sonertari / UTMFW

UTM Firewall on OpenBSD
GNU General Public License v3.0
148 stars 30 forks source link

This project is pretty good and interesting but I think it needs some serious help? #5

Closed MystesofEternity closed 5 years ago

MystesofEternity commented 5 years ago

Hi there, I found your project after doing a research about Open-BSD based operating systems and I must say that the features packed in this are pretty good!

It's just that, it's a bit concerning that you're the only one working on this project. Do you somehow need a helping hand on this?

sonertari commented 5 years ago

Since UTMFW is and has always been a FOSS project, anybody is welcome to contribute.

I've been developing UTMFW, the successor of ComixWall, since 2006. Help for such FOSS projects could be contributions in the form of code, documentation, testing, and bug reports. But other than translations, I haven't been offered any kind of help since then. And, based on my experiences in the past 13 years working on UTMFW (and ComixWall), I highly doubt that it will happen, ever.

There may be reasons why people do not contribute to a FOSS project. A couple of reasons comes to mind immediately:

  1. It may be totally useless and/or low quality, so perhaps nobody cares.
  2. It may be feature complete and/or very high quality, so perhaps there is no need for improvement or extra help.
  3. The market for it actually requires it to be a commercially sold and supported product, but since it is not, people or companies/organizations cannot use it, even if they wish they could.

I am almost certain that UTMFW does not have the first or the second reasons above. Because, (1) I know that it works (because I work behind it, and anyone can download its installation CD and see for themselves), and (2) I have extensive development plans to keep me busy for the next 5 years at least, especially related to converting UTMFW into an NGFW with an L7 packet filter (see my opinion paper I had written in early 2016, but note that I have already implemented some of the ideas I had proposed in that paper, e.g. SSLproxy).

But the third reason may be really important. As I mention in my opinion paper, such projects like UTMFW need a sustainable development and support environment, which I think is especially related to financing the project. VC support like Kickstarter is not available where I live at the moment. And I don't know what happens internally when similar projects go commercial (such as pfSense).

On the other hand, I think there is a very important factor which prevents firewall projects like UTMFW succeed in the commercial market (even if the FOSS project succeeds in developing a hardware appliance and secures financing): Existing commercial networking and security solutions used widely in the market. I do not simply mean the disadvantage of the new player in the market, nor do I mean conspiracy theories involving ugly tactics by large companies producing those existing products. But I mean the ecosystems created around such existing products.

Such ecosystems involve integrated solutions for the Enterprise market, of course. But most people ignore a very important factor here: The technical support people. Technical support people unintentionally hinder the adoption of new products (FOSS or otherwise) in the market. Ask any technical support person what she would like to do next in her career progression, and she will tell you she wants to get at least a couple of certificates for X products (replace X here with large corporations offering certifications for their networking and security solutions). The unfortunate fact is that such technical people are right, because while they are looking for a new job, the requirements on the job ads ask for such certifications, and HR people they have to interview with care about such certifications only, not about experience on FOSS software or some new unheard-of products (no matter how successful they are).

So when you say serious help, what do you mean?

MystesofEternity commented 5 years ago

Thank you very much for sharing your thoughts!

I hold very similar sentiments to yours that the world of IT as it is right now is heavily held by the neck thanks to the relentless efforts of big companies to promote and saturate the industry with their million-dollar "worthy" products...

I actually want to call those technical support people as "brainwashed technical support people" who were blinded from seeing the reality within the IT industry. I used to be one of them and I can never emphasise enough just how grateful I am to have realised this sooner than later.

As for serious help I apologise for not being clear about this but what I wanted to know is whether or not this project is going to be in peril of dying without more contributors soon. I know it was somewhat audacious of me to ask this given the fact that my programming skills have gotten rusty thanks to always landing on the job of a web developer but I still wanted to know the state of the project since I am, regardless of anything, very interested to help this project out.

I want to promote the use of FOSS software because I have been awakened from the grim illusion built up by big companies where people are made to believe that only "paid" and "branded" things can get the job done properly. It just sucks that even educational institutions simply want to go with the general trend being established by these big names for the sake of "better education" which is simply a disaster if I must say.

I'll be honest with you that I am n and I'll be engaged in postgraduate studies for the sake of being able to live in a better country but after that I'm actually looking to work either for the government or a non-profit and start supporting FOSS in any way I can from there and that will definitely include contributions to magnificent software like this openBSD-based UTMFW.

sonertari commented 5 years ago

To clarify my points, I think there is already a game being played in the field. If you want to play that game, then you should obey the rules (go commercial). If you want to create your own game, then good luck (stay FOSS).

And I want to emphasize that the current game and its rules have sound reasons. That is why if I were an IT manager working for a large enterprise, I would also buy commercial hardware appliances from those big companies, which would offer 24/7 commercial support for an extra price too. So I do not blame neither the big companies nor the technical support people. As the saying goes, no IT manager has ever been fired for purchasing IBM computers, instead of cheaper DIY COTS ones.

Note a very important difference here that firewall projects like UTMFW are very different from, say, framework or library type of software like d3js or phpseclib. They don't have to go commercial, mainly because their target audience are developers. But projects like UTMFW have to go commercial, otherwise only DIY individuals like FOSS enthusiast or developers, or small companies/organizations can use such firewall projects. Because, the users of UTMFW should do everything themselves, from installation on some hardware to full maintenance. And there is nothing much I can do to help them, other than replying their issue reports and fixing bugs.

Therefore, the next reasonable step for projects like UTMFW to reach wider audience is to go commercial (e.g. similar to what pfSense did). But after going commercial, we would have ecosystem related issues I have mentioned before. So I choose to stay FOSS (which does not mean that I haven't tried to go commercial before).

Thank you for your nice words about UTMFW. But since I have never seen any productive discussion on such topics, I am closing this issue now.