Closed arrogant2 closed 5 years ago
I‘m highly confident we are past the gaslight attempts and we can be a project of our own and we will gladly tell the people who have doubts about this gaslighting that they are perfectly fine with pfsense.
The main argument is bogus because we couldn’t contribute to pfsense in a way that we thought necessary and pfsense did all it could to prevent forks in 2013-2014.
It surprises me that you are overly critical about our prokect, but if you check the code or their image signatures you would see security wise you will be worse off.
If you want to be extremely critical think about how beneficial OPNsense was for kickstarting a phase of improvement in pfsense in 2015-2016 in license, open source behaviour and features.
Pfsense today without OPnsense would be worse off so we are happy either way and do not necessarily need to share proof that would be used for further gaslighting by those few individuals you mentioned.
My point from other ticket still stands. If you want to research use the source code comparison, not reddit.
Cheers, Franco
I think this block should be removed. Nobody reading a technical doc is interested in this and everyone already arriving here has already an own opinion.
@arrogant2 I see you are a guy having fun to write things .. happy to see more technical additions from you here, docs require some more love from the community :)
I concur about the removal. CC @AdSchellevis @jschellevis
We'll discuss internally, it can probably go. Question is if there's something still relevant that should be in there.
I really don't like to go into flamewars, certainly have better things todo, but to be honest, complaining anonymously doesn't really create a lot of goodwill at my end (call me old fashioned, I like to know who I'm talking too :smile: ) .
I second both. For the first, this project has to fight on many frontiers when these lines were written, but now I think it's mature enough to remove this content as it would also show it's own maturity.
For the second, to be anonymous on internet is a fundamential right, so the only way to grow in reputation is to add content / work to the project, so let's see :)
First, let me preface this by saying that I apologize for my overt hostility. Personality trait, I get that it rubs people the wrong way. That has little to do with OPNSense though, I am a hostile person as a rule. Also, sorry about the anonymous account. I promise I am not htilonom or gonzo or whoever :)
It surprises me that you are overly critical about our prokect, but if you check the code or their image signatures you would see security wise you will be worse off.
Of that I have no doubt. This is not about PfSense vs. OPNSense. I have already concluded that I don't trust the PfSense guys, an account of a long history of disingenuous behavior. That alone is enough to make me refuse to ever use their so-called "security" product. The question is not whether OPNSense is better than PfSense, the question is whether it is good objectively. Excuse the profanity, but PfSense is dog shit. The question I have is, is OPNSense any better, or are there simply no good open source firewalls anymore?
Unfortunately for me, OPNSense is really my last hope for a maintained, secure open source firewall. PfSense is... PfSense, and IPFire is still on a 3.X Linux kernel (EDIT: This is not true. My bad). IPCop is unmaintained AFAIK, and I have yet to find a viable alternative that even remotely rivals OPNSense, or what PfSense used to be.
The other problem is, I am not technically competent enough to read source code for a project of this scale. Unfortunately, (much like a lot of your users) I can only gauge the trustworthiness of the project by the behavior of the developers and by taking the word of other people I deem trustworthy and technically competent. I am giving you the benefit of the doubt here, and trying to figure out what your position on all of this is.
The reason why I believe this is at all relevant, is because the only thing that seems to turn up based on a google search for "PfSense vs OPNSense" is the old flame war. There is extremely little technical analysis. The PfSense people have had a... shall we say "extensive" opinion of your project, and I have not seen anyone from OPNSense really rebutting them.
Even if you just have a line on the wiki saying "the PfSense community has tried to deliberately slander our project, and most of it is not true", that would be an improvement. But glossing over it rubs me the wrong way.
The PfSense people have had a... shall we say "extensive" opinion of your project, and I have not seen anyone from OPNSense really rebutting them.
