Monday, July 20, 2009

Wait What?

Ahhhhh the double speak around opt-out, opt-in clauses.

I get that when you're signing up for a free service or product, the company is very eager to stay in contact with you in the hope that you someday become a paying customer. But when you are *ALREADY* a paying customer, why go out of your way to be confusing? It's simply unethical.

This gem is from the checkout page I completed while purchasing VMware Workstation 6.5 directly from VMware Inc.:

"We'd like to keep you informed via email about product updates, upgrades, special offers and pricing. We will not pass your details onto third parties. If you do not wish to be contacted via email, please ensure that the box is not checked."

I actually checked the box, then caught myself... wait, what? went back, re-read and unchecked.

There's no need for legitimate businesses to engage in this type of behaviour. I love VMware products, I use them everywhere, always speak highly of them, and more importantly, I went out and spent my own money to acquire their premium workstation offering. But instead of blogging about what a crucial tool this is, I'm blogging about how the whole experience left a bad taste in my mouth on Monday morning. Fail.

Sunday, July 5, 2009

Shoulder Surfing at the Toronto VMWare Users Group

I was lucky enough to attend the first official Toronto VMWare Users Group (VMUG) meeting last week. And by "lucky" I mean I was invited via email because I actually register my VMWare Server downloads and had the time, and by "official" I mean it was the first one sponsored by VMWare, I gather there have been "unofficial" ones previously.

Overall it was a pretty good event. The talks were competent, but almost entirely focused on the newest features of the highest end of the latest generation of features in ESX and vSphere, which are cool and powerful products, but I've never used them or worked anywhere that used them. I plan to attend the next meeting (which I think they mentioned would be in September).

However, one thing in the presentations really grabbed my attention. I was lucky enough to catch Chris Hoff's presentation "The Four Horsemen Of the Virtualization Security Apocalypse: My Little Pwnie Edition" at SecTor 2008 (if you followed the first link, the picture Hoff is using on his front page is actually him speaking during a panel keynote at SecTor 2008 - not that you care). In that presentation Hoff's #2 Horseman - Death - was the virtualized switch and OMG OH NOES!!! WHAT IF you vMotion a VM away from the physical network switch on which you have configured ACLs, routes, VLANs, and all that sort of fun stuff. Now don't get me wrong, I'm not downplaying that as a problem, it really sounds like it is one. It just seemed like one of the features presented here was specifically built to address that very situation, the Cisco Nexus 1000v Virtual Switch.

I am not qualified to really assess this product as a complete security solution, and Hoff's objectivity may have been compromised of late. I know he's blogged about the performance and other features of the v1000 a few times, but I'd be interested to hear his take.

Anyways, the downside of the v1000 is to use it, you have to be licensed to the highest level of vSphere... Enterprise Plus or something, which is a pretty high price tag. No Enterprise Plus? Then sorry, your version of vSphere doesn't have the API enabled to allow v1000 to do it's thing. What that means for you and me is that even IF the Cisco Nexus line is the virtual switch John Conner to Hoff's death pwnie, it's only here to save the top tier of enterprise customers and the rest of us are still screwed and had better repent. :/

On another note, the surf was UP at the VMUG and I hung ten off a couple of BB junkies who couldn't stop leaking information the whole morning. To the guy in front of me during the second talk: I'm not sure when your netbook demo is coming in, lucky you for having the Enterprise Plus license already, and I'm sorry that they got doughnuts for you office when you weren't there, maybe they saved you some? I caught your email address and phone number, but I was bored and don't care, so I didn't write them down.

I changed seats between each talk and learned that touch screen devices (iPhones, BB Storm's) are harder to read over someone's shoulder because their fingers are in the way of the screen. Security by accident?