Instead, IT banned it enterprise-wide. Which is sad, because we like it for Vagrant. We've since started moving all of our developer stuff to OpenShift, so we're not totally up a creek.
Early 2016: https://web.archive.org/web/20160411070811/https://www.virtu...
Late 2016: https://web.archive.org/web/20161208112443/https://www.virtu...
Current, last changed July 2017: https://www.virtualbox.org/wiki/VirtualBox_PUEL
In the earlier licenses, "personal use" was just defined as the person using it being the same person as who installed it, and only one person remotely accessing the desktop at a time. So I had interpreted this as being OK for developer VMs in which the developer installs it themselves and uses it for their own development purposes. It also contained an "evaluation use" with a vaguely defined period.
The current license now defines "personal use" as explicitly non-commercial use, and adds more restrictions on client access that applies to any type of clients and not just remote desktop access, as well as explicitly defining the evaluation use period to being 30 days.
So while I didn't really have a concern about developers using VirtualBox with the extension pack previously, given the new license and the fact that they seem to be enforcing it via phoning home, it looks like it's time to set a policy of no one using it.
Luckily, we've already pretty much transitioned everything over to libvirt/KVM on Linux hosts, and people have generally been using VMWare or VMWare Fusion on Windows and Mac hosts.
Of course others are right, virt-manager is probably a better replacement I think.
You can spin up KVMs in OpenShift, but I have the feeling it's not going to be quite what you're looking for. I suppose it's all going to be a matter of what workflow is most comfortable for your devops people. If you have an OpenStack install, Vagrant can control those AND they can login and poke around.
Also FYI virt-manager is deprecated in RHEL 8, and is superceded by Cockpit.
You have a very broad definition of "phishing".
>Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication
"using virtualbox" isn't sensitive information. I haven't read the emails, but I doubt Oracle is disguising themselves as the company's IT department or something.
The entire point of these emails is to bypass established channels by getting random employees to leak information. If they want licensing information, there's an IT point of contact for that. Or Contracts. Or Legal. They are literally fishing for information leakage that would give them grounds to sue.
> I doubt Oracle is disguising themselves as the company's IT department or something.
They wouldn't. At this stage the point is to convey a false sense of authority without being outright fraud. You have to wrap everything in vague but threatening insinuations-- "help us or you could face fines of up to a bazillion dollars, and/or you might go to JAIL."
> They are literally fishing
You can "fish for info" in a hundred ways. Only a small subset of that is "phishing".
The employees were already subjecting their company to legal liability when they were using unlicensed software.
>The entire point of these emails is to bypass established channels by getting random employees to leak information. If they want licensing information, there's an IT point of contact for that. Or Contracts. Or Legal. They are literally fishing for information leakage that would give them grounds to sue.
So if I'm Oracle and I'm trying to find unlicensed enterprise users, what am I supposed to do? Call up their IT/legal department and hope that they'll investigate for me, and respond with a truthful response? Is Oracle not allowed to investigate on their own for licensing infractions? I feel like the only reason people are up in arms about this is because Oracle is doing it. If some startup was doing this to discover that some big corp was not paying their licensing fees, no one would blink an eye.
>They wouldn't. At this stage the point is to convey a false sense of authority without being outright fraud. You have to wrap everything in vague but threatening insinuations-- "help us or you could face fines of up to a bazillion dollars, and/or you might go to JAIL."
Sure, but cops do the same thing (if not more). I'm not saying either is okay, but both are not "phishing".
That would certainly look a lot like phishing
One is "Hi my name is XYZ at company ABC. Do you want to talk about our product DEF?" to which you instantly know it's a sales call and how to respond.
The other is specifically emailing employees asking about their use in order to build a case against their employer in the hopes of getting an enterprise agreement or lawsuit out of it. It's far more shady and the actual nature of the communication is not revealed until after the fact. For all the developer knows, it's just a support email from Oracle asking them about how they use their product.
"Hello my name is X I would like to sell you Y" is not phishing. It's not asking for any information. It's annoying, sure, but you know how to deal with it and they won't bother continuing when they know you're not interested (ie. by saying no)
"Hello my name is X, I work at Oracle, do you have a few minutes to talk about your use of VirtualBox" followed by asking questions about how you use it in order to build a case against your employer can be perceived as phishing. They are either outright not representing or misrepresenting the purpose of the conversation, and asking for information for purposes other than what you'd expect. It doesn't fit the exact definition in the dictionary, but it's close enough and uses the same sort of tactics that it can easily be considered another example of it.
