Realizing The Promise Of Cross Platform Development With VS Code

January 25, 2023

Jeff Tickner

An integrated development environment is like a tractor or a truck, or indeed any other kind of tool. There are farmers who want a tractor from John Deere or Ford or Massey-Ferguson, contractors who want a Ford or Dodge or GMC truck, and carpenters and electricians who use Dewalt or Milwaukee Electric or Makita cordless tools.

No matter the choice of tools, ultimately these blue collar workers are going to farm and build things, and the choice of tool should not interfere with that effort. White collar – or far more likely no collar T shirt – programmers are no different in having strong preferences when it comes to their IDEs. But the choice of IDE should not hinder developers as they create applications for the IBM i platform, and moreover, the choice of the VS Code IDE commonly used by developers working on Linux, MacOS, and Windows platforms should not stop them from developing code for the IBM i platform.

There is a lot of buzz around Visual Studio Code, which is the formal name of the open source spinoff of the Visual Studio IDE that Microsoft released to the world back in early 2015. VS Code is based on the Electron framework, which was made initially to create Node.js applications and has the same editor that Microsoft created at the core of its Azure DevOps tool for creating applications for the Azure cloud. VS Code can be the source code editor for C, C++, C#, Java, JavaScript, Go, Node.js, Python, Rust, Fortran, and other languages.

Importantly, VS Code integrates tightly with the Git code repository. And this is one of the secrets of VS Code’s success. Using the ARCAD integration with Git, any number of disparate IDEs can be used for IBM i software development, even within the same team. With ARCAD, a given developer can choose either Merlin, VS Code, Rational Developer for i (RDi), or even green screen PDM to make his code change via Git. Today, a new generation of programmers who use VS Code can create and deploy code for the IBM i platform without knowing anything at all about the IBM i platform itself.

Part of the magic behind the VS Code integration with the IBM i platform comes from an open source project called Code for i comprising plug-ins to VS Code that give developers access to IBM i language parsers and compilers – RPG, COBOL, CL – and allows code created within VS Code to be compiled on Power Systems iron. Now that your RPG or COBOL is in Git, how to you build?  It’s easy – using the ARCAD Builder engine.

Additionally, VS Code is also a key element in the IBM strategy for IBM i development. Indeed, the IBM Merlin DevOps & Modernization platform for IBM i together with its integrated VS Code-compatible IDE has been designed for a modern hybrid cloud world with a browser-based UI. IBM uses ARCAD’s build engine for Merlin. Merlin is a strategic platform securing the generational transition for IBM i development and is key to safeguarding the future of today’s mission critical IBM i applications.

More and more features are being added to these VS Code-based solutions, including code coverage which tells you what portions of your code are actually running and which portions are not really executing as the application churns through its work. There is even support for a native IBM i debugger available in Merlin now.

With ARCAD’s integration of IBM i with Git as well as Jenkins continuous integration/continuous deliver automation, and Jira bug tracking tools, we have been bringing the IBM i developers into the same kind of environment and DevOps process that the open systems people have been using for a long time.

But here is the interesting thing.

When we started down the road with Git, so many years ago, we assumed that we would get traction with small, private companies that had the most flexibility and could adopt new things easily. But the exact opposite happened. The largest companies – banks and insurance companies – that had already adopted the DevOps approach and open source software had been waiting to adopt it for their IBM i platforms because they had already been using it for Linux, Windows, and Unix platforms.

Here is how VS Code integration with Git and IBM i integration with Git are a powerful combination for IBM midrange shops.

I’m implementing ARCAD for DevOps with an insurance company right now – obviously I can’t say who they are, but they are an Azure shop. They have their IBM i developers using RDi and they are excited that they can also choose VS Code as an IDE. As they roll VS Code out, aside from the parity on the IBM i platform, another benefit that they have is that the open systems developers on Azure can interact with the DB2 for i database, but they don’t know anything about it.

Previously, their process was to use stored procedures and user defined SQL functions to access data on DB2 for i. But because they have been siloed, the .NET developer would go into Visual Studio and create a description of the SQL function and then they would have to hand it off to the native IBM i developer, who would write it and put it in test. And then the .NET developer would check to see if it actually works the way they described the function. It’s a lot of back and forth and is very inefficient.

