2701 posts • joined 14 Feb 2013
Recess the screen. All this "fragile screen on top" nonsense has to stop. Even the Gameboy recessed the actual vulnerable screen and then put a clear-glass fake screen over the top. You look at every big-name portable device of long-ago... the Psions and so on. The screens are all recessed and bevelled. There's a reason for that... it makes more sense than this nonsense.
I would gladly pay more for a screen that's literally a flat-square piece of glass (thus cheap and easy to replace) recessed inside a plastic shell with rounded corners. As it is, I end up buying plastic cases that replicate just that scenario with the ridiculous "edge-to-edge" screens where the slighest impact destroys the screen and the surround can literally never be allowed to warp (I have 270+ iPads in front of me... all of the ones that are damaged, the aluminium casing has been whacked in shattering the glass and making it nigh-on impossible to repair... a simple rubber edge between would have saved them all except the ones that people literally trod on).
Re: 1 second
Think also of OTP tokens and things like that.
Don't account for leap seconds and in a couple of years time you are 30+ seconds out which means that no TOTP system (like Google Authenticator, banking apps, etc.) will generate the right codes if they are using different clocks that do (e.g. in a smartphone).
Leap seconds aren't that hard, and assuming everything from "I'll just count the seconds and divide by 365" is as blinkered as these kinds of omissions. If you're designing a major operating system designed to do everything from trade stocks to secure servers to integrate on a mass scale, date and time is very important to get right and there are enough gotchas that you already have to design around it, rather than bodge it in later.
UNIX started off on the right idea ("Store the number of microseconds that have elapsed since midnight 1/1/1970" and then account for all changes in the way that you DISPLAY them taking into account things like leap-seconds, time-zones, historical changes, etc. (i.e. convert to day, month, year, hour, etc.), not the way that you handle the number itself (which has little relation to real-time, but you can just increment it once a microsecond and have something else handle the logic of what that second was actually called - e.g. 01:59:59 or 01:59:60 or 02:00:00 etc.. when necessary.
Trouble is that it means keeping an accurate historical and future list of every change (and mistake?) made in those interpretations, for every timezone on the planet, etc. That's why you always just pull in date and time conversion functions and the "tz" packages, and NEVER try to fudge your own even if you think you know everything.
British Airways' latest Total Inability To Support Upwardness of Planes* caused by Amadeus system outage
You'd also think that a place as big as Heathrow would be able to have a secondary air traffic unit on the other side of the airfield that could be used if, say, a fire alarm went off in one of them.
Re: You can't fork Android
And probably always will be.
I don't think this case will change that, no different to expecting Steam to open up their source code.
What they are arguing is that you can't FORCE people to use Google Play in order to use Android.
"the requirement to preinstall Google Search and Chrome"
- Yep, no need to force this on people. However, can we please learn that you need to be able to REMOVE THE JUNK THAT THEY PREINSTALL. Whoever "they" are. This will mean a lot of "Samsung Internet Browsers" being installed, fine, activated by default, fine, but it will also mean that they'll make it a pain in the butt (or even impossible) to remove them and JUST have Chrome even if that's what the user wants.
"payments to phone makers to make Google Search the default"
- Not sure how this hurts, as such, as surely other people could pay those makers to be the default? So long as it's changeable? Is this any different to Apple being paid to direct people to Google? That could hurt if that went to court based on this case.
"and restrictions on creating "forks" of Android."
- Yep, no need for this, they just can't call it an Android phone etc.
Mini projectors are cheap.
And Dex isn't just about Android, is it?
Ubuntu and Eclipse. That could be perfect for a developer, web designer, etc. on the move as well as one who needs to test their results on mobile.
And the price is reasonable, much more than I would expect to be honest, but I can't afford the Samsung phone to go with it, so maybe that's why.
But I think I'd quite happily consider running Ubuntu off my phone as an emergency/portable desktop, if I was a salesman, developer, IT contractor, etc. Much more so than an iPad. Hell, I'd do it and just keep the Dex bit on me for the "just-in-case" of needing a laptop and not having one, or a presentation (plug phone into Dex into HDMI projector). You can also get a mini-projector for peanuts nowadays. You could have a full Linux desktop setup on an airplane seat with things that you can slip into your pocket.
