News on IBM Cloud and Db2 - December 2017 Edition

Another month and a lot of news

In the middle of November I reported about significant changes to Bluemix and IBM's cloud offerings. A month has passed and I want to give you an update to some news I am excited about.

I try to regularly read over the "What's in IBM Cloud" section in the IBM Cloud documentation. There were two significant announcements.

• The new Resource Groups allow simpler management of all what is in your account (a.k.a. "resources"). You can now group apps, services, virtual machines, Kubernetes-based container services and more and easily assign access privileges.
• With the introduction of the Resource Groups also came the IBM Cloud Identity and Access Management. It facilitates fine-grained access control utilizing API keys, service IDs and more.

The two above should keep you busy, but there is more. If you are a Db2 afficionado like I, then you probably have subscribed to the "What's New in IBM Db2 Warehouse on Cloud, IBM Db2 Warehouse, and IBM Db2 on Cloud". Did you know that MySQL and PostgreSQL are now available in the web console as data sources for federation? That makes it easy to access data coming from a LAMP stack.

As you might know, I am using and write about the IBM Watson Conversation service. What I liked from their "Release Notes" is a new beta feature to directly call actions from within a dialog node. IBM Cloud Functions are supported. I put that to a test and wrote a Slack bot backed by Watson Conversation that directly queries a Db2 database. I need to beautify the code and write it down (and submit it to IDUG).

I wrote a tutorial about how to generate, access and analyze application logs on IBM Cloud. You can find it in the Solution Tutorials as part of the IBM Cloud documentation.

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.

IBM Cloud: Some fun with Python and Cloud Foundry Logging

IBM Cloud: Turn Log Data into Donut

Last month, after receiving user questions, I blogged about how to decipher Cloud Foundry log entries. Today, I want to point you to a small Cloud Foundry Python app I wrote. It helps to better understand Python and Cloud Foundry logging. You can also use it to test the IBM Cloud Log Analysis service which provides an easy-to-use interface to logs generated by applications running in the IBM Cloud. In the premium plans, external log events can also be fed into the service for consolidated storage and analysis.

As usual, the code for my app is available on Github: https://github.com/data-henrik/application-log-analysis/. Once deployed to IBM Cloud, the app can be used to send messages on a chosen log level back to the server. The server-side log level, i.e., the threshold for processed log messages can also be set. The app produces diagnostic output on "stdout" and "stderr". The two are treated differently by Cloud Foundry. Here is a screenshot of the logging app:

Test app for Cloud Foundry logging

The produced log entries can also be used to try out the IBM Cloud Log Analysis service. Diagnostic logs are automatically forwarded to the Log Search of that service. The messages are fed into Elasticsearch and can be analyzed using Kibana. I wrote some search queries (one shown below) and then built visualizations like the shown "Donut" based on those queries. I will write more about that in a future blog post.

Search Query for Elasticsearch / IBM Cloud Log Analysis

An official tutorial using that app and Log Analysis is available in the IBM Cloud docs.

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.

Latest News on Bluemix and IBM Cloud

IBM Cloud News

Sometimes it's quite hard to keep an overview of what is going on with the IBM Cloud. I had been out on vacation and needed to catch up. Want to learn with me? Here is some of the latest news for Bluemix and IBM Cloud for some weekend reading:

• IBM Cloud is the new name for the former IBM Bluemix offering. It combines the Platform- (PaaS), Infrastructure- (IaaS), Function- (FaaS) and Software-as-a-Service (SaaS) offerings under the new, simple name: "The IBM Cloud is the cloud for the enterprise. Yours."
• IBM announced the roll-out of a new support model and enhanced capabilities for IBM Cloud, giving clients full control over their data. Support will be provided be EU-based staff.
• A new, enhanced version of IBM Cloud Private is available. It allows to run Kubernetes-based containers, Cloud Foundry apps and much more in your data center and enables the journey to cloud.
• A new IBM Cloud support portal has been made available. It serves as a single entry point for anything related to the cloud services, regardless whether it is public, dedicated or private cloud.
• A new tutorial section has been introduced in the documentation for IBM Cloud. They help developers get to know services and tools together to build, deploy and scale real world solutions. Read more about the tutorials in this blog.

