Friday April 24, 2009

SEED panel, RSA booth duty and Take Your Kids to Work Day

On Tuesday I had the pleasure of sitting on a panel of folks talking about open projects started from within Sun, at a conference for SEED Mentoring participants.  I enjoyed talking with people from all over the company and really enjoyed learning more about the other open projects. Of particular interest to me was the speaker, Durgam Vahia, from the OpenSPARC project. He mentioned a recently released FPGA that was made possible because of OpenSPARC and was released by Xilinx.  The board, based on the T1 microprocessor can be up and running with Solaris in about 30-45 minutes and is a great way for students or any interested parties to learn about the SPARC architecture.

That afternoon, I worked in the Sun booth at the RSA conference.  Even though our booth was a bit off the beaten path, I still saw a lot of traffic coming our way. People were really interested in the OpenSolaris LiveCDs and hearing about the latest things we have been up to in Solaris Security.  We also had an SCA 6000 card and a UltraSPARC T2 motherboard. The mother board was an odd "demo" - considering it had no power supply/memory/etc, and I really wished I had the OpenSPARC FPGA I had seen earlier that day :-)

Of course, I got several of the inevitable  questions that I couldn't answer (really because I don't know anything, but even if I did, I still couldn't say).

Yesterday was a fun and crazy day, starting off bright and early with an OGB meeting, followed by a few Take Your Daughters and Sons to Work Day activities. I got to see the Project Wonderland demo, which was very cool - and the kids enjoyed playing the games, then I was lucky enough to have lunch with the girls from TechBridge.  Their passion for science and math was truly inspiring!

Tuesday March 24, 2009

Yay! Elected to the OpenSolaris Governing Board!

Well, the results are in! I was elected to the 2009-2010 OpenSolaris Governing Board, along with several other fine candidates.  There were so many fine people running, I really had no idea if I would be elected. Now that I have been, I have a lot of work ahead of me, I think!

Unfortunately, the new constitution did not pass, due to lack of voter turnout, essentially. Which is exactly one of the major things the new constitution was trying to fix.  Basically, in the existing constitution, in order to get voting rights in communities and recognized for your efforts, you need to become a core contributor. The elections depend on all core contributors turning out and voting, but it turns out that many of them are not interested in general governance, but rather just their community.  The proposed constitution separated the rolls of electorate and contributor, so only those interested in governance would be required to vote.  Alas, it did not pass.

I am looking forward to this extra challenge and I am now definitely inspired to make sure I leave a positive mark on the community!

Thursday December 18, 2008

encrypt command will suddenly no longer be annoying! Thanks to a fix from Dina Nimeh's latest push of changeset 27f403fbf8ca, the next OpenSolaris release will now prompt you twice for the passphrase it uses to generate the key to encrypt your data with. This is a long overdue change, one that I can't believe we didn't do sooner. The way we implemented it before, it was too easy to lose your data if you made a mistake the first time you put in your passphrase. Yay! (2008-12-18 14:08:25.0) Permalink Comments [0]

Friday December 12, 2008

Rough Cut of Solaris Security book published!

I'm about to become a published author! Okay, currently I'm just credited as "Sun Microsystems Security Engineers", but it is a step in the right direction.  Our organization found that a lot of papers and books out there on Solaris security were out of date, just plain wrong or missing coverage of cool features, so we thought what better way of setting the record straight then writing our own book?

Management got behind this, and many of the members from our organization set to writing an outline for the book and for each chapter and found an interested publisher.  Next came the hard part - writing the actual chapters! Okay, it wasn't that hard, because we all wrote about the technology areas we know and love, but we had to make tough calls on what to leave out and make sure we didn't miss any critical information.  Once we got all of our drafts together, Sharon Veach edited our work and wrote the introduction for the book, Solaris Security Essentials. The book is on Safari right now for review before we publish - please leave comments on the Safari site so nothing gets lost. The external link only shows excerpts, so if you are internal to Sun, please create a login using your Sun email address and look at the Sun Internal link.

