July, 2025 | David's Blog

pfSense 24.11 is not good

I had purchased the Netgate 3100 from the company because I thought that would get me the best compatibility and support. Well, an update was made available: 24.11-RELEASE (arm) and I made the mistake of applying it six days ago. My whole router/firewall has crashed thrice since then.

I’ve been pretty unhappy with Netgate for a while now, so a couple of days ago I pulled the trigger on purchasing a Protectli Vault V1210 Mini PC. I’ll install OPNsense on it and duplicate what I have in the Netgate. Then the Netgate 3100 will go to the landfill.

When I bought the Netgate appliance, I didn’t know about the shenanigans the Netgate owners were doing with their staff. I wish I had known that; I would have started with something other than Netgate.

In the Make Orwell Fiction Again category, I remember reading several articles about how the Netgate owners screwed a former employee, and it ended up in lawsuits. Those stories have now been memory holed. Sigh.

Later, I found a definite bug in their SMTP over TLS implementation, in the initialization routine. Mind you, I’ve been doing SMTP for more than twenty years. I know how to do SMTP via telnet, and can do really low-level commands with it. Everyone with that particular version of pfSense would be affected by not being able to do SMTP over TLS to an outside mail server because of this initialization bug.

I wrote up the bug with the steps to duplicate it, and I tried to submit it to Netgate technical support.

Their answer was “You don’t have a current support contract. Buy a support contract, and we’ll work on it.”

I am not paying you to fix your shit. You should be paying me for so clearly identifying where your software fell down.¹ The pfSense user interface under System > Advanced > Notifications has a checkbox to Enable SMTP over SSL/TLS. This should work, and it did not. I went through the steps at the command line level, and everything was there and workable. The certificates validated, and email flowed like it should – if I did it manually.

That they wanted me to pay them to fix their broken software is galling.

I do miss the days of Novell, where their published policy was “Yes, you need to pay to open a support ticket, but if this turns out to be our bug and not something you could have fixed on your own by RTFM², then we will refund you your money.” I think in the twenty years I was a GroupWise admin, almost every support ticket I opened with them ended up being zero cost for us. Once, the support technician said that yes, they had already known about the bug, but the Technical Information Document (TID) was only a day away from being published. Heh. If I’d waited a day, I could have RTFM’d the TID and not bothered with opening a ticket. Yes, he refunded us the support ticket cost. Sure enough, the next day the TID was published, with exactly the same steps the support technician walked me through to solve the problem.

I’m pretty sure it was an extra carriage-return character when calling OpenSSL. ↩︎
The Novell folk were always nice and polite, so in this case it is Friendly manual ↩︎

Jay Leno joke, today not funny

One of my favorite Jay Leno jokes revolves around Congress taking its annual recess. After they would do so, Jay would say “Congress has just begun its summer recess; the realm is safe, once again.”

It is quite funny, because it says Congress does more harm by being in session than not.

Today, however, with Speaker Johnson calling for a recess to avoid a vote on H.R. 581, tweaks the joke in a horrific way:

“Congress has just begun its 2025 summer recess; the pedophiles are safe, once again.”

I’ll note that my Congressman Vince Fong did not vote in favor of H.R. 185, nor has his office replied to my email and request for response.

I just sent a letter to my Congressman

Honorable Vince Fong,

I request that you support House Resolution 185 to advance responsible policies. This bill may also be known as the “Epstein Files Transparency Act”.

I am certain that you understand that the damage done to children who are raped is profound and lasts a lifetime. You seem to be someone of good character, so I think that you might agree that no amount of “the ends justify the means” can excuse away the horrific acts by Jeffrey Epstein, his clients, and collaborators. As someone who believes in the rule of law and the fundamental advantage that the USA has because our judicial system is not easily bought off, these perpetrators need to be brought to justice as proof that the system still works. I request that you publicly support this bill, that you vote in favor of this bill, and support your other members of Congress who also support this bill.

Thank you for your time and attention to this.

David Gerisch

That’s the letter I sent, via https://fong.house.gov/contact

One of the interesting things I’ve read was a question put to people who had experience in both the USA and in other countries. The question was “What is the biggest difference between your home country and the USA?” The answer was that the USA follows the rule of law more than other countries do. Here in the USA, we simply assume that the judiciary cannot be bought, and that is mostly true. In many other countries, it is far less true than what we have here in the USA. Someone cannot cheat their neighbor out of property or money and simply expect that a large bribe will make the judicial problem disappear. That doesn’t happen here (mostly), and if someone tried it, the newspapers, radio, and television would have a grand old time running the story. This is the primary reason I never want to see government subsidies for mass media: once the newspapers / radio / television got hooked on that government subsidy money, they’d be thrall.

Avoid Sugar Calendar for WordPress

It is buggy as hell, and support is ridiculous. The little 501_(c)(3) I volunteer with had to get a new calendar plugin in a hurry, and we went with this one, per my recommendation. As it turns out, it was a terrible choice.