Happy Work, Happy Life: This records my happy work

I named it "Sun Cloudy Desktop" since the desktop is based on Sun Cloud storage. It it not a whole new desktop, instead it is only an improvement to our current GNOME desktop. By making use of services provided by Sun Cloud storage, end-users can store their desktop preferences, application configuration, local contacts and Firefox bookmarks to Sun Cloud.

The earliest ieda came from the concept 'online desktop' in GUADEC 2007. But at that time, its implementation seemed a little difficult. Now, with the help of Cloud, we can make it happen.

The integration of Sun Cloud and Solaris Desktop can make user experience better. This will make Solaris desktop more attractive to users. In the meantime, it is also a kind of promotion for Sun Cloud if we like.  The cloud desktop is also helpful in implementing my idea of Personal Information Center.

A menu command that allows you configure your cloud.

---

You need to give the user name and password. gnome-keyring can help you save your password in more secure way.

---

 In Evolution mail client, if you save the backup file to cloud, then you can restore it from another machine.

---

How about sharing your local contacts easily? This is one part of your personal information center. All your personal things are stored your personal information center: application configuration, contacts, your important documents, pictures etc. Applications can communicate your personal information center directly.

---

Have you already shared your browser bookmark by using a FireFox plugin? Maybe you can share it in the same place with other desktop applications.

---

Share Pidgin account configuration

---

Someone would say it is not good to have so many 'save to' and 'get from'. I agree with you. How about a unique configuration GUI in which you can choose which application or what data you prefer to save or recover from the cloud storage? Then by a click of button 'Save All to Cloud' or 'Get All From Cloud' and do all things for you?

For several year, I have always been thinking about storing some of my personal information into somewhere in the net. 

Especially, my contacts information.  Each time I lose my mobile phone, ( This usually will happen every several years ), then I will lose all my contacts in the phone. This is really annoying. I have to re-build them using several months. If I could maintain a complete contact address book on the net, this is a real good thing.

Currently, Google has implemented some of my hopes. Some of my personal documents now can be stored and edited through the Internet. Now, I don't need to store the documents on my local machines. I can change them in office or at home via my different machines.

Although SUN provides NFS which can share a user's directory, this is not widely used through the Internet.

Now I am working on GNOME 2.26 ARC. ARC, a brief for Architecture Review Committees, is a process to review the system architecture and relationship among modules before a new product is delivered into Solaris.

From the previous experience, there are several documents need to be provided. The most important one is the proposal in which a general introduction describes the overall differences comparing with the last version, the security influences and anything that might need to be highlighted. Another one is the interface table which lists the changed committed API, the added or removed modules etc. In addition, we often provide some references materials such as module difference table, man pages or gtk-doc.

Since GNOME is such a big project which contains a lot of packages, JDS guys use some scripts to help to produce these documents. All the documents and scripts you can find at http://src.opensolaris.org/source/xref/jds/arc-documents/trunk/.

The source code of GNOME Keyring was restructured by the community, you can find the structure diagram at http://live.gnome.org/GnomeKeyring/Architecture

plex_layer is a roof module which adds all other pkcs11 modules.

ssh-store module is a module to load certificates under $HOME/.ssh/*

user-store is a module to store keyring or keys to $HOME/.gnome2/keyring

root-store is a module to load trusted root certificate authority certificate. Not sure how they are used.

rpc-layer is a layer which provides a unix daemon to service the PKCS#11 services.

Many desktop applications like Firefox, Thunderbird, Evolution and Gedit take Enchant as their spell-checker. But actually Enchant doesn't do the work of spell checking. Instead, it is the engine behind of Enchant does that.

Hunspell is a spell checker and based on myspell. Currently on Solaris, Enchant has an internal copy of Hunspell 1.2.2. Jan Hnatek has filed a PSARC case (PSARC/2009/026) for Hunspell. After Hunspell goes into Solaris, the internal copy of Hunspell in Enchant can be removed.

Sometimes I'm confused about myspell and hunspell. Hunspell is based on myspell and hunspell is back-compatible with myspell dictionaries. The truth maybe Hunspell is myspell for now.

In this release, two critical bugs have been resolved.

