How are packages supported

JonathanLee

@SteveITS maybe that's why it's open source, very few understand, and less so can program for it. The hit by bus situation is like a time bomb as many of the 80s original programs are retiring, and lot's of companies didn't expect to have to explain closed source tools maybe this is what forced their hand. Let's face it cyber security needs are growing everyday, and the original ideas the code could also be lost without new talent. The foundation was layed, but it still needs to be built upon to keep up with nation state actors.

Security vs Support vs need for new talent vs new equipment vs trust vs regulations. It's a balancing act on a tightrope that needs guardrails at the same time.

Where is the next generation? Are many caught up in smartphones gaming technology? I want to help, but again there is a learning curve, what tools are use to debug so on, how can it be tested? The list of questions for a computer science student just grows and grows.

michmoor

@SteveITS said in How are packages supported:

https://www.reddit.com/r/chaoticgood/comments/mjsmv9/gamer_gets_himself_hired_just_so_he_can_fix_a_bug/

ROTFL. I love that. hahaha.
Sometimes man...You have to just take matters into your own hands.
I appreciate the commitment that was had there. Pro moves

JonathanLee

Take me for example I hate the privacy abuse with the advertising, I do not like this panopticon feeling. I hate looking up something and for days after it's advertised on every website after. It's absolutely absurd and abusive, California makes laws and advertising companies don't care. I block it out now and it probably pisses someone in big tech off to a point they want to break tools or publicly release lists of vulnerabilities. Is California law making the rules or angry big tech? Do some users block out every single advertisement? Edge browser now does that for you, so again now Microsoft is allowing users to block out all advertising. It's like a wild West in places. I don't care about advertising, I just hate companies that flat ignore opt outs, and keep profiling users like we have no rights.

Leading to what tools and packages should even be allowed for users?

AlternateShadow

@SteveITS said in How are packages supported:

Is everyone on this thread able and/or willing to contribute time and expertise?

What about those of us who contribute money? I'm paying netgate to contribute their time and expertise so I don't have to. My criticism is that there seems to be a discrepancy between what they are selling to their customers and what they are delivering.

JonathanLee

https://redmine.pfsense.org/issues/14998

This would simplify Squid. I want to help add some code to Squid for this, as soon as I get more experience.

JonathanLee

@AlternateShadow I agree as I was under the impression Snort's maintainer was paid for his work. I would have donated my Snort subscription cost directly to him knowing this now. But I can't do that, it has no Donation button in Redmine or GitHub. He deserves it. I felt so bad when I learned he donated his time to support it unpaid. It's so professional, clean it's amazing. It was misleading for me.

michmoor

I wish someone from Netgate could respond here and set expectations.

Im looking at the site and it says that pfsense can do Threat Prevention. But what it really means is you can install it but theres no support for it.

So if im a business im thinking to myself looking at the website. I can get hardware for a good price and i can get TAC for a good price that should cover me as i roll this out in my datacenter.
But that same business will discover that there are a ton of caveats. Threat Prevention bugs or features arent supported and you cant open a TAC case for help on that. The correct and accurate response would be to go to the forums and ask for the maintainers help...
Now the business is wondering why it paid money for a TAC sub where it shouldve instead given the money to the maintainer. Also why is the business relying on unsupported packages even though the website made it seem its part of the overall pfsense package?

So whos wrong in that situation? The business or Netgate. The answer is obvious but this is the slippery slope of advertising a package you have no control over.
It needs to be clear to the consumer here. If i bought a SG-6100 in October of 2023 because i am running it in a K12 location and im using Squid...suddenly i get a notification that Squid is being removed from the repo what do i do? Up until recently, Proxy capability was listed on the website. At best this poor marketing. At worst this is shady.

tinfoilmatt

what is this entire thread on about?

from netgate.com home page's description of pfSense+:

"Ideal for home, remote worker, business, and service provider network connectivity and protection

• Equipped with many router and firewall features typically found only in expensive commercial routers
• Flexible VPN solution options
• Known for robustness and stability
• Highly extensible with 3rd party packages to support block lists, content filtering, intrusion prevention, policy-based routing and more
• Easy to install and maintain via web GUI
• Available for premises and cloud deployment"

emphasis added.

