Forgot your password?
typodupeerror
Bug IT Technology

Massive VMware Bug Shuts Systems Down 410

Posted by CmdrTaco
from the at-least-it-only-shut-down-the-virtual-ones dept.
mattmarlowe writes "Imagine if Red Hat released a version of Linux, and after it was deployed, customers noticed that any processes with a start date of today would refuse to run? Well, that's what happened to VMware — a company that wants nearly all server applications running in virtual machines within a matter of years." Supposedly a fix will be available ... in 36 hours.
This discussion has been archived. No new comments can be posted.

Massive VMware Bug Shuts Systems Down

Comments Filter:
  • by bigtallmofo (695287) * on Tuesday August 12, 2008 @09:50AM (#24567561)
    I don't get license management measures in software that is only going to be used by major corporations.

    If someone wants to run virtual machines at home or in a small business, they're likely going to be more than satisfied with VMWare Virtual Server (formerly GSX) and wouldn't even consider the much more complex ESX.

    In a major corporation, fear of massive fines and prosecution is enough to stop them from pirating your software. Hardware dongles, software license managers and the like only hurt your paying customers.
    • by db32 (862117) on Tuesday August 12, 2008 @09:55AM (#24567659) Journal
      Exactly. It is a tremendous pain in the ass to track all the stupid license keys and crap in use. Departments frequently need software specific to only their department and outside the scope of normal IT support stuff. Phone numbers, licenses, etc. God forbid any of those companies get purchased or go under, then you are stuck with expensive software that you cannot recover.

      The call home variety is extremely infuriating. On top of whatever nonsense key/activation crap you have to go through, you have to put up with it trying to call home or deactivating itself. MS isn't the only guilty party in this, but those bastards certainly made the situation much worse.
      • by rudeboy1 (516023) on Tuesday August 12, 2008 @10:06AM (#24567837)

        Good god do I hear you, brother. I work IT for a legal firm. So many little apps no one else in IT has ever even heard of. And most of them, you're talking to the same guy for support that developed it, and filled the sales order. Out of his basement or garage. Multi-million dollar a year law firm, and it can be brought to its knees if one of our obscure applications goes down and needs support, and the one guy that can support it is out taking his kids to soccer practice.

        I'm looking at you North Winds Software. I'll BUY a support contract! If you offered such a thing. If you answered the phone.

        I need to go back to bed. :(

        • by Gordonjcp (186804) on Tuesday August 12, 2008 @10:23AM (#24568129) Homepage

          I'm looking at you North Winds Software. I'll BUY a support contract! If you offered such a thing. If you answered the phone.

          There's an Ask Slashdot for you. Is there something out there that can replace this magic bit of software? Is anyone interested in writing an Open-Source equivalent?

          • by drachenstern (160456) <drachenstern@gmail.com> on Tuesday August 12, 2008 @10:59AM (#24568763) Journal

            The more important variant of that question is does the parent want to share enough of the details of operation (clean room style) to get someone to want to write an OS equiv.

            Don't misunderstand me, I like to write code, but if I don't know what the hole looks like, I can't carve a peg to fit it...

            • Re: (Score:3, Insightful)

              by beckerist (985855)
              Understandably extremely specialized software might not be worth writing (entering a niche market with no income is business suicide) but if the software is general enough, usually a good tour of the interface is enough to get a project kickstarted.

              I'm sure the devs didn't need to see the source to Winamp* before writing XMMS**.

              *[insert proprietary software here]
              **[insert open source equivalent here]
              • Re: (Score:3, Insightful)

                by lukas84 (912874)

                Add to the fact that this sort of business software is usually extremely boring to write and develop, and requires much more process knowledge than programming knowledge.

            • by IntlHarvester (11985) on Tuesday August 12, 2008 @01:34PM (#24571251) Journal

              The problem is that every industry has a few of these super-specialized vertical apps that come from one-guy software companies. Most of them are fairly simplistic Access/FoxPro type things, the hard part was implementing all of the business rules.

              I've worked with a few companies that recreated their software package in-house (because they needed specific customization the author wouldn't provide), and it's never as cheap or easy as it might seem superficially.

            • Bad company (Score:3, Funny)

              by PingPongBoy (303994)

              but if I don't know what the hole looks like, I can't carve a peg to fit it

              There are some I know who will put their pegs into any hole

          • Re: (Score:3, Interesting)

            by adisakp (705706)
            There's an Ask Slashdot for you. Is there something out there that can replace this magic bit of software? Is anyone interested in writing an Open-Source equivalent?

