Monday, August 19, 2019

Track API key usage by combining IBM Cloud IAM and LogDNA search

Which key is still in use...?
Recently, I blogged about tracking account activity from the command line. I showed you how to search IBM Cloud Activity Tracker with LogDNA records using a Python script. Today, I discuss how to combine the IAM Identity Services API with the LogDNA search to track usage of API keys. The goal is to find out whether API keys for a user or service ID were recently used. If they were not used for long, they might be up for deletion.

Offboarding on IBM Cloud: Considerations when removing a user

Only authorized persons have access
Over my past blog posts I have looked into how to rotate credentials in different compute environments. I looked at Cloud Foundry on IBM Cloud, Cloud Functions and Kubernetes. The background is that I wanted to understand what it takes to maintain security during the regular DevSecOps cycles and when someone in the team leaves. The latter often is called offboarding.

Monday, August 12, 2019

Get some REST with Db2

Db2 has a REST API
Many of the IBM Cloud services have a REST API, an overview of REST APIs is here in the IBM Cloud docs. Recently, I realized that I had not yet tried the Db2 on Cloud API and the API for Db2 Warehouse on Cloud. Thus, last Friday I took some time to test out some code using one of my Db2 instances on IBM Cloud. Here is what you need to get started....

Wednesday, August 7, 2019

Track it from the command line: Search audit events in LogDNA using Python

Take a look at security logs
Earlier this year, IBM and LogDNA announced an integrated offering Activity Tracker with LogDNA. It allows to manage and search activity events in LogDNA instances on IBM Cloud. There are IAM, account management and all kinds of service instance events that can be tracked. Viewing the events is typically done in the LogDNA UI. I, however, want to perform searches on the command line and integrate it with Cloud Functions. In this article, I discuss the small tool that I wrote the search the activity logs and export them.

Thursday, August 1, 2019

Use a Delivery Pipeline to rotate credentials

Job in Delivery Pipeline to rotate keys
In my recent posts I touched on updating credentials for solutions deployed on IBM Cloud Functions or using Cloud Foundry on IBM Cloud. Today, I am showing you how to rotate API keys and passwords for a containerized solution on IBM Kubernetes Service that makes use of a delivery pipeline (devops). I am going to use the app discussed in the tutorial on how to apply end to end security to a cloud application.

Thursday, July 18, 2019

Rotate service credentials for Cloud Foundry apps on IBM Cloud

Keep your cloud environment secure
A popular PaaS (Platform as a service) technology is Cloud Foundry. On IBM Cloud, it is available both as public Cloud Foundry instances in multiple regions as well as Cloud Foundry Enterprise Environment (CFEE). Using Cloud Foundry for app development and production has many benefits. Personally, I like the ease of use and how services can be integrated with apps. When you search for my older Bluemix-related blog entries, you will notice that I had (and still have) fun using Cloud Foundry, including my attempts to catch a chocolate thief or testing the hybrid world early on. Similar to my recent blog on rotating credentials when working with IBM Cloud Functions, today, I want to discuss how to bind services and rotate their credentials in a Cloud Foundry environment.

Wednesday, July 17, 2019

Rotating service credentials for IBM Cloud Functions

Keep your service keys secret
If you have followed some of my work, you know that I use IBM Cloud Functions, i.e., a serverless approach, for many projects. The tutorials with a database-driven (Db2-backed) Slackbot and the GitHub traffic analytics are such examples. In this blog post, I want to detail some of the security-related aspects. This includes how to share service credentials (think of a database username and password) with a cloud function and how to rotate the credentials.

Friday, June 28, 2019

New! Db2 11.5 is available

Db2 11.5 is available
A quick post to inform you that Db2 11.5 has been released. Check out the What's New for Db2 Version 11.5 GA section in the Db2 Knowledge Center. You can download the GA version from the regular Download Db2 Fix Packs by Version site.

With a new release I typically go over the What's changed documentation to look for changes to registry variables, system views and deprecated functionality.

So much for the quick update. If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.

Wednesday, June 12, 2019

After IDUG is before IDUG: Back from Db2 conference in Charlotte, NC

Last week the IDUG NA 2019 was held in Charlotte, NC. It featured 8 parallel tracks dedicated to Db2 for z/OS and Db2 for LUW and emerging technologies. In addition, two tracks for hands-on labs and workshops were offered. Personally, I delivered three presentations, moderated and attended sessions, and was active on Twitter. So what was on? Continue after the snap of Twitter photos from last week.
Twitter photo feed from IDUG NA 2019

Tuesday, May 7, 2019

Cloud-based FIPS 140-2 Level 4 crypto service

Locks, keys, and data security
Yesterday, I got my hands on a FIPS 140-2 Level 4 cloud-based crypto service. If you are asking "what's that and what can I do with it?" you should continue to read. It is a dedicated HSM (Hardware Security Module) to manage encryption keys and offered as IBM Hyper Protect Crypto Services on IBM Cloud (HPCS). Here is what I learned while using the service.