JonathanLee

We must remember the website is dynamic .. It actually advertised Proxy, and IPS/IDS

It has been removed this is why I thought Bill Meeks was getting paid.

There was also another website that had an image of a family a couple years ago that talked about web caching also said nothing about 3rd party.

https://www.netgate.com/pfsense-plus-applications/content-filtering

tinfoilmatt

This post is deleted!

JonathanLee

So yes, it was advertised to me directly from Netgate. As a student I thought YES this is what I need we are talking about this and doing labs with Palo Alto firewalls with this right now. I used my grant to get the firewall from Netgate because of this advertisement seen here.

a year later...

Who knows, I just wish I could have given my subscription to Snort rules to Bill and kept the free rules now that I know this.

This is why I am stuck on 23.05.01, they changed the platform because of some issues. It took a lot of years for me to get it working correctly. Kind of sad.

JonathanLee

They really need a donate to maintainer button somewhere that would make it clear.

tinfoilmatt

@JonathanLee i personally wouldn't share that story if it were me. it certainly doesn't land, in my opinion, the way you seem to think it should.

"pfSense Plus software enables web (HTTP and HTTPS) proxy functions via Squid [ . . . ], SquidGuard [ . . . ] and Lightsquid [ . . . ] packages."

emphasis added.

the home page read exactly the same as i've quoted on January 21, 2023.

the Complete List of Supported Packages of the same date indicated that only Lightsquid was "Maintained by Netgate." both Squid and SquidGuard were noted as "Netgate TAC Support can only assist with the installation of this package. Netgate Professional Services can assist with custom configurations."

michmoor

@cyberconsultants
The problem is how to interpret the support of these packages. It's not clear as i documented in a few threads as to what is covered under a TAC sub vs what is actually covered under supported packages. Also as documented there are times where the netgate team would assist in the support of the non-supported packages such as pfBlockerNG.
Also myself and another poster showed examples of how to properly document, so there is no confusion to consumers, what is supported and what isnt.

So at the end of the day what is the expected coverage level of any of these pkgs? Its unclear.

JonathanLee

Feature Request: Donate to Package Maintainer Button. This would make it clear right at the start and resolve a ton of issues. If money could be sent to them for issues or even for a thank you, they would be more appreciated. Who knows anyone else like this idea?

https://redmine.pfsense.org/issues/15056

Maybe it can be like Wikipedia.

jdeloach

This is getting a little bit ridiculous. Seems the few people on here are forgetting that Netgate is in business to make money.

Expecting them to support these packages for FREE is ridiculous. They have already stated that some of these packages are not compatiable with the latest versions of FreeBSD, so the package would have to be rewritten. They would have to hire more programmers but someone has to pay those folks salary. Programmers make thousands of dollars per year. Are the 8 to 10 folks on here wanting them to support all these packages willing to pay these programmers salary every year so Netgate can support them? I would venture to say the answer is NO.

tinfoilmatt

@michmoor i disagree with everything you've said. if one has only the time and/or requisite skill to have everything just work, then buy a black box and all teh support to go with it.

michmoor

@cyberconsultants
Not asking for a turn-key solution from netgate. I know it isnt one. Just clarify in the documentation and marketing material.
edit: But again thats not really the issue as well. If you say you support a feature similar to what a blackbox offers than thats the expectation. Clearly there is some misunderstanding here between what is offered and supported.

AlternateShadow

@jdeloach said in How are packages supported:

Expecting them to support these packages for FREE is ridiculous.

Let's take a look at the store page where I can purchase something from them.

Fully 29% of their bullet points under features are unsupported by TAC after installation and they haven't even bothered to include a footnote pointing to the page on their site where they do provide that information.

If they can't afford to support these features they should either stop advertising them or start charging more money so that they can.

tinfoilmatt

@michmoor said in How are packages supported:

Clearly there is some misunderstanding here between what is offered and supported.

yes, definitely. all three of you here.