It seems to me to have a lot of uses, it's just a shame that the phones to do it are so expensive (and even my old S4 Mini / S5 Mini could probably be a serviceable desktop with the right OS).
I don't think there's much of anything like Banyan Vines left in AD, Samba would have found it by now if there was, I should imagine. Whether in inter-compatibility testing, or legacy protocols that they try to support, or anything else.
And given that Samba can be a full AD domain controller, I reckon they've had stumbled across / recommended against any such code.
Hell, to be honest, SMBv1 and v2 are already dead BECAUSE they're so insecure. That's how those worms of a few years ago propagated and even that was seen as "Why the hell does the NHS have that option enabled any more anyway?"
Which is like not sending a response packet to a DoS.
They've still used up the airwaves, fought with existing clients, and spoke over them to request anything. Sure, you're not propagating that situation but without protocol changes there's no way to say "shut up and don't ask again" or isolate such requests from the parts that actual data-transferring clients are using.
Additionally, what you're doing then is ignoring random "who's there" probes, which is going to affect auto-join of all kinds (remember - the clients are dumb and may just be trying to connect to favoured network while connected to an unfavoured one, which they can't because you ignore their probes).
At best this is a minor tweak, that will impact legacy clients (maybe in protocol-breaking ways?) and not actually help all that much (e.g. if you have even 11Mbps clients, the probes are an incredibly TINY fraction of the data that they would transmit just to stay online once connected, and mostly passive - SSIDs are broadcast quite openly and clients pick up, they don't really transmit until you join - this is how the old WEP-cracking tools of old worked, they could determine the SSID and WEP key without broadcasting a single byte of data over the airwaves. It's the "thousands of clients" bit that's the problem, and ignoring a portion of them still doesn't make it any better - they're old so they're likely to re-transmit more often to get an answer!).
This is hype at best. If you are so congested that can't fit in a client scanning for SSIDs it might want to join, then you don't stand a chance of transmitting any kind of useful data to any connected client anyway.
10,000 clients sensing networks at even 11Mbps (i.e. taking up the most chunk of spectrum, while also taking the greatest portion of their allocated data to do so) is literally lost in the noise.
The problem comes not from the responses given, but the sheer "waiting time" for the airwaves to be clear before it's safe to broadcast any kind of request at all, and that's determined by the protocol of the client, not the AP.
That's all very nice but surely it requires everyone to be using 802.11ax on the client end too. As always, you still have to deal with legacy clients in legacy fashions, and as most things dial down to legacy connections when they get weak signal or bad responses, 99% of "heavy traffic" management is surely just dealing with the DoS from legacy clients.
And surely here one of the flaws is using the same channel for data as we do for client-querying. All those thousands of devices saying "What are you offering?" constantly shouldn't be interfering with a client that's already joined the network and is passing data, surely?
You've got time to pee about like that, but:
- No IPv6 still.
- You still can't link my old posts under previous usernames (but same id!) to the badge/stats
- I can't search through my own (or another user's) comments to find a particular thing I posted.
Re: Gonna be one less school soon
Most MIS providers are no different.
What are you moving to? I betcha I can point you in the direction of someone with similar/worse horror stories on whatever it is.
If it ever learns to quit vi then we know we're in trouble.
God, the PC you could get for the same money that wouldn't have a pathetic 13" screen...
If I was GIVEN one of these, I'd flog it and buy a decent laptop and spend the difference on all kinds of stuff.
"I'm gonna give you run of the complete IP network" rather than "I'm going to show you a picture of a machine that you'll have to log into"?
VPN is sensible, sure, but as an encryption layer only. VPN into a network as if you were plugged in locally is just a perfect way to spread stuff from their machines to your network.
VPN, and filter, and VLAN, and etc. etc. etc. and then to a limited network that only allows RDP traffic, through an authenticated gateway, only to select apps/VM's... yep. That sounds ideal.
But to most people, well-configured RDP - with up-to-date clients - to an unprivileged TS acting as a network client is perfectly sufficient in terms of encryption, stopping brute-force attacks, letting people work from hotels, etc., convenience, and compatibility (you can do it from an iPad, or a smartphone).
