All software these days is complex, especially in the open source world. In the open source world though, good luck on resolving the issues with help. No, I don’t mean you can’t ask for help. You can, just don’t expect anything but the basics. And blog posts about your problem. The very worst these days. Everyone repeats what everyone else said and very little context about the issues that you can expect to find. Mostly junk. Blog posts are garbage. They are noise, period. This doesn’t mean there aren’t any good ones, but most of the time the blogs are garbage posts about open source.
I’m going to give the example of the pihole. Everyone thinks this is great. It can block ads and help maintain your privacy. What happens though when a lot of time has gone by and you mix it in with a router such as pfsense? And pfsense is turning into garbage too. It has become so complex and the descriptions of the features are all but lacking the context and how they tie into other aspects of the system. For instance, you set your dhcp dns for the interface, and you set it at some point for specific machines. Then 5 years go by and you have an issue. Maybe you need to rebuild pfsense and you restore a config. The pihole is down but the config still points to the pihole and you are trying to figure out why you cant get to the internet. This isn’t bad is you are actively using the pihole every day or even keeping an eye on it every week and you aren’t trying to bring your pfsense router back up so you can get to the internet. You do one thing that is tied to the pihole and you don’t realize the pihole is inaccessible and your tests to see if the internet is working fails and you can’t figure out for the life of you why. You spend hours, maybe even days trying to figure it out. Then you start going through all the settings in pfsense to work out the causes and to ensure everything is right and after the 2 or 3rd day you finally notice that the dns for a given machine is set to that pihole. You remove it. Yeah, you are on your way to solving the issue. But no, you didn’t notice that the pihole was also set as the dns for the interface.
pfsense is also a problem. I had to recently install going from a virtualized version of pfsense — man after years of that being in place and having issues it becomes a real nightmare too, so a word of warning…do not virtualize pfsense. Yeah you might save a computer and a bit of electricity but that does not come close to the loss of money say from a missed customers because you have had to spend 2-3 days working this shit out. If your virtualization server has to be rebooted you have no internet. Yes, it saves power, and it even allows you to back it up with the rest of your VMs and containers, but when the shit hits the fan that can be the cause of a tremendous amount of frustration.
When you do make sure everything is right. I recently reinstalled pfsense on hardware and everything seemed to be fine except I could not get port forwarding to work. I also could not get any wireless device to connect to the internet. The device would connect to the wireless access point but it would not connect on the internet. Every page says that the is unreachable. This after days and days and just a serendipitous situation caused me to discover the cause. I was tremendously frustrated. Nothing would work wirelessly. Thank goodness I had my cell phone with cellular data.
What serendipitous situation was is that I tried to install a solarflare card in the computer and added the drivers. Pfsense then started to crash upon boot. Looked like a kernel panic error. It would not proceed past the messages.
I thought, OK, let me mount the pfsense boot drive in Linux and see if I can just delete the entry or the file and reboot to bring it back. Nope. This was zfs. And there is documentation on the web about how to mount a zfs pool but none that really say how to mount the zpool of pfsense and no indication of what the pool name is. You have to be an expert in yet another topic in order to figure out how to get into that drive. I got it to mount only this time there was a /pfsense mount point with a single folder and that folder was empty. I looked at the list and it showed that there were some folders off the root of the volume and luckily one had /cf/conf and in there was a copy of my config.xml file.
I grabbed that but i couldn’t just copy it to the home folder because zfs had remapped some of my folders one of which was my home folder. I didn’t know this and effectively I had just copied the config.xml to another spot on the pfsense drive. I noted this when I looked in my home folder only to find that file missing. I had copied it. So, I grabbed a flash drive, rebooted and remounted the pfsense zfs. This time I mounted the flash drive and copied to it. I ejected it and reinserted it and saw the config.xml was there. Then I went and reinstalled pfsense. No luck though because it stopped recognizing my second NIC. The one for the LAN. Nothing I could do would work. Ultimately I changed the ram in the computer. No luck. I changed the computer. No luck. I then got the idea to change the boot device. I reinstalled an most things started working again. My wireless now worked. Can you imagine that, I went though all that just to get my wireless working because pfsense had a problem with running off the drive I was using. It’s terrible. I spent so much time. And, I noted that a few other things worked. That LAN NIC worked again.
Remember, there’s no context in posts. Trying to read through posts, trying to figure out what the meaning of all these pfsense options, trying to figure out what would help resolve my issue was defeated. Every avenue I took led to more issues, and then more issues from that and more issues from that.
This is because the open source developers do not believe that they should have to spend any time giving you context about how their product works. They feel it is up to you to reverse engineer it. This impression is coming from someone with 20+ years of using open source. The problem with reverse engineering these products is that it creates noise on the internet. New versions have new problem and that means a ton of variation. The person answering questions on the internet may have a bad attitude and think you should be on your own and give shit answers thus causing more noise that you have to sift through to get your answer. Once you commit to a technology and you have spent years designing everything around it and then it fails that means that you have to try to put it back the way it was and those years that went by presents you with a whole slew of dilemmas. Those are that you can’t remember every consideration that you had to make putting it all together. Good luck getting the guy next to you to document properly. Good luck trying to consider every detail. Good luck trying to get people to comply with standards.
Until the developers of open source learn that it is important to make a good product rather than a product that works we’ll all have to suffer at their mercy. Frankly, if a developer receives any money in support of their work they should take at least some small percentage of their time talking with the community to describe the context of their product. What to consider at any given point. What a feature was intended to solve. This, is a must. It is a minimum. Otherwise the average person will never use or buy your product and the knowledgeable tech will never recommend it.