IBM i PTF Guide, Volume 24, Number 49

December 7, 2022

Doug Bidwell

It is another one of those weeks when there are a slew of security vulnerabilities to attend to. Four that we know of, to be precise.

First, there is Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google protobuf-java (CVE-2022-3171, CVE-2022-3509), which you can read more about at this link. This vulnerability affects IBM WebSphere Application Server Liberty versions 21.0.0.2 through 22.0.0.12.

Second, there is Security Bulletin: ISC BIND on IBM i is vulnerable to denial of service due to memory leaks and a flaw in resolver code (CVE-2022-2795, CVE-2022-38177, CVE-2022-38178), which you can find out more about here. The IBM i PTF numbers contain the fix for the vulnerabilities:

IBM i Release 5770-SS1 PTF Number
7.5 SI81706
7.4 SI81707
7.3 SI81708
7.2 SI81709

Third, there is Security Bulletin: Digital Certificate Manager for IBM i is vulnerable to cross-site scripting (CVE-2022-34358), which you can see more about here. The IBM i PTF numbers contain the fix for the vulnerability:

IBM i Release 5770-SS1 PTF Number
7.5 SI80415
7.4 SI80414
7.3 SI80413
7.2 SI80412

<pre class=”code”>

Additional URLs were identified that can be used for a cross-site scripting attack resulting in superseded PTFs. The IBM i superseding PTF numbers contain the fix for the vulnerability:

IBM i Release 5770-SS1 PTF Number
7.5 SI81854
7.4 SI81853
7.3 SI81852
7.2 SI81845

It is recommended that the heritage version of Digital Certificate Manager not be used. PTFs are available that disable the heritage version of Digital Certificate Manager. IBM i releases 7.5, 7.4, and 7.3 will be disabled. The IBM i PTF numbers to disable heritage version of Digital Certificate Manager:

IBM i Release 5770-DG1 PTF Number
7.5 SI81417
7.4 SI81418
7.3 SI81419

And fourth, there is Security Bulletin: ISC DHCP server for IBM i is vulnerable to a denial of service attack due to a memory leak and reference count overflow (CVE-2022-2928, CVE-2022-2929), which you can get more information about at this link here. The IBM i PTF numbers contain the fix for the vulnerabilities.

IBM i Release 5770-SS1 PTF Number
7.5 SI81438
7.4 SI81439
7.3 SI81440
7.2 SI81441

Now, here is the rundown of PTF Groups by IBM i release level since we last published:

PTF Groups 7.5:

Latest Cumulative PTF Package
HIPERs (High Impact/Pervasive)
Security
Technology Refresh
DB2 for IBM i

PTF Groups 7.4:

Latest Cumulative PTF Package
HIPERs (High Impact/Pervasive)
Security
Technology Refresh
DB2 for IBM i
IBM Db2 Mirror for i
Temporary Storage PTFs

PTF Groups 7.3:

Latest Cumulative PTF Package
HIPERs (High Impact/Pervasive)
Security
Technology Refresh

PTF Groups 7.2:

HIPERs (High Impact/Pervasive)
Security

New (or Updated) links added to the ‘Links’ tab in the guide this week:

DBU: ProData – Home of DBU

New (or Updated) links added to the ‘QMGtools’ tab in the guide this week:

New (or Updated) links added to the ‘ACS_NAV’ tab in the guide this week:

New (or Updated) links added to the ‘Prtr Links’ tab in the guide this week:

Tips/Definitions: How long has it been since you did a SAVE 21?

The Guide at a glance: There are no new defectives this week (12/03/22). Here is the defective PTF rundown, which is the last defective for each release:

Defect Defective APAR Fixing
Date PTF PTF
——– ——– ——- ——-
7.5 11/22/22 SI81328 SE78918 SI81867 (When available)
7.4 12/01/22 MF69286 MA49947 MF70500 (When available)
7.3 12/01/22 MF69085 MA49947 MF70499 (When available)
7.2 12/08/21 SI77634 SE73420 SI78039 (Read the link in the guide!)