I worked with Jan Pechanec and Darren Moffat on the Solaris Cryptographic Framework chapter, which is all based on Solaris 10 Update 4.  We leveraged work from my previous white paper and an updated paper by Wolfgang Ley. Some chapters appear to be missing still, but I'm sure they'll appear on the site over the next few days.

During this process I was told I use too many exclamation points in my writing, which (apparently) makes readers tired. How strange is that?

Wednesday December 10, 2008

OpenSolaris 2008.11 officially released!

Seems like ages ago when I was testing the first release candidate on my laptop, but I guess it was really less than a month ago. I'm pleasantly surprised at how quickly we are turning around these releases and getting them out the door.  I am pleased that NWAM works so much better on 2008.11 than on 2008.05, it's good to know the team took all of the feedback they got from the previous release and incorporated a lot of good changes. For example, I now have the ability to bring up the NWAM GUI and request to change networks when the one I'm on is no longer desirable (or I've found that I chose poorly when given the initial selection).  I can't wait to try this out in a conference environment, where access points change every time you go into a different room.

I'm still running Nevada development bits on my desktop, though, as it's SPARC based and we don't have OpenSolaris for SPARC yet.  It's still the same base kernel & most of the same utilities and applications, so I am still doing valuable testing on the latest & greatest... but, let's face it, not nearly as cool. :-)

Tuesday November 11, 2008

Neil Young and the Linc Volt in Menlo Park! Neil Young brought his Linc Volt, reconditioned classic 1959 Lincoln Continental Mk IV, to Sun's Menlo Park campus today to give employees a chance to see the car and the singer up close. The car is now a hybrid, powered by natural gas and lots of batteries. I was surprised at how well it was done - hiding the batteries where the convertible top normally folds down, the engine under the back seat and the generator in the front. Why did Neil drive it to Sun's campus today? Because the car uses Java to monitor performance. I'm not huge car nut, but do like Neil Young and appreciate cool technology so I definitely enjoyed myself. (2008-11-11 15:28:32.0) Permalink Comments [0]

Thursday October 02, 2008

neat workaround for broken harddrive

So, I'm anofficial blogger for the Grace Hopper Celebration of Women in Computing ... and my laptop hard drive dies. Read errors. Sense errors. Oh, joy. It is a brand new laptop - this being my first real use of it (other than installing Solaris on it, configuring VPN and verifying the system worked).  Jim Hughes, a chief technologist at Sun, had the brilliant suggestion of using the OpenSolaris Live CD we included in all of the bags for everyone here at the Grace Hopper conference. Lo and behold, after an extended boot time, it worked! I'm online again. I can't access my Sun account, since my VPN keys are on the dead hard drive, but I can blog... it's something.  The extended boot time is caused by the Live CD attempting to mount all devices, which includes a dodgey hard drive...

I guess I can facebook too... ;-)

Thursday August 14, 2008

We've switched! Things are starting to settle down now that mercurial is up and working for ON's Solaris development. I've yet to have done a push myself, but have approved several RTIs, updated the RTI nits documentation, and am preparing more updates to other sites as well.   I'll be returning my focus to FIPS and US Governement export regulations on cryptography shortly, and hopefully doing a few more blog updates. (2008-08-14 11:35:08.0) Permalink

Friday August 01, 2008

Mercurial or bust! Things are so crazy for me right now, getting ready for ON's switch to Mercurial next week. To get ready as ON CRT chair, I had to update the RTI nit documentation, so folks would know what they were expected to do.  Thank goodness for all the great help from the SCM migration team! Now that that's done, I'll try to get back to my "real" work and all my missing blog entries... :-) (2008-08-01 16:06:41.0) Permalink

Friday April 18, 2008

Security Ambassadors

I'm sitting here in one of the last sessions of the Sun Security Ambassadors conference, and thinking how lucky I was to be able to attend - getting the opportunity to learn what we are doing wrt to security in all our different GEOs, get in depth information into emerging security technologies, and I got to hear from some excellent luminaries in this field: Matt Bishop, Radia Perlman, Susan Landau & Michelle Dennedy.  We've had a great agenda and I feel like my team and I will have a lot to take away from this.

