PiVPN v4.6.0: The End(github.com) |
PiVPN v4.6.0: The End(github.com) |
They learned a good lesson from the liblzma situation.
PiVPN is so easy to use. You run 1 command and pass in the name of the config to generate and you're done. Now you can take that config and use it client side.
I've used it on Debian servers (not a Raspberry Pi) and it's been flawless to onboard a bunch of folks into using a VPN (work related).
IMO there's no way this project will fail, someone will fork it.
unfortunate that it's come to an end but it's nice to hear the maintainer moving on in such a positive way :)
Server, two Apple TVs, a couple phones, a tablet, and a laptop all on it in like 15 minutes flat. With one of the Apple TVs configured to act as a gateway, too.
Should’ve just done that to begin with.
You set the number of peers and it generates that number of folders with certificates and QR codes for you.
Might just setup a nixOS arm image with wg instead
I migrated to OPNSense for my DNS and I haven't needed VPN for a little bit. But I kind of disagree that there is no place for a simple CLI tool for wireguard user management.
I was going to make a comment about how unreasonable it is to shut the project down instead of letting someone else take it over. But two things come to mind: First, yes, people can fork it and develop it on their own. Second, right after xz, maybe it would seem unwise to endorse a stranger taking over your security project.
PS: PiVPN isn't wireguard itself. Assuming WG's command line doesn't change radically for a while, PiVPN is still completely usable and people don't need to rush to get off it.
Eventually we ended up building a custom Raspberry Pi image.
Perhaps overkill but have been running this for many years with zero issues. It does everything though so configuration/setup can take a bit of time.
> WireHole is a combination of WireGuard, Pi-hole, and Unbound in a docker-compose project with the intent of enabling users to quickly and easily create a personally managed full or split-tunnel WireGuard VPN with ad blocking capabilities thanks to Pi-hole, and DNS caching, additional privacy options, and upstream providers via Unbound.
That was truly disgusting.
That’s what prompted Raymond to create uBlock Origin.
Just handing responsibility over to someone else for something like a VPN project is definitely high risk.
Remember the xz debacle last week? Same kind of people who backdoored xz would love to get maintainership of a VPN project for sure.
Chapeau bas for keeping it going for so long. The internet of old was built by irrational hobbyists like these guys.
I wonder if financial/monetary incentive would change this. I don't think it would personally (because putting a value on your free time/mental load/time you can spend with your loved ones doing something else away from the PC is precious)
On the flip side... $500/mo? $1k/mo? $5k/mo? I'm sure most projects that go "defunct" open-source-free-no-financial-incentive-thanklessly-help-build-something could probably find "motivated maintainers" for $3k/mo on average? Internationally?
Is the "capitalist" answer "this repo and all of its efforts are not worth $3k/mo to the open market"?
Perhaps Jia Tan is looking for a new gig.
The same could be asked of people who work on open projects for free, could it not?
Is a financial reward (or lack of such reward), in and of itself, some sort of implicit indicator of the quality of the person putting forth the effort?
It is an implicit indicator of how much that person cares about the project.
I don't think we need to make a study of it to be sure that GitHub and Sourceforge are rife with free software ("free" in terms of beer, and in libre, and also in compensation) in various states of incompletion, haphazard execution, and sheer abandonment.
I mean: The open-source community has certainly produced a ton of excellent software for free, but it has also produced (and published) a lot of false starts, loose ends, broken or forgotten code, and unfinished or unpolished work.
Open-source volunteerism is awesome, but it isn't all ponies and rainbows.
Perhaps the author(s) of some of these things might care more about finishing and maintaining them if their ongoing efforts were producing a meaningful amount of money as a reward.
When working for free on my hobby projects, I do my absolute best. Now try to pay me $3.50 per hour for similar work (strictly +Infinity% more than before!), I'll probably flat out refuse / won't focus on it as much.
It's cool to destroy social trust, to deny it and abandon it. The counterargument is right in front of your nose - the incredible, infinite, world-changing world of FOSS. Think of all those amazing projects, social trust working over and over and over.
You're going to throw all that out over one guy? The only thing we have to fear is fear itself.
> "But I want and can maintain it, can I take it over?" Let me put it plain and simple: No! I don't know you, I don't trust you! Fork it and carry on!
For something security critical like VPN, ownership change is a big deal. Users trust project's reputation. So if there is not a a trusted successor, shutting it down is way better that giving it up to unknown people.
Have you looked at the average state of commercial software lately?
Does any of this somehow mean that a financial incentive must make free (beer and libre) software worse?
If so, why and how?
It does not to follow, for me, that rewarding software authors with money must make things worse.
I've personally put a fair amount of money into various tip jars for free software authors who create stuff that is important to me. There is no part of me that thinks that me doing this somehow disincentivizes them from continuing to do outstanding work.
To trivialize the concern of the project seems worse because it prioritizes convenience in a particularly sticky area (security/privacy) as well as forcing a less informed choice on the user (who they are trusting).
There's probably a nice parallel here where we consider the NRL's role in Tor and how FOSS practices, EFF funding, and transparency meant it preserved user trust.
This is simply not even close to true.
Edit: I can't reply to your reply, so here will do. You've completely ignored my main point. I get that you want projects to pass on the torch, but saying open source will otherwise die is ridiculous.
The parent comment was not about someone from the community taking over (which to be honest was the case in the xz story) but about posting the project on a „projects without maintenance“ site for any random person to take control.
Fork the project. Earn your own trust.
This:
> I wish people would put their projects in something like https://www.codeshelter.co so anyone who's interested can maintain them, instead of just killing them
Forking the project and earning your own trust really is the safe path forward.