That's why I bring up phishing personal info to send a gift basket. Despite flipping the purpose on its head, it's still phishing.
Something that's already phishing will still be phishing even if the purpose is misrepresented. Something that isn't otherwise phishing, however, can be made into something akin to phishing by misrepresenting the purpose.
Incorrect. It's not about purpose. It's about misrepresenting who you are. Oracle is saying they are Oracle. If Oracle is pretending to be someone else, than it's phishing.
What you are describing is not phishing. It's just regular old fishing.
Developers likely thought they were speaking to Support, or responding to some kind of survey/questionnaire about their use cases and how they use VirtualBox, when in reality were being misled as to the actual purpose of the conversation.
Just because they were speaking to someone from Oracle as opposed to a third party scammer does not mean that the person they were speaking with didn't misrepresent/fake who they were.
What amazed me was when I first started there & asked if I could install it, most everyone was clueless what it even was. So Oracle had to have done some audit that found it, because I don't believe more than 1 or 2 other people would have been using it.
How exactly are you trapped by using GPL software?
> The VirtualBox Extension Pack is available under the VirtualBox Extension Pack Personal Use and Evaluation License, which is a free license for personal, educational or evaluation use, or an Enterprise License, which is a for-fee license that allows most commercial, non-distribution uses restricted by the PUEL.
I'd argue the added features themselves are mostly shit. If you need hypervisor RDP or FDE there are much better solutions than VirtualBox.
This looks like the source, found in a github repo of someone who works for Cisco. Maybe a former Veertu employee, or just someone who happened to fork a copy before Veertu deleted it? At any rate, I can't find an official Veertu repo anymore. https://github.com/tithomas1/vdhh
Last updates were 2 years ago and the installation instructions say "To Install Veertu Desktop on Mac, please visit veertu.com" which has deleted everything related to Veertu Desktop down to the knowledge base articles with release notes https://twitter.com/veertu_labs/status/818584467954495488
Seems like a pretty thoroughly dead product. Haven't heard of xhyve before, but between the two that's the one worth looking at.
I imagine it's not in a working state on current versions of macOS, what with the security changes that Apple makes pretty much every year. But if someone wanted to try to get it going again they certainly could.
I have the impression that causes some pain when it starts eating away battery faster than the monitor can charge the laptop.
Also, there's docker-machine-driver-xhyve for people that prefer using docker-machine (like I do) instead of DfM.
Have they improved?
(and yes, it's VNC, not RDP, I believe the oracle extension pack actually allows for Virtualbox to do RDP as well. But you can stay GPL-only and still support headless VNC. I believe phpVirtualbox uses it with beautiful results)
Otherwise, don't you have to do everything by hand to configured xrdp on the Linux guest?
Much of the Windows world is still on Windows 7, and it would be rather ironic if they were updating because of concerns about software phoning home...
Not sure what I'm doing wrong, but I've never has success with non-windows OS's.
Until today I had never even heard of the Extension pack, and have never had any need to use it.
How is the state of KVM's support about 3D acceleration, sound, drag'n drop and like?
Also, kvm has some nice features that AFAIK virtual box does not have. For example you can have gnu/linux and windows guests use the balloon memory driver, that basically allocates and deallocates memory from the host system. Imagine having a guest vm where you can say "this vm should have 2GB ram, but it might burst up to 24GB if needed, and then go back to 2GB when the need is satisfied". Can't do that with VBox (AFAIK - and it works on windows too!)
Regarding sound, if you are virtualizing windows, imho you're better off connecting via rdp (avoid remmina, use rdesktop) and using local speakers as audio output.
It is possible, but when it works and works well, which is not always the case. In addition, one may have to lock the card for usage with the guest only, since drivers may not be compatible with intermittent (=on/off) vfio usage.
I've had mixed experiences, depending on the hardware. my current system is 100% stable, however, I don use the card on the host (it causes instability). My previous system worked badly, and it was essentially not usable.
