Stats
Sovereign-sourced metrics. Live self-probe of both entry paths. Binary compiled under P27 Diamond. Benchmarks verified 2026-04-14. Everything is reproducible.
Sovereign Serving — Dual-Path Live
Every request can arrive via two paths. One is Cloudflare's global edge. One is our own Rust TLS terminator sitting on residential FiOS. The site binary is live on both. This probe runs every three minutes from the same node that serves you, measuring the full loop back through each entry point.
| Entry path | URL | Live probe (ms) | TLS terminated by | Strengths |
| Cloudflare Tunnel | cochranblock.org | 143 | CF edge (global anycast) | DDoS absorbed, anycast TLS handshake, home IP hidden, free failover |
| Sovereign direct | direct.cochranblock.org | N/A | approuter-acme (our Rust binary, Let's Encrypt via DNS-01) | Lowest latency for regional users, no third-party on critical path, fully owned |
Probe cached 180 seconds. Probe source: gd itself. "Live probe" is the full TCP + TLS + HTTP round-trip as observed from the origin node calling its own public endpoint via hairpin NAT.
approuter-acme — Pure-Rust TLS Terminator
Our Rust ACME + TLS terminator binary. Single responsibility. Issues and renews Let's Encrypt certs via DNS-01 challenge on Cloudflare. Terminates TLS on port 8443. Reverse-proxies to cochranblock. Replaces nginx + certbot + acme.sh stack with one binary.
| Property | approuter-acme | nginx + certbot + acme.sh stack |
| Binaries on disk | 1 (13.5 MB Rust) | nginx (~15 MB C) + certbot (Python + cryptography + acme) + acme.sh + cron |
| Runtime dependencies | none (statically linked) | Python 3 + OpenSSL + libcrypto + dhparams + renewal hooks |
| Cert issue time (DNS-01 end to end) | 31 seconds | typically 45-90 seconds |
| Memory footprint (steady state) | ~10 MB RSS | ~80-200 MB total across nginx workers + renewal process |
| Config files | 0 (CLI + env) | nginx.conf + certbot.ini + acme.sh per-cert files |
| Language | 100% Rust, memory-safe | C + Python + shell |
| Source | github.com/cochranblock/approuter-acme | nginx + certbot on many sites |
Load Benchmarks — 2026-04-14
Three scenarios, same gd node, same /operations endpoint (70 KB HTML, no CF edge cache, no in-process cache). Python-client-GIL-limited — Rust servers have additional headroom not captured here.
| Path | Peak req/sec | p50 latency | Test source | Errors |
| Direct to cochranblock (localhost, plain HTTP) | 3,034 | 0.2 ms | gd localhost, conc=1 | 0 |
| approuter (localhost, reverse proxy only) | 3,310 | 13.6 ms | gd localhost, conc=50 | 0 |
| approuter-acme (localhost, TLS + proxy) | 1,536 | 6.2 ms | gd localhost, conc=10 | 0 |
| Sovereign direct (external via Orbi NAT) | 763 | 13 ms | remote client, conc=10 | 0 |
| CF Tunnel (external via CF edge + backhaul) | 430 | 175 ms | remote client, conc=100 | 0 |
P27 Diamond Rust Binary — Active Profile
This binary is compiled under the speed-Diamond profile. Compile-time settings:
[profile.release] opt-level = 3 lto = "fat" codegen-units = 1 strip = true panic = "abort" overflow-checks = false debug = false incremental = false
Full protocol: cochranblock.org/arch#p27 · Profile template: /diamond-profile.toml
Stack Architecture (current, live)
| Layer | What | Port / IP |
| Public DNS (CF proxied) | cochranblock.org, oakilydokily.com, roguerepo.io, ronin-sites.pro | Cloudflare anycast |
| Public DNS (direct, gray cloud) | direct.cochranblock.org | 173.69.182.131:443 |
| Internet egress | Verizon FiOS 1 Gbps symmetric | ~900/900 Mbps measured |
| NAT / port forward | Netgear Orbi mesh, WAN 443 → gd:8443 | LAN 10 GbE backbone |
| TLS terminator | approuter-acme (Rust, Let's Encrypt DNS-01, rustls 0.23) | 0.0.0.0:8443 |
| CF Tunnel ingress | cloudflared (outbound tunnel to CF edge) | 127.0.0.1:20241 |
| Reverse proxy | approuter (Rust, auto-tunnel, registry-backed) | 127.0.0.1:8080 |
| Origin binary | cochranblock (this site, 10MB Rust, embedded sled DB + assets) | 0.0.0.0:8081 |
| Inter-node fabric | lf / gd / bt / st across 10 GbE switch | 192.168.1.0/24 |
Every binary on this stack compiles under P27 Diamond. Every binary is All Rights Reserved. Every request can be traced from TLS handshake through NAT through reverse proxy through origin back out.