Now with the ARCAD integration with Git, the .NET developer can go into Visual Studio, and without doing anything special they can write a stored procedure directly and push it into the IBM i Git repository and it will be built on the IBM i platform. And they can test it and it doesn’t have to involve another developer. They can be autonomous. And they don’t have to have any access to the IBM i – they don’t even know what an IBM i platform is. They know how to write SQL and that is all they need to know.

As you might imagine, the native IBM i developers were at first a little reluctant to let this happen – being IBM i experts and wanting to ensure the quality of their applications, they liked having control, even though it wasn’t an efficient use of their time. But with ARCAD and Git we can ensure they have the control they need, by setting up a process in Azure that ensures that the developer can’t merge this into the main branch until a code review has taken place, leaving the IBM i developer to validate the code the .NET developer has produced. This is the process that the open systems developers have been using for a long time and with ARCAD we can transparently bring the IBM i developers into this agile way of working.

VS Code is becoming a standard because it is readily available and extensible. People add more functionality all the time. When the kids in college are learning how to develop, they normally use VS Code now. And when they take their first job, they can now be an IBM i developer without even realizing it.

The important thing to realize is that VS Code without ARCAD is not, of itself, sufficient for managing IBM i source. You also need the ARCAD layer (also shipped within Merlin) which automates dependency builds, static code checking, unit testing, regression testing, deployment, and so on. ARCAD has 30 years of experience managing code on directly on the IBM i platform, and while it is possible to do it without our Git implementation, it is just not going to be much fun and it is just not going to scale and it will have a lot of manual setup and intervention.

To learn more about the ARCAD solutions for DevOps on IBM i, join our Webinar series:

[IBM i Webinar] Demystifying DevOps on IBM i

Jeff Tickner is chief technology officer for North America at ARCAD Software.

This content is sponsored by ARCAD Software.

RELATED STORIES

If You Aren’t Automating Testing, You Aren’t Doing DevSecOps

The Lucky Seven Tips Of IBM i DevSecOps

Git Is A Whole Lot More Than A Code Repository

Learning To Drive Fast On The DevOps Roadmap

Expanding Fields Is A Bigger Pain In The Neck Than You Think

Value Stream Management: Bringing Lean Manufacturing Techniques To IBM i Development

Unit Testing Automation Hits Shift Left Instead of Ctrl-Alt-Delete Cash

It’s Time For An Application Healthcheck

The New Economy Presents New Opportunities For IBM i

Creating Web Services APIs Can Be Easy On IBM i

Jenkins Gets Closer IBM i Hooks, Courtesy Of ARCAD

DevOps Transformation: Engage Your IBM i Team

The All-Knowing, Benevolent Dictator Of Code

Software Change Management Has To Change With The DevOps Times

Attention Synon Users: You Can Automate Your Move To RPG Free Form And DevOps

Git Started With GitHub And ARCAD On IBM i

One Repository To Rule The Source – And Object – Code

Data Needs To Be Anonymized For Dev And Test

Getting Progressive About Regression Testing

Transforming The Art Of Code And The Face Of IBM i

Four Hundred Monitor, January 25

January 25, 2023

Jenny Thomas

Have you noticed there is national day for just about everything? Just in the month of January, we have national chocolate-covered cherry day, national bean day, national houseplant appreciation day, and national dress up your pet day, to name just a few. As it turns out, we are now in the middle of a week that our industry should probably be celebrating a little bit louder. Data privacy week, which runs from January 22 through 28, was created by the National Cybersecurity Alliance to help spread awareness about online privacy, and educates citizens on how to manage personal information, and organizations understand why it is important to respect users’ data. We’ve got more detail for you in the Top Stories below, as well as lots of additions to the calendar for you to peruse.

Top Stories From Around The Jungle

(National Cybersecurity Alliance) A handy rundown of data privacy week history and events.

(CyberRes Community) California Consumer Privacy Act puts a spotlight on the importance of data minimization.

