Congratulations to Radia Perlman: Inductee to the Internet Hall of Fame

Radia Perlman was just inducted to the Internet Hall of Fame asa pioneer in Internet technologies.  Radia also frequently shared her genius with the security teams as well at Sun.

She's a brilliant and fascinating person that I've always been very excited to work with. I know many of you have worked with her in the past, so I wanted to share this with you.

Ms. Perlman has been such an inspiration to me and my area of focus.

Sun Metaslot and my missing keystore

By Karen Tung on Jun 14, 2005

[VAF: This entry was transfered from Karen Tung's old Sun blog, due to its relevance to the Solaris Cryptographic Framework]

Since The Solaris Cryptographic Framework is integrated into Solaris 10, we have added some new features to the framework. One of these features is the Sun Metaslot, which will be generally available in the next Solaris Update release. In case you can't wait till the next Solaris Update to try out this exciting feature, this is also available since Solaris Express 2/05, and in Solaris Patch 118918.

The Sun Metaslot will greatly simplify the life of developers who write applications that uses PKCS #11. Now that Open Solaris is a reality, I can talk about the implementation of this new feature and clarify one question I often get from users who are used to using the framework the way it was in Solaris 10.

What is Sun Metaslot?

The Sun Metaslot is a new additional slot to the The Solaris Cryptographic Framework. It provides the virtual union of capabilities of all other slots in the framework. Instead of having to deal with many slots, an application can simply choose the Sun Metaslot, which have access to features of all slots currently plugged into the The Solaris Cryptographic Framework. It also does the tedious work of managing sessions and objects on different slots so an application can use the best slot for a particular mechanism without having to move objects and sessions back and forth. The Sun Metaslot behavior conforms to the PKCS#11 Standard. Applications should treat it as if it were any PKCS#11 slot with normal PKCS#11 semantics.

When you install the next Solaris Update release (or Solaris Express 2/05 or the patch), you will get the Sun Metaslot feature by default. There is no special configuration necessary. The Sun Metaslot is always presented as the first available slot in the The Solaris Cryptographic Framework. As such, if your application is written in such a way that it just uses the first capable slot to perform cryptographic operations for your application, your application will use the Sun Metaslot with no modification at all. If your application is very particular about the exact slot in which an operation is done, all slots in the originalThe Solaris Cryptographic Framework is available as usual except a minor catch, which I am going to explain below.

Why is one of my slots missing?

Ever since I gave the beta version of my Sun Metaslot implementation to other Sun internal engineers to try, I often get this question in my email. I am sure many of you might have exactly the same question. So, it's probably useful to explain it here for the last time, hopefully.

Here's the typical email:
I installed the Sun Metaslot feature into my test system, and everything seemed to work fine. However, when my application does a C_GetSlotList(), I found that the "Software RSA PKCS#11 softtoken" slot is missing. Is this a bug?

This is working as designed. When the Sun Metaslot feature is enabled, one visible difference you see on your system is the slot that is configured to provide persistent storage for "token" objects (aka keystore) is "hidden". The Sun Metaslot does not have its keystore. It uses the keystore from one of the actual slots. By default, Sun Metaslot is configured to use the "Software RSA PKCS#11 softtoken" slot, so, users will see that it is "missing".

The slot to be used as Sun Metaslot's keystore is configurable. See the cryptoadm(1M) command on how to configure a different keystore for Sun Metaslot.

During the Metaslot implementation, we found that making the keystore slot as one of the available slots will cause a problem with "object aliasing" between the Sun Metaslot and the keystore slot. If an application accesses the Sun Metaslot and the keystore slot at the same time, we won't be able to control the authentication state. For example, if the application first calls C_Login on the Sun Metaslot, Sun Metaslot will call keystore slot's C_Login(). Now, if the application makes the a sequence of a C_FindObject calls to retrieve the list of private objects from on the keystore slot, it will be able to successfully get the list. However, this is not the right behavior since the application hasn't done a C_Login to the keystore slot yet.

