Security
VMware Bug Is Worse Than a Glitch To Some Users
There is an unfortunate trend at VMware these days. The trend is in the release of their updates.
Related links
No results were found for your search.
Your query is too restrictive.
You might want to try: security
Story tools
Sponsored by:
E-Mail article
|
|
Print article
|
|
Contact author
|
|
AIM article
|
del.icio.us |
Reddit
|
Digg
|
Stumble
|
Slashdot It!
|
With VMware VI3 Update 1, VMware placed on their website an ISO image that had a bad installation. After a bit of tweaking, it was remastered with the same build number as the bad one. This was fixed by appending the character 'a' to the end of the build number. Should it not have been a new build number entirely?
This caused quite a bit of confusion.
When VMware VI3 Update 2 was release, VMware placed incorrect sizes for the ISO images on their website, apparently due to some automation issue. However, a worse problem awaited people on August 12th; A problem that would disable licensing and keep new VMs from being booted. But already running VMs worked just fine.
There is also a letter from Paul Maritz, explaining the issue.
The fact that these issues exists is problematic at best. But the lack of communication is what was really upsetting folks.
I communicated with my customers already based on the complexity of the Update 2 upgrade (you should also upgrade Virtual Center). Yet, VMware should have communicated in big bold letters that a problem existed long before they did. Yes they did start to communicate, I got several emails to that affect, but it was already very late in the day when they were sent.
The post on the forums about this is one of the largest threads there is for its short time period.
However, there is an even bigger problem. That is not all customers are properly testing their own installations of VMware ESX before they place them into production.
No this is not to say that VMware is not at fault, but it is to say that not everything that comes from a vendor is gospel and you should test with this in mind.
One of the tests was faulty for this; specifically a test with the time changing to sometime in the future or past. This is a security test that should be made to make sure authentication, authorization, and other aspects of security do not break.
| Use this form to start a public discussion with other Linux World users on this article. Log In | Register for an account (Why you should) |
Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."
*Anonymous comments will only appear once they are approved by the moderator.
• Dell puts Linux and Atom in Vostro PCs
• Mozilla names best Firefox 3 add-ons
• Torvalds: Fed up with the 'security circus'
• Dell Latitude ON - big win for Linux
• Open source advocates hail appeals court ruling
LinuxWorld Conference and Expo San Francisco, August 4-7, 2008.
Linux Plumbers Conference Portland, OR, Sept. 16-19, 2008.
FreedomHEC Santa Monica, November 8-9, 2008.