Will that be a good idea to pay Pfsense annual fee to maintain some packages
-
Dear Pfsense and Members in this forum,
Will that be a good idea to pay some annual/monthly fee for the subscription of Pfsense to maintain some of these packages.
Although I understand someone may not agree with my post.
However, some of these packages required lots of attention and time to update and continuous modification. These packages often are quite critical for security. At the end, we all need a good and secure firewall such as pfsense.
Example: Snort packages is one of the packages which is crucial to me for filter some unnecessary traffic. The development now stopped for couples of weeks and a number of members like me unable to update and run the Snort packages properly.
Honestly, I am very appreciated for those people making a great contribution to the works in Pfesense. But in order to keep everything running in good order. It might makes sense to pay the developer & pfsense to maintain some of these wonderful packages.
Look forward to some comments.
Regards,
Davec :D
-
I like the idea but I disagree.
Going down that path does not seem like a good idea. Before you know it we have another MicroTik situation. DD-WRT almost started down that path back when it got popular and it didn't turn out so well.
Anyone can contribute to the packages. You just need someone to commit the changes.
Security is a priority for most but when you elect to pay for a service you shut out many many other people that elect not to pay. Their free services are no longer free at that point. People wont even want to contribute.
I helped make a package because of the open and free use that the public has. That is what motivated me to contribute.
I think a lot of people would be disappointed to see that.
Even if pfsense did a nessus kind of approach, I don't think it would work that well in the long run.
-
The 2 different business models (free + donations, & subscriptions) both have pros and cons. A model is chosen based on the ethos of the developer. When people pay, you tend to get a lot more flaming: "I paid for this, you must fix it yesterday!!" and so I can totally see why a lot of people develop donationware, it has no reflection on the support/advancement on the project unless subscriptions would create jobs for all of the developers and maybe all of them don't even want to do this fulltime and have you as their boss.
Other companies provide lower-grade products and get away with making a fortune so it's tricky…in the end it comes down to choosing a model that gives the developer peace of mind according to their ethics.... -
The pfSense model works pretty well. Most everything out there is free, save one or two bits like the AutoConfig Backup package which are reserved for subscribers (because that's actually a remote service, not contained in the box).
Several packages such as HAProxy are maintained as a part of commercial support. Someone will buy a block of time, and then use that time to have pfSense developers work on a new package or beef up an old one. This work is then also published for all, so everyone benefits from the support, not just the customers directly. Commercial support clients also sponsor quite a lot of work on the base system itself, but this is more prevalent in 2.0 at the moment.
(In contrast, there are more than a few commercial support solutions which are kept private, since they are specific to only certain customer setups or not really feasible to support for the masses.)
There are still lots of people riding along and getting stuff for free this way, but it seems to me that it helps build the community and inspires others to support the project as well.
-
It comes down to an issue of timelines and needs. If you need something done in particular time frame then paying for one of the developer's time is a great way to get your project done in a timely fashion. That's exactly the point of the bounty system and the commercial development offerings by BSDPerimeter.
-
Good discussion!!
I think what Davc was getting at was there needs to be a way to give the incentive for packages to be updated/improved. If you watch the packages forum, there are issues with many packages, and most of the answers are workarounds to get things going. There are only a few packages like snort where one person takes charge of the package and improves on it and fixes bugs.
I think what Davc was getting at was that with the subscription method there would be an incentive for someone to actually fix the issues. I personally am against that, and sort of like the current system, but it has issues (not much for bounties actually get done).
I guess maybe a better bounty system where each package has a pool (say users just donate to pfsense) and when the $$ get high enough and someone feels like working on the package, they can claim some of the pool money from pfsense?
It might convince some users to actually put some $$ into a package they want worked on. Sadly I have not seen many users commit $$.
I am just a home user of pfsense, but yes, I have donated a small amount (hey I'm new, give me time). -
The way to accomplish this at this time is the bounty system.
However the bounty systems isn't very successful for many reasons.
1. The bounties are usually too low for the amount of work that needs to be done.
2. Bounties are often not paid when the work is done. -
Indeed, mcrane, if more people put up bounties for things, it would probably work out. Part of the problem with bounties is valuation. It's hard to know how much time a given task will take to assign a good dollar amount to it. There are also some unrealistic expectations floating around for some things, or people who don't know just how much work a task may be.
I've done some pretty complex things for a $50 bounty that probably should have been much more money, but I didn't mind because it was an interesting task and rather fun to do.