Which implies a special-build system to play some odd Windows games ocassionally, akin to building an Hackintosh. For my use case it's a definitive overkill :D
> ...do pci-passthrough and let the guest system have nearly-full access to that graphic card with nearly full performances.
Again which requires a CPU and system which supports vT-d (in intel jargon), which is the only feature which my 3770K doesn't support :D
VirtualBox supports memory balooning. The interface is same with VirtIO's ballooning drivers AFAIK. The commands can be found in .
Since I want to virtualize Windows to play my simpler games only, rdp is not a very attractive choice. Using local speakers and sound virtualization is alright. I don't want crystal clear, high end sound. However, I'm not aware of the support level.
I've been using it in my KVM PCI passthrough VM for some months and it works well.
> While virt-manager does a very good job as a virtual machine management software, it's very much tailored for system administration.
Exactly! Boxes looks really polished.
However, I just tried using it (on Debian stretch), and unfortunately I have to agree that it doesn't do much beyond look pretty.
afaict you could only go to consoles, check a few resource usage graphs, send power commands and manage snapshots. There were very few configuration options and no ability to manipulate virtual hardware on existing machines.
Also, there was no way to add remote libvirt instances from the GUI, and adding them into the config file (qemu+ssh) just made boxes crash.
If virt-manager really is going to be deprecated, is there a good replacement out there?
edit: Holy crap, it also managed to hibernate all the running VMs on my dev box when it crashed!?! Glad I didn't have anything too important running on it!
Also, it is still possible to build a free extension pack; it would be a great project. After all, Virtualbox is GPL, and it shouldn't be underestimated the amount of work that has been, and is being, put into it.
I use Virtualbox to compile CI artifacts for Ubuntu, Debian, OSX (homebrew), and Windows (msys2) by using the virtualbox executor of gitlab.
The other available gitlab-runner executors to build these artifacts cross-flatform are: virtualbox, parallels, docker, kubernetes.
Boxes and virt-manager aren't on that list, so they are out.
Parallels isn't FLOSS.
Can I use docker or kubernetes to build my desired artifacts?
Which is very problematic, of course, without something in writing, and given Oracle's reputation.
Some other possibilities would be the parol evidence rule (verbal exchanges between the contracting parties and their effect on contract interpretation) and possibly laches (no equitable remedy for folks who know about an infringement on their rights and do nothing about it... but money damages isn't an equity claim).
(IAAL but I don't practice in this area, so same grain of salt applies)
From the Restatement Second:
§ 90. Promise Reasonably Inducing Action or Forbearance
(1) A promise which the promisor should reasonably expect to induce action or forbearance on the part of the promisee or a third person and which does induce such action or forbearance is binding if injustice can be avoided only by enforcement of the promise. The remedy granted for breach may be limited as justice requires.
If Oracle says "go ahead and use it" and then sues you for having used it, they lose. If they sue you to stop using it going forward, they win.
A, knowing that B is going to college, promises B that A will give him $ 5,000 on completion of his course. B goes to college, and borrows and [[[spends more than $ 5,000 for college expenses.]]] When he has nearly completed his course, A notifies him of an intention to revoke the promise. A's promise is binding and B is entitled to payment on completion of the course without regard to whether his performance was “bargained for” under § 71.
(detrimental reliance in triple square brackets)
I have a hard time imagining a case being granted summary judgment for the defendant just because Oracle's customer sales rep told him "we don't really care."
In all honesty, the legal issue is more likely to be whether the person on the phone had apparent authority to grant a license. Even if a promissory estoppel theory would work, the person speaking to you would still have to be in some position (or appear to be in some position) to bind Oracle to a promise he/she made.
Also, I don't think Oracle is going to sue over something like this. They really seem not to care. But they could change their mind tomorrow.
Hence, "If you live in a one-party state."
> Also, I don't think Oracle is going to sue over something like this.
Check the other comments in the thread. People are reporting that Oracle is taking IP addresses of people who access the extensions site and if the IP address belongs to a company, they contact the company and threaten to sue.
I am sorry. In Germany, there is no such thing as a "one-party state". :-|
> People are reporting that Oracle is taking IP addresses of people who access the extensions site and if the IP address belongs to a company, they contact the company and threaten to sue.
Thank you for pointing this out. I stand corrected.