The question is not "what protocol do you use" but "what measures do you have protecting that protocol".
But, personally, blanket VPN access is incredibly dangerous. And most people want it "to access network shares", so you can't block the protocols associated with that. Now you have SMB/CIFS traffic flowing around uncontrolled home networks.
RDP, via a gateway, with certs, decent policy, IDS/IPS, and file-transfers disabled... it's then impossible to do anything that "that user logged in on a real machine inside" couldn't do, while also preventing all exposure of unsanitised data to/from their home / cybercafe / etc. IP networks.
Re: I was "hacked" via RDP
Do yourself a favour - get or write a script that emails you for every RDP login. There are loads of them out there.
There's nothing more reassuring than at least knowing "Hey, I spotted something odd that managed to slip past what I thought was secure!".
RDP has suffered several attacks recently (e.g. CredSSP), so patch it like mad, and check people aren't bypassing your password entirely.
Re: Good ol'terminal services stuff
Things like GDPR etc. kept us in-house.
Sure, put stuff in the cloud, but that just means "rent a computer somewhere with a good policy, encrypt it heavily, and control it yourself" in our case.
Citrix always seemed a con, for something you could do yourself better. Cloud Citrix just seems silly.
That's saffron-t to my sensibilities...
International calls? I get CLI all the time. I know because a lot of them like to use tricksy ones that LOOK like local calls but aren't (0027, etc.). I have one on my phone history today, if you'd like to see.
Unless, and this is important, it's spam. Then no CLI, international or not. But it's never answered.
I don't care that the local council use withheld numbers etc. That's their problem. They are one very, very specific example of exactly a place that SHOULD be pushing CLI properly with an official council number to call them back on clearly visible.
If you have to HIDE WHO'S CALLING then I don't want to take that call. Legit or not. Actual client/supplier/service or not. Known to me or not. Simple as that.
Yes, you can fake CLI (but it should be impossible, BT just need to pull their finger out). But every workplace I ever worked for has never felt the need to hide their number. All they do do is not advertise their internal DDI's and make the CLI of all calls go out with the main public switchboard DDI. There's no reason to be doing anything else, unless you're intending to deceive people about the origin of the call.
Those kinds of people won't want to answer the phone anyway, so no loss to just advertise the number at least for the first few calls anyway.
Plus, sorry, but nothing binding is done by me over a telephone call. You will email or write if you need it. And absolute best case: I'll call you back on your advertised number to ensure I'm actually speaking to who I think I am, and deal direct and still ask you for whatever-it-is in writing. You could request that via an SMS, if you wanted.
There is zero NEED for CLI. It's not even convenient as it can be easily faked or blocked. Hence it's about as reliable as a From: header in an email, and I trust it just as little. Because of that, I disregard them entirely and work on the much simpler principle of "I didn't give you my number, therefore I never wanted to hear from you."
Whitelist by default.
If I don't have your number plugged into my phone as a contact, your phone call doesn't ring, or get answered.
If you're persistent then I might bother to Google you.
The magic keys to the kingdom of speech with me? Use a well-known number that I can search for online, inform me of your number/call in advance, or send me a text (if you're a human) to let me know who you are and why you're contacting me.
Otherwise, enjoy the glorious brrr-ing-brr-ing into perpetuity without even a possibility of leaving a voicemail.
P.S. My ringtone for real people is the sound of the phone ringing from the ZX Spectrum game Software House. True story.
Re: Email forwarding services are passé
Any email forwarding is easily coped with, and SPF can be simply added (it's IET's job to say what mailserver can claim to be from their domains, that's it - they could just leave an open record on it or offera basic SMTP sender with auth).
And envelope-rewriting and forwarding is supported by just about every domain-name host out there with email-forwarding. I forward ALL my public emails (which I use heavily for everything, personal and business, for 20+ years) to a GMail (ultimately, but that's unpublicised and can be changed in seconds) which I use as my actual method to collect and read and reply to those emails.