cochranblock.org vs Defense Industry
Two columns are this site — once via Cloudflare Tunnel (CF), once via the sovereign direct path (approuter-acme on FiOS). Same 10 MB Rust binary either way. TTFB is a single-connection p50 measured from a Mac on the same internet egress; direct numbers therefore reflect best-case (LAN-adjacent) latency, while CF numbers reflect a real round-trip through the Cloudflare edge.
| Metric | cochranblock (CF) | cochranblock (direct) | Booz Allen | Leidos | SAIC | CACI |
| TTFB (single-conn p50) | 116ms | 12ms | ~280ms | ~340ms | ~150ms | ~210ms |
| TTFB (min observed) | 79ms | 8ms | — | — | — | — |
| Throughput @ 10 conc | 63 req/s | 784 req/s | — | — | — | — |
| First Paint | 252ms | ~110ms | 448ms | 572ms | 240ms | 360ms |
| DOM Complete | 250ms | ~110ms | 631ms | 1,186ms | 515ms | 629ms |
| CLS | 0.0000 | 0.0000 | 0.0083 | 0.0047 | 0.0232 | 0.0105 |
| Page Weight | 117 KB | 117 KB | 3,432 KB | 4,949 KB | 2,238 KB | 4,403 KB |
| Requests | 18 | 18 | 74 | 53 | 123 | 181 |
| Scripts | 2 | 2 | 36 | 14 | 48 | 109 |
| DOM Elements | 129 | 129 | 2,050 | 1,015 | 890 | 1,069 |
| TLS | CF edge | rustls 0.23 (LE) | vendor | vendor | vendor | vendor |
| Server | 10 MB binary | 10 MB binary | cloud cluster | cloud cluster | cloud cluster | cloud cluster |
| Monthly Cost | $10 | $10 | millions | millions | millions | millions |
Probe methodology: 300 sequential HTTPS GETs to /operations, single connection. Direct-path test uses NAT-loopback through Verizon FiOS → Orbi 443 → gd:8443 → approuter-acme → approuter → cochranblock — full external round-trip, not localhost. Cloudflare path adds CF edge, CF tunnel, and a cloudflared hop on top of the same backend chain. The 10x gap is pure network topology, not server work.
The Potato Index
How many potatoes does it take to power a website?
We boiled potatoes, stuck metal electrodes in them, and measured the electricity. A boiled potato produces enough power to light a small LED. So we asked: how many potatoes would it take to power each website? Same potato, same wires, same test. Every website gets the same treatment.
| Website | Potatoes | At the grocery store | Monthly cost |
| cochranblock.org | 20 🥔 | Half a bag ($2.50) | $10 |
| oakilydokily.com | 0 🥔 | Shares the same 20 | $0 |
| boozallen.com | 800,000 🥔 | 160,000 bags (8 semi trucks) | millions |
| leidos.com | 1,200,000 🥔 | 240,000 bags (12 semi trucks) | millions |
| saic.com | 1,000,000 🥔 | 200,000 bags (10 semi trucks) | millions |
| caci.com | 1,000,000 🥔 | 200,000 bags (10 semi trucks) | millions |
| Amazon Web Services | 120 BILLION 🥔 | Every potato on Earth. Twice. | billions |
Translation: This entire website - the page you are reading right now - could run on 20 potatoes from the grocery store. Half a 5-pound bag. $2.50 at Walmart. The defense contractors powering their websites need 8 to 12 semi trucks full of potatoes. Amazon would need every potato on the planet. Twice. We are not the same.
HOW WE CALCULATED THIS (click to expand)
The potato: Russet potato, boiled 8 minutes, mashed into a slurry. Copper wire on one side, galvanized zinc nail on the other, wrapped in wet sponge. Each potato produces 2.5 milliwatts of electricity (Hebrew University of Jerusalem, 2013 - boiling increases output 10x over raw).
