pfsense: A 'meltdown' of a different sort?

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

Jeggs101

Well-Known Member
Dec 29, 2010
1,529
241
63
So if you buy from a shady Chinese seller on Amazon you can have a back door?

I don't believe anyone in China would seriously try to put a back door in a firewall.

That's why I won't touch the Celeron Amazon specials. I build mine from SM gear.
 

Evan

Well-Known Member
Jan 6, 2016
3,346
598
113
I think he is immature in the way he behaves but I don’t think this is news to anybody.
 

sth

Active Member
Oct 29, 2015
379
91
28
I have empathy with them being frustrated with people profiteering from their free software.
 

JustinH

Active Member
Jan 21, 2015
124
76
28
48
Singapore
The guy I feel is a moron. 90% of PfSense is based on free software, they just wrap a nice GUI around it and offer support. PfSense would exist for the thousands of open source developers that work on all the components that they use, yet they get all uptight about other people “profiteering” from them?

Hypocrite!

I’m a maintainer on a large open source library. (Over 2K clones a day on the GitHub repo!) plenty of other open source projects depend on my library and there are even a few commercial vendors that leverage my work. The most I get out of it is vendors sending me their devices for testing and make sure they work well. Never got a single cent.

So I’d consider them lucky they been able to make a business out of it and can earn a living!


Sent from my iPhone using Tapatalk
 

Terry Kennedy

Well-Known Member
Jun 25, 2015
1,140
594
113
New York City
www.glaver.org
The guy I feel is a moron. 90% of PfSense is based on free software, they just wrap a nice GUI around it and offer support.
How is that different from what the commercial NAS vendors like Synology are doing? Or, for that matter, router vendors like Ubiquiti?
PfSense would exist for the thousands of open source developers that work on all the components that they use, yet they get all uptight about other people “profiteering” from them?
They have the right to set whatever terms they want on their software. And since FreeBSD doesn't use GPL, they don't even have to give you any modified OS sources if they don't want to.

OTOH, all the hand-wringing from gonzopancho seems a bit childish. If this could really be the death of his company, he should have his lawyers contact both the places (like Amazon) that are serving as outlets for products that violate his license / trademark and the "manufacturers" themselves. He / his company appear to be represented by MHKKG, "an intellectual property boutique firm located in Austin, Texas". In the recent WIPO decision (D2017-1828) where he lost the rights to opnsense.com, he is listed as "internally represented". So he either has in-house counsel as well, or he is representing himself (and you know what they say about that).
 
  • Like
Reactions: T_Minus

Pri

Active Member
Jul 30, 2014
124
52
28
It's a real shame to see what was once a really well respected project be pulled through the mud by its own maintainers like this. Their childish antics and flagrant flippant remarks make the project look so petty, disorganised and amateur.

I'm as of this moment still running pfSense on my home setup but I do intend to change that when I have some free time to try something else. I feel like the writing is on the wall for this project not because the product itself is bad but because the operators are.
 

sth

Active Member
Oct 29, 2015
379
91
28
My understanding was they contribute pretty significantly back to BSD development in areas like DPDK etc and can’t charge for that work due to licence agreements.
If they went closed source they would lose transparency and peer review capabilities that benefit security etc.
 
Jan 4, 2014
89
13
8
My understanding was they contribute pretty significantly back to BSD development in areas like DPDK etc and can’t charge for that work due to licence agreements.
If they went closed source they would lose transparency and peer review capabilities that benefit security etc.
so?
they have been using code from noumerous others that also couldnt charge him back.

this is what open source is about.
to me, he's just trying to push his appliances as he makes the most revenue from those.
eventually they will drop their "free to use" software, as many have done when they find out it's more profitable to overcharge for work others have done

send from a mobile device, so typo's are to be expected
 

Patrick

Administrator
Staff member
Dec 21, 2010
12,511
5,792
113
I have had dinner with Jim and his wife in Austin. Certainly, an area where I think you could have a different impression of someone in person versus some of the comments posted online.

I believe there is no issue with someone taking the open source bits, removing pfSense, and selling appliances based on that. I can appreciate that there is a community that wants to preload the software to make it easy for their customers. Also what they are really doing is targeting a keyword based on a true which is generating sales for them.

