Tuesday Mar 23, 2010

OpenSolaris Constitution passed, new OGB voted in... and thanks!

I am so happy to be able to write that the new OpenSolaris constitution has received a strong majority of votes and was ratified by the community!  While I was still frustrated that we didn't get closer to 90% turnout, since becoming a member of the electorate is voluntary and comes with only one responsibility: voting, but I was thrilled to hit a new high for OpenSolaris elections of 71% voter turnout!

Thank you, everyone, for taking the time out of your schedule to participate and make this happen. I am happy for the entire 2010/2011 OGB: 

  • Dennis Clarke
  • Moinak Ghosh
  • Teresa Giacomini
  • Simon Phipps
  • John Plocher
  • Joerg Schilling
  • Peter Tribble

I think they'll all do a great job, especially under the terms of the new constitution!

It was with great pleasure I was able to serve on the board for this past year. I learned many things about myself, some good - some bad, and how better to work with others, when we are not necessarily seeking a common goal. I loved meeting community members, working to fix our problems, identifying things for future OGBs and shaping our community. I feel I have grown and matured in ways I could've never imagined and thank all of you for letting me participate so closely in the governance of your community.

While time commitments didn't let me re-run for the OGB, I am excited about the new board and wish them all luck! I'm sure they'll do a great job.


Thursday Mar 18, 2010

OpenSolaris Election for new OGB and New Constitution is open now!

The OpenSolaris community elections are well underway, yet we are still very low (in my opinion) with the number of people that have actually cast ballots!  Everyone who has accepted a core contributor grant is expected to cast a ballot, though it is not required that you vote for both the candidates and the constitution in order to have a valid ballot.  Out of the 428 eligible voters, only 270 have cast a vote.

The out going OpenSolaris Governing Board (OGB) worked very hard on the new constitution which requires a majority of the eligible voters to approve it in order to pass. While more than a majority have logged in a cast a ballot, we missed passing last years constitution by only a handful of votes, so I'd really like to see our number of voters hitting 300-350.  Really, there's not much else a core contributor grant gives you, right now, in the community other than the right to vote in the annual election.

So, if you are a core contributor (or not sure if you are or not), please hop on over to the polling place and cast your ballot in this critical election. (if you're not eligible, the system won't let you vote ;)

Thank you! Valerie

Wednesday Mar 10, 2010

Dan Roberts on OpenSolaris ... or Something Useful in our meeting!

As part of the existing OpenSolaris constitution, we (the OpenSolaris Governing Board) are required to hold an annual "meeting" before the election in order for the election to be valid.  While, generally, this involves a fetch a rock exercise of core contributors (aka "members") logging into the forum, announcing themselves, then logging off, we do occasionally have useful and interesting conversations here. (and before you comment how silly that requirement is, please note that we have a new proposed constitution at this year's election that removes the annual meeting requirement).

Peter Tribble invited Dan Roberts to our virtual meeting the day after it started, and he joined and was very forthcoming about Oracle and their thoughts on OpenSolaris and Solaris:

"Oracle is investing more in Solaris than Sun did prior to the acquisition, and will continue to contribute technologies to OpenSolaris, as Oracle already does for many other open source projects."

While not all questions could be answered at that time, I was very pleased to see the community being engaged and concerns listened to.

Tuesday Feb 23, 2010

Nominations for OpenSolaris Governing Board 2010-2011 are open!

The current OGB is taking nominations for the next OGB who will be in office from April 1, 2010 until April 1, 2011.  Serving on the OGB has been an enlightening and very interesting experience!  Nominations are just open until March 1, so please don't delay in nominating yourself or others you think would do a good job on this board.

A tip of the hat to my colleague, Peter Tribble,  for already writing up all the gory details! Please check out his blog for more information.


Friday Dec 11, 2009

Sysadmins: do you like answering questions?

A debate started up in our hallway over the last few days, and while I am aware that this is water under the bridge, I am curious - am I the only person that likes answering questions while installing an OS?

