New on LowEndTalk? Please Register and read our Community Rules.
jimaek is Giving Away 20 Globalping Probes Through December 5! WORLDWIDE! Enter to Win!
edited December 2022 in Announcements
You may have read about Globalping here on LET. Globalping is a global monitoring network being built out by the folks who brought you jsdelivr.
There's a hardware side to the project. Here's what their probes look like:
...and you can win one!
@jimaek is giving away 20 probes. Details:
- Worldwide with free shipping!
- Now through midnight, Monday, December 5, 2022
- fill out this form for a chance to win!
@jimaek will answer any other questions...good luck and enjoy! And thank you @jimaek!
Thanked by 10shelfchair _MS_ Ganonk arifur shabaz RendeRR anatoli Koi NewToTheGame slme丶皮皮
This is cool!
I see only one cable - is this PoE (or some other witchcraft?!) or just (poorly) staged for photo - there is some port next to LAN - USB (power) port I guess?
// Anyway like I posted long time ago - I like the project, sad that I can't just buy device like that from China and flash firmware, but hey, I can "win" one here so I've sold my personal data, but with some additional comments to most likely make you skip me ;')
Kool stuff! Love to try on out. Filled the form...
Let's try luck :-)
So, winner gets a botnet client that taps into their intranet?
Globalping isn't necessarily evil today, but what if the creator gets abducted and is forced to deliver a malicious update to every hardware probe?
Put it on a separate VLAN that doesn't have access to the rest of your network. (that's a good idea for all IoT devices).
I hope it's PoE... There's too many small devices that need unusually large power bricks.
There's a USB-A port to the left of the ethernet cable, and a Micro USB OTG port and MicroSD slot on the back. I'm assuing the micro-usb is for power.
The package includes:
There is no way to remotely update the firmware, only the code itself, which is by default downloaded from GitHub and initiated by the probe. So the whole world would see the malicious package as I would have to push it to public releases.
So hopefully my abductors-to-be will understand this and give up on their idea
Thank you all!
Please consider leaving a GitHub start https://github.com/jsdelivr/globalping and maybe running a docker container probe on a spare server https://github.com/jsdelivr/globalping-probe
There is no way to remotely update the Linux kernel and Docker Engine.
If one of them has a critical vulnerability, it cannot be patched.
Please check https://github.com/jsdelivr/globalping-hwprobe#security and https://github.com/jsdelivr/globalping-probe#security
I believe we did everything possible to harden these devices (and I am open to new ideas as well), we also researched RIPE Atlas's experience since they have been doing something similar for years without problems.
Based on their example its entirely possible to get this right, I am sure many people dont trust their probes either but when there is no trust there can be no products and services like this one either.
In your last example I think there should not be no attack surface whatsoever since neither the hardware nor software probes open any ports at all. They establish the connection first. So a remote attacker should not be able to interact with them in any way.
The filesystem is also read-only so linux level attacks should not be an issue at all. Software attacks are theoretically possible of course, we're doing our best to ensure 100% security but in case of software we can quickly deploy fixes if there's ever a problem.
I also wanted to add that my personal opinion is that the smart devices with preparatory software are a lot more dangerous than hosting an open source probe.
If someone wanted to abuse a global network of devices it would probably be easier to just pay a Chinese TV or smart coffee machines manufacturer to ship all kinds of code you would never even know about
They are also never updated or maintained so targeting popular smart devices makes a lot more sense, and gives the hackers a lot more reach.
Additionally to basic decency in our case its a question of reputation, not just for Globalping but for the jsDelivr project and me personally as well.
But in any case nobody is forced to do anything If you want to participate but are afraid of hosting a probe maybe just consider running a container on a secured server, that's also super useful!
It looks like we already have 40 submissions! Thank you all for the support!
I intend to honor all of them so expect to get a package within a week or 2 depending on where you live. But at the moment that's my limit
Everyone else who wants to participate can do so by running our docker container probe on any ARM or x86 hardware. Idling VPS, dedicated servers, home/office servers, raspberry pi...
Thanks again and feel free to open GitHub issues with ideas, feedback, bug reports or anything else. Additionally we can chat about it over here https://lowendtalk.com/discussion/179348/call-for-alpha-testers-a-new-global-network-testing-service-open-source#latest
The site is coming in a month or so, the CLI will launch at the same time. The Slack App is already live and can be installed, same for the GitHub Bot.
And if anyone wants to integrate our API in a project of yours just PM me and I will help you with anything you might need! (e.g. an mtr.sh alternative can be easily powered by Globalping)
@jimaek, just filled the form (which was active in one of the tabs for some time), I hope there's room for one more.
Anyway, thanks for the giveaway.
Good luck with the project!
Thanks for the giveway.
I'll try to accommodate all extra submissions but it might take a lot longer than a few weeks
Cool, more probes on the net. I am running the docker version on all my vps'es for about two weeks, as soon as I have heard of that initiative.
I appreciate it, thanks 👍
Any plans to have a PoE version in the future? It'd be a lot more convenient for people that already have PoE switches.
Too expensive unfortunately At least for now, maybe in the future when prices drop...
Ah No worries.
I still want to power mine via PoE, so I'll buy a MicroUSB PoE splitter.
I love the idea of this project! This is what I should have done with https://dnstools.ws/.
Great Let me know if you ever want to partner somehow on dnstools!
Hey all, thank you for the support so far. There are plenty of exciting locations in the list that will make network monitoring, debugging and optimization easier for all of us!
I wanted to let you all know that everyone who submitted the form will get a probe!
The first 40 people will get them pretty soon but if you submitted the form a bit later you might have to way longer as I wait for a new batch of devices to get here.
And as always consider running a container on all spare hardware
Why does the container need host networking?
Why not use a Docker bridge network with NAT'ed IPv4 and public IPv6?
This way, it provides some isolation from other containers.
Such a bridge is created with:
where $NDP is an IPv6 prefix configured in ndpresponder.
This doesn't work on IPv6-only KVM providers, such as @Lampard LimitlessHost VPS.
You can host it on a different registry, possibly a private one, so that it works over IPv6.
@jimaek - What hardware do these probes contain inside? I am guessing it's some kind of single board computer, since we are talking about kernels and docker, right?
To avoid any mesh/overlay networking overhead impacting the tests, e.g. the latency. In theory there is nothing stopping you from running the container without host networking, but its a recommendation we make to avoid potential problems.
I wasn't aware that ghcr.io doesnt support ipv6. I guess we can make a mirror later.
But we dont support Ipv6 at all at the moment, so even if the registry was fixed it wouldn't really help with anything. I want to first get to a polished ipv4 experience.
Yes, its similar to raspberry pi but with older tech. 4 core ARM CPU and 512MB RAM.
No IPv6 hall of shame
Include IPv6 for no extra cost on every plan in every location to get delisted.