[HN Gopher] PiVPN v4.6.0: The End
___________________________________________________________________
PiVPN v4.6.0: The End
Author : allanbreyes
Score : 126 points
Date : 2024-04-06 15:47 UTC (7 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| lukevp wrote:
| Crazy to abandon a 6.4k star project that presumably many people
| are actively using... I know maintenance of OSS projects can be
| burdensome but there's usually some in the community that are
| eager to chip in with PR reviews and handling issues. I'm
| surprised they aren't interested in pivoting the product in the
| same general direction but giving it some novel features or
| something.
| jprete wrote:
| After the sshd debacle, and in the context of GenAI becoming
| ever better at impersonation at scale, I don't think anyone
| working on a security-relevant project should simply hand off
| to an enthusiastic community member they don't know well.
| cocoa19 wrote:
| Do you remember when Raymond Hill ceded control of uBlock to
| another guy? This new guy started asking for donations (for
| himself) and then sold the project to AdBlock.
|
| That was truly disgusting.
|
| That's what prompted Raymond to create uBlock Origin.
| loloquwowndueo wrote:
| Why is it crazy? If it no longer aligns with the maintainer's
| interests or energy, doesn't provide compensation, he's within
| his right to archive it and move on. And people in the
| community can fork it if they need to.
| baq wrote:
| It's crazy to maintain such a project, shutting it down is the
| only sane option.
|
| Chapeau bas for keeping it going for so long. The internet of
| old was built by irrational hobbyists like these guys.
| ocdtrekkie wrote:
| My guess is they think the alternative already meets their
| needs. If someone else is already doing it better, why not just
| use that?
| codetrotter wrote:
| If it were me I would shut it down too after I no longer had
| energy to maintain it.
|
| Just handing responsibility over to someone else for something
| like a VPN project is definitely high risk.
|
| Remember the xz debacle last week? Same kind of people who
| backdoored xz would love to get maintainership of a VPN project
| for sure.
| oneplane wrote:
| This is the best way to conclude a project like this, I wish more
| clear cut "this is the end" choices were made. An ecosystem with
| zombie projects isn't healthy.
| stavros wrote:
| Why? I wish people would put their projects in something like
| https://www.codeshelter.co so anyone who's interested can
| maintain them, instead of just killing them.
| bornfreddy wrote:
| Do you, as the project maintainer and possibly even founder,
| trust these people?
| stavros wrote:
| The maintainers are vetted before joining, and are removed
| if they do something untoward, but when the choice is
| between killing the project or giving it to some random
| person, Code Shelter provides a better alternative.
| sthlmb wrote:
| What if they pass the joining process but then later
| sneak something in that goes undetected until things go
| boom? There are alternatives, you can fork the original
| project, and things will go on. As others have said too,
| you can just update the underlying software and there's a
| good chance that the wrapper itself will continue
| functioning, providing there are no giant breaking
| changes and by that point, a fork or alternative will
| likely have handled it.
| stavros wrote:
| What if there's no joining process, and they contact a
| maintainer directly, and peer pressure them to hand over
| the project, and the maintainer does, and then they sneak
| a backdoor in some binary test files?
| eropple wrote:
| That scenario is exactly what PiVPN is avoiding by
| refusing to nominate a new maintainer and telling
| interested parties to fork--so what is your actual and
| concrete objection?
|
| Fork the project. Earn your own trust.
| stavros wrote:
| > so what is your actual and concrete objection?
|
| This:
|
| > I wish people would put their projects in something
| like https://www.codeshelter.co so anyone who's
| interested can maintain them, instead of just killing
| them
| Narishma wrote:
| They can still fork the project and continue maintaining it
| if they want. Nobody's stopping them.
| reachableceo wrote:
| The project can be forked with a single click. That's the
| beauty of GitHub.
| Zambyte wrote:
| That's actually the beauty of git, and any other DVCSs.
| It's one click to "fork" with lots of other forges as well.
| eviks wrote:
| Where do you click second to make all the (dozens of)
| contributors even be aware of your first single click?
| BossingAround wrote:
| You can maintain it right now. Make a fork, and continue
| development. You might even get some shoutout from the
| original devs. It's all open source after all, making this
| repo read-only doesn't mean the project's dead if the
| community is vibrant enough.
| stavros wrote:
| The community matters. It's one thing to get control of the
| official websites, official packages, etc, and another to
| have to tell every single user "come use my fork".
| planb wrote:
| But this is dangerous. There are many ,,Jia Tans" out
| there who would love to continue maintenance of those
| projects with the full community.
| stavros wrote:
| Yeah, we always knew there were. Open source can't stop
| existing because there are bad actors.
| sevg wrote:
| So you're saying that if projects continue choosing to
| sunset without handing over the keys to the kingdom, open
| source will stop existing?
