Wednesday Mar 10, 2010

Dan Roberts on OpenSolaris ... or Something Useful in our meeting!

As part of the existing OpenSolaris constitution, we (the OpenSolaris Governing Board) are required to hold an annual "meeting" before the election in order for the election to be valid.  While, generally, this involves a fetch a rock exercise of core contributors (aka "members") logging into the forum, announcing themselves, then logging off, we do occasionally have useful and interesting conversations here. (and before you comment how silly that requirement is, please note that we have a new proposed constitution at this year's election that removes the annual meeting requirement).

Peter Tribble invited Dan Roberts to our virtual meeting the day after it started, and he joined and was very forthcoming about Oracle and their thoughts on OpenSolaris and Solaris:

"Oracle is investing more in Solaris than Sun did prior to the acquisition, and will continue to contribute technologies to OpenSolaris, as Oracle already does for many other open source projects."

While not all questions could be answered at that time, I was very pleased to see the community being engaged and concerns listened to.

Tuesday Dec 01, 2009

Solaris Security Essentials is Out!

I found out just before going on Thanksgiving break, by searching Amazon myself, that I am now a published author! Solaris 10 Security Essentials is officially released!

I would've thought the publisher would've let us know, but apparently that's not an unusual problem. All the same, I am so excited to be counted among the elite of the published author!  We debuted #68,242 on Amazon's Best Seller list, and climbed to the top 20,000 by the end of the week! And since publication, we're now available on the Kindle!

While the title suggests this is only for Solaris 10, all of the concepts are applicable to OpenSolaris as well, though some of the examples may differ slightly in OpenSolaris. In fact, the working title had been "Solaris Security Essentials" and I wasn't even aware of the change until I saw it on Amazon. :)

Writing a book was such an interesting process! Starting with just a basic idea from our director about writing a book about what we all do and love, to all of us contributing suggestions for what topics would be interesting, volunteering to write specific chapters, generating outlines, arguing with the publisher about why 80 column width was required for command line related text, and working with great co-authors, editor and project manager to see the finished product! \*whew\*

The book is also available on Safari and in brick & mortar bookstores everywhere.

I am so proud of each and every one of us for pulling together and getting this project completed. Let me know what you think of the book!

Thursday Jul 30, 2009

SSH with aes256ctr support not working on some S10 systems

I've been getting emails today about SSH aes256ctr being broken on some Solaris 10 machines.

This goes back to my work earlier to get strong crypto included by default on all Solaris 10 systems.  This started in Solaris 10 Update 4, and I guess I figured everyone would read my blog, jump for joy and upgrade their systems. ;-)

It seems some of you haven't and are now seeing errors like:

sshd[8975]: [ID 800047 auth.crit] fatal: matching cipher is not supported: aes256-ctr

Which is a direct result of Sun's SSH now taking advantage of  the presumed availability of strong crypto on the systems.  This works fantastically well on newer Solaris 10 systems.

This issue is now covered by a bug, and you can see one workaround there.

Let's assume you \*do\* want strong crypto, though, and you want to stay on an older release of Solaris 10. In which case, you need to install the original S10 version of SUNWcry and SUNWcryr onto these older Solaris 10 systems and reapply all cryptographic framework patches.  The packages are available as part of the Solaris 10 Encryption Kit. You need to reapply the patches, because when you installed them before SUNWcry & SUNWcryr were not on the system, so would've missed all the patching goodness for their bits.  It's important that you do this, or you will end up with mismatched bits for the cryptographic framework, which will have undefined (ie probably not good) results.

Thursday Jun 25, 2009

Up to my eyeballs in tests

As a Change Request Team advocate, I am stringent about asking for test results and always very annoyed when an implementor complains about how complicated the tests are to run.

Now after having spent the last several days finding working test hardware from our pool of test machines, and fighting with test installations and executions... I'm still waiting for my baseline results. I haven't even run the full tests on my own bits yet.