Be sure to access the link in the Guide for further details.

Below is the usual archive of the IBM i PTF Guide to help you work through the PTFs in chronological order:

December 3, 2022: Volume 24, Number 49

November 26, 2022: Volume 24, Number 48

November 19, 2022: Volume 24, Number 47

November 12, 2022: Volume 24, Number 46

November 5, 2022: Volume 24, Number 45

October 29, 2022: Volume 24, Number 44

October 22, 2022: Volume 24, Number 43

October 15, 2022: Volume 24, Number 42

October 8, 2022: Volume 24, Number 41

October 1, 2022: Volume 24, Number 40

September 24, 2022: Volume 24, Number 39

September 17, 2022: Volume 24, Number 38

September 10, 2022: Volume 24, Number 37

September 3, 2022: Volume 24, Number 36

August 27, 2022: Volume 24, Number 35

August 20, 2022: Volume 24, Number 34

August 13, 2022: Volume 24, Number 33

August 6, 2022: Volume 24, Number 32

July 30, 2022: Volume 24, Number 31

July 23, 2022: Volume 24, Number 30

July 16, 2022: Volume 24, Number 29

July 9, 2022: Volume 24, Number 28

June 25, 2022: Volume 24, Number 26

June 18, 2022: Volume 24, Number 25

June 11, 2022: Volume 24, Number 24

June 4, 2022: Volume 24, Number 23

May 28, 2022: Volume 24, Number 22

May 25, 2022: Volume 24, Number 21

May 14, 2022: Volume 24, Number 20

May 7, 2022: Volume 24, Number 19

April 30, 2022: Volume 24, Number 18

April 23, 2022: Volume 24, Number 17

April 16, 2022: Volume 24, Number 16

April 2, 2022: Volume 24, Number 14

March 26, 2022: Volume 24, Number 13

March 19, 2022: Volume 24, Number 12

March 12, 2022: Volume 24, Number 11

March 5, 2022: Volume 24, Number 10

February 26, 2022: Volume 24, Number 9

February 19, 2022: Volume 24, Number 8

February 12, 2022: Volume 24, Number 7

February 5, 2022: Volume 24, Number 6

January 29, 2022: Volume 24, Number 5

January 22, 2022: Volume 24, Number 4

January 15, 2022: Volume 24, Number 3

January 8, 2022: Volume 24, Number 2

January 1, 2022: Volume 24, Number 1

December 6, 2021: Volume 23, Number 48

November 20, 2021: Volume 23, Number 47

November 13, 2021: Volume 23, Number 46

November 6, 2021: Volume 23, Number 45

October 30, 2021: Volume 23, Number 44

October 23, 2021: Volume 23, Number 43

October 16, 2021: Volume 23, Number 42

October 9, 2021: Volume 23, Number 41

October 2, 2021: Volume 23, Number 40

September 25, 2021: Volume 23, Number 39

September 18, 2021: Volume 23, Number 38

September 11, 2021: Volume 23, Number 37

September 4, 2021: Volume 23, Number 36

August 28, 2021: Volume 23, Number 35

August 21, 2021: Volume 23, Number 34

August 14, 2021: Volume 23, Number 33

August 7, 2021: Volume 23, Number 32

July 31, 2021: Volume 23, Number 31

July 24, 2021: Volume 23, Number 30

July 17, 2021: Volume 23, Number 29

July 10, 2021: Volume 23, Number 28

July 3, 2021: Volume 23, Number 27

June 26, 2021: Volume 23, Number 26

June 19, 2021: Volume 23, Number 25

June 12, 2021: Volume 23, Number 24

June 5, 2021: Volume 23, Number 23

June 5, 2021: Volume 23, Number 22

May 22, 2021: Volume 23, Number 21

May 15, 2021: Volume 23, Number 20

May 8, 2021: Volume 23, Number 19

May 1, 2021: Volume 23, Number 18

April 24, 2021: Volume 23, Number 17

April 17, 2021: Volume 23, Number 16

April 10, 2021: Volume 23, Number 15

April 3, 2021: Volume 23, Number 14

March 27, 2021: Volume 23, Number 13

March 20, 2021: Volume 23, Number 12

March 13, 2021: Volume 23, Number 11

March 6, 2021: Volume 23, Number 10

February 27, 2021: Volume 23, Number 9

February 20, 2021: Volume 23, Number 8