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.

EU Cloud: IBM gives client full control over their data

IBM Cloud: Have full control over your data

Today, IBM announced for December the roll-out of a new support model and capabilities for IBM Cloud. Based on the announcement IBM is in the process of adding more EU-based staff to provide 24x7 support from within the EU. It is also providing enhanced encryption capabilities. All is done to give clients full control over their data and to be better positioned to meet the requirements of the EU General Data Protection Regulation (GDPR). The IBM Cloud in Frankfurt, Germany, is the first to feature the enhancements. Quite exciting news as German, as European, as cloud user.

In my spare time, I am teaching "Introduction to Data Management" at a cooperative state university. I tell the students that, today, data is the / a core asset of any business. It is a critical resource that needs to be protected and managed with care. Hence, putting data security at the core of platform design is important. The blog "Why a data-first approach is critical to designing and building secure cloud services" gives a great introduction into what needs to be considered for building a secure cloud platform. It touches everything from the isolation and encryption of resources and access control to monitoring, audit and governance. I covered some of the same aspects in my blog "Securing Workloads on IBM Cloud".


That's all for now. I can't wait to give a test drive once it is available. If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.

Cloud Foundry Logging Sources Deciphered

Ever deployed a cloud foundry app and ran into errors? I did and still do. My typical reaction is to request the recent app logs and to analyse them for the root cause. The logs contain those strange (if you don't know them) codes, e.g., RTR, STG, APP, PROC, WEB or more. Here is how to decipher them and use them to your advantage.

Happy Cloud Debugging

The codes above denote the Cloud Foundry component emitting the log entry. You can find a list of those component identifiers in the Cloud Foundry documentation or in the IBM Cloud (Bluemix) documentation on Log Sources. There are many component names. I found that remembering the following helps a lot:

• RTR: This is the router which channels HTTP requests to an app. Here you find information about the request itself including client information.
• STG: The staging phase has details about the deployment and restaging of an app. They help with initial errors.
• APP: If your app writes information to stderr or stdout, then you will find it here. For some apps this could be the well-known "printf debugging".

The log entries have either an OUT if the information is from stdout or ERR if from stderr. Else there is not much to remember. Happy Debugging. If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.

Use Db2 as Cloud SQL Database with Python

Load Data into IBM Db2 on Cloud

Over the Summer I learned that Python is top in the IEEE programming languages ranking. It is also my favorite language for quickly coding tools, web apps and analyzing data with notebooks (e.g., on IBM Data Science Experience). Did you know that IBM provides four (4) different Db2 drivers for Python? There is a driver with the native Db2 API, one that supports the official Python DBI (database interface), one for the popular SQLAlchemy Python SQL Toolkit, and for the Python-based Django Web Framework. In an older blog I showed you how to use SQLAlchemy with Db2. Today, I am going to demonstrate you how simple it is to create a SQL database-backed web app in the IBM Cloud, utilizing the native Db2 API.

Security-Related News for the IBM Bluemix Cloud Platform

Security News

I have been traveling, spoken at a conference about database and cloud security and busy with behind-the-scenes work. Before going into the weekend I wanted to point you to some exciting news around services on the IBM Bluemix Cloud Platform. Are you ready for it? Here we go...

• If not done so, I strongly recommend to read about the new features in the IBM Cloud Identity & Access Management (IAM). It is now possible to use special service IDs. Using personal IDs is no longer needed. There are also changes in managing access by granting roles and how API keys can be used. Read it, and more importantly, try it out.
• I am a user of the IBM Watson cognitive services of Bluemix and have several service instances in the Frankfurt, Germany, data center. Great to see security enhancements, especially for EU citizens, for some Watson cognitive services. Have you deployed services to Frankfurt?
• One of my latest blog posts was about securing apps by using the Application Security service. It is able performs dynamic and static code scans. Thus, I found this recent blog post interesting. It details how to use a private, on-premises Git repository for source code management together with the IBM Cloud-based DevOps services. This way on-prem security scans, code analysis and other methods can be applied to improve code quality and security.

That's it for now, enjoy the weekend!

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.

