• New Nav Makes Progress, But Still Not Caught Up with Old Nav

  October 26, 2022 Alex Woodie

  The Technology Refreshes have brought IBM closer to completing the transition to the new Navigator from the old Navigator product, which is susceptible to the Log4j security vulnerability. While the advances in IBM i 7.5 TR1 and 7.4 TR7 will help customers, the new Navigator product will still not be at feature parity with old Nav when the plug is pulled on the heritage product at the end of the year.

  IBM has been encouraging its IBM i customer base to accelerate its adoption of the new Navigator, which debuted just over a year ago with the introduction of IBM …

  Read more

• Software Supply Chain Attacks Are A Growing Threat

  October 3, 2022 Alex Woodie

  There’s a lot going on in the world right now, so you probably don’t need something more to worry about. But the cat-and-mouse world of cybersecurity never sleeps, and one of the threats keeping the good guys up at night right now is the growing risk of software supply chain attacks. Unfortunately, security through obscurity won’t provide as much protection for the IBM i server this time around.

  Just what is a software supply chain attack? According to the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA), a software supply chain attack occurs when “a cyber threat actor infiltrates a …

  Read more

• Multiple Security Vulnerabilities Patched on IBM i

  June 22, 2022 Alex Woodie

  In recent weeks, IBM has disclosed a handful of vulnerabilities in its IBM i operating system and related IBM i products, including Db2 Mirror, WebSphere, Navigator for i, the Java development and runtime tools, and OmniFind Text Search Server. IBM has shipped PTFs for the security problems, which range in severity from medium to high.

  IBM warned of security holes in the HTTP Server (the one powered by Apache) in a June 13 security bulletin. The flaws, identified as CVE-2022-22720 and CVE-2022-22721, carry the risk of a HTTP request smuggling that could poison the Web cache, bypass firewalls, and …

  Read more

• Getting A Firm Handle On Power Systems And Storage Firmware

  June 15, 2022 Richard Warren

  Back in the old days of the AS/400 and the iSeries, most customers had a single box or maybe two, one for production applications and databases and one for development of high availability. And everything that box needed was inside of itself.

  And at most, you applied two kinds of PTFs – those for the operating system and those for the microcode – to the machine, and you did that maybe once or twice a year and every once in a while you might add some group PTFs to update security or other important features.

  But the world has changed …

  Read more

• Guru: IBM i Unauthenticated Access

  April 25, 2022 Bruce Bading

  One of the greatest threats to any network, host, or server is unauthenticated access where an attacker can gain local or remote access with no credentials that can lead to a Critical rating with the following descriptions (CVSS v3.1 User Guide (first.org).

  Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.)

  Integrity Impact Complete (There is a total compromise of system integrity, and a complete loss of system protection resulting in the entire system being compromised.)

  Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render …

  Read more

• IBM Ships ACS Version 1.1.9.0

  April 13, 2022 Alex Woodie

  IBM this week delivered an update to Access Client Solutions (ACS), the popular Java-based utility that many IBM i professionals use to interact with the platform. IBM is delivering several enhancements with ACS version 1.1.9.0, some of which came through the request for enhancement (RFE) process. It also defaults to opening IBM’s new Navigator for i, rather than the old one, which is susceptible to the Log4j security vulnerability.

  ACS is the universal Java-based utility that IBM unveiled 10 years ago this August to replace older Client Access products, including the ones for Windows, Linux, and Mac. The software, which …

  Read more

• The State Of The IBM i Base 2022: Third Party Software Conundrum

  April 11, 2022 Timothy Prickett Morgan

  Aside from death, most problems are not intractable. But people surely can be, and sometimes are. But luckily not often, and the thing about people is that, generally speaking, they can be reasonable when they are reasoned with. It is with all of this in mind that we come to the next in the State of IBM i Base stories for 2022, where we want to talk about the software trap that the remaining OS/400, i5/OS, and some IBM i shops have gotten themselves into and how we might help them get out of it to the mutual benefit of …

  Read more

• IBM i PTF Guide, Volume 24, Number 14

  April 6, 2022 Doug Bidwell

  Get your PTF patching fingers ready to roll across the keyboard because there are some new security vulnerabilities in the IBM i platform. First up, Security Bulletin: IBM Db2 Web Query for i is vulnerable to denial of service in Apache Commons Compress (CVE-2021-36090), arbitrary code execution in Apache Log4j (CVE-2021-44832), and cross-site scripting in TIBCO WebFOCUS (CVE-2021-35493), which you can learn about here.

  Release 2.2.0 can be fixed by upgrading to release 2.2.1 or 2.3.0, depending on your IBM i release level:

  • IBM i 7.4: Upgrade to Db2 Web Query for i 2.3.0
  • IBM i 7.3: Upgrade to

  …

  Read more

• IBM i PTF Guide, Volume 24, Number 13

  March 30, 2022 Doug Bidwell

  It’s pretty quiet on the PTF western front. Not that there isn’t always some kind of weird stuff going on . . . because, let me assure you, there is. IBM i customers have all kinds of weird things happening, and that ain’t no April Fool’s joke. But, mercifully, this week, as we end the first quarter and Spring is starting meteorologically as well as calendaricly – yes, I just made that word up – there are only a few things going on.

  Once again: To help you with the Log4j security vulnerability, we have created a supplemental spreadsheet as …

  Read more

• Guru: IBM i Experience Sharing, Case 2 – Dealing With CPU Queuing Wait Time

  March 21, 2022 Satid Singkorapoom

  When we drive our cars, we hope to avoid red lights and traffic jams, because we all hate waiting immobile in traffic. I’m sure that you are aware, fully or subtly, that active jobs in any computer system can encounter wait as well. The IBM i developer team has categorized many types of wait.

  In this article, let’s look at CPU Queuing wait time. Let’s see how we can interpret and address it in a sensible way to resolve poor performance. I’ll try to provide you with a useful approach to wait time analysis using a gloriously useful performance reporting …

  Read more

Previous Articles Next Articles