Announcing pfSense plus
-
-
It 's time to migrate to https://opnsense.org ?
-
-
@jwj said in Announcing pfSense plus:
Sounds like a good idea ;) I'm out.
Clarification, I'm out of this thread. Not out of pfSense.
-
Been reading both this and the other 'dev' post regarding PfS+. Curious as to the 'why?' behind closing the source of the plus edition. I don't believe this has been addressed. I have a couple ideas but hate to speculate...would love to hear from the team on this.
Just because something is open source doesn't mean it has to be free, correct? I am all for paying for great software (former Gold member, purchased support cases over the years, have a few Netgate boxes running) and would be happy to further support the project but would prefer to see PfS+ remain fully open source.
-
@provels
Maybe its better for you to be quiet -
@fbor pfSense FE was never open source. Not sure what you are getting at here.
-
@drewsaur The differences are small with CE, a few packages (AWS Wizard, IPSec exporter, ...), some tuning for the hardware. I checked a few FE only files: they are not obfuscated and are all licensed under Apache license. So maybe FE is only 99.99% opensource but that's not the 0.01% I'm worried about.
With pfSense+, will I still be able to change everything I may need, at least in the "CE layers", and not get stuck asking the editor for changes ?
-
@fbor I would imagine that this will be the case for a very long time. I can’t see how, anytime soon, the majority of pfSense+ would be replaced with completely different code. That would be like https://www.joelonsoftware.com/2000/04/06/things-you-should-never-do-part-i/ - completely self-defeating.
-
@al I really do not see how you cannot benefit from keeping OSS roots and your paying customers and keep advancing!
You now basically abandon it by out-forking the OSS version into Closed source and get onto the route RedHat just got with CentOS. On top of that, the trust into pfSense because of the OSS nature will be gone and the closed nature will raise questions and break trust on unseen backdoor/weakened security!
On top of that you still advertise/market/benefit the power of the OSS base, yet all the full-feature changes will not get into the CE?
Did I miss something?!?
-
@inxsible said in Announcing pfSense plus:
Assume that the user stays on the CE version as they do not need any of the ZeroTier, Business dashboard etc features that you mentioned
@Inxsible - Did I miss some announcement about ZeroTier integration in pfSense Plus? Do you have more information? I'd be very excited if this is true.....
-
How do I install the 2.5.0 version on a Netgate appliance. FOSS is more important to me than the extra features. I want to use the community version with a Netgate appliance.
- 14 days later
-
I've been busy, so I didn't notice this announcement until a few days ago. I just checked and noted that I joined this community in 2016 after I started using pfSense in 2015. Previously, I was using Sophos because it went downhill after going from open source to closed source. I can't say that I'm surprised by this announcement from Netgate, but it's disappointing nonetheless. Unless Netgate will make the entirety of the pfSense codebase available such that anyone could build it from scratch or even fork it, I can't see why anyone would contribute to further development and testing of CE. You would be doing development that Netgate could incorporate into pfSense plus for its commercial gain with no compensation or assurances of getting anything in return for your effort.
Around 2018, a former pfSense developer that I tested with jumped ship to OPNsense and he is very happy there. I've maintained an OPNsense test system alongside my pfSense test system since that time. For anyone who values an open source community, OPNsense should be a serious consideration.
- 7 months later
-
Ok, so I just started trying out pfsense and right when I registered to this forum to ask some questions, I have to read that pfsense is going to closed source and will become irrelvant sooner than later.
It will become irrelvant because the open source version won't be getting much, if any, attention, and it will die out. That means that fewer and fewer companies may still buy from Netgate because without the open source version pfsense will be forgotten and soon nobody will know about it anymore.
And who would want to rely on closed source software, especially for a security device? In times in wich the raping of peoples privacy is rapidly increasing and users are being controlled by software more and more, free software is the only way go to.
In my testing, pfsense has made a really good impression and seems like a well-made and solid software to the point that I would recommend it. But now we're not going to buy Netgate products and will have to keep looking for something else.
-
Your statement is false!