App Security Scanner: My Cloud Database App is Secure

Cloud Application Security

Over the past years I have written a couple cloud-based apps. Most of them have a database backened. I know - to a good degree - how to secure the database system. I have some background in secure software engineering. And I trust the cloud providers like IBM to secure the platform and runtime environment. Today, I wanted to get feedback on the overall web app security and tested the Application Security on Cloud service offered in the IBM Cloud Platform. Here is what I did and the results.

2017 IDUG Db2 Tech Conference in Lisbon, Portugal

IDUG EMEA 2017 Conference

The EMEA edition of the IDUG Db2 Tech Conference is around the corner, staring the coming Sunday. I am going to talk about Db2 Security on Monday, October 2nd, in session D2 and give a guided tour of the Db2 Catalog on Thursday, October 5th, in session E18. In addition, you can find me on the expert panel for the application development track on Wednesday. What other session do I recommend or plan to visit? Here we go...

Db2 with External Tables: First Tests

External Tables - New in Db2

Db2 Warehouse recently added a new feature named external table. Because I was interested in that feature for a while and I have an instance of Db2 Warehouse on Cloud running in the IBM Cloud datacenter in Frankfurt, Germany, I performed some quick tests. Here is what it is and how I got it to work.

Combining Db2 and Cloud Object Storage

Db2 and Cloud Storage
happily combined

Since a while, Db2 has built-in support to directly access Cloud Object Storage (COS) like Amazon S3 and IBM COS (Softlayer / IBM Bluemix IaaS). It allows to perform backups (and restores :) as well as data load operations to and from the cloud. Phil Nelson wrote an excellent overview and introduction on the IDUG blog with his examples focussed on S3. Thus, in the following I am going to mostly cover Db2 using the IBM Cloud Object Storage and fill in some additional details.

Secure Your Db2 Data Base - Using Trusted Contexts

Db2 Security - Trusted Context

You have that new app, maybe even in the cloud, with that user needing read and write access to the database? Don't want to open the floodgates for that favorite users? Ok, here is a way to secure your Db2 data and still provide that access. Even if that sounds impossible, trust me. And, I am going to put that "trust me" in context. Read on.

Introduction to Cloud App Security - Part 1

Security for Cloud Apps

Providing a secure app or application is a fundamental requirement. This is especially true in a cloud environment. In my post about “Securing Workloads on the IBM Cloud” I discussed the various layers that realize secure cloud computing. Today, I want to focus solely on apps that are built for deployment in the IBM Cloud. What makes up a secure app? What cloud services help establishing app security? Let’s take a look together.

Note that this is part 1 of 2. Part 2 is linked at the bottom.

Introduction to Cloud App Security - Part 2

(This is a continuation from part 1 of this introduction to Cloud App Security.)
Providing a secure app or application is a fundamental requirement. This is especially true in a cloud environment. In my post about “Securing Workloads on the IBM Cloud” I discussed the various layers that realize secure cloud computing. Today, I want to focus solely on apps that are built for deployment in the IBM Cloud. What makes up a secure app? What cloud services help establishing app security? Let’s take a look together.

App Security Services

To focus on the application logic, the functionality and business side, developers can delegate or “outsource” some of security tasks. Here is a non-exhaustive list of services that the IBM Cloud with the Bluemix platform provides. I am going to use the list of security topics from above:

Db2 Quiz: Oh what files!?

Today, it is time for another Db2-related quiz. Take a look at the screenshot below. What do you see, what is it?

Db2 Quiz

Need a hint? The quiz is related to my upcoming presentations at the IDUG and DB2 Aktuell conferences.

Db2 Catalog - A Guided Tour

The title of this blog entry is how I have named a new presentation I am currently preparing. It hope that this tour will provide fun and many useful insights into understanding the Db2 catalog and make better use of it.

New data for the Db2 Catalog?!

What is an empty database? How did the entries for system tables make it into the system tables? What are packed descriptors? How can I simulate small or big data sets? Is it possible to call the catalog "data dictionary" and access it in the Oracle style? How does the Db2 Catalog relate to SQL performance and data security?

Chatbots: Testing Contexts

Watson Conversation Tool in action

Some weeks ago I blogged about a tool I wrote for the IBM Watson Conversation Service (WCS). It allows you to manage your conversation workspaces from the command line and to test dialogs. Yesterday, I added a new feature to it that helps me (and you) to examine and modify the dialog context. Here is how you can test contexts with my watson conversation tool.