            No there aren't any. Question answered, no need for an "Ask Slashdot"

            Slashdot geeks get excited about writing OSS to be used by first of all themselves, then other geeks, then artistic or creative types.

            Writing free software primarily to be used by what the original poster said is (scum-sucking implied) lawyers at his multimillion-dollar
            • Re: (Score:3, Insightful)

              by the_womble (580291)

              Slashdot geeks get excited about writing OSS to be used by first of all themselves, then other geeks, then artistic or creative types.

              I am pretty sure that some of them would get excited about writing software that would allow them to sell support contracts to rich lawyers...

            • Re: (Score:3, Insightful)

              by TheRaven64 (641858)
              Free Software does not have to be community developed. I'm sure there are a lot of people on Slashdot who would be interested in bidding for a contract to write a replacement for the buggy piece of software and provide the source to the lawyers under a license of their choice, complete with full documentation of the source so someone else could maintain it if required.
          • by rudeboy1 (516023)

            Wow... Lot of comments. Shouldn't have stepped away from /. for so long.

            The problem isn't if there is a program out there better suited to the task. The problem is I'm a low man on a large IT team, and this is the software that has been chosen. Period. No amount of logic will persuade them to pick a different vendor, now that it has been implemented to some 800 users. Yes, my boss has pointy hair. If there is any Ask Slashdot question due, it is "Is anyone hiring?" I'm tasked with keeping this progr

        • by swabeui (1291044) on Tuesday August 12, 2008 @10:59AM (#24568773)

          I'm looking at you North Winds Software. I'll BUY a support contract! If you offered such a thing. If you answered the phone.

          North Winds Software? Just a WILD guess... is this 'software' based on MS Access? I wonder where they got the company name from...

          • Sounds Like It.... (Score:3, Interesting)

            by maz2331 (1104901)

            but...

            If you actually know what you are doing, Access is actually a pretty good development platform. It really is what VB should have been all along. Doing it correctly isn't for the faint of heart nor the inexperienced "guy who knows computers in the department" developer though. It's a LOT of work.

            The biggest issue is that MS markets it as a database app, not a dev platform.

            But there are some caveats to its use.

            1. Never bind controls that can be edited to any datasource. Sorry, but you really need to

        • by tsstahl (812393) on Tuesday August 12, 2008 @11:45AM (#24569575)

          I'm looking at you North Winds Software. I'll BUY a support contract! If you offered such a thing. If you answered the phone.

          Um, isn't North Winds the name of the company that comes with the sample Access database? They're not real, you know... ;)

        • by Anonymous Coward on Tuesday August 12, 2008 @01:21PM (#24571055)

          I'm on the other side of the divide---a tiny company that's not too much more than a guy in his garage (just a few of us), and frankly, I agree with you. I'm astonished at the way we do things, even though we sell to huge firms (including big law firms, like yours). Part of it is just size---we don't have the people or skills to do all the safety, security and support steps a big corporation would. Still, freaks me out that the crap I wrote is out there being used to do important things by important people who don't realize how dumb the guy who wrote their software actually is.

      • Re: (Score:3, Interesting)

        by Bert64 (520050)

        It's a typical case of companies shooting themselves in the foot.
        Freely available software is already compelling enough and gradually taking over many markets, adding additional artificial costs just serves to make the free/oss option even more attractive.

        • by db32 (862117) on Tuesday August 12, 2008 @10:48AM (#24568573) Journal
          There is a WIDE WIDE range of things that don't exist in the F/OSS world yet. The killer problem seems to be inherent in the way F/OSS works. Industry specific things frequently don't happen unless people from that industry also happen to be coders. Outside of the inherent difficulty in writing software for an industry you don't understand, most geeks don't bother to learn about other industries and instead assume that they should all operate the same way IT does.
        • Re: (Score:3, Interesting)

          by Anonymous Coward

          Free software can get companies shut down, and corporate officers put in prison, due to Sarbanes-Oxley or HIPAA law violations.

          One example. I have two operating systems. One is a F/OSS distribution of Linux. The other is Windows or a FIPS certified Linux distribution like SUSE or RedHat. This is a company that is publically traded, so falls under Sarbox.