To prevent the above problem, we decided that it is best to hide the keystore slot. Even though an application won't be able to access the functionality of the keystore slot directly. All its functionality are still available via the Sun Metaslot.

Security Friday for Oracle Solaris 11 Express 2010.11

Dan Anderson, performance guru extraordinaire, has written up some great articles on enhancements he made to the Oracle Solaris Cryptographic Framework for Oracle Solaris 11 Express 2010.11:

• Intel AES-NI Optimization on Solaris, provides background on the AES algorithm and describes how he was able to leverage Intel's AES instruction set built into the chip in order to boost performance.
• Carryless Multiplication Optimization for AES GCM Mode in Solaris, an excellent overview of what exactly GCM mode is and how this feature in the Intel chipset can be leveraged for better AES performance in the kernel.

Both are great reads and a good window into the innovation we are still doing on the Oracle Solaris Cryptographic Framework team. Thanks, Dan!

Neil Young's LincVolt has gone up in flames

I was sad to hear the news today that Neil Young's 1959 Lincoln Continental that he had converted into a hybrid caught fire and burned up. Seems that not only is this neat car that Neil brought to the Sun Menlo Park campus for a visit gone, but so are some of his other memorabilia from his long and interesting career. Luckily, nobody was hurt and the team seems to have learned something about the charging system.

Wow, Solaris 11 Express is out the door!

It's hard to really describe all of the cool things that have ended up in the Oracle Solaris 11 Express release that came out this morning. I mean, you've all heard about the new packaging system, new installer, and encrypted ZFS, but what about all of the other smaller things that have gone in over the years?

Like sedimented strong crypto algorithms - so customers no longer have to manage separate packages and patches?  These were installed by default as of Solaris 10 09/07 (aka Update 4), but I took a very different approach for Solaris 11 - removing those old packages from the OS and making strong crypto just part of all the basic modules. This greatly simplified the Oracle Solaris Cryptographic Framework source code and enabled a lot of projects to move forward, like libsoftcrypto and several projects in OpenSSL.

For the rest of this week, I'll try and highlight other Oracle Solaris 11 Express security features that we've all worked very hard on getting into this release.

Adapting...

These last few weeks have been a big lesson in adapting for me. Vertigo, knee immobilizer, and an office move.

Life as an Oracle employee is finally sinking in - things are different. Some things are better, some are ... well, different. Packing up my old office in Menlo Park was quite a walk down memory lane - I found old CDROMs full of SunScreen source code, old Solaris install media, cards from friends, pictures of family, and stacks of old design notes.

I've moved around a lot in my years as a Sun employee, but my very first office was a double window office in Menlo Park (MPK17) overlooking the foothills - probably my favorite office to date. From there I went into Palo Alto (PAL1), Mountain View (MTV21), back to Menlo Park (MPK18) then back to my favorite building, MPK17. I moved back into Menlo Park 17 right after September 11th. Everything seemed so surreal, joining the OS group and working on a product with a seemingly endlessly large team. I couldn't believe how strict the integration standards were (and now, as a CRT advocate I enforce these and as chair I document them), nor how large the scope of our overall project was.

I sat across from a woman, Renee. And over the next 9 years, even as our offices moved, we were still across the hall from each other.

Now I'm in Santa Clara. I still have one box left to unpack. Renee is on the other side of the building, not too far, but not shouting distance either (of course, the rest of the people around me are probably grateful for this). The commute is nicer, though I'm further from my friends in San Francisco. I think I'll like it here.