Before I came to Sun, I was a system administrator. I administered systems running AIX, HPUX, IRIX, Solaris, SunOS, WinNT, Win95, and Win3.1. When installing the OS or any software, I always choose "custom install" or "advanced install". I like having that choice, as the software invariably makes the wrong choices for me.  At the very least, I like being able to validate the choices the software has made before they are committed to disk. I am impressed when the software can correctly figure most things out, if it can, but no software, in my opinion, can possibly predict the correct answers for all installations.

There is a lot of lore here in Sun that system administrators and developers don't like all the questions we used to ask during installation of Solaris, which is why this has changed so drastically for OpenSolaris. My experience, though, is limited only to my own and those administrators I worked with at Intel and Amoco (BP, now), so I'm curious - what do you think? Do you abhor questions during install time of software? Or would you rather have the option to review the choices it made for you? Or make the choices yourself?


Wednesday Oct 21, 2009

Still time to register for the OpenSolaris Security Summit!

Advanced registration for the OpenSolaris Security Summit that is going on in Baltimore, Maryland on Tuesday, November 3rd in conjunction with USENIX LISA 09 is open until October 26th. After that, you'll need to register on site, space permitting.

Why should you go?  This free summit will include some of the top people in the field of computer security and networking, including author and luminary Bill Cheswick!  This will be your chance to learn about technologies already shipping with the Solaris 10 Operating System as well as get a peak at what is coming in the future for OpenSolaris!

Did I mention this is free? While you're in town for LISA conference, why not spend a day getting free training from Sun Microsystems? btw, you don't have to be attending the LISA conference to go to this summit - so if you just live nearby, you should take advantage of this opportunity!

Oh, and it comes with lunch and a chance to win free prizes, too, FTW!


Tuesday Oct 20, 2009

GHC09: Pictures and video!

Okay, I still haven't downloaded my pictures off of my camera (if only I had more hours in the day...), but fortunately Terri Oda is more on the ball and she put this gem up on flikr:

That's me, Terri, Kathryn, Stormy, Sandy and Teresa!

Ed and Ashley have been busy as well, putting up these interviews of Sun women that attended the Grace Hopper Celebration of Women in Computing:


Deirdre Straughan and Teresa Giacomini are interviewed about community development!

Me getting interviewed about Open Source, OpenSolaris and my work at Sun Microsystems!


Friday Oct 02, 2009

GHC09: Open Source Community Development: A Moderator's Perspective

I was so nervous yesterday hosting my first panel at the Grace Hopper Celebration of Women in Computing. I had put off writing my introduction until arriving at the conference, thinking I'd have plenty of time to do it... not realizing that I would be reconnecting with friends that have moved across country or students I met last year or just this year. Time, suddenly, didn't exist, so I ended up skipping the plenary session on path to executive leadership so I could take the introducion I'd written in my head & put it on paper to make sure I wasn't missing anything nor was my introduction going to take up too  much time.  Sure enough I had to do a couple of edits to get it right, so while I was sorry to miss out on that session, I'm glad I took the time to do so.

When I got to the room, it was a bigger space than I expected, but at least everyone could have a seat :)  My OpenSolaris laptop worked right away with the projector, which made me very happy.  The technician setting up the room recommended I set my computer so the screen saver wouldn't come on. I thought I'd done that before... so I didn't bother checking. Stupid hubris.

I only had two slides - which are on the GHC wiki - the first with the name of the talk and the second had the names of each panelist, in the order she was sitting, with their affiliation. After the session finished, I got a lot of positive feedback on that - it's good to know I'm not the only person that can't keep track of all of the panelists (particularly when we all seem to have last minute changes in our panel lineups).

As I started introducing each of the panelists, I had all of the advice on running a panel running through my head - terrified that I'd screw something up: mispronounce a name or affiliation, stutter or knock my paper list of intros on the floor.  Fortunately, none of those things happened in the first few minutes :)  I did step on Stormy's self-introduction a bit, but she forgave me and made sure she was heard.

One piece of advice I had read, which was really counterintuitive for me given my melodrama training at the Gaslighter Theatre, was to not look at your panelists when they are talking. In melodrama, you say your lines straight to the audience, then turn and face the next speaker. This draws the audience's eyes to the speaker.  But, I found as I did this, just as the advice said would happen, the panelists looked at me instead of at the audience. As rude as it felt, I had to force myself to turn my gaze back to the audience. It worked!

