Archive

Archive for April, 2014

Pete's Wordshop › Common Spring Conference – Whats App?

April 28th, 2014 Comments off

Can’t believe that the spring conference has rolled around again.  Seems like we just finished fall and I haven’t blogged, Tweeted or been “Social” at all in the interim.  I have been BUSY and I plan to get back to blogging (at least) as soon as I can get through the conference.

First off,  I have been deep in midst of fleshing out my Mobile App Development workshop for THIS Saturday (yikes).   Trying to pull together 7 hours of content that is both useful and fun has been a bigger challenge than I expected but I am putting the finishing touches on all of it now primarily so I can get on with updating the other presentations I am giving at the conference.

One of the fruits of that effort is the update to the Common Schedule Organizer.  You can read about the functionality in earlier posts here.  I hoped to add some new function to this revision but things have just been too busy for me.  So I have the new schedules and maps loaded and they are ready to go!  You will find the new web app here. You’ll find the Android APK (Android 2.1 compatible) here. You will want to access that link from your Android device and you’ll be alerted to the fact that you need to change settings to allow an “unknown” app to install.

Once you have the app installed on your device, you may notice that the prompt dialog that asks you for email address for your Common Personal Grid will only appear briefly and then will disappear.  I am not sure where this bug resides but the workaround is to the “My Schedule” page and click on the “Change Grid Email Address” button.  This time the prompt should stay open for you so you can type in the email address and retrieve your schedule.

Based on what I have seen so far this conference will be very well attended and have some pretty exciting sessions. Enjoy the CSO app!  See you there!


Read the original at Pete's Wordshop.

Categories: Blogs Tags:

DB2 for i › With IBM i 7.2, DB2 Gives You More!

April 28th, 2014 Comments off
Today (Monday April 28) is the announcement of the long awaited IBM i version 7 release 2. And if you've been following along, you know this also means that the fully integrated DB2 for i moves forward as well.

Now, before illuminating a new powerful database capability residing in the best OS for business, let me remind you that over the past couple years, the good folks who develop DB2 for i have been enhancing the database capabilities within 7.1 too. These enhancements are known as "technology refreshes" or TRs. The latest iteration, TR8 was announced a few weeks ago - check it out here.

A Data Centric Attitude


For years now, my team has been going around the world educating clients and solution providers on the importance of designing and developing business applications with a data centric attitude. That is to say, employing sound relational database techniques, set-at-a-time principles and information management best practices. After all, this is how to get the most out of DB2 for i, now and in the future.

Architecturally speaking, we want to see applications that exhibit flexibility, extensibility and scalability. And obviously, business users want solutions in a timely and cost effective manner.

Utilizing modern tools and modern methods is the fastest and most efficient way to achieve this goal. Whether creating a new application or re-engineering an existing one, progressive techniques and using SQL are the keys to unlocking the valuable features and functions residing in the database management system woven into IBM i.

You Need Governance and Control 


As I engage clients in various settings, one topic that always seems to pop up is the need for governance and control. Unless you have been keeping your eyes closed and ears plugged, you realize that data is big. More accurately: storing, analyzing and exploiting data in ways that bring new insight and understanding is all the rage.

As the appetite for data increases, so does the importance of governance and control. Determining who is able to see what data is the responsibility of the data owner, and it is a fundamental aspect of designing with integrity and deploying with confidence. It might also keep you out of the spotlight.

In the old days of AS/400, nearly all of the data access was controlled through the high level language 5250 programs that sat at the heart of online transactional systems. To get to a program and ultimately to the data, the user had to sign on with a valid user profile and corresponding password. If successful, a menu was presented - their menu. The list of items on that menu dictated what the user could do and not do; what data they had access to, and did not have access to. In many cases, the underlying database objects were not secured and not restricted through object level security.  Why should they be? The only way to access the object was through the program, and the only way to call the program was through the menu.

Given the openness of DB2 for i, I trust you now realize that there are many different ways for a user to gain access to data outside of the old style menu based applications. For example, tools and applications that connect via ODBC and JDBC interfaces abound. The need to properly secure database objects directly via the powerful IBM i security features is a must. If I walk into your shop and try to access your physical files with SQuireL, will I gain access?  If you don't know, or are not sure, we need to talk. Seriously.