About two weeks ago, I sat up from a massage and suddenly found the room spinning. No matter how long I sat, it wouldn't stop. Hours later I found myself visiting a doctor at Kaiser who diagnosed me with Benign Paroxysmal Positional Vertigo (BPPV) which is a vague diagnosis which basically means: "Something in your inner ear relocated. You're dizzy and you're just going to have to learn your new spatial environment". He performed the Epley Maneuver and gave me some exercises to do. So, I've been adapting to my new inner ear. It's taken awhile, but the dizzy spells are very infrequent and typically only happen when I turn my head upside down (like when drying my hair!). So, yoga is right out... oh, it was anyways....that knee immobilizer....

Apparently during my 105-mile bike ride for the American Lung Association, I partially tore the tendon that attaches my knee to my quadriceps. This knee has always had a tight quad, so swelling in my knee wasn't unusual. After a few weeks, though, of having it swell up every time I tried yoga or short bike rides, I made my way to Kaiser. Initial x-rays showed a perfectly healthy knee, but the MRI (which I had to wait more than 2 weeks for) showed the tear. Now I'm in a knee immobilizer. The device goes from just above the ankle to most of the way up the thigh. It needs to be worn directly on the skin, 24 hours a day. This means no jeans! I can wear short-shorts or skirts. Thank goodness I have a lot of skirts! I can walk with crutches (which results in sore ribs/hands/shoulders), or kinda like a pirate (which results in sore back). I alternate. I'm adapting.

I have a long recovery ahead of me. I can already see the muscle in the effected leg melting away. I don't know when I'll be able to ride my bike again. I'm so afraid I won't be able to. I am already tired of driving everywhere. I don't even want to think about skiing - I can't miss out on ski season, too!

As much as I want to feel sorry for myself and have a great big pity party, I realize that I am very fortunate to have medical care and an incredibly supportive husband who has been doing most of the driving and taking care of the house. I can put Renee on speed dial. I can adapt.

Team Salty Dawgs Did It!!!!!!

Wow! In one of the most amazing experiences of my life, I completed over 100 miles with my fabulous teammates in the American Lung Association's Breathe Easy Ride. I raised $4300 and the team raised $7656 (before any corporate matching) to help make lung disease walk the plank!

Since January, I had ridden over 1600 miles on my road bike, but still nothing could've prepared me for this. It was intense, exhilarating, heart breaking, exhausting, difficult and full of joy, laughter and unexpected camaraderie. My team was my pack. I could not have done it without their physical and emotional support, and the amazing support of all of you who donated to my ride and sent me inspiring letters.



A misfit team of current Oracle and former Sun employees, all with different abilities and skills, started leaving the parking lot at the Sonoma Mountain Village about 5:40AM on June 26th onto the foggy and desolate roads of Rhonert Park. I left first, as I am the slowest rider on the team, and found myself riding amazingly fast accompanied only by horses and cows, trying to get as many miles under my belt before my team caught up with me. The air was thick with fog and quite cool, and I quickly warmed up as I was maintaining speeds over 15 mph.

Mark, Richard & John caught up with me after nearly a half an hour, apparently wondering where I'd gotten off to as they were not expecting that sort of speed from me... and warned me not to spend all my energy too soon. :-) Mike & Bryn were the last group to leave the parking lot, and inadvertently followed some 66 mile riders and started off on the wrong path - bypassing the rest of the team completely...until later.

As per my plan, I spent only the minimal amount of time at the first two rest stops - just stuffing my face with potatoes (YUM! roasted with rosemary!) and fruit, reloading my Cytomax and topping up my water. At the third rest stop, we had a surprise: Mike! Poor Mike was getting over a bad cold and just couldn't keep Bryn's pace, but this was good for us as we now had 5 people in our pack!

The weather stayed on our side, remaining cool, foggy and overcast until about 10 AM when the Sun just started to peak through. The five of us maintained time trial positions (single file line, each rider right on the back wheel of the one in front), taking turns at the front. While I am used to drafting with one or two people, the formation with this group of 5 riders had us moving like the wind! At our 4th rest stop (55 miles in), we were still maintaining an average speed over 15mph, even with several moderate climbs past us. We were cool, fresh and all felt great!