The fact that they didn't want to take my money forced me to learn KVM and libvirt. That turned out to work better and be way easier to manage remotely.
$39.99, no minimum license count
You don't have permission to access "http://m.cdw.com/product/oracle-vm-virtualbox-enterprise-lic... on this server."
Would be nice if the Windows Subsystem for Linux started officially supporting graphical apps or a full VM.
So it's not any of that stuff you can select on the "Custom Setup" screen then...
On an unrelated note, have you considered a third-party X server for windows, like Xming or VcXsrv, for use with your WSL apps?
Don't you mean: Be careful to follow the licensing for whatever products you use.
On the page cited there's no reference to licence/license. Fair enough - it's a release notes page. The only sub-page (using the menu on the left) that contains any reference to licence is the Contributors page, which isn't somewhere most users would head to.
The primary page - https://www.virtualbox.org/ - has one reference to Licence - and that's as part of the assurance that VirtualBox is "an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License".
And if you read that, assumed the best, and went on your way, you'd soon be in breach.
(Yes, you should probably visit https://www.virtualbox.org/wiki/Licensing_FAQ despite the above assurance on the front page -- at which point you'd learn about the Extension pack, the PUEL, and other usage constraints.)
Oracle setting a licensing trap they can spring at their whim? Perish the thought!
What kind of functionality do the extensions discussed here cover?
Extension Pack gives things such as USB passthrough.
Can you explain how I need to protect myself?
That sounds like exchanging a Toyota for an Edsel.
And Virtual Box has been more reliable than Fusion ever was for me.
(cannot use `sendfile` in nginx inside a virtualbox, due to an eight year old bug)
It's also why I recommend people avoid Docker Toolbox like the plague since it uses VirtualBox under the hood. Either use Docker for Windows (if you have Windows 10 Pro), or roll your own VMWare Player (free) VM which doesn't have that bug, has way better I/O performance in the end and isn't much harder to set up.
VirtualBox shared folders simply don't offer the guarantees of a local filesystem. They are not a local filesystem, they are network drives mounted as NFS, with the abysmal support and quirk that comes with that.
sendfile() doesn't work on network drives. it never did.
the host is not aware of changes made to the remote filesystem from another host. it cannot see updated files unless it checks for remote changes.
They’re actually not, which is exactly the problem. vboxsf is its own “real” filesystem. The code is super simple (too simple, perhaps): https://www.virtualbox.org/browser/vbox/trunk/src/VBox/Addit...
It contains many shortcuts with reporting free inodes and whatnot.
I used a VMWare Player driven VM as a primary Linux development environment for full time web development for literally 4 years straight and I encountered the issue 0 times, but with VirtualBox I encountered the issue in 1 day.
Maybe it's not technically a bug with VirtualBox, but it is something that makes VirtualBox unsuitable as a dev environment for web development.
Yes, vboxfs is very restrictive, but then again, the whole cross platform virtualization is a very thin curtain of magic over the nasty differences behind.
Make sure you get your KVM, Qemu and libvirt setup right and run:
vagrant plugin install vagrant-libvirt
vagrant init generic/ubuntu1804
vagrant up --provider=libvirt
vagrant-lxd is less mature but just as useful, especially when you need to run stuff with erratic RSS graphs.
ENV['VAGRANT_DEFAULT_PROVIDER'] = <provider>
Any comparisons between hyper-v and virtual box performance? I would have assumed hyper-v would be more performant.
I've used both for full time development. It only took about a day of using VirtualBox with sync'd folders to look for alternative solutions due to how bad it was about 4 years ago (not sure about today). Also, VMWare Player is / was so much faster than VirtualBox, and is on par with Hyper-V's performance.
Currently I use Hyper-V today because it's the back-end for Docker for Windows. I couldn't be happier with the performance.
Would you recommend it? Or is the best option VMware Fusion, Parallels, or something else?
So, I tried Parallels and it was so fast I can't really tell the difference between the host and guest in terms of speed. I highly recommend Parallels.
