A hardy "Welcome!" to OPNsense!
-
I have been silently reading the pfsense forums and until now I decided to be registered. You delicately and respectfully responded to each argument against the validity of pfsense in part or whole and I admire that. I really appreciate the hard work that has gone into making a free and very respectable software that can be placed on almost any appliance. My comment is to let you and the other members of the team know that there are people who are wise and can e see wisdom through not just the work but speech. If only those who comment could consider carefully before they respond and be patient, perhaps they may add to a better atmosphere. I look forward to the next release and if it has a slick gui interface.. even better! 8)
Though with that said my first experience with asking for "support" through the forums here, I do understand what has left bitter in some mouths. (I don't agree with their attitude though) Support would be more welcomed with simple words like "welcome to the forums!" or " Thank you for your post.." or "I think I have a solution to your problem, but before I respond is this what you mean?" or "Before I TRY to help you there are various scenario's to your question are you refereeing to this type or.." or etc. Less I know what your problem is and here is the answer, more asking questions, gathering information, then offering POSSIBLE solutions with a mild temper and deep respect to all.
We ALL do well to remember, humility is a hard thing to teach but a skill can easily be taught to a humble person. If OPNSense does not have the skill or talent or man power now but has good people and support oriented personnel, the right people will find and freely give themselves to the cause. If not it will be no different the any other trying to do the same or has done.
-
@cmb:
I don't see any technical validity to that claim. What "weird things", outside of PBIs which we've ditched already in 2.3 (and they haven't replaced), have they removed? I've seen a lot of what they've removed. A majority of that is NIH syndrome, and wasted effort on what is ultimately a dead end code base (all the PHP needs to die). A lot of their changes were wasted effort in reinventing the wheel on a dead-end code base.
I'd say you are doing injustice to the guys behind opnsense telling they suffering NIH syndrome. One of their stated goals is trying to get back close to the standard FreeBSD. Replacing your custom patches in this light is pretty much given.
Another aspect many are not thinking of. They are not bound to follow the restrictions U.S law is forcing on you. For example "Communications Assistance for Law Enforcement Act".
As it is, opnsense first releases were bugfests. Slowly getting better, been trying their releases out now and then. Last one I tried was quite decent, I just wanted some of the plugins they still have'nt or I would have given them more serious try.
-
Another aspect many are not thinking of. They are not bound to follow the restrictions U.S law is forcing on you. For example "Communications Assistance for Law Enforcement Act".
Wait, what? That applies to telecommunications carriers…you're another piece of the FUD machine.
I'd say you are doing injustice to the guys behind opnsense telling they suffering NIH syndrome. One of their stated goals is trying to get back close to the standard FreeBSD. Replacing your custom patches in this light is pretty much given.
Have you seen this blog post: https://blog.pfsense.org/?p=1842. It has been in both discussion and progress for quite some time.
-
Another aspect many are not thinking of. They are not bound to follow the restrictions U.S law is forcing on you. For example "Communications Assistance for Law Enforcement Act".
Wait, what? That applies to telecommunications carriers…you're another piece of the FUD machine.
Indeed. Even if it did apply, Europe and the Netherlands in particular have more stringent lawful intercept laws than CALEA.
I'd say you are doing injustice to the guys behind opnsense telling they suffering NIH syndrome. One of their stated goals is trying to get back close to the standard FreeBSD. Replacing your custom patches in this light is pretty much given.
My reference to NIH isn't related to patches at all. Getting away from patches has been a work in progress for us for quite some time. 2.3 is now patch-free, with some changes in a vendor branch. We've gotten a number of things upstreamed into FreeBSD, and a few of our patches are in FreeBSD 10.2. Matches in the FreeBSD source code alone (not nearly everything):
https://github.com/freebsd/freebsd/search?utf8=%E2%9C%93&q=rubicon+communications&type=CodeMore in matches from FreeBSD commit logs.
http://search.gmane.org/?query=rubicon&group=gmane.os.freebsd.devel.cvsPlus a number of commits to FreeBSD ports.
OPNsense will certainly be better when it's on a 10.2 base (equal or better to our 10.1 base, which is much more solid than anything they've put out), but it's because we're closer to FreeBSD because we fixed FreeBSD, not anything they did (they're responsible for 0 FreeBSD commits). That's something we've always wanted to do, just more recently able to get the significant resources required on it.
-
PFSense guys seem to know their stuff and have a good roadmap that addresses real problems that have been plaguing the entire industry. They understand key issues, and have been around for a long time, it just takes time to implement stuff.
-
Wait, what? That applies to telecommunications carriers…you're another piece of the FUD machine.
Have you seen this blog post: https://blog.pfsense.org/?p=1842. It has been in both discussion and progress for quite some time.