I was so happy with how each woman on the panel had prepared their introduction and had thought about the questions from our proposal, though I was surprised when they didn't naturally follow-on to each other at first. I think this was because I said I didn't want more than 2 women answering any one question, so we could keep the flow going. :-)

About ten minutes into the talk... my screen saver started to kick in. \*d'oh\* I wiggled the mouse. Something happened and the display "flipped out" - it started flashing and was filled with horizontal bars.  I couldn't get the console to respond, so just rebooted... which took us to a brief OpenSolaris advertisement as the system happily restarted. Thank goodness for the fast boot, though!

I did finally stop shaking about a third of the way through the panel and was able to replace my forced smile with a natural one, as I could finally relax and enjoy the panelists.

I was very impressed with what some of the other communities have done to encourage women to join their community and that got me thinking about doing something for OpenSolaris. We're such a big thing - with many sub communities - any suggestions for doing this?

I was so happy with all of my panelists: Stormy Peters, Kathryn Vandiver, Sandy Payette, Teresa Giacomini and Terri Oda! Thank you, ladies!

Friday Sep 11, 2009

Preparing for my panel at Grace Hopper!

I'm moderating my first panel at a large conference at the upcoming Grace Hopper Celebration for Women in Computing.  I've been on panels before. I've done entire hour long presentations before. But I've never moderated a panel.

Now, in just a couple of weeks, I will be moderating  "Open Source Community Development" where we'll be tackling issues about how Open Source communities grow, thrive, and possibly die or wither away. Interesting topics I hope we can explore will be about building trust and encouraging women to participate. All of these things I think will be helpful for the OpenSolaris community.

The question remains: how best to moderate? I know from personal experience that I appreciate a moderator who keeps the flow moving, knows when to take a discussion "off line", and keeps up a slide of all of the speakers' names so the audience doesn't have to remember. So, it's a given I'll do those things (and hopefully do them well).

But after reading several great "how to moderate a panel" blogs (thanks, Stormy, for the intitial link that got me started on this), I've gotten a lot of conflicting information, so I'm going to have to make some decisions myself. For example, several folks who have moderated other panels argue that the moderator must always introduce the panelists, while others suggest letting the panelists themselves do it.  Personally, I've always introduced myself, either while presenting alone or on a panel.

Some recommend assigning a few questions to certain panelists in advance and making sure you all meet as a complete group before the panel, while others say that doing so will ruin the spontaneity of the panel.  I believe that at least a short meeting before hand is warranted so we will at least have the name to face thing down.

All the advice is clear, though, I need to make sure I am personally familiar with all of the panelists' backgrounds and areas of expertise so I can direct questions appropriately. While I know a few of these women personally, or follow them on twitter, and clearly learned about them when we were proposing the panel, I still need to make sure I do all the appropriate research.

Do any of you have any advice in this area? After all, as the audience, you will be my customer!

Here are links to the advice I've been reading:

Friday Aug 28, 2009

OSCON, Women in FLOSS, me and a puppet named Jack Adams

A month ago, I was lucky enough to go to a few bits & pieces of OSCON in San Jose with my exhibit pass.

While there I got to meet a TON of really cool, really clued in folks at the OpenSolaris booth. This was a different experience than I've had at other conferences doing booth duty. First of all, our booth was right by the front door, was large with couches for lounging, and we had a lot of cool stuff to give a way.  Anyone that installed OpenSolaris (even just in a virtual box) on their laptop got a free t-shirt. We were also giving away install media and getting started guides, of course, as well as cool stickers for your laptop that said "Powered by OpenSolaris" (I got one myself!).  The people that approached the booth not only knew what Sun did already, but were at least relatively aware of Solaris. Some hadn't used the OS in awhile, some wanted to know the big differences between OpenSolaris and Solaris, others just had questions about very specific technologies.

I got to show my lack of skills at Guitar Hero as I was pitted against Microsoft's Sara Ford in a battle of the operating systems.  To be fair, I'd only played the game once before, and that was more than 18 months before. If it had been Tekken or even Wii Bowling, it would've been a different story, I tell ya!