Friday, May 3, 2019

Your chatbot with Watson Discovery News

Some months back I introduced you to a barebone news chatbot. Today, with the updated tutorial to build a database-driven chatbot in place, I want to show you how to easily combine Watson Assistant with Watson Discovery. Watson Assistant already provides steps to deploy an integrated search skill which is based on Watson Discovery. My approach is similar to the database integration: Deploy a cloud function and invoke it from the dialog.

Saturday, April 27, 2019

Db2: SQL-based explain and printed acccess plan

Vote for this Db2 idea
This Friday in Munich, I gave a talk about the new native JSON functions in Db2 at the German Db2 user group (DeDUG) meeting. To speed up queries and to enforce uniqueness or some structural rules, Db2 functional indexes can be used with the new JSON_VALUE. As usual for some prototyping, I utilized a Jupyter Notebook for my presentation. Now, how to demonstrate that indexes are really used? Show the access plan! But how in a notebook?

Wednesday, April 24, 2019

Updated tutorial: Database-driven chatbot

If you want to build a chatbot that gets its content from a database, there is a good news. The existing tutorial “Build a database-driven Slackbot” was just updated to adapt to latest features of IBM Watson Assistant. First, define a skill that reaches out to a database service like Db2. Thereafter, use the built-in integrations to easily tie in the assistant with Slack, Facebook Messenger, embed the chatbot into your own application or use the WordPress plugin.

Architecture of database-driven chatbot

Monday, March 25, 2019

Running Db2 Developer-C as Docker container

Container: Db2 the easy way
Last week I wanted to start testing some new Db2 features without going through the steps of installing that Db2 version. I turned to my local Docker installation, issued a single command and had Db2 up and running. Quite interesting, that command downloaded Db2, installed it, created a sample database. Here are the details.

Db2 Developer-C Edition as Docker Image

IBM provides a free Db2 edition, Db2 Developer-C Edition. It can be installed and used as Docker container, see here the Db2 Developer-C Edition in the Docker store. Once you have added it to your basket and checked out, you can download it and get information about how to configure it. Basically, only few values need to be set in an environment file (see db2_env_list below).

After adapting the environment file, I invoke the script (with a single command) to run Db2 on docker. If not downloaded yet, it obtains the container image, starts it, sets it up:

docker run -h db2server_ --name db2server --detach \
--privileged=true \
-p 50000:50000 -p 55000:55000 \
--env-file db2_env_list \
-v /home/hloeser/progs/db2:/database \

Thereafter, I can connect to Db2 using the usual tools and SDKs.

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.

Monday, February 25, 2019

Digital ethics, trusted AI and IBM

Last week I gave a talk followed by a discussion at a university. The presentation was about the current state of Artificial Intelligence (AI) and AI research topics. A good chunk of the discussion was dedicated to fairness, trust and digital ethics. In the following, I am sharing some of the related links.

IBM Research has a site dedicated to  AI. On that, a section provides insight into topics on what they call Trusted AI. On the main IBM site is also a portal Trusted AI for Business, providing an introduction and overview for the non-research crowd. If you are interested and want to try out and learn about few problems hands-on, I recommend these links:

IBM experts are part of many public panels, workgroups and commissions. In Germany, there is the Enquete-Kommission "K√ľnstliche Intelligenz - Gesellschaftliche Verantwortung und wirtschafliche, soziale und √∂kologische Potenziale". On the European level, it is the EU High-Level Expert Group on Artificial Intelligence.

Finally, as a showcase of current AI capabilities, I recommend this video of IBM Project Debater and the live debate at Think 2019. A short video explains how Project Debater works:

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.

Friday, February 8, 2019

Startup lessons from a Fuckup Night

Last Wednesday, I attended the Fuckup Night Friedrichshafen Vol. II. If you don't know, Fuckup Nights is a global movement and event series dedicated to professional failures. That is, usually founders of failed startups tell their stories. Typically, it is a mix of funny adventures into the world of business, some sad parts and most importantly some lessons learned. So what were the lessons I took away? Read on...

Thursday, January 31, 2019

Enterprise digitalization and cybersecurity: How companies struggle

Cybersecurity Workshop at Zeppelin University
Last Friday, 25.01.2019, I attended the Cybersecurity workshop of the "Bodensee Innovationscluster Digitaler Wandel" (digitalization). The innovation cluster is organized by the Zeppelin University in Friedrichshafen. It tries to bring together companies from the wider Lake Constance region that are impacted by digitalization. The researchers have identified four topics that will be addressed:

Monday, January 21, 2019

Hello again, Davos, AI ethics, cybersecurity, Db2 events and IBM Cloud

Hello, here I am again after a while. I hope you had a good start into 2019. I enjoyed being offline for a while, then got busy with not much time to blog. So, here is a roundup of things going on.