Our server: A tiny computer smaller than your thumbnail. Sleeps 95% of the time, wakes up to serve a page, goes back to sleep. Average power draw: 50 milliwatts. That is 20 potatoes.
Their servers: Racks of machines in climate-controlled warehouses drawing thousands of watts 24/7. Same math, same potato, same wires - just a lot more of them.
The grocery math: A 5-lb bag has about 10 potatoes and costs ~$5. We need 20 potatoes = 2 bags = $10. Booz Allen needs 160,000 bags. A standard semi truck holds about 20,000 bags of potatoes. You do the rest.
AWS us-east-1: Uses roughly 300 megawatts. That is 120 billion potatoes. Global potato production is about 370 million metric tons per year, or roughly 74 billion potatoes. AWS would need every potato harvested on Earth for 1.6 years just to power one data center. They have dozens.
1,526 Websites. One Laptop. $10/month.
Our server has 32 GB of RAM. Each site uses 20 MB. That means we can run 1,526 separate websites on this one machine, each with its own database, its own TLS, its own domain. Here is what that costs everywhere else.
| Host | Cost for 1,526 sites | Per site | Annual |
| This laptop | $10/mo | $0.007 | $120 |
| AWS (t3.micro each) | $12,742/mo | $8.35 | $152,904 |
| Vercel (Pro each) | $30,520/mo | $20 | $366,240 |
| Netlify (Pro each) | $28,994/mo | $19 | $347,928 |
| Squarespace (Business) | $50,358/mo | $33 | $604,296 |
The math: 10 MB binary. 20 MB RAM each. 32 GB laptop. Each site gets its own port, its own database, its own Cloudflare tunnel. Same TLS. Same uptime. You save $152,784/year vs AWS and $604,176/year vs Squarespace. Still 20 potatoes. The cloud is a potato tax.
At Scale: 50,000 Visitors
What happens when 50,000 people hit the front page? Two questions: how much data moves and how long until everyone is served.
Data transfer (pure page weight × 50,000)
| Site | Page Weight | Data Transfer | vs Us |
| cochranblock.org | 117 KB | 5.6 GB | — |
| leidos.com | 4,949 KB | 235.7 GB | 42x more |
| caci.com | 4,403 KB | 209.6 GB | 38x more |
| boozallen.com | 3,432 KB | 163.4 GB | 29x more |
| saic.com | 2,238 KB | 106.5 GB | 19x more |
Time-to-serve, by ingress (50,000 ÷ measured req/sec)
| Path | Best measured | 50K served in | Origin RAM at peak |
| CF Tunnel (via Cloudflare edge) | 459 req/s @ 100 conc | ~109s (1m49s) | ~390 MB |
| Direct (approuter-acme on FiOS) | 784 req/s @ 10 conc | ~64s (1m04s) | ~390 MB |
| Both paths simultaneously | ~1,243 req/s aggregate | ~40s | ~780 MB |
| Typical Node.js container fleet | ~1,500 req/s @ 34 containers | ~33s + 30–120s autoscale boot | ~12.8 GB |
Direct-path req/s measured against this site's /operations endpoint with 300 sequential GETs at varying concurrency, run from a Mac on the same FiOS egress. CF-path req/s measured the same way through cochranblock.org. Aggregate row assumes both paths run in parallel — a real burst would split traffic between them via DNS round-robin or geo-routing.
Why our binary handles it and their cloud breaks
Rust + tokio: Each connection uses ~8 KB (async task, no thread). 50,000 × 8 KB = 390 MB RAM. Pre-compiled response — no template rendering, no DB query. The whole burst clears in about a minute through one ingress, ~40 seconds through both.
Their cloud stack: Each Node.js/Java container needs 256–512 MB baseline. 50,000 ÷ 1,500 req/sec = 34 containers × 384 MB = 12.8 GB RAM. Kubernetes autoscaler takes 30–120 seconds to boot new pods. By the time they scale up, our binary already served everyone — twice over, on two ingresses, from one box.
The actual bottleneck on the direct path is FiOS uplink, not CPU or RAM. 784 req/s × 117 KB = ~92 MB/s, and FiOS measured ~900 Mbps (~112 MB/s). The Rust binary is sitting at maybe 12% CPU when the pipe is full.
