Re: Somebody's talking bollocks
IPv5 has been and gone. As have IPv7, IPv8 and IPv9. At this rate it won't be long before we have to start doing NAT for the Protocol Version Header
115 posts • joined 28 Jun 2019
Worked on an as-a-service project a few years ago, where thanks to having to allocate multiple subnets at design time (and before launching too, so no idea just how big the subnets would really have to be, or how many we would actually sell) the 10.x.x.x space wasn't big enough.
Also brought home just how wasteful IPv4 subnetting really is, and how inflexible a lot of networky things are. For home use I have an entire IPv6 /48 just for fun, and I can't afford the 'leccy bill to use even a tiny percent of that. Even assuming I could get a gazillion RPi's in the first place.
Assuming that other people also have IPv6. Did a small project with some overseas techies that needed some small servers for a few weeks. Figuring this will be easy as everyone out east already has IPv6 just run up a few VMs on the lab server and sorted. Oh well, at least Plan B worked....
Maybe they did? With all the universities world wide and the 100's of people of are legitimate experts in encryption, who do you go to?
And how do you know they're actually any good and not in the pay of or subject to pressure from others who would like to have a slight glitch in your encryption implementation?
Yep, it's a rabbit hole once you start poking around those sorts of questions. Possibly even a tinfoil lined rabbit hole...
How long do you think it will take to:
o Build out a cloud service suitable for enterprise use - ie VMs, containers, provisioning, network, DNS, storage, all the other typical cloudy services.
o Get your new cloudy service certified for use with all the enterprise vendors big companies use
o Get to the point people feel comfortable entrusting their corporate IT to the new EUcloud
o Actually migrate everything that you've carefully entangled with all the AWS/Azure/Googly services
Even if they dropped the hammer tomorrow it will take years to get everyone out of the current US-based providers, practically guarantee a trade war and quite likely tie up any new EU venture in endless intellectual property and copyright spats.
I know of a couple of companies that claimed a "local authority template" for ERP, and at least a few attempts at implementing. Sharing ideas and source code / config / customization generally wasn't an issue.
Changing the template to local requirements is generally where it all went wrong, especially where it was a shared service between a group of authorities and each had their own way of detail working and nobody was willing to give way on the finer details e.g. line-item names on payslips, field labels on data-entry forms. End result is paralysis as the customer cannot agree what they want and deadlines approach and go whooshing by. And that's before the union "we want money to change working condtions" mob got involved.
And even when they were all agreeing enough to go live, after a few years and a change of management or political control and then previous agreements were revoked 'cos basically politics.
As for being a supplier, the last thing anyone wants is to be stuck on a project with the Customer From Hell. I have had people tell me to my face that I'm only in it for the money, and the look of hatred when I pointed out they didn't work for free either was a joy to behold. It came as a surprise to them that ERP people actually wanted to do a good job to the best of their ability and that spending weeks on end in cheap hotels away from friends and family is not actually a good way to live.
Bootnote: There are also some excellent local authority ERP implementations. But of course you never hear about them 'cos they just quietly get on with the job without any fuss or drama. Same products, different management. Need I say more?
Pretty much the best attitude, don't be first to upgrade, but make sure you leave plenty of time and go at a point of your own choosing. Which is something else they take off you with the RISE offering - you upgrade every 3 months, when they say, and you'd better make sure you've testing everything on time.
But moving from on-premise real tin or VM to a cloudy VM really isn't that huge an undertaking (to be honest it starts to get boring after you've done a few) when compared to redoing every interface and process from scratch and then migrating and testing every record, to some other product which has its own set of features, stupidities and bugs and where you also have to retrain everyone on the brave new world.
SAP actually have a pretty good process for upgrades. The biggest problem is when people think they know better and cut corners and don't test thoroughly before they do it for real. And then find their backup process has a few issues as well....
SAP have had a couple of attempts at building their own cloud using in-house and 3rd-party hosting suppliers, even they're using the major hyperscalers for their own-label offerings now.
