Wednesday, July 1, 2020

Db2 11.5 Mod Pack 4 is available

A quick note that Db2 Version 11.5 and its Mod Pack 4 are now available. You can read more about its new features and changes in the "What's new" section of the Db2 docs.

An interesting new security feature is the support for JWT (JSON Web Token) for authentication. It simplifies the integration of SSO (single sign-on) environments.

The Adaptive Workload Manager which we have heard about at past IDUG conferences is now GA. Other enhancements are for log space management and compression and there are several performance improvements.

Wednesday, June 17, 2020

Getting started with Db2 on Cloud Lite

Success in creating a table
It seems to me that during the COVID-19 pandemic there are more hackathons than usual. Great to see that IBM Cloud is the platform of choice for many solutions. Db2 on Cloud is used as database, often the free Lite plan to get started. That's the reason I published a quick guide on the IBM Cloud blog on how to use Db2 on Cloud Lite plan for hackathons.

Wednesday, June 10, 2020

Hands-on security: Share resources on IBM Cloud

Architecture: Database-driven Slackbot
Architecture: Database-driven Slackbot
One of my favorite IBM Cloud solution tutorials is about
building a database-driven Slackbot. It is a great example for integrating enterprise resources with an AI-backed user interface and for utilizing serverless technology for the glue. Once you have created the chatbot, the next step is to share this project with co-workers. But how do you proceed? In this blog, I am going to discuss how to set up privileges for team members, so that they can access the project resources in different roles. Learn about IBM Cloud IAM, Access Groups and Policies. Get ready for some hands-on experience with IBM Cloud security.

Tuesday, May 26, 2020

New performance and security feature in Db2: Authentication cache

New security feature in Db2
The recent release of Db2 11.5.3 (Db2 V11.5 Mod Pack 3) includes a small gem that impacts both performance and security. It is a cache for User ID and Password-based authentication. That feature is great when your system uses LDAP / Active Directory for authentication because lookup results can be cached by Db2. By default, that feature is not active and you need to configure it. In this post, I am going to discuss how to enable and configure it.

Wednesday, May 20, 2020

Use Chromium-based browsers to manage FIDO security keys

Add fingerprints using browser
Add fingerprint to FIDO key
Recently, I made a discovery that simplified how I manage my FIDO security keys. Instead of using a vendor tool to set a PIN or add fingerprints, I now switched to utilizing a Chrome- / Chromium-based browser for the administration. This works well on my Linux box. In this blog post, I am going to detail some of the features available.

Monday, May 18, 2020

Some advanced SQL to analyze COVID-19 data

Learn to write SQL
All of us are impacted by COVID-19. Looking at daily case numbers, the basic reproduction number or mortality rates has become a routine. But what is behind those numbers? How are they computed and how does SQL help? In this post, I want to discuss how some SQL analytics clauses help to dig through the data. When I teach database systems, I always try to show how it applies to life. Here, SQL may not directly help to cure the disease, but SQL is essential to compute and understand the statistics.

Thursday, May 7, 2020

IBM Watson Studio: Download pandas DataFrame as CSV or Excel file

Gist code snippet
Right now, I am working with IBM Watson Studio on some analytics side project. It is nice to work with Jupyter Notebooks, Python and pandas and data again. Even Db2 is involved.

From working with pandas DataFrames locally, I knew how to turn the data into CSV or Excel files. But working with a hosted environment, accessing the file system is not possible and some other solution is needed.

Monday, April 20, 2020

All the best combined: Cloud, Db2, Python, Serverless and Security

Add a cloud service ID as Db2 user
Earlier this year, I wrote about how to use an API key or access token to connect to Db2 (on Cloud). Today, I am going to show you how to set up a service ID (technical user) on IBM Cloud, assign it a Db2 user ID (see screenshot) and grant database privileges. Thereafter, I share Python code for connecting to Db2 using the service ID with an API key.

All this helps to reduce the set of privileges held by a user or service and hence increases cloud security.

Tuesday, April 14, 2020

Home office and rubber duck debugging, 5 levels

Rubber duck debugging at home
Recently, I shared with you my best practices for working from home. Today, I want to add an angle specific to technical jobs, especially for developers. When you work in co-located teams, you benefit from the direct conversations and exchange. In (software) development and technical writing, it is important to rethink ongoing processes or ideas, to reassess a situation, to explain what you do. Rubber duck debugging is one such method - debugging code by explaining it to a rubber duck.

Wednesday, April 8, 2020

Key Protect as vault for multi-cloud setup

Guard credentials in a vault
In my previous blog post, I showed how you can easily encode and upload credentials to IBM Cloud Key Protect. Today, I am going to share sample code with you for retrieving the credentials and turning them back into a JSON object. A common use case is a multi-cloud environment where you need to store credentials for an external service. Basically, you are using Key Protect as vault. An example could be the key ID and secret to access the AWS S3 storage for importing data into IBM Cloud.

Tuesday, April 7, 2020

Encode credentials and upload to Key Protect

Protect credentials in Key Protect
If you followed my blog or have used IBM Cloud, then you know that Key Protect (and Hyper Protect Crypto Services) is the solution to manage encryption keys on IBM Cloud. Did you know that you can import your own keys? And did you know that "key" can be (almost) anything? Today, I am going to show you how to manage a set of JSON-based credentials with Key Protect.

