Oh, Marmalaade!http://stef.thewalter.net/2021-02-10T18:35:00+00:00Your Service is not Open Source2021-02-10T18:35:00+00:00Stef Waltertag:stef.thewalter.net,2021-02-10:/open-source-services.html/<p>Open sourcing the code to your SaaS is insufficient. For a service to be truly Open Source, we need to effectively enable users to contribute to the running SaaS itself.</p>Is Cockpit Secure?2017-06-15T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2017-06-15:/is-cockpit-secure.html/<p>Security is of your Linux systems vital. It’s not a binary thing though.
Depending on your requirements you end up choosing a level of security that
still allows you and your systems to accomplish what they need to do.</p>
<p>Here’s info about <a href="http://cockpit-project.org/">Cockpit’s</a> security, to help
you …</p>Bringing your kids to GUADEC 20162016-07-26T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2016-07-26:/bringing-your-kids-to-guadec-2016.html/<p>If you’re coming to <span class="caps">GUADEC</span> 2016 and bringing your kids along, there’s
a handy wiki page where you can look at for tips on what to do while
in Karlsruhe:</p>
<p><a href="https://wiki.gnome.org/GUADEC/2016/Kids">https://wiki.gnome.org/<span class="caps">GUADEC</span>/2016/Kids</a></p>
<p>If you’re coming with small kids, I’ll bring along …</p>Cockpit 0.1062016-05-12T15:40:00+00:00Stef Waltertag:stef.thewalter.net,2016-05-12:/cockpit-0.106.html/<p>Cockpit releases every week. Here’s highlights from 0.106</p>Cockpit 0.1052016-05-04T14:27:00+00:00Stef Waltertag:stef.thewalter.net,2016-05-04:/cockpit-0.105.html/<p>Cockpit releases every week. Here’s highlights from 0.105</p>Cockpit 0.1042016-04-28T15:21:00+00:00Stef Waltertag:stef.thewalter.net,2016-04-28:/cockpit-0.104.html/<p>Cockpit releases every week. Here’s highlights from 0.104</p>Cockpit Ubuntu PPA2016-04-20T15:45:00+00:00Stef Waltertag:stef.thewalter.net,2016-04-20:/cockpit-0.103.html/<p>Cockpit releases every week. Here’s highlights from 0.103</p>Stop deploying packages2016-04-18T13:35:00+00:00Stef Waltertag:stef.thewalter.net,2016-04-18:/stop-deploying-packages.html/<p>Packages shouldn’t be assembled as you deploy a system. You shuold treat tools that assemble packages while deploying a production system are legacy tools.</p>Cockpit with Docker Restart Policy2016-04-14T13:33:00+00:00Stef Waltertag:stef.thewalter.net,2016-04-14:/cockpit-0.102.html/<p>Cockpit releases every week. Here’s highlights from 0.102</p>Cockpit does Kubernetes Data Volumes2016-04-08T12:35:00+00:00Stef Waltertag:stef.thewalter.net,2016-04-08:/cockpit-0.101.html/<p>Cockpit releases every week. Here’s highlights from 0.101</p>Cockpit 0.100 Released2016-04-01T15:30:00+00:00Stef Waltertag:stef.thewalter.net,2016-04-01:/cockpit-0.100.html/<p>Cockpit releases every week. Here’s highlights from 0.100</p>Cockpit 0.99 Released2016-03-24T18:35:00+00:00Stef Waltertag:stef.thewalter.net,2016-03-24:/cockpit-0.99.html/<p>Cockpit releases every week. Here’s highlights from 0.96 through 0.99</p>Cockpit 0.95 Released2016-02-12T20:32:00+00:00Stef Waltertag:stef.thewalter.net,2016-02-12:/cockpit-0.95.html/<p>Cockpit releases every week. Here’s highlights from 0.90 through 0.95</p>Cockpit 0.89 Released2015-12-22T13:04:00+00:00Stef Waltertag:stef.thewalter.net,2015-12-22:/cockpit-0.89.html/<p>Cockpit releases every week. This week it was 0.89</p>Cockpit 0.86 Released2015-12-04T13:04:00+00:00Stef Waltertag:stef.thewalter.net,2015-12-04:/cockpit-0.86.html/<p>Cockpit releases every week. This week it was 0.86</p>Cockpit 0.85 Released2015-11-27T11:24:00+00:00Stef Waltertag:stef.thewalter.net,2015-11-27:/cockpit-0.85.html/<p>Cockpit releases every week. This week it was 0.85</p>Cockpit 0.83 and 0.84 Released2015-11-19T11:24:00+00:00Stef Waltertag:stef.thewalter.net,2015-11-19:/cockpit-0.84.html/<p>Cockpit releases every week. This week it was 0.84</p>Cockpit 0.82 Released2015-10-28T19:05:00+00:00Stef Waltertag:stef.thewalter.net,2015-10-28:/cockpit-0.82.html/<p>Cockpit releases every week. This week it was 0.82</p>Cockpit 0.81 Released2015-10-21T22:19:00+00:00Stef Waltertag:stef.thewalter.net,2015-10-21:/cockpit-0.81.html/<p>Cockpit releases every week. This week it was 0.81</p>Cockpit 0.80 Released2015-10-14T22:19:00+00:00Stef Waltertag:stef.thewalter.net,2015-10-14:/cockpit-0.80.html/<p>Cockpit releases every week. This week it was 0.80</p>Using Vagrant to Develop Cockpit2015-10-08T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2015-10-08:/cockpit-vagrantfile.html/<p>Starting with Cockpit release 0.79 you can use <a href="https://www.vagrantup.com/">Vagrant</a> to bring up a <span class="caps">VM</span> in which