I also run my OWN forwarding server to do just that as secondary, to handle more critical domains, etc.. It's Postfix and maybe an hour of config for anyone familiar with Linux at all. That forwards to and isn't blocked by Google etc. unless it's quite obvious spam. My own grey-listing, SPF-checking, DKIM-checking, etc. spam filter blocks WAY MORE than GMail does, and it never touches even fresh incoming addresses at my domains (e.g. firstname.lastname@example.org) that haven't ever seen an email prior.
Their reasoning isn't based on that because it's hard. It's just an expense and liability that they don't need. Personally, I'd ask people for £100 per address per year and then bolt it into Google Apps for those customers who want to pay to retain it. Would take long at all, and no GDPR liability as you literally never touch their email. But I can perfectly understand why they wouldn't want to, it's just not their job.
This is unprecedented.
"Failure to properly sanitise input data".
"Failure to apply least-privilege principles" (if it's not explicitly allowed, it can't happen).
"Failure to apply sensible defaults"
"Failure to check output of own systems matches expectations"
It's not like those EVER cause problems, is it?
"Being able to spread without internet access and impacting legacy XP and 2003 systems suggests some older environments may end up at risk where there is poor security practice – e.g. no working antivirus software"
Poor security practice like running obsolete and unsupported operating systems, for example?
I think Microsoft should just be honest... if your system has XP anywhere on it, in any configuration, even as a VM, the rest of the network's security is pointless and cannot be guaranteed. Give it up, stop developing, testing and shipping software for it, let it on the kerb.
Until you do that, people will just keep running it forever and think that just because there's some ancient version of Sophos on it that it's somehow magically "secure" now.
A weak pound worth $1.32?
in your CONFIG.SYS.
Re: Bypass autoexec bat & config.sys..
1) You could disable that.
2) What makes you so sure it was MS DOS?
A bunch of machines in an IT suite that I was revamping for a school, all tied together with serious steel cables, attached to the machines with some quite serious adhesive on a plate secured direct to the metal chassis of the machines.
Because they were all interlinked, and the cables padlocked together, you couldn't steal one without the one next to it, and so on. I thought it was going to be a nightmare of having to reimage them all in-situ or going through a bundle of different padlocks key endlessly to separate them, but I thought I'd give things a shot to see if there was an easier way.
I knew that you couldn't just pull the computers apart by brute force - I'd witnessed one fall to the floor hard and just dangle there by the plate/cable, and seen a few cursory demonstrations by big strong men trying to pull on them.
But every system has a weakness. In this case, the hefty metal plate that was epoxied in some manner to the chassis that everyone assumed was inseperable. Like with a maglock, it's not how strong it attaches when you pull laterally against the lock, it's how you can break that lateral surface area connection.
Turns out, a small flatblade screwdriver inserted into a tiny sliver of a gap between the chassis and plate, and then a small "twist" rotation of the head at normal hand strength would easily separate the two surfaces. Despite the fact that you could probably tie the offending articles to two vehicles driving in opposite directions and only ever snap the cables not the attachment, once you got the hang of it, you could literally walk down the row, stab, twist, stab, twist and fire the plates off the machines at high speed with nothing more than a basic hand tool and hand-tight motion. And no damage to the machines.
Headmaster of the school came past about 20 minutes after he'd said he'd go get me the keys, saw the pile of hefty steel cables and plates on the floor and his now "insecure" IT Suite and was flabbergasted. We never bothered to put them back on. (And, yes, I had permission to remove them if I could, before you ask).
If I found it, you can be sure anyone determined to steal those machines knew it too, even if they hadn't brought bolt-cutters.
Similarly, schools all used to just buy expensive projectors and dangle them from their high-ceilings on long-rods. In time, people became aware of the necessity of a "swing test". Literally, if you can't swing from the rod with your full weight then it only takes seconds to get the projector down and walk off with it. Sure, you'll damage the hell out of the ceilings/joists, but burglars tend not to care if they can walk out with £1000 of kit in ten seconds.
Despite then being told by several places that "our projectors have to survive a swing test", never did find anyone who even suggested it was possible to build or fit such an item if you're just attached to joists and your ceilings are 14 foot height, so the pole has to be at least 8 feet long. They learned quickly that leverage and brute-force beats ingenuity every time. After that, they started to buy projectors that were marked educational use only (destroying resale value on the main markets), had passcodes to stop them turning on, that weren't as valuable, or that mounted "short-throw" so at least the thieves only damaged a £50 bracket rather than created a £1000 ceiling repair for their insurers.