(IT Jungle) The Jungle’s own Alex Woodie has been working on a vision board for the IBM i by talking with community experts about what’s to come in 2023. Catch up on Part 1 and Part 2 of his series.

(FCW) Quantum computing. AI. Cybersecurity. ChatGPT Pro. The future may be here, but COBOL never left.

(CNBC) In honor of data privacy week, here’s a fun look at the 20 most common passwords leaked on the dark web.

Redbooks, White Papers, Blogs, Podcasts, and Other Resources

(Manta Technologies) It’s the final week of Manta’s year-end sale. All 125 courses – including the Competency Exams and Student Reference Guides – are 30 percent off. The sale ends January 31.

(Fortra) Listen in as IT Jungle’s Tim Prickett Morgan joins a panel of experts to dissect the results of Fortra’s 9th annual IBM i Marketplace Survey during a free, hour-long webinar this Thursday, January 26. The presentation begins at 10 a.m. Eastern time.

(IBM Champions) It’s time to meet the IBM Champion class of 2023, which boasts 839 IBM Champions from 60 countries around the world.

(Seiden Group) This blog offers tips on how to configure and use SSH on IBM i.

(Charles Guarino Blog) Charlie makes the case to advocate for your IT team and the work you do.

Chats, Webinars, Seminars, Shows, and Other Happenings

January 26 – Franklin, Tennessee & Online – Get “Tricks with spool files using SQL” with Simon Hutchinson (RPGPGM.COM) at the January IBM Midrange User Group (IMUG) meeting. This is a free event open to non-members.

January 26 – Webinar – The results of Fortra’s 9th annual IBM i Marketplace Survey will be unveiled during this free, hour-long webinar. IT Jungle’s Tim Prickett Morgan will join a panel of experts, including Fortra, executive vice president of technical solutions Tom Huntington, worldwide IBM i product marketing manager Brandon Pederson, and IBM i product managers Dan Sundt and Alison Butterill. The presentation begins at 10 a.m. Eastern time.

January 26 – Webinar – Join ARCAD for part one of a three-part Roundtable Webinar Series, where ARCAD experts will demystify the move to Git and an automated process with options that work for everyone. During this first session, the discussion will focus on developer tools and ways to use Git including iProject, Merlin, VS Code, ARCAD’s Centralized option, and more.

January 31 – Webinar – Join this live webinar to learn where malware danger lies and how you can protect your systems. Power security expert Sandi Moore will discuss real-world examples of malware attacks on IBM i, and provide effective tactics for avoiding infections.

January 31 – Webinar – Discover how you can achieve faster processes, greater business agility, and improved data quality during Precisely’s webinar “The 6 Features You Need for Automation Success.”

February 1 – Webinar – Join iTech Solutions, a Service Express company, for a webinar with Steve Pitcher as he covers the Basics of Enterprise Identity Management. These sessions are designed for anyone starting out as an IBM i system admin, looking to refresh their knowledge, or looking to learn more.

February 9 – Webinar – Join ARCAD for part two of a three-part Roundtable Webinar Series, where ARCAD experts will demystify the move to Git and an automated process with options that work for everyone. During this second session, the discussion will focus on feature/release, branch management, and building the branches with tools like Bob and ARCAD.

February 15 – Webinar – Learn how to modernize IBM i data access without programming at this free webinar hosted by New Generation Software. See a demo and learn about low-cost licensing options, tech support, maintenance, and education.

February 23 – Webinar – Join ARCAD for the final session of a three-part Roundtable Webinar Series, where ARCAD experts will demystify the move to Git and an automated process with options that work for everyone. During this third session, the discussion will focus on pipeline tools like Jenkins and the new automation features of Git packages.

March 8 – Webinar – Join Rocket Software for a Women Leaders In Technology (WLIT) coffee talk for International Women’s Day. The team from reacHIRE will be discussing how they support women in building their leadership skills, relationships, and community so that their careers and lives thrive, which also enables organizations to build a strong and diverse leadership pipeline.

March 14-16 – Delavan, Wisconsin – The Wisconsin Midrange Computer Professional Association (WMCPA) will be having its annual Spring technical conference in-person at Lake Lawn Resort in 2023.