you can test or develop Cockpit. The <span class="caps">VM</span> is isolated from your main system so any system configuration
you change via Cockpit will only happen in the <span class="caps">VM</span>.</p>
<p>The Vagrant <span class="caps">VM</span> mounts the …</p>Cockpit 0.79 Released2015-10-07T22:23:00+00:00Stef Waltertag:stef.thewalter.net,2015-10-07:/cockpit-0.79.html/<p>Cockpit releases every week. This week it was 0.79</p>Cockpit 0.78 Released2015-09-30T21:23:00+00:00Stef Waltertag:stef.thewalter.net,2015-09-30:/cockpit-0.78.html/<p>Cockpit releases every week. This week it was 0.78</p>Cockpit 0.77 Released2015-09-23T21:23:00+00:00Stef Waltertag:stef.thewalter.net,2015-09-23:/cockpit-0.77.html/<p>Cockpit releases every week. This week it was 0.77</p>The Wizard Anti-Pattern2015-07-15T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2015-07-15:/installer-anti-pattern.html/<h3><span class="caps">AKA</span>: the Installer Anti-Pattern</h3>
<p>There’s a common user experience anti-pattern that pops up all over the place:</p>
<div style="font-size: 120%; line-height: 140%; padding: 1em 3em; background-color: #EEE;">
Interactive choices offered to the user during an install, creation or setup process are an anti-pattern. The negative consequences are in proportion to the number of configuration choices involved.
</div>
<p>Or put another …</p>Making REST calls from Javascript in Cockpit2015-07-10T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2015-07-10:/making-rest-calls-from-javascript-in-cockpit.html/<p><em>Note: This post has been updated for changes in Cockpit 0.90 and later.</em></p>
<p><a href="http://cockpit-project.org">Cockpit is a user interface for servers</a>. In <a href="http://stef.thewalter.net/creating-plugins-for-the-cockpit-user-interface.html">earlier</a> <a href="http://stef.thewalter.net/using-dbus-from-javascript-in-cockpit.html">tutorials</a> there’s a guide on how to add components to Cockpit.</p>
<p>Not all of the <a href="http://stef.thewalter.net/d-bus-is-powerful-ipc.html">system APIs use DBus</a>. So sometimes we find ourselves in a …</p>Cockpit’s Kubernetes Dashboard2015-06-09T23:51:00+00:00Stef Waltertag:stef.thewalter.net,2015-06-09:/cockpit-kubernetes-dashboard.html/<p>Here’s a video showing what I’ve been working on together with some help from a couple Cockpit folks. It’s a <a href="http://cockpit-project.org">Cockpit</a> dashboard for Kubernetes.</p>
<p>If you haven’t heard about <a href="http://kubernetes.io/">Kubernetes</a> … it’s a way to schedule docker containers across a cluster of machines, and take care …</p>The Ideals of Cockpit2014-12-18T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2014-12-18:/ideals-of-cockpit.html/<p><a href="https://cockpit-project.org">Cockpit</a> is an interactive server admin interface. For those helping contribute to Cockpit, these ideals help us remember what we’re trying to accomplish. For others, this page should answer the question: “Why Cockpit?”</p>
<p>These ideals are not a commentary about what is “right” and “wrong” in software in general …</p>Protocol for Web access to System APIs2014-12-16T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2014-12-16:/protocol-for-web-access-to-system-apis.html/<p><em>Note: This post has been updated for changes in Cockpit 0.48 and later.</em></p>
<p>A Linux system today has a lot of local system configuration APIs. I’m not talking about library APIs here, but things like DBus services, command/scripts to be executed, or files placed in various locations …</p>Cockpit on RHEL Atomic Beta2014-11-20T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2014-11-20:/cockpit-on-rhel-atomic-beta.html/<p>If you’ve tried out the <a href="http://developerblog.redhat.com/2014/11/11/red-hat-enterprise-linux-7-atomic-host-beta-now-available/"><span class="caps">RHEL</span> Atomic Host Beta</a> you might notice that Cockpit is not included by default, like it is in the Fedora Atomic or CentOS Atomic. But there’s an easy work around:</p>
