OVF: The Root Of All Evil. We Must Exterminate It NOW!
Today I was rudely interrupted from my Cyber-dopamine-drip as I hungrily anticipated Oprah’s next tweet such that I might become complete.
My Google reader flashed its welcome yellow folder highlight as it indicated an RSS feed had been tickled.
Little did I know this pollen-tinted shimmer would bring such discord to what was shaping up otherwise to be a perfectly lovely spring day.
It seems the singularity is upon us as chronicled by Kris Buytaert in his post titled: On the Dangers of OVF.
It’s not often that I’m awe-struck into silence, but if you read this, I am convinced you will draw your own conclusions:
Usually I`m all in favour of Open Standards that are supported by different parties, and the Open Virtual Machine Format (OVF) pretty much matches these requirements.
The last Virtualbox has support for it, Simon is telling about it being part of the new XenConvert v2 Tech Preview .
However, Reuven wonders why it hasn’t gained widespread adoption yet.Here’s my take, .. I`m not in favour of a standard as OVF that provides an easy way to transfer packaged virtual machine instance between different platforms.
Why ? Because I don’t think transferring full images of Virtual machines around is a good idea, not on 1 platform, not on different platforms.
And I`m not the only one with that opinion.A Virtual Machine image is the perfect vehicle for malware in your network … some prepares an image for you , you run it on your network, and you set loose the devil, who knows it does a networkscan in the background and sends the info
OVF is a good breeding area for VM Image Sprawl,the effect you get when the number of images you have grows beyond what you can easily maintain, and this time it can grow beyond the people only using proprietary software , where as Image Sprawl used to be a disease mostly diagnosed within the VMWare usergroups and sysdamins with no clue on large scale deployments OVF
Sure OVF will assist smooth migration between different platforms so vendors want to keep it as far away from their users as possible, but people that already have a platform agnostic deployment framework in place don’t really need to worry about deploying on different platforms.
<Silence punctuated only by the sounds of me choking on my own tongue>
Sigh. It must be WTF Friday.
/Hoff
I hope he checks the signature of every piece of software he ever downloads. Actually…I think he'd be better off disconnecting all his machines from the internet.
You know, because it certainly couldn't be possible to adopt a policy where you don't use OVF files from outside your own organization and you sign all of your internally produced OVF files with GPG or something.
Good point there on "Image Sprawl". 🙂 I think the rant can be summarised as:
"People are the root of all evil. Eliminate the human factor in your IT operations and the world will be a much safer place."
This is why I'm advocating we ban ELF binaries from the clouds. Those code and data sections could be hiding all sorts of malware and evilness. ELF: Just say No.
What does this mean? "but people that already have a platform agnostic deployment framework in place don’t really need to worry about deploying on different platforms."
I have read it several times and it doesn't make any sense.