Best practices for lively chatbots

TJBot as lively chatbot

More and more chatbots are being developed and there are good reasons for it. Not all chatbot projects succeed. Often, missing user acceptance is stated. The dialog system might not have hit the nerve, might not have fitted into the target environment. Would you talk with a friend who does not remember your name is repeating the same five phrases over and over again? I would not. So what can be done to make chatbots more lively, more human-like? Here are some best practices and ideas on how to implement them.

Introduction

I started my series on chatbots with lessons and tips from a chatbot hackathon. In that blog I focused on general aspects of building dialogs and designing a conversation system. The language needs to fit the audience. It is something we will look at again today. In a recent blog post I shared tips and tricks for building chatbots. It is possible to carry context throughout a conversation and embed conditions and advanced expressions into the dialog flow and single reponses. We will use that to implement some of the best practices found below. Building lively chatbots could also mean to give the bot a face. The open source project TJBot (pictured) is an example for that. The TJBot can listen, speak and see, give additional feedback and interact through its arm and its light. We won’t cover those aspects, e.g., hardware design or user interfaces, in this blog entry.

IBM Marketing and DB2, Db2 and dashDB

IBM Cloud with Bluemix: DB2, Db2, dashDB

This week I am going to acknowledge that I have been with IBM for 16 years. Looking back, everything might seem brighter and better than it was. However, I remember working in great teams, interesting and challenging projects, many successes and some failures to learn from, and the constant changes. During the time with IBM I got used to those many changes to product names, the constant rebranding. When I first heard about a change to DB2 that was announced last week, I scratched my head and moved on. The product itself does not change, it's a name.

Here are some of the changes, see the Db2 website for details:

• DB2 for Linux, UNIX, and Windows (DB2 LUW) is now names just "Db2".
• DB2 for z/OS is "Db2 for z/OS".
• dashDB TX (dashDB for Transactions) is referred to as "Db2 on Cloud". It reflects that it basically was and is a fully managed Db2 (LUW) database system.
• The former "IBM DB2 on Cloud", the cloud-hosted version of DB2 LUW, is now named "Db2 Hosted" to correctly imply what it is.

To keep you mentally flexible and to stimulate your brain cells, the uppercase B in "DB2" is now lowercase. "Db2" is what you will see more and more on the outside. But the product itself, as stated above, will remain "DB2". Therefore, you don't have to rewrite your test procedures. And if you have to prepare slides, e.g. for one of the upcoming IDUG conferences, there is one benefit with the new naming: Autocorrect is correct now...

A great Summer and a sane week!

More Tips and Tricks for Building Chatbots

Chatbot Architecture

You build your first chatbot and it is working ok. Did you know that you can make chatbots even more interactive? That you can access conversation metadata and application variables inside the dialog nodes? You can even use predicates to tailor output to the usage scenario. As a follow up from our “Lessons and Tips from a Chatbot Hackathon“, let’s dig deeper into important features of the IBM Watson Conversation service on the IBM Cloud with Bluemix.

DB2 Security: Privilege(d) Insight

DB2 Security

Today's blog entry is about an old topic: Who I am, why I am and what I am (allowed) to do? Users and their privileges are at the core of database security. Information about them are stored in the IBM DB2 catalog (or IBM ashDB catalog) which can be queried. Thus, it is good to know your way around and being able to extract that information. Kind of as a reference for myself, here is a summary.

I already covered parts of this topic in the past:

• In 2012, I gave an introduction about where to find granted privileges in the catalog. It covers the catalog structure and links to key tables.
• In 2011, 2013 and recently, I discussed trusted contexts, surrogates and the session user as special form of granting privileges and switching identities. I started with a short explaination of trusted context. Next, this introduction covers the concept of surrogates and switching the userid via SET SESSIONUSER. As a follow-up, I looked into related catalog entries for trusted contexts and surrogates which are related to the task scheduler.
• Last year, I wrote about interesting administrative views and and table functions to list privileges. As an example I looked at implicit privileges through group membership.

