A hardy "Welcome!" to OPNsense!
-
http://forum.opnsense.org
Enroll and ask the same there. Great bunch of guys and extremely helpful!
Hah. For some definition of "great" that you won't find in a dictionary, where great == pathological liars who are in way over their heads.
It was in reference to this thread: https://forum.pfsense.org/index.php?topic=95969.msg534018#msg534018
Ah yes. Indeed there aren't any bugs involved there.
-
That is wrong. Totally wrong.
You couldnt be more wrong even if you tried.
-
-
-
I'm sensing tension…
-
To be honest…
I see code posted on github by opnsense dev's and copied into pfsense few days later ... A lot of the code and the way it works is WAY different than pfsense.
What they need is a better GUI and packages to be available to opnsense. The devs are very friendly, openminded and listen to the small but devoted community.
Whats really the issue here, is pfsense is opensource and it has been forked. Result is that pfsense is nothing but a trademark and a name. Its not a product since you can get similar performance and you dont have to sign over your grandchildren to some weirdo to get access to dev tools.
Pfsense is nothing without the people that use their sparetime to develop and maintain packages for this OS project and we can all see that many of the original "nice" guys have gone and is never heard of again in here.
Opnsense will succeed in what they want to achieve. Despite the badmouthing in here. Because of the shear friendlyness and the flow of information going on the forum from the dev's.
Lots of updates all the time and very short time to implement latest security patches.
And its bloody simple to update since it has been stripped of all the weird things that breaks things all the time in pfsense.
When the bacis packages are available then its goodbye to pfsense. Not because I dont like it, but because of the hostility of ESF. Its not a friendly place to be anymore.
Simples.
-
I don't know guy. To me it seems like you have been out on a mission to find fault with pfsense.
I mean, if you don't like pfsense just switch.
The rants are getting ridiculous already.
-
if you don't like pfsense just switch.
This, plus: I've been taught to be grateful for what you get for free.
Staff over here has been rude from time to time, yes, but: they by no means have the monopoly on that (…). Everybody has his bad days from time to time, and some are better in hiding that than others. Soit (that's French ;D ).
In the end what counts is: we get this for free, and should be grateful for that. I know I am. Perhaps I'm old species, being loyal and stuff :P
-
I see code posted on github by opnsense dev's and copied into pfsense few days later …
That's the point of open source where they're actually doing worthwhile things. That's only been a handful of commits. If they kept up with our commits, they'd be in a whole lot better shape. They're still missing security fixes we made months ago that are published here:
https://www.pfsense.org/security/advisories/and no doubt a significant number of bug fixes (they forked from 2.2 beta, and didn't keep up from beta to release, much less since). The security update list is small and easy to keep up with if you're paying attention. The bug fixes, much harder to deal with since it's a long list.
Whats really the issue here, is pfsense is opensource and it has been forked. Result is that pfsense is nothing but a trademark and a name. Its not a product since you can get similar performance
Similar performance is definitely not true. With the "stable" releases they've put out that completely broke very widely-used features (VLANs, others), we'd have pages and pages of threads of broken things within hours.
No one's perfect there, but we do vast amounts of release testing, and we add more and more testing with every release. We have a significant IPsec test environment already, but I'm working this week and weekend on expanding that out, fully automated, to check all possible combinations of options. They don't have the kind of infrastructure or man power to come close to us in release testing.
Pfsense is nothing without the people that use their sparetime to develop and maintain packages for this OS project and we can all see that many of the original "nice" guys have gone and is never heard of again in here.
You really haven't followed commit logs in a very long time. There are still several active package maintainers, and no recent losses I can think of. Many submit pull requests across all the repos. Outside contributors come and go all the time. It's how open source works with community contributors. Name one significant package contributor that's been active in the past 3 years who isn't currently active.
Around 90% of the total commits to our code base all time come from people we employ or employed at the time. The first ~3 years this was just a collection of volunteer efforts (and things were much simpler and less featureful). The past 8 years, the significant majority of the work has come from people on our payroll.
Getting stuck with PBIs for longer than we'd like (and the associated issues with FreeBSD 10.x) has discouraged some of the package maintainers. In 2.3, we'll be back to a sane state there, and I expect some of them who went inactive because of those issues will return.
Opnsense will succeed in what they want to achieve.
They don't have the resources. Franco spouts big words and things that might sound smart if you don't understand them in adequate depth, but it's enough to make us shake our heads at times. He's a capable developer in some regards for sure, but…
I go out of my way to try to be nice, pointing out the root of their file corruption problem which we're triple digit man hours into across a handful of people. They went off and implemented an awful hack, to copy new files into place if the old ones are corrupt, and threw in a "sync;sync;sync;" which has no impact on the root problem if you're testing for it correctly. Within just a few hours of him posting to their forum that the issue is "not fixable", one of our developers committed the fix for said "not fixable" issue to FreeBSD, after verifying across hundreds of power cycles in a circumstance that wouldn't last 5 without sync before that fix, with sign-off from every big name developer in that area of FreeBSD.
https://blog.pfsense.org/?p=1815They might succeed to some degree, if they can keep up with what we're doing (all the heavy lifting). But even when we go tell them the problem, they don't actually fix it.