Then came Coleman Road. As we started the climb, John & Mike got out ahead of us, missed a turn and went 5 miles out of the way before realizing their mistake. Richard, Mark and I slowly climbed up this steep and soul crushing road, when lo-and-behold, down came Bryn! Curious as to why he was going the wrong way, we stopped only to discover that when he finished his descent to the coast and reached HWY1, it was so impassible with fog, his only option was to turn around and climb back up Coleman Road.

Bryn regaled us with tales of rough road and cattle grates before continuing onto his own personal journey, but not even his warnings could prepare us for what lay ahead. I could've used my mountain bike, the roads were so rough and twisty (and why on earth were there so many cattle grates?!?! WHY!?!)... heck, I could've used a car. It was brutal, desolate, frightening and beautiful.

When we reached HWY1 about 70 miles in, it was foggy, but we had at least a quarter mile of visibility, so Mark, Richard and I persevered ahead - little did we know poor John was back on track and doing that terrible climb alone, even though he'd already done an extra 500 feet/10 miles on his detour. It was noon, and I foolishly thought that I could do 30 miles in just under 2 more hours....

The climb out of the coast and back to the valley was unbearable. My legs were tired. I was hungry & thirsty. Fortunately, Mark had been carrying around extra food & water all day - as there were more than 30 miles of intense climbing and scary descents between rest stops! Mark was happy to lose the extra weight, and Richard & I were happy to have food and water :-)

For those of you who are curious, we were following (in reverse) the Tour de California route - yes, serious climbs for professional riders. The pavement was graffiti'd with ALLEZ, ALLEZ, ALLEZ and various rider's names.

After finishing our descent into the valley, we found Mike, who had backtracked on the route in order to skip the Coleman climb (since he'd done that bonus 10 miles with John), yet still get 100 miles in.

When we arrived at the 5th rest stop at mile 82 a bedraggled mess, happily greeted by volunteers from the Salvation Army with warm roasted potatoes, nuts, and ice cold water. The sun was out by then and we were all getting tired. As the four of us pulled out of the rest stop, we spotted John pulling in. Knowing he'd catch up, we continued on. At this point, every little hill just killed me. I'd have to immediately drop into granny gear and just use every ounce of energy I had just to keep spinning my legs. My quadriceps were burning. My IT-bands were on fire. I could only think of all the support I had and I knew I had to finish. Mark, knowing how important this was to me, literally pushed me up the remaining hills, even though he was beyond exhausted himself.

Terrified of being removed by SAG for taking so long, as the ALA said would happen, I just kept spinning, making it to the 93 mile rest stop just as they were closing. They gave us some fig bars and cold water and we were on our way again - this time with John!

Somewhere on those last 10 miles, Mark, Richard and I got separated from the group when we had to wait an insanely long time to turn left at a T-intersection. As the three of us were on final approach, Richard ran over a small drill bit that managed to pierce the wheel and slide *into* the spoke. Mark & Richard weren't sure if they were going to get that drill bit out, so I pushed on ahead.... and missed a turn, getting lost with 103 miles completed.

In the end, I rode 105.5 miles, Average speed 13.2mph, 8 hours of riding, 10 hours total door-to-door, burned 4544 calories and climbed about 6500 feet.



The most difficult thing I've ever done. I'm still recovering. Thank you everyone! Thank you!

Dan Roberts on OpenSolaris ... or Something Useful in our meeting!

As part of the existing OpenSolaris constitution, we (the OpenSolaris Governing Board) are required to hold an annual "meeting" before the election in order for the election to be valid. While, generally, this involves a fetch a rock exercise of core contributors (aka "members") logging into the forum, announcing themselves, then logging off, we do occasionally have useful and interesting conversations here. (and before you comment how silly that requirement is, please note that we have a new proposed constitution at this year's election that removes the annual meeting requirement).

