Joey

Goodbye pfSense, hello Untangle

After all my blogging about the wonders of pfSense, you’d think I’d stick with it…but I didn’t. Both my firewall and my mom’s have been moved to Untangle, and I regret neither. Now, don’t get me wrong – pfSense is still an EXCELLENT firewall that I thoroughly recommend for a number of reasons, which I’ll get to in a minute. However, Untangle works much better for my needs.

pfSense, pros:

  • much more lightweight
    • ’embedded’ version runs off USB flash drive.
    • faster startup time.
  • faster, more simplistic UI.
  • deals with multiple static IPs better.
  • actually taxing the CPU and RAM is a bit of a project.
  • great SIP support; generates OpenVPN files for Yealink VoIP phones directly.
  • BSD-based (generally considered a better router distribution than Linux due to better TCP/IP performance).
  • firewall rules and NAT translation can be “Linksys simple” or “Sonicwall complicated”, depending on what you need.
  • the only paid things are support and “supporter” subscription; all functions included regardless.

pfSense, cons:

  • UI can be a bit confusing.
  • plug-ins are inconsistent with their operation and UI.
  • ad-blocking is a pain, and requires manual updates.
  • adding multiple physical interfaces to the same LAN segment is handled by NAT rules.
  • I wasn’t able to get Squid to do much good with transparent caching.

Untangle, pros:

  • beautiful, intuitive user interface.
  • very simple ability to assign network interfaces to LAN segments; changing them is a drop-down.
  • great reporting features.
  • the free modules are excellent:
    • ad blocking is great, and auto updates.
    • single simplest OpenVPN implementation I’ve ever seen (for desktops and laptops, anyway).
    • even the free virus scanning and spam options are quite functional.

Untangle, cons:

  • paid plugins aren’t clearly labeled until you try to install them.
  • …also, there are paid plugins. While the home version is pretty cheap ($54/year for everything), it gets pretty expensive, pretty quick if you aren’t a ‘home user’.
  • the free web filter picks the ‘wrong’ categories, in my opinion – filtering porn and gambling is free, but malware and torrent filtering is paid??
  • the network configuration area could be organized a bit better.
  • significantly longer startup than pfSense, and requires hard drive.
  • in my particular circumstance, Untangle will only boot in ‘safe hardware’ mode. I’ve had no issues with it, but an Optiplex 755 is pretty standard hardware.
  • distro relies exclusively on NAT for firewalling by default, though to be fair, the firewall plugin is free.
  • no geo-ip blocking capabilities (beyond making firewall rules out of IP blocks).

 

So, there you have it. two great distros.

March 4, 2016 by Computers and Tech 0

Never get tech you can’t mod

I’ll flesh this out with more detail later, but the short version is that I bought a refurbed Linksys EA6900 for $89 at Microcenter – not bad for an AC1900 router, since the Tenda version is $99, and the name brand units tend to be $150-$300. Of course, Linksys still hasn’t learned to make firmware that doesn’t suck, and amongst the reasons this router was so cheap was the fact that it’s got a bootloader issue that caused issues for a lot of people – indeed, I was getting about 600KBytes/sec of throughput with it, which was a huge downgrade from my Asus RT-N56U. Turns out, some enterprising modders managed to patch the bootloader, and in a bizarre moment of win, managed to put the “Merlin” firmware on it, making it work very similar to the Asus unit I’d discarded. Well, that worked just fine for the 2.4GHz band, but not the 5GHz band, which would throw up no matter how I set it on my laptop. So, another firmware flash and minor reconfig later, and I have Tomato running on this router, which is faster than anything I’ve run before, has loads of wonderful features, and gives me the dual band functionality I need. I was hoping to get the WRT1900 in the box, but this unit with Tomato is most definitely a great piece of SOHO networking hardware.