The damage side is that many people will assume that if they are buying something on Amazon called "pfSense" that they are getting pfSense unaltered and installed. In the US and many other parts of the world, you expect that if someone is using their trademark to label and sell a good that the trademark holder has consented to the manner in which that trademark is used. That protects from stories such as "I bought a pfSense appliance with a backdoor on Amazon."

Open source does not necessarily mean free. Projects like pfSense, FreeNAS, and others have teams that are earning a salary to bring that software to market. I would disagree with the notion that pfSense or FreeNAS are simply a pretty UI for an OS as the teams do quite a bit more than that and both projects upstream work to FreeBSD for others to use.

Perhaps the bigger issue is that there are likely a lot of tech-savvy folks who bought these devices on Amazon and are blissfully unaware that they could running something with backdoors since they think they have generic hardware and pfSense.
 

mstone

Active Member
Mar 11, 2015
505
118
43
46
They've decided hardware is the way to make money, and lash out at reality because it isn't. (Or maybe they can somehow make money where ibm and hp and compaq and sun (etc) failed.) You can't make money on hardware without huge volumes with razor thin margins. They will never be big enough for that.

You'd think their best bet is services/support, but the reality is that they aren't really enterprise-grade. Maybe they could be, but it would be a completely different thing than what they sell now and they'd have to walk away from what community they have left (home users really don't want that stuff). And it would still be a hard sell, to break into a mature market. And they've said they don't want to deal with different tiers--which makes it really hard to serve both home users and enterprise users. And to do services they'd probably need a very different structure.

At the end of the day they can sue the heck out of everybody, but they can't stop hardware vendors from making a factual statement like "tested with pfsense" which will come up in keywords. And that seems to make them furious. I tend to think the whole "you must have AES-NI in the next version" line is nothing but a way to spite a lot of people who bought qotom boxes and/or create FUD about same--and I assume they'll try more stuff like that in the future.

And this doesn't even get into their response to the opnsense fork.
 

PigLover

Moderator
Jan 26, 2011
3,184
1,545
113
I really like Jim. I've had several opportunities to speak with him - though he never invited me to dinner with his wife :). He's kinda one of those old-school misunderstood genius types. Big gracious guy, soft-spoken and generally speaks well of others. Really knows his sh.. regarding networking and firewall technology, though I agree with others that Netgate's overall business model is a little shaky.

I'm also really excited about what they are building for 3.x (Pennybacker - named for Austin's landmark bridge). It is a step away from classic BSD/PF and should give a real leap in PPS/clock - letting you do meaningful 10Gbe+ firewalls on small packets with commodity hardware. I really, really hope that NetGate keeps this upgrade FOSS.

Why is PFSense 3.x/Pennybacker interesting in this discussion? Because there is a real disconnect between Jim's recent rants and how he talks about Pennybacker's key enabling technology (VPP - a recently open-sourced codebase from Cisco). If you listen to Jim's public presentations on it you'll hear him almost giddy about how "foolish" Cisco was to give this away free and how NetGate is going to leverage it for their future. And then he whines about how people are (mis)using what NetGate has given away free and how hard it was to build. You can look up videos from either the DPDK summit in early 2017 or his talk from the FD.io sub-conference at Kubecon Austin.

I get the trademarking/terms of use part. But the subtext of his rant - that others are getting free use of Netgate's work - does bother me. I struggle with wanting it both ways. Happy about how you are building on what others choose to give away (foolish or not). And then ranting when others do the same to you.
 

mstone

Active Member
Mar 11, 2015
505
118
43
46
I'm also really excited about what they are building for 3.x (Pennybacker - named for Austin's landmark bridge). It is a step away from classic BSD/PF and should give a real leap in PPS/clock - letting you do meaningful 10Gbe+ firewalls on small packets with commodity hardware. I really, really hope that NetGate keeps this upgrade FOSS.
Yes, they've been talking quite a lot about this. It's not clear what the target market is. Home users routing small packets at 10G+? (Is that really a thing?) Enterprises that are running 10G+ gear, not doing packet management in their existing SDN, and who want to take a chance on putting their enterprise on top of an unproven open source firewall (and don't need any other enterprise functionality)? Enabling gigabit on sub $100 (retail) hardware and paying for the R&D with the dollar or two margin they might be able be able to squeeze out? It's all very strange.

