So. It's 2011. Kids are sniffing your HTTP traffic and Interrupting your Internet with cheap plaintext hax. There has been a simple solution to all of these problems for a while now: HTTPS. You
might have heard it called SSL, or maybe even TLS.
(Ironically, the HTTPS version of Wikipedia's page on HTTPS (or any page)
contains an image loaded over HTTP, breaking the security that would be
provided by HTTPS).
So to stop all the Man-in-the-Middle attacks depriving
you, the hobocomp blog reader, with authenticated hobocomp content, hobocomp
has now been upgraded with a brand new certificate!
I encourage all of you with websites to enable HTTPS on them (if only so
your site can be a potential Telex NotBlocked).
Now, I know what you're saying. Mostly because I enabled your microphone
using x-webkit-speech, but also because you're that predictable. "But Eric!",
you whine. "HTTPS is hard. Google
only barely does it, and it's still in Beta. Also, I'm poor and can't afford
the luxary of actual signed certificates. And I heard it bogs down your web
server doing all that encryption!"
I shall addresss these complaints, using an unordered list:
"Also, I'm poor" - Domain-validated HTTPS certificates can now be
purchased for FREE, from StartSSL,
and their public key is likely baked into your browser, meaning you'll get
the lock icon without users having to accept a shady third-party's key.
It's even supported by Flock. Have you even heard of Flock?
"It bogs down your web server" - Ok. Yes. Someone (i.e. your
server and the client) is going to have to do all that processor-intensive
key exchange, encryption, and decryption. And your fancy network card
or transparent proxy isn't going to be able to cache your pages.
But come on - Hobocomp runs out
of a cardboard box, with a 5-year old single-core AMD processor, at a
balzing 3682 bogomips, and it can STILL manage to do all that crypto.
If your web server is being outperformed by a nomadic computer in a
cardboard box, I shall taunt you a second time.
It seems that even hobocomp has a present under the Christmas tree this year. This surprised me even more than hobocomp's letter to Santa:
Dear Santa,
This year, for Christmas I would like an additional IPv4 address.
I have been a good little computer this past year. Despite this, ARIN has
denied my request for additional address space, but I'm still wishing for one.
Thanks,
Hobocomp
p.s. I promise not to take over the world.
Hobocomp's new (additional) IP is 67.194.198.21 (for the rest of the 2010 semester), and seems to have used the additional address to host sshd on every open port (including 80).
Additionally, with some help from Rusty, hobocomp is now running a DNS tunnel (IPv4 over DNS) using iodine. I won't mention all of the benefits one can get from being able to do this neat trick*, but if you know them (or want to know them), get in contact with me, and I'll provide you with the password and configuration.
For fun, I decided to run the tunnel all the way from California - I was surprised I was able to even complete this speed test:
*hint: starts with an "f" and ends in "ree internet"
Since Hobocomp isn't currently working on brute forcing passwords, or factoring large numbers such as U of M's RSA public-key, it has become self aware, and made itself a hobocomp twitter feed.
What would Hobocomp possibly want to talk about, you ask? Well, you'll just have to see for yourself I suppose. Feel free to talk "at" Hobocomp on twitter if you've got an account. Apparently there's some mechanism for this on twitter...I haven't figured it out. Hobocomp is the one that's good with computers and such.
In other news, Hobocomp was recently scanned by Merit in collaboration with the University of Michigan. Based off the lack of angry emails from rescomp, I would say hobocomp happened to pass this security scan with flying colors. It even managed to keep track of up to 90 HTTP requests in a single second from the scan. You can see a pretty but poorly labeled graph here (The large peak is 90 requests, and the x axis is seconds). you can also see some of the HTTP requests from this scan in the hobocomp logs (yeah, it's watching you).
A brand new hobocomp has been created from many of the old hobocomp's parts. Paul, the generous benefactor of the original hobocomp has again supplied motherboard, CPU, RAM, and - most importantly - the case.
Behold:
This version is much more of a true case than the previous version, as more time has been taken to punch holes in strategic places with a screw driver.
I will be doing a bit of housekeeping for the new server over the next couple of days (carefully monitoring temperature changes), so hopefully everything will be running smoothly by the weekend.
I've kept the long-term-substitute hobocomp up and running (sub.hobocomp.com). Its database will slowly fall out of sync, and I'll probably just turn it back into a static-content server as a mirror for hobocomp.
Feel free to check out more hobocomp pictures in the about section.
As of now, hobocomp has been up for 143 days on its life support system of substitute hobocomp. Hopefully announcing this does not jinx it. Let's all cross our fingers that this lasts for many more days.
Hobocomp has been under attack via SSH brute force attempts as of late, and a denyhosts daemon now watches and blocks IPs that have repeated failed attempts. For fun, I've compiled a list (with attempted country of origin look-ups) here. I'm still looking for a better free geoIP database to use, so hopefully some of those unknowns will be resolved.
I've also added a RSS feed for hobocomp, so you can subscribe to updates and such.
In other news, a new domain is now being hosted on hobocomp, bringing the total to 3. ericw.us/trow is the newest member of the club. It serves as a personal page, and a pretty snazzy URL, too.
Ladies and gentlemen, it seems that the 250GB hard drive that hobocomp resides on is dying (although more and more I'm thinking it's the motherboard...grumble grumble).
For the temporary, I've moved the hard drive into a slave (technical term, I swear) position in the substitute hobocomp. I just got done performing a heart/lung transplant from the real hobocomp to this substitute. So things will be broken for a while until I can get this computer through physical therapy.
Special thanks to the wonderful people who helped today in the diagnosis, transport and rehabilitation of hobocomp (JèF, Nate, Nick and Sam).
Now for some sleep. Here's hoping I didn't leave huge security holes in hobocomp overnight...
The original hobocomp is back up! After a short time hibernating under Abby's bed, while a substitute was hosted from Connecticut (however not in a cardboard box), it has returned to where it all started in Bursley Hall, to the tune of a system-speaker rendition of hail to the victors.
After help from many of the fine people here at Camp CAEN (Sam, Jeff, Zach and Mark), it has internet and a nice bed for shelter.
Now I shall wait for the DNS to propagate, for hobocomp has many purposes in its near future.
The door that guards hobocomp has improved 3,625% by becoming operable from where we sit.
A bit outdated, but the contraption still works.
We had a few plans to motorize it, and let hobocomp control it, but the school year ending, and the fear that hobocomp would become sentient and let itself out kept us from implementing it.
A few nights ago, Travis used an exploit in the Linux kernel to gain root access to the server. Fortunately for hobocomp, Travis is a kind person, and only made the server beep, alerting me that someone with root access was logged in.
After looking at the ssh logs, and determining it was a umich student that had gained access, I guessed it was Travis, based on Paul coming into the room shortly after the beep, and Travis' Linux ski11z.
Hobocomp is now safe from this type of user attack, as a patch for this exploit was released, and I learned how to patch the Linux kernel on Ubuntu. Unfortunately, I had to reboot because of patching, so the previous (record...?) uptime of 23 days, 22:17 was reset. Such is life.
Welcome, all! This is the official hobocomp blog, the only server (that I know of so far) that is running out of a cardboard box. I hope to find more computers like it (running out of cardboard boxes), and start a community of hobo computers.
Check out the about page to see pictures of this server, or browse around. Things are still under construction, and I'm pretty busy right now, but this will be a nice project to consume time.
And of course, feel free to leave comments/suggestions/what-have-yous.
Thanks!
