so I've sold my personal data, but with some additional comments to most likely make you skip me ;')

    The package includes:

    • Probe
    • Ethernet cable
    • Power dongle
    • Stickers
    • Adapter for US/UK when needed

    So, winner gets a botnet client that taps into their intranet?
    Globalping isn't necessarily evil today, but what if the creator gets abducted and is forced to deliver a malicious update to every hardware probe?

    There is no way to remotely update the firmware, only the code itself, which is by default downloaded from GitHub and initiated by the probe. So the whole world would see the malicious package as I would have to push it to public releases.

    So hopefully my abductors-to-be will understand this and give up on their idea :)

    Thank you all!

    Please consider leaving a GitHub start https://github.com/jsdelivr/globalping and maybe running a docker container probe on a spare server https://github.com/jsdelivr/globalping-probe

  • yoursunnyyoursunny Member, IPv6 Advocate

    @jimaek said:
    There is no way to remotely update the firmware, only the code itself, which is by default downloaded from GitHub and initiated by the probe.

    There is no way to remotely update the Linux kernel and Docker Engine.
    If one of them has a critical vulnerability, it cannot be patched.

    Thanked by 1greentea
  • @yoursunny said:

    @jimaek said:
    There is no way to remotely update the firmware, only the code itself, which is by default downloaded from GitHub and initiated by the probe.

    There is no way to remotely update the Linux kernel and Docker Engine.
    If one of them has a critical vulnerability, it cannot be patched.

    Please check https://github.com/jsdelivr/globalping-hwprobe#security and https://github.com/jsdelivr/globalping-probe#security

    I believe we did everything possible to harden these devices (and I am open to new ideas as well), we also researched RIPE Atlas's experience since they have been doing something similar for years without problems.

    Based on their example its entirely possible to get this right, I am sure many people dont trust their probes either but when there is no trust there can be no products and services like this one either.

    In your last example I think there should not be no attack surface whatsoever since neither the hardware nor software probes open any ports at all. They establish the connection first. So a remote attacker should not be able to interact with them in any way.
    The filesystem is also read-only so linux level attacks should not be an issue at all. Software attacks are theoretically possible of course, we're doing our best to ensure 100% security but in case of software we can quickly deploy fixes if there's ever a problem.

  • I also wanted to add that my personal opinion is that the smart devices with preparatory software are a lot more dangerous than hosting an open source probe.

    If someone wanted to abuse a global network of devices it would probably be easier to just pay a Chinese TV or smart coffee machines manufacturer to ship all kinds of code you would never even know about :)

    They are also never updated or maintained so targeting popular smart devices makes a lot more sense, and gives the hackers a lot more reach.

    Additionally to basic decency in our case its a question of reputation, not just for Globalping but for the jsDelivr project and me personally as well.

    But in any case nobody is forced to do anything :) If you want to participate but are afraid of hosting a probe maybe just consider running a container on a secured server, that's also super useful!

    Thanked by 2yoursunny Decicus
  • It looks like we already have 40 submissions! Thank you all for the support!

    I intend to honor all of them so expect to get a package within a week or 2 depending on where you live. But at the moment that's my limit :)

    Everyone else who wants to participate can do so by running our docker container probe on any ARM or x86 hardware. Idling VPS, dedicated servers, home/office servers, raspberry pi...

    https://github.com/jsdelivr/globalping-probe

    docker run -d --network host --restart=always --name globalping-probe ghcr.io/jsdelivr/globalping-probe
    

    Thanks again and feel free to open GitHub issues with ideas, feedback, bug reports or anything else. Additionally we can chat about it over here https://lowendtalk.com/discussion/179348/call-for-alpha-testers-a-new-global-network-testing-service-open-source#latest

    The site is coming in a month or so, the CLI will launch at the same time. The Slack App is already live and can be installed, same for the GitHub Bot.

    And if anyone wants to integrate our API in a project of yours just PM me and I will help you with anything you might need! (e.g. an mtr.sh alternative can be easily powered by Globalping)

  • _MS__MS_ Member

    @jimaek, just filled the form (which was active in one of the tabs for some time), I hope there's room for one more.
    Anyway, thanks for the giveaway.
    Good luck with the project! :)

    Thanked by 1jimaek
  • Thanks for the giveway.

    Thanked by 1jimaek
  • I'll try to accommodate all extra submissions but it might take a lot longer than a few weeks :)

    Thanked by 3_MS_ abtdw greentea
  • _MS__MS_ Member
    edited November 21

    @jimaek said:
    I'll try to accommodate all extra submissions but it might take a lot longer than a few weeks :)

    Thanked by 2jimaek greentea
  • Cool, more probes on the net. I am running the docker version on all my vps'es for about two weeks, as soon as I have heard of that initiative.

  • @eliphas said:
    Cool, more probes on the net. I am running the docker version on all my vps'es for about two weeks, as soon as I have heard of that initiative.

    I appreciate it, thanks 👍

  • @jimaek said: Power dongle

    Any plans to have a PoE version in the future? It'd be a lot more convenient for people that already have PoE switches.