-
I agree with you both that bounties are often too low, and that it can be difficult to even determine a value before work starts or even until the work is done. Part of this problem though is a lack of feedback. I'm not just referring to my own thread; I've seen it with many others. There is basically no negotiation here. I can see how it would be pointless to even try negotiating with someone who is looking to pay $25 for work that's probably worth $2,500, but I think the gap is usually smaller, and I think often the poster has way less of an idea of value than a prospective developer would. I would imagine that all posters probably look at the values offered in other threads to help them determine a value for their own work, and when no one is posting in those other threads to say "your expectations are way too high" it can be difficult to get a sense of it.
So really what I'm saying is, I think the system as a whole would benefit from more feedback, even if that feedback is "your expectations are way too high" or "I might be interested but only for at least $XXXX." I do think the bounty system has its issues but I also agree that it's the best solution at this time.
-
Briantist,
You're probably right. Feedback would go a long way toward moving things along. That said, unfortunately, people with the skills to code aren't always the most skilled at conversation :-)
-
Just a comment about the bounties being too low. The problem with the bounties is that sometimes it's individual users doing a bounty to get a fix. These individual users do not have the $$$ to really get the work done. What is supposed to happen is that other individual users should put up some $$ to get the bounty high enough. I am not sure if it's just that people are cheap, or if not enough people know that they can donate to help improve pfsense and it's packages.
-
I think it's not so much that people are "cheap" (though maybe this is somewhat true) it's that while they might like to see a feature implemented, perhaps they don't stand to make any money from it, or it just isn't important enough for them to pay for it. I think there is an appreciable disconnect between the type of people who understand that sometimes you have to spend money for something that does what you want it to, and those who always look to free or open source options for everything (for financial reasons, not necessarily for their views on OS in general). I feel like overwhelmingly the former group tends to go with commercial products which have more solid support. Yes, they could use pfSense and pay for commercial support, but I feel like in general those types of options aren't so much on the radar for those types of people and organizations.
I PMed several people about the bounty I posted here, people who posted in threads related to the issue so I thought they might be interested. I got some "thank you"s but no one stepped up to pledge additional funds, or even posted to show support. I don't really know why for sure.
I don't know how much money the developers get from donations, but maybe it would be worthwhile to gently point users who want to donate at this subforum and ask if they would prefer to pledge their donation toward a specific goal. If they really don't want to they can still donate to the project in general. Of course, we wouldn't want to do anything that would at all discourage people from donating, so maybe that idea needs some work.
-
The biggest issues I've seen with bounties are very minimal descriptions of what the bounty offerer wants done. Typically a development project starts with a detailed specification for the work to be done, consider it like a blueprint. From there an estimate of the hours it would take to complete the project would need to be conducted and a dollar value assigned to those hours. Typically the hourly estimate and monetary value comes from the person intended to do the work. Most developers aren't going to waste their time giving an estimate unless there is a good chance the project will go forward. Unfortunately, most people are also unaware of how much a developer's time really is worth. Depending on the skill set, a fair hourly rate can be anywhere between $60 - $150USD which is far more than most people are willing to pay for what they think of as free software. Until people recognize the amount of effort it takes to do software right and are willing to pay for it, the bounty project is unlikely to be very successful.
-
@submicron:
The biggest issues I've seen with bounties are very minimal descriptions of what the bounty offerer wants done. Typically a development project starts with a detailed specification for the work to be done, consider it like a blueprint. From there an estimate of the hours it would take to complete the project would need to be conducted and a dollar value assigned to those hours. Typically the hourly estimate and monetary value comes from the person intended to do the work. Most developers aren't going to waste their time giving an estimate unless there is a good chance the project will go forward. Unfortunately, most people are also unaware of how much a developer's time really is worth. Depending on the skill set, a fair hourly rate can be anywhere between $60 - $150USD which is far more than most people are willing to pay for what they think of as free software. Until people recognize the amount of effort it takes to do software right and are willing to pay for it, the bounty project is unlikely to be very successful.
I don't disagree, especially with the bolded part but it goes back to what I said a few posts ago. How are people supposed to recognize this if they aren't told? Don't want to waste your time on an estimate? That's understandable, but just say that.
"You haven't given enough information here to give a proper estimate, and the amount you're offering is way too low. Consider that fair hourly rates for programming are typically between $60 and $150. With more information and a more realistic price goal, you will probably get a better response."
