Readit NewsAlso ironically, I can't reach any of the newly NAT'd networks from my XVM instance. I bet the XVM maintainers haven't been warned about the NAT.
Of course it is. That's how innovation happens. They are focused on overcoming a constraint of the system they operate within. In this case, it will be to get around the limitations of the private IPv4 network, or to make the upcoming IPv6 network easier and more appealing to use.
Most innovations are to overcome some sort of limitation, whether that is with a man-made system or just the laws of nature as we currently understand them. Unbounded innovation hardly ever occurs and usually results in some shitty mobile game.
Now that's not to say MIT IS&T isn't behaving extraordinarily shitty here. But this won't stifle innovation, just refocus it. Whether that's towards a more worthy goal is certainly up for debate.
If I come up with a super-awesome computer vision algorithm and want to run a server in my dorm room to demo it, being forced to use IPv6-only when the school has enough IPv4 addresses is a stupid annoyance and will only reduce the number of people that can reach the website. Running on AWS or other IaaS service isn't an option for many students without much cash.
I do, but then I also hosted hidden services, relays and exit nodes...
I totally understand the need for a campus-wide firewall. The MIT network is a juicy target for botnets, and individual students are not good enough at running security on their own computers. The old approach to IP assignment was that you needed to get your IP approved and made routable by IS&T anyway, and if they detected botnet activity on your computer, they'd manually intervene and make it unroutable again. That sounds like a lot of work.
If computers end up with firewalled but publicly routable IPv6 addresses, that sounds perfect.
If they detect bad activity, they blacklist your MAC address so you can't connect. This is no different under the new scheme, and has nothing to do with NAT.
I run our servers on public IP addresses, behind a firewall. Troubleshooting and debugging is made much easier, and there's never any conflict with VPNs etc.
> It's likely that the only difference is that you'd also have to specify what ports you want exposed to the outside world
Port 80, please. With NAT, you can't offer that to more than one computer.
Actually I have been experimenting this for my pet projects. Downside is that it's relatively slow but getting "global" address is click (well a few lines of config) away...