European customers looking at cloud look at AWS, Azure and maybe Google. Who else is there with similar offerings, and deep enough pockets to get on SAPs certification lists?
It is certainly going to be very interesting over the next few years as to where this goes as an awful lot of money and ego has been bet.
I really hope my underlings know their jobs better than I do - it's why I have underlings (and I hasten to add that anyone who calls people underlings around me in anything other than playful respect is getting a
bollocking rapid formal coaching session.
It has been a long time since I have been direct hands-on. I freely admit that some stuff I used to do I have forgotten, a lot has changed and I have no intention of doing a Simon (you know who you are) on a go-live. A big part of my role now is to shape and develop the team so they can not only get on without me, but they are eventually ready to step into my shoes and run a show.
But it's still nice to casually lean over the shoulder of some kid who's been sweating a problem for hours, scroll up a couple of screens and point out that one small thing they've missed.
You want to connect to bluetooth? Enable location
You want to connect to WiFi? Enable location
Warning: Disabling location access may break applications and degrade your experience.
Suddenly seeing location has turned itself on for no apparent reason and no way to find out which app did so
The permissions that Google apps have by default and the scary warnings (or outright refusal) to revoke them.
Apps that are baked into the phone that you don't use or need and cannot stop.
Meh, gets depressing. Beer time.
The world needs more than 4 billion IP addresses is correct and highly relevant. All the IPv4 addresses have been allocated, in some regions a long time ago, others more recently. If you want to get a new allocation now you have to justify your need and if approved you join a queue to get one. Have a look at the regional registries if you want to know their processes.
And just tinkering with IPv4 doesn't work. Changing the IPv4 header to allow a bigger address space can go two ways:
o Use a header extension or similar for the bigger addresses. Which is slower to process and means it's no longer IPv4 and anything which doesn't know about the header won't get the address right and won't handle the packet properly
o Use bigger fields for source and destination which is just as quick to process but no longer IPv4 and anything which doesn't know how about the header format won't be able to hand the packet properly.
So either way, once you've decided the only approach is to play with the packet header - and that's a fairly fundamental bit of the protocol, you're into new protocol version territory. And at that point, everything else came up for grabs and the IETF decided to simplify things from 14 fields down to just 8 and take a good hard look at what's really needed.
Now whether all the choices made 25 years ago were all good choices in retrospect is another question. The same can be asked about IPv4 too. The extra bits of both protocol suites have evolved - can you imagine anyone today doing IPv4 without DHCP? Do you remember when APIPA first came in and broke things? Same for avahi/mDNS appearing and breaking things?
So the question then becomes how do you manage a transition to IPv6 once you've got the inertial of billions of users dragging you back? Isn't it any surprise that without a global benevolent dictator we're in an extended halfway state, and most likely will be for some time yet we reach the point that IPv4 naturally fades into obsolescence? Users certainly aren't going to care as long as they can get their daily fix of web trivia.
Or a lot of people have got to get their heads around a bunch of new acronyms (NAT64, CLAT/PLAT and worse) and how to deploy them securely and reliably and without spending money or breaking things along the way. Suddenly dual-stack doesn't seem too bad eh?
The first network I build ran on NETBIOS/NetBEUI, and then moved to IPX/SPX a few months later. At a subsequent employer I inherited an IPX/SPX network and and had to deploy IPv4 as dual-stack, with every PC and laptop having a static IP "for security" (and the fact that we didn't have a DHCP server even if I could BOFH the security guy). It was a challenge, but it worked. And only a few developers noticed (and even fewer said thanks).
Technology changes. I'd like to think that if IP is still in use in another 50 years time, my grand kids won't be worrying about how to upgrade the entire solar system to a 512-bit address space.
The least we could do in the mean time is make sure any device or application that talks IP supports both IPv4 and IPv6 so we can make the transition as gracefully as possible without having to maintain legacy IPv4 networking for those few vitals boxes of kit that still need it. That is probably as likely to happen as making sure all such devices are relatively secure and easy to repair or recycle.