<div class="highlight"><pre><span></span><code>$ sudo docker run --privileged -v /:/host -d stefwalter/cockpit-atomic:wip
</code></pre></div>
<p>This is an …</p>Creating Plugins for the Cockpit User Interface2014-11-13T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2014-11-13:/creating-plugins-for-the-cockpit-user-interface.html/<p><em>Note: This post has been updated for changes in Cockpit 0.90 and later.</em></p>
<p><a href="http://cockpit-project.org">Cockpit is a user interface for servers</a>. And you can add stuff to that user interface. Cockpit is internally built of various components. Each component is <span class="caps">HTML</span>, with Javascript logic that makes it work, and <span class="caps">CSS …</span></p>Using DBus from Javascript in Cockpit2014-11-13T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2014-11-13:/using-dbus-from-javascript-in-cockpit.html/<p><em>Note: This post has been updated for changes in Cockpit 0.90 and later.</em></p>
<p><a href="http://cockpit-project.org">Cockpit is a user interface for servers</a>. As we covered in the <a href="http://stef.thewalter.net/creating-plugins-for-the-cockpit-user-interface.html">last tutorial</a> you can add user interface component to Cockpit, and build your own parts of the Server <span class="caps">UI</span>.</p>
<p>Much of Cockpit interacts with …</p>Cockpit Multi-Server Dashboard2014-11-04T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2014-11-04:/cockpit-multi-server-dashboard.html/<p>Andreas and Marius have been working on implementing a new multi-server dash
board for Cockpit. It’s really looking great.</p>
<p>The goal here is that the dash board should work with either one server or several,
and give you an overview of what’s going on. Problems that require attention …</p>DBus is powerful IPC2014-11-04T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2014-11-04:/d-bus-is-powerful-ipc.html/<p>D-Bus is powerful <span class="caps">IPC</span> Cockpit is heavily built around DBus. We send DBus over our
<a href="https://github.com/cockpit-project/cockpit/blob/master/doc/protocol.md">WebSocket transport</a>,
and marshal them in <span class="caps">JSON</span>.</p>
<p>DBus is powerful, with lots of capabilities. Not all projects use all of these, but so many of
these capabilities are what allow Cockpit to implement its <span class="caps">UI …</span></p>Cockpit has Docker pull support2014-06-24T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2014-06-24:/cockpit-has-docker-pull-support.html/Cockpit Simple Networking Configuration2014-06-20T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2014-06-20:/cockpit-simple-networking-configuration.html/How to join Active Directory domains with a One Time Password2014-05-06T14:23:00+00:00Stef Waltertag:stef.thewalter.net,2014-05-06:/how-to-join-active-directory-domains.html/<p><a href="http://www.freedesktop.org/software/realmd/docs/">realmd</a> and <a href="http://www.freedesktop.org/software/realmd/adcli/adcli.html">adcli</a> allow you to join a domain with a one time password. </p>
<p>That is: a domain administrator can prepare a one time password, and
that one time password can later be used (usually by someone else) to
join a specific computer to the domain. </p>
<p><a href="http://www.freeipa.org/page/Main_Page">FreeIPA</a> supports this natively …</p>Cockpit does Docker2014-04-25T19:39:00+00:00Stef Waltertag:stef.thewalter.net,2014-04-25:/cockpit-does-docker.html/Cockpit has a terminal2014-04-22T16:06:00+00:00Stef Waltertag:stef.thewalter.net,2014-04-22:/cockpit-has-terminal.html/Introducing Cockpit2014-02-13T12:46:00+00:00Stef Waltertag:stef.thewalter.net,2014-02-13:/introducing-cockpit.html/<p>Gave a <a href="http://thewalter.net/stef/misc/cockpit-devconf-2014-talk.pdf">talk at DevConf</a> in Brno about the project a bunch of us have
been working on: <a href="http://cockpit-project.org/">Cockpit</a>. It’s a <span class="caps">UI</span> for Linux Servers. Currently in
the prototype stage… </p>
<p><img alt="Cockpit login" src="images/cockpit1.png"></p>
<p>Hopefully there’ll be a video of the talk available soon. You can try
