OBS on Linux: Green screen and virtual camera for video conferencing

OBS Studio: My monkey enjoys the beach

Similar to many of you, part of my work and hobbies consists of video conferencing. For some time now, I have been using OBS Studio (Open Broadcaster Software) to create a virtual camera on my Linux system. Recently, I had to upgrade my kernel. It required to recompile some file and reminded me that I wanted to blog about it. As usual, this is how I remember all the interesting stuff. So what is needed to create a virtual camera with OBS Studio and can you use a green screen for some beach feeling like shown?

New Db2 V11.5 Mod Pack 5

During the currently ongoing virtual IDUG EMEA 2020 conference IBM released Mod Pack 5 for Db2 11.5. As it is with modification packs, it brings a long list of new features and enhancements to the current version of Db2. You can download this new release and other Db2 versions from the usual Db2 download page. As of this writing, the Db2 Docker image has not been updated.

Not just during Covid-19: Time for data masking

Facial data mask

If you follow common sense or health agency / government instructions, you probably wear at least a basic face mask when mingling with other people. Mostly, this is to protect others from your droplets, possibly with some virus-laden payload. If the mask is more advanced, it is capably of filtering out stuff that may harm you.

Similar to face mask, data masks have been around for a long time. Data masks and face masks share the same purpose, preventing leakage of damaging "tiny bits". In the database system Db2, data masking is already built-in. You only need to apply data masking by defining masks (styling and sewing your own mask) and enabling them (putting it own). Here is how.

IBM Cloud: Considerations for role and resource setup

Solution architecture

Here is a quick follow-up on my recent blog on best practices for the cloud onboarding of enterprise projects. There, I discussed how to use Terraform scripts as blueprint in the onboarding process. Starting with a corporate standard for setting up roles and other security objects, project-specific layers are added later on. The IBM Cloud solution tutorial on applying end to end security to a cloud application served as example. In this blog, I am going to share details on how I mapped project resources to roles.

Terraform: Best practices for the cloud onboarding of enterprise projects

Architecture: End to end security

When onboarding a new project — either on-prem or to a cloud environment — there should be no questions on how to get started. Onboarding should follow an enterprise-defined process based on (internal) standards. It needs to detail access roles and privileges and provide means to implement them.

Recently, in an IBM Cloud blog, I discussed such a project onboarding. Terraform scripts implement the rules as code — they help to automate roll-out and tear down access roles and privileges. The scenario from the solution tutorial "Apply end-to-end security to a cloud application" serves as specific example to proof-point the ideas.

Head over to IBM Cloud and read my blog on "Blueprinting the Onboarding of Cloud Projects Using Terraform".

Details available: IDUG EMEA 2020 as virtual conference

In August I already mentioned that the Db2 conference IDUG EMEA 2020 goes virtual. Now, the details are available, including the agenda - so-called virtual grid. The virtual conference will offer three tracks. One is for Db2 for z/OS, one for Db2 (LUW), and one track is dedicated to application development topics. Pricing is similar to the Db2 North America conference with $199 for a regular ticket and $99 if you are IDUG premium member. So, with no further ado, head over to the IDUG website, check out the agenda and register. I hope to see you in November.

BTW: I recently participated in another virtual conference. The organizers sent out some goodies ahead of the conference, including yummy cookies.

Use alfaview on rpm-based Linux (Fedora, Red Hat, CentOs)

Recently, I tried to prepare for an alfaview session. alfaview is a video conferencing system and used by the university where I teach data security. Only earlier this year alfaview introduced Linux support, and only for Debian-based systems. My system is rpm-based (Red Hat Enterprise Linux / Fedora / CentOS), so what to do? A tool like alien did not work for me. Here is what I did to make alfaview run on my rpm-based Linux system.

Some fun digging into IBM Cloud access policies

On IBM Cloud, I have an account with multiple other users. To organize teamwork, I followed best practices for organizing users, teams, applications and made use of the IBM Cloud IAM (Identity and Access Management) capabilities. 