Colleague of mine has Windows running on VMWare on OSX and it's not much better. Also, but this might be because of the keyboard/OS/VMWare settings he uses, but when my muscle memory gets to work and starts using basic key combinations it feels like half of the time they are intercepted by OSX and do funny things, opening apps I don't want or switching desktops or whatever etc. No joy. All in all, of all non-commandline development experiences I ever encountered it's probably the worst. Parallels on the other hand was indeed more 'just works, get shit done'.
However, sadly, third-party software that spins up VMs tends to avoid supporting Parallels. I recall Vagrant having a sub-par Parallels provider (compared to the paid VMware Fusion support), and even minikube went with VMware Fusion instead. https://github.com/kubernetes/minikube/issues/220
I’ve had Fedora and Ubuntu guests running on a 2015 Mac Mini with no issues.
Pretty nice for me: I got a full-res retina screen (needs a command from host on a VM restart), changed the dpi to taste, and now have compact and crisp UI under Xfce.
I use the open-source guest additions installed by my distro's package manager (void linux), and not the Oracle-provided extensions. They work fine for time sync, clipboard sharing, file sharing, and for hi-res screen (I run 1:1 pixels, no scaling, obviously).
Saving machine state and then restoring it in 10-15 seconds is pretty nice, comparable to normal laptop hibernation mode.
What does not work well is OpenGL acceleration. That is, it sort of works, but sometimes produces visual problems that only a reboot of the VM can fix. So I run with GL acceleration disabled, and thus many nice compositor effects turned off for performance.
For actually using a virtualised desktop I favour VMware Fusion which I found is the best between features, performance, and reliability (Comparison also includes Parallels which I'm not a fan of)
It's not worth the cost unless you use it very frequently though.
I thought that with a dozen hacks it already worked? What did they add? Official support?
Anyone found out yet what that’s supposed to mean? Looks all the same to me except colors and icons and animations nobody needs.
It looks like this was caused by a workaround I had implemented for the exact same issue on previous releases:
vb.customize ["modifyvm", :id, "--uartmode1", "disconnected"]
Can any linux experts here explain briefly what is required to get this VMSVGA support? (win 10 host, Ubuntu guest)
Do I have to grab additional drivers or "guest additions" from VMware? Or will Ubuntu 18.10 have 3D support out of the box if I run in with VB6 ?
I hope it doesn't change.
But I wonder why the section 6.11 about vboximg-mount is missing on the .org version of the manual:
Any SAN/Storage admins care to comment on if this is really great or really scary?
Who thought "easy to use" rhymed with "make the icons look like nearly identical and somewhat indistinguishable blue squares"? Who decided that an already rather unprofessional drawing of Tux needed to be transformed into Baby's First Vector Drawing™?
And why, when previous versions already did a semi-respectable job of at least _pretending_ to look like a native Cocoa app on macOS, does version 6 not only regress its implementation of the Aqua theme down to everything-is-grey but do so by getting rid of the gradient that emulated NSToolbar on most settings windows whilst then _adding_ ugly gradients to the list of VM settings on the main window in place of the vastly more functional rounded rectangles with separate headers of previous versions?
You see, if it's possible to regress the user interface so badly _when it was already fine_, I don't hold much hope for the rest of the technology. Call me a snob, but it reeks of sloppiness.
Edit: was top comment. Crying shame averted.
On Macs, Fusion and Parallels are arguably consumer software. In the early days of x86 on Mac, they were the carrot to lure a lot of non-technical people who used Windows at work to get a Mac.
Since there are a lot of people who gravitate towards "free as in beer" software, you can't not expect a Mac user to at least look at VirtualBox as a consumer app. There are probably plenty of Mac oriented listicles that recommend VirtualBox as a free option for running Windows VMs on Mac.
Somehow, VMware and Parallels managed to understand and act this for the past decade in their macOS _and_ Windows offerings for consumers, so I expect a big company like Oracle to not screw up the basics of user interface design, regressions of any kind, and treating a major platform and its users with a minimal amount of respect.
What is it then?
The utility of the application far outweighs the aesthetics.
What use is utility when that utility is locked away behind regressions in usability?
More than that, drawing is bugged, and sometimes it won't fill out empty spaces in the window.
Or, another times, it draws too much and sometimes it covers buttons on the toolbar, so I see a beautiful grey rectangle instead of the toolbar.
It's slow as hell. I wish it was done in Electron, then it would be faster.
Scrolling through the VM log is very slow.