Pat Botz, an iSeries security expert with IBM Rochester, issued this statement on Friday: "The effects of a recently reported vulnerability in the Linux and Unix Kerberos Key Distribution Center (KDC) code are the same for i5/OS as it is based on the same MIT code distribution. IBM has provided a fix to the i5/OS V5R3 KDC code in PTF number SI19054. Note that a KDC was first provided in i5/OS in V5R3 and so customers on previous OS/400 releases are not affected. For iSeries customers using Kerberos authentication on other operating systems, IBM recommends ensuring that their KDC has the latest fixes installed."

Several vendors, including IBM, Sun Microsystems, and Red Hat, embed Kerberos into their system software. Botz says the vast majority of iSeries shops rely on Microsoft's Windows implementation of Kerberos, which is not subject to the same vulnerabilities as MIT's standard Kerberos code. However, iSeries shops that are using the version of Kerberos that IBM embedded into recent releases of OS/400, via the PASE AIX runtime environment, for the purpose of enabling single sign-on, are subject to the vulnerability, Botz said in an interview a few days before issuing the statement.

It is not known if iSeries shops running the AIX version of Kerberos are at risk of a hacker executing arbitrary code on their system, which is the case with Unix and Linux. It also not known if the buffer overflow would simply cause the iSeries to crash, and thus pose a denial of service threat, as is the case with the majority of vulnerabilities found in open source components used in OS/400--such as HTTP or SMTP--due to the "multiple stacks" in OS/400 and the internal licensed code that separate data from executable objects. (This separation is one of the things that makes the iSeries unique in the world of servers.) The security folks in Rochester worked with their pSeries colleagues to obtain the AIX implementation of MIT's patch before re-packaging it as an integrity PTF for OS/400.

Foote Partners Says IT Salaries Are on the Up

According to compensation analysts at Foote Partners, IT salaries started to rise in late 2004 and they continued to do so through the early part of 2005. Based on surveys of 48,000 IT workers in North America and Europe from January through April of this year, Foote Partners profiled salaries for 170 different job types.

Foote Partners says companies are hiring again and they are also concerned about retaining talent for their existing and often legacy systems. "But it's really much more than that," explains David Foote, the firm's president and chief research officer. "Employers are once again investing in onshore applications development skills notwithstanding their desire to offshore some applications and business processes. They're demanding more industry-specific experience to go with tech skills mastery, and even systems-specific solutions experience within an industry, which is a fairly new development on the scale that we've been seeing it."

For the 12 months ended in April, salaries for IT workers with non-certified skills were up 3.6 percent, and salaries were up 2.8 percent in the first quarter. IT workers with certified skills tend to get paid a little higher, yet their salaries continued to climb by 4 percent in the past 12 months (again, ended in April), but only grew by 1.6 percent in the first quarter of the year. A year ago, salaries were shrinking. And now, it seems, a lot of certifications (particularly project management certifications) are being required to get that base salary and are not given any incremental value beyond that. The hot skills that IT managers are looking for right now are for Microsoft's SQL Server and .NET and IBM's WebSphere, and the highest-paying skills are for security, extreme programming, storage area networking, Oracle databases and applications, and SQL Server. Generic database and Web programming skills are losing value, and HTTP, HTML, WML, PowerBuilder, and Perl skills are "cold" skills.

IBM Splits Services Unit as Joyce Leaves for VC Firm

After reporting its financial results last week, IBM announced that John Joyce, who has headed up IBM's Global Services unit since May 2004 and who was the company's chief financial officer prior to that for five years, has departed Big Blue to join venture capitalist Silver Lake Partners. In the wake of his departure, which comes as the Global Services unit has stumbled a bit and forced a massive reorganization, IBM's chairman and CEO, Sam Palmisano, has decided that the Global Services unit, which represents more than half of IBM's annual sales but only a third of its profits, needs to be broken up to be more manageable.