With users, service IDs, access groups, and access policies in place, I wondered how to get insights into per-user privileges and the scope of service ID permissions. Sure, I could use the IBM Cloud console (UI) or the Command Line Interface (CLI), but why not test the API (Application Programming Interface) for some customized reporting? The script is available on GitHub.

Db2 and S3-compatible Cloud Object Storage

A look at Db2 and S3 storage

Recently, I was contacted about an old blog post where I discussed how to access Cloud Object Storage from Db2. Since writing that article, both Db2 and (IBM) Cloud Object Storage have evolved. Thus, it is time for an update on how to backup data to cloud storage, load from external storage and even directly query data somewhere in the Internet...

IDUG EMEA 2020 goes virtual, moved to November 16-19

My favorite database conference, the European IDUG (International Db2 User Group) meeting, just announced to go virtual for the IDUG EMEA 2020. The conference was planned to take place in Edinburgh, Scottland, in October. It is going to be held as virtual conference and was moved to November 16-19. Right now, it is planned to have IDUG EMEA 2021 in Edinburgh from October 17-21, 2021. So mark your calendars and keep your fingers crossed.

The recent meeting of the German Db2 User Group, DeDUG, was also a virtual event.

Update (2020-08-25): Seems the communicated dates were not final and I removed them for now.

Update (2020-08-26): Added information on IDUG EMEA 2021 and re-added November dates.

New JWT-based SSO in Db2 11.5

In my last blog I quickly pointed out the new Db2 11.5 Mod Pack 4. I mentioned that one of the new features is support for JSON Web Tokens (JWT). Today, I want to take a deeper look at this new security feature in Db2. Probably all of you have used JWTs before, maybe not knowingly - but this is going to change...

Db2 11.5 Mod Pack 4 is available

A quick note that Db2 Version 11.5 and its Mod Pack 4 are now available. You can read more about its new features and changes in the "What's new" section of the Db2 docs.

An interesting new security feature is the support for JWT (JSON Web Token) for authentication. It simplifies the integration of SSO (single sign-on) environments.

The Adaptive Workload Manager which we have heard about at past IDUG conferences is now GA. Other enhancements are for log space management and compression and there are several performance improvements.

Getting started with Db2 on Cloud Lite

It seems to me that during the COVID-19 pandemic there are more hackathons than usual. Great to see that IBM Cloud is the platform of choice for many solutions. Db2 on Cloud is used as database, often the free Lite plan to get started. That's the reason I published a quick guide on the IBM Cloud blog on how to use Db2 on Cloud Lite plan for hackathons.

Hands-on security: Share resources on IBM Cloud

Architecture: Database-driven Slackbot

One of my favorite IBM Cloud solution tutorials is about building a database-driven Slackbot. It is a great example for integrating enterprise resources with an AI-backed user interface and for utilizing serverless technology for the glue. Once you have created the chatbot, the next step is to share this project with co-workers. But how do you proceed? In this blog, I am going to discuss how to set up privileges for team members, so that they can access the project resources in different roles. Learn about IBM Cloud IAM, Access Groups and Policies. Get ready for some hands-on experience with IBM Cloud security.

New performance and security feature in Db2: Authentication cache

New security feature in Db2

The recent release of Db2 11.5.3 (Db2 V11.5 Mod Pack 3) includes a small gem that impacts both performance and security. It is a cache for User ID and Password-based authentication. That feature is great when your system uses LDAP / Active Directory for authentication because lookup results can be cached by Db2. By default, that feature is not active and you need to configure it. In this post, I am going to discuss how to enable and configure it.

Use Chromium-based browsers to manage FIDO security keys

Add fingerprint to FIDO key

Recently, I made a discovery that simplified how I manage my FIDO security keys. Instead of using a vendor tool to set a PIN or add fingerprints, I now switched to utilizing a Chrome- / Chromium-based browser for the administration. This works well on my Linux box. In this blog post, I am going to detail some of the features available.