(Photo by Pınar Özger)

I attended the Women of Free/Libre Open Source Software BoF (Birds of a Feather) session run by Kirrily Robert, which had an impressively large turnout - around 25 people, mostly women (the rest were "advocates" :). It was good to meet a lot of other women working in Open Source and just in technology in general. Like a sneak preview of the Grace Hopper Celebration of Women in Computing conference, though surprisingly few of these women were familiar with that conference.  We tried to keep it from turning into a venting session about some clueless and/or rude men we've all worked with in the past, and tried to give each other suggestions for things we've found has worked.  Kirrily then had us all go around the room to discuss our favorite woman themed book. Mine, of course, was Women Don't Ask: Negotiation and the Gender Divide. I'm hoping she'll post the complete list soon, as I heard some very interesting titles come by!

Our Solaris Security BoF was just after that, so I couldn't stay for the entire Women in FLOSS BoF.  When I got to our BoF room, I was dismayed at discovering the facilities team had taken away our projector! I had checked everything out the night before, to make sure our OpenSolaris laptops would work with their projectors and even confirmed with the A/V guy that we would have the same equipment for our BoF on Friday. Everyone I asked that was working for the site said we'd have the equipment, but apparently not.  This started us off on a bad foot - but fortunately, many of us had brought laptops with the presentation on it that we were able to distribute through the small crowd so they could follow along.

I will admit, I was very disappointed by our small turnout we had at our BoF. The guys that were there (sorry, except for Sun staff, it was only male attendees) were very interested in our topics of discussion and asked a lot of great in depth questions. It was taped, so hopefully we'll have the video soon!

Speaking of videos, I was also able to help Jack Adams, a puppet, with his OpenSolaris security concerns and problems.  This came out well, considering the lack of script. All that improv training at the Gaslighter Theatre comes in handy, even for technical talks. Good job, Deirdre, for putting this together! Enjoy!

(though I really should've taken off my badge, so you could see my "I HEART OpenSolaris" shirt better :-)

Thursday Aug 13, 2009

Managing Your ON Mercurial Gate

Working on my recent projects, I became frustrated with a lack of one-stop-shop for Mercurial for use with OpenSolaris development. My focus is on the ON (Operating System and Networking) Consolidation, of course.  As an internal developer, my steps assume access to things like usr/closed.  If you are external, you will need to get your closed binaries from the closed binary tarballs.

I did find the HG Workflow document helpful, but not complete for my every day tasks. You should read that as a starting point, as it has lots of good tidbits on backing up your changes and managing project gates.

Please send any corrections or additional tips you might have this way, and I'll update this post.

Setting Up Yourself

First and foremost, make sure you have set up for cadmium and have your .hgrc set up as follows:

$ hgsetup

[...]

$ more .hgrc

[extensions]
hgext.cdm=/ws/onnv-tools/onbld/lib/python/onbld/hgext/cdm.py

[email]
from=First.Lastname@Sun.COM

[paths]
onnv-gate=ssh://onnv.sfbay.sun.com//export/onnv-gate
onnv-clone=ssh://onnv.sfbay.sun.com//export/onnv-clone
onnv-closed=ssh://onnv.sfbay.sun.com//export/onnv-gate/usr/closed
onnv-closed-clone=ssh://onnv.sfbay.sun.com//export/onnv-clone/usr/closed


[merge-tools]
filemerge.gui=True
filemerge.args=-a $base $local $other $output
filemerge.priority=1
filemerge.executable = filemerge
filemerge.checkchanged = true
filemerge.premerge = false

meld.gui=True
meld.priority=0

gpyfm.gui=True
gpyfm.priority=0

[ui]
username=Valerie Bubb Fenwick <First.Lastname@Sun.COM>
style=/ws/onnv-tools/onbld/etc/hgstyle


without the style settings, your Change Request Team Advocates will have difficulty reading your "hg outgoing -v" output and will likely put your RTI (Request to Integrate) on hold.  I have customized my filemerge utility to be TeamWare's familiar filemerge.

Note: Email addresses used in here need to be real, routable addresses!