February 13, 2021: Volume 23, Number 7

February 6, 2021: Volume 23, Number 6

January 31, 2021: Volume 23, Number 5

January 23, 2021: Volume 23, Number 4

January 16, 2021: Volume 23, Number 3

January 9, 2021: Volume 23, Number 2

January 2, 2021: Volume 23, Number 1

December 26, 2020: Volume 22, Number 52

December 19, 2020: Volume 22, Number 51

December 12, 2020: Volume 22, Number 50

December 5, 2020: Volume 22, Number 49

Four Hundred Monitor, December 7

December 7, 2022

Jenny Thomas

We’re back from the Thanksgiving break, but not for long. There are just a few weeks remaining on the calendar, but there’s still plenty happening in and around our IBM i ecosystem. We’ve got a few news bites for you, as well as some resources that might come in handy as we wind down 2022. We are looking to fill up our calendar in 2023, so please sure to pass any events our way. Four Hundred Monitor will wrap up for the year next week, but before we go, let’s take a look at the news of the week.

Top Stories From Around The Jungle

(CIO Dive) The hybrid cloud remains IBM’s plan “cloudify” and compete in the cloud market.

(techradar.pro) There’s no hiding from inflation. IBM is raising storage prices across the board.

(EE Times) IBM’s 433 Qubit quantum computer is here.

(electropages) The lawsuit against Micro Focus continues.

(Coin Desk) Blockchain was all the rage just a few years ago, but now some of those projects are winding down.

Redbooks, White Papers, Blogs, Podcasts, and Other Resources

(Manta Technologies) Manta’s year-end sale is happening now. All 125 courses – including the Competency Exams and Student Reference Guides – are 30 percent off. The sale ends January 31.

(Maxava) A blog on the importance of running on supported IBM hardware and operating systems.

(CTXiUG) The Central Texas IBM i User Group is looking for speakers for 2023. Meetings are scheduled in: January, March, May, July, September, and November. All meetings are online. If you are interested in presenting, contact Simon Hutchinson.

(iTech) Looking for a new podcast? The latest iPower Hour discusses what the end of support for IBM i 7.3 means.

(iChime) Take a listen to Charlie Guarino’s latest podcast discussion, “Software is Everyone’s Business,” with Alan Seiden.

Chats, Webinars, Seminars, Shows, and Other Happenings

December 13 – Webinar – Learn how to save hundreds of hours per year by automating backup operations. We’ll demonstrate how to make backups hands-free by integrating virtual tape for backup and recovery of IBM Power Systems. This free 30-minute live online event includes a live technical demonstration of ViTL, a virtual tape and tape library solution created specifically for IBM i systems (including AIX and Linux) to streamline and strengthen your backup process.

December 14 – Webinar – Learn how to start transforming your code into totally freeform RPG during this free webinar: “Transform your way to Next Gen IBM i Apps in Phases – Start with your RPG!”

December 15 – Milwaukee, Wisconsin – Join the Wisconsin Midrange Computer Professional Association (WMPCA) for its monthly dinner meeting. The December speakers are Tim Rowe and Scott Forstie.

March 14-16, 2023 – Delavan, Wisconsin – The Wisconsin Midrange Computer Professional Association (WMCPA) will be having its annual Spring technical conference in-person at Lake Lawn Resort in 2023.

March 24-27, 2023 – Denver, Colorado – Save the date for COMMON’s POWERUP 2023, which will be held at Sheraton Denver Downtown.