What is important to know is how to extract the information from the catalog:

• The DB2 Knowledge Center provides a list of security-related views and routines.
• The same resource also has a discussion about gaining access to data through indirect means. It lists the catalog tables, but then many more options on how possibly data and related privileges can be accessed.

EgoBot: Fun with a Slightly Mutating ChatBot

Fun with the Bluemix EgoBot

Over the past day and evening I had some fun with a slightly mutating chatbot. The API for the IBM Watson Conversation service offers REST calls to query and change the workspace, the parts that make up a chat. So why not try writing a chatbot that is egocentric? A chatbot that answers questions about itself, that is happy as long as everything is related to itself? Well, let me tell you about this fun project I call EgoBot.

The EgoBot is at an early stage right now. It supports queries about some of its metadata and adding new intents. And it has both an English and a German version (does language change its character...?). You can see a sample session below.

Chatting with the Bluemix EgoBot

To find out more about this chatbot head over to the EgoBot GitHub repository. The bot is written in Python and has everything to get you started with either an English or German conversation. Let me know about your Friday fun.

How to Manage Bluemix Service Keys via CLI

You probably know that CLI stands for Command Line Interface. And you are aware that IBM Bluemix and Cloud Foundry offer a CLIs. Did you know that you can manage service keys from the command line? Adding new credentials, obtaining keys, and deleting service entries is really simple and fast. In the following, I will show you the commands and use my chatbot project and the IBM Watson Conversation service on Bluemix as example. And I will be using Bluemix in Frankfurt, Germany. So brace yourself for a quick tour through managing service keys from the command line.

Sample Session Managing Keys

Overview

With IBM Bluemix Cloud Foundry you have the choice of using either the Cloud Foundry CLI (“cf”) or the Bluemix CLI (“bluemix” or “bx”). The “bx” command has an option for the “cf” commands. Both CLIs can be downloaded from the same page in the Bluemix documentation. The CLIs have many options to manage apps, services, organizations, spaces, and much more. Both can also be extended through plugins. You can even write and integrate your own plugins. I would recommend using the Bluemix CLI because it offers more features, including a handy option to update itself. For the example I am going to use the Cloud Foundry CLI to demonstrate the general case.
Bluemix offers many services, big and small, in its catalog. Most of those service can be used by more than just a single user, a single app, and not just from within Bluemix. Therefore, creating several credentials for a service, so-called service keys, is essential to consuming a service. The keys can be managed from the browser-based Bluemix console or on the command line via CLI.

Manage Service Keys

Using the Cloud Foundry or Bluemix CLI, the first step is to login. As shown in my example, I am using the API endpoint for Bluemix Public in Frankfurt, Germany:

>> cf login -a api.eu-de.bluemix.net

I am prompted for my email address as username and the password. Depending on my account usage I might also need to select the organization and space I want to work with. As next step, I am looking for the instance of my IBM Watson Conversation service. This is used for my chatbots and I would like to create new credentials for some tests. The “services” command returns all services, on Unix systems “grep” helps to filter the result:

>> cf services | grep -i conversation Conversation-er conversation free hlred create succeeded

The name “Conversation-er” is the name of my Conversation service instance. Now I want to list the existing service keys. It can be done with the “service-keys” or “sk” command:

>> cf service-keys Conversation-er Getting keys for service instance Conversation-er as hloeser@de.ibm.com…
name Credentials-1

Only one service key labeled “Credentials-l” is present. To add new credentials I can use the “create-service-key” or “csk” parameter:

>> cf csk Conversation-er Conv-DE-user2 Creating service key Conv-DE-user2 for service instance Conversation-er as hloeser@de.ibm.com… OK

I chose the name “Conv-DE-user2” for the service key. Let’s see if it was added.

>> cf service-keys Conversation-er Getting keys for service instance Conversation-er as hloeser@de.ibm.com…
name Credentials-1 Conv-DE-user2

To take a look at the actual credentials, the “service-key” is the right option. It fetches the username, password and everything else making up the credentials. For IBM Watson services the gateway URL is part of it:

>> cf service-key Conversation-er Conv-DE-user2 Getting key Conv-DE-user2 for service instance Conversation-er as hloeser@de.ibm.com…
{  “password”: “BFyyHxxxGnO”,  “url”: “https://gateway-fra.watsonplatform.net/conversation/api”,  “username”: “ffffffff-458f-4111-9dd4-03xx610xxbxx” }

Existing service keys can be deleted with the “delete-service-key” or “dsk” command. Recreating keys is one way of implementing rotating passwords (credentials).