• http://bugzilla.gnome.org/show_bug.cgi?id=562408.  Java Applications exit when ORCA is started. In fact, this is a bug of Java team. When LANG is not 'C', any Java application will exit if it received the signal 13 (SIGPIPE). Before Java team could fix this issue ( http://monaco.sfbay.sun.com/detail.jsf?cr=6790834), I provided a patch so that Java A11Y could work on Solaris and other distros earlier.
• Another bug is that any Java application which enables GTK look & fell will hang the keyboard if a11y is enabled. A JNI library is added to $JAVA_HOME/jre/lib/ext which sets an environment variable NO_AT_BRIDGE, as a result, atk-bridge will not load itself if it finds the variable is set.
  

Why Don't Girls Think Like Boys?

Do you believe that only boys do well in science? Does it seem to you that girls have better vocabularies than boys? In your opinion, are boys better at building things? If your answer to each of those questions is "Yes," you are right, according to an article in Current Science. There are exceptions, but here are the facts.

On the average, males score higher on test that measure mathematical reasoning, mechanical ability, and problem-solving skills. Females show superior ability in tests measuring vocabulary, spelling, and memory. But these differences will probably not always exist. In the future, a person's abilities may not be determined by sex. As one scientist says, "Nothing is impossible for a person to be or do."

In several recent studies, young babies have been observed and tested to discover how different abilities are developed. A scientific team headed by a psychologist at Harvard University, is studying the thinking ability of children 11 1/2 months old. The test is a simple one. The baby, while seated on its mother's lap, watches a "show" on a small theater stage.

In act 1 of the show, an orange-colored block is lifted from a blue box and moved slowly across the stage. Then it is returned to the box. This is repeated six times. Act 2 is similar, except that the orange block is smaller. Baby boys do not seem to notice the difference in the size of the block, but girls immediately become excited and begin to make noises that sound like language. They seem to be trying to talk.

It is known that bones, muscles, and nerves develop faster in baby girls. Usually, too, baby girls talk at an earlier age than boys do. Scientists think there is a physical reason for this. They believe that nerves in the left side of the brain develop faster in girls than in boys. And it is this side of the brain that strongly influences an individual's ability to use words, to spell, and to remember things.

By the time they start to school, therefore, little girls have an advantage that boys do not have. Girls are physically more ready to remember facts, to spell, and to read. These, of course, are skills that are important in elementary school.

But what have the boys been doing in the years before starting school? They have been developing something called aggression. An aggressive person has courage and energy. He feels strong and independent. He is often the first one to start a fight.

What produces aggression in little boys? It has long been assumed that aggression is caused by male hormones. Scientists today believe that male hormones are only part of the explanation, however. They say aggressiveness in boys is also caused by mothers.

A team of psychologists discovered this by placing mothers and their one-year-old babies in a room filled with toys. The room had a wall through which the scientists could observe what happened without being seen. They took notes on everything the mothers and babies did. Here is a sample of those notes, taken during the observation of a baby boy and his mother: "Baby leans against mother. Look up at her. She speaks to him. She turns him around. He walks away, picks up toy cat. Goes to mother, drops cat, and leans against her. Looks up at her. She turns him around."

From such observations and from conversations with mothers, the scientists learned something about the treatment of baby boys and baby girls. While the mother keeps her daughter close to her, she trains her son to move away from her, to develop independence. Consequently, it is easy to understand why little girls often perform school tasks better than boys., especially if the task requires sitting still, obeying commands, and accepting the teacher's ideas. A girl may pass easily through the first few grades. While boys of her age bring home low marks, the girl may easily get good grades. Girls seem to have "better brains" in school. Why, then, do so few girls become great scientists? Why is the most important thinking in adult society done by men?

According to scientists, the answer is aggression. Because boys are aggressive, they refuse to accept other people's solutions; they insist upon solving problems for themselves. Thus, while little girls are getting high marks in school for remembering what the teacher has told them, little boys are learning to think in more independent ways.

In the adult world, the aggressive person is usually the one who gets the big salary, the great responsibility, the powerful job. And since males are trained at an early age to be aggressive, males are more often chosen for key positions.

During the GNOME 2.25 release cycle, GNOME Power Manager will be moved from a HAL dependency and on to a new DeviceKit-power dependency.