          Someone penetrates the machine via a bug in the OS and causes damage, or obtains info. With Windows, or a certified OS, I can tell the auditors that th

    • by morgan_greywolf (835522) * on Tuesday August 12, 2008 @10:01AM (#24567735) Homepage Journal

      Exactly. Most large companies usually have an entire person, and sometimes multiple people dedicated to nothing but license management.

      What a colossal waste of money.

    • by shawn(at)fsu (447153) on Tuesday August 12, 2008 @10:05AM (#24567801) Homepage

      I really don't think the fines would keep large corporations in line. look at all the stuff you see big business doing that they know is illegal and that they know will land them big fines if they get caught. Software piracy is no different. In fact it's probably easier to use a pirated piece of software than it is to dump illegal chemicals or defraud investors. You can manage the exposer.

      • Re: (Score:3, Informative)

        by Cyberax (705495)

        LARGE corporations usually just buy site licenses. It's easier for them this way.

      • > Software piracy is no different.

        Yes it is. The returns are miniscule.

      • Re: (Score:2, Interesting)

        by kungfugleek (1314949)
        Maybe it's easier to get away with dumping chemicals and defrauding investors because of the numbers and motives of the people involved:
        • Defrauding investors only involves the highest level executives, and they keep that kind of thing pretty secret.
        • Dumping chemicals isn't watched as carefully as Windows licenses (for an example) and I doubt the ones who order it or the ones doing it are motivated to talk about it.

        In the case of pirated software, especially something widely used in the company, there wo

      • by afabbro (33948)

        I really don't think the fines would keep large corporations in line.

        And yet, it does. Of all the Fortune 500 companies in which I've worked, I never saw any piracy. The risk/reward is too out of whack for big companies to consider it. Sure, you get some guy in the PC support department who burns himself a copy of Microsoft Office for home or something - that is unavoidable - but I never saw any piracy in companies.

      • by fr175 (999487) on Tuesday August 12, 2008 @11:14AM (#24569021)

        I really don't think the fines would keep large corporations in line. look at all the stuff you see big business doing that they know is illegal and that they know will land them big fines if they get caught. Software piracy is no different. In fact it's probably easier to use a pirated piece of software than it is to dump illegal chemicals or defraud investors. You can manage the exposer.

        Having acted in an advising capacity on a software license management project currently underway at one of the worlds largest financial institutions (400k employees), I disagree. Purchased software is an asset on the books and needs to be tracked. Pirated software is a risk and even the largest companies will occasionally be brought to court for "over implementation."

        The main hurdle with Software Asset Management (SAM) is the complexity of the licenses involved, and the multitude of way in which it can be obtained. Some examples: is the license perpetual or subscription based; is it a "named user" license or is it assigned to the org; does it include maintenance (upgrade rights); if it includes maintenance is the maint co-termed with the other licenses that the org owns; if it includes maintenance, what was the most current version at the time the maintenance expired; does the current version allow for "downgrades" and how many version prior can be downgraded; what previous versions qualify for an upgrade license and which would need a full new version; can the licenses be transferred within the org; can they be transferred globally; does the license allow for home use; does the license allow for portable device use; just to name a few.

        If large corporations were willing pirates, you would not see them making their annual multi-million dollar payments to Microsoft for their Enterprise Agreements. You wouldn't see them spending millions on risk management/mitigation consultants or conducting their own software audits. There are people out there getting paid piles of cash to implement a working SAM system.

        It's unavoidable that a large corporation will be under-licensed. However, they spend big bucks to mitigate the risk that this opens them up to.

    • by _merlin (160982) on Tuesday August 12, 2008 @10:21AM (#24568075) Homepage Journal

      Having administered ESX, I can say the license management is useful for one thing: it helps you ensure you aren't exceeding what you're licensed for. For example, if you aren't licensed for multi-processor boxes, it will complain until you get a valid license. If nothing else, it gives you some confidence that you will pass an audit.

      License management is also useful for things like MATLAB and OPNET that are licensed per concurrent user: you can install on as many machines as you like, but they need to be able to talk to your license server (not that this is _your_ license server on your network - it isn't "calling home") to ensure that the number of concurrent users is below the maximum allowed. That way, if say, everyone needs to be able to run OPNET occasionally, but not very often, everyone can install it, but you only need to pay for a few licenses. You know you aren't exceeding your licenses because it won't let you launch more instances than you're allowed simultaneously. If your users regularly complain that they can't fire up OPNET due to lack of licenses, you pay for a few more seats.

