But Wait, There's More . . .

• Apache Software Foundation recently released a new security advisory stating that it had discovered a denial-of-service vulnerability, as well as a potential remote exploit vulnerability in the industry-standard Apache Web server. The bug strikes Apache 1.2; Apache 1.3 through 1.3.24; and Apache 2.0 through 2.0.36. The denial-of-service condition exists for all three major releases (1.2, 1.3, and 2.0), while the remote exploit vulnerability exists only in 1.2 and 1.3. For non-OS/400 versions of Apache, the Apache Group has released Apache 1.3.26 and 2.0.39, which fix these issues. The Apache Group urges all users to upgrade immediately.




For HTTP Server for iSeries (powered by Apache) users, the story is different. Because IBM delivers Apache as an OS/400 feature at Version 2.0.18, OS/400 Apache users have to wait for IBM to release a PTF before they can address the denial-of-service vulnerability. While IBM hasn't yet posted any news of a fix on its HTTP Server PTFs Web site, industry reports say IBM is working on a fix, and for a problem like this one, it is probably trying to expedite it. What further complicates the matter is that that OS/400 Apache will likely remain at the 2.0.18 level, at least until OS/400 V5R2 is released, which means Big Blue probably has to retrofit the 2.0.39 patch into its back-level OS/400 Apache implementation. This is just the trade-off customers get for an integrated iSeries-based Apache server: The server is tightly integrated with OS/400 features, APIs, Net.Data, security, and CGI programming, but because of that integration it may take longer for support issues like this to be resolved.

• Just before the Fourth of July holiday, IBM acquired Metamerge for an undisclosed sum. Metamerge, which was publicly traded and headquartered in Oslo, Norway, created and sold software that allowed companies to integrate the various directory services offerings on the market to give users access to the computing resources they need. Metamerge's product, called Integrator, provided native access to popular directory services software, such as Microsoft's Active Directory; Novell's Directory Services; the OpenLDAP Project's open-source OpenLDAP; and any others that support Lightweight Directory Access Protocol Versions 2 and 3, Java Naming and Directory Interface, or Directory Services Markup Language. Providing users with simplified access to computing resources residing across many different applications and platforms has become a hot topic of late. IBM plans to provide single sign-on for iSeries users through its new Enterprise Identity Mapping software, which debuts on the platform with OS/400 V5R2 and relies heavily on LDAP and Kerberos authentication. However, vendors of non-OS/400 platforms have yet to roll out their Enterprise Identity Mapping-like offerings. IBM did not specifically say what it would do with the Metamerge software, except to say that it had a vague plan to "add directory integration to its portfolio of software that helps customers integrate all aspects of their e-business operations, including data, applications, business processes, and portals."
• COMMON has announced that registration for the Fall 2002 IT Education Conference & Expo is now open. The fall event, which will be held from October 13 through 17 in Denver, will feature more than 100 new sessions, a tour of IBM's printing facilities in nearby Boulder, and extended training in popular ERP packages, such as those from MAPICS and J.D. Edwards, which, incidentally, is headquartered in Denver but rarely seen at COMMON shows. AS/400 and iSeries professionals interested in attending the industry's largest trade show event can register online at www.common.org. Individuals who register before September 3 will save nearly $250 off the full $1,395 registration price. You must be a COMMON member to attend the conference. Individual COMMON memberships cost $125 per year; companies can purchase COMMON memberships for two or more employees for $395 per year.
• The worldwide market for application integration software, portals, and middleware accounted for $5.1 billion in sales in 2001, and will continue to grow by about a billion dollars annually through 2006, when it is expected to reach $10.6 billion, according to a new report issued by market researcher Dataquest, a division of Gartner. Dataquest predicts the market will this year reach about $6 billion, a 16.6 percent increase from 2001 revenues. Dataquest sees more consolidation occurring among the vendors of application servers, portals, and integration broker products, resulting in a new class of e-business platform suites, which Gartner has dubbed the application platform suite, or APS. Dataquest says that software vendors hoping to make gains in this extremely competitive market will need to deliver on the promises (or, as Dataquest says, the wishful thinking) associated with Web services, namely, the creation of low-cost, low-end integration packages built around Web services technology. Meanwhile, as the definition of APS technology continues to evolve, vendors emerging successfully at the enterprise end of the spectrum will have dramatically improved the security, scalability, and availability of their application integration and portal products.
• Affirmative Computer Products, the Tempe, Arizona, vendor of thin clients for OS/400, mainframe, and other kinds of servers, has introduced two new thin clients. The first is an entry machine called YEStation LE, a low-cost terminal based on Microsoft's Windows CE operating system. YEStation LE is designed to access Windows applications through Windows Terminal Services, via Microsoft's Remote Desktop Protocol, or through Citrix Metaframe and Winframe middleware, via the Independent Computing Architecture protocol. YEStation LE is based on a stripped-down version of Linux. It has 32 MB of memory, parallel and serial ports, a mouse, a keyboard, and Ethernet connectivity--all for $340. (A monitor is not included in the price.) The YEStablet wireless tablet has 64 MB of memory, 32 MB of flash disk capacity, and 5250e and 3270e green-screen emulation support built into the box, with other terminal emulations available as plug-ins. The tablet has an 8.4-inch TFT Active Matrix LCD touch screen with an 800x600 pixel resolution, and uses a 2.4 GHz IEEE 802.11b wireless link to connect back to servers and their applications. YEStablet runs Windows CE, has a built-in Internet Explorer 4.0 browser, and supports the RDP and ICA protocols, for linking to server-based Windows applications. The wireless terminal also has a built-in Java Virtual Machine, Windows Media Player, an Acrobat reader, and Office suite viewers. The wireless terminal has a pop-up software keyboard, and has an interface for barcode scanners. YEStablet retails for $1,595, which makes it less expensive than many wireless alternatives with a lot fewer features.

Sponsored By BCC TECHNOLOGIES

Does this scare you? Terrorism Fire Flood Hurricane Earthquake Sabotage You need BCC's CopyPerfect Mirrored Backup Mirrored Backup Off-site data storage iSeries ready Click Here To Learn More