Tags: Tags: FHM, Four Hundred Monitor, IBM i

IBM Publishes Power10 Performance Optimize Guide

December 7, 2022

Alex Woodie

IBM i shops looking to squeeze the most performance out of their Power10 servers have a lot of options available at their disposal. IBM covers many, if not all, of them in its latest performance paper, titled “IBM Power10 performance optimization for IBM i,” which it released last week.

The Power10 is the most powerful processor IBM ever built. Compared to the Power9 processor, the Power10 delivers 20 percent to 30 percent higher performance per core. And with 25 percent more cores per socket, that means oodles of more processing power to do useful work.

At a system level, the Power E1080 offers 1.5 to 1.6 times more capacity than a Power E980 that’s comparably equipped (except for those speedy new Power10 processors, of course). With so much raw processing power on tap, the Power10 processor is ready to gobble up customer workloads.

Not all workloads are equal, of course. Greenscreen 5250 applications are notoriously skimpy when it comes to demands on the system, and a new Power10 server, even an entry-level system, may be overkill for some customers. However, enterprises that are adopting Java or the latest Web languages that run in PASE – or are training machine learning models – may find themselves hitting performance limits, leading to a need to optimize application performance.

IBM covers a wide array of IBM i optimization techniques for Power10 in its 21-page report, which is available as a PDF here.

For example, there is program profiling, an advanced optimization technique to reorder procedures or code within procedures, and advanced argument optimization, which can make procedure calls run faster. Interprocedural analysis is another option available to some, as well as converting 16-byte pointers to 8-byte pointers when compiling C and C++ code.

IBM also discusses adaptive code generation (ACG), which is a technology that allows users to take advantage of all the processor features on their systems, “regardless of whether those features are present on other system models that are supported by the same release,” IBM says.

All ILE programs are activated under what’s called an “activation group,” which is a substructure of jobs that contains the resources needed to run the programs. There are differences in the type of activation groups, including ones that can run either in single-level storage or teraspace storage (which varies the degree of program isolation and protection from accidental access for those programs.)

IBM says users should create new activation groups only when “absolutely required.” If a new activation group is not absolutely required, IBM recommends using an existing named activation group, which “allows the program to reuse the resources that are already allocated instead of rebuilding the environment.”

IBM’s paper also includes a section on optimizing applications for PASE, the AIX runtime that is increasingly used to run applications written in languages like Node.js, PHP, and Python, as well as Java. The main options facing the intrepid PASE user is whether to use the AIX compilers, as supplied by IBM, or to use the GCC compilers from the open source community.

Java is notorious for having a hefty runtime and for slow application performance, on IBM i and just about every other operating system it runs under. IBM has a few tips and techniques ready for improving Java performance on IBM i, including using a just-in-time compiler and being really, really careful about garbage collection.

The Db2 for i database can also be tuned to improve application performance (or rather, the applications can be tweaked to get the most out of Db2). IBM has several suggestions, including using the Db2 for IBM i Health Center to capture information about a user’s database, such as the total number of objects, the size limits of selected objects, the design limits of selected objects, environmental limits, and activity level.

IBM i users can also gather data using the Database Monitor, which collects data about individual queries in real time and stores it in an output table. This information can help the user determine if the queries are performing well or if they need some fine-tuning. If there is a Db2 performance issue, the user might want to fire up the SQL Performance Center to get more detailed information about the queries.

The Db2 database comes with a bunch of self-optimization built in. One of those is the Index Advisor, which will analyze how queries are running and automatically determine if a performance index would improvement performance. The SQL Plan Cache can also provide information about the SQL Query Engine (SQE), and is available through IBM i Access Client Solutions (ACS).

Another ACS-resident tool is Visual Explain, a tool that lets you see information about both static and dynamic SQL statements. The Query Supervisor is another fixture in the database, and can detect when queries executed by the SQE are running well. If performance thresholds are exceeded, it can trigger an exit program (such as for automatically killing the query). There’s also the Predictive Query Governor, which can stop a query even before it gets going if it estimates it’s going to take too long or consume too many resources.

Some database queries may benefit from parallelization, while others will just consume more resources that way (which is why IBM recommends using these features selectively). Parallel I/O and Db2 Symmetric Multiprocessing (SMP) are both available at no charge.