That ^ is a good example of what I mean by in over their heads. One more here. https://blog.pfsense.org/?p=1773
And its bloody simple to update since it has been stripped of all the weird things that breaks things all the time in pfsense.
I don't see any technical validity to that claim. What "weird things", outside of PBIs which we've ditched already in 2.3 (and they haven't replaced), have they removed? I've seen a lot of what they've removed. A majority of that is NIH syndrome, and wasted effort on what is ultimately a dead end code base (all the PHP needs to die). A lot of their changes were wasted effort in reinventing the wheel on a dead-end code base.
When the bacis packages are available then its goodbye to pfsense. Not because I dont like it, but because of the hostility of ESF. Its not a friendly place to be anymore.
I'd never exhibited any hostility towards you until you started acting like an ass. At some point you reap what you sow, and my interactions with you end up being mostly defending us from you screaming the sky is falling and everything is shit when there is no actual problem. You're kissing their asses over there, should get a good reception. AFAIK you've never had anything but a good reception here until you started making wild, defamatory false or misleading statements. And I still reply back helpfully to other threads of yours.
I can't think of any instance where we've exhibited any hostility towards anyone who didn't bring it upon themselves, and even that is unusual.
-
I have been silently reading the pfsense forums and until now I decided to be registered. You delicately and respectfully responded to each argument against the validity of pfsense in part or whole and I admire that. I really appreciate the hard work that has gone into making a free and very respectable software that can be placed on almost any appliance. My comment is to let you and the other members of the team know that there are people who are wise and can e see wisdom through not just the work but speech. If only those who comment could consider carefully before they respond and be patient, perhaps they may add to a better atmosphere. I look forward to the next release and if it has a slick gui interface.. even better! 8)
Though with that said my first experience with asking for "support" through the forums here, I do understand what has left bitter in some mouths. (I don't agree with their attitude though) Support would be more welcomed with simple words like "welcome to the forums!" or " Thank you for your post.." or "I think I have a solution to your problem, but before I respond is this what you mean?" or "Before I TRY to help you there are various scenario's to your question are you refereeing to this type or.." or etc. Less I know what your problem is and here is the answer, more asking questions, gathering information, then offering POSSIBLE solutions with a mild temper and deep respect to all.
We ALL do well to remember, humility is a hard thing to teach but a skill can easily be taught to a humble person. If OPNSense does not have the skill or talent or man power now but has good people and support oriented personnel, the right people will find and freely give themselves to the cause. If not it will be no different the any other trying to do the same or has done.
-
@cmb:
I don't see any technical validity to that claim. What "weird things", outside of PBIs which we've ditched already in 2.3 (and they haven't replaced), have they removed? I've seen a lot of what they've removed. A majority of that is NIH syndrome, and wasted effort on what is ultimately a dead end code base (all the PHP needs to die). A lot of their changes were wasted effort in reinventing the wheel on a dead-end code base.
I'd say you are doing injustice to the guys behind opnsense telling they suffering NIH syndrome. One of their stated goals is trying to get back close to the standard FreeBSD. Replacing your custom patches in this light is pretty much given.
Another aspect many are not thinking of. They are not bound to follow the restrictions U.S law is forcing on you. For example "Communications Assistance for Law Enforcement Act".
As it is, opnsense first releases were bugfests. Slowly getting better, been trying their releases out now and then. Last one I tried was quite decent, I just wanted some of the plugins they still have'nt or I would have given them more serious try.
-
Another aspect many are not thinking of. They are not bound to follow the restrictions U.S law is forcing on you. For example "Communications Assistance for Law Enforcement Act".
Wait, what? That applies to telecommunications carriers…you're another piece of the FUD machine.
I'd say you are doing injustice to the guys behind opnsense telling they suffering NIH syndrome. One of their stated goals is trying to get back close to the standard FreeBSD. Replacing your custom patches in this light is pretty much given.
Have you seen this blog post: https://blog.pfsense.org/?p=1842. It has been in both discussion and progress for quite some time.
-
Another aspect many are not thinking of. They are not bound to follow the restrictions U.S law is forcing on you. For example "Communications Assistance for Law Enforcement Act".
Wait, what? That applies to telecommunications carriers…you're another piece of the FUD machine.
Indeed. Even if it did apply, Europe and the Netherlands in particular have more stringent lawful intercept laws than CALEA.
I'd say you are doing injustice to the guys behind opnsense telling they suffering NIH syndrome. One of their stated goals is trying to get back close to the standard FreeBSD. Replacing your custom patches in this light is pretty much given.
My reference to NIH isn't related to patches at all. Getting away from patches has been a work in progress for us for quite some time. 2.3 is now patch-free, with some changes in a vendor branch. We've gotten a number of things upstreamed into FreeBSD, and a few of our patches are in FreeBSD 10.2. Matches in the FreeBSD source code alone (not nearly everything):
https://github.com/freebsd/freebsd/search?utf8=%E2%9C%93&q=rubicon+communications&type=CodeMore in matches from FreeBSD commit logs.
http://search.gmane.org/?query=rubicon&group=gmane.os.freebsd.devel.cvsPlus a number of commits to FreeBSD ports.