out the Cockpit prototype in …</p>More secure with less “security”2013-08-16T16:23:00+00:00Stef Waltertag:stef.thewalter.net,2013-08-16:/more-secure-with-less-security.html/git-coverage: Useful code coverage2012-12-18T10:55:00+00:00Stef Waltertag:stef.thewalter.net,2012-12-18:/git-coverage-useful-code-coverage.html/<p>I’ve sorta dabbled in using code coverage off and on, but it never
really grabbed me as super useful and fit well within my workflow. </p>
<p>When hacking on open source I want to try out patches, run tests against
them, whether automatic unit tests or manually diddling things during …</p>How to create an Active Directory domain to test against2012-08-03T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2012-08-03:/how-to-create-active-directory-domain.html/<p>Many interested people want to help test the Active Directory work and
bug fixes we’ve been doing. But sadly there’s no public Active Directory
servers that I know of. So here’s how to setup a virtual machine with
your own Active Directory. It’s not that hard …</p>Kerberos and Active Directory Logins2012-06-15T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2012-06-15:/kerberos-and-active-directory-logins.html/<p>Ray and I and some others have been working on making it easy to use
Kerberos single sign on with <span class="caps">GNOME</span> 3.6. The feature itself isn’t super
revolutionary. You sign in with your realm login (eg: your Active
Directory user name and password) and then you can go …</p>VMWare Player on Fedora 162011-10-28T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2011-10-28:/vmware-player-on-fedora-16.html/<p>I have some VMWare <span class="caps">VM</span>’s I’ve been using here and there. I probably
should convert them to Virtual Box, but I’ve had a rough time getting
that working as well. </p>
<p>So … every time you upgrade the kernel, VMWare barfs because kernel
headers have changed. Usually I look …</p>Redesigning the Seahorse Experience2011-10-17T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2011-10-17:/redesigning-seahorse-experience.html/<p>As part of the work on getting smart cards into Seahorse, there’s some
design work that needs to be done to make the new functionality usable.
In particular, the overarching design goal is that Seahorse isn’t a tool
we expect users to “learn”. Actions should follow mostly from …</p>Importing certificates and keys2011-10-05T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2011-10-05:/importing-certificates-and-keys.html/<p>I’ve been working on an importer for keys and certificates that can work
with <span class="caps">PKCS</span>#11 key storage, such as smart cards, <span class="caps">NSS</span> or gnome-keyring. </p>
<p>Here’s a demo of it in action. If you want to try this out yourself,
you’ll need: </p>
<ul>
<li>latest gcr library from <a href="http://git.gnome.org/browse/gnome-keyring/">gnome-keyring …</a></li></ul>Introspecting Certificates2011-09-29T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2011-09-29:/introspecting-certificates.html/<p>Today I merged in a contribution from Evan Nemerson for GObject
introspection support into the Gcr and Gck libraries. I ended up
tweaking thousands of lines of comments and code,
<a href="https://bugzilla.gnome.org/show_bug.cgi?id=660436">filed</a> <a href="https://bugzilla.gnome.org/show_bug.cgi?id=581525">some</a> <a href="https://bugzilla.gnome.org/show_bug.cgi?id=660352">bugs</a> and so forth. </p>
<p>But the end result is you use <span class="caps">PKCS</span>#11 and stuff like the <a href="http://developer.gnome.org/gcr/unstable/gcr-GcrCertificateWidget.html">Gcr …</a></p>Smart card icons2011-09-23T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2011-09-23:/smart-card-icons.html/<p>I’ve been working on smart card integration into Seahorse, and as part
of that <a href="https://bugzilla.gnome.org/show_bug.cgi?id=659951">we need icons for smart cards</a>. I had fun putting together
something today: </p>
<p><img alt="Smart card icons" src="images/gcr-smart-card.png"></p>
<p>Obviously not perfect, but I’m happy with the result. The tools and info
in gnome-icon-theme are really nice. </p>
<p>At some point …</p>Ditching Certificate Authorities with Convergence2011-09-06T19:49:00+00:00Stef Waltertag:stef.thewalter.net,2011-09-06:/listened-to-moxies-talk-about-trust.html/<p>Listened to <a href="http://thoughtcrime.org/about.html">Moxie’s</a> <a href="http://www.youtube.com/watch?v=Z7Wl2FW2TcA">talk about Trust Agility and ‘Convergence’</a>.
