Glad to have you back for this week's IBM i Pulse! Each week we will be taking a deeper look at this week's IBM i news. This week we are looking at a CIO Summit, a conversation about RPG, and security issues debunked. But First...
Profound Logic's resident Guru is back at it. Ted Holt has a great article on Legible Hexadecimal. Check it out!
CIO Summit Planned For IBM i Executives
by Dan Burger
Many CIO and IT Directors have similar feelings of going it alone. That their business situation and needs are unique and can't be understood by anyone else. But the reality for these high level executives is that most, if not all, of their situations are currently or in the past been shared by other CIO and IT Directors. Most difficult business situations have been dealt with before, but connecting the people who have experienced it with those who are going through it has always been difficult on that high of a level. Speaking with other executives who have experience with the IBM i and might be where you want to be could be invaluable information.
That is why the CIO Summit is partnering with the RPG & DB2 Summit this year to bring together CIO and IT Directors of IBM i shops to discuss the challenges they face and also discuss solutions that they have come up with in the past. This concept was first introduced in New York in April by Alan Seiden, an IBM i advocate who saw the value in sharing information and experiences with others.
“That CIO event was an experiment to see if CIOs would be interested in meeting, discussing solutions and seeing some presentations that would spark conversations,” Seiden said. “Would they take time out of their day to do this? We didn’t know if they would take time to do this, but I felt it would be something people could appreciate and it turned out to be received very positively.”
This next meeting will take place October 16-17 during the Fall RPG &DB2 Summit conference (register here) in Minneapolis Minnesota. The idea to hold both conferences at the same time was due in part that there was already an established group of IBM i developers attending the conference who are dedicated to learning and are motivated to help their companies... why not bring the CIO/IT Director along to do the same?
This also helps the developers showcase the changes that might be needed for a companies IT growth to the head of their department. This can slow down the process of change by giving the CIO/IT Director hands on knowledge of what new changes are out there and reduce the "permission" time to implement change.
It's a Win-Win!
Christoffer Ohman and Emil Siden Discuss Being Newcomers to RPG
by Paul Tuohy
In this iTalk with Tuohy, Paul interviews two students from Gothenburg University, Christoffer Ohman and Emil Siden, who participated in a one week "crash course" on RPG that Paul gave two years ago in 2015. Christoffer and Emil discuss how the course came about, why they took the course, how they were able to get jobs from it, and how they are now working on a modernization process with RPG. Here are some of the highlights from the students:
"They were pitching this course which was about a platform I've never heard about and a programming language I've never head about. They claimed that pretty much all of, like, banks and stuff like that are running this platform and I've never heard about it. We're doing a bachelor's degree in the computing science so yeah, I was intrigued by it so we both attended it." - Chirstoffer Ohman
"I made a table and a little program; you can maintain and then this monolithic program checks the table if it is this customer number, and then set these parameters. Of course, since we were working at the same time with the RPG LE source and the 36 source, I developed in the LE source because that is the one that is in the test environment. Then I had to sort of back convert it or demodernize the code to fit in the 36 code because they wanted to use it now in production―right now. And that was sort of an interesting experience because obviously when I just wrote in the test environment, I used at least semi modern programming techniques." - Emil Siden
This interview shows the power of teaching the younger generation exactly what is being practiced right now to help assist them to help business' and get jobs right out of college. Great interview Paul!
Debunking the Fake News Surrounding IBM i Security
by Carol Woodbury
Over her many years helping clients, Carol has found many clients have misconceptions about IBM i security, so much so she compiled a list of these misconceptions and what the reality is for each of them.
- User Class Forces the System to Check Authority - The User class is used to default the special authorities when the profile is created. It is not used when the system checks whether the user has sufficient authority to perform an operation.
- Enabling Security Causes Performance Issues - There are already so many performance enhancements in an operating system and with the authority-checking algorithm and other security features... it is very difficult to have security cause performance issues for you.
- Default Passwords Can be OK - It is never acceptable to keep a default password (a password that is the same as the profile name) because this is the very first thing a hacker will attempt. You should always require a new user to change the password as soon as their profile is created.
- QSECURITY 50 Enables All Password Rules - The QSECURITY 50 has never affected the password system values. At every security level you must configure the password system values... no security level enables them automatically.
- Adopted Authority Is Evil - Adopting Authority isn't evil, if you implement it effectively. It can provide a method to temporarily allow you the ability to do something without having provide access or assign special authorities.
- The System Can be Secured at QSECURITY Level 30 - Actually, operating system integrity is only guaranteed at Level 40 and above. At level 20 and 30, if you have authority to a job description you can use that job description to submit a job and run it as that privileged user.
- Use Only Parts of QSECURITY Level 40 - Don't do this... QSECURITY is a system value and that means it is all or nothing.
- Laws, Regulations, and Best Practices Don’t Apply to IBM i - This is actually something people think. The IBM i community must always comply with all laws, regulations and best practices.
- IBM i Has Never Been Hacked - Administrators who have created configuration mistakes or failed to patch known vulnerabilities (especially in open-source products) can create opportunity for unwanted access to data.
- Menu Security Is Sufficient - If you only configure your users to use a menu when the sign in and don't do anything to protect that data, your database is not secure.
November 15th-17th Profound Logic will be hosting our 2nd annual PLUS Seminar for their customers. Get the most value from your Profound Logic investment and assure your modernization success. Register here today!
One of our focuses for 2017 is the continued adoption of Node.js in IBM i shops. Click here to read our white paper on Why Node.js Is The Solution Your Company Needs.
Also, Profound.js 2.0 has been released! See how Profound.js 2.0 can help modernize your IBM i today!
And there, you're all caught up! Sounds like we have an interesting 2017!