Hosting a website on a disposable vape
(bogdanthegeek.github.io)795 points by BogdanTheGeek 11 hours ago
795 points by BogdanTheGeek 11 hours ago
It's not about sponsorships and integrity, it's about preventing the pipeline "Person reads article -> Sees this brand of vape has micocontrollers -> Buys this brand of vape".
(If I understood the author correctly, y'know, not to speak for them)
It would be nice to pool ideeas for what they could be recycled into. Imagine the amount of automatic cat feeders the world could build with these.
I've actually been trying to look into something similar? I have a pile of old vapes from friends/family I want to re-purpose, but don't really know where to start.
Running at 24 Mhz, the vape is umpteen times faster but interestingly enough the AGC had 36 KiB of ROM while the vape only has 24 KiB. Umpteen is a technical term denoting that a straight comparison isn't possible, as the Cortex M0 does more in a single clock cycle than the AGC does but they're also different architectures and the programs running are different.
Your GitHub link in the doc gives me a 404. Otherwise, good stuff!
What were you doing to get traffic from the open Internet to your webserver at home? I always felt that was a risky proposition, but I might just be stupid.
I've hosted at home for years and if you have it properly setup it's not any more risky than using a VPS. I have 443 open on my router and basically all web traffic is routed to a container on my server. The container is on an isolated vlan and basically runs nginx as a ssl reverse proxy.
The actual web services behind the proxy run in their own containers and with proper isolation and firewall rules the effects of a security compromise are limited. At most an attacker will be able to take over the containers with an exploit (and they could do that with a VPS as well) but they won't be able to access the rest of the network or my secure internal systems.
If I was this guy and wanted to let people connect directly to my vapeserver I would simply host it on another vlan and port forward the HTTP connection. Even if someone manages to take over such an obscure system they're not going to be able to do much.
> What were you doing to get traffic from the open Internet to your webserver at home? I always felt that was a risky proposition,
How times change.
Once nearly every self respecting IT pro ran servers from there home network. The modern drive to outsource and consolidate the interweb to a handful of big players I find rather odd; perhaps even counterproductive in the long run.
Done it since before I properly knew what I was doing. Haven't had issues. Even though n=1, also now that I'm actually working in IT security, I don't think the risk was ever much bigger than what I could oversee
The main thing is that, if someone gets onto the server system, then they're in my network and they can do attacks on other devices in that LAN (guest wifis are a nice way to isolate that nowadays; that didn't exist back when I started). Same as when I take my laptop to school for example, then others can reach it. I've had issues with others in school doing attacks because the internet was unencrypted http back then (client-side hashing in JavaScript limited the impact though), but not from anyone who tried to hack into the server. Only automated scans for outdated Wordpress, setup files for Phpmyadmin, ssh password guessing... the things they simply try blindly on every IP address. If any of this is successful, you're most likely going to be turned into a spam-sending server or a DDoS zombie; not something with lasting impact once you discover the issue and remove the malware
Most attackers don't do targeted attacks on your system or network unless you're a commercial entity that presumably can pay a nice ransom, or are a high-profile individual. Attackers aiming for consumers send phishing emails and create phishing advertisements, look for standard password vaults if you run their malware, try using stolen credentials on Steam and hope you've got a payment method stored... the usual old things. Having a server doesn't make any of those attacks easier, and besides, self hosting is very uncommon. Even if you and I had a similar enough setup at home with a straightforward path to exploitation, it's a few thousand people that self-host in a country with millions of people. It's not worth developing attacks for
VPS with public ipv4, connected to home network over Tailscale and forward the traffic with socat. You'd probably be fine opening a port directly but a small VPS is free most places so might as well make the most of it.
Could you elaborate more on the "a small VPS is free"? Except Oracle's free tier offer, I am not aware of others; I'd appreciate it if you could point me in the right direction.
For this I used GCP free tier -- not sure why everyone acts like Oracle are the only free tier around when GCP and AWS offer always-free tiers too. It's just runing socat to forward to the vape over tailscale. Is there something I'm missing?
I'm not sure where to go for the free VPS, other than Oracle Cloud, as you mention, but a Cloudflare tunnel will get traffic into your LAN even behind CGNAT or other nonsense.
I don't understand the hardware setup. There is a usb-c port and they talk about usb serial devices which could be a usb to serial port, but what is after that? There are no pictures of it connected.
My best guess is that only the power pins of that usb port is connected. So they're going over a debug port for io.
Someone in a different forum said it was a usb to serial port then on a pc a network port was forwarded to the serial port, but it is very unclear in the article.
That's gotta be between 75 and 90% less damaging to humanity than the designed use of a disposable vape. Well done, Bogdan!
I'm reminded of the project Tom7 put together a few years back where he used the surplus components inside a digital COVID kit as spare memory. https://www.youtube.com/watch?v=JcJSW7Rprio
I wonder how much cost would be added if they included a small usb storage drive in those things. You could incentivize non-disposal because people would have a million of those things.
It’s really hard to quite vaping btw.
I know you're joking, but it seems like a great option for IEDs. Cheap, hard to trade (might even come with a patsy's DNA preinstalled)
If the eels get car batteries, the fish can have a little vape, as a treat.
It seems like depending on the dose, Zebra Fish rather like it.[1]
[1]https://www.sciencedirect.com/science/article/pii/S027858461...
The Addictive Stuff™ is literally the core feature of the item. Your comment makes it sound like the producers are nefariously and covertly adding nicotine to a product which normally would not have any? It's like saying "These scoundrel breweries! They're making beer that gets you drunk!"
I mean disposable vapes are just complete idiocy to begin with.
Vapes with pods are less expensive in the long run and offer a vastly superior vaping experience. You can get liquid for dirt cheap. If you smoke heavily, you might offset the initial investment in a week or two.
Disposable vapes offer zero advantages. They are only good if you want to "just try" it once or that is what you are going to tell yourself in your career of producing e-waste.
What they offer is ubiquity and the turnkey nature. You can walk into any nearby smoke shop, get one and use it immediately. You don't have to carry around a bottle of liquid and extra coils and paper towels/napkins for the inevitable leak.
I stopped vaping a little while ago but when I did vape, there was no clear standard of pod systems. You sure could walk into a nearby smoke shop but it was unlikely that you'd find your ideal pod/coil/liquid.
It's hard to take back the convenience people have gotten used to. I think one idea could be that disposable vapes become recyclable vapes. They should cost $15 more and buyers should get back $10 when they return it for recycling. This is nicotine we're talking about so the buyer is always coming back anyway.
While I do believe that disposable vapes should be banned even if they happen to be more convenient, I really don't see it. When I vaped myself I liked having a re-usable vape so much more than the disposable crap.
With the disposable it would always be a gamble how long they would last. I don't get how people manage. Do they buy multiples at once and carry them around?
It was so much more convenient to carry that small bottle of liquid with me and have the peace of mind that I wouldn't run out of juice for the night. Never had issues with spilled liquid.
Not having a standard for pods sucks but you don't need to buy them that often. I just ordered them online anyway.
Of course it might be a bit of a cultural difference as well. Most of my smoker friends roll their own cigarettes which is way more inconvenient.
I wonder when an Android phone will be released that includes a vape attachment.
Don't think Apple would go there, but who knows....
I respect the point about not wanting to send the manufacturer any business, but I would love to know the brand so I'd know which ones to rescue if given the chance.