It's simple. You trade with another country, you have to abide by their rules too for that trade.
It's a long-established situation everywhere, not just California. Otherwise Apple would just put two fingers up to every other state/country in the world and sell their products there. Instead they sold-out to China and all kinds of places to be able to sell their devices there.
You are "International" but can't trade with Europe? That's a 50% hit on your revenue immediately, not counting fines and compliance work that you'll still need to do anyway.
ICANN are being really idiotic here and will lose the EU domains if they're not careful. It wouldn't take a year to set up a "ECANN" and make all EU ISPs use it (you just say ICANN isn't GDPR compatible and, bam, they'll move over), which means that if the rest of the world want to trade with Europe, they'll have to send queries to ECANN not ICANN and the DNS roots will change to give preference to ECANN overnight (A third of them are in Europe anyway).
This is arguing with the legal system that binds 50% of your worldwide customers saying "We don't care, and we're incompetent enough that we can't even fix it", which will just end in loss of control, whether through incompetence or legal decree. And once EU goes, other nations will follow suit.
They used to offer a lovely number for dialup with just uk2/uk2 as the login details, local rates.
Whatever happened to them? That was a great backup when the "new" DSL went down or just when you were "roaming" in a hotel or something pre-wireless.
And game servers, they used to run a ton of game servers.
Since DSL came along, haven't heard hide nor hair of them.
Re: Will they fund the specialist lawyers and digital forensics experts?
Legal aid has always been a pittance.
Lawyers literally only work via legal aid out of the goodness of their hearts, or because their firm instructs them to, not for the pay.
The bigger difference has always been prosecution versus defence. Work on defending people who don't want to go to jail and you'll earn 10 times more than the people hired to gather the evidence to send you there.
Plus, courts are entirely separate to lawyers, forensics and everything else. The court is merely the venue when you show those items to people trained in law. They specifically AREN'T trained in every minor detail, that's for the lawyers to get across to the 12 lay-men in the jury and the judge who might not have a clue anywhere. Only incredibly specialist cases will dare mess with that.
If anything, you DO NOT WANT all that stuff in a court. You want an expert coming in, testifying, and being rebutted by other experts. You don't want judge and jury thinking they know more than the guy on trial, or the experts he's hired, or the counsel hired to represent him. Because, more often than not, they don't.
Take it from me, someone who works in IT, graduated in mathematics, was married to a barrister, and lived with a geneticist. In all those areas of specialism, I assure you I can point out huge gaping flaws in other people's expectations of what "hacking", "probability", "legal precedent", or "DNA match" actually means in real life. You want normal people listening to an expert who says "No, that's not how it works, your honour. There's only 96% certainty that this is the same DNA, which means that almost everyone in this room could be convicted of the crime being described today".
What better way to flog a dead horse than to flog it thousands of times to other people and not actually give anyone any kind of horse, dead or not?
Welcome to the 90's. It's where you appear to be stuck, anyway.
"Actually......it is easier to get an Mac to boot Linux than it is to get a PC to do the same."
Absolute nonsense. Stick disk in, F12, boot, install, done.
"They may have some ideas how they want to people to use their product but that is not different from how your dishwasher manufacturer want you to use their dishwasher."
My dishwasher has never told me that it only works with John Lewis Plates, that I'll need to use Apple Soap, nor that it "just can't do that" when I ask it for a 10 minute rinse instead of a 20.
"Most of the anti-apple mob are angry Windblows users who are afraid of losing their "supremacy" of having to reinstall their PC at least once a year."
1) If you're reinstalling a PC once a year, you're an idiot.
2) Would you like stats on how often I have to reinstall a Windows machine versus a Mac machine in a school with hundreds of the former and only a dozen of the later? I'll give you a clue: You lose.
"I am btw. running OpenSuSE on a MacBook Pro... installing Linux on a Lenovo was too time consuming."