      On the other hand, I can't stand software that calls home to ensure that it's "genuine" a la Windows Vista, or those stupid CD copy protection schemes. That's bullshit. Things like that make more work for a sysadmin, not less. I only like license management when it helps me, the admin; I don't care what it does or doesn't do for the software vendor. I'm a selfish pig, I know.

      Another thing I can't stand is things like Rational Purify where they attempt to count your "activations" at their end: when you install Purify, it increases the installed count in IBM's system, and decreases it when you uninstall. If the IBM server thinks you're using all your licenses, you can't install. Too bad people always forget to uninstall Purify before wiping their computers for a clean OS install (or scrapping the computers)! And don't get me started on how bad it is to deal with IBM's phone support. This is one copy protection scheme that I do bypass: I install Purify in a VMware virtual machine, snapshot it, uninstall Purify, and roll the virtual machine back to the snapshot. That way, Purify will work in the virtual machine, but IBM's servers will think I haven't used any of my licenses. Also, I can make copies of the virtual machine for multiple people to use. It's easier for me to track the licences than put up with a crap license management scheme.

      • Re: (Score:3, Interesting)

        by Bert64 (520050)

        But then if your license server is down the software won't run, creating an artificial and unnecessary dependency. Similarly if people leave it running they can denial of service other users.

        Plus you have the additional unnecessary cost of the license server, the hardware it runs on, the os it runs on (assuming its not free), the power it consumes and the time required to keep it running and updated.

        License management doesn't help you, it hinders you... If you use software where the license says you can ins

        • Re: (Score:3, Informative)

          by aix tom (902140)

          I would count those software using "license servers" that check on startup and then deny startup of the application into the "license enforcement" category, not in the "license management" category.

          On the other hand, we have one special software that doesn't enforce any license checks during runtime, but offers a "license audit" tool that outputs your concurrent users, maximum users, etc.. during a specific time period. That way you can check easily if you have enough licenses every now and then. And there

      • Having administered ESX, I can say the license management is useful for one thing: it helps you ensure you aren't exceeding what you're licensed for. For example, if you aren't licensed for multi-processor boxes, it will complain until you get a valid license.

        The fact that people think crap like that is normal, and even helpful, is why I'm a Free Software pragmatist.

    • by supersnail (106701) on Tuesday August 12, 2008 @10:22AM (#24568097)

      Actually its quite a common policy in MegaCorps to reject software that require machine specific or expiring license keys for use in "Mission Critical" applications.

      The backup server not having the correct licenses is one of the biggest risks in a Disaster Recovery.

      Migration to newer better hardware also becomes a nightmare where license keys are involved -- what do you mean the new server doesnt have centronics port for the dongle?

      Its also screws up the companys virtualisation strategy as you have no idea whether a given license scheme will work in inside a VM or not.

      Do like the Fortune 500 and just say no to runtime licenses.
             

    • by Len (89493)

      In a major corporation, fear of massive fines and prosecution is enough to stop them from pirating your software.

      Sadly, not true in the real world, as my company has discovered on more than one occasion.

    • by Skjellifetti (561341) on Tuesday August 12, 2008 @11:40AM (#24569465) Journal
      In a major corporation, fear of massive fines and prosecution is enough to stop them from pirating your software.

      Not true. I worked for a smallish software companies that had their software replicated in at least one large customer installation well beyond the number of seats that were actually paid for. When confronted, the reaction was "so sue us..." We eventually settled for about 1/10 of what we would have made if they had obeyed the license terms because the cost of litigation coupled with the delay tactics they could have used would have meant that we would be out of business long before the court case was over. Size just means that they have more resources to defend their slimy actions.
      • Re: (Score:3, Insightful)

        by Angostura (703910)

        Not worth suing. Quite possibly worth giving as a juicy story to your favourite journalist.

  • by oldspewey (1303305) on Tuesday August 12, 2008 @09:51AM (#24567591)

    any processes with a start date of today would refuse to run? Supposedly a fix will be available... in 36 hours.

    Good thing the fix will be available tomorrow, because if it was available today nobody would be able to run the update process

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      There probably is no "fix" they are just waiting for the problem to go away

      I can just see the programmers reaction when he sees the bug report.

