Massive VMware Bug Shuts Systems Down 410
mattmarlowe writes "Imagine if Red Hat released a version of Linux, and after it was deployed, customers noticed that any processes with a start date of today would refuse to run? Well, that's what happened to VMware — a company that wants nearly all server applications running in virtual machines within a matter of years." Supposedly a fix will be available ... in 36 hours.
License Management Software!? (Score:5, Insightful)
If someone wants to run virtual machines at home or in a small business, they're likely going to be more than satisfied with VMWare Virtual Server (formerly GSX) and wouldn't even consider the much more complex ESX.
In a major corporation, fear of massive fines and prosecution is enough to stop them from pirating your software. Hardware dongles, software license managers and the like only hurt your paying customers.
what do you expect? (Score:5, Insightful)
I stick to virtualbox. I'm not going to pretend I've audited the source code, but if I need to, I can.
Say YES to freedom.
Re:Can't start processes? (Score:2, Insightful)
There probably is no "fix" they are just waiting for the problem to go away
I can just see the programmers reaction when he sees the bug report.
"so the process wont start if it has todays date? hmm.." he then proceeds to set the target date for tomorrow and takes the day off
Yes, it is a bug (Score:5, Insightful)
But the real bug is license enforcement in the first place. Why would you run the risk of making your business depend on the whims of someone else's IP policies and enforcement?
Now, I'm somewhat realistic. I know that there isn't (yet) an adequate replacement for every piece of closed proprietary software out there. But for my own business (admittedly small) I am building with nothing but GPL/BSD/Apache license code. And it is working. I don't trust closed code. Of course my software will have bugs, some of them serious. But I won't have stuff shutting down because of "license" issues. Why do people go quietly into enforced licenses? Why do people accept remote kill switches on their servers? Why doesn't this strike everyone as a crazy thing to do?
Re:License Management Software!? (Score:4, Insightful)
Exactly. Most large companies usually have an entire person, and sometimes multiple people dedicated to nothing but license management.
What a colossal waste of money.
Re:Ummm... How? (Score:4, Insightful)
Re:License Management Software!? (Score:4, Insightful)
I really don't think the fines would keep large corporations in line. look at all the stuff you see big business doing that they know is illegal and that they know will land them big fines if they get caught. Software piracy is no different. In fact it's probably easier to use a pirated piece of software than it is to dump illegal chemicals or defraud investors. You can manage the exposer.
Re:what do you expect? (Score:4, Insightful)
http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf [cmu.edu]
What if you can't even trust your compiler? At some point, even with fully open, GPL-compliant software, there is some point you just have to trust someone else to not jack you.
Re:License Management Software!? (Score:5, Insightful)
Good god do I hear you, brother. I work IT for a legal firm. So many little apps no one else in IT has ever even heard of. And most of them, you're talking to the same guy for support that developed it, and filled the sales order. Out of his basement or garage. Multi-million dollar a year law firm, and it can be brought to its knees if one of our obscure applications goes down and needs support, and the one guy that can support it is out taking his kids to soccer practice.
I'm looking at you North Winds Software. I'll BUY a support contract! If you offered such a thing. If you answered the phone.
I need to go back to bed. :(
Re:Yes, it is a bug (Score:2, Insightful)
That's pretty much the main reason that I've ran into. A support contract being available.
Re:what do you expect? (Score:3, Insightful)
Utility computing w/o virtualization (Score:4, Insightful)
VMWare licenses for ESX server cost something like $5k apiece. My company uses VMWare and I don't quite get it. We pay for expensive blade hardware ($8k each for those, not to mention the chasis), then we pay $5k per virtual server. And for what? Adding virtualization overhead to the runtime cost.
Meanwhile, in articles like this [markturansky.com], people are showing how to run many applications and different versions within a single container. A single node in the cluster can run any application. There are always busy, keeping the hardware fully utilized. Isn't that the promise of utility computing? Rack up a bunch of cheaper (but not cheap/shoddy) servers and let your cluster go to town.
So, my question is, why are we (as an industry) embracing virtualization when apps written for a smart container (like OSGi) give the same benefits without all the additional co$t and runtime overhead?
"License management code..." (Score:5, Insightful)
...Says it all, I think. Perhaps you should reconsider the ramifications of making your business critically dependent on software that contains code specifically design to make it stop working.