Untill recently you couldn't get consumer IPv6 in the UK. My ISP still doesn't support it so I'm using a 6-in-4 tunnel [free from Hurricane Electric if you want to play too].
As the ISPs have to pay for IPv4 allocations for their customers - if they can get them at all - it will be driven by ISPs providing it to their customers.
The real fun is going to be when ISP have to choose between pushing consumers to IPv6 only or implementing CGNAT. And most people won't care unless their favorite sites are still IPv4 only [cough. Register. cough.]
And the "Big 3" cloud providers still only offer partial IPv6 services to their customers too, so it's not fair to only blame BT & friends.
An honest and common opinion Jim - and one I have a lot of sympathy with too. But it will happen, IMHO the drivers will be:
o The cost of getting public IPv4 addresses as demand continues to grow (all available address are now allocated to somebody - we're now living off recycling)
o Networks are getting bigger as we add ever more connected things
o Networks are getting more complex, segmenting off applications or even bits of applications from each other means huge numbers of subnets, and devices having multiple addresses too.
o The tools to setup and manage IPv6 will get there. Even consumer broadband routers are getting the capability configure it simply enough.
IPv6 addresses are simple enough really - and everything is a /64 subnet so no more messing with subnet masks (unless you want to break things) - it really doesn't take long to learn something like 2001:db8:1234:0001 which is all you need for networks, and as somebody else pointed out, if you need to allocate host IP you can make life really easy on yourself if you want full control eg ::53 for DNS, ::1 for gateway, ::cffe for your coffee machine.
Simple firewall rules? NAT makes you lazy. How hard is something like below, which should be a default anyway:
IN PERMIT ESTABLISHED
IN DENY ALL-OTHERS
OUT PERMIT ALL
Just because something has a publicly routable address, doesn't mean it has to be publicly accessible.
People are finding a way, but right now I think it's still at the pain in the ::a55 level. But then wasn't it the same with IPX/SPX, AppleTalk, NetBEUI and ye old IPv4 at one time too?
Is this co-incidence?
The government & police want to be able to read all your communications, and completely separately the lady who is is supposed to be "thinking of the children" more than anyone else wants a single ID number for each child, and a real time dashboard at the DfE so they can see who is or isn't at school. Linking school, medical records, and police contact. Doesn't really leave much chance for privacy anywhere does it? Add in the ability to intercept all communications and... dammit, I'm sounding like the tinfoil hat nutters.
"The children's commissioner for England is calling for every child to have a single identifying number that can be used by schools, health authorities and the police"
And once you've been tagged, stamped, filed, indexed etc as a child, who thinks this will stop when you leave school? Reach 18? Leave college?
If I write a book, in all honesty nobody is going to read it, even for free.
But if through some curse/miracle I become an author, then I have two choices:
1. I write maybe a book or two every few years while doing other jobs to earn money to live. And the books provide an occasional bonus, but not one I can rely on.
2. Somebody pays me to write, which means I can now write maybe four books a year as it's now my job. And for me to get paid to write, other people need to pay money to read my books.
As a reader, if I buy a real book, I can sell it. I can lend it to friend. I can eat or burn it if I so choose. Either way, it's mine to do what I like but once it's gone it's gone. If I want to give it away again and read it again I have to buy another one, thus paying the author again. And the printer, bookshop etc. My generosity it truly out of my own pocket and not at the expense of anyone else.
With PDF and the like, I can make as many copies as I like and still do what I like with every copy, at no cost to myself. I am of course ignoring copyright and courts in this example, but they only act after the event and the author still doesn't get any money after I'm sent down. If this is taken to the extreme, any author will only ever "sell" one copy.
