I agree on principal, but I often find that the GUI abstractions don't always map to the linux tooling/terminology/concepts, which often ends with a head bashing against the wall thinking "this is linux, I know it can do it, and I can do it by hand, but what is this GUI trying to conceptualize?!?!"
I was recently introduced to a Barracuda router, and bashed my head against the wall long enough to discover it had an ssh interface, and linux userland, and was able to solve my immediate problem by directly entering the commands to get it to [temporarily] do what I needed. (Of course, using the GUI to reapply settings wiped my manual configuration...)
I've used pfsense, OpenWRT, Barracuda, Verizon's OEM router (Actiontec) and they all represent the same functionality wildly differently.
> I've used pfsense, OpenWRT, Barracuda, Verizon's OEM router (Actiontec) and they all represent the same functionality wildly differently.
Worth noting that pfSense (and OPNsense) are not Linux-based, they're based on BSD, specifically FreeBSD. While it's possible to have standard router OS web UIs that are cross platform, the underlying technology is different, so it's not really a surprise that there will be differences in how the devices running these OSes are configured.
The primary reason I stick to iptables instead of nft is that I already learned iptables decades ago, and some software I interact with still defaults to iptables and/or does not have full support for nft.
Why do you doubt the sanity of people sticking to iptables? What makes nft compelling?
My main reason is that nft applies configs atomically. It also has very good tracing/debugging features for figuring out how and why things aren't working as expected.
That said, I think many distros are shipping `iptables` as the wrapper/compatibility layer over nft now anyways.
Are they? I recently had to learn nftables and they seem to be iptables but with a slightly nicer syntax and without pre-defined chains. But otherwise, nftables directly maps to iptables and neither of them seem similar to pf.
I guess I'm different. I typically want my router/firewall/network services box to Just Work. I've made a career in deep-in-the-weeds system administration and engineering. Having to hunt down man pages, examples, tutorials, etc for the dozen or so fiddly bits make up a modern Linux- (or BSD-) based router was fun the first time, not so much the 10th. Been there, done that, got the t-shirt.
I will concede that the OpnSense UI is far from perfect. I would really like to see a device-centric view that lets me set all the things related to that device from one screen (or possibly one screen with multiple tabs). For example, if I add a Roku device to my network, I want to enter in the MAC address and then be taken to a screen where it will let me set the hostname, pick a static IP address, hand it a specific DNS resolver IP, see all of the traffic going to/from the device, only allow it access to the Internet between during certain hours, etc. All of this currently requires jumping around between multiple disconnected parts of the OpnSense UI.
I feel almost exactly the same as you on the subject. When I was young and starry eyed I built my own router out of a PC running openBSD, all by hand. Nice learning experience, interesting OS, but definitely not maintenance free especially around system updates as back then openBSD packages and sys upgrades required recompiling everything. Now I do the same mini-PC thing as the OP's article but I just put OpnSense on it. Agree the UI can be maddening at times but the thing is rock solid, and has very polished update and upgrade mechanisms. Built-ins/plugins are great - unbound, wireguard, openvpn suricata, backups to git etc. Also I like that it is BSD based, my network experience was learned on Cisco's and Junipers in an ISP setting and Linux networking has always driven me crazy
I've been running OpenBSD as a router for almost 20 years I think? These days, the only ongoing maintenance it requires of me is running `syspatch` and `pkg_add -u` periodically to keep things up-to-date, and then `sysupgrade` when a new release comes around. It's way more hassle-free than in the old days.
I had a similar experience with FreeNAS (now called TrueNAS): I'm sure it's great for some people, but I ended up fighting the abstraction layer way more than I benefited from it. I personally found it easier to just run Samba on plain FreeBSD/OpenZFS.
I LOVED the TI calc forums. I got my hands on enough parts (and went to radio shack to get the rest) to make my own cable from the parallel port to the 2.5mm jack they had back then.
I'm still amazed they cost as much now, as they did 30 years ago, but if you just realize you're buying a license for decent computer algebra system (CAS), at least in the ti-85/89/etc models, it kinda makes sense.
It's an unbelievably thin stranded wire, but the wires are coated so they can be in contact with each other without shorting. It's all twisted around a thin thread of cotton or nylon to add strength, then then encased in it's sheath.
The trick is to gently scrape the stranded wire with a blade for the solder to stick and to make a good connection.
I'm on Debian bookworm, and a screenshot is one Meta-Shift-S -- I just highlight the region I want to capture, and I get a dialog prompting me to (with one click) copy to clipboard, save to file, or annotate. There's a handful of out-of-the-way options as well, depending on what exactly you want to do. What's --- so abominable about that?
I would be very annoyed if every screenshot I took was saved. I often take dozens of screenshots per day, and I save one maybe once a month. That means my screenshots folder only has meaningful entries. If everything was saved, I'd have to clean it up all the time.
There might be a small misunderstanding regarding the "dialog". Once you've selected an area you're shown the outlines & can still modify them, and the buttons (Accept (for further editing in Spectacle), Save, Save As, Copy, Export) are shown below those outlines.
This approach seems objectively superior to your suggestion.
The meaningful entries get named for later searching while the rest are kept as my computer's little photo journal or something. Comes in handy a few times a year.
> If anything, that's not a typical user user case by far.
The scale may not be typical, but the pattern (many more screenshots copied to clipboard than saved as a file) is something I see across all kinds of users around me, be they technical or even very much non-technical.
Let's not turn the defaults into "The Homer", okay? Allowing the user to choose their preferred action in the same step as allowing them to change the outline doesn't make things unnecessarily confusing, doesn't add unnecessary clicks, or anything else.
It does. If you paste (to slack, email, whatever) after taking a screenshot on Gnome, you will attach your screenshot. It is also saved on ~/Pictures/Screenshots.
If Gnome made their screenshot feature an app then it would be possible to just use it on any other desktop too, as is usually a strength of Linux. And it would then also be possible to add it to Gnome's dock, which wasn't doable last time I checked.
I was recently introduced to a Barracuda router, and bashed my head against the wall long enough to discover it had an ssh interface, and linux userland, and was able to solve my immediate problem by directly entering the commands to get it to [temporarily] do what I needed. (Of course, using the GUI to reapply settings wiped my manual configuration...)
I've used pfsense, OpenWRT, Barracuda, Verizon's OEM router (Actiontec) and they all represent the same functionality wildly differently.
reply