Sounds like a viable candidate for ditching the Certificate Authority
mess, or at least part of a solution. Go <a href="http://www.youtube.com/watch?v=Z7Wl2FW2TcA">watch the video</a> if you haven’t already. </p>
<p>I was thinking about how we could implement support for
<a href="http://convergence.io/">Convergence</a> in <span class="caps">GNOME …</span></p>Viewer for Certificate and Key files2011-09-01T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2011-09-01:/viewer-for-certificate-and-key-files.html/<p>So a lot of the work I do doesn’t have any user interface. The best user
interface is no user interface, well one that isn’t needed. But recently
I’ve been working some tools to view the plethora of certificate and key
formats out there. So I couldn …</p>Berlin and Desktop Summit Talk2011-08-12T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2011-08-12:/berlin-and-desktop-summit-talk.html/<p>Really enjoyed the Desktop Summit, and meeting everyone there. The only
bummer part was the network connectivity. My
employer <a href="http://www.collabora.com/">Collabora</a> sponsored my trip and work. </p>
<p>My talk went well (<a href="http://thewalter.net/stef/misc/desktop-summit-2011-stef-walter-desktop-crypto.pdf">slides</a>), and we had a great time discussing
things afterwards. <a href="http://lwn.net/Articles/454307/"><span class="caps">LWN</span> wrote an article</a> about the talk (the article
will be …</p>How to build telepathy-qt4 with alternate prefix2011-08-11T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2011-08-11:/how-to-build-telepathy-qt4-with.html/<p>Just figured out how to build telepathy-qt4 in an alternate prefix and
also look for dependencies in that prefix as well. Since I don’t use
cmake much these days, figured I’d post this so I could go and look back
at it later. Depends on <a href="https://bugs.freedesktop.org/show_bug.cgi?id=40008">this fix</a>. </p>
<div class="highlight"><pre><span></span><code><span class="nv">PKG_CONFIG_PATH …</span></code></pre></div>Going to the Desktop Summit2011-08-04T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2011-08-04:/going-to-desktop-summit.html/<p>I’m off the the Desktop Summit shortly. Going to be giving a talk
about <a href="https://www.desktopsummit.org/program/sessions/gluing-together-usable-desktop-crypto">gluing together desktop crypto</a> (Oh boy, there’s a life size
picture of me at that link. I wonder why it ended up so big? Hrmmmm….)</p>
<p>My first time in Berlin, and it sounds like …</p>The security devroom at FOSDEM2011-02-13T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2011-02-13:/security-devroom-at-fosdem.html/<p>Went to <span class="caps">FOSDEM</span> last weekend. It was a cool and crazy conference: packed
rooms, great talks, good friends, much beer. I enjoyed finally meeting
the <a href="http://www.collabora.co.uk/">Collabora</a> guys I’m now working with. </p>
<p>I hung out in the absolutely packed security devroom the first day,
superbly <a href="http://www.opensc-project.org/opensc/wiki/FOSDEM2011">organized by Martin Paljak from …</a></p>Implemented trust assertions and certificate chains2010-12-11T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2010-12-11:/implemented-trust-assertions-and.html/<p>Trust assertions are bits of trust information used by applications to
make trust decisions about certificates. For example, trust assertions
can represent certificate authority anchors, pinned certificate
exceptions, or revocation lists. Trust assertions do not represent the
trust decision itself, but they’re used in a trust decision. </p>
<p>By using …</p>Looking for open source work2010-10-22T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2010-10-22:/looking-for-work.html/<p>Well, all good things must come to an end. My <a href="http://thewalter.net/stef/resume/">job at The Family
International</a> is changing significantly, and I’m looking for other
work. It’s been a great organization to work for, I’ve been able to work
on real interesting and varied projects, and at the same …</p>These aren’t the benchmarks you’re looking for2010-10-19T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2010-10-19:/this-arent-benchmarks-youre-looking-for.html/<p>I was evaluating use of <a href="http://library.gnome.org/devel/gobject/unstable/">GObject</a> for small plentiful
short-lived objects in <a href="http://stef.thewalter.net/2010/10/introducing-libgck-pkcs11-gobject.html">libgck</a>. I wanted to see how their performance
