• Multiple Vulnerabilities Pop Up In Navigator For i

  January 23, 2023 Timothy Prickett Morgan

  Why do we network computers again? Remind me.

  A new security bulletin was released for the Navigator for i system management interface for the IBM i platform on January 18, which rolls up four different vulnerabilities for Navigator for i that leave it open to log file access, to obtaining file attributes, and to SQL Injection attacks due to multiple other vulnerabilities.

  You can read about this security bulletin at this link. The most severe of the issues is the SQL injection attack, which has a CVSS Base score of 6.3 out of 10. According to the bulletin: “IBM …

  Read more

• IBM i PTF Guide, Volume 25, Number 4

  January 23, 2023 Doug Bidwell

  Here are some reminders to start off the IBM i PTF Guide this week.

  First, there are new releases for Access Client Solutions and the ODBC database driver. (See ACS_NAV in the Guide for the links.) The funny bit – funny odd, not funny hilarious – is that version 26 of ACS did not allow companies to create a database source for ODBC, which is serious shortcoming. Now, there is a new version 27 that will let you do it. Here is the updated software:

  Description				   Version
  IBM i Access Client Solutions (1.1.9.1)	   1.1.9.1
  ACS Windows App Pkg English (64bit)	   

  …

  Read more

• Multiple Security Vulnerabilities Patched on IBM i

  June 22, 2022 Alex Woodie

  In recent weeks, IBM has disclosed a handful of vulnerabilities in its IBM i operating system and related IBM i products, including Db2 Mirror, WebSphere, Navigator for i, the Java development and runtime tools, and OmniFind Text Search Server. IBM has shipped PTFs for the security problems, which range in severity from medium to high.

  IBM warned of security holes in the HTTP Server (the one powered by Apache) in a June 13 security bulletin. The flaws, identified as CVE-2022-22720 and CVE-2022-22721, carry the risk of a HTTP request smuggling that could poison the Web cache, bypass firewalls, and …

  Read more

• Guru: IBM i Experience Sharing, Case 2 – Dealing With CPU Queuing Wait Time

  March 21, 2022 Satid Singkorapoom

  When we drive our cars, we hope to avoid red lights and traffic jams, because we all hate waiting immobile in traffic. I’m sure that you are aware, fully or subtly, that active jobs in any computer system can encounter wait as well. The IBM i developer team has categorized many types of wait.

  In this article, let’s look at CPU Queuing wait time. Let’s see how we can interpret and address it in a sensible way to resolve poor performance. I’ll try to provide you with a useful approach to wait time analysis using a gloriously useful performance reporting …

  Read more

• IBM i PTF Guide, Volume 24, Number 5

  February 2, 2022 Doug Bidwell

  Another week, another security vulnerability. This time, there is one in the Db2 stack for IBM i. Specifically, we present to you Security Bulletin: IBM Db2 Mirror for i is vulnerable to denial of service due to gson 217225, which you can read in full at this link. As the Db2 Mirror database clustering technology is only available on IBM i 7.4, this is the only IBM i release that is affected.

  The IBM i Group PTF number containing the fix for this vulnerability follows: Release 7.4 – SF99668 level 17.

  Just a reminder that there is a new …

  Read more

• IBM i PTF Guide, Volume 24, Number 4

  January 26, 2022 Doug Bidwell

  A new Oracle JCE Code Signing CA was recently implemented in the IBM JDK to resolve APAR IJ26310. Specifically, this is related to IBM JDK 8.0 SR6 FP25, JDK 7.1 SR4 FP75, and JDK 7.0 SR10 FP75, whereby Java applications running on the IBM i operating system might encounter the error messages “JCE is not installed properly” or “JCE cannot authenticate the provider XX” or “xyz.jar is not signed by a trusted signer” after upgrading to the following IBM i Java Group PTF level or newer.

  The following IBM i Java Group PTF levels install 8.0 SR6 FP25.

  • Release 7.1:

  …

  Read more

• Some Good Advice About Log4j Mitigation Gotchas

  January 24, 2022 Timothy Prickett Morgan

  The Apache Log4j logging utility written in Java and available since the end of the Dot Com Boom in early 2001, has been installed far and wide into many systems and systems software packages in the more than two decades it has been available. And that is why the zero-day security vulnerability discovered by Chinese computing giant Alibaba on November 24 last year and revealed on December 9 has caused so much concern.

  Log4j is everywhere and that means the Log4Shell vulnerability that Alibaba described makes it particularly scary. But before we get into some of the mitigation advice that …

  Read more

• In The IBM i Trenches With: IBM Champion Ash Giddings

  December 13, 2021 Timothy Prickett Morgan

  It may be hard to believe, but not everybody who has worked on an AS/400, iSeries, System i, or IBM i platform is a programmer. Even if they care a great deal about programs and how they run on the boxes. Ash Giddings, who is an IBM Champion in 2021 and a newly appointed product manager at high availability software provider Maxava, is one such chap, and we got an opportunity to have a chat with Giddings about what is going on with performance management, systems management, disaster recovery, and high availability out there in the IBM i base.

  Like …

  Read more

• Guru: Physical System Performance

  November 15, 2021 Dawn May

  Almost all IBM i shops use logical partitioning and have several partitions on a single Powerbox. There may be several IBM i partitions, VIOS partitions, and possibly AIX or Linux on Power partitions. Regardless of what type of operating system is running in the partition, the hypervisor collects performance metrics for all partitions. These performance metrics are always being collected, and you can allow a partition access to these performance metrics. In the case of IBM i, this physical system performance data can be gathered by Collection Services. IBM documents this feature in Collecting and displaying CPU utilization for all …

  Read more

• Revenge Of The Zombie Green Screen

  October 30, 2019 Alex Woodie

  Don’t look now, but command line interfaces – which were supposed to have been killed off years ago at the hands of superior graphical user interfaces (GUIs) – are making a comeback in the general IT scene. And the command line love appears to be spilling over into the IBM i.

  Command line interfaces, or CLIs, never completely disappeared from the scene. Even Windows 10 users can summon the dark magic of the DOS prompt with a few tactical clicks of the keyboard, mouse, or (God forbid) touchscreen. But like crazy uncles and credit card debt, the CLI has largely …

  Read more

Previous Articles