Some advanced SQL to analyze COVID-19 data

Learn to write SQL

All of us are impacted by COVID-19. Looking at daily case numbers, the basic reproduction number or mortality rates has become a routine. But what is behind those numbers? How are they computed and how does SQL help? In this post, I want to discuss how some SQL analytics clauses help to dig through the data. When I teach database systems, I always try to show how it applies to life. Here, SQL may not directly help to cure the disease, but SQL is essential to compute and understand the statistics.

IBM Watson Studio: Download pandas DataFrame as CSV or Excel file

Gist code snippet

Right now, I am working with IBM Watson Studio on some analytics side project. It is nice to work with Jupyter Notebooks, Python and pandas and data again. Even Db2 is involved.

From working with pandas DataFrames locally, I knew how to turn the data into CSV or Excel files. But working with a hosted environment, accessing the file system is not possible and some other solution is needed.

All the best combined: Cloud, Db2, Python, Serverless and Security

Add a cloud service ID as Db2 user

Earlier this year, I wrote about how to use an API key or access token to connect to Db2 (on Cloud). Today, I am going to show you how to set up a service ID (technical user) on IBM Cloud, assign it a Db2 user ID (see screenshot) and grant database privileges. Thereafter, I share Python code for connecting to Db2 using the service ID with an API key.

All this helps to reduce the set of privileges held by a user or service and hence increases cloud security.

Home office and rubber duck debugging, 5 levels

Rubber duck debugging at home

Recently, I shared with you my best practices for working from home. Today, I want to add an angle specific to technical jobs, especially for developers. When you work in co-located teams, you benefit from the direct conversations and exchange. In (software) development and technical writing, it is important to rethink ongoing processes or ideas, to reassess a situation, to explain what you do. Rubber duck debugging is one such method - debugging code by explaining it to a rubber duck.

Key Protect as vault for multi-cloud setup

Guard credentials in a vault

In my previous blog post, I showed how you can easily encode and upload credentials to IBM Cloud Key Protect. Today, I am going to share sample code with you for retrieving the credentials and turning them back into a JSON object. A common use case is a multi-cloud environment where you need to store credentials for an external service. Basically, you are using Key Protect as vault. An example could be the key ID and secret to access the AWS S3 storage for importing data into IBM Cloud.

Encode credentials and upload to Key Protect

Protect credentials in Key Protect

If you followed my blog or have used IBM Cloud, then you know that Key Protect (and Hyper Protect Crypto Services) is the solution to manage encryption keys on IBM Cloud. Did you know that you can import your own keys? And did you know that "key" can be (almost) anything? Today, I am going to show you how to manage a set of JSON-based credentials with Key Protect.

Covid19 phone challenge: My old Nokia has Android now

My reliable Nokia phone

During these nasty times, you need a steady, reliable companion. It is my old Nokia phone (pictured). It takes phone calls, has an alarm and the current time. Moreover, it serves as projectile against all kinds of "obstacles". The only things missing are Db2 and a Linux terminal. Anyway, this was about to change. Today, I learned that finally (finally!) Android has arrived for this phone with the latest firmware upgrade.

My best practices for 2FA and FIDO2 security keys

Some of my FIDO2 security keys

Since starting my journey (and blogs) with FIDO2 security keys, I got questions about how I use the keys and how I set up my various accounts for 2nd factor authentication. In this blog post, I am trying to address those questions and briefly discuss different types of FIDO2 keys. So let's get started...

Obtaining device metadata for FIDO / FIDO2 security devices

Zoo of FIDO2 security keys

Last year, I started my journey to passwordless logins. I bought my first FIDO2 USB security key. Then, I added the key as an alternative to time-based one-time passwords (TOTP) to my online accounts where possible. Over time, I got more FIDO devices and also enabled an IBM Cloud tutorial on end-to-end security for passwordless support. What I learned through the process is that sometimes device metadata is important. So today I am going to write about what it is and where / how to obtain it.

