On Tue, Sep 04, 2012 at 03:45:32PM -0400, William Herrin wrote:
That's what firewalls *are for* Jay. They intentionally break end-to-end for communications classified by the network owner as undesirable. Whether a particular firewall employs NAT or not is largely beside the point here. Either way, the firewall is *supposed* to break some of the end to end communication paths.
Which has had two basic results: First, we've raised at least two generations of programmers who cannot write a network-facing service able to stand up in so much as a stiff breeze. "Well it's behind the firewall, so no one will be able to see it." Second, we've killed -- utterly and completely -- countless promising technologies and forced the rest to somehow figure out either how to pretend to be HTTP or tunnel themselves. That's just sad. But even then, we're not talking about an end user choosing not to permit certain kinds of inbound connectivity. We're talking about carriers inspecting and selectively interfering with (and in some cases outright manipulating) communication in transit. That's just plain wrong. -- . ___ ___ . . ___ . \ / |\ |\ \ . _\_ /__ |-\ |-\ \__