|
| This is simply not even close to true.
|
| Edit: I can't reply to your reply, so here will do.
| You've completely ignored my main point. I get that you
| want projects to pass on the torch, but saying open
| source will otherwise die is ridiculous.
| stavros wrote:
| "Continue choosing to sunset"? A large amount of projects
| _does not_ sunset, it gets passed on instead.
| wolverine876 wrote:
| There are accidents on the highway, planes crash, fires
| in buildings, etc. Let's reason about Jia Tan - a
| problem, not a danger to all of FOSS - not, like
| everything else these days, just embrace ignorant fears.
|
| It's cool to destroy social trust, to deny it and abandon
| it. The counterargument is right in front of your nose -
| the incredible, infinite, world-changing world of FOSS.
| Think of all those amazing projects, social trust working
| over and over and over.
|
| You're going to throw all that out over one guy? The only
| thing we have to fear is fear itself.
| planb wrote:
| This is not what I meant. But I prefer a fork of an
| abandoned project which needs to gain new trust to be
| installed instead of a new release pushed through an auto
| update after 3 years that installs malware.
|
| The parent comment was not about someone from the
| community taking over (which to be honest was the case in
| the xz story) but about posting the project on a
| ,,projects without maintenance" site for any random
| person to take control.
| bartonfink wrote:
| So you want someone else to run it so you can just be
| part of a community? Seems selfish.
| glitchcrab wrote:
| That's not what they meant at all, don't be obtuse. The
| community exists around the project (in this case the
| repo and associated website etc). If you fork it then you
| have to hope that the community follows you to your fork
| and that then everyone coalesces around it. This isn't
| guaranteed to work though, so passing the existing
| project onto a new maintainer is a much better way of
| retaining the existing community. That is what was meant
| when talking about the community.
| opello wrote:
| The earlier comment is concerned for the users being
| orphaned by the project they used. The project is
| concerned with protecting the trust the users placed in
| the project by using it.
|
| To trivialize the concern of the project seems worse
| because it prioritizes convenience in a particularly
| sticky area (security/privacy) as well as forcing a less
| informed choice on the user (who they are trusting).
|
| There's probably a nice parallel here where we consider
| the NRL's role in Tor and how FOSS practices, EFF
| funding, and transparency meant it preserved user trust.
| 8n4vidtmkvmk wrote:
| Isn't xz a prime example of why we don't just hand over the
| reigns anymore? Like the guy said, they can just fork it.
| prmoustache wrote:
| It is not killed, anyone can pull the repo and work on it.
| MuffinFlavored wrote:
| > I've been giving less and less attention to PiVPN, and the
| desire to keep up with it is no longer what it once was.
|
| I wonder if financial/monetary incentive would change this. I
| don't think it would personally (because putting a value on
| your free time/mental load/time you can spend with your loved
| ones doing something else away from the PC is precious)
|
| On the flip side... $500/mo? $1k/mo? $5k/mo? I'm sure most
| projects that go "defunct" open-source-free-no-financial-
| incentive-thanklessly-help-build-something could probably find
| "motivated maintainers" for $3k/mo on average? Internationally?
|
| Is the "capitalist" answer "this repo and all of its efforts
| are not worth $3k/mo to the open market"?
| DeathArrow wrote:
| Who will pay? For sure there are developers willing to take
| care of it if they are payed, but who is willing to pay them?
| powersnail wrote:
| A lot of these projects are made in people's leisure time,
| without profitability, for other fellow geeks, and the users
| also uses them in their hobbies. And as fellow geeks, we are
| more likely to be financially poised to be on the other side
| of the equation: getting paid to write code, rather than
| being able to pay a developer's wage, at least not in the
| long term, not in any maintainable manner. Can you afford to
| pay yourself 3k/month to maintain such a project, without any
| profitability, just for a hobby?
| Nullabillity wrote:
| You could probably get _someone_ , but would you get someone
| good (competent, trustworthy, etc)?
|
| Perhaps Jia Tan is looking for a new gig.
| ssl-3 wrote:
| >You could probably get someone, but would you get someone
| good (competent, trustworthy, etc)?
|
| The same could be asked of people who work on open projects
| for free, could it not?
|
| Is a financial reward (or lack of such reward), in and of
| itself, some sort of implicit indicator of the quality of
| the person putting forth the effort?
| Nullabillity wrote:
| > Is a financial reward (or lack of such reward), in and
| of itself, some sort of implicit indicator of the quality
| of the person putting forth the effort?
|
| It _is_ an implicit indicator of how much that person
| cares about the project.
| xyst wrote:
| Setting reminder to migrate rpi in closet off of pivpn.