      "so the process wont start if it has todays date? hmm.." he then proceeds to set the target date for tomorrow and takes the day off

  • by larry bagina (561269) on Tuesday August 12, 2008 @09:52AM (#24567611) Journal
    Who knows what else is lurking in their code base? Certainly not me or you -- we can't see it. We're at their mercy to find and fix problems.

    I stick to virtualbox. I'm not going to pretend I've audited the source code, but if I need to, I can.

    Say YES to freedom.

    • by Anonymous Coward on Tuesday August 12, 2008 @10:00AM (#24567721)

      Then give me USB support in VirtualBox. Cause I kinda need that the most.

      • Re: (Score:3, Funny)

        by mweather (1089505)
        My office super glued all the USB ports shut, so that's not really a consideration.
      • Re: (Score:3, Insightful)

        by tlacuache (768218)
        I've heard people say this, and I'm honestly curious... what exactly do you need USB for in your virtual machines? Printing? Webcam? I use VirtualBox basically so I can run a few Windows-only apps. For copying files between the host and the guest I use SCP. I print over the network. I'm not trolling, I'm honestly curious. What USB hardware do you need in your VMs?
        • by ray-auch (454705) on Tuesday August 12, 2008 @10:19AM (#24568039)

          USB license dongle for the application software running on the VM.

          Seriously. Last week.

        • by baadger (764884)

          For me it is webcam/video messaging.

          My webcam is supported through a shoddy out of tree kernel driver that produces unusable images with terrible picture quality.

        • by LWATCDR (28044)

          In the industry I am in there is a lot of hardware devices that you must use and some of those use USB.
          I have some users that want to use a Mac and run our Windows software in a VM and use those devices.

          I admit that it is rare but there are people that use industry specific hardware and the newer stuff uses USB.

        • Re: (Score:2, Insightful)

          by ReiDragon (1018072)
          The printer drivers for my vista machine at home are absolutely horrid (They're beta drivers that can only print text with any quality) and I use a VM with usb support to print out of XP to get the photo quality prints.
        • by laffer1 (701823)

          We need to use USB devices in Windows XP in our computer labs at work. In our case, we're using Mac OS X so using parallels or vmware is the easiest solution. Unfortunately, half of the devices cause kernel panics. If that weren't the case, we would not need to use boot camp and it would indeed make our lives easier. Only one or two classes need Windows for anything.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        They're working on it. Apparently there is a major release due in a few weeks. Not sure when, but maybe before October?

        http://forums.virtualbox.org/viewtopic.php?t=8528

      • it has USB support (Score:2, Informative)

        by reaktor (949798)
        Virtualbox has USB support...
        • Re: (Score:2, Insightful)

          by wift (164108)

          Maybe stable support then. Each time I try adding a usb device virtualbox throws up it's hands and gives me an error.

        • by DrYak (748999) on Tuesday August 12, 2008 @11:38AM (#24569435) Homepage

          Support for USB, iSCSI and RDP (along with USB-over-RDP) are only available in the closed source variants of VirtualBox.
          The opensource edition of Virtual Box doesn't have them.

          Also the USB support may lock the system when in fast emulation/patching/ring-2 mode, and only works flawlessly when using the slower mode with virtualisation CPU extensions (my brother tried using it to get old USB hardware accessible when moving to Vista 64 but since then he ended up buying newer hardware)

      • by SQLGuru (980662) on Tuesday August 12, 2008 @11:20AM (#24569111) Journal

        I'd rather have better video support than USB support so that you play games in a virtual machine (and by games, I mean games beyond 2D games from the early 90's). If a virtual machine would support something like DirectX or OpenGL so that I could have the kids running their games in a virtual machine (and being able to install them, etc.) I would have them set up with a locked down OS with a virtual system for their games.

        There are some options, but they haven't been successful for me yet. But I'm sure the technology is getting closer.

        Layne

        • by DrYak (748999)

          If a virtual machine would support something like DirectX or OpenGL so that I could have the kids running their games in a virtual machine (and being able to install them, etc.) I would have them set up with a locked down OS with a virtual system for their games. {...} But I'm sure the technology is getting closer.

          Yup. Indeed. /. mentioned recently "VMGL [toronto.edu]".
          The extension is open source but currently only works for X11 OSes at both end.
          But as you said, a working acceleration layer is bound to be developed in the near future for Windows too.

    • by dctoastman (995251) on Tuesday August 12, 2008 @10:05AM (#24567817) Homepage

      http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf [cmu.edu]

      What if you can't even trust your compiler? At some point, even with fully open, GPL-compliant software, there is some point you just have to trust someone else to not jack you.