DeviceKit-power is a new mechanism daemon that moves the battery profiling and statistics interface system-wide, and also does the history recording once per system, rather than once per session. It also moves to an interface that is legacy-free and is more focused on the entire power management system thatn HAL ever was.

HAL has grown into a mega-daemon doing a little bit of everything, it evolved with DBUS over a number of years and is now pretty horrible code.

HAL also has a very low level interface, and so apps needed tons of complicated code in the session to do simple things like work out remaining battery lifetime.

DeviceKit-Power also implements a Qos interface for latency control, and in the future will be used for aggressive application power control. This is needed to produce a desktop that uses little power when idle, but doesn't feel sluggish.

http://hal.freedesktop.org/releases/

DeviceKit is a very small simple daemon that is basically a thin wrapper over udev.

It's designed to be very easy to implement for Solaris and FreeBSD, and
you could even do it in a few hundred lines of python, if you knew all
the hardware details about those platforms. You would just have to
populate a directory tree that looked like a power_supply class under
Linux and everything would "just work" assuming there was something on
those platforms that could parse the trivial udev rules [1].

One option that might be best (but slightly controversial) would be for
FreeBSD or Solaris to present a Linux compatible /sys device tree,
either populated in userspace, or better, in the kernel.

Seahorse is a GNOME application for managing SSH keys and GNOME  keyrings.   It is a standard component of GNOME since 2.24.

With Seahorse you can
   - Create and manage SSH keys.
   - Manage your keyrings.

In the community version, it still supports the management of PGP keys. But since PGP is not available on Solaris, Seahorse on Solaris doesn't support PGP keys yet.

Create and Manage SSH keys

    Secure Shell (SSH) is a way of logging into a remote computer
    to execute commands on that machine. SSH keys are used in key-based
    authentication system, as an alternative to the default password
    authentication system.

    To create a SSH key, the user needs to give a description of what the
    key is to be used for. The user needs to specify the encryption type
    (RSA or DSA), the key strength (1024-4096) and the passphrase for the key.
    The newly created key is stored at ~/.ssh.

    Users can list or delete SSH keys under ~/.ssh. The user can also change
    the passphrase for them.

    Seahorse uses 'ssh-keygen' to produce these keys.

    - change the passphrase
    ssh-keygen -p -f input_keyfile

    - generate the key
    ssh-keygen -b bits -t type -C comment -f output_keyfile

    Users can also export SSH private or public keys to files. In fact, Seahorse
    just copies the content of files under ~/.ssh to new files. This is for
    convenience to some junior users. They don't need to know where SSH keys
    are usually stored since Seahorse shows them keys. They can export those
    keys into files via Seahorse directly.

Export and Import Keys

    Seahorse can import SSH keys from the clipboard or a key file.

    Seahorse allows users to specify a SSH key file. Seahorse does not change
    the content of imported files, instead, Seahorse copies the imported files
    to ~/.ssh with non-duplicated file names.

    Seahorse can export public key or private key info to new files.
    Seahorse can copy public key info to the clipboard.

Manage keyrings

    Users can create and delete keyrings. Users can also change the password
    of a keyring. Seahorse does this via interfaces provided by GNOME
    keyring.

    The created keyring files are stored in ~/.gnome2/keyrings/

Trusted keys.

    Users can set ssh public keys as trusted keys. The trusted keys will be put
    into the file ~/.ssh/authorized_keys.

Worry is one of the most common forms of emotional distress in our culture. Almost everyone spends a considerable amount of present moments worrying about he future. And virtually all of it is for nothing. Obsessive worry will never make things any better. In fact, such worry will very likely help you to be less effective in dealing with the present.

In order to reduce worry, it is necessary to understand the subconscious psychological "payoffs" for choosing to worry in the first place. "I can't do a thing. I'm too worried about ..." This is a common lament, and one with a payoff that keeps you standing still and avoiding the risk of action. Clearly, it is easier, if less rewarding, to worry than to be an active, involved person.

By worrying about someone else, you can label yourself as a caring person. Worry proves that you are a good parent or a spouse ("I can't help worrying -- it is because I love you."). A handsome dividend, although lacking in logical, healthy thinking.

