We have no particular reason to trust any of these images though. An image built from a reproducible-build-only distribution (if that exists) would be valuable in this space.
Are there any open source Packer build configurations or anything else that can be used to reproduce the base boxes from scratch? I wouldn't usually run a base box that I can't also see/use the automated build scripts for.
That's really nice. I'll remember to use it whenever I need a linux box.
However, I'm not that interested in a zillion flavors of Linux.
I would be willing to pay for a box which comes with Windows and Visual Studio preinstalled (plus git, cmake, bash, etc):
In other words, an up to date development machine based on WinXP, Vista, 8, X, etc.
The main reason is that it takes hours if not an entire day to install all this stuff and run all the updates required to configure it.
As a Mac user writing cross platform C++, I sometimes need to test my app on various flavors of windows and compile the code on various flavors of compilers.
Keeping 30-50GB VM files ( for different versions of windows ) on my SSD is kind of wasteful, since I only need these boxes once every month or so..
I would easily part with $5 or $10 or even $20 (if it's very urgent) for an up-to-date box like that ..
If it's worth that much money to you, how much of your time would you say?
The reason I ask is that Hashicorp's Packer[1] is awesome at doing things like that.
Personally, I have an automated Packer build that spins up Windows 8.1 and Windows 10, provisions it and installs all of the necessary software, and then preps it for Windows Deployment Services.
I originally based the work off of packer-windows[2] but ended up re-rolling most of it again from scratch.
If you don't mind spending roughly a day or two figuring it out, then it's well worth it!
Yes, packer looks good.
But it's a bit overkill for my use case and doesn't really solve the "time" issue (or does it?).
Somebody could use packer and publish the artifacts on a website, were I can download the desired image and have it running in 5 minutes. That's what I'd pay for.
Once you sink the time into setup, it really takes care of itself.
You could basically schedule/cron/whatever the job to build once a month/week/day on your machine and it will always dump the up-to-date virtual machine in the location you choose.
I should also point out that Packer is the program that they use to create Vagrant boxes.
Why not a VM hosted in Azure? Microsoft publishes VMs into the Azure marketplace with Visual Studio pre-installed.
Scott Hanselman has an older blog post [0] that describes how he does it with a Surface 2. With an official Remote Desktop client for Macs, it should be just as easy. As a bonus, you can run it on an A11 Standard (16 cores & 112 GB of memory), although I wouldn't want to leave it up for a month ($1200).
If you're the sort of person for whom cloud hosting works, that will work for you. I personally like things that run (a) when the net is off and (b) if the vendor decides they don't like me, but I accept that I'm a dinosaur.
But the main reason for wanting things local, for me, is that the sole reason I have a Windows VM is to plug various devices into it for which there's no software for OS X or Linux. Yes, there are hacky methods for some USB use cases, but I don't think having the logic controlling my laser cutter executing 12 hops away is going to go so well.
This (https://github.com/geerlingguy/mac-osx-virtualbox-vm) works if you build it on a Mac... But yeah, not technically allowed to run on Windows, and you're also not allowed to host a prebuilt box for others according to the license with OS X.
It might LEGALLY have to run on Apple hardware, but it doesn't TECHNICALLY have to run on Apple hardware.
If you live in a locality where the Apple licensing terms binding VMs to only run on Apple hardware are not valid / enforceable, you can check this out - https://www.youtube.com/watch?v=wodqGvug6e0
I got some of the way there with https://github.com/xdissent/ievms and https://github.com/xdissent/iectrl but I'd really like a way to provision things on to the VM once it's up and running. Windows seems to suffer from a historical lack of attention to automated provisioning.
Check out WinRM. You can manage every feature in 2012R2 through a remote Powershell session. Installing and uninstalling programs can be done this way.
How many lawsuits would Microsoft face if they bundled VS in their OS, the way IE is bundled? Will they be accused of holding back developers because Eclipse isn't bundled?
(1) I didn't notice anything particularly horrible about the Web site. If I manage to find stuff I need and don't have to wade through too much garbage, and no attempt is made to trick or trap or scam me, I feel I'm getting what I paid for and am happy enough.
(2) I pulled a Linux off the site, installed it in VirtualBox, and it ran, smoothly, with no problem. Other offerings from other sites may have more/better features, but sometimes "good enough" is good enough.
(3) The one thing I missed, here and elsewhere, is a Linux with built-in VM Extensions (spiffy display drivers, better mouse / cut&paste / file transfer support).
To be honest, the whole site is a homage to bad design clichés. It took me a great deal more patience to navigate around than I'd normally gift a website. But then I suspect this is aimed more at home users rather the enterprise, which might explain some of the gaudy gimmicks.