Good for you. And why? As someone with an entirely-Lenovo shop, I can't imagine what could cause that. Literally, boot install at disk / decompression speed.
"Oh one more thing: Windblows still can't manage proper display scaling something OS X and Linux has been doing for over 10 years."
Display scaling? As in zooming your display to show on higher resolution screens? You really are operating in the dark ages.
But they're not.
That's a silly use case.
They're looking for possibly 100,000 people out of possibly 70m people. At that point - in fact, WAY before that point - the numbers explode and even an accurate system has an atrocious false positive error rate.
Just let them, already.
Because the tech most certainly is NOT ready.
And when it proves an expensive failure, it'll be harder to justify the next (or any) such system in the future.
I have not yet once managed to get through Stansted airport facial-recognition, with or without-glasses, wearing the same T-shirt as in my passport photo, etc. etc. Not once. I ALWAYS stand there like an idiot for 5 minutes while it keeps trying, and then get pulled away by the woman STATIONED at the damn thing to take people to the "Whoops it didn't work line" where a human does the job (and which is always a long queue, not just individuals).
This stuff doesn't work any better than random chance, and certainly not better than a trained human. Stop it. Or rather - trial it all, see how useless it is, realise the salesmen lied, get over it and spend your next pot of money elsewhere to avoid a repeat embarrassment.
"If I understood your problem correctly, the solution is simple:"
Yeah. Those obvious, intuitive commands, environment variables passing into other environment variables, etc. etc. etc.
I mean, I understand everything its doing and why. But I wouldn't be able to guess at that in a million years.
Re: What does it run?
People stopped dual-booting 20 years ago.
Having to shut down one OS to run another is ridiculous in the modern age, where you can run both simultaneously without issue.
Honestly, we stopped doing that the second virtualisation instructions were put into processors.
Re: What does it run?
That kind of machine, you're going to want VMWare or similar anyway.
That's a waste to use it for just one OS with those cores and RAM, when you can run everything at the same time.
Linux as the base OS, maybe, but good luck getting all the drivers (especially for the RAID etc.).
Re: What's the app?
To my knowledge, an awful lot of phones have never supported recording calls at all, but that's a hardware manufacturer integration. If they don't present the hardware to the Android drivers, then there's no way for the Android API to record it.
But also note:
"This permission is reserved for use by system components and is not available to third-party applications."
Even the latest Android APIs do have an option to do just what you're talking about, but it's never been properly exposed and officially supported. When you use unsupported stuff, that's what happens.
I don't think it's ANYTHING to do with Android. It's to do with people BYPASSING Android. And I think it's to do with manufacturer's not exposing functionality in a standardised way via the Android APIs that already exist and/or not producing hardware that supports such functionality (e.g. a voice-call-handling chip that doesn't provide the voice data to the processor running Android at all).
Re: Wonder what it'll break ?
What's the app?
What's the function that can't be reintroduced?
Is there a single other app anywhere in the Play Store that does the same function (I don't care how, what else, whether it's prettier)?
Because I imagine there's not much that doesn't work in the way you state, when the developer is non-lazy.
You mean the OS where you're not allowed to render a website in any other way than an Apple control.
Google Chrome on iPad / iPhone is just a Safari control in a different coloured box.
I'm not at all sure that "universality" of APIs is an no-questions-asked good thing in and of itself. There has to be something else too in order to ensure you can program against them freely.
Also note, it's impossible to do certain things on iOS programmatically at all, by design. Sure, that saves you a few small security headaches but the amount they MISS tells you that that isn't the end of the story either. And causes huge user interface problems.
Don't even get me started on the junk that is screen-modal pop-up login dialogs that don't tell the user their origin, and go over the top of anything you happened to be doing.
Because it's pointless, that's why.
Re: How hard can it be?
If they have to mark all their products as "used" to be VAT-free, then they're not going to like doing that for big-brand items (i.e. the things that sell for the most money).
I make about £20 a month out of giffgaff.
I work at a school, they have lots of international teachers etc. They all come to IT for help setting up their phones, skype, etc. to call home.
I don't force it, but I hand out giffgaff SIMs. Every time they activate one, I get cash which gets to my Paypal eventually.