Whoever can solve this problem to allow you have digital versions of books (with all the advantages of surviving being dropped in puddles or just plain worn out) with the simple ease of use of the genuine dead tree article and none of the customer unfriendly DRM / rental schemes we have now is going make a fortune.
Charlie Stross did a good series of articles [ see www.antipope.org - the domain is a typo and long-running joke and nothing to do with popes] on the real world of being an author, the effort involved and the whole process from idea to print and the full reasoning I've attempted to paraphrase from memory above. He also hates DRM, has free stories as well as info on the ones he'd really like you to buy - and I'd recommend you do too. Preferably from your local bookshop.
And if you think authors could live off voluntary donations and good karma, just look at all the people who wrote shareware or write free software today and how few of them can actually do it without being employed to do so - another very topical discussion in these august pages. I'm not a programmer either.
True story from a former employer:
Buildings insurer insisted that a room full of servers and comms kit was a fire risk and a sprinkler head had to be be fitted in there.
Equipment insurer then insisted that we fitted hoods and doors on the racks to protect the equipment in the event that the sprinkler activated.
Local authorities typically have:
payroll & expenses
hr - benefits, hiring, reviews, time, approvals, reporting
stock, consumables and stuff they give out/distribute
distribution & warehousing of stuff
purchasing, goods receipt, accounts payable
finance & management accounts
reporting on anything and everything
orders, fees, subscriptions, taxes, receipts
Think of anything that every type of business might do, somewhere in local authority somebody will be doing just that. At least until it all gets reorganised/split up/tendered/outsourced/merged/abolished.
Maybe using the word enterprise in association with the stereotypical council is a bit hard to swallow, but it's still the same processes. Even if somewhat twisted and mangled into their own worldview.
Our printer died messily - as in the print head itself sprung a leak somehow - two weeks before the schools shut last year. Took the plunge on a more expensive cannon printer/scanner with ink tanks instead, and apart from one scary moment during setup while it slurped down so much yellow I was expecting to find a very hard to explain stain on the table it has been fine ever since.
Even better is I'm still using the initial bottles of ink it came with, despite feeding more paper into it for kids worksheets than I ever thought possible and it's already paid for itself.
I thought it went bust some time around '86? My first job as a paper boy lasted 3 weeks before they went TITSUP (total inability to supply unwanted papers). And I've outlasted a few more employers since then, which doesn't look so good when you write it down. Hmm.
(Apologies if you lived near a certain riverside place to be, the last 3 might have been me...)
No 5G here, 4G only works upstairs if I'm standing under a booster and as for downstairs forget it. But 2G calling works just fine even when in behind the garage at the bottom of the garden. As events oop north have shown recently, having a reliable voice service that doesn't rely on the power grid (do you really think the 1000's 5G cells will have 5 day battery backup, let along a standby generator) could be very useful once we've all be forced to fibre.
If WiFi calling worked on all networks I guess it wouldn't be so bad, but Voda have disabled it in the work phone and Plusnet don't do anything that wasn't standard 10 years ago. And of course that would also rely on me having 5 day battery backup or a genny.
Hmm. Maybe designing and operating things so crap didn't occur in the first place was a much better way of feeding your family?
Tech evolves. Get used to finding a new way to feed your family every few years. And as somebody who has spent so much time cleaning crap I suspect you might have some clue on how things should be done. So you get more food for your family, and time to sit and eat with them. Win.
That is the entire cloudy business model.
But running your own kit is not free. You have to pay for the kit up front (less any financial tricks), power it, cool it (more power), retain people to operate it, pay for spares and consumables, pay for the building and taxes on that building etc. And if you decide I now want more kit, you are looking at days to months before it's ready, if you want less kit you might be able to sell it on for a pittance. And you are doing everything yourself.
So yes, cloud often works out more expensive then you expect unless you have tight control over planning and ops (yeah, I know, fantasy land in most cases), but as somebody mentioned, if you're a proper IT professional you'll have a damn good stab of nailing all of the benefits, opportunities and costs on both sides,
Oh what the hell am I thinking, Look! New cloudy shiny shiny, I wants it my precious.