And that's the bottom line. -
@bitfrost I agree with much of what you say. Unfortunatly there is a lot of money in software as a service (rent, "cloud" versions) and sale of personal data (Googles, Facebook, instagram, Microsoft business models, China), so fighting it is likely to be difficult.
-
@Patch I don't, because for the most parts that is simply belief sold as facts.
@bitfrost said in Announcing pfSense plus:
Ok, so I just started trying out pfsense and right when I registered to this forum to ask some questions, I have to read that pfsense is going to closed source and will become irrelvant sooner than later.
Nonsense to both statements. Neither is pfSense going closed source (only Plus is and was up until now anyways - so no real change!) nor will it become irrelevant sooner than later.
It will become irrelvant because the open source version won't be getting much, if any, attention, and it will die out. That means that fewer and fewer companies may still buy from Netgate because without the open source version pfsense will be forgotten and soon nobody will know about it anymore.
OSS version already got 3 updates (2.5.0, 2.5.1, 2.5.2, 2.6 dev is in the works...) so also nonsense.
And who would want to rely on closed source software, especially for a security device? In times in wich the raping of peoples privacy is rapidly increasing and users are being controlled by software more and more, free software is the only way go to.
Besides that being a directional question to almost any company, how about asking that to the many thousands of companies that already use products from other brands that also are surpisingly built upon e.g. FreeBSD and are closed source? Like Juniper? Cisco? PaloAlto? Fortigate etc. etc.? Can't say I saw them going bancrupt the last years besides tons of fuckups and security leaks.
That's not a push to closed source. I also think pfSense Plus (as that's the only thing that won't be public anymore) should stay OSS and instead have a private/closed repository for business users just like other projects do (e.g. Proxmox etc.) but things can change. Also no one is taking away from pfSense CE.
But now we're not going to buy Netgate products and will have to keep looking for something else.
Spoiler alert: Netgate products where shipped with the Factory Edition (FE), NOT the CE for years now and no one complained a bit about the FE not being OSS/OpenSource/openly available. So all I'm currently seeing is not much changes at all. That CAN and perhaps will when there are more changes in underlying things like the web-stack/UI. That's the point where Netgate has to show if those changes they talked about will only go to Plus and leave CE behind besides promising multiple times that CE WILL get a new GUI/API layer etc.
But up until that, all you were posting as simply untrue, false or guesstimates. No proof at all, so how about simply watching if they are true to their word or not?
-
Your statement is 100% TRUE
And that's the bottom line ! - about a year later
-
@impatient Oh well, there's always OpnSense and OpenWRT
-
@jegr said in Announcing pfSense plus:
FreeBSD and are closed source? Like Juniper? Cisco? PaloAlto? Fortigate etc. etc.?
Add Netflix to the list
-
@jegr I think what sound different about this:
In the past it seemed the FE was always CE++; i.e. the base product being developed was CE, and then there are a few goodies, support, and extra testing added.
Now it sounds like a fork: Netscape developing a closed source edition, the community the community edition, and CE going eventually a divergent path, unless it ends up stagnating, where Netgate changes possibly coming back to CE only if Netgate deems it necessary to push changes upstream.
That may not be the reality, but that’s how it sounds.
A closed source nature would go straight back to the security through obscurity paradigm due to which I gave up other proprietary platforms for pfSense, so free home edition would defeat the purpose of using pfSense in the first place.
-
@rcfa said in Announcing pfSense plus:
closed source nature would go straight back to the security through obscurity paradigm
It's wrong to equate "closed source" and "security through obscurity." They are not the same thing.
-
@dennypage When you work in intelligence you know that statement in not true.
Any closed source product has backdoors built in for snooping and thats what opensource should hinder.
-
@cool_corona said in Announcing pfSense plus:
When you work in intelligence you know that statement in not true.
Any closed source product has backdoors built in for snooping and thats what opensource should hinder.Wow.
-
@dennypage Every US product has to have behind the scenes access for intelligence purposes.
And thats a fact. Not an option.
-
@dennypage Thats why a lot of countries in the EU is skipping Chinese and US products and begun to develop own forks.
