Monday, December 28, 2020

OBS on Linux: Green screen and virtual camera for video conferencing

OBS Studio: My monkey enjoys the beach
Similar to many of you, part of my work and hobbies consists of video conferencing. For some time now, I have been using OBS Studio (Open Broadcaster Software) to create a virtual camera on my Linux system. Recently, I had to upgrade my kernel. It required to recompile some file and reminded me that I wanted to blog about it. As usual, this is how I remember all the interesting stuff. So what is needed to create a virtual camera with OBS Studio and can you use a green screen for some beach feeling like shown?

Thursday, November 19, 2020

New Db2 V11.5 Mod Pack 5

During the currently ongoing virtual IDUG EMEA 2020 conference IBM released Mod Pack 5 for Db2 11.5. As it is with modification packs, it brings a long list of new features and enhancements to the current version of Db2. You can download this new release and other Db2 versions from the usual Db2 download page. As of this writing, the Db2 Docker image has not been updated.


Monday, November 16, 2020

Not just during Covid-19: Time for data masking

Facial data mask

If you follow common sense or health agency / government instructions, you probably wear at least a basic face mask when mingling with other people. Mostly, this is to protect others from your droplets, possibly with some virus-laden payload. If the mask is more advanced, it is capably of filtering out stuff that may harm you.

Similar to face mask, data masks have been around for a long time. Data masks and face masks share the same purpose, preventing leakage of damaging "tiny bits". In the database system Db2, data masking is already built-in. You only need to apply data masking by defining masks (styling and sewing your own mask) and enabling them (putting it own). Here is how.

Wednesday, October 21, 2020

IBM Cloud: Considerations for role and resource setup

Solution architecture
Here is a quick follow-up on my recent blog on best practices for the cloud onboarding of enterprise projects. There, I discussed how to use Terraform scripts as blueprint in the onboarding process. Starting with a corporate standard for setting up roles and other security objects, project-specific layers are added later on. The IBM Cloud solution tutorial on applying end to end security to a cloud application served as example. In this blog, I am going to share details on how I mapped project resources to roles.

Monday, October 19, 2020

Terraform: Best practices for the cloud onboarding of enterprise projects

Architecture: End to end security

When onboarding a new project — either on-prem or to a cloud environment — there should be no questions on how to get started. Onboarding should follow an enterprise-defined process based on (internal) standards. It needs to detail access roles and privileges and provide means to implement them.

Recently, in an IBM Cloud blog, I discussed such a project onboarding. Terraform scripts implement the rules as code — they help to automate roll-out and tear down access roles and privileges. The scenario from the solution tutorial "Apply end-to-end security to a cloud application" serves as specific example to proof-point the ideas.

Head over to IBM Cloud and read my blog on "Blueprinting the Onboarding of Cloud Projects Using Terraform".

Monday, October 12, 2020

Details available: IDUG EMEA 2020 as virtual conference

In August I already mentioned that the Db2 conference IDUG EMEA 2020 goes virtual. Now, the details are available, including the agenda - so-called virtual grid. The virtual conference will offer three tracks. One is for Db2 for z/OS, one for Db2 (LUW), and one track is dedicated to application development topics. Pricing is similar to the Db2 North America conference with $199 for a regular ticket and $99 if you are IDUG premium member. So, with no further ado, head over to the IDUG website, check out the agenda and register. I hope to see you in November.

BTW: I recently participated in another virtual conference. The organizers sent out some goodies ahead of the conference, including yummy cookies.

Wednesday, September 30, 2020

Use alfaview on rpm-based Linux (Fedora, Red Hat, CentOs)


Recently, I tried to prepare for an alfaview session. alfaview is a video conferencing system and used by the university where I teach data security. Only earlier this year alfaview introduced Linux support, and only for Debian-based systems. My system is rpm-based (Red Hat Enterprise Linux / Fedora / CentOS), so what to do? A tool like alien did not work for me. Here is what I did to make alfaview run on my rpm-based Linux system.

Tuesday, September 15, 2020

Some fun digging into IBM Cloud access policies


On IBM Cloud, I have an account with multiple other users. To organize teamwork, I followed best practices for organizing users, teams, applications and made use of the IBM Cloud IAM (Identity and Access Management) capabilities. 