April 24-27 – Denver, Colorado – Save the date for COMMON’s POWERUp 2023, which will be held at Sheraton Denver Downtown.

Special Authorities – What are they on IBM i?

If you come from the world of IBM I you will have heard of *ALLOBJ authority.

This is the ultimate level of object access authority on an IBM I system. *ALLOBJ literally means you are authorized to read, change, or delete any/all objects on the system! It’s a super user, admin level of ability, and it’s very obvious how dangerous this could be when granted to the wrong person.

What’s not so obvious it’s just how often it’s used throughout the industry.

I’m constantly shocked, logging onto a customer’s machine, to see many user profiles for regular users, IT staff and even ‘service profiles’ (those used to connect to the machine for web services) that are set up with* all object authority.

This is so dangerous it’s unbelievable. If you have the user and password for a service account with *ALLOBJ you can connect and do untold damage.

Don’t give *ALLOBJ to users. Full Stop. Repeat that.

While we are talking about dangerous rights – what about this *SECADM level?

*SECADM allows the user to create other user profiles, or modify them. As you might imagine, *SECADM in conjunction with *ALLOBJ puts you in God Mode!

If you have *SPLCTL, you can do anything with any of the reports on the system. Think about how dangerous this could be if a regular user has access to read HR salary?

So the first step in securing your IBM-i system is to understand what the special authorities mean and do so let’s have a look at some of them:

A quick look at IBM i special authority

*AUDIT

Any users with audit authority means they can change the system values and other auditing functions built into the operating system. These background jobs are constantly auditing what’s happening at a system level. Maybe recording things like user profile changes, any system authority changes or even granular things when files are written to the IFS.

With that in mind, you can quicly see that anybody with *AUDIT ability could maliciously hide some of those activities from your system admins, security or audit teams.

You should only ever grant audit authority to people running in security or as an administrator role

*JOBCTL

Job control allows users to control what is running on the system.

Jobs? If you’re new to IBM I any process that’s running a program is called a job. So when I sign on to the machine, that process is called ‘my job’ and everything that I do while I’m signed on is all part of that one job. If I submit something to run in the background, that’s that’s its own job.

Job Control gives you the the ability to hold and change any of the jobs running on the system. This is commonly an authority that’s granted to lots of people and that’s a bad thing.

Why?

If you give someone job control they have the ability to change other users jobs. They can lower the run priority, increase the time slice, change auditing values or do all kinds of things on the jobs to make them eat the machines memory resources.

If the user has job control, they can look at other users spooled files in their outputout queues. This is obviously an invasion of privacy.

job control should only be granted to users that need to change job details when they’re running.

*IOSYSCFG

This special authority does exactly what it says on the tin – it lets you change the input and output system configuration this means changing communications TCP settings network settings file share information.

Be careful who you grant this to, because anyone that can change communication settings could be calamitous for your business if they accidentally brought down your network. Or deliberately bring down your communications?

Only ever allow system administrators or system operators to have *IOSYSCFG

*SAVSYS

Another special authority that does so it says on the tin – SAVE SYSTEM lets you save the system.

This should only ever be granted to operators, system administrators or the team that is responsible for backing up the IBM system itself.

*SAVSYS is often assigned to developers, but unless they’re going to perform these functions they just don’t need it. Something to consider here is that the default IBM profile QPGMR has *SAVSYS and people often look at QPGMR, and think “OH I must grant my programmers the same rights because that will let them back up to save files or restore their own work”.

But that’s just not true!

*SAVSYS is a systemwide saving level. Users without can save their objects, as long as you have the rights to an object’s existence you can save that object.

Granting a user *SAVSYS lets them save anything on the system even if they’re not authorized to it you can quickly see the size of this exposure?

*SERVICE

Service is a special authority that should only be granted to your System Administrators. It grants some powerful functions like the ability to work with disk units and run communications traces and other system debug level functions

Of course this is just dipping your toe in the waters of special authorities so here’s the most recent IBM manual I could find it’s at version 7.5 but this should apply to anything from 7.3 open brackets which is just being going out of service close brackets upwards grab a coffee and read on my friend: