-
Four Hundred Monitor, September 25
September 25, 2024 Jenny Thomas
We have entered that season when the days are getting shorter and time seems to be flying by as we turn the last few pages on the calendar. If that’s not enough to give you whiplash, there’s also an onslaught of news from Big Blue, both good and bad, that we are keeping an eye on so you will always be in the loop. While the news of the secret IBM layoffs is a bit unsettling, financially Big Blue appears to be soaring. It will be interesting to see how the rest of 2024 plays out, and you know we …
Read more -
Summer of IBM i Vulnerabilities
September 18, 2024 Alex Woodie
IBM has patched more than two dozen software vulnerabilities in the IBM i stack over the past few months, including flaws in Merlin, MQ, OpenSSH, the Java stack, Db2, Performance Tools, and the HTTP Server (the one powered by Apache). Nine of the security vulnerabilities carry CVSS Base scores of 7 or higher, while one is above 8, making these serious security threats. If you haven’t applied the patches yet, you’re encouraged to do it soon.
Working backwards from the most recent security bulletins, we start with September 5, when IBM issued patches for three vulnerabilities in Merlin, which officially …
Read more -
IBM Introduces Mapepire, The New Db2 For i Client
September 9, 2024 Alex Woodie
IBM has released a new client for connecting applications to the Db2 for i database. Dubbed Mapepire, the open source client is designed to be faster, lighter weight, and easier for developers to work with compared to existing ODBC and JDBC database clients, especially in cloud environments.
Building an application-side database client using existing Db2 for i’s database drivers, such as ODBC and JDBC (included in the JTOpen Java toolbox for IBM i) typically entails cramming a lot of overhead into the client component, says Liam Allan, who helps develop new open source development tooling at IBM.
“For example, jtopen …
Read more -
How Polverini Enables End-to-End Testing on IBM i
August 5, 2024 Alex Woodie
Testing is one of the most time-consuming and least glamorous parts of software development. But doing it well is important, as the July 19 CrowdStrike outage so potently reminded us. When it comes to ensuring that IBM i programs are thoroughly tested, a relatively new end-to-end testing solution from Polverini & Partners can potentially take some of the drudgery and error out of the process.
Polverini & Partners recently announced ReplicTest, a new product aimed at automating all aspects of the software testing process on IBM i, including unit testing, acceptance testing, regressing testing, security testing, integration testing, and stress …
Read more -
IBM i PTF Guide, Volume 26, Number 27
July 15, 2024 Doug Bidwell
Get your PTF patching fingers all cracked and stretched because you will be doing some typing this week. There are a three security issues you need to cope with and a slew of patches that run the gamut of subsystems on the platform. As usual, let’s start with the security vulnerabilities.
First, we have Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to a denial of service and bypassing security restrictions due to multiple vulnerabilities, which you can find out more about here. The patches for this issue, by IBM i release level, …
Read more -
IBM Begins the Purge of Old Greenscreen Utilities
July 10, 2024 Alex Woodie
IBM is prepping the IBM i community to prepare to adapt to some substantial changes that are coming with the next release of IBM i, including the end of support for a large swath of the Application Development ToolSet (ADTS) that ships with Rational Development Studio (RDS). Source Entry Utility (SEU) and Programming Development Manager (PDM) are not among the ADTS tools getting the boot, but that’s not stopping midrange professionals from speculating that their time in IBM i is limited, too.
As part of its May 7 Technology Refresh for IBM i 7.4 and 7.5, IBM issued a “software …
Read more -
IBM i PTF Guide, Volume 26, Number 20
June 3, 2024 Doug Bidwell
Here is something you need to be aware of: IBM i APAR and PTF records have migrated to Known Issues records and Fix Information records to be consistent with other IBM patching systems for other platforms and software. So read up on it at this link here.
And, as often happens, we also have three new security vulnerabilities to cope with.
First, we have Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354), which you can find out more about here. Here are the …
Read more -
April Showers Bring May IBM i Security Vulnerabilities
May 8, 2024 Alex Woodie
IBM has patched more than a dozen security flaws in IBM i and related products this spring, including serious flaws in the operating system proper and the compilers, and a critical vulnerability in Administrative Runtime Expert that landed a nearly perfect CVSS Base score.
In the interest of time, let’s cover the security vulnerabilities in descending order of severity. That means we’re starting with the worst and then moving on to the slightly less worse.
ARE Flaw
The flaw reported in the Administration Runtime Expert for i (ARE), which IBM launched in 2010 to make it easier to manage IBM …
Read more -
IBM i PTF Guide, Volume 26, Number 17
May 6, 2024 Doug Bidwell
Some of the links in the IBM i PTF Guide appear to be broken, but don’t worry about them. IBM is in the process of changing the format of the Cover page for IBM i patches and a few of the links are stuck in the middle. We will attempt to get them back in synch by the next issue. This is the effect of the latest in IBM’s efforts to make the web information for IBM less verbose and more accessible. Any comments on such, please share!
And now, some security vulnerabilities for IBM. Four, to be precise.
First, …
Read more -
Guru: Web Concepts For The RPG Developer, Part 1
April 22, 2024 Chris Ringer
Way back in the 1990s, I recall accessing data with only RPG III F-Specs. But nowadays some of that critical data may live in the cloud. The good news is tools like HTTPAPI and RXS and SQL functions like SQL HTTP are available to access that remote data from the IBM i. But what you may not know is how to actually format components in those HTTP requests.
Here I will discuss some techniques to build those components in an HTTP request before sending it across the web.
HTTP Get Versus Post
The two most common methods for an HTTP …
Read more