To that end, Mike Daniels, head of IBM's Americas sales operations, has been tapped as senior vice president of the new Information Technology Services group within Global Services. This group will take over strategic outsourcing, e-business hosting, financing, and services aimed at small and medium businesses. Marc Lautenbach, who was running SMB sales at IBM, takes over the Americas region. Ginni Rometty, who has been heading up the integration of IBM's PricewaterhouseCoopers business process consulting acquisition for the past several years, is now senior vice president of the Enterprise Business Services group within Global Services. This group will deal with consulting and systems integration, business transformation outsourcing. IBM also tapped Bob Moffat to be senior vice president of Integrated Operations, which essentially means managing IBM's own supply chain, call centers, and outsourced operations. All three executives report directly to Palmisano.

Nick Donofrio, a long-time IBMer who has lead many initiatives at Big Blue, was also named executive vice president of innovation and technology, and he will be tasked with driving innovation deeper into the IBM culture.

AttachmateWRQ Partners with Kapow for Integration

Host connectivity vendor AttachmateWRQ last week announced a partnership with Kapow Technologies that will see the two companies peddle each other's wares and make them play nice with each other. AttachmateWRQ's Versastream host integration software allows companies to reach back into their OS/400, mainframe, Unix, VMS, and MPE servers and extract data from them for use in distributed applications; Kapow's RoboSuite software is used to take such data and mix it with Web technologies to create portals. Over the past year, the two companies have been engaged in deals together to solve different parts of the Web services problem, and they came to the conclusion that it made sense to formalize a partnership and jointly pursue opportunities.

Vision Solutions Delivers ORION for IBM's AIX on the iSeries

High availability software vendor Vision Solutions said last week that it has extended its ORION high availability clustering software so it supports IBM's AIX Unix variant.

The ORION suite of products, which started shipping in September 2003 after two years in development, were designed to support OS/400, Windows, Linux, and AIX from the get-go. The initial 2003 products obviously supported OS/400 very well, given the OS/400 heritage of Vision Solution's prior products, but also delivered data replication and switched disk services for Windows servers, switched disk services for Linux, and data replication between DB2, Oracle, and SQL Server. ORION for AIX can be used on AIX partitions running on the iSeries and supports either Independent Auxiliary Storage Pools (iASPs) or plain SCSI disks (which is what Unix is used to looking at). The software allows two or more servers connected to a common storage tower or subsystem to failover for each other in the event that one of the servers is knocked out. ORION for AIX can also be used on IBM's pSeries servers as a standalone product as well.

BOS Sells PrintBOS Unit, Attracts Funding

Better Online Solutions, which creates the host connectivity products that are marketed under the BOSaNOVA brand as well as RFID technology and telecommunications gateways for VoIP and cellular phone networks, said last week that it has sold the assets from its PrintBOS line of business to Consist Technology for $500,000 plus a take of future revenues for the product. The PrintBOS unit, which sells printer and document management middleware for iSeries-based ERP systems, requires more investment to fuel its growth than BOS is prepared to make, apparently; it had sales of $215,000 in the first quarter. BOS gets a 6 to 10 percent share of any revenues from the PrintBOS product line exceeding $1 million over the next three years as part of the agreement with Consist.

In addition to the sale of the PreintBOS unit, BOS said that it has completed a private placement of ordinary shares worth $1.7 million and will get another $500,000 from a group of investors by the end of July. Catalyst Fund, which is the largest investor in BOS, kicked in the money as did Brada Investments, Vamos, Arizona Maritime, Egean Financera, and Meitav Gemel. The company also announced that investor Laurus Master Fund has converted a loan and interest worth $1.58 million into ordinary shares instead of taking cash.

Gartner Says Microsoft, IBM the Leaders in Web Services

Never one to squander a good PR opportunity, Microsoft is making the most of a recent Web services report from industry analyst Gartner that looks favorably upon the software giant's Web services strategy. Last week, the analyst group published a report called the 2005 Magic Quadrant for Web Services Platforms, and in it, Microsoft was included in the "leader quadrant," which is where those vendors with the highest "completeness of vision" and the most "ability to execute" come together. Microsoft director of Web Services Strategy, Ari Bixhorn, says the software giant has a "comprehensive solution for organizations to integrate heterogeneous IT investments more securely and reliably," and that's probably accurate, as far as Gartner's analysis goes. But Microsoft wasn't the only company in the leader quadrant, and has to share that space with rivals IBM, Oracle, SAP (who is more of a partner these days), and Tibco Software. All in all, Gartner rated Microsoft highest in completeness of vision, and rated IBM highest in ability to execute.