      • by John Hasler (414242) on Tuesday August 12, 2008 @10:32AM (#24568301) Homepage

        > What if you can't even trust your compiler?

        You are referring to "Reflections on Trusting Trust" I assume. That is not really a practical attack in the real world.

        > At some point, even with fully open, GPL-compliant software, there is some point you
        > just have to trust someone else to not jack you.

        A supplier of Free Software can never be sure that someone he doesn't even know about let alone control will decide to review his source code.

        • Re: (Score:3, Insightful)

          by againjj (1132651)

          > At some point, even with fully open, GPL-compliant software, there is some point you > just have to trust someone else to not jack you.

          A supplier of Free Software can never be sure that someone he doesn't even know about let alone control will decide to review his source code.

          The GP is correct. [slashdot.org] You have to trust others to not jack you.

      • How can you reference Ken Thompson's "Reflections on Trusting Trust" [bell-labs.com] (HTML/non-PDF version) without also mentioning David A. Wheeler's "Countering Trusting Trust" [dwheeler.com] (as found via Bruce Schneier's blog [schneier.com])? So to answer your question:

        What if you can't even trust your compiler?

        Well so long as I have another set of compilers AND at least one is trustworthy then there is process I can follow to build a compiler I can trust. After spotting differences in the resulting binary I would also need to (ah-ha) examine the source code of the used compilers and find o

    • Re: (Score:3, Informative)

      by nurb432 (527695)

      Ya, its free, and virtual box is no enterprise solution either. So we are comparing apples and oranges here..

      Sure, its cool on a persons desktop to run non critical stuff on, but its no where close to being a product you would run off and virtualize 1000+ production servers with, which is the target market for ESX

  • Workaround available (Score:4, Informative)

    by fredr1k (946815) on Tuesday August 12, 2008 @09:54AM (#24567633) Homepage
    A workaround is possible Turn off NTP time on the host. And manually (using the VIC) change that date to one week backwards in time. Voila all set to work.
    • by d_ron_218 (1343245) on Tuesday August 12, 2008 @10:13AM (#24567961)
      The only way to run a Windows domain controller in VMware is to tie its clock to the physical host's clock. And lots of things break if your domain controllers have the wrong time (Kerberos authentication, NTP across the Windows network, etc, etc). So changing the host clock would generally be a bad idea.
    • by Animats (122034) on Tuesday August 12, 2008 @11:07AM (#24568907) Homepage

      VMware is suggesting setting the system time backwards to work around their license manager problem. That's a desperation move. Not only will it mess up everything from Kerberos to CVS to "make", if you're running certain licensed software, in particular software licensed via FlexLM, that software will stop working. FlexLM will disable your licenses if the clock goes backwards by more than 24 hours. Now your expensive high-end software protected by FlexLM (Rational, Avid, Matlab, National Instruments, ANSYS, Cisco Unity, Clearcase, Nokia network management, etc.) will stop working. Setting the clock forward again may not re-enable it, either; there's tamper detection.

      Also, if you have server/client licensing with FlexLM, or multiple license servers, and the clocks disagree significantly, FlexLM gets suspicious and turns licenses off.

  • by dc29A (636871) * on Tuesday August 12, 2008 @10:00AM (#24567717)

    My head hurts reading that article. Who the fuck wrote it? A ten year old mental retard?

    It's like ............... this and VM's this VM's that (Yes, notice the spelling?). Ooooh and the cyberwarfare boogeyman! You can't even find this much Hollywood scenario fear mongering from Hollywood themselves. Oh noes! Our entire infrastructure will be killed by evil cyber terrorists because it runs on VMware!

    Oh and and lovely parts like 'w/' instead of 'with'. Hey douchebag, this is not SMS, is it so hard to hit another 2 keys on your keyboard? Oh and for the love of $DEITY$, please learn basic HTML and use links so I don't have to copy paste text into the address bar.

    As for Slashdot editors, why the fuck did they pick the worse possible article from the Firehose when plenty others look *WAY* more professional?

  • Yes, it is a bug (Score:5, Insightful)

    by evilpenguin (18720) on Tuesday August 12, 2008 @10:00AM (#24567723)

    But the real bug is license enforcement in the first place. Why would you run the risk of making your business depend on the whims of someone else's IP policies and enforcement?