Meh .. won't happen. OPNsense community is flexible enough to even help ppl with pfSense specific problems, also when ppl argue they need this and that for moving to OPNsense, they'll argue that when you happy with pf, just stick with it. This is and was a "one-way war" .. every rebut is wasted time, and now, focus on OPNsense, as also you said, your intention is not to compare.
The core team will discuss and perhaps some or all of this old flame war things will be removed where it's possible, as it is really the time for it.
@mimugmail
This is and was a "one-way war" .. every rebut is wasted time, and now, focus on OPNsense, as also you said, your intention is not to compare.
Point taken. Again, speaking as an outsider, I am not sure whether the claims of the PfSense people have any merit, but if it was truly a onesided smear campaign, then I agree with your response.
Just for my own peace of mind: are any of the above claims even partially true? If all of them are complete falsehoods, then I agree there really is no need for that wiki section to exist.
They claim that OPNSense attempted to steal the PfSense trademark and become "PfSense in Europe".
No, it would be a trademark steal when OPN uses pfSense in UI and change the code. That's why the peeps over there are doing their best to make pf only run on their hardware and annoy users with trandemark warnings with every update
They claim that you are a bunch of amateurs who routinely push alpha quality software, and deliberately remove features, so that you can add them back in over a period of several months so you look like you are doing something.
This is a personl opinion from them, and you should build your own .. I'd say no :)
They claim that your code quality is bad, and that you have broken VPN functionality, and VLANs on 5 separate occasions.
I run around 30 Firewalls, possible another 100 to come in this year for business use, really, if it took too much time I'd change all of them to a different vendor.
They claim that the original OPNSense fork was mainly so that you could sell branded hardware, not because you are actually trying to improve it.
No idea, but to have full time developer for an open source product you need an income in some way. Selling hardware is one of them, support the other one. I can encourage everyone to even buy their hardware of take their support, but if not, ok, it's open source :)
They claim that they have tried to contribute to OPNSense and been told to "fuck off" by the lead people.
???
Ok, thank you for your response. Helps clear things up. I appreciate you taking the time to answer my questions and put up with my scornful BS, (my username is very deliberately chosen, lol). When I get some free time later today, I will create a PR to delete the offending section from the wiki.
They claim that OPNSense attempted to steal the PfSense trademark and become "PfSense in Europe".
That's only the second half of the story that is supposed to make someone look bad. This is a general pattern...
They claim that you are a bunch of amateurs who routinely push alpha quality software, and deliberately remove features, so that you can add them back in over a period of several months so you look like you are doing something.
For their sake I wish this was true. It's your choice to believe someone being destructive towards others, but in the end only the source code can tell. :)
They claim that your code quality is bad, and that you have broken VPN functionality, and VLANs on 5 separate occasions.
For their sake I wish this was true as well. It's quite a spurious point to make given the previous point: either people who write software are bad and are ultimately punished by a lack of growth and community or it's just one other way of saying "we don't like them".
For one, we've completely rewritten and innovated firmware updates to the point where pfSense followed ever so quietly: pkgng use in FreeBSD, opnsense-update -> pfSense-upgrade.
Another reason is that since we look for security issues early take this recent example:
https://blog.talosintelligence.com/2018/12/Netgate-pfsense-command-injection-vulns.html
You will find that the two issues were fixed in OPNsense in 2015-2016:
https://github.com/opnsense/core/commit/0d2f56bd3b#diff-0ff9f6b7a87193339cd853c18d9f8da1R210 https://github.com/opnsense/core/commit/afa861d0cdc67b65551#diff-460dfc2bc3262765b55473c6f9b38003R63
Lastly, we conserved the 2-Clause BSD licensing, which is business friendly and open at the same time. pfSense bent backwards with 5-Clause "EFS" license and having to relicense to Apache due to community pressure to a point where you should ask: so the m0n0wall code is 2-Clause BSD and relicensing was not acknowledged by the original authors so how can everything be Apache now? And besides, between both projects OPNsense is the project with the longest stable licensing and the only project with the original one still intact.