Wordpress theme or not, it was still chosen over and above better designed themes in that collection. Plus some of the most distracting elements on that page are stuff they've added which wasn't in the theme's demo:
* The main carousel images background is different from the background of the carousel itself. And since the images are quite small, it means the top section of the landing page looks disjoined when the browser window is sized to larger dimensions.
* The main carousel has lots of sunken bevels which makes the logos and text harder to identify and read. I'm not generally a fan of flat design, but things like that are meant to be instantly identifiable; so they should either be flat, or have a larger unified border around them (badly explained, but something like how the social icons are often bevelled, or how Apple shapes iOS apps).
* In the main title, "OSBoxes" has a different vertical alignment to the rest of the text.
* In the main title, "VMWare" and "Virtualbox" scroll in a vertical "carousel", which is very distracting.
* In the main title, the aforementioned vertical carousel has a blue background which is jarring against the rest of the white document. To be honest, between this and the previous two points, the dyslexic in me took a couple of attempts to parse the title. Which somewhat undermines the point of a title.
* Downloading a VM image requires clicking the OS to reveal a hidden dropdown, then clicking the download link. Given the amount of whitespace in that list, they could have just had download icons in the list and saved users a pointless click. Given you only need a download icon and a www icon (icons people are already familiar with), you could still have a clean usable design.
Anyway, I didn't mean this to slate the project based on the site. In fact normally I wouldn't be so critical of someone else's site. Perhaps it's just my dyslexia, or even just me specifically, but I really struggled to read through this site in ways that I don't on most other websites.
My first thought, too. The contact page and even the privacy policy is devoid of identifying information.
And the faq (aside from a zero-content privacy comment) doesn't even mention malware concerns, which is a pretty weird elephant to ignore if you're on the up and up.
Is it really that hard to download an ISO and mount it and do a quick 5 minute install and immediately make a clone of it? Then you always have a handy fresh installation. It would literally take a few minutes longer than using this untrusted website and the result would be exactly the same.
I use OSBoxes a lot when I want to quickly spin up a Linux distro I don't normally use. I really wish they'd clean up the design of their website though...
What I really want is a good repository for ready to go 'application appliances' - something pretty much production ready - and in a format that I can deploy to a VPS as well as locally in a VM. I know there's a few of these in existence but the selection always seemed a bit patchy.
With virt-builder we are trying to persuade Linux distros to start publishing high quality metadata about their cloud and VM images. Then virt-builder will just pull down those images automatically. It's been a very long and slow process. So far we can only support Ubuntu, OpenSuSE and (coming shortly) CentOS.
Even though Red Hat sponsors the project, we've still not managed to get either Fedora or RHEL to publish metadata, after 2+ years of trying. But I believe this method of publishing metadata is the way to make the whole process sustainable long term.
Edit: I should say I didn't read your original posting closely enough. It sounds as if you're looking for fully formed applications (eg. PostgreSQL or whatever) in appliances. Personally I wouldn't use an existing appliance like that for trust reasons (also the reason I'm not over-keen on half-baked Docker repositories), but with virt-builder you can do something like:
> It sounds as if you're looking for fully formed applications (eg. PostgreSQL or whatever)
I'd like to see a good opinionated base stack for say Django (i.e. Postgres, uwsgi and redis) as well as fully fledged installs for stuff like Sentry, Gitlab, Zulip and similar apps.
We've of course built our own Django deploy using Ansible but I'd like to see some community efforts that are shared and get reviewed, critiqued etc.
I suppose this is an argument for 'recipe' over 'image'. You get to see how it was built and the chance to easily combine things from different recipes.
The downside is everything then is fragmented depending on the builder you choose (ansible vs whatever).
Take a look at https://www.turnkeylinux.org/ - their images are available as VMDK, OpenStack, Xen, Docker, among others. Their images are all hackable too.
I have no clue what the advantages of OSBoxes are but I know what like about Vagrant: being able to see how the box is provisioned
Rather than having a VM be some magical preconfigured black box, I can peak at the Vagrantfile to see all the steps to convert a stock Linux host into a database/cache/MQ/xyz. From a security perspective it's much nicer too as one can reduce the level of trust to: 1) Do I trust the root box? 2) Do I trust the subsequent commands?
Note that unless you rebuild the .box yourself, you probably still can't actually trust it any more than one of these. Building a .box with a fake Vagrantfile inside is not really difficult.
I've used the site in the past when trying to preview distros. Website design aside, it's not bad.
I totally understand the security risk, but really, as long as you're only spending a few hours with the VM to see what the distro is like, exactly how much damage can you do in a VM anyway?
I was thrilled to try FreeBSD with KDE pre-installed to play with, since I had tried previously to manually install a desktop environment on FreeBSD and borked it.