Links and stuff to follow…

February 23, 2016 by Computers and Tech 0

…and you thought photography didn’t involve math

http://petapixel.com/2016/01/30/10-myths-about-the-rule-of-thirds/

 

A well written article arguing against the standard “rule of thirds” being the go-to standard for photographic composition, and instead arguing for things like “a Root 4 Rectangle with its Basic Armature (two diagonals, four reciprocals, horizontals and verticals)”.

My head is spinning, but it’s got lots of example shots that are excellent, and definitely worth the read.

February 1, 2016 by Microblog 2

Minor Differences

“Let it rain” is a common lyric in worship songs, where we petition the Lord to make His will known, and His blessings evident.

“Make it rain” is what rappers do in strip clubs to flaunt their wealth by quickly dispersing stacks of bills.

 

Words matter.

January 27, 2016 by Microblog Philosophy and Faith 0

“Because I Can” vs. “Because I Should”

A client at work had me build him a home media server. The client asked that I, specifically, build the server for him, and that it be a built machine, rather than a purchased one. Why? Because he knew that I’m the kind of person who still prefers a customized, built computer over an off-the-shelf Optiplex with a four terabyte hard drive hanging off the USB port…but then again, he’s the kind of chap who is just fine with spending four figures on a computer that doesn’t have a glowing fruit on it.

My boss and I have a different relationship with Sonicwall routers – he swears by them, and I swear at them. I’ve become a fan of pfSense as of late. It’s what lives at my house, and at least one of my dear readers also has one – not that she’s consciously aware of it in any meaningful sense, but that was one of its selling points. The problem with pfSense is that it’s generally intended for installation on one whatever hardware you’ve got lying around…which is nice for people like me who have old Optiplex desktops camping out doing nothing, but less of a bargain for people who would need to buy things.

I’ve got somewhere I may need to install a rack-mountable router, which has got me looking into doing a custom build for the project. I was happiest with a $600 build I spec’d out today on Newegg, but given that pfSense sells rack mountable, supported iterations of their firewall for $800, it’s not exactly a huge money saver in the context, and the money that’s saved is lost by the fact that their device takes 8 watts of power when running, whereas mine takes closer to 100W. On the flip side, mine was engineered for silence, there’s no way my build doesn’t run circles around them in raw performance, and it’s trivial(ish) to migrate between pfSense, Untangle, and Smoothwall with nothing more than an hour’s time and an external CD drive.

But there’s a reason I filed this under ‘Philosophy and Faith’, in addition to ‘Computers and Tech’ – I started to think beyond the build, and into the bigger questions involved. There was a scene on The Big Bang Theory several seasons back, where the guys were experimenting with home automation in a manner that involved sending a signal around the world to turn on a lamp. When Penny walks in and asks why they would do something that ridiculous with literally no advantage over a simple light switch, their answer, in unison, was “because we can”. They said it in such a matter-of-fact way that gave the sense that such an answer should have been as obvious to her as it was to them. Although I’ve never done that sort of project, I’ve got my own portfolio of things I’ve done under the heading “because I can” – I’d argue that “installing pfSense at home” would reasonably fall within that category, when there was nothing technically wrong with my Asus RT-N56U that’s still serving as an access point.

For an organization who will never need the gargantuan amount of throughput that will be happily shuffled around via pfSense on a custom build that’s at cost parity when power usage is factored in, why am I pursuing a custom build? Is it because I’m treating it like a grown-up Lego set? Is it because of a desire for the sense of personal investment? Is it because I prefer the responsibility of keeping hardware running over the perceived safety of having that task handled by a third party? Has my deep-rooted hatred for Sonicwall, combined with my luck-of-the-draw experience with calling tech support, given me the default stance of “I want something I can fix, because nobody else will”?

Or, maybe the fact that I refuse to be dependent on a third party is the reason I am good at what I do. Perhaps there is value in the de facto requirement that I alone be responsible for its upkeep. Maybe my sense of security comes from the fact that a showstopping problem on a custom built pfSense appliance could be rectified with a set of procedures that start with “install Untangle”, “install SmoothWall”, or “install Endian”.