Wednesday, April 1, 2020

Covid19 phone challenge: My old Nokia has Android now

My reliable Nokia phone
During these nasty times, you need a steady, reliable companion. It is my old Nokia phone (pictured). It takes phone calls, has an alarm and the current time. Moreover, it serves as projectile against all kinds of "obstacles". The only things missing are Db2 and a Linux terminal. Anyway, this was about to change. Today, I learned that finally (finally!) Android has arrived for this phone with the latest firmware upgrade.

Tuesday, March 24, 2020

My best practices for 2FA and FIDO2 security keys

Some of my FIDO2 security keys
Since starting my journey (and blogs) with FIDO2 security keys, I got questions about how I use the keys and how I set up my various accounts for 2nd factor authentication. In this blog post, I am trying to address those questions and briefly discuss different types of FIDO2 keys. So let's get started...

Monday, March 23, 2020

Obtaining device metadata for FIDO / FIDO2 security devices

Zoo of FIDO2 security keys
Last year, I started my journey to passwordless logins. I bought my first FIDO2 USB security key. Then, I added the key as an alternative to time-based one-time passwords (TOTP) to my online accounts where possible. Over time, I got more FIDO devices and also enabled an IBM Cloud tutorial on end-to-end security for passwordless support. What I learned through the process is that sometimes device metadata is important. So today I am going to write about what it is and where / how to obtain it.

Wednesday, March 18, 2020

My best practices for home office - Corona edition

Take some rest
If you follow my blog, you may already know that I work from home since more than 12 years. Except for some business travel, I tend to do the "things" considered work from a dedicated room in my house in Germany. Over the past years, I tried to find the balance between being productive (team, customers, employer, ...), take care of my family, socialize where possible and staying sane and healthy. Here are some of my best practices. They may or may not work for you, but at least give you some inspiration.

Thursday, March 12, 2020

How to: Slack or email notifications for IBM Cloud security issues

Architecture for security notifications
In my past blogs I introduced you to IBM Cloud Security Advisor and how to integrate your own security scans. You can view all security findings in the security advisor dashboard. Another option is to get alerted for your choice of new security issues. For this you need to set up notification channels and messaging. In today's blog I am going to explain details and share my code.

Tuesday, March 3, 2020

Use Cloud Functions for security scans (IBM Cloud Security Advisor)

Result of a serverless security scan
After the introduction to custom metrics in IBM Cloud Security Advisor and an overview of how to manage custom findings on the command line, I am going to discuss how you can perform your own security scans and add the results to the security advisor. My code is written in Python, but any other language is fine, too. I utilize IBM Cloud Functions to run in the scans in a serverless fashion. The code and instructions are available on GitHub.

Monday, March 2, 2020

Manage your Security Advisor custom findings from the command line

List Security Advisor notes via CLI
In my recent post, I introduced you to the IBM Cloud Security Advisor and how it can be extended with your own metrics (custom findings). I also pointed to the API and Python and Node.js SDKs that allow to interface with the security advisor. Now, I am going to share details on how you can easily manage your findings objects. For that, I am utilizing the Python SDK. I wrote a small command line tool for the security advisor with the code available on GitHub.

Extend IBM Cloud Security Advisor with your own security metrics

Custom findings in Security Advisor
The IBM Cloud Security Advisor allows for centralized security management. It offers a unified dashboard that alerts security administrators for an IBM Cloud account of issues and helps them in resolving the issues. The advisor supports the integration of third-party vendors as well as custom findings. Using a REST API or programming language SDKs, it is possible to manage your own security metrics - from creating incident types and events to displaying them on the unified dashboard. In this and a follow-up post, I am going to give you a quick introduction to the Security Advisor and then discuss the code I made available on GitHub in the repo security-advisor-findings. It simplifies to management of custom objects and provides functions for some of my security scans.

Friday, February 28, 2020

Swashbooking for crowd-sourced book reviews and fun

Books for review
Usually, I don't go to book clubs or write book reviews. But yesterday evening was different with my first swashbooking session (German: Buchstrudeln). It is fast-paced book skimming and crowd-sourced book review combined. And a lot of fun. So what is it and what really did we do? Read on...

Monday, January 27, 2020

25th meeting of German Db2 User Group

Celebrating the 25th DeDUG meeting
Last Friday, the 25th meeting of the German Db2 User Group was held, this time hosted by Fiducia & GAD IT AG in Karlsruhe. As usual, it was both a great networking and informative event. I had the opportunity to catch up with many Db2 users - customers, partner and IBMers. Moreover, similar to a couple of previous meetings, I had the after-lunch talk, this time featuring Db2 on Cloud security topics.

Friday, January 10, 2020

Use an API KEY or ACCESS TOKEN to connect to Db2 on IBM Cloud

In the past, I have blogged about how to access a Db2 database on IBM Cloud from your local machine. I cataloged the cloud host and its database. Then, connected to it using the command line processor (CLP) by passing a username and password. Last year, I was delighted to read that Db2 on Cloud and Db2 Warehouse on Cloud now support authentication by either IBMid, API key, or access token. It is called IAM (Identity and Access Management) support. Finally, I had some time to actually use it. Here is what steps I needed to connect from my local machine to Db2 on IBM Cloud using either API key or token.