You're still not getting it. Without NAT you have NO internet connectivity at all to a local IP. NAT provides more connectivity not less.

What about weather simulations? You never have too many GPUs for those.

AI demand won't be near zero just because one of the big companies is out of business. The others would share the market then. But even if it were zero then, then you could still do a lot of other computations on a H200.

So are you shorting them?

Why do you think will Nvidia stop printing money? People are only waiting for the resources allocated to OpenAI & Co. to become free, so they can buy GPUs. Not talking about the gamers, but about the data centers of smaller companies who also need GPUs. Should one of the giants stop buying, Nvidia has a lot of other interested companies who are waiting for GPUs.

If you fear to forget it, set -P DROP. Then you notice if you forget a rule.

The point is, that the DROP/REJECT rule drops/rejects packets, while NAT is the part that allows packets from the outside to be routed to 10.0.0.2. People say "NAT protects me" but in the end the firewall protects them. And I don't know a consumer router that doesn't come with a stateful firewall enabled by default. One can argue about some having uPnP active, but that also causes problems with v4, as it can setup port forwards.

How many IPs do you get from your ISP for v4 and for v6? Now imagine you have a webcam to monitor your dogs and a smart thermostat, which both use a web interface. Add a few other smart things to the mix if you want to. In the best case you now need to configure each of them a non-default port and add a lot of different forward rules to your router, to get them online with IPv4. With IPv6, you just need to add to your router "Allow Device (name, MAC) access on 443". No need to configure another port, because each device has a routeable IP.

To enable NAT you need to have an ACCEPT rule in the FORWARD table (or a wide open default ACCEPT). Because it is forwarding traffic. MASQUERADE goes into POSTROUTING.

The firewall is literally the same. You drop incoming packets that do not belong to an existing connection.

You can fully encapsulate IPv4 in IPv6. There is a reserved range for that. There are also several techniques to relay between v4 and v6. People thought about that, it's just that for a long time nobody cared to do the full switch.

This is a way to create a false negative (correct photo but no watermark), but adding a signed watermark is not that simple. I think there were first proof of concepts of people manipulating cameras to sign an injected image, though.

I do not fully remember how, I think they used some feature to edit stuff on the camera, which should not have signed the image afterward but did it? You could also do it the almost analog way and manipulate the sensor. Or the fully analog way and get the optics right that the image in front of the camera appears like it would be a real scene.

I am sure that will benefit the users, just like the other trusted computing techniques.

As you already mention with GIMP, it already starts that using a self compiled image editor breaks the trust chain. Even with a signed GIMP binary, you can assume that some verifiers will only allow signatures from a narrow range of "trusted" programs. Your image was edited with GIMP instead of Photoshop? We didn't audit GIMP, so we cannot trust your image.

Nope. Trusted computing only benefits the people pushing these things and is ultimately used for helping big companies and their DRM. C2PA and so on will benefit Nikon and Adobe and be a huge problem for smaller hardware and software companies. And have little to no benefit for normal users.

Or seen a professional pickpocket? I've seen YouTube videos in which I needed to rewind 5 times before I saw the moment when the pickpocket got the item from his victim, which suddenly had in his hands.

Not only digital. Double exposure is a thing.