>> cf dsk Conversation-er Conv-DE-user2
Really delete the service key Conv-DE-user2?> yes Deleting key Conv-DE-user2 for service instance Conversation-er as hloeser@de.ibm.com… OK

Summary

As shown above, it is pretty simple to manage service keys from the command line.Both the Bluemix and Cloud Foundry CLIs can be used. But not only the credentials can be administrated from the command line. Create services, bind them to apps, request billing and usage information, and more. And, as mentioned above, you can even extend the functionality through plugins and create your own.

Note that this blog entry was first published at https://www.ibm.com/blogs/bluemix/2017/06/manage-bluemix-service-keys-via-cli/

DB2 Security Mysteries, Surrogates and Trusted Contexts

DB2 Security Question

Recently, I was contacted regarding an older blog entry discussing the DB2 security feature of surrogates. During an audit a strange entry was found in the catalog table SYSCAT.SURROGATEAUTHIDS. Whether I could take a look. So, let us take the security-themed tour through some DB2 catalog tables together.

What is the strange entry? In a new database, created as regular or restrictive database, the following entry is found. What does it mean and what is SYSATSCONTEXT (highlighted below)?

DB: HLTEST => select * from syscat.surrogateauthids

GRANTOR                                                                                                                          TRUSTEDID                                                                                                                        TRUSTEDIDTYPE SURROGATEAUTHID                                                                                                                  SURROGATEAUTHIDTYPE AUTHENTICATE CONTEXTROLE                                                                                                                      GRANT_TIME               
-------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------- ------------- -------------------------------------------------------------------------------------------------------------------------------- ------------------- ------------ -------------------------------------------------------------------------------------------------------------------------------- --------------------------
HLOESER                                                                                                                          SYSATSCONTEXT                                                                                                                    C             PUBLIC                                                                                                                           G                   N            -                                                                                                                                2016-10-18-18.08.20.374537

  1 record(s) selected.


The DB2 Knowledge Center provides an overview of all security-related catalog views. As can be seen, SURROGATEAUTHIS "lists the authorization IDs for which another authorization ID can act as a surrogate". The table is not mentioned in the document of default privileges granted on creating a new database. So let's go to the roadmap to catalog views and from there to the entry for SURROGATEAUTHIDS. SURROGATEAUTHIDS is found in the category of "protected tables".

The catalog entry above indicates that I, as database and instance owner, have granted something to "SYSATSCONTEXT" when the database was created. The TRUSTEDIDTYPE is "C" and means the record belongs to a trusted context. Thus, as next step, the catalog views SYSCAT.CONTEXTS and SYSCAT.CONTEXTATTRIBUTES should be visited:

DB: HLTEST => select * from syscat.contexts

CONTEXTNAME                                                                                                                      CONTEXTID   SYSTEMAUTHID                                                                                                                     DEFAULTCONTEXTROLE                                                                                                               CREATE_TIME                ALTER_TIME                 ENABLED AUDITPOLICYID AUDITPOLICYNAME                                                                                                                  AUDITEXCEPTIONENABLED REMARKS                                                                                                                                                                                                                                                      
-------------------------------------------------------------------------------------------------------------------------------- ----------- -------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------- -------------------------- -------------------------- ------- ------------- -------------------------------------------------------------------------------------------------------------------------------- --------------------- --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
SYSATSCONTEXT                                                                                                                            100 SYSATS                                                                                                                           -                                                                                                                                2016-10-18-18.08.20.374537 2016-10-18-18.08.20.374537 Y                   - -                                                                                                                                N                     -                                                                                                                                                                                                                                                            

  1 record(s) selected.

DB: HLTEST => select * from syscat.contextattributes

CONTEXTNAME                                                                                                                      ATTR_NAME                                                                                                                        ATTR_VALUE                                                                                                                       ATTR_OPTIONS                                                                                                                   
-------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------------------------
SYSATSCONTEXT                                                                                                                    ENCRYPTION                                                                                                                       NONE                                                                                                                             -                                                                                                                              

  1 record(s) selected.