Peter Tribble invited Dan Roberts to our virtual meeting the day after it started, and he joined and was very forthcoming about Oracle and their thoughts on OpenSolaris and Solaris:

"Oracle is investing more in Solaris than Sun did prior to the acquisition, and will continue to contribute technologies to OpenSolaris, as Oracle already does for many other open source projects."

While not all questions could be answered at that time, I was very pleased to see the community being engaged and concerns listened to.

Sun Carolers do it again!

The Sun Carolers did it again this year, touring the campus and delighting our fellow employees! This year was different, though - it was caught on video!

I can't embed this first one, but please check it out: The 12 Bugs of Christmas!

These other two were recorded by Deirdre Straughan and feature "I'll Be Home For Christmas", "Merry Christmas, Happy New Year" (ala Hallelujah chorus), "Carol of the Bells", "Jingle Bells", "Hanukah, Oh, Hanukah" (partial), and "Let it Snow". Enjoy!

Sysadmins: do you like answering questions?

A debate started up in our hallway over the last few days, and while I am aware that this is water under the bridge, I am curious - am I the only person that likes answering questions while installing an OS?

Before I came to Sun, I was a system administrator. I administered systems running AIX, HPUX, IRIX, Solaris, SunOS, WinNT, Win95, and Win3.1. When installing the OS or any software, I always choose "custom install" or "advanced install". I like having that choice, as the software invariably makes the wrong choices for me. At the very least, I like being able to validate the choices the software has made before they are committed to disk. I am impressed when the software can correctly figure most things out, if it can, but no software, in my opinion, can possibly predict the correct answers for all installations.

There is a lot of lore here in Sun that system administrators and developers don't like all the questions we used to ask during installation of Solaris, which is why this has changed so drastically for OpenSolaris. My experience, though, is limited only to my own and those administrators I worked with at Intel and Amoco (BP, now), so I'm curious - what do you think? Do you abhor questions during install time of software? Or would you rather have the option to review the choices it made for you? Or make the choices yourself?

Solaris Security Essentials is Out!

I found out just before going on Thanksgiving break, by searching Amazon myself, that I am now a published author! Solaris 10 Security Essentials
is officially released!

I would've thought the publisher would've let us know, but apparently that's not unusual. All the same, I am so excited to be counted among the elite of the published author! We debuted #68,242 on Amazon's Best Seller list, and climbed to the top 20,000 by the end of the week! And since publication, we're now available on the Kindle!

While the title suggests this is only for Solaris 10, all of the concepts are applicable to OpenSolaris as well, though some of the examples may differ slightly in OpenSolaris. In fact, the working title had been "Solaris Security Essentials" and I wasn't even aware of the change until I saw it on Amazon. :)

Writing a book was such an interesting process! Starting with just a basic idea from our director about writing a book about what we all do and love, to all of us contributing suggestions for what topics would be interesting, volunteering to write specific chapters, generating outlines, arguing with the publisher about why 80 column width was required for command line related text, and working with great co-authors, editor and project manager to see the finished product! *whew*

The book is also available on Safari and in brick & mortar bookstores everywhere.

I am so proud of each and every one of us for pulling together and getting this project completed. Let me know what you think of the book!

Amazingly Compassionate Sun Employees!

Last month, tragedy struck a member of the Sun family, a woman who is a member of my building's custodial staff. She lost her son in a tragic manner and suddenly found herself in a position that no mother should be in: she had to bury her own child. He was only 23 years old.

It turns out that a burial plot, services and a coffin are not all cheap in the SF Bay Area, and this mother had no idea how she was going to make sure the last thing she did for her son was the right thing. Where was she going to come up with $8500 for a basic state funeral?

This is where the inspirational Patricia Hill came in. Pat is a director here at Sun and has many tasks on her plate, but she's always had time for a quick chat with any member of the Sun family and always has time to help. When she found out that one of the other custodians was collecting donations to help, she sent out an announcement to all the Sun employees on this campus.

