[talk] m0n0wall project ending

Brian Callahan bcallah at devio.us
Sun Feb 15 14:47:26 EST 2015


On 02/15/15 14:44, Okan Demirmen wrote:
> On Sun, Feb 15, 2015 at 2:26 PM, Charles Sprickman <spork at bway.net> wrote:
>> On Feb 15, 2015, at 2:19 PM, Brian Callahan <bcallah at devio.us> wrote:
>>
>>> On 02/15/15 14:16, Charles Sprickman wrote:
>>>> On Feb 15, 2015, at 11:13 AM, George Rosamond <george at ceetonetechnology.com> wrote:
>>>>
>>>>> Mark S. noted this:
>>>>>
>>>>> http://m0n0.ch/wall/end_announcement.php
>>>>>
>>>>> The end of m0n0wall…
>>>> The most interesting thing I found there was this:
>>>>
>>>> https://opnsense.org
>>>>
>>>> Never heard of it until today. It is a pfsense fork…
>>>>
>>>> I’ve had good luck with Dutch software so far (hi, PowerDNS, OpenVPN-NL), this should be interesting to watch.
>>>>
>>> BSD Now has had some coverage of OPNsense recently. I think they
>>> interviewed one of the project members. Worth checking out if you have
>>> some time.
>> I also should have included this:
>>
>> https://wiki.opnsense.org/index.php/OPNsense:So_why_did_we_fork%3F
>>
>> Seems like a bunch of valid points.  Ethically, I’d say if the company sponsoring this fork did contribute time and money to the pfsense project as they claim, then this is quite fair.
>>
>> I do wonder why they would go to the trouble of rewriting the front end to not require php running as root yet continue to use php. :)
> Well, one of the biggest criticisms is the fact that one is
> controlling a security device via a web interface, running an
> application directly as root; basically webmin on the security device.
> Web accessibility tends to be more important; odd for security device
> management, but meh, ymmv.
>
> Sure, use something other than php; that doesn't address the issue.
> There's a reason why privilege separation has existed for umpteen
> years - it's time to starting using such a thing, no??

If we really cared about security, we'd join the OpenBSD project.
Oh wait... :)
(This post meant in jest because it's me and Okan. Don't read into it.)



More information about the talk mailing list