Which is another story.... while my builds were successful and my changes to libelfsign seemed to be kosher, I found that after doing a bfu that my test machines wouldn't even boot.  No, I didn't change libc... so I was very surprised that such behaviour was seen. Yes, I knew things like kerberos and IPsec would not work correctly if libelfsign (a core component of the Cryptographic Framework) wasn't working - but inability to boot? I was shocked.  With some help from pwernau and meem, I finally got one of the systems up in single user mode to discover the linker was doing something... unusual.

Fortunately, a very responsive Rod Evans came and looked at my limping test system and figured out what the linker was doing wrong (and also something one of the libraries in my calling path was doing wrong), and now I've got systems I can play with.

Except when I forget to sync my x86 build workspace with my sparc workspace and I build archives without Rod's fix... and then wedge another test machine.

Hopefully the code will be up for review soon, when I will add another blog entry detailing what it is exactly I'm trying to do and why.

Sunday Jun 14, 2009

OpenSolaris Turns 4!

Wow, it's been four years now since Sun launched OpenSolaris.  We've come a long way since then - built up a budding community, taken lots of contributions from outside, and we're even turning out a pretty decent OS based on this now! It's on my desktop, laptop and home machine.  There's still a lot to do, but overall I'm very impressed.

It's been very cool doing code reviews openly and getting design feedback directly from the real world before any code is even written. This has greatly changed the way I do my job, for the better!

Wednesday May 20, 2009

Free Solaris and Java training

This is pretty cool - Sun Learning is offering a Career Stimulus Learning Package for free - there are some Solaris system administration classes, some Java and JavaFX classes and resume templates on the site. If you're a Sun Alum who has left the company within FY09, there are even more classes and some discounts offered.

Tuesday Mar 24, 2009

Yay! Elected to the OpenSolaris Governing Board!

Well, the results are in! I was elected to the 2009-2010 OpenSolaris Governing Board, along with several other fine candidates.  There were so many fine people running, I really had no idea if I would be elected. Now that I have been, I have a lot of work ahead of me, I think!

Unfortunately, the new constitution did not pass, due to lack of voter turnout, essentially. Which is exactly one of the major things the new constitution was trying to fix.  Basically, in the existing constitution, in order to get voting rights in communities and recognized for your efforts, you need to become a core contributor. The elections depend on all core contributors turning out and voting, but it turns out that many of them are not interested in general governance, but rather just their community.  The proposed constitution separated the rolls of electorate and contributor, so only those interested in governance would be required to vote.  Alas, it did not pass.

I am looking forward to this extra challenge and I am now definitely inspired to make sure I leave a positive mark on the community!

Friday Mar 06, 2009

OpenSolaris Governing Board Candidate Positions and Bio

I am so honored to have received a nomination for the OpenSolaris Governing Board election for 2009-2010. I am currently a staff level development engineer in the Solaris Security Technologies group at Sun Microsystems, where I am a core member of the Solaris Cryptographic Framework team.  I am running with the approval and support of my  management.


I have a bachelors degree in Computer Science from Purdue University, where I was first exposed to Sun hardware and the Solaris operating system. One semester the engineering department took back the SPARCStation5's they had lent us and we found out they were going to be replaced with Intel boxes running Windows.  I joined the group of rabblerousers that wanted to continue to do our work with Solaris, and we soon found ourselves with a lab full of Intel machines running Solaris 2.5.1. :-)

That summer, I did an internship with Amoco Oil (now BP) and got a job as a systems administrator for Solaris & SunOS machines. I fell in love with the big iron, the desktop systems and the operating system and decided then and there I wanted to work at Sun.

I joined Sun early in 1997 in the Solaris test group, starting out as the gatekeeper for the Solaris Test Collection. I was the first gatekeeper to actually version the test suites by the OS they were developed for, which was a great relief going forward for the sustaining organizations - who now found that they could run the Solaris 2.6 tests successfully on 2.6 patched systems, without worrying about test changes introduced to support new features.

It's been a long time since then, and I have found myself working in sustaining on the SunScreen bridging firewall appliances (back before appliances were cool), as an architect for the network address translation component of the layered releases of SunScreen, IPsec, as a developer for the Solaris Cryptographic Framework, and actively working on simplifying access to cryptography in Solaris and in OpenSolaris.