Consider this: to a proprietary vendor the only safe failure mode for "license management code" is one where everything stops.
Re:License Management Software!? (Score:5, Insightful)
Actually its quite a common policy in MegaCorps to reject software that require machine specific or expiring license keys for use in "Mission Critical" applications.
The backup server not having the correct licenses is one of the biggest risks in a Disaster Recovery.
Migration to newer better hardware also becomes a nightmare where license keys are involved -- what do you mean the new server doesnt have centronics port for the dongle?
Its also screws up the companys virtualisation strategy as you have no idea whether a given license scheme will work in inside a VM or not.
Do like the Fortune 500 and just say no to runtime licenses.
Re:License Management Software!? (Score:5, Insightful)
I'm looking at you North Winds Software. I'll BUY a support contract! If you offered such a thing. If you answered the phone.
There's an Ask Slashdot for you. Is there something out there that can replace this magic bit of software? Is anyone interested in writing an Open-Source equivalent?
Re:what do you expect? (Score:2, Insightful)
Re:what do you expect? (Score:4, Insightful)
> What if you can't even trust your compiler?
You are referring to "Reflections on Trusting Trust" I assume. That is not really a practical attack in the real world.
> At some point, even with fully open, GPL-compliant software, there is some point you
> just have to trust someone else to not jack you.
A supplier of Free Software can never be sure that someone he doesn't even know about let alone control will decide to review his source code.
Re:it has USB support (Score:2, Insightful)
Maybe stable support then. Each time I try adding a usb device virtualbox throws up it's hands and gives me an error.
Re:License Management Software!? (Score:4, Insightful)
Re:Yes, it is a bug (Score:4, Insightful)
And when that happen? Who cares, I'll just sue their asses, like I do whenever OTHER problems come up, and it works to recover losses
No you won't. For essentially any software product available on today's market, during installation you agree to waive your rights to recover any losses beyond the purchase price.
Re:Yes, it is a bug (Score:2, Insightful)
So, how's it working for, say, VMWare EXS users?
Re:License Management Software!? (Score:2, Insightful)
Which will help his support problems in what way? It's not about the software, its about the service and support, and most OSS short of the operating system has zero support outside of newsgroups.
Re:License Management Software!? (Score:4, Insightful)
I really don't think the fines would keep large corporations in line. look at all the stuff you see big business doing that they know is illegal and that they know will land them big fines if they get caught. Software piracy is no different. In fact it's probably easier to use a pirated piece of software than it is to dump illegal chemicals or defraud investors. You can manage the exposer.
Having acted in an advising capacity on a software license management project currently underway at one of the worlds largest financial institutions (400k employees), I disagree. Purchased software is an asset on the books and needs to be tracked. Pirated software is a risk and even the largest companies will occasionally be brought to court for "over implementation."
The main hurdle with Software Asset Management (SAM) is the complexity of the licenses involved, and the multitude of way in which it can be obtained. Some examples: is the license perpetual or subscription based; is it a "named user" license or is it assigned to the org; does it include maintenance (upgrade rights); if it includes maintenance is the maint co-termed with the other licenses that the org owns; if it includes maintenance, what was the most current version at the time the maintenance expired; does the current version allow for "downgrades" and how many version prior can be downgraded; what previous versions qualify for an upgrade license and which would need a full new version; can the licenses be transferred within the org; can they be transferred globally; does the license allow for home use; does the license allow for portable device use; just to name a few.
If large corporations were willing pirates, you would not see them making their annual multi-million dollar payments to Microsoft for their Enterprise Agreements. You wouldn't see them spending millions on risk management/mitigation consultants or conducting their own software audits. There are people out there getting paid piles of cash to implement a working SAM system.
It's unavoidable that a large corporation will be under-licensed. However, they spend big bucks to mitigate the risk that this opens them up to.
Re:License Management Software!? (Score:2, Insightful)
There's an Ask Slashdot for you. Is there something out there that can replace this magic bit of software? Is anyone interested in writing an Open-Source equivalent?
I can answer that one for you already.
1. There may or may not be an F/OSS equivalent. But data migration is probably going to be extremely painful, and as far as everyone else in the business is concerned, any failings in the product is the IT department's problem not theirs. So the rest of the business isn't too keen on migration.
2. If it's a business application which does one of the myriad boring things which are necessary in most businesses but tend to be specific to the field, the answer to "is there a F/OSS equivalent?" is almost certainly "no".
