[talk] m0n0wall project ending

Okan Demirmen okan at demirmen.com
Sun Feb 15 14:44:20 EST 2015


On Sun, Feb 15, 2015 at 2:26 PM, Charles Sprickman <spork at bway.net> wrote:
> On Feb 15, 2015, at 2:19 PM, Brian Callahan <bcallah at devio.us> wrote:
>
>>
>> On 02/15/15 14:16, Charles Sprickman wrote:
>>> On Feb 15, 2015, at 11:13 AM, George Rosamond <george at ceetonetechnology.com> wrote:
>>>
>>>> Mark S. noted this:
>>>>
>>>> http://m0n0.ch/wall/end_announcement.php
>>>>
>>>> The end of m0n0wall…
>>> The most interesting thing I found there was this:
>>>
>>> https://opnsense.org
>>>
>>> Never heard of it until today. It is a pfsense fork…
>>>
>>> I’ve had good luck with Dutch software so far (hi, PowerDNS, OpenVPN-NL), this should be interesting to watch.
>>>
>>
>> BSD Now has had some coverage of OPNsense recently. I think they
>> interviewed one of the project members. Worth checking out if you have
>> some time.
>
> I also should have included this:
>
> https://wiki.opnsense.org/index.php/OPNsense:So_why_did_we_fork%3F
>
> Seems like a bunch of valid points.  Ethically, I’d say if the company sponsoring this fork did contribute time and money to the pfsense project as they claim, then this is quite fair.
>
> I do wonder why they would go to the trouble of rewriting the front end to not require php running as root yet continue to use php. :)

Well, one of the biggest criticisms is the fact that one is
controlling a security device via a web interface, running an
application directly as root; basically webmin on the security device.
Web accessibility tends to be more important; odd for security device
management, but meh, ymmv.

Sure, use something other than php; that doesn't address the issue.
There's a reason why privilege separation has existed for umpteen
years - it's time to starting using such a thing, no??




More information about the talk mailing list