IBM shares a variety of tips for optimizing database performance, such as avoiding use of “live” data (as opposed to using data copied from the database) and minimizing use of open data path (ODP) operations. Use of the “optimize” clause can also help in some situations, including using specific “fetch” and “insert” statements.

Have object names that are more than 30 characters? Consider shrinking them beneath that limit to improve performance, IBM says. Also, learn to use IBM i Wait Accounting, which can help IBM i users understand what tasks or threads are responsible for those long, uncomfortable waits.

Finally, IBM recommends using Performance Data Investigator (PDI), which is a part of IBM Navigator for i and provides a GUI for tracking long-term trends among the various data collection mechanisms, including Collection Services, IBM i Job Watcher, IBM i Disk Watcher, and Performance Explorer.

There is also iDoctor, which is a Windows-based suite of performance tools that can be used with the above-mentioned data collection mechanisms in addition to a few others, including PEX, SQL Plan Cache Snapshots as well as data from HMC, VIOS, AIX, and Linux.

“IBM i is an industry leader in performance management and has many qualities that are not found in other systems, including unparalleled performance metrics, always on collection services, and graphical viewing of performance data,” IBM states in its report. “While understanding all the different processes that affect system performance can be challenging and resolving performance problems requires the effective use of a large suite of tools, the functions offered by IBM i are intended to make this job easier for users.”

RELATED STORIES

A Few More Power Systems Updates Before 2022 Ends

The Power10 Machines That Will Take IBM i To 2025

Watson-Inspired Pattern Matching Drives IBM i Performance Breakthrough

GiAPA Tackles IBM i Performance Bottlenecks

IBM i Performance Secrets Revealed

IBM Welcomes COMMON Advisory Councils to Rochester

December 7, 2022

Alex Woodie

One of the hallmarks of a good company is listening to customers. A company may not do everything that its customers wish, but it must show that it’s listening to maintain the relationship. This dynamic was in play during an IBM i meeting that took place last month in Rochester, Minnesota, between IBM and the advisory councils for both COMMON North America and COMMON Europe.

The three-day meeting that took place November 14 through 16 involved a handful of members from the COMMON Americas Advisory Council (CAAC) as well as the COMMON Europe Advisory Council (CEAC). Both advisory councils had about a dozen members attending, with some CEAC members coming in via Zoom. From the IBM side were Dave Nelson, director of IBM i development; IBM i CTO and Distinguished Engineer Steve Will; IBM i Product Manager Alison Butterill, and other product owners.

While the meeting was not open to the press and the specific discussions were confidential, IBM was kind enough to provide IT Jungle with a rough summary of what was talked about at the CAAC/CEAC meeting, which is the first joint meeting involving these two advisory groups since 2019.

There are basically two orders of business at meetings like this. First, IBM gives an update on the state of IBM i today and the roadmap. Then, the advisory councils provide input to IBM on the types of things they would like to see in the operating system or the platform. The advisory councils also share information about IBM i functionality that COMMON members would like to see implemented by IBM into the platform. These used to be called requests for enhancements (RFEs) and are now formally called “Ideas” by IBM.

At this particular meeting, after providing the roadmap to the CAA/CEAC members, IBM drilled down on specific areas of the platform. It talked about systems management, including the future of Navigator for i (“New Nav”) and Access Client Solutions (ACS). It also talked about how IBM i can work with third-party tools, according to a summary provided by Will.

The database is the beating heart of the IBM i platform, so it’s no surprise that Db2 for i was brought up. There was a specific focus on the new Watson geospatial capabilities that IBM recently released with IBM i 7.5 TR1 and 7.4 TR7. Db2 Mirror, the continuous availability solution that runs off Db2, was also discussed.

Application development was another topic of discussion, according to IBM, with both traditional (i.e., ILE) and open source (i.e., PASE runtimes) being discussed. IBM i Merlin, the new containerized vehicle for Web-based development and DevOps on IBM i, also made an appearance.