Especially when you consider public comments they've made in the past about how they were doing great things with QAT on the C2000 series, but wouldn't release it because so many people had third party C2000 hardware and it wouldn't make financial sense for them without a monopoly on the hardware.
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,727
3,075
113
33
fohdeesha.com
I've watched Jim do this (go on tirades and make a fool of himself on reddit/twitter/etc) at least once a year since the 1.x days. I'm still a pfsense user, but I don't know how much longer I can hold on.

Does anyone remember Observium? The owner was a serious asshole and went on similar tirades, until someone eventually forked his project, most of his users abandoned him, and we got a much better product and community (LibreNMS).

It's hard to not wonder if that's what we're finally seeing with pfsense now. Granted the owner of Observium never registered the forks domain name and put a video of actual hitler on it, that seems to be something only Jim is capable of
 

Pri

Active Member
Jul 30, 2014
124
52
28
In my opinion he is the biggest threat to pfSense being a viable business. Not the outside forces. For example Jim purchasing opnsense.com and then pointing it to a parody site of the real opnsense website. That's just so juvenile.

According to the other co-founder of pfSense they are using sock puppet accounts online to spread awareness of pfSense and discredit competitors and it would appear that one of those sockpuppet accounts run by ivork who is an employee at pfSense is squatting on /r/opnsense so the project has to use a different sub-reddit name for their product, this is similar to Jim purchasing opnsense.com to keep them from having it, WIPO has since handed the domain over to the real opnsense project after unmasking Jim (he used a domain privacy service to register it).

Does all this ^ sound like people we should be supporting? - Like Patrick I get you sat down and had dinner with Jim and his wife and found them pleasant but clearly the guy is up to no good online and doesn't deserve all the assistance we as enthusiasts provide to the project.

Every time we deploy it in a business, tell someone about it, recommend it to our employers, write guides about it. That's all helping the project to grow and sends the message that they can do what they want without repercussions.

Jims messages with regards to what this thread is about were all very harsh and critical until he got blowback from the wider community. When people sat up and said wait are you not wanting to keep pfSense open anymore? Are you wanting to charge us a fee to use it now? Like when that happened he backtracked pretty quickly and called everyone alarmists. But it was he who said the project was no longer financially viable in a since deleted message to the pfSense community, he was being hyperbolic because he could.

That's how I feel anyways. And I'm still using pfSense at home but ya know I don't want to be. I don't feel good supporting this project, I've written a huge guide for this router and I just don't want to write any more I feel like I'm supporting bad people any time I spread awareness of pfSense or write useful guides for it.
 
  • Like
Reactions: fohdeesha

cheezehead

Active Member
Sep 23, 2012
723
175
43
Midwest, US
I've been using pfSense since summer of 05', contributed often in the early days with Scott/Chris/hoba/lsf but drifted away after the commercial hardware offerings got started (Still a current user though). Selling pre-packaged hardware does have a place but really it's pretty limited and margins are small. Support and Professional services is where the money is outside of moving to a freemium model (Think Plex) but given it's long history certain new "advanced" features would be on the premium side... Or just keep the operation small, if your looking just for something to keep a small number of employees employed and not looking at any large growth territory adjust your niche and go with it.

Funny how projects go together, I've also done some contrib early on with Neil on the LibreNMS fork (still active there though, the money bug hasn't been caught).
 
  • Like
Reactions: fohdeesha

OBasel

Active Member
Dec 28, 2010
494
62
28
Bad way to handle this for sure. But I like the project. That guy need to stay out of PR
 

kapone

Well-Known Member
May 23, 2015
1,095
642
113
About a year or two ago, I approached Jim with a partnership proposal, where I/my company would use PfSense "under the hood", but would use a completely different software stack on top of that, including a custom developed UI (My personal belief is that the pfsense UI could use a lot of improvements. This was before they introduced the Bootstrap based UI, but the statement still stands. It could do with a number of optimizations and some "intelligence" built in.)

To make a long story short, I didn't get the impression that he was willing to "deal". All I interpreted from his responses was "You wanna screw us over by using the pfsense name and not give us any money", which wasn't true. My exploratory talks were exactly the opposite, to figure what could be worked out with them as a partnership.

Didn't pursue it any further. I'm sure he's a great guy, but...