With users, service IDs, access groups, and access policies in place, I wondered how to get insights into per-user privileges and the scope of service ID permissions. Sure, I could use the IBM Cloud console (UI) or the Command Line Interface (CLI), but why not test the API (Application Programming Interface) for some customized reporting? The script is available on GitHub.

Wednesday, August 26, 2020

Db2 and S3-compatible Cloud Object Storage

A look at Db2 and S3 storage
A look at Db2 and S3 storage

Recently, I was contacted about an old blog post where I discussed how to access Cloud Object Storage from Db2. Since writing that article, both Db2 and (IBM) Cloud Object Storage have evolved. Thus, it is time for an update on how to backup data to cloud storage, load from external storage and even directly query data somewhere in the Internet...

Monday, August 24, 2020

IDUG EMEA 2020 goes virtual, moved to November 16-19

My favorite database conference, the European IDUG (International Db2 User Group) meeting, just announced to go virtual for the IDUG EMEA 2020. The conference was planned to take place in Edinburgh, Scottland, in October. It is going to be held as virtual conference and was moved to November 16-19. Right now, it is planned to have IDUG EMEA 2021 in Edinburgh from October 17-21, 2021. So mark your calendars and keep your fingers crossed.

The recent meeting of the German Db2 User Group, DeDUG, was also a virtual event.

Update (2020-08-25): Seems the communicated dates were not final and I removed them for now.

Update (2020-08-26): Added information on IDUG EMEA 2021 and re-added November dates.

Monday, August 17, 2020

New JWT-based SSO in Db2 11.5


Another security lock for Db2
In my last blog I quickly pointed out the new Db2 11.5 Mod Pack 4. I mentioned that one of the new features is support for JSON Web Tokens (JWT). Today, I want to take a deeper look at this new security feature in Db2. Probably all of you have used JWTs before, maybe not knowingly - but this is going to change...

Wednesday, July 1, 2020

Db2 11.5 Mod Pack 4 is available

A quick note that Db2 Version 11.5 and its Mod Pack 4 are now available. You can read more about its new features and changes in the "What's new" section of the Db2 docs.

An interesting new security feature is the support for JWT (JSON Web Token) for authentication. It simplifies the integration of SSO (single sign-on) environments.

The Adaptive Workload Manager which we have heard about at past IDUG conferences is now GA. Other enhancements are for log space management and compression and there are several performance improvements.

Wednesday, June 17, 2020

Getting started with Db2 on Cloud Lite

Success in creating a table
It seems to me that during the COVID-19 pandemic there are more hackathons than usual. Great to see that IBM Cloud is the platform of choice for many solutions. Db2 on Cloud is used as database, often the free Lite plan to get started. That's the reason I published a quick guide on the IBM Cloud blog on how to use Db2 on Cloud Lite plan for hackathons.

Wednesday, June 10, 2020

Hands-on security: Share resources on IBM Cloud

Architecture: Database-driven Slackbot
Architecture: Database-driven Slackbot
One of my favorite IBM Cloud solution tutorials is about
building a database-driven Slackbot. It is a great example for integrating enterprise resources with an AI-backed user interface and for utilizing serverless technology for the glue. Once you have created the chatbot, the next step is to share this project with co-workers. But how do you proceed? In this blog, I am going to discuss how to set up privileges for team members, so that they can access the project resources in different roles. Learn about IBM Cloud IAM, Access Groups and Policies. Get ready for some hands-on experience with IBM Cloud security.

Tuesday, May 26, 2020

New performance and security feature in Db2: Authentication cache

New security feature in Db2
The recent release of Db2 11.5.3 (Db2 V11.5 Mod Pack 3) includes a small gem that impacts both performance and security. It is a cache for User ID and Password-based authentication. That feature is great when your system uses LDAP / Active Directory for authentication because lookup results can be cached by Db2. By default, that feature is not active and you need to configure it. In this post, I am going to discuss how to enable and configure it.

