Some of the comments on the original post make a good point IMO - shouldn’t most innovation be happening in IPV6 land? :)
Hell, I’m running native IPV6 right now doled out by Comcast.
Strongly agree. MIT should be at the forefront of pushing the migration to IPv6. Anyone on their campus who wants to build something cool can and should make it work on the v6 internet.
I guess the question is if 1/256 of all internet innovation takes place at MIT? If an IP is an essential component of innovation, how should they be distributed?
Most major-in-size institutions in the US, Canada and UK still have at least one /16, so, doing a NAT with private address space is not a matter of an address space limitation, but rather a policy of doing security through obscurity.
I think it’s unfair to say that a NAT between random machines and the Internet is not a genuine, purposeful security win.
NAT is not a security mechanism, it’s a hack to preserve addresses.
Using it as a security mechanism is a bad idea.
You are better off filtering at the edge but that would require another subnet for the protected hosts.
In this scenario, MIT actually have an IPS in place (try to nmap an address in the MIT subnet 18/8, then try again a second time from the same originating IP address).
There are plenty of security goals which NAT can help with. Any large user base is going to have a few unpatched systems, after all.
Public IP addresses can easily be firewalled, too; it’s a common policy that only SSH and Remote Desktop ports are open by default, even if you do have a static IP address.
With /16 and 65k addresses (some bigger ones have even more space), there is really no need for any private space in most circumstances.
If these institutions play dumb and refuse to provide their constituents with public IP addresses like they ought to, they should probably be mandated to return their IP space.
I can tell that you don’t like NAT, and that’s fine – I’ve been stuck behind one before and I agree that it can be irritating. I know you can also filter traffic; I just think it’s disingenuous not to admit that the structure of an internal network behind NAT does have properties which improve security.
Apologies if I missed the joke, sarcasm detector malfunction.
man. It’s a shame that computers hosted in dorm rooms are the only places code can be deployed.
Only if you’re a student and wanna do it for free.
TIL Google, Facebook and AWS are all run out of dorm rooms.
Yeah yeah, the possibility of running services from your dorm room was a lot more compelling in the days before $5/mo VMs. Also I am guessing that today’s MIT students have far fewer desktop computers than they used to.
Still, it’s one more way that the MIT spirit of innovation is nerfed for the current generation.
(Disclaimer: I ran services on MITnet for about 8 years, of which I was a student for 2.5)
First of all, by doing the whole thing yourself, you learn much more than by simply pushing a couple of buttons.
We the die-hard UNIX community used to laugh at the Windows folks for pushing buttons with the mouse. Look what we’ve now become — noone really knows how shit actually works anymore without clicking those damn buttons.
I’d argue that it’s now generally a bad idea to deploy your code as we did in the old days, by custom typing commands into a single machine’s terminal window. While it’s a good idea to know what each individual machine can do, the (good part of the) industry doesn’t really work on that model any more for externally-facing internet services.