Re:what do you expect? (Score:4, Insightful)
I'd rather have better video support than USB support so that you play games in a virtual machine (and by games, I mean games beyond 2D games from the early 90's). If a virtual machine would support something like DirectX or OpenGL so that I could have the kids running their games in a virtual machine (and being able to install them, etc.) I would have them set up with a locked down OS with a virtual system for their games.
There are some options, but they haven't been successful for me yet. But I'm sure the technology is getting closer.
Layne
Comment removed (Score:3, Insightful)
Re:License Management Software!? (Score:5, Insightful)
and as far as everyone else in the business is concerned, any failings in the product is the IT department's problem not theirs
This is true, and particularly frustrating. We recently have converted from an (old, but very functional and stable) 20+ year old COBOL program to a new Windows application in our organization. This is a Visual Basic application that if I'm being kind I'd say is a kludge held together by the electronic equivalent of duct tape and glue. The thing is junk and crashes ALL THE TIME. IT didn't pick this app though - we just get stuck supporting it. However, no amount of explanation can convince these people that the program crashing is not IT's fault. We can reinstall it as many times as they ask for it. We can update everything on their computer. We can buy them a new computer. But the basic fact is the program you bought is crap and full of bugs and nothing IT does is going to make it stop crashing and screwing up data.
Sadly, this is a hard fact to make users accept.
Re:License Management Software!? (Score:3, Insightful)
For folks who are only RUNNING software and not modifying the source code, most of those open source licenses are complete nonissues. They apply to programmers modifying the code, not to end users.
Re:License Management Software!? (Score:3, Insightful)
Some government contracts require a percentage of the work to be done by minority/women/veteran/disadvantaged owned businesses.
Some government contracts require a percentage of the work to be done in violation of the anti-discrimination laws that the rest of us must obey.
There, fixed that for you. 8-~
Re:License Management Software!? (Score:3, Insightful)
Not worth suing. Quite possibly worth giving as a juicy story to your favourite journalist.
Re:License Management Software!? (Score:3, Insightful)
Slashdot geeks get excited about writing OSS to be used by first of all themselves, then other geeks, then artistic or creative types.
I am pretty sure that some of them would get excited about writing software that would allow them to sell support contracts to rich lawyers...
Re:License Management Software!? (Score:5, Insightful)
The problem is that every industry has a few of these super-specialized vertical apps that come from one-guy software companies. Most of them are fairly simplistic Access/FoxPro type things, the hard part was implementing all of the business rules.
I've worked with a few companies that recreated their software package in-house (because they needed specific customization the author wouldn't provide), and it's never as cheap or easy as it might seem superficially.
Hmmmm. Another Reason to Wait for KVM (Score:3, Insightful)
Re:License Management Software!? (Score:3, Insightful)
Add to the fact that this sort of business software is usually extremely boring to write and develop, and requires much more process knowledge than programming knowledge.
Re:What if you can't even trust your compiler? (Score:3, Insightful)
I was thinking about the very problem of trusting your compiler, and the only thing I could come up with is building one from an open assembler.
I built gcc (1.4) with a C interpreter. It was slow as hell (and we did it mainly to stress-test the interpreter), but when I fed the source of gcc to the result, it did what I expected--built a system the same as the one that regular gcc built.
But the simple fact of the matter is that a little common sense should reveal that the whole notion is impossible in the real world. At the time Thompson wrote, there was, basically, one C compiler and one version of login, and neither one changed very much, so it was at least theoretically possible for a fairly simple program to recognize them. The sources to gcc have changed too much over the years to be recognizable to anything less than a hard-AI system, i.e., something that doesn't exist (and if it did, you'd notice, since it would take hours to compile even the simplest app). Toss in drastically different compilers from vendors like Sun, IBM, Intel and HP, and the whole thing becomes even more ridiculous. But if you really want to check, write your compiler in another language (one that doesn't compile to assembler, like Java or Python).
Re:License Management Software!? (Score:3, Insightful)
Re:what do you expect? (Score:3, Insightful)
> At some point, even with fully open, GPL-compliant software, there is some point you > just have to trust someone else to not jack you.
A supplier of Free Software can never be sure that someone he doesn't even know about let alone control will decide to review his source code.
The GP is correct. [slashdot.org] You have to trust others to not jack you.