If you weigh too much, you may eat more when you worry; hence, you have a good reason for hanging on to the worry behavior. Similarly, you may find yourself smoking more in troublesome situations, and can use the worry to avoid giving up smoking. The same neurotic reward system also applies to health. It may be easier for you to worry about chest pains than to risk finding out the truth, and then having to deal directly with yourself.

Worry can bring a lot of deseases such as tension headaches and backaches. While these may not seem to be payoffs, they do result in considerable attention from others and justify much self-pity as well. And some people would rather be pitied than fulfilled.

Now that you understand the psychological support system for neurotic worry, you can begin to devise some measures for reducing the number of troublesome worry bugs that breed in this erroneous zone.

Begin to view your present moments as times to live, rather than times to worry about the future. When you catch yourself worrying, ask yourself, "What am I avoiding now by using up this moment with worry?" Then begin to attack whatever it it you're avoiding.

Ask yourself over and over, "Will the future change as a result of my worrying about it?" Try to remember how many of the things you once worried about never become real at all. Also ask yourself:"What's the worst thing that could happen to me (or them), and what is the likelihood of it occurring?" You'll discover the absurdity of most worries in this way.

Act in direct conflict with your usual areas of worry. If you compulsively save for the future, use some money for your own enjoyment today. Enjoy life; don't waste the present with immobilizing thoughts about the future.

These are some techniques for minimizing worry in your life. But the most effective weapon you have i your own determination to drive this neurotic behavior away form your life.

As I understand, three parts are described in PKCS #5.

1. KDF, Key derivation functions

2. encryption schemes

3. message-authentication schemes

The purpose of PKCS #5 is to solve the "dictionary passwords" attack. There are two approaches to solve this problem. One approach is to combine a password with a salt to produce the key. This generates a long key which makes it is difficult to be guessed. The other approach is to provide a complicate KDF, for example, include the iteration count. therby increasing the cost of exhaustive search.

Salt and iteration count formed the basis for password-based encryption in PKCS #5.

Key derivation functions

*PBKDF1

    PBKDF1 applies a hash function. MD2, MD5, SHA-1

*PBKDF2

    PBKDF2 applies a pseudorandom function to derive functions. It is recommended for new applications.

encryption schemes

* PBES1

    PBKDF1 + DES | RC2

* PBES2

authentication schemes

* PBMAC1

(For Toast Master)

As an ice breaker, I would like to introduce myself from the following four aspects: my name, my education, my family and my hometown.

My name is Cai Qingming. Some Chinese like to name their children in Chinese idioms. For example, in a family with surname Zhang, if there are 4 children, they may be called Zhang Wen, Zhang Wu, Zhang Shuang and Zhang Quan. Their given names come from a Chinese idiom "Wen Wu Shuang Quan" which means well versed in both polite letters and martial arts. There are 3 children in my family, my elder brother's name is "Cai QingDong", my elder sister's name is "Cai LiFang" and my name is "Cai Qingming", our last characters in names make up of a Chinese idiom "Dong Fang Ming", means the orient is brilliant. If I were a girl, I guess that my parents must name me "Hong", then the idiom becomes "Dong Fang Hong" which is the song that was played by the first China man-made satellite.

My Family

My wife and I have been married for two years. She is so lovely that anyone who knows her will like her. She is also good-looking, which I can't match. What always makes me annoyed is that when many people meet us first time, they may think she must have married a rich man. But the fact is not.

Both My wife and I like playing badminton. Our courtship also started from the badminton. That was about several years ago we fell in love during a badminton activity. So far, we still keep the habit of playing badminton every week. She has become one of the outstanding amateur female players, but I am still at the same level as before.

Another common hobby of us is singing. We look at singing not just as a way of relaxation, but a kind of physical exercise as well. My wife is good at singing popular songs, while folk songs are my departments. Sometimes we will go out for karaoke with friends and we often perform the wonderful duets.

My Education

I was born in a poor family in a small town of north east of China. Every one in 1970's can imagine how poor the life was at that time in China. Especially for a common family with 3 children who needed to finish their education. In my memory, at that time, even a 5-cent ice cream seemed luxurious for me. My grandfather had told me something that I will never forget "We will send you to college even by selling our iron pots". This was encouraging me to keep going forward in my education. Now I feel appreciative that I could finish my education successfully. I also thank my grandfather and my parents so much for their support and dedication.