Shorten it up if need be, but we have a forum filled with mostly unanswered requests in the $50 range and very little information suggesting to people that they're going about it the wrong way.
Also, I've taken your comments to heart and modified my own bounty to something I feel is more fair. It may result in me not being able to ultimately move forward with it, but it's better to know "I can't do this because this is what it costs" than it is to have no options because the amount I'm offering isn't enough, without knowing how much I would need to "bid."
Thanks!
-
Your points are well taken and you're right, there isn't much useful feedback lately for people posting bounties. In the past, there were a number of attempts to help individuals understand why their $50 bounty to "do everything and make it easy" was not getting any traction. After a whole bunch of responses saying "I don't see why I should have to pay that much for free software" or "I'm too poor to pay for this" most of the developers gave up. I'll put together a set of guidelines for people posting bounties and sticky it. Hopefully that will help.
-
I don't think I was around that far back so I wasn't familiar with previous attempts at explanation, but I can definitely see that as being discouraging to the developers. I know that people have that attitude about free software, and it sucks but there will be some people that will just never get it.
I saw the new sticky at the top and I think it's great. I really love the pfSense project, and I appreciate all the time and work put into it by you and all the other developers. I think the bounty system has a lot of potential so I'm happy to see some moves toward making it more successful.
Thanks again!
- 2 months later
-
Hello there,
This is a great discussion thread on the bounty system, and I think Submicron's sticky is a great start. I'd like to make a suggestion which I think might help create a more uniform process. I believe an official format/template for posting a bounty request would be useful. I also suggest a that a standard reply template could be employed by any interested developer.
I agree with others on this thread about the confusion factor. For a lot of end users, there is a significant disconnect between asking for a package, and evaluating how long or what that package might cost to develop.
Perhaps the best way forward for someone requesting a new feature without an established budget and timeframe is to post a RFQ (request for quotation) at the beginning of the process. This would allow for one or more developers to bid or even collaborate on a project and establish a sense of the amount of time required.
I don't think most folks intend to be insulting to anybody by offering $50 - $100 for a bounty, but when that bounty represents 40 hours work for the developer, it can easily seem that way. By clarifying the scope of the project before dollars and cents are discussed, it might resolve this issue with the bounty system.
After a sense of the project really has taken shape, hopefully then the requestor would proceed by either 1) making a reasonable offer based on the established scope of the project, or 2) realize that the scope exceeded their means alone, and either ask for financial collaborators or abandon the request.
This would also be a benefit to the community as there would be a record of requests made using a uniform methodology, with a detailed scope of work associated with the request. Even if the original request was withdrawn, future requests which were similar would have a detailed scope of work and information for establishing a reasonable financial offer for the desired feature/fix.
Lots of other forums have a more formalized structure for things like asking for support, or advise on a topic.
What do you folks think?
A sample template example for the initial request :
Bounty Request for Quotation
Feature/Fix requested :
pfSense version :
Timeframe requirement (if any) :
Detailed Description :Developer Response
Feature/Fix :
Total number of hours estimated :
Availability (re:timeframe) :
Hourly rate or flat project fee (optional?) :
Detailed discussion of implementation plan :…
I'm sure more info could/should be included in both templates, but do you think moving this direction is a good idea?
Best,
-- Phob
- 3 months later
-
I would love to see a template approach. I think that would, at least in my world, understand more about the potential project up front. It also shows you that the poster is most likely serious about their request.
-
That would be great! Who has the copyright to this when paid for development? Lets say the guys behind Pfsense decide to sell the damn thing…Because it is THAT good and very feature rich and it can compete(later stages) with much more expensive solutions.
They get offered a lot of money and I (among others) have paid for development because I think its a great product and I want to contribute to making it better.....but I dont want to see other people get very rich because of what I have donated to development.
Am I an idiot or just plain normal?
-
I think that what you could do is pay someone to teach you the tricks - get a second pc to learn on so that your not taking any chance.
I was thinking about this myself, maybe someone would step up and teach all us noobs.
BTW i'm new to pfSense - I just setup m0n0wall and was searching on IPv6 and hit this tv show that talked about this and so here I am -
The analogy between m0n0wall vs pfSense = acoustic vs electric guitar.
I ran m0n0wall and was like heck yeah - now i'm like - umm - a little kid opening christmas presents.
Thanks Mom and Dad ;D