|
| Might just setup a nixOS arm image with wg instead
| yokoprime wrote:
| Crap, i've been running pivpn as a LXC since its so light weight
| FerretFred wrote:
| That's such a shame - I've used PiVPN many times and it's just
| made life so straightforward. Big, BIG thanks to all involved,
| and you'll be missed!
| postpawl wrote:
| It's probably better to just use the wireguard docker container
| setup instructions now: https://github.com/linuxserver/docker-
| wireguard?tab=readme-o...
| unethical_ban wrote:
| Thanks to the maintainers of the project. It is a handy tool, a
| good wrapper around setting up simple wireguard quickly. And it
| pairs with pihole really well.
|
| I migrated to OPNSense for my DNS and I haven't needed VPN for a
| little bit. But I kind of disagree that there is no place for a
| simple CLI tool for wireguard user management.
|
| I was going to make a comment about how unreasonable it is to
| shut the project down instead of letting someone else take it
| over. But two things come to mind: First, yes, people can fork it
| and develop it on their own. Second, right after xz, maybe it
| would seem unwise to endorse a stranger taking over your security
| project.
|
| PS: PiVPN isn't wireguard itself. Assuming WG's command line
| doesn't change radically for a while, PiVPN is still completely
| usable and people don't need to rush to get off it.
| poisonborz wrote:
| Eh, I just wanted to migrate to this, a lot of threads recommend
| it as the best way to effortlessly set up Wireguard. WG-easy,
| Headscale have their own set of problems. I guess there will be
| forks.
| byteknight wrote:
| Shameless plug for an alternative?
|
| > WireHole is a combination of WireGuard, Pi-hole, and Unbound
| in a docker-compose project with the intent of enabling users
| to quickly and easily create a personally managed full or
| split-tunnel WireGuard VPN with ad blocking capabilities thanks
| to Pi-hole, and DNS caching, additional privacy options, and
| upstream providers via Unbound.
|
| https://github.com/IAmStoxe/wirehole
| pogue wrote:
| Sounds very cool, thanks for the recommendation! Lots of
| videos on YT with setup guides too!
| jimmyl02 wrote:
| curious to hear does anyone know what the mentioned alternatives
| are? a super simple to use wireguard control plane is super
| valuable and PiVPN seemed to fit that gap perfectly
|
| unfortunate that it's come to an end but it's nice to hear the
| maintainer moving on in such a positive way :)
| pogue wrote:
| https://news.ycombinator.com/item?id=39953873
| Havoc wrote:
| wg-easy comes to mind
| vundercind wrote:
| After meaning for _years_ to spend the 2-3 hours I'd need to
| set up wire guard and get all my devices on it that I'd want on
| it (it's a bit fiddly and time consuming, and inevitably with
| projects like that, there's some dumb problem that comes up
| that wastes a bunch of time) I just did the free tier of
| Tailscale.
|
| Server, two Apple TVs, a couple phones, a tablet, and a laptop
| all on it in like 15 minutes flat. With one of the Apple TVs
| configured to act as a gateway, too.
|
| Should've just done that to begin with.
| postpawl wrote:
| Docker-wireguard: https://github.com/linuxserver/docker-
| wireguard?tab=readme-o...
|
| You set the number of peers and it generates that number of
| folders with certificates and QR codes for you.
| Saris wrote:
| wg-easy is probably the easiest to use simple alternative I can
| think of.
| Hamuko wrote:
| Anyone got a recommendation for a router with Wireguard support
| baked in? I've been running PiVPN on a separate box but since I
| need a new router anyways and it's not going to be supported,
| that might be a viable replacement.
| gamesbrainiac wrote:
| GLiNet routers have that. So do the Asus ROG routers, but they
| don't have NAT acceleration.
| spr-alex wrote:
| You can give us a try, https://github.com/spr-networks/super,
| https://supernetworks.org/. Wireguard is well integrated. We
| also have a tailscale plugin, and more vpn plugins on the way
| opello wrote:
| Ubiquiti UDM-Pro has it, but I'm not sure how they're regarded
| in popular opinion these days. I've had good luck with
| everything but the PoE on mine, and they gave me a free
| injector to fix that.
| nickjj wrote:
| This really goes to show you how valuable a good experience / API
| is.
|
| PiVPN is so easy to use. You run 1 command and pass in the name
| of the config to generate and you're done. Now you can take that
| config and use it client side.
|
| I've used it on Debian servers (not a Raspberry Pi) and it's been
| flawless to onboard a bunch of folks into using a VPN (work
| related).
|
| IMO there's no way this project will fail, someone will fork it.
| Takennickname wrote:
| Literally installed it yesterday for the first time. Damn.
___________________________________________________________________
(page generated 2024-04-06 23:01 UTC)