    Now, I'm somewhat realistic. I know that there isn't (yet) an adequate replacement for every piece of closed proprietary software out there. But for my own business (admittedly small) I am building with nothing but GPL/BSD/Apache license code. And it is working. I don't trust closed code. Of course my software will have bugs, some of them serious. But I won't have stuff shutting down because of "license" issues. Why do people go quietly into enforced licenses? Why do people accept remote kill switches on their servers? Why doesn't this strike everyone as a crazy thing to do?

    • Re: (Score:2, Insightful)

      by jason.stover (602933)
      Because they want someone they can call up and say, "Product X is broke. Fix it."

      That's pretty much the main reason that I've ran into. A support contract being available.
    • by Shados (741919)

      Because its an exceptional case. This particular one will hit a lot of people, but for the most part, most people have never had any issues with stuff like this. I know I never did.

      And when that happen? Who cares, I'll just sue their asses, like I do whenever OTHER problems come up, and it works to recover losses, if its a bit of a pain in the ass (though usually they compensate you without having to go that far).

      • by Waffle Iron (339739) on Tuesday August 12, 2008 @10:53AM (#24568641)

        And when that happen? Who cares, I'll just sue their asses, like I do whenever OTHER problems come up, and it works to recover losses

        No you won't. For essentially any software product available on today's market, during installation you agree to waive your rights to recover any losses beyond the purchase price.

  • by Anonymous Coward on Tuesday August 12, 2008 @10:07AM (#24567861)

    "Temporary Maintenance - Knowledge Base

    This section of the VMware website is currently unavailable while we make important user improvements and upgrades to the site. We apologize for any inconvenience this may cause."

    I hope it wasn't running on a VM.

  • by MarkEst1973 (769601) on Tuesday August 12, 2008 @10:13AM (#24567955)

    VMWare licenses for ESX server cost something like $5k apiece. My company uses VMWare and I don't quite get it. We pay for expensive blade hardware ($8k each for those, not to mention the chasis), then we pay $5k per virtual server. And for what? Adding virtualization overhead to the runtime cost.

    Meanwhile, in articles like this [markturansky.com], people are showing how to run many applications and different versions within a single container. A single node in the cluster can run any application. There are always busy, keeping the hardware fully utilized. Isn't that the promise of utility computing? Rack up a bunch of cheaper (but not cheap/shoddy) servers and let your cluster go to town.

    So, my question is, why are we (as an industry) embracing virtualization when apps written for a smart container (like OSGi) give the same benefits without all the additional co$t and runtime overhead?

    • by Cyberax (705495) on Tuesday August 12, 2008 @10:28AM (#24568201)

      Isolation and easy management.

      Isolation of applications in OSGi containers is leaky, one bad-behaving application can bring down the whole containers.

      Lightweight containers (OpenVZ, Virtuozzo) have almost no overhead and allow cool features like load-balancing of ALL applications between cluster nodes. However, all lightweight containers use the same kernel, and one kernel bug can bring down all virtual nodes.

      XEN/KVM have a bit more overhead but with even more isolation (each node has its own kernel).

    • Re: (Score:3, Interesting)

      by laffer1 (701823)

      Simple, the industry goes through cycles. Virtualization is hot and some people love it. They want to run it even if there isn't a good reason for it. Some people mistakenly believe it improves security.

      Virtualization is good for testing software and a few other cases where you need to run a different OS but don't want to deal with dedicated hardware or dual booting. I don't see any use in server environments except possibly web hosting.

      • by Anonymous Coward on Tuesday August 12, 2008 @10:59AM (#24568775)

        Simple...power. Right now our datacenter is strapped for power, and power isn't cheap. Neither is cooling. For 10U and 8000 watts I can install a fully loaded blade chassis with 128 CPU cores and 1 Terabyte of RAM, attach it to a SAN and run 150 VMs in it. Or I can install 150 rack and stack servers at taking up 4 racks and 75000 watts. Let me think here...

        And while I'm thinking about it, let's also remember that using VMWare gives you options like DRS and VMotion that you don't get with physical hardware. Or you can replicate your SAN to another SAN at your DR site and have a VMWare cluster waiting there for recovery. Then instead of having to do a bunch of restores to bare metal hardware, you could potentially get your servers back up and running in minutes instead of hours.

        There are many, many benefits to virtualization. If there weren't then people wouldn't have been using for decades in one form or another.