compared to custom reference counted structures. Turns out it’s not as
bad as I imagined. </p>
<p>The speed difference on my system, with a <a href="http://thewalter.net/stef/misc/test-gobject-speed.c">simple test program</a>, ended
up being …</p>Goals of the Keyring and Seahorse Projects2010-10-17T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2010-10-17:/goals-of-keyring-and-seahorse-projects.html/<p><span class="Apple-style-span" style="font-family: inherit;">In an
effort to get better organized, I’ve put together <a href="http://live.gnome.org/GnomeKeyring/Goals">a page listing the
goals</a> of the <a href="http://live.gnome.org/GnomeKeyring">gnome-keyring</a> and <a href="http://projects.gnome.org/seahorse/">seahorse</a> projects. </span>It’s
all broken down into tasks, plans, and what’s already done. </p>
<p>The basic jist of it is to make crypto and security a usable experience
on …</p>About Trust Assertions2010-10-13T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2010-10-13:/about-trust-assertions.html/<p>I’ve been working on some specifications for storage of ‘trust’. This a
sufficiently vague and abstract concept to require a hoity toity name:
<em>Trust Assertions</em> </p>
<p>Trust assertions are used to assign an explicit level of trust to a
public key or certificate. I’ll just refer to certificates below …</p>Certificate and Key Widgets2010-10-08T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2010-10-08:/certificate-and-key-widgets.html/<p>The new certificate and key view widgets are now merged into
gnome-keyring master. They live in <a href="http://git.gnome.org/browse/gnome-keyring/tree/gcr">libgcr</a>: a library for crypto <span class="caps">UI</span>
widgets and crypto helpers. </p>
<p>The goal of the widgets are to have a simple mode, where only the
information needed for a user to uniquely identify a certificate …</p>Introducing libgck: A PKCS#11 GObject wrapper2010-10-04T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2010-10-04:/introducing-libgck-pkcs11-gobject.html/<p>In gnome-keyring we use <a href="http://www.rsa.com/rsalabs/node.asp?id=2133"><span class="caps">PKCS</span>#11</a> for the storage of keys and
certificates. <span class="caps">PKCS</span>#11 is standard sort of a plugin <span class="caps">API</span> that allows
drivers or software to provide key storage and crypto algorithms to an
application.<br>
libgck is a GObject wrapper of <span class="caps">PKCS</span>#11. Still pretty low level but …</p>My Talk: Usable Crypto on GNOME2010-07-30T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2010-07-30:/my-talk-usable-crypto-on-gnome.html/<p>I gave a talk on Wednesday about using a common certificate and key
store across the desktop and using common widgets for crypto bits. </p>
<p>Sadly the talk was at the same time as a big release team
announcement/talk. Notwithstanding more people came than I expected. </p>
<p>The <a href="http://memberwebs.com/stef/misc/guadec-usable-crypto.pdf">slides are here …</a></p>At GUADEC2010-07-06T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2010-07-06:/at-guadec.html/<p>Yesterday was the first day of my first <span class="caps">GUADEC</span>. It was great meeting
many people I’ve only been in touch with remotely. </p>
<p>We had our Desktop Crypto <span class="caps">BOF</span> as well. I imagined it going differently,
and probably should have prepared for it differently. There were topics
that would have …</p>Talk at GUADEC on Integration of Certificate and Key Storage2010-05-14T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2010-05-14:/talk-at-guadec-on-integration-on.html/<p>I’ll be attending <span class="caps">GUADEC</span> for the first time. Not only that but I’ll be
giving a talk. I’m a bit nervous, but excited!</p>
<p>The talk is about integrating various
applications using keys and certificates to use a common key storage.</p>
<p>Currently each application puts their
certificates and …</p>Part of Postgresql 9.0…2010-05-07T00:00:00+00:00Stef Waltertag:stef.thewalter.net,2010-05-07:/part-of-postgresql-90.html/<p>I’ve
contributed to another open source project, Postgresql. My first
contribution <a href="http://developer.postgresql.org/pgdocs/postgres/release-9-0.html">made it into version 9.0</a>.</span> </p>
<p>I
worked on the <code>samenet</code> and
<code>samehost</code>
host
based access control feature, which lets you grant database access to
hosts on the physical subnets that the postgresql server is attached to.</p>
<p>Previously …</p>