With Sun Security Ambassadors this week, and RSA last week (more on that later), I've been away from my email and "day job". That means a lot of catchup for next week!  

Monday March 03, 2008

Strong crypto in base Nevada!

My Friday night integration of 6498066 PSARC/2006/610 Data Encryption Kit (SUNWcry) Removal now means that strong crypto is available in a base Nevada system, starting with build 85 and forward.  What does this mean for you? Mostly it means that you no longer have to get special packages to get longer key lengths for arcfour, aes or blowfish and that things like OpenSSL will work out of the box.

Earlier posts to this blog explained how I took a different approach with strong crypto with Solaris 10 Update 4.  This work I just completed in Nevada, which was originally started by darrenm, is not appropriate for an update release since it removes packages and modules from the system.

Also, earlier this project was tied in with libsoftcrypto.  I worked closely with the crypto team on this, and we decided that the removal of the Data Encryption Kit was more important and needed to be integrated as soon as possible, so libsoftcrypto was pulled out of this project gate in order to speed up delivery of PSARC/2006/610.

One really cool thing about this integration? It removes tons of now pointless Sun specific modifications from the OpenSSL source. Hurray!

This should make it easier for folks to use Nevada and OpenSolaris builds, as well as make it easier to do development in the affected areas. Let me know if you have any questions!
 

Friday February 01, 2008

Sun Headlines debut! I just made my debut as an anchor for Sun Headlines. In this latest edition of the program, I'm talking about how cool Project Blackbox is. It's weird watching a video of myself, but it was such a cool experience making it and I love talking about Sun technology. I hope I get another opportunity to film one again! Check out my segment and let me know what you think! (2008-02-01 13:43:36.0) Permalink Comments [1]

Tuesday November 27, 2007

libsoftcrypto gate building again! I'm so excited - I'm finally back on the libsoftcrypto/removal of SUNWcry/SUNWcryr project, after being mired in other tasks for the most recent past, and the best news is I have the gate building again.  Some of my recent code review comments I accepted caused build failures when a full clobber nightly was done (gotta love makefile magic ;-) and I also hit a flag day with librcyptoutil and its new version string.  Good news, last night's full clobber build on sparc completed successfully.  Now to see if it still passes tests, while I work on integrating the rest of my code review comments. (2007-11-27 13:29:40.0) Permalink

Thursday September 06, 2007

Strong encryption included with Solaris 10 09/07!

Yay! The day is finally here!  A base version of the Solaris operating system now includes full strength crypto! The packages contained in the Encryption Kit are now included in Solaris 10 09/07 (aka Update 4) by default.  This includes: SUNWcry, SUNWcryr and SUNWcryman.  Now things like IPsec and OpenSSL will have access to full strength keys at installation time, and you'll no longer see weird errors coming from OpenSSL.

This was a simpler, and hackier, approach than what is being undertaken for Nevada/OpenSolaris.  For Solaris 10 09/07, I "simply" got advice from legal that this is okay to include now, filed a package RTI requesting that the FCS versions of the Encryption Kit packages get included in the WOS (Wad of Stuff), and requested those packages to be freshbitted like everything else.   These packages had problems with zones, and the like, that were never noticed by internal testers before - since they weren't included by default. Mary D. & Tony S. worked with the patch gatekeepers to get script patches integrated that would do the class action scripts required to fix those packaging errors.

Everything should be in tip top shape now! Enjoy!

Friday August 31, 2007

SUNWcry/SUNWcryr removal webrev posted!

Darren Moffat & Dina Nimeh did a lot a work several months ago to remove SUNWcry and SUNWcryr packages from existence (rolling the stronger crypto into the base operating system packages) and factoring out libsoftcrypto.  The work got put on a back burner as the ZFS crypto project started getting really hot.  I took over the gate for them & have been working on resyncing it to the latest ONNV bits, fixing build issues, and getting it ready for integration.  It's not 100% there yet (still need to get rid of merge turds, clean up multiple deltas, etc), but I've sent out the code review.  Please take a look & provide comments by 7 Sept 2007.  Thanks!