So you expect kids to exercise perfect judgement on every email or message they receive?
Every few months I have to go through corporate don't be a twit training about spam emails. In an IT company of 1000's. And we still get fskin eejits opening the few phishing mails that get through and clicking on the links. Grown, educated, IT literate adults who should know better. Think about it.
I remember reading stories about this as a kid - probably Heinlein, maybe others, referring to even though the engines use an "atomic pile" they still needed reaction mass to actually move the ship. And a couple of scenes with a bored crew, a half empty water tank and the things you can get up to in zero g...
Lenslock. A pretty neat idea - display a scrambled 2-character code that you can view with the corresponding fresnel lens for that program. I think we had 3 of them in the end.
The issue with Elite was the distributors put the wrong lens in large number of boxes and there was no way to tell if you had the right lens by looking at it. IIRC Firebird eventually worked out what happened and exchanged the lenses and gave a free game too (which was rubbish!). But it killed lenslock as a product and then of course Multiface 1 came along and debuggered most speccy copy protection.
Curiously my mate could guess the lenslok code for Elite pretty reliably if he held his glasses at just the right angle in front of the screen.
Last year I was called in to help with sizing a new system as the infra team were pushing back on the requests despite the functional experts insisting it was as per guidelines and signed off by the users. To be fair, most of them had English as a second language, and some key people were only accessible via translators and would not join calls.
The critical questions were quite easy: Average number of shipments received per day, average number of different items in each shipment to give an average number of boxes of stuff to be processed each day - there's a bit more to it for the fine detail of course.
The answers given turned out to be the number of shipments received per day, and total number of parts in each individual line item on the delivery note. When a customer is bringing in small things like washers and screws in boxes of 1000 at a time, and they're buying by the pallet too then one movement suddenly becomes millions.
This reduced the sizing down from 37 TB to 1.8 TB, although convincing our functional experts where they'd gone wrong and to go back and reconfirm with the customer took far longer than actually finding the source of the error. I'm still owed beer for that one too.
A few decades ago (ouch, writing that hurts) when I was doing my time at a polytechnic having been deemed by the likes of Sheffield to be not worthy of getting a proper education, this sort of thing was featured in at least two of the courses as classic how not to do it.
So if the poly's were teaching this stuff to the undeserving masses back than, and Sheffield is supposed to be stuffed to the rafters with brains the size of a planet, just what has gone wrong with our educational elite?
If you're running an overall upgrade programme (funny how it's never billed as a downgrade) then there is nothing wrong with having projects within that to something new. Maybe it's easier to add new, migrate date and then drop old. The key thing is how well your overall programme and project management works.
And the answer to that point is...
Your ring main might have a 32A fuse on it, but that is based on 2 paths for the current to reach your socket and IIRC that cable might only be 26A on an individual path (depends on which version of the wiring regs used at the time, assuming it wasn't simply bodged.)
And the kettle flex certainly won't take 32A for very long before things get melty...
NB. Mucking with ring mains is not a job for amateurs. Do proper research and get a real sparky in if you have any doubts about what you're thinking of doing safe and legal for where you live. 240V fing hurts, as do 3rd degree burns from setting your house alight.
We have work phones provided at (alleged) great expense which are configured so that company calendar and contacts can sync to the phone. But only inside their own sandboxes that cannot be accessed by any other application.
So you cannot see your home and work calendar on screen together at the same time as a manual not-a-sync.
If somebody calls you, the phone cannot show you the real name of who is calling, just the number. It also means the phone app cannot access the contact list to make calls. Copy/paste is blocked too and don't even think about installing signal, WA or any other messenger and expecting that to be able to get to calendar or contact details.
We've taken a pretty good communication tool, and rendered it almost useless. Forget the bronze age, we've gone back to the primal forest and dodging dinosaurs.
Biting the hand that feeds IT © 1998–2022