In general I find it ironic that we have to point this out again and again, but I hope it shows how the "arguments" against OPNsense are made and who they benefit. It's even entirely possible that this discussion is being screened by said popular trolls right now who make fun of what you and I wrote just because their nature is worse than you and I could wish for.
They claim that the original OPNSense fork was mainly so that you could sell branded hardware, not because you are actually trying to improve it.
For their sake I wish this was true. It's funny to note that this shows how this wraps back to "stealing trademark" narrative. The reason for the fork was to improve pfSense and I think we stayed true to our mission.
They claim that they have tried to contribute to OPNSense and been told to "fuck off" by the lead people.
We had to break ties with pfSense because of a split in development philosophy and the meaning of open source. That's when we decided to fork. We got kicked real hard for it afterwards. Do you expect us to be understanding and reasonable to the people who have lied about us, stalked us online, ridiculed and slandered us for a simple choice of making a successful fork? The bully calls "boo" and we're the bad people. We simply said "no, thanks" because of past experiences.
Cheers, Franco
Discussed internally, we'll keep the fork section (slightly adjusted) for now and move it to the history section, if we have more time available at a later moment in time we might do a larger overhaul. According to our statistics, the page is quite popular.
I am not sure if you know what debunk means, but you clearly haven't done it here. You literally just say to ignore the claims of your main competitor, and install your software with no explanation of the overall situation. This basically lets the PfSense people say whatever they want about you, and everyone only ever hears their half of the story.
I only recently became aware of the PfSense/OPNSense... "flame war" for lack of a better word, but this failure to address the claims of the PfSense people worries me. Make no mistake, I have no trust whatsoever for PfSense after they stopped releasing their source code, the opnsense.com fiasco, and their deliberately misleading advertising, but I have seen no evidence presented thus far about how OPNSense is supposed to be any better.
Obviously, they make a lot of ridiculous claims and it is difficult to debunk all of them, but there are a few recurring ones that seem to keep coming up:
A simple google search for "pfsense vs opnsense" should turn up the respective threads on reddit, various forums, and ycombinator, but for convenience I will list a couple of them here:
Note: A lot of the time, the posters are either gonzopacho or htilonom. I think it is reasonable to assume that they are representative of the PfSense crowd, however there are other people who bring up points on these forums that aren't explicitly associated with PfSense, but who nonetheless make claims about your behavior that I think may need to be addressed.
Broken VLANs, branded hardware and Europe trademark issue:
https://www.reddit.com/r/PFSENSE/comments/3rh9dw/pfsense_vs_opnsense/
They also claim that you tried to delete their Wikipedia page, although from what I understand they also tried to do this to you.
Feature reintroduction issue, broken VLANs:
https://www.reddit.com/r/PFSENSE/comments/35dl17/pfsense_vs_opnsense_articles/
"We've fixed bugs in opnsense for people, and were told to fuck off by both Franco and Jos. We've pointed out errors in how they do things and have been told to fuck off by Franco and Jos." Not sure about this one either, no corroborating evidence.
The point is, you not saying anything about any of this is a bad idea. It makes it seem like you are deliberately avoiding addressing these issues, which might lead some people to conclude that you have something to hide. For context, this is similar to gonzo's response (or lack thereof) to the claims that it has been impossible to reproduce PfSense builds since 2.3.5. Whenever people bring it up, he simply doesn't reply.
I can't personally edit the documentation to add this information, because I am new to this whole affair, and thus cannot comment intelligently on what has been going on. I am also not a representative of OPNSense, so it would be inappropriate.
My trust in OPNSense is undecided as of now, because of this failure to address these issues. Even if you don't cover all of them, there are a lot of them that keep coming up. It may also be a good idea to explain some of the deceptive behavior engaged in by PfSense/Netgate (or whatever their parent company is now called). The failure to release source code/build tools is a big deal, and you should really explain that in the "Why did we fork section".