Wednesday, May 20, 2020

Use Chromium-based browsers to manage FIDO security keys

Add fingerprints using browser
Add fingerprint to FIDO key
Recently, I made a discovery that simplified how I manage my FIDO security keys. Instead of using a vendor tool to set a PIN or add fingerprints, I now switched to utilizing a Chrome- / Chromium-based browser for the administration. This works well on my Linux box. In this blog post, I am going to detail some of the features available.

Monday, May 18, 2020

Some advanced SQL to analyze COVID-19 data

Learn to write SQL
All of us are impacted by COVID-19. Looking at daily case numbers, the basic reproduction number or mortality rates has become a routine. But what is behind those numbers? How are they computed and how does SQL help? In this post, I want to discuss how some SQL analytics clauses help to dig through the data. When I teach database systems, I always try to show how it applies to life. Here, SQL may not directly help to cure the disease, but SQL is essential to compute and understand the statistics.

Thursday, May 7, 2020

IBM Watson Studio: Download pandas DataFrame as CSV or Excel file

Gist code snippet
Right now, I am working with IBM Watson Studio on some analytics side project. It is nice to work with Jupyter Notebooks, Python and pandas and data again. Even Db2 is involved.

From working with pandas DataFrames locally, I knew how to turn the data into CSV or Excel files. But working with a hosted environment, accessing the file system is not possible and some other solution is needed.

Monday, April 20, 2020

All the best combined: Cloud, Db2, Python, Serverless and Security

Add a cloud service ID as Db2 user
Earlier this year, I wrote about how to use an API key or access token to connect to Db2 (on Cloud). Today, I am going to show you how to set up a service ID (technical user) on IBM Cloud, assign it a Db2 user ID (see screenshot) and grant database privileges. Thereafter, I share Python code for connecting to Db2 using the service ID with an API key.

All this helps to reduce the set of privileges held by a user or service and hence increases cloud security.

Tuesday, April 14, 2020

Home office and rubber duck debugging, 5 levels

Rubber duck debugging at home
Recently, I shared with you my best practices for working from home. Today, I want to add an angle specific to technical jobs, especially for developers. When you work in co-located teams, you benefit from the direct conversations and exchange. In (software) development and technical writing, it is important to rethink ongoing processes or ideas, to reassess a situation, to explain what you do. Rubber duck debugging is one such method - debugging code by explaining it to a rubber duck.

Wednesday, April 8, 2020

Key Protect as vault for multi-cloud setup

Guard credentials in a vault
In my previous blog post, I showed how you can easily encode and upload credentials to IBM Cloud Key Protect. Today, I am going to share sample code with you for retrieving the credentials and turning them back into a JSON object. A common use case is a multi-cloud environment where you need to store credentials for an external service. Basically, you are using Key Protect as vault. An example could be the key ID and secret to access the AWS S3 storage for importing data into IBM Cloud.

Tuesday, April 7, 2020

Encode credentials and upload to Key Protect

Protect credentials in Key Protect
If you followed my blog or have used IBM Cloud, then you know that Key Protect (and Hyper Protect Crypto Services) is the solution to manage encryption keys on IBM Cloud. Did you know that you can import your own keys? And did you know that "key" can be (almost) anything? Today, I am going to show you how to manage a set of JSON-based credentials with Key Protect.

Wednesday, April 1, 2020

Covid19 phone challenge: My old Nokia has Android now

My reliable Nokia phone
During these nasty times, you need a steady, reliable companion. It is my old Nokia phone (pictured). It takes phone calls, has an alarm and the current time. Moreover, it serves as projectile against all kinds of "obstacles". The only things missing are Db2 and a Linux terminal. Anyway, this was about to change. Today, I learned that finally (finally!) Android has arrived for this phone with the latest firmware upgrade.

Tuesday, March 24, 2020

My best practices for 2FA and FIDO2 security keys

Some of my FIDO2 security keys
Since starting my journey (and blogs) with FIDO2 security keys, I got questions about how I use the keys and how I set up my various accounts for 2nd factor authentication. In this blog post, I am trying to address those questions and briefly discuss different types of FIDO2 keys. So let's get started...