Then again, perhaps “because I can” is a phrase that doesn’t make sense to most people, for the sole reason that, for the majority of people, “building a custom made router” is not a task that falls into that category.

January 21, 2016 by Computers and Tech Philosophy and Faith 0

Great AMA question

So, if you’ve never been to Reddit, they’ve got a section called “Ask Me Anything”, where someone qualifies themselves and then encourages responses (e.g. “I’m a nurse in an ER, AMA”). Plenty of people have participated – celebrities, politicians, armed forces veterans (some WWII guys have made it). The all-time most commented was the one from President Obama. There’s endless reading to be found there.

Well, the developers of Microsoft Excel did one back in November. Lots of great stuff in that thread, but my favorite was this one:

I sometimes accidentally open up Excel when attempting to open Eve Online, and I usually can’t even tell the difference for several hours. Thanks for the great clone/simulator for Eve Online!

My questions are:

Did you have any contact with CCP Games or the Eve Online team to help them develop their famed Massively Multiplayer Spreadsheet Simulator?

Is the move to subscription-based pricing in Office365 because of complaints by CCP that they didn’t want your software acting as a free clone/interface for Eve online?

Are there any plans to bring back one-time purchase? I always appreciated being able to play Eve/Excel whenever my subscription to CCP Games expired.

Are there any plans to port Excel/Eve to Xbox?

How did you manage to get around the extreme video card requirements that are required in Eve but not Excel? It is fantastic to be able to play it on netbooks and other lesser computers.

If this doesn’t make sense to you, then you’ve either got no sense of humor, or you’ve got some Googling to do…because that right there is FUNNY.

January 19, 2016 by Uncategorized 3

My first rant…

Whoever designed Sonicwall devices, and thought they were a good idea, needs to spend a year in Gitmo. After that, they need to go back to first grade for a year…but with an old-school Catholic nun with a ruler in her hand and a trigger finger. Once they graduate from first grade again, they must go back to high school for the math chapters in logic, they must join debate team (and win a championship somewhere), and they must go through Professor Maurer‘s critical thinking class. Then, they need to spend some time with the folks over at pfSense, taking copious notes on how to make a useful UI, and take every word they say as if it was spoken by God Himself. Then, and only then, will they be granted the privilege of being allowed to pay for their sins by rebuilding the Sonicwall UI, from the ground up.
The final test will be to give them a week to show their first grade class (now third graders) how to configure a Sonicwall. If they finish their tutorial, and not one of the students can figure it out, the process repeats again.

I have spent far too much time this weekend reconfiguring Sonicwall devices and it’s starting to get to me.

</rant>

January 18, 2016 by Computers and Tech Microblog 0

#ThrowbackFriday

Why thirteen-year-olds shouldn’t be allowed on the internet:

I NEED CHANNELWOOD HELP!!!!!

I STILL NEED CHANNELWOOD HELP!!!

And yes, that thirteen-year-old was me. This, dear readers (all four of you) was me, on Usenet, back in 1999. At the time, my dad and I shared an e-mail address, and Outlook Express for Windows 95 was also setup for Usenet access (thank you, Suffolkweb!), which helped me get through the game Myst. All caps, lots of exclamation points, and plenty of obnoxiousness in the posts. I was terrible at internet communication back then. Luckily, just a few things have changed…

Side note: if you’re going back in the Google Groups to the point where your browser crashes, check out the excellent NoScript plug-in for Chrome or Firefox. Google Groups will give static HTML links with zero window dressing, 20 at a time. You can jump ahead by tweaking the numbers in the address bar, as long as they’re exactly 20 apart. It’s ugly, but the ‘next’ buttons load *instantly*.

January 15, 2016 by Computers and Tech Microblog 0
x Powerful Protection for WordPress, from Shield Security
This Site Is Protected By
Shield Security