Last but definitely not least was security, which has been a focus of IBM in recent releases, particularly in IBM i 7.5. Members of the COMMON councils were given a preview of an enhancement that is in the works for the next major release of the operating system. What exactly is it? Well, IBM isn’t telling.

But the hush-hush security update definitely got the attention of CEAC board member Steve Bradshaw, the IBM i Champion from the UK who was in attendance at the snowy Southern Minnesota shindig on behalf of the CEAC.

“I can’t tell you what we’ve been talking about,” Bradshaw affirmed in a video posted to the YouTube. “I think I am allowed to say we’ve been focusing more on security. And I didn’t think I was going to be able to say that, because we put so much in 7.5 for security. But if security is your thing, then you’re going to be delighted with what’s coming next.”

Security has become something of a thing for many an IBM i shop, who have been living with deteriorating cybersecurity conditions for years, even before the ransomware epidemic hit critical new heights in 2021. For five straight years, security was the chief concern among respondents to HelpSystems IBM i Marketplace Study (HelpSystems recently changed its name to Fortra).

That security message is bubbling up the chain to IBM i brass, like Ian Jarman, the former IBM i product manager who is now the CTO of Technology Services (formerly Lab Services), who declared nearly two years ago that he was “alarmed” by the poor security postures of IBM i systems.

What exactly the IBM i engineers in Rochester, Austin, Toronto, and Shanghai have up their security sleeves will have to wait until IBM is ready to spill the beans (possibly in a version eight of the ohh-ess, and possibly early next year). In any case, this whole case of give-and-take between IBM decision makers and IBM i customers is a working example of how Big Blue likes to do business: Customers share their concerns, IBM listens, and a solution is hammered out.

This new-feature engine has been running well the past few years. IBM says that, between the delivery of IBM i 7.4 in the spring of 2019 GA and the delivery of IBM i 7.5 in the spring of 2022, 499 Ideas (formerly RFEs) were implemented in IBM i. “And the Advisory Councils saw every one of them,” IBM says. Since 7.5 shipped earlier this year, IBM has delivered 128 more Ideas, and the councils were again heavily involved. In fact, it championed many of them, according to IBM.

IBM and the COMMON organizations (Europe and NA) are hoping to boost the visibility of the advisory role of that the CAAC and the CEAC play in determining the future of the platform. If this role in coming up with Ideas was more clearly visible to the general IBM i public, the thinking goes, then perhaps more members of the IBM i community will get involved.

If this were to happen, it would benefit everyone in the IBM i community. But there’s a certain sector of the IBM i market that is especially important to represent: small and midsized businesses. SMBs make up the vast bulk of the individual members of the worldwide IBM i community, but they don’t often speak with a united voice.

The community of large IBM i users already has a sponsor: the Large User Group. IBM hosts LUG members in Rochester and collects their thoughts and concerns in much the same way that it does for CAAC and CEAC. But the concerns of large IBM i shops don’t always jibe with those of the SMB community, which is one reason why IBM and the COMMON organizations are looking to shine the light on the role that CAAC and CEAC play (for what it’s worth, the LUG is also looking to expand its reach, too.)

The best part of the recent Rochester meeting was having both advisory councils there, according to Will, who was named a distinguished engineer earlier this year.

“It was amazing how they fed off each other,” Will said in the video that Bradshaw posted to YouTube. “The partners who were in the room from the U.S. and Europe have similar things but different things, so they have that feedback that feeds off one another . . . . It’s been great to have that synergy together across the advisory councils.”

RELATED STORIES

Inside IBM i’s New Geospatial Functions For Db2

IBM Unveils Fall 2022 Tech Refreshes for IBM i

IBM Delivers More Out-of-the-Box Security with IBM i 7.5

Why Steve Will’s Promotions Are A Big Deal For IBM i

LUG Looks to Grow Membership

‘Alarming’ Security Gaps Exposed in IBM i Marketplace Report

Security Still the Top Concern as Privacy Regs Loom