Monday, March 23, 2020

Obtaining device metadata for FIDO / FIDO2 security devices

Zoo of FIDO2 security keys
Last year, I started my journey to passwordless logins. I bought my first FIDO2 USB security key. Then, I added the key as an alternative to time-based one-time passwords (TOTP) to my online accounts where possible. Over time, I got more FIDO devices and also enabled an IBM Cloud tutorial on end-to-end security for passwordless support. What I learned through the process is that sometimes device metadata is important. So today I am going to write about what it is and where / how to obtain it.

Wednesday, March 18, 2020

My best practices for home office - Corona edition

Take some rest
If you follow my blog, you may already know that I work from home since more than 12 years. Except for some business travel, I tend to do the "things" considered work from a dedicated room in my house in Germany. Over the past years, I tried to find the balance between being productive (team, customers, employer, ...), take care of my family, socialize where possible and staying sane and healthy. Here are some of my best practices. They may or may not work for you, but at least give you some inspiration.

Thursday, March 12, 2020

How to: Slack or email notifications for IBM Cloud security issues

Architecture for security notifications
In my past blogs I introduced you to IBM Cloud Security Advisor and how to integrate your own security scans. You can view all security findings in the security advisor dashboard. Another option is to get alerted for your choice of new security issues. For this you need to set up notification channels and messaging. In today's blog I am going to explain details and share my code.

Tuesday, March 3, 2020

Use Cloud Functions for security scans (IBM Cloud Security Advisor)

Result of a serverless security scan
After the introduction to custom metrics in IBM Cloud Security Advisor and an overview of how to manage custom findings on the command line, I am going to discuss how you can perform your own security scans and add the results to the security advisor. My code is written in Python, but any other language is fine, too. I utilize IBM Cloud Functions to run in the scans in a serverless fashion. The code and instructions are available on GitHub.

Monday, March 2, 2020

Manage your Security Advisor custom findings from the command line

List Security Advisor notes via CLI
In my recent post, I introduced you to the IBM Cloud Security Advisor and how it can be extended with your own metrics (custom findings). I also pointed to the API and Python and Node.js SDKs that allow to interface with the security advisor. Now, I am going to share details on how you can easily manage your findings objects. For that, I am utilizing the Python SDK. I wrote a small command line tool for the security advisor with the code available on GitHub.

Extend IBM Cloud Security Advisor with your own security metrics

Custom findings in Security Advisor
The IBM Cloud Security Advisor allows for centralized security management. It offers a unified dashboard that alerts security administrators for an IBM Cloud account of issues and helps them in resolving the issues. The advisor supports the integration of third-party vendors as well as custom findings. Using a REST API or programming language SDKs, it is possible to manage your own security metrics - from creating incident types and events to displaying them on the unified dashboard. In this and a follow-up post, I am going to give you a quick introduction to the Security Advisor and then discuss the code I made available on GitHub in the repo security-advisor-findings. It simplifies to management of custom objects and provides functions for some of my security scans.

Friday, February 28, 2020

Swashbooking for crowd-sourced book reviews and fun

Books for review
Usually, I don't go to book clubs or write book reviews. But yesterday evening was different with my first swashbooking session (German: Buchstrudeln). It is fast-paced book skimming and crowd-sourced book review combined. And a lot of fun. So what is it and what really did we do? Read on...

Monday, January 27, 2020

25th meeting of German Db2 User Group

Celebrating the 25th DeDUG meeting
Last Friday, the 25th meeting of the German Db2 User Group was held, this time hosted by Fiducia & GAD IT AG in Karlsruhe. As usual, it was both a great networking and informative event. I had the opportunity to catch up with many Db2 users - customers, partner and IBMers. Moreover, similar to a couple of previous meetings, I had the after-lunch talk, this time featuring Db2 on Cloud security topics.

Friday, January 10, 2020

Use an API KEY or ACCESS TOKEN to connect to Db2 on IBM Cloud

In the past, I have blogged about how to access a Db2 database on IBM Cloud from your local machine. I cataloged the cloud host and its database. Then, connected to it using the command line processor (CLP) by passing a username and password. Last year, I was delighted to read that Db2 on Cloud and Db2 Warehouse on Cloud now support authentication by either IBMid, API key, or access token. It is called IAM (Identity and Access Management) support. Finally, I had some time to actually use it. Here is what steps I needed to connect from my local machine to Db2 on IBM Cloud using either API key or token.