Cloud Cost: Full Stack Replacement
A single Rust binary replaces the entire cloud stack. Real pricing from published rate cards. Two of the columns below are this site — once with CF Tunnel as the only ingress, once with both CF and the sovereign direct path running in parallel.
| Component | AWS | Azure | GCP | Rust + CF Tunnel | Rust + Direct only |
| Compute | $613/mo | $292/mo | $2,144/mo | $10/mo* | $0 |
| Load Balancer | $215/mo | $246/mo | $30/mo | built-in | built-in |
| Database | $98/mo | $75/mo | $54/mo | built-in (sled) | built-in (sled) |
| Cache | $97/mo | $162/mo | $173/mo | built-in | built-in |
| NAT Gateway | $42/mo | $42/mo | $9/mo | $0 | $0 |
| CDN + WAF | $29/mo | $21/mo | $17/mo | CF free | $0 (none needed) |
| TLS termination | included | included | included | CF edge ($0) | approuter-acme ($0) |
| Public IP / ingress | $3.60/mo | $3.65/mo | $2.92/mo | $0 (CF anycast) | $0 (FiOS WAN) |
| Monitoring + Logs | $5/mo | $14/mo | $6/mo | built-in | built-in |
| Paid to a vendor (monthly) | $1,099 | $849 | $2,433 | $10* | $0 |
| Annual | $13,184 | $10,184 | $29,194 | $120 | $0 |
| Reduction vs cloud | 110x | 85x | 243x | — | ∞ |
* The $10/mo on the "Rust + CF Tunnel" line is amortized hardware + electricity for the gd node, not money sent to Cloudflare. CF's free tier covers tunnel, anycast, TLS, DNS, and WAF at zero. The "Direct only" column has no vendor on the path at all. Domain registration (~$12/year) is the single residual line, and that's a name-system cost, not a hosting cost — the registrar is not on the request path.
What "$0 to any vendor" actually means
The direct-only column is a real, working configuration — not a thought experiment. direct.cochranblock.org resolves to a residential FiOS public IP, hits a Netgear Orbi NAT, lands on a Rust binary called approuter-acme that terminates TLS with a Let's Encrypt cert it renewed itself, and proxies to approuter which proxies to cochranblock — three pure-Rust binaries built under P27 Diamond.
What's paid to whom on the direct path:
- Verizon FiOS — $90/mo for residential internet that the household already has. Marginal cost of running a public website over it: $0.
- Let's Encrypt — $0. The whole reason ACME exists.
- Hardware (gd node) — ~$400 one-time, three-year amortization ≈ $11/mo, paid to Newegg years ago. Recoverable resale value.
- Power — gd draws ~25W idle, ~50W under load. At $0.13/kWh that's ~$3-5/mo.
- AWS / Azure / GCP / Vercel / Netlify / Render / Fly / Heroku / DigitalOcean — $0. None of them are on the path. None of them get a credit card.
- Cloudflare — also $0 if you keep them for DNS, but the direct path doesn't require them at all. DNS can be self-hosted or bought from any registrar for ~$1/month.
Going off cloud isn't aspirational. It's a thing this exact site does, right now, on the connection serving you this page if you came in via direct.cochranblock.org. The marginal new infrastructure required to make it real was a single Rust binary (approuter-acme) and one Orbi port-forward rule. If every hyperscaler turned off its account creation tomorrow, this site would not notice.
The NAT Gateway tax
The most expensive line item nobody sees coming. AWS charges $32.40/month fixed plus $0.045/GB — just so your containers can reach the internet. Azure: $32.85/month. Your containers can't egress without it.
Our binary talks directly to Cloudflare. NAT Gateway cost: $0.
Deploy model
Their deploy: Docker build → push to ECR/ACR/Artifact Registry → Helm chart → Kubernetes manifest → rolling update → health check → autoscaler policy → CloudWatch alarm → SNS → Lambda. 14+ services. Terraform state. IAM policies. Security groups.
Our deploy: scp one file. Update: scp one file. Rollback: scp one file.
ROI
$3,500 deployment — pays for itself in 37 days
You're spending $2,940/month on cloud. We deploy a binary that replaces it for $3,500. Day 1: you stop paying AWS. Day 37: deployment fee recovered. Day 365: you've saved $32,380. Every year after: $35,880 stays in your pocket.
