Programmer Humor

31230 readers

356 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 4 years ago

MODERATORS

[email protected]

675

Basically the extent of my IPv6 knowledge (lemmy.world)

submitted 1 week ago by [email protected] to c/[email protected]

93 comments fedilink hide all child comments

Template source: https://web.archive.org/web/20210304000634/https://www.government.nl/topics/coronavirus-covid-19/visiting-the-netherlands-from-abroad/checklist

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 10 points 1 week ago (31 children)

It also means you no longer need the kludge that is NAT. Full E2E connectivity is really nice -- though I've found some network admins dislike this idea because they're so used to thinking about it differently or (mistakenly) think it adds to their security.

[–] [email protected] 3 points 1 week ago (17 children)

Why do you say NAT doesn't make a network more secure?

[–] [email protected] 8 points 1 week ago (2 children)

This article is biased to selling you more F5 equipment but is a reasonable summary:

https://www.f5.com/resources/white-papers/the-myth-of-network-address-translation-as-security

Long story short is that NAT is eggshell security and you should be relying on actual firewall rules (I wouldn't recommend F5) instead of the implicit but not very good protections of NAT.

[–] [email protected] 1 points 1 week ago (1 children)

What would you recommend? I have a client with some pretty old hardware (FVS 318) installed that I suspect is causing some issues on their network.

[–] [email protected] 1 points 1 week ago* (last edited 1 week ago)

Honestly, these days I have no idea. When I said "wouldn't recommend" that wasn't an assertion to avoid; just a lack of opinion. Most of my recent experience is with Cloud vendors wherein the problem domain is quite different.

I've had experience with most of the big vendors and they've all had quirks etc. that you just have to deal with. Fundamentally it'll come down to a combination of price, support requirements, and internal competence with the kit. (Don't undermine the last item; it's far better if you can fix problems yourself.)

Personally I'd actually argue that most corporates could get by with a GNU/Linux VM (or two) for most of their routing and firewalling and it would absolutely be good enough; functionally you can do the same and more. That's not to say dedicated machines for the task aren't valuable but I'd say it's the exception rather than rule that you need ASICs and the like.

load more comments (14 replies)

load more comments (27 replies)