The above entries show details for the trusted context. The "ATS" indicates it is part of the DB2 Administrative Task Scheduler. In a non-restrictive database, by default, any user could add a task to the scheduler. Those tasks are later executed as the specific user, i.e., using the authorization ID of that user. Hence, the trusted context is used. They allow to execute SQL statements on behalf of an user (see my old blog entry on "power of attorney and trusted contexts").

Conclusion: The strange catalog entry belongs to the infrastructure of the DB2 Administrative Task Scheduler and seems to be used run scheduled task on behalf of DB2 users.

Updates to Chatbot API and Tooling

Build Chatbots with IBM Bluemix

If you have been coding up your own chatbot using the IBM Watson Conversation service on IBM Bluemix, then you might be aware of the new features in Conversation API. Earlier this year I wrote a small tool to manage chatbot workspaces (read here the blog about the management tool). I updated the tool to the newest API version and added basic support for one of the new API functions.

You can now invoke my "Watson Conversation Tool" with the "-logs" parameter. It retrieves recent interactions, i.e., processed messages with all the details. The logs are great to see what's going on (of course), to understand why a specific response was generated by Watson Conversation and hence to improve a chatbot.

[henrik@mymachine] python wctool.py -logs -id "123123b8-123b-1234-a656-6dxx5a2xxf15"


{
  "pagination": {},
  "logs": [
    {
      "log_id": "fba37b8c-a4a8-4ec1-a2d0-7c361d24f441",
      "response_timestamp": "2017-05-24T08:02:20.882Z",
      "request": {
        "input": {
          "text": "@db2bm Was liegt heute an, wie wird das Wetter?"
        },

...

      "request_timestamp": "2017-05-24T08:02:18.494Z"
    }
  ]
}


The API allows to filter, sort and paginate the output. If you want that added to my tool, let me know by leaving feedback or opening an issue.

Chatbot Hackathon: Lessons Learned and Tips

Recently, I was a coach at a hackathon in Germany. Students were tasked to build solutions for a given topic and the solution had to include a chatbot based on the IBM Watson Conversation service. It was impressive how broad the solutions were, what other services were integrated with a chatbot and how easy it was to build a solution using IBM Bluemix. The following “lessons learned” and tips are from my work as coach. They hopefully help you design your own great chatbot.

Chatbots with IBM Watson

Lessons Learned

Hackathons are intense events and require sharp focus and quick decisions. They pack everything from finding the right idea (brainstorming), defining a solution, its users and development phases (using Design Thinking) to building a prototype / minimal viable product (MVP) and pitching it. The first lessons learned and tips deal with the conversation, the dialog, the language itself:

DB2 Easter Egg Quiz - Kind of

Are you ready for a new DB2 quiz? Here is a tricky question for you. It is about DB2 security, it is (kind of) hardware-related and deals with a relatively new DB2 feature. Curious...?

The following shows the output of a DB2 tool, shipped with your regular DB2 LUW these days:

Keystore Password:
Password successfully stashed to db2_pkcs11_pwd.sth
 
xxxxx completed sucessfully.


Have a clue? (The "xxxxx" is replacing the name of the db2 tool). If you know the answer, comment and also paste the link to the page in DB2 Knowledge Center describing that tool. I will publish the comments in the next few days.

Aero Expo, Drones and the IBM Cloud

The Aero Expo, the Global Show for General Aviation, is running in my hometown Friedrichshafen from today until the weekend. One of the expo and conference topics is drones of the future (AERODrones UAS Expo). Drones or UAV (Unmanned Aerial Vehicles) have been and are a hot topic for IBM and its customers. Let me give a brief overview of some interesting work where drones, artificial intelligence, analytics, database systems, Internet of Things (IoT) and the IBM Cloud come together.

The 10 Top Stories at April Fools' Day

Top 10 Stories

Today is April Fools' Day and many websites have made up funny and unbelievable stories. What are the best of them? What are practical jokes done online? Read on to find my collection of the best stories found on April Fools' Day.