My best practices for home office - Corona edition

Take some rest

If you follow my blog, you may already know that I work from home since more than 12 years. Except for some business travel, I tend to do the "things" considered work from a dedicated room in my house in Germany. Over the past years, I tried to find the balance between being productive (team, customers, employer, ...), take care of my family, socialize where possible and staying sane and healthy. Here are some of my best practices. They may or may not work for you, but at least give you some inspiration.

How to: Slack or email notifications for IBM Cloud security issues

Architecture for security notifications

In my past blogs I introduced you to IBM Cloud Security Advisor and how to integrate your own security scans. You can view all security findings in the security advisor dashboard. Another option is to get alerted for your choice of new security issues. For this you need to set up notification channels and messaging. In today's blog I am going to explain details and share my code.

Use Cloud Functions for security scans (IBM Cloud Security Advisor)

Result of a serverless security scan

After the introduction to custom metrics in IBM Cloud Security Advisor and an overview of how to manage custom findings on the command line, I am going to discuss how you can perform your own security scans and add the results to the security advisor. My code is written in Python, but any other language is fine, too. I utilize IBM Cloud Functions to run in the scans in a serverless fashion. The code and instructions are available on GitHub.

Manage your Security Advisor custom findings from the command line

List Security Advisor notes via CLI

In my recent post, I introduced you to the IBM Cloud Security Advisor and how it can be extended with your own metrics (custom findings). I also pointed to the API and Python and Node.js SDKs that allow to interface with the security advisor. Now, I am going to share details on how you can easily manage your findings objects. For that, I am utilizing the Python SDK. I wrote a small command line tool for the security advisor with the code available on GitHub.

Extend IBM Cloud Security Advisor with your own security metrics

Custom findings in Security Advisor

The IBM Cloud Security Advisor allows for centralized security management. It offers a unified dashboard that alerts security administrators for an IBM Cloud account of issues and helps them in resolving the issues. The advisor supports the integration of third-party vendors as well as custom findings. Using a REST API or programming language SDKs, it is possible to manage your own security metrics - from creating incident types and events to displaying them on the unified dashboard. In this and a follow-up post, I am going to give you a quick introduction to the Security Advisor and then discuss the code I made available on GitHub in the repo security-advisor-findings. It simplifies to management of custom objects and provides functions for some of my security scans.

Swashbooking for crowd-sourced book reviews and fun

Books for review

Usually, I don't go to book clubs or write book reviews. But yesterday evening was different with my first swashbooking session (German: Buchstrudeln). It is fast-paced book skimming and crowd-sourced book review combined. And a lot of fun. So what is it and what really did we do? Read on...

25th meeting of German Db2 User Group

Celebrating the 25th DeDUG meeting

Last Friday, the 25th meeting of the German Db2 User Group was held, this time hosted by Fiducia & GAD IT AG in Karlsruhe. As usual, it was both a great networking and informative event. I had the opportunity to catch up with many Db2 users - customers, partner and IBMers. Moreover, similar to a couple of previous meetings, I had the after-lunch talk, this time featuring Db2 on Cloud security topics.

Use an API KEY or ACCESS TOKEN to connect to Db2 on IBM Cloud

In the past, I have blogged about how to access a Db2 database on IBM Cloud from your local machine. I cataloged the cloud host and its database. Then, connected to it using the command line processor (CLP) by passing a username and password. Last year, I was delighted to read that Db2 on Cloud and Db2 Warehouse on Cloud now support authentication by either IBMid, API key, or access token. It is called IAM (Identity and Access Management) support. Finally, I had some time to actually use it. Here is what steps I needed to connect from my local machine to Db2 on IBM Cloud using either API key or token.