Word got around to other offices in the Bay Area and soon the rest of the world, and Pat found herself inundated with donations coming from as far away as Europe. Pat said people came to her office and gave her literally every piece of paper money they had in their wallet. Others made a trip to the ATM. I went up to her office one day hoping to find Pat, and instead found a FedEx envelope overflowing with cash. I stuffed my cash in and walked away - knowing that the money was safe.

All told, Sun employees collected over $12,000 for this mother. Enough for her to pay for the funeral services and grief counseling.

Nothing will ever replace this woman's son, but the work that Pat did, along with hundreds of other employees of Sun Microsystems, at least meant she didn't have to start out the grieving process with mountains of debt.

Thank you, Pat, for helping us all to do the right thing!

Still time to register for the OpenSolaris Security Summit!

Advanced registration for the OpenSolaris Security Summit that is going on in Baltimore, Maryland on Tuesday, November 3rd in conjunction with USENIX LISA 09 is open until October 26th. After that, you'll need to register on site, space permitting.

Why should you go? This free summit will include some of the top people in the field of computer security and networking, including author and luminary Bill Cheswick! This will be your chance to learn about technologies already shipping with the Solaris 10 Operating System as well as get a peak at what is coming in the future for OpenSolaris!

Did I mention this is free? While you're in town for LISA conference, why not spend a day getting free training from Sun Microsystems? btw, you don't have to be attending the LISA conference to go to this summit - so if you just live nearby, you should take advantage of this opportunity!

Oh, and it comes with lunch and a chance to win free prizes, too, FTW!

SSH with aes256ctr support not working on some S10 systems

I've been getting emails today about SSH aes256ctr being broken on some Solaris 10 machines.

This goes back to my work earlier to get strong crypto included by default on all Solaris 10 systems. This started in Solaris 10 Update 4, and I guess I figured everyone would read my blog, jump for joy and upgrade their systems. ;-)

It seems some of you haven't and are now seeing errors like:

sshd[8975]: [ID 800047 auth.crit] fatal: matching cipher is not supported: aes256-ctr

Which is a direct result of Sun's SSH now taking advantage of the presumed availability of strong crypto on the systems. This works fantastically well on newer Solaris 10 systems.

This issue is now covered by a bug, and you can see one workaround there.

Let's assume you *do* want strong crypto, though, and you want to stay on an older release of Solaris 10. In which case, you need to install SUNWcry and SUNWcryr onto these older Solaris 10 systems and reapply all cryptographic framework patches. The packages are available as part of the Solaris 10 Encryption Kit. You need to reapply the patches, because when you installed them before SUNWcry & SUNWcryr were not on the system, so would've missed all the patching goodness for their bits. It's important that you do this, or you will end up with mismatched bits for the cryptographic framework, which will have undefined (ie probably not good) results.

OpenSolaris Security BoF on 23 July 2009 8PM!

8:00pm Thursday, 07/23/2009

OSOSOS - Offering Security in OpenSource Operating Systems
Location: Ballroom A3/A6

Moderated by: Christoph Schuba

Many operating system security mechanisms are necessary for
developers to build secure software. While this session presents a few
such mechanisms available and under development in OpenSolaris, it
primarily seeks the dialogue and discussion how important these features
are and how they compare to those of other OSes.

Speakers will do short talks on the Cryptographic Framework (Valerie Fenwick - that's me!), Priveleges (Scott Rotondo) and Zones/TX (Glenn Faden), followed by a panel from all presenters, plus Christoph Schuba and Glenn Barry (Kerberos guru).

BoFs are free, you just need to register for the expo pass (also free!)

Up to my eyeballs in tests

As a Change Request Team advocate, I am stringent about asking for test results and always very annoyed when an implementor complains about how complicated the tests are to run.