Unfortunately, granting or revoking rights to the data seems to be an all or nothing proposition. If a user has access to the table, they have access to all the rows. If a user does not have access to the table, they have access to no rows. What if different departments all need access to the same table, but each department must be restricted to a subset of rows and columns that they are authorized to see? Is there a way to allow each group of users access to only their respective data sets?

Vistas Grande


Within the science and art of relational database there exists the ability to provide a logical "view" of the data. A VIEW is a virtual table, and as such, the database engineer can define and publish various views of the same data. This technique can be used to provide different groups of users with different sets of rows that they can "see". The trick is to ensure that the user is only accessing their particular VIEW and no other.

For a relative small and stable set of different users, creating and utilizing VIEWs is an elegant and acceptable way to control access to data, whether it be a particular set of rows or a subset of columns.

The VIEW is also very useful when needing to transform data and/or hide complexity, such as join syntax or aggregation specifications. But what if the different groups of users is relatively large and dynamic?  What if there are many different applications and database interfaces in use? Implementing a comprehensive and grand set of views can be problematic and time consuming.

Behold, Another Powerful Tool in the Kit


Through the use of data centric (not application centric) techniques, the row and column data that is returned to the requester can be controlled and governed by a set of policies defined and implemented within DB2 for i. These policies cannot be bypassed or circumvented by the requester, and they are in effect regardless of interface.

The new capability delivered with 7.2 is known as Row and Column Access Control or RCAC.

RCAC provides fine grained access control and is complementary to the ever present object level security (i.e. table privilages). With the new row and column access control feature of DB2 for i, the database engineer, in partnership with the data owner can ensure that users see only the data that is required for their work, and return result sets that match their level of authorization. This can (and should) also include allowing the database engineer to design and implement the policies, but restricting he or she from the actual data the policies control. In other words, just because you implemented the database security mechanism, it doesn't mean you have access to all the data.

Some of the advantages of RCAC are:

  • No database user is inherently exempted from the row and column access control policies.
     
  • Table data is protected regardless of how the table is accessed.
     
  • No application changes are required to take advantage of this additional layer of data security.
     
  • Both rows and/or columns can be controlled through simple or complex logic - including the ability to mask what data is projected.
     
  • Groups of users can share the same policy - or not.
     
  • The implementation of the policies is part of the DB2 data access layer itself.
 

Seek to Understand, Then Plan and Test


Like any advanced technique, deep understanding, proper planning, and adequate testing are essential for success. This includes the use of quality assurance, as well as performance and scalability exercises that serve to demonstrate all of your requirements are being met. Proofs of concepts and proofs of technology are highly recommended. These projects can be accomplished in Rochester, Minnesota by the way.

To further assist you with understanding and insight, the DB2 for i Center of Excellence team will be partnering with the ITSO in June and July to author a "redpaper". The document will cover more details on successfully implementing RCAC. Stay tuned for that.

In the mean time, if you are interested in getting more value out of IBM i data centric technology immediately, please reach out, we are here to help.

And finally, check out Kent Milligan's excellent overview of what's new in DB2 for i - including more technical details on row column access control. The presentation can be found here.


Read the original at DB2 for i.

Categories: Blogs Tags:

You and i › Announcing IBM i 7.2

April 28th, 2014 Comments off
Today is the day! Announcement Day for IBM i 7.2! I have the privilege of highlighting the themes for the release, but you are going...


Read the original at You and i.

Bob Cancilla on IBM i › IBM HW in the Tank for Q1

April 18th, 2014 Comments off
Well folks, IBM has released its Q1 2014 results and revenue for IBM Hardware is down by 25% and to add injury to insult they had a $300 million loss!  IBM's CFO spoke to the HW debacle twice in the announcement of results for the quarter noting that IBM was extremely concerned about these results.

Then today I see this article about a $99 super computer on a wallet size card!

90 gflops computing power for $99.

The board comes with software built in like Linaro Ubunto with all the software of a standard Linux distribution.  Parallella was funded on kickstarter 

Folks, IBM has never been able to run an efficient manufacturing operation.  IBM made money on hardware when they could sell machines for over $1 Million that cost less than $10,000 to manufacture. The huge price tag on IBM HW paid for all of the horrendous overhead and inefficiency in the design and implementation of IBM HW and turned a nice profit.