    • Re: (Score:3, Informative)

      by peacefinder (469349) *

      "VMWare licenses for ESX server cost something like $5k apiece."

      That's an exaggeration by a factor of five. Admittedly it ain't cheap, but one can get three dual-processor (unlimited core) ESX licenses and a management software license for $2700, or just ESX server for $1000.

      Of course, today it doesn't look real attractive...

  • by John Hasler (414242) on Tuesday August 12, 2008 @10:18AM (#24568033) Homepage

    ...Says it all, I think. Perhaps you should reconsider the ramifications of making your business critically dependent on software that contains code specifically design to make it stop working.

    Consider this: to a proprietary vendor the only safe failure mode for "license management code" is one where everything stops.

  • Patch Tuesday (Score:5, Interesting)

    by Thelasko (1196535) on Tuesday August 12, 2008 @10:19AM (#24568049) Journal
    FTFA:

    VC will continue to show the hosts as licensed and no errors will appear in vmkernel log file until you try to start up a new vm, reboot a vm, or reboot the host.

    Um, isn't today Patch Tuesday? [wikipedia.org] This could be worse than we thought.

  • by Comatose51 (687974) on Tuesday August 12, 2008 @10:29AM (#24568213) Homepage
    Unless something has changed dramatically, an expired license won't bring down any already deployed VMs. It simply won't allow you to deploy undeployed ones. It doesn't shut down the VMs as the headline makes it sound nor is it a bug in the hypervisor. Yes it's embarrassing that this got out but can we have a less sensationalist headline and summary?
    • Re: (Score:3, Informative)

      by Slashcrap (869349)

      Unless something has changed dramatically, an expired license won't bring down any already deployed VMs. It simply won't allow you to deploy undeployed ones. It doesn't shut down the VMs as the headline makes it sound nor is it a bug in the hypervisor. Yes it's embarrassing that this got out but can we have a less sensationalist headline and summary?

      No it just makes it impossible to start up VMs, restart VMs or VMotion them. I can't imagine why everyone's getting upset.

      Yes, there's a workaround - you just put back the date on the server. Unless you're in a business where randomly changing the dates on servers is frowned upon for compliance reasons.

  • KVM and XEN (Score:5, Interesting)

    by kenp2002 (545495) on Tuesday August 12, 2008 @10:32AM (#24568291) Homepage Journal

    The Open Source Model gets a leg up again after this nonsense. A client of mine just ported all their VMs and said good bye to VMware. That's 280 VMs by the way. Thank God we had a contingency plan for switching VM providers for a DR exercise a year ago and here we go.

    Management is pretty upset and I doubt we will be switching back any time soon to VMWare products after this.

    On a side note this scenario did prove one thing:

    Having a VM-agnostic storage makes migration easy. We changed a mount point, powered on the alternate VM host and we were off and running just that quick. We lost the ability to do live migrations for now but beyond that is was a good opporunity to see just how important an VM-agnostic disk storage array is. (I'm not the admin of those machines but I believe we are using iSCSI).

    On my side though I had about 50 scripts tapping VMWare via PERL but I guess I can start building workarounds now... No more batch submission and dynamic routing for a week or two... The part I hate the most was I had a nice script to take a batch submission and if necessary migrate a utility node to bigger hardware to accomidate the batch... pisses me off but what can I do, thank you Vmware, that aquisition seems to be improving your product as much as when Symantec aquired Ghost Corp!

  • I Am So Dead (Score:4, Interesting)

    by Hasai (131313) on Tuesday August 12, 2008 @01:18PM (#24571031)

    *sigh*

    Well, it's for real. I've confirmed it here, and my whole data center is affected.

    It's time like this when I wish I hadn't left the Army; at least there, you can shoot back.

    This is going to be one hell of a long night. :(

  • by segedunum (883035) on Tuesday August 12, 2008 @01:42PM (#24571343)
    I've been weighing up whether to migrate from VMware Server for our limited set of operations and move to ESXi and then ESX. This has made up my mind now. I'd rather wait for the hype of virtualisation to really settle down, use it in a pretty limited capacity and then run more stuff on technology and a host system that gets it right - KVM and Linux. I don't care too much about waiting, because as far as I'm concerned this just isn't acceptable. Many organisations will be brought to their knees by something like this, and over something that is totally unnecessary as well. I could understand pretty much any other issue, but not this. Sorry VMware.

Never say you know a man until you have divided an inheritance with him.

Working...