-
@dennypage said in Announcing pfSense plus:
@rcfa said in Announcing pfSense plus:
closed source nature would go straight back to the security through obscurity paradigm
It's wrong to equate "closed source" and "security through obscurity." They are not the same thing.
In my book they are: it’s either “blind trust” (obscure) or “trust, but verify” (transparent).
There is by definition no transparency without open source, because, how would you inspect code that’s not open? Reverse compilation? Hack the server and steal the source?
I think it’s obvious how impractical/illegal any acquisition of transparency of a closed source project would be… -
@dennypage said in Announcing pfSense plus:
@rcfa said in Announcing pfSense plus:
closed source nature would go straight back to the security through obscurity paradigm
It's wrong to equate "closed source" and "security through obscurity." They are not the same thing.
In my book they are: it’s either “blind trust” (obscure) or “trust, but verify” (transparent).
There is by definition no transparency without open source, because, how would you inspect code that’s not open? Reverse compilation? Hack the server and steal the source?
I think it’s obvious how impractical/illegal any acquisition of transparency of a closed source project would be… - 20 days later
-
@cool_corona said in Announcing pfSense plus:
@dennypage Thats why a lot of countries in the EU is skipping Chinese and US products and begun to develop own forks.
Yeah right. That's a very optimistic view on things. So every closed source product has a backdoor, huh. I call bullshit, but hey that's just my opinion. But stating that as a fact is lying as I certainly doubt you have the insight to every freakin' software on the planet that isn't published via an open source license because of different reasons whatever they may be. That's just an opinion of a subset you perhaps know about, but other then that, it's just that - your opinion. A fact would have proof and review.
Also - you really think the top reason for the EU to build their own shit is because of "no backdoors"? I'd rather say they don't like others having the possibility to introduce/force their way into a software but you really think they wouldn't do it themselves? Huh. Weird.
@rcfa said in Announcing pfSense plus:
In my book they are: it’s either “blind trust” (obscure) or “trust, but verify” (transparent).
"Trust but verify" in a software context can be achieved easily by an external audit of which Netgate/pfSense already had one. So perhaps there will be another one in the future? Wouldn't count against it as it's likely to happen for requirements of various reasons (like needs to be certified etc. blah)
"Trust but verify" profits from code being publicly available or open source. But it doesn't need it. OSS is no guarantee for a better product, but it sure can help to achieve it. But all those cries for OpenSource sound a bit stale if noone actually does the work, reads the code, checks the state it is in. And most that argue about it don't.@rcfa said in Announcing pfSense plus:
There is by definition no transparency without open source, because, how would you inspect code that’s not open? Reverse compilation? Hack the server and steal the source?
Huh? Never heard of audits under contract? They are done all the time. Even big corporations like "evil Microsoft" have contracts with companies so they get access to the source for development or security auditing reasons.
Cheers
-
@jegr I work closely with people in intelligence and foreign Ministry departments regarding embassy and consulates.
US Intelligence has backdoors built in everything thats coming from the US or has US ownership.
https://www.reuters.com/article/us-usa-security-congress-insight-idUSKBN27D1CS
-
@cool_corona said in Announcing pfSense plus:
US Intelligence has backdoors built in everything thats coming from the US or has US ownership.
That's bloody f@#&* bullshit
In other words if true and not concerning the obligation in smojecaround the patriot act all us hardware must be banned emediatally from official European institutions
BR Q
-
@noplan And here we go....
https://www.popularmechanics.com/technology/security/a34533340/nsa-tech-back-doors-software/
https://edri.org/our-work/foreign-authorities-are-banning-google-and-microsoft-services-from-schools-the-czech-republic-is-floundering/
https://www.zdnet.com/article/nsa-backdoors-us-hardware-headed-overseas-greenwald/
Lets not discuss this further. Its pointless.
-
@cool_corona said in Announcing pfSense plus:
Lets not discuss this further. Its pointless.
Indeed. Take it into https://forum.netgate.com/category/2/off-topic-non-support-discussion
-
-