Today this 90 gflop machine and others from other manufactures are pushing IBM into a competitive pricing situation, especially in the Power Systems arena where they cannot compete. 

I fully expect to see IBM sell off the manufacturing of POWER Systems and possibly zSeries too by the end of this year.  I think IBM will retain the patented technology and continue to operate their engineering labs but license the building and sales to a company that is more efficient like Lenovo or someone else.

I fully expect that if this happens that will be the end of IBM i and AIX.  i expect the machines to be sold with Linux.  

This is getting serious.  

See IBM's own articles on their Q1 2014 results!  Don't let your HW partner feed you any BS about IBM's loyalty to you the IBM i customer!  That is BS.  Ginny Rometti had better turn HW around, sell it off, or lose her job!  

IBM results:

http://www-03.ibm.com/press/us/en/pressrelease/43696.wss 
http://finance.yahoo.com/news/international-business-machines-management-discusses-033006480.html 
https://www.ibm.com/investor/events/ 


Read the original at Bob Cancilla on IBM i.

Categories: Blogs Tags:

Alan Seiden Consulting: PHP and IBM i Expertise › See you at COMMON, May 4-7, 2014

April 18th, 2014 Comments off

Hope you enjoy these four videos (plus an outtake) I made with fellow speakers Dawn May and Charles Guarino to promote this year’s COMMON conference to be held in Orlando, Florida, from May 4-7, 2014, with optional pre-conference workshops May 3. I’ll be speaking about PHP and performance on IBM i. http://www.common.org/index.php/annualmeeting.html


Read the original at Alan Seiden Consulting: PHP and IBM i Expertise.

Alan Seiden Consulting: PHP and IBM i Expertise › IBM i safe from OpenSSL Heartbleed bug

April 10th, 2014 Comments off

Clients have asked me whether their IBM i servers may be vulnerable to hackers due to the widely publicized OpenSSL Heartbleed bug.

The answer is no. IBM i is safe from this bug, which is present only in specific OpenSSL versions: 1.0.1 through 1.0.1f (inclusive). IBM i’s latest version of OpenSSL, shipped with the “Portable Utilities for i” licensed program product 5733SC1, is 0.9.8, which does not contain the bug.

To make doubly certain, check what version of OpenSSL is installed on your IBM i. Run these two commands, which, respectively, start a PASE interactive terminal session and check the openssl version:
call qp2term
openssl version

For me, the above commands returned “OpenSSL 0.9.8m 25 Feb 2010,” confirming that I’m not affected.

Press F3 afterward to leave the PASE environment.

Thanks to Jim Oberholtzer of Agile Technology Architects for his contribution to this answer.

UPDATE from IBM: System SSL and IBMJSSE2 are also safe from the vulnerability on IBM i.


Read the original at Alan Seiden Consulting: PHP and IBM i Expertise.

Bob Cancilla on IBM i › Where are the IBM i Systems?

April 1st, 2014 Comments off
I have been doing some research on servers and operating system usage in many areas of usage.  The results are not surprising for the most part.  There is a great article summarizing OS usage on Wikipedia that is incredibly well documented.

While Desktop computers (PC's) are on the decline they are still dominated by Microsoft with over 90% market share followed by Apple at 8% and Linux at under 2%.

In the web browser arena it is Microsoft clients followed by Apple and then Linux with 5% coming from some new or unusual OS's.

Tablets are neck to neck between Apple (48.2%) and Android (43.4%) followed by Microsoft back at 7% then a few others less than 1%.

In the mobile device arena (phones) Apple leases with 52.98% followed by Android at 36.14.  Java ME has 4.44% with Microsoft at the bottom of the heap with only .45%

There is a text in the article talking about mainframes, but no statistics.  It was pointed out that a large number of IBM zOS systems are running Linux in addition to zOS, but there are only 10,000 customers total int he mainframe market. It is no longer considered significant.

What was interesting was the analysis of Super Computers.  This area is dominated by Linux with 96.4% of the market, followed by Unix at 2.2%.  What was interesting is that Microsoft was in the game at .4% -- I was surprised that Microsoft was listed.

Obviously this summary of operating systems is significant to IBM i customers as IBM i is not listed once in any survey.  Are you getting the message yet folks?


Read the original at Bob Cancilla on IBM i.

Categories: Blogs Tags:
css.php