Setting Up Your Gate

Our build server leverages ZFS, which I highly recommend, as it gives you the quick ability to create snapshots before doing a major rewhack of your code. Here's what I do on the build server with ZFS:

$ zfs create builds/bubbva/<workspace>
$ cd <workspace>
$ hg init
$ hg pull -u ssh://onnv.sfbay//export/onnv-clone/
$ hg update
$ hg reparent ssh://onnv.sfbay//export/onnv-clone/
$ hg clone ssh://onnv.sfbay.sun.com//export/onnv-clone/usr/closed <workspace>/usr/closed

Now, if you're not using a ZFS pool for doing your development, it's a little easier to setup:

$ hg clone ssh://onnv.sfbay//export/onnv-clone/ <workspace>
$ hg clone ssh://onnv.sfbay.sun.com//export/onnv-clone/usr/closed <workspace>/usr/closed

Note that the seemingly extraneous slash is not so, it is part of the communication with ssh and is indeed required.  I don't know why hg clone won't work with an otherwise empty directory as its target, which would make doing this with a ZFS pool much simpler, but it doesn't.

On the ZFS snapshots, I recommend coding the date into the snapshot name, as the default listing of snapshots does not include that information, which makes it very tricky to figure out "what did I call that snapshot yesterday!?".

$ zfs snapshot builds/bubbva/<workspace>@Aug14_01
$ zfs snapshot builds/bubbva/<workspace>@Aug14_02

Finding Files in the Source

I often find that I know the name of the file I want to modify, but really have no idea of where it resides in the source - or perhaps I just know a partial name, like "softtoken".  In teamware, I would always just grep the nametable, but since Mercurial has no equivalent concept, there is nothing quite that fast. Here's what I do now instead:

$ hg manifest | grep <filename>

Editing Files

Unlike with SCCS, there is no need to checkout files - just use vi/vim/ed/emacs/xemacs/etc and have at it.  If you don't like your changes, simply revert.

$ hg revert <filename>

I've had mixed results with this, so find out what the previous revision to your changes was with:

$ hg log <filename> | more

If you need to create a new file:

$ hg add <filename>

To remove:

$ hg rm <filename>

To move (this works on entire directories, as well):

$ hg mv <filename>

When you are satisified with your changes:
$ hg commit

Managing Children to Build

It's always a good idea to do builds on both SPARC and x86, even if your changes seem like they're architecturally neutral. In fact, many members of the Change Review Team will require it.  Some folks will even recommend you don't build in your "change master" to ensure you haven't forgotten to commit a file or "hg add" a new one. That's not strictly necessary, as long as you've done a build from a child of your main gate on another architecture, though, if you've done a lot of moving things around or creation of new files, you really should do it.

The problem comes from if you have done multiple "recommits" in your build master, this confuses your children. One way you can manage this is to always bring over a fresh build child. That's cumbersome though, at best.

Here's what I do (IN THE BUILD CHILD ONLY! NOT FROM A GATE YOU WANT TO PUSH FROM!):

$ hg pull
$ hg update -C

Preparing for Review

First, commit your changes. This will give you a chance to put all the relevant CR IDs into your comments. Unfortunately, every CR will be associated with EVERY file in your changeset. That's just how mercurial works.

(note: for advanced users, you can try Mercurial Queues, which does a much better job of managing this. I haven't tried it yet, but maybe I will on my next gate with multiple bug fixes. Mark Phalan has a nice blog on it.)

$ hg commit

If you're working with simply open source, this convenient option has been provided to prepare and publicly post your webrevs to http://cr.opensolaris.org/~<username> [1]:

$ hg webrev -O -U

Vladimir Kotal has a good blog entry on automatic webrev uploads.

I've been using a wrapper (hgwr, formerly wxwr), originally from Bill Sommerfeld, for webrev for a long time that keeps revisions of reviews available. This is handy so that you can incorporate changes from one code reviewer & post the updated webrev for that reviewer to verify you understood their comments, while not changing the code under another reviewer.

This is great for me, as a developer, as well, because as reviews trickle in, they all refer to a specific line number. If I've already incorporated changes, then the line numbers may have changed significantly. Having the original review source available is invaluable.