  • @Daniel15 said:

    @jimaek said: Power dongle

    Any plans to have a PoE version in the future? It'd be a lot more convenient for people that already have PoE switches.

    Too expensive unfortunately :( At least for now, maybe in the future when prices drop...

  • Daniel15Daniel15 Member
    edited November 21

    @jimaek said:

    @Daniel15 said:

    @jimaek said: Power dongle

    Any plans to have a PoE version in the future? It'd be a lot more convenient for people that already have PoE switches.

    Too expensive unfortunately :( At least for now, maybe in the future when prices drop...

    Ah :( No worries.

    I still want to power mine via PoE, so I'll buy a MicroUSB PoE splitter.

    I love the idea of this project! This is what I should have done with https://dnstools.ws/.

    Thanked by 1default
  • Ah :( No worries.

    I still want to power mine via PoE, so I'll buy a MicroUSB PoE splitter.

    I love the idea of this project! This is what I should have done with https://dnstools.ws/.

    Great :) Let me know if you ever want to partner somehow on dnstools!

    Thanked by 1default
  • Hey all, thank you for the support so far. There are plenty of exciting locations in the list that will make network monitoring, debugging and optimization easier for all of us!

    I wanted to let you all know that everyone who submitted the form will get a probe!

    The first 40 people will get them pretty soon but if you submitted the form a bit later you might have to way longer as I wait for a new batch of devices to get here.

    And as always consider running a container on all spare hardware

    docker run -d --network host --restart=always --name globalping-probe ghcr.io/jsdelivr/globalping-probe
    
  • yoursunnyyoursunny Member, IPv6 Advocate

    @jimaek said:
    --network host

    Why does the container need host networking?

    Why not use a Docker bridge network with NAT'ed IPv4 and public IPv6?
    This way, it provides some isolation from other containers.

    Such a bridge is created with:

    docker network create --ipv6 \
      --opt com.docker.network.bridge.name=d0ipv6 \
      --subnet=172.26.0.0/16 --subnet=$NDP \
      ipv6exposed
    

    where $NDP is an IPv6 prefix configured in ndpresponder.

    ghcr.io

    This doesn't work on IPv6-only KVM providers, such as @Lampard LimitlessHost VPS.
    You can host it on a different registry, possibly a private one, so that it works over IPv6.

    [email protected]:~$ docker run -d --network ipv6exposed --restart=
    always --name globalping-probe ghcr.io/jsdelivr/globalping-p
    robe
    Unable to find image 'ghcr.io/jsdelivr/globalping-probe:late
    st' locally
    docker: Error response from daemon: Get "https://ghcr.io/v2/
    ": dial tcp 140.82.114.34:443: connect: network is unreachab
    le.
    See 'docker run --help'.
    
    Thanked by 2Xrmaddness xms
  • defaultdefault Member
    edited November 22

    @jimaek - What hardware do these probes contain inside? I am guessing it's some kind of single board computer, since we are talking about kernels and docker, right?

  • jimaekjimaek Member
    edited November 22

    @yoursunny

    Why does the container need host networking?

    To avoid any mesh/overlay networking overhead impacting the tests, e.g. the latency. In theory there is nothing stopping you from running the container without host networking, but its a recommendation we make to avoid potential problems.

    This doesn't work on IPv6-only KVM providers, such as @Lampard LimitlessHost VPS.
    You can host it on a different registry, possibly a private one, so that it works over IPv6.

    I wasn't aware that ghcr.io doesnt support ipv6. I guess we can make a mirror later.
    But we dont support Ipv6 at all at the moment, so even if the registry was fixed it wouldn't really help with anything. I want to first get to a polished ipv4 experience.

    @default said:
    @jimaek - What hardware do these probes contain inside? I am guessing it's some kind of single board computer, since we are talking about kernels and docker, right?

    Yes, its similar to raspberry pi but with older tech. 4 core ARM CPU and 512MB RAM.

  • yoursunnyyoursunny Member, IPv6 Advocate

    No IPv6 hall of shame

    • GitHub, Globalping
    • Outlook
    • SparkPost
    • ColonCrossing - VirMach, RackNerd, CloudServer, HostNamaste (Dallas), cheapwindowsvps
    • XetHost
    • SoftShellWeb (San Jose only)
    • IOFlood - 1TBVPS, Inception Hosting (Phoenix)
    • KhanWebHost
    • Wishosting
    • Reprise Hosting
    • HostWebis
    • Nexus Bytes (shared hosting only)
    • Oplink
    • Leapswitch Networks (except Mumbai)
    • FTPiT (Fremont and New York only)
    • DedicatServer gardens
    • HostTiger HostTigger
    • ForwardWeb
    • SKB Enterprise
    • HostHatch (Sydney etc)
    • Watta Server, ONeil Online
    • HostMayo
    • Private-Hosting di Cipriano Oscar
    • GardenCloud gardens
    • CoreHosting
    • Hye Cloud

    Include IPv6 for no extra cost on every plan in every location to get delisted.

Sign In or Register to comment.