OPNsense will certainly be better when it's on a 10.2 base (equal or better to our 10.1 base, which is much more solid than anything they've put out), but it's because we're closer to FreeBSD because we fixed FreeBSD, not anything they did (they're responsible for 0 FreeBSD commits). That's something we've always wanted to do, just more recently able to get the significant resources required on it.
-
PFSense guys seem to know their stuff and have a good roadmap that addresses real problems that have been plaguing the entire industry. They understand key issues, and have been around for a long time, it just takes time to implement stuff.
-
Wait, what? That applies to telecommunications carriers…you're another piece of the FUD machine.
Have you seen this blog post: https://blog.pfsense.org/?p=1842. It has been in both discussion and progress for quite some time.
Yeah, For example CALEA requires them to have built-in backdoors in phone's software for federal services. Since 2004 CALEA also covers VOIP and broadband internet providers. We also know now that there are separate hidden laws in U.S concerning surveillance and private companies, and companies involved are forbidden to talk about it. Google has made some fuss around such laws. Snowden made lament about it. Bunch of companies have been discovered to have built-in backdoors in their network appliances (Barracuda Networks, D-Link, Cisco,Linksys,Netgear if you want some examples). Lavabit was forced out of business because they wanted to do nothing with it. There is also saying about missing 9 rats for every caught one. It does not make one very trusting about security software produced in the U.S any more. Same applies btw for Chinese and Russian software, those two I trust even less, since I was born in the Soviet Union and have direct personal experience with the mentality of (post)socialist states. I don't have fuck to hide or be afraid from the U.S, I don't walk around wearing tin foil hat, Im just on opinion that such possible built-in backdoors become liabilities in case of discovery by some third party.
No I was not aware. I pretty much gave up building pfSense from source about 6 months after the drama around pfsense-tools first happened. Bought new hardware and building custom modules was no longer necessity. Thank you for extending my knowledge base.
PS! Personal attacks/insults like "you're another piece of the FUD machine." are not IMHO appropriate for 1)site admin and 2)adult person.
-
Yeah, For example CALEA requires them to have built-in backdoors in phone's software for federal services. Since 2004 CALEA also covers VOIP and broadband internet providers. We also know now that there are separate hidden laws in U.S concerning surveillance and private companies, and companies involved are forbidden to talk about it. Google has made some fuss around such laws. Snowden made lament about it. Bunch of companies have been discovered to have built-in backdoors in their network appliances (Barracuda Networks, D-Link, Cisco,Linksys,Netgear if you want some examples). Lavabit was forced out of business because they wanted to do nothing with it. There is also saying about missing 9 rats for every caught one. It does not make one very trusting about security software produced in the U.S any more. Same applies btw for Chinese and Russian software, those two I trust even less, since I was born in the Soviet Union and have direct personal experience with the mentality of (post)socialist states. I don't have fuck to hide or be afraid from the U.S, I don't walk around wearing tin foil hat, Im just on opinion that such possible built-in backdoors become liabilities in case of discovery by some third party.
I hate to be the one to inform you that your fears have no boundaries. Regardless, it is just about as relevant to the topic of this thread (not saying it isn't generally important, but I don't have the time to explain it's irrelevance) as discussing the effects of climate change on immigration and the geopolitical stability of each region, so please stay on topic.
PS! Personal attacks/insults like "you're another piece of the FUD machine." are not IMHO appropriate for 1)site admin and 2)adult person.
This is not a welcome place for unfocused rage, but properly focused rage can find a place. My suggestion is to stay focused and productive as to not endanger your status among the community (it is best practice to not slow down your allies) and the openness of this thread (the likelihood of anything enlightening being mentioned is becoming smaller and smaller).
-
Yeah, For example CALEA requires them to have built-in backdoors in phone's software for federal services. Since 2004 CALEA also covers VOIP and broadband internet providers.
Again, Europe and the Netherlands in particular have stronger lawful intercept laws than CALEA. And it has no relevance to what we do.
Bunch of companies have been discovered to have built-in backdoors in their network appliances (Barracuda Networks, D-Link, Cisco,Linksys,Netgear if you want some examples).
Yeah and every one of those can be attributed to poor development practices or general security ignorance of the vendors. Most all of that in consumer-grade gear which is where quality control in general of the software is apparently nearly non-existent.
-
Interesting. I went to m0n0wall.ch and was redirected to opnsense.org. Anyone have any idea why?
-
it redirects you to https://opnsense.org/m0n0wall/
I knew m0n0wall was on its way out.. Would have thought they would redirected the domain to pfsense.org. With the changes made to the pfSense organization, who knows what happen
-
Manuel gave (or sold maybe) them the domains and they were supposed to maintain them indefinitely. Had he checked with us, we would have taken them over and been better stewards of maintaining the history (they've irked a variety of people in the m0n0wall world by screwing up things). We offered after his public announcement, but he wasn't going to change things at that point.
That's all pretty well covered in my farewell to the m0n0wall list.