While here, I have worn many hats, in addition to my "day job". I have been representing Solaris for defect tracking concerns for ten years, was the technical lead for the Operating Systems and Networking (ON) consolidation for Solaris 10 Update 1, worked closely with the webRTI team on their initial deployment and successive updates, worked with the OpenSolaris sponsor program, and am the Chair for the ON Change Request Team.

Additionally, I spent 3 years on Sun's Security Ambassadors Board of Directors, where I evangelized Solaris security features, assisted customer facing engineers find the tools and the contacts they needed to get their jobs done, and helped organize our annual conferences.

I am a Core Contributor in the OS/Net (ON), Security and Tools communities.

I believe in the open community. I have worked on getting many defect tracking enhancements done to improve community access, like pushing for external bug update notification emails, coming up with the concept for and assisting in how to implement the Public Comments field in bugster, working with people to open their bug tracking components to the world, and am currently involved in attempting to move us to a solution where external developers can participate on equal footing.

I am also a huge proponent of women in technology, starting with involvement with the pilot Women in Science program at Purdue and restarting the Women in Computer Science program there as well, and most recently as an official blogger for the Grace Hopper Women in Computing conferences.

If there is anything that being a woman in technology has taught me is how important community is - without it, women in technology abandon the field.  I know we have problems with the OpenSolaris community and I want to help make this better.  Communication is so key to a community (in fact, they share the same root :-), and we all need to work on this area. I don't want the community to disappear.

If I am elected to the 2009-2010 OGB, I hope to use my position on the board to help accelerate the seemingly stalled true opening of defect management for OpenSolaris, engender open communication with Sun, and build this community up to what I know it can be.

Hobbies & Personal Information

I was raised in Fort Wayne, IN and was formerly a Bubb (hence the handle, bubbva on IRC and here).

In addition to writing code and reviewing RTIs,  I love to ride my bicycle, perform in various community theater groups in the San Francisco Bay Area, read, listen to music, sing, ski, bake, take pictures, neglect my personal website due to all of these activities and spend time with my husband and my very demanding Ragdoll cat. And I can't get enough of American Idol Season 8... :-)

If you got this far, I'm impressed and I really do appreciate your vote.

Thursday Dec 18, 2008

encrypt command will suddenly no longer be annoying!

Thanks to a fix from Dina Nimeh's latest push of changeset 27f403fbf8ca, the next OpenSolaris release will now prompt you twice for the passphrase it uses to generate the key to encrypt your data with. This is a long overdue change, one that I can't believe we didn't do sooner. The way we implemented it before, it was too easy to lose your data if you made a mistake the first time you put in your passphrase. Yay!

Friday Dec 12, 2008

Rough Cut of Solaris Security book published!

I'm about to become a published author! Okay, currently I'm just credited as "Sun Microsystems Security Engineers", but it is a step in the right direction.  Our organization found that a lot of papers and books out there on Solaris security were out of date, just plain wrong or missing coverage of cool features, so we thought what better way of setting the record straight then writing our own book?

Management got behind this, and many of the members from our organization set to writing an outline for the book and for each chapter and found an interested publisher.  Next came the hard part - writing the actual chapters! Okay, it wasn't that hard, because we all wrote about the technology areas we know and love, but we had to make tough calls on what to leave out and make sure we didn't miss any critical information.  Once we got all of our drafts together, Sharon Veach edited our work and wrote the introduction for the book, Solaris Security Essentials. The book is on Safari right now for review before we publish - please leave comments on the Safari site so nothing gets lost. The external link only shows excerpts, so if you are internal to Sun, please create a login using your Sun email address and look at the Sun Internal link.

I worked with Jan Pechanec and Darren Moffat on the Solaris Cryptographic Framework chapter, which is all based on Solaris 10 Update 4.  We leveraged work from my previous white paper and an updated paper by Wolfgang Ley. Some chapters appear to be missing still, but I'm sure they'll appear on the site over the next few days.

During this process I was told I use too many exclamation points in my writing, which (apparently) makes readers tired. How strange is that?


Valerie's former weblog. The new one can be found at


« June 2016