Now after having spent the last several days finding working test hardware from our pool of test machines, and fighting with test installations and executions... I'm still waiting for my baseline results. I haven't even run the full tests on my own bits yet.

Which is another story.... while my builds were successful and my changes to libelfsign seemed to be kosher, I found that after doing a bfu that my test machines wouldn't even boot.  No, I didn't change libc... so I was very surprised that such behaviour was seen. Yes, I knew things like kerberos and IPsec would not work correctly if libelfsign (a core component of the Cryptographic Framework) wasn't working - but inability to boot? I was shocked.  With some help from pwernau and meem, I finally got one of the systems up in single user mode to discover the linker was doing something... unusual.

Fortunately, a very responsive Rod Evans came and looked at my limping test system and figured out what the linker was doing wrong (and also something one of the libraries in my calling path was doing wrong), and now I've got systems I can play with.

Except when I forget to sync my x86 build workspace with my sparc workspace and I build archives without Rod's fix... and then wedge another test machine.

Hopefully the code will be up for review soon, when I will add another blog entry detailing what it is exactly I'm trying to do and why.

OpenSolaris Turns 4!

Wow, it's been four years now since Sun launched OpenSolaris.  We've come a long way since then - built up a budding community, taken lots of contributions from outside, and we're even turning out a pretty decent OS based on this now! It's on my desktop, laptop and home machine.  There's still a lot to do, but overall I'm very impressed.

It's been very cool doing code reviews openly and getting design feedback directly from the real world before any code is even written. This has greatly changed the way I do my job, for the better!

Goodbye CDE...hello OpenSolaris!

I've been using OpenSolaris at home and on my laptop for months, but was still running Nevada builds on my SPARC desktop in the office... with CDE (you know, that super old, yet super fast, Common Desktop Environment).  Well, I got a new desktop recently which is Intel based, and with the brand spanking new release of OpenSolaris 2009.06, it seemed like I needed to move into the 21st century.

While I would still like an "advanced" installer, I do think the installation went amazingly quickly and very smoothly. I had to make several adjustments to the system after installation to get it running with NIS on the Sun internal network with a static IP address, and download some of my favorite software - which was so easy with the "pkg" command! This release is much faster and smoother than what I have been running on my laptop - clearly time to upgrade that as well. I was pleased to see how easy it was to install flash and acroread as well.

The problems didn't really start until I logged in with my Sun internal home directory mounted - when I found I had some horribly ancient and mostly broken GNOME configurations (probably from the last time I seriously played around with it, back in S9 or early S10 days). gnome-cleanup took care of that and got me to a nice clean GNOME login. A few minor adjustments so that things like mouse-over to make active for windows, and a change of my default gnome-terminal preferences and I'm mostly off and running.

I also hit problems with my .xmodmaprc file, as it apparently used "keycodes" which do not translate between Xsun on SPARC and Xorg on x86. Thanks to one of the desktop team members, Michael, he told me about "xev" and that it would be the keycode lines in the file I needed to fix. With a few tweaks, my ergonomic keyboard is now behaving just the way I like it.

I did try a modern mail reader, ThunderBird, but after being annoyed it didn't believe most of my mail folders were actually mail folders (due to missing IMAP leading message), and how annoying it was to save to the folders it did recognize, I switched back to pine after about 10 minutes. (yes, I know there is a newer version of that software, alpine, but I don't like that one either ;).

Now I just gotta figure out what to do about my network calendar being stored in a format for dtcm ;)

OGB Town Hall tonight!

I've made it to CommunityOne West and am enjoying the first set of sessions and just wanted to remind you all that the OpenSolaris Governing Board is doing our first Town Hall in room 305 of the Moscone Center as part of CommunityOne West.

OGB TownHall June 1 6PM!

The current OpenSolaris Governing Board will be holding our first Town Hall open forum on June 1 at 6PM.  This event is part of the CommunityOne West events and will be in Room 305 of the Moscone Center.  Hope you can make it!