Why go proprietary?

somethig

I just have a general question about pfSense Plus. And before I ask my question, I want to state that I understand the fact that all I've done is benefit - for free - from the awesome work of the folks at Netgate (because pfSense is awesome). I also want to state that I understand Netgate's desire to generate income. I also understand that as a freeloader user, I can upgrade to pfSense Plus for free. All good. All cool. What I don't understand is the need to go proprietary. What's gained from the "obscurity"? I'd happily upgrade to pfSense Plus, I'm just weary of closed source, proprietary software - especially for something like a firewall, which "sees" everything. So what I'm respectfully asking is what's the rationale behind the decision to go proprietary?

Cheers

pwood999

Because then you can pay for Pro or Enterprise support depending on your commercial needs.

Gertjan

@somethig said in Why go proprietary?:

So what I'm respectfully asking is what's the rationale behind the decision to go proprietary?

Like politics : all depend your point of view.
There are many opinions you can have, that no one can counter - and several of them are complete the opposite of others. So what will it be ?
The real thing is : in a "free country" you have to grant the freedom to yourself - and also to some one else. Good luck living in a free country, because you have to give the other 'a lot', more the you are willing to give. And yes, you are free to remove whatever from some one, but you'll be also removing the same thing for you.
The best of all : these are my words, probably my opinion, and I'm not sue if they are actually 'correct'

@somethig said in Why go proprietary?:

closed source, proprietary software

Remove the word software, and now take your phone, and look closely.
Lets brain storm a bit.
Do you really have the slights idea what it is doing right now (with the info you stored in it) ?
How it uses the micro and camera right now ?
Your photos ?

You've checked the code ?
If it's an android, all you need to do is : start reading that code, and check every line. It's open source, right ?

And forget about code. To damm slow, much is done by 'cabled electronics' like DMA transfers etc : no code or software involved.
Make yourself read : you have to inspect all the chips used, on a transistor level.
Oohh, oops. Suddenly you discover that open source phone uses proprietary hardware.
"They" let you see what has been decides that you can see.
You can't be 'not ok' with that, because your watch and credit card, to name just two, fall under the same usage rules.

I'm often thinking : to be sure that I'm not become totally paranoid, I turn the question around : what do I have to hide ?
If I can say : "well, I don't care", then I don't have to look for security any more.
( you know about this one : "whatever you do or say can be used against you" - this one is a reminder, as it is always true/valid )

@somethig said in Why go proprietary?:

especially for something like a firewall, which "sees" everything.

Aha !!
Got you !
You are - be happy now - totally wrong.

Have a look.
Packet capturing is build into pfSense. It's a view clicks away.
There will be hard part : you have to decode the 'payload' of data present in every packet.
The bad news : all secret 3 letter agency can't do that right now - to complicated, the hardware needed to crack a TLS stream doesn't exist (yet).

So, back to the beginning : what does pfSense see ?
Are you really using old school POP port 110, imap port 143 and http por 80 ??
Noop.
It's all "TLS" these days (maybe not the DNS - so yeah, pfSense now knows you talked with "forum.netgate.com" ).
pfSense knows that you connect to a forum.netgate.com IP, and it knows the port, protocol used, and who send it. And that's it.
But not the data, as it is just random noise.
My pfSEnse doesn't have any access to the words I type right now.

Again : this is all my opinion of course.
I did do my fact check home work, doing just that for the last 4 or 5 decades already.
And with all the fact staring in my face, I still like to think for myself. I hope you do the same ;

edit : 1K of blabla - I'm just a pfSense user, like you.

johnpoz

@somethig said in Why go proprietary?:

What's gained from the "obscurity"?

Here is my take, just a fan of pfsense/netgate - I have no special insight into any of their workings..

Lets put it this way... If you make special sauce for the burger you make, and this special sauce is the bomb, it really makes the burger..

Now another burger joint opens up the street.. And they make a "special" sauce as well for theirs.. Maybe because they pulled the recipe for the special sauce from the posting on facebook? the company did when when first starting..

As you tweak this special sauce and make it even better special sauce version 2.0 let say, do you continue post your recipe changes on facebook.. Or maybe you get tired of this down the street burger joint.. So you decide to no longer post updates to your special sauce on facebook ;)

bmeeks

There is a simple and very blunt answer --

Because unethical competitors will "steal" your intellectual property and sell it online undercutting you in price. And they will do this all over the world, concentrating their operations in countries that have very lax (or many times non-existent) copyright laws and means for prosecuting violations of same.

New features or improvements you make to your code that perhaps you have invested months of labor into creating and testing, the competitor incorporates into his code version in 5 minutes via a copy-paste operation from GitHub.

Keeping some or all of your source code proprietary helps combat this.

NollipfSense

Interesting conversations, indeed.

Gertjan

Hamburger sauce

I'll throw this one in When Kindness Backfires - The Tragic Tale Of Sun Microsystems as I saw it yesterday.
Because the question was always intriguing me.
I've worked with the so called "Pizzaboxes" from SUN (sparcstation ?) as they ware known in Holland, many years ago (1988 ?). A non proprietary TCP based network. A non proprietary network file system, a massive graphical interface, mouse based and all, which showed the basis for everybody else (they themselves borrowed it from Alto Palo I guess)

Although the video gives the impression that "they gave it all away", I do remember that there was a 4 digit price tag per unit, and no cents here - the 50 kg CRT non included.
And yes, they created and gave away Java.

Everything disappeared into Oracle for 7B$, and then .... nothing.

johnpoz

@gertjan said in Why go proprietary?:

sparcstation

Haha - dude your dating yourself ;) Haven't heard sparcstation in years and years.. Oh those were the days ;)

JKnott

@johnpoz

They had a Motorola 68000 CPU, IIRC.

Back in 95/96, when I was taking a Novell Netware CNA course, there was one of those in the classroom.

I used to work on VAX 11/780 computers, which were connected with DECNet over 10base5 "thicknet".

JKnott

@gertjan said in Why go proprietary?:

And yes, they created and gave away Java.

They did a lot of things. For example, they really pushed IP/Ethernet networks and IIRC, that came built in with Sun computers. They also bought StarOffice, turned it into OpenOffice and created the open document format for it. Unfortunately, Oracle tried to bring everything back in and, as a result, LibreOffice was forked off.

Cool_Corona

@gertjan

You need to get up to speed....

The most obvious way to ‘crack’ SSL doesn’t really involve cracking anything. Why waste time and money on cryptanalysis when you can just steal the keys? This issue is of particular concern in servers configured for the TLS RSA handshake, where a single 128-byte server key is all you need to decrypt every past and future connection made from the device.

In fact, this technique is so obvious that it’s hard to imagine NSA spending a lot of resources on sophisticated cryptanalytic attacks. We know that GCHQ and NSA are perfectly comfortable suborning even US providers overseas. And inside our borders, they’ve demonstrated a willingness to obtain TLS/SSL keys using subpoena powers and gag orders. If you’re using an RSA connection to a major website, it may be sensible to assume the key is already known.

Of course, even where NSA doesn’t resort to direct measures, there’s always the possibility of obtaining keys via a remote software exploit. The beauty is that these attacks don’t even require remote code execution. Given the right vulnerability, it may simply require a handful of malformed SSL requests to map the full contents of the OpenSSL/SChannel heap.

And its just the beginning....

Gertjan

@jknott

sed \openoffice\mysql\$$_\
.... and mariadb was forked off.

Dobby_

@somethig
Many others will do it in the same way, or am I wrong with that?

• RouterOS
• Untangle
• ClearOS
• Endian
• Sophos