And lots of them do stay on giffgaff because of the "PAYG / Monthly" thing so they can pick and choose and be short of money and knock down their package without obligation. Nobody ever calls for support, so they don't notice giffgaff's is only online.
They really need a "big bundle" though, that I can tether for mobile broadband. 9Gb isn't enough and even the unlimited package is subject to a tethering limit.
I also activate a lot of their cards for things like GPS trackers and GSM gate openers. Run it down on PAYG over a year from about £20, or stick it on the £5 a month one if you want guaranteed service.
Re: Big advantage
All your major services are now proxied through the 4&6 machine at the boundary. All your external connections, webmail, remote, VPN, etc.
If your ISP says "no more IPv4 for you", it doesn't matter.
Internally, you then have ALL THE TIME IN THE WORLD to upgrade, and if you're using web proxy etc. then it's quite seamless. But all your customers and outside services are already up and ready.
You can now deploy 4 machines. 6 machines. 4&6 machines. It literally doesn't matter. You can move services one by one. But your outside customers (e.g. visits to your website) can use both from the second you do it, and your external IPs number... 1 of each.
Your internal workings, IP's, etc. literally don't matter. That's the beauty of NAT.
But what you were telling people was "You have to give every machine, server, printer, phone, etc. a world-routable IPv6 address, from day one, and configure your systems securely to allow that. Oh and NAT IS EVIL AND YOU HAVE TO DESTROY ALL TRACES". That was ALWAYS nonsense. You leave them exactly as they are, IPv6 the gateway, leave everything else on IPv4 NAT and then everything else is done at your leisure.
Say The Reg had done that? They could just add "IPv6 compatibility" to their front page and all their clients would be happy and think they were "cutting edge". They could be using IPX internally, nobody cares.
Re: Big advantage
NAT and IPv6 were always entirely unrelated.
Only stupid people thought that NAT wasn't the ideal way to transition - convert your NAT gateway to IPv6, bang, job done and no more internal changes required until you wanted to.
The confusion of the two is EXACTLY what held back adoption and instead... ironically... resulted in Carrier-Grade NAT at the ISP in order to keep things moving.
P.S. Maybe The Reg could read the article linked themselves? Because they keep SAYING they're doing something about IPv6 but I've yet to see any movement.
Three suits me fine. I get 30Mbps down, 20 up and it replaces all other Internet connections except my smartphone.
I hate to say it, especially as I nearly sued them at one point, but they do quite well for a decent price on their SIM-only dongle deals.
Happily live my entire online life via them, including all kinds of streaming, without issue.
Vodafone, however, still haven't worked out how to let me order another SIM after the first one never arrived. I can't even sign up for another account on the same card, and the account I have I can't do anything with. They say I can resolve it by going into a shop, but that's not what I expect from a tech company. Shame, as they were my first choice and I was going to buy their addons so all my WhatsApp, iPlayer, etc. traffic wasn't counted, but they were too dumb to even get a SIM to me, or sort out the account problem.
Re: Heat sink?
Not at the stupendous low voltage they use, I imagine.
0.4V and they separate it into multiple "few hundred mb/s" lanes. So no warmer than an Ethernet cable, in fact probably a lot less.
Re: No Wear Levelling hmmmmmm
You must be buying some cheap junk SD cards.
My cards been in my dashcam for 2.5 years (since I bought my car) and it's absolutely fine.
The card in my phone has been there for nearly 8 years. Also fine.
I have a card inside a CCTV camera doing a timelapse. That's been six months+ and still fine. In fact the reason they include it is so that you can constant-record to it in case the system goes down, a lot of CCTV cameras do now.
I get that they aren't certified to last forever, but if you're replacing every few months, you have a false economy on whatever junk it is that you're buying and just need to buy a decent card.
And yet... they KEEP BUYING APPLE PRODUCTS too.
Stop giving your call centre and back-office agents general purpose operating systems and/or permissions enough that they can get infected by any random passing malware. They don't need it.
Also, don't give them free reign of the database access. Rate-limit, dial down permissions and make them REQUEST info. Then if one person requests info on a million users, you know there's something wrong.
2018, and we still can't get the very basics of "need to know" and "minimal permission necessary" right.