My Hometown

Located in the central west of Jilin Province, the city of Songyuan has an area of 22,000 square kilometers and a population of 2.62 million. It is richly endowed by nature and has always been known as "an oil city, a grain store, a meat store, a sea of forest and a fish producer." Songyuan enjoys convenient transportation and modern communication facilities. Urban construction has changed the city's outlook with each passing day, while people's livelihood has improved year by year. At present, the overall economic strength of Songyuan holds the fourth place among cities in the province.

Beautiful Songyuan City has its unique tourism resources. Songhua River flows through the municipal region. There are a lot of sightseeing sites along the river, which form a scenic line.

In Chagan Lake, one of the top ten famous fresh water lakes in the nation, there are all kinds birds and fishes. The famous actress "Gao Xiumin" came from SongYuan and her TV serial "At the bank of the Holy Water Lake" was filmed on the location of Chagan Lake. In addition, there are also many historical spots in Song-yuan, such as Triumph Eulogy Stele of Jin Dynasty, Tahu-cheng Ruin, Ruin of Liaojin. They are all among the nation's key protected cultural relics.

In 2008, SongYuan city was luckily selected as one of the torch relay cities. Through this activity, the city will become well-known around China even the world.

Overall, I am absolutely a common person which may not leave you much impression. But you should know that I'm the same as most of Chinese people, I love my family, I love my hometown and I love my China. I am proud of them!

libgcrypt: 1.4.1, arc finished, export control with gnome 2.22 (finished), osr (1.2 finished)

gnutls: 2.2.5, arc 2.2.4 finished, export control 1.6.3 with gnome 2.22 (finished) 2.4 export control will go with gnome 2.24, osr (2.0 finished), osr 2.4 will start soon.

 gnome-keyring 2.22, arc finished, export control not needed or with gnome 2.24, osr not needed.

seahorse, arc not started, export control not started, osr not needed

On nevada 99, you can get the new gnome-keyring 2.22 which supports ssh agent. This may cause a conflict with Solaris ssh-agent started in /usr/dt/config/Xsession.jds. A patch will be given to remove ssh-agent from Xsession.jds.

gnome-key-daemon is started by gnome-session when you log into the desktop, then some passwords of applications such as Evolution, pidgin can be managed by gnome-keyring. A master password can be used to protect the default keyring. That means you don't need to type any password for every application. After you type the master password, gnome-keyring can work for you to input those applications' passwords.

The sensitive information such as your passwords, login names etc. are not stored as plain texts. Instead, they are encrypted in AES with the key generated by MD5 on your keyring passwords. So it is safe when the file is transfered via NFS.

All keyrings are stored at $HOME/.gnome2/keyring. If you don't want to keep those key rings, you can remove these files.

The issue that I often thought about  these days is that whether passwords are transfered in plain text in SSH. The answer is no. Three authentication ways are there in SSH --- "password", "public keys" and "host keys". For the "password", first Differ Hellman key-exchange is used so a session key is produced to encrypt the password. But for "password" authentication, it cannot prevent 'man-in-the-middle' attack. "public keys" can solve this problem because the method is based on PKI. When you ssh to a box, the public key of the host will be saved. When you log in a second time, the client will check the host keys so it knows whether it is the real host.

In cryptography, X.509 is a standard for public key infrastructure (PKI). X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.

In the X.509 system, a CA issues a certificate binding a public key to a particular Distinguished Name or a email address.

Structure of a certificate

The structure of a X.509 v3 digital certificate is as follows:

• Certificate
  • Version
  • Serial Number
  • Algorithm ID
  • Issuer          A CA company
    
  • Validity
    • Not Before
    • Not After
  • Subject
  • Subject Public Key Info
    • Public Key Algorithm       RSA
      
    • Subject Public Key          
      
  • Issuer Unique Identifier (Optional)
  • Subject Unique Identifier (Optional)
  • Extensions (Optional)
    • ...
• Certificate Signature Algorithm  MD5with RSA
  
• Certificate Signature

 A certificate can be verified by a root certificate in which the public key is used to decrypt the signature to get the MD5 hash value. If the value matches the MD5 hash value calculated, then it is a valid certificate.

PKCS#12:  .p12, certificate + private key (password protected), a file format.