If you use this script, or something like it, the -U option to webrev is not useful. Instead you can use scp (MAKE SURE YOU STILL SPECIFIED -O for OpenSource to the wrapper, or your bug links will all be to the internal site):

$ scp -r <workspacename>.<reviewnum> bubbva@cr.opensolaris.org:

(Note: that trailing ":" is not a typo, but required scp syntax.)

If you're additionally working in closed source, you'll need to utter the following:


$ cd <workspace>/usr/closed/
$ hg webrev


In case it's not obvious, do not load this webrev to opensolaris.org ;)

Resynching With The Clone

This starts with a simple:

$ hg pull -u

but you will always have to merge, even if nobody changed the same files you did. One thing I've learned the hard way about Mercurial is that if it can't open a tool to do a merge (in the case that someone has updated the same file you did) it will simply do the merge for you and do nice things like add a blank line in the middle of an enumerated list...)

So, if like most of us you don't have your workspace on your desktop, but rather on a build machine, you'll want to start this process like this:

$ ssh -X <buildmachine>

Which will allow the graphical mergetools, like filemerge, to open when you get to the next step:

$ hg merge

and you'll need to commit again:

$ hg commit

More Unusual Tasks

Finding what changeset changed which lines:

$ hg annotate <filename>

Finding out which changesets impacted a file (useful for backing out individiual changes):

$ hg log <filename>

Finding History of a File if It's Been Moved

Because Mercurial isn't really a file based source code management system,
when you move a file the history does not move with it. That is, it appears as if it's a new file. You can still pull some of this history (like which changes were introduced under what name):

$ hg history -f <filename>
$ hg log -f <filename>
$ hg annotate -f <filename>

I Made Changes to a File Then Moved It and Want To Back Out the Changes (but not the move)!

Oops - I did this. Once.  Because of how poorly mercurial handles file level operations, this is difficult to correct. For example, I made some minor edits to a file, including updating the copyright date, then I moved it. hg revert no longer worked!  I was able to manually revert the changes, the file still showed up as changed in my workspace and 'hg outgoing -v'.

While I was told that it would have been acceptable to push this junk, it seemed sloppy to me.  Due to the lack of per file controls, it is actually pretty easy to apply your changes to a new workspace using patch(1) and the "patches" provided by webrev, then redoing the moves, as needed.

Ready to Integrate!

Of course, you've read all of the RTI Nits, done all your testing, filed any documentation and test bugs and made sure they can be fixed at the same time as your integration and gotten your RTI (Request to Integrate) approved by a member of the Change Review Team... then you're ready to go!  The problem is, so are lots of other people...

This is what I call the Mercurial Push Dance.  All it takes is one more implementor heading for the gate at the same time, to begin this nasty tango...

$ ssh -X <buildmachine>
(because you will have to merge...)
$ hg commit
$ hg pull -u
$ hg merge
$ hg commit
$ hg recommit

If you had actual conflicts (ie same files changed), CHECK THE MERGES. Run webrev again and make sure only your changes are there. Because the mergetools hooked into Mercurial grab focus when they come up, they are known to grab spare characters and insert them into your code.  I've found stray "$" and other things that just wouldn't be a good thing to push.

Rinse & Repeat, until other folks stop beating you to the gate. When you're ready:

$ cd usr/closed
$ hg path default > /tmp/closed-mommy
$ hg reparent ssh://onhg@onnv.sfbay.sun.com//export/onnv-gate/usr/closed
$ hg push

[Closed gate changes always need to be done first, because once you push to the open gate, the incremental build will start.]

$ cd ../..
$ hg path default > /tmp/open-mommy
$ hg reparent ssh://onhg@onnv.sfbay.sun.com//export/onnv-gate
$ hg push

[...]

After you finish the Tango de la Muerte... I mean, the Mercurial Push Dance and have successfully gotten your bits into the gate, don't forget to:

$ hg reparent `cat /tmp/open-mommy`
$ cd usr/closed
$ hg reparent `cat /tmp/closed-mommy`


[1] These all assume you've set up your SSH key on the opensolaris.org site. This is required for posting webrevs and doing integrations into the main gate.

