Friday, October 28, 2011

VMWare Player on Fedora 16

I have some VMWare VM's I've been using here and there. I probably should convert them to Virtual Box, but I've had a rough time getting that working as well.

So ... every time you upgrade the kernel, VMWare barfs because kernel headers have changed. Usually I look around for patches to the VMWare sources, but this time there were none I could find, so I figured it was my turn.

This simple patch makes VMWare Player 4.0.0 work with Linux 3.1.0. At least it seems to work. What I did to patch it in:

$ mkdir /tmp/vmware
$ cd /tmp/vmware
$ wget http://thewalter.net/stef/misc/vmnet-4.0.0-linux-3.1.0.patch
$ tar -xvf /usr/lib/vmware/modules/source/vmnet.tar
$ patch -p0 < vmnet-4.0.0-linux-3.1.0.patch
$ sudo cp /usr/lib/vmware/modules/source/vmnet.tar /usr/lib/vmware/modules/source/vmnet.tar.bak
$ sudo tar -cvf /usr/lib/vmware/modules/source/vmnet.tar vmnet-only

And then run vmplayer and let it do its install thing. It says that the services fail to start (systemd incompatibility), but it works regardless.

Note: If you try this and it doesn't work for you (or makes your doggy sad), don't complain to me. Complain to VMWare.

Monday, October 17, 2011

Redesigning the Seahorse Experience

As part of the work on getting smart cards into Seahorse, there's some design work that needs to be done to make the new functionality usable. In particular, the overarching design goal is that Seahorse isn't a tool we expect users to "learn". Actions should follow mostly from the passwords and keys that have been accumulated.

So I've been working on the experience a bit. Some concepts:

  • When most user's arrive, they should see their personal passwords, and keys or certificates if they have any listed. In this mode we combine items from all the various places these things are stored.
  • The user sees a certificate regardless of it's on a smart card, Gnome Keyring, or in NSS's store.
  • Each item should have an icon, and text describing what it is.
  • By default only 'personal' passwords and keys are shown. Those belonging to the user. So things like Trusted Root CA's don't litter the combined listing. This is easily changed on the 'View' menu.
  • The list is easily filterable by typing in the box.
  • We make sure to unlock the default password keyring when seahorse is started. Normally it's unlocked already, but just in case.
A screenshot (the toolbar needs some work): 



So the experience starts off really straight forward, no need to clutter things with where these items are coming from. If the user has a smart card inserted, the certificates and keys on the smart card will also show up there.


In order to see and manage stuff related to where the keys come from, the user chooses 'View | Places' from the menu. A sidebar appears, which supports the following concepts:

  • Click on a place to view items from a that 'place'.
  • See which keyrings exist, delete, change master passwords etc.
  • See smart cards that are inserted.

A screenshot (the places need some tweaking):



Something I've also been playing with is an easy to use multiple selection. For example I'd like the user to be able to select multiple places (let's say all the password keyrings), and see their items together.

I wanted to do something where check boxes are shown to the right of each 'place' when the Alt-key is depressed. The user then would click those checkboxes to select multiple places, and show their items together. Once one box is checked, all check boxes remain visible. This fits in with the concept of showing keyboard mnemonics when Alt is pressed, and also GNOME seems to be using a show-advanced-shortcuts-on-Alt-key concept here and there, and I thought this would fit nicely. However, sadly the window manager grabs the mouse when Alt is held down, for the purpose of full window drags, so I had to think of something else.

What I came up with was that a check box is shown next to a place when that place is selected and focused. If the user clicks that check box, then all the check boxes next to the other places become visible, and more than one can be selected. As long as one is checked, all the check boxes are visible. Works well enough, and should work with touch devices as a bonus. But I'm not as satisfied as I would have been with the Alt concept.

Of course this is an advanced feature, and not necessarily something that needs to be super 'beautiful' but none the less it was interesting to try out these alternatives.

There's lots more design work that needs to be done. For example, I'd also like to integrate the new control center style 'Unlock' button in a way that makes sense. It gets complicated because there's more than one thing to unlock (ie: smart cards, password keyrings, etc.)

Most of this is done in such a way that the pieces can be reused elsewhere in other apps as well. Available right now in the seahorse refactor branch and depends on an up to date build of the Gcr library. Hopefully I'll be merging this into seahorse master soon.

Oh, and thanks to NLnet for sponsoring Collabora to work on the Seahorse smart card support.

Wednesday, October 5, 2011

Importing certificates and keys

I've been working on an importer for keys and certificates that can work with PKCS#11 key storage, such as smart cards, NSS or gnome-keyring.

Here's a demo of it in action. If you want to try this out yourself, you'll need:
It's possible that this works with other smart cards too, but I haven't tested it. By the way, if you want to help work on smart cards support, Gooze gives away free smart cards for open source developers working on this stuff.

On to the demo...



The importer and all the widgets are available for use by other apps in the gcr library. So Seahorse has the same interface:


As you might note, I've been reworking the Seahorse user interface, more about that coming soon...