Yeah, For example CALEA requires them to have built-in backdoors in phone's software for federal services. Since 2004 CALEA also covers VOIP and broadband internet providers. We also know now that there are separate hidden laws in U.S concerning surveillance and private companies, and companies involved are forbidden to talk about it. Google has made some fuss around such laws. Snowden made lament about it. Bunch of companies have been discovered to have built-in backdoors in their network appliances (Barracuda Networks, D-Link, Cisco,Linksys,Netgear if you want some examples). Lavabit was forced out of business because they wanted to do nothing with it. There is also saying about missing 9 rats for every caught one. It does not make one very trusting about security software produced in the U.S any more. Same applies btw for Chinese and Russian software, those two I trust even less, since I was born in the Soviet Union and have direct personal experience with the mentality of (post)socialist states. I don't have fuck to hide or be afraid from the U.S, I don't walk around wearing tin foil hat, Im just on opinion that such possible built-in backdoors become liabilities in case of discovery by some third party.
No I was not aware. I pretty much gave up building pfSense from source about 6 months after the drama around pfsense-tools first happened. Bought new hardware and building custom modules was no longer necessity. Thank you for extending my knowledge base.
PS! Personal attacks/insults like "you're another piece of the FUD machine." are not IMHO appropriate for 1)site admin and 2)adult person.
-
Yeah, For example CALEA requires them to have built-in backdoors in phone's software for federal services. Since 2004 CALEA also covers VOIP and broadband internet providers. We also know now that there are separate hidden laws in U.S concerning surveillance and private companies, and companies involved are forbidden to talk about it. Google has made some fuss around such laws. Snowden made lament about it. Bunch of companies have been discovered to have built-in backdoors in their network appliances (Barracuda Networks, D-Link, Cisco,Linksys,Netgear if you want some examples). Lavabit was forced out of business because they wanted to do nothing with it. There is also saying about missing 9 rats for every caught one. It does not make one very trusting about security software produced in the U.S any more. Same applies btw for Chinese and Russian software, those two I trust even less, since I was born in the Soviet Union and have direct personal experience with the mentality of (post)socialist states. I don't have fuck to hide or be afraid from the U.S, I don't walk around wearing tin foil hat, Im just on opinion that such possible built-in backdoors become liabilities in case of discovery by some third party.
I hate to be the one to inform you that your fears have no boundaries. Regardless, it is just about as relevant to the topic of this thread (not saying it isn't generally important, but I don't have the time to explain it's irrelevance) as discussing the effects of climate change on immigration and the geopolitical stability of each region, so please stay on topic.
PS! Personal attacks/insults like "you're another piece of the FUD machine." are not IMHO appropriate for 1)site admin and 2)adult person.
This is not a welcome place for unfocused rage, but properly focused rage can find a place. My suggestion is to stay focused and productive as to not endanger your status among the community (it is best practice to not slow down your allies) and the openness of this thread (the likelihood of anything enlightening being mentioned is becoming smaller and smaller).
-
Yeah, For example CALEA requires them to have built-in backdoors in phone's software for federal services. Since 2004 CALEA also covers VOIP and broadband internet providers.
Again, Europe and the Netherlands in particular have stronger lawful intercept laws than CALEA. And it has no relevance to what we do.
Bunch of companies have been discovered to have built-in backdoors in their network appliances (Barracuda Networks, D-Link, Cisco,Linksys,Netgear if you want some examples).
Yeah and every one of those can be attributed to poor development practices or general security ignorance of the vendors. Most all of that in consumer-grade gear which is where quality control in general of the software is apparently nearly non-existent.
-
Interesting. I went to m0n0wall.ch and was redirected to opnsense.org. Anyone have any idea why?
-
it redirects you to https://opnsense.org/m0n0wall/
I knew m0n0wall was on its way out.. Would have thought they would redirected the domain to pfsense.org. With the changes made to the pfSense organization, who knows what happen
-
Manuel gave (or sold maybe) them the domains and they were supposed to maintain them indefinitely. Had he checked with us, we would have taken them over and been better stewards of maintaining the history (they've irked a variety of people in the m0n0wall world by screwing up things). We offered after his public announcement, but he wasn't going to change things at that point.
That's all pretty well covered in my farewell to the m0n0wall list.
-
Seriously need to change the name of the thread from:
A hardy "Welcome!" to OPNsense!haha…. Is cursing allowed?
-
Or close it altogether.
-
Why? This is highly interesting to read, how people apparently really believe the nonsense they write here. And fun!
-
Because there is nothing positive to be gained here. This isn't politics. ESF has nothing to gain by having a thread where we all slam OpenSense, and it's unprofessional. If you can't say anything nice, don't say anything at all. Ignore them. Talking about them only gives them oxygen and opens you up to all kinds of nonsense that is a distraction from the core goal.
-
…but I mean the position of pfsense... ;-)