Many thanks to the other developers who hang out on irc.sfbay/#hg-help and freenode.net/#onnv-scm, particularly Rich Lowe, Mark J Nelson and David Powell.


Thursday Jul 30, 2009

SSH with aes256ctr support not working on some S10 systems

I've been getting emails today about SSH aes256ctr being broken on some Solaris 10 machines.

This goes back to my work earlier to get strong crypto included by default on all Solaris 10 systems.  This started in Solaris 10 Update 4, and I guess I figured everyone would read my blog, jump for joy and upgrade their systems. ;-)

It seems some of you haven't and are now seeing errors like:

sshd[8975]: [ID 800047 auth.crit] fatal: matching cipher is not supported: aes256-ctr

Which is a direct result of Sun's SSH now taking advantage of  the presumed availability of strong crypto on the systems.  This works fantastically well on newer Solaris 10 systems.

This issue is now covered by a bug, and you can see one workaround there.

Let's assume you \*do\* want strong crypto, though, and you want to stay on an older release of Solaris 10. In which case, you need to install the original S10 version of SUNWcry and SUNWcryr onto these older Solaris 10 systems and reapply all cryptographic framework patches.  The packages are available as part of the Solaris 10 Encryption Kit. You need to reapply the patches, because when you installed them before SUNWcry & SUNWcryr were not on the system, so would've missed all the patching goodness for their bits.  It's important that you do this, or you will end up with mismatched bits for the cryptographic framework, which will have undefined (ie probably not good) results.


Tuesday Jul 21, 2009

OpenSolaris Security BoF on 23 July 2009 8PM!

8:00pm  Thursday, 07/23/2009

OSOSOS - Offering Security in OpenSource Operating Systems
Location: Ballroom A3/A6

Moderated by: Christoph Schuba

  Many operating system security mechanisms are necessary for
  developers to build secure software. While this session presents a few
  such mechanisms available and under development in OpenSolaris, it
  primarily seeks the dialogue and discussion how important these features
  are and how they compare to those of other OSes.

Speakers will do short talks on the Cryptographic Framework (Valerie Fenwick - that's me!), Priveleges (Scott Rotondo) and Zones/TX (Glenn Faden), followed by a panel from all presenters, plus Christoph Schuba and Glenn Barry (Kerberos guru).

BoFs are free, you just need to register for the expo pass (also free!)

Thursday Jun 25, 2009

Up to my eyeballs in tests

As a Change Request Team advocate, I am stringent about asking for test results and always very annoyed when an implementor complains about how complicated the tests are to run.

Now after having spent the last several days finding working test hardware from our pool of test machines, and fighting with test installations and executions... I'm still waiting for my baseline results. I haven't even run the full tests on my own bits yet.

Which is another story.... while my builds were successful and my changes to libelfsign seemed to be kosher, I found that after doing a bfu that my test machines wouldn't even boot.  No, I didn't change libc... so I was very surprised that such behaviour was seen. Yes, I knew things like kerberos and IPsec would not work correctly if libelfsign (a core component of the Cryptographic Framework) wasn't working - but inability to boot? I was shocked.  With some help from pwernau and meem, I finally got one of the systems up in single user mode to discover the linker was doing something... unusual.

Fortunately, a very responsive Rod Evans came and looked at my limping test system and figured out what the linker was doing wrong (and also something one of the libraries in my calling path was doing wrong), and now I've got systems I can play with.

Except when I forget to sync my x86 build workspace with my sparc workspace and I build archives without Rod's fix... and then wedge another test machine.

Hopefully the code will be up for review soon, when I will add another blog entry detailing what it is exactly I'm trying to do and why.


Sunday Jun 14, 2009

OpenSolaris Turns 4!

Wow, it's been four years now since Sun launched OpenSolaris.  We've come a long way since then - built up a budding community, taken lots of contributions from outside, and we're even turning out a pretty decent OS based on this now! It's on my desktop, laptop and home machine.  There's still a lot to do, but overall I'm very impressed.

It's been very cool doing code reviews openly and getting design feedback directly from the real world before any code is even written. This has greatly changed the way I do my job, for the better!


About

Valerie's former weblog. The new one can be found at http://bubbva.blogspot.com/

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today