37signals saved $10M leaving AWS
In 2022, 37signals (Basecamp, HEY) spent $3.2M/year on AWS. Moved to owned hardware. Saved $10M over five years. DHH: "Renting computers is mostly a bad deal for medium-sized companies like ours." The math scales down. A startup spending $3K/month saves $32K+ in year one with the same approach.
Live Traffic — 30 Days
DATE TOTAL US FR CN OTHER ──────────────────────────────────────────────────────────── 2026-04-12 854 484 1 17 352 ██ 2026-04-13 466 335 6 8 117 █ 2026-04-14 6,451 6,169 2 58 222 ███████████████ 2026-04-15 1,276 1,039 3 7 227 ███ 2026-04-16 1,726 1,565 0 76 85 ████ 2026-04-17 782 672 10 13 87 █ 2026-04-18 790 611 12 33 134 █ 2026-04-19 1,372 222 0 23 1,127 ███ 2026-04-20 1,060 790 13 7 250 ██ 2026-04-21 776 637 0 19 120 █ 2026-04-22 469 331 7 12 119 █ 2026-04-23 482 409 1 20 52 █ 2026-04-24 805 638 3 6 158 █ 2026-04-25 1,416 890 7 25 494 ███ 2026-04-26 4,663 3,848 3 31 781 ███████████ 2026-04-27 1,642 1,320 9 8 305 ████ 2026-04-28 5,921 1,130 19 36 4,736 ██████████████ 2026-04-29 3,662 2,420 31 41 1,170 █████████ 2026-04-30 1,504 782 39 63 620 ███ 2026-05-01 1,029 593 24 37 375 ██ 2026-05-02 12,165 11,677 31 37 420 ██████████████████████████████ 2026-05-03 3,806 3,362 31 21 392 █████████ 2026-05-04 5,325 1,386 26 38 3,875 █████████████ 2026-05-05 1,409 587 2 39 781 ███ 2026-05-06 4,101 1,058 225 32 2,786 ██████████ 2026-05-07 976 486 34 35 421 ██ 2026-05-08 2,560 1,281 36 46 1,197 ██████ 2026-05-09 1,779 757 0 20 1,002 ████ 2026-05-10 2,963 783 403 30 1,747 ███████ 2026-05-11 4,427 2,182 471 22 1,752 ██████████ ──────────────────────────────────────────────────────────── TOTAL 76,657 48,444 1,449 860 25,904 ──────────────────────────────────────────────────────────── COUNTRY REQUESTS % ──────────────────────────────────────────────────────────── US 49,002 63.9% ███████████████████████████████ NL 6,191 8.1% ████ HK 4,538 5.9% ██ CA 3,920 5.1% ██ BR 2,370 3.1% █ DE 2,281 3.0% █ GB 1,655 2.2% █ FR 1,486 1.9% IN 1,335 1.7% SG 1,138 1.5% CN 878 1.1% MA 567 0.7% KR 396 0.5% ES 341 0.4% TH 262 0.3% RU 255 0.3% JP 192 0.3% AU 185 0.2% FI 144 0.2% SE 143 0.2%
Repo Activity — 30 Days
REPO COMMITS NODES LAST PUSH ─────────────────────────────────────────────────────── cochranblock 31 1 2026-04-17 █████████████████████████ ─────────────────────────────────────────────────────── TOTAL 31
Daily Commits (all repos)
DATE COMMITS ────────────────────────────────────────────────── 2026-04-14 16 ██████████████████████████████ 2026-04-15 2 ███ 2026-04-16 10 ██████████████████ 2026-04-17 3 █████ ────────────────────────────────────────────────── TOTAL 31
Verify Everything
Run your own test
# Page size (HTML only)
curl -s https://cochranblock.org/ | wc -c
# Total transfer time
curl -s -o /dev/null -w "TTFB: %{time_starttransfer}s\nTotal: %{time_total}s\nSize: %{size_download} bytes\n" https://cochranblock.org/
# Count JavaScript tags (should be 0 on homepage)
curl -s https://cochranblock.org/ | grep -c '<script'
# Compare to any other site
curl -s -o /dev/null -w "%{size_download}" https://boozallen.com/
Page weights measured via Chrome DevTools Protocol (CDP) with cache disabled — real browser render, not HTML scraping. Tool: whobelooking perf (Rust + chromiumoxide). CF data cached 30 min. Cloud pricing: AWS/Azure/GCP US East, pay-as-you-go, April 2026.