The Mainframe Blog Kindly Redirects You

Due to some continuing limitations at this site, including commenting issues we haven't been able to resolve to our satisfaction, we advise you to continue learning more about the world of mainframe computing at the following blogs:

There are many, many other mainframe-related blogs, and you can find many of them via the sites listed above. We are not endorsing any particular site as a successor to this one, though at some point I will likely choose one of them as my preferred place to continue sharing my views.

I'll see you at the other sites where we can interact better and exchange views much more easily — where the social media facilities are a bit better developed. I sincerely appreciate your many years of readership, commenting, suggestions, complements, and even criticisms. The posts here should remain available for quite some time to come (and then after that in Internet archives), but over time I'll move and update some of the best bits, for instance the "Mainframe Freebies" information.

OK, you can click or tap now. See you there!

by Timothy Sipples September 20, 2013 in Blogs, Future, History
Permalink | Comments (0) | TrackBack (0)

New Security Revelations: Governments Spying More than Expected

The New York Times, The Guardian, and Pro Publica are jointly reporting on new revelations about the extent of U.S. and U.K. (in particular) government surveillance of Internet communications. The revelations come primarily from U.K. GCHQ documents characterizing GCHQ and NSA capabilities. Former NSA contractor Edward Snowden obtained the documents and shared them with media outlets. Bruce Schneier, a security expert advising The Guardian, comments on the revelations and offers some practical advice.

I'm still absorbing the implications of these revelations. If they're true, I tend to agree with the security experts who are concerned about risks to people and their private information. One of the important roles of government is, ostensibly, to protect its citizens. If the government continues trying to undermine IT security in various ways, the government is making its own citizens easier to attack. Which is exactly backwards, of course: a security agency should be promoting the safety and security of its citizens, not undermining it. It doesn't take a Hollywood movie or even an Edward Snowden to understand that if the "good guys" can get in then so can lots of "bad guys." And the "good guys" have a lot more to lose when they're vulnerable.

I agree with Bruce Schneier that the IT engineering community will be doing a lot of work in this area over the coming weeks, months, and years to improve IT security and to better protect privacy. These revelations will also probably spur a lot of political discussion about the appropriate role of government and what the limitations on government should be. That's not a new debate, nor is it one that should ever end. In my view we must constantly remind ourselves of the Fourth Amendment to the U.S. Constitution, and we must meet or exceed that high standard.

OK, what about mainframes? Bruce Schneier's advice is heavily client (end point) focused, and that's appropriate for his readership. In the world of servers and enterprise computing there are also important considerations, and I would advise all IT professionals to pay close attention to security discussions and improvements coming out of the IT engineering community. I would also point out that I see way too much carelessness. I'm not talking about whether extremely well funded government intelligence agencies can access your applications and databases. I'm talking about rank amateurs. For example, do you have 3270 "green screen" terminal connections to your mainframe, for end users and/or for administrators? If yes, are those connections encrypted? You're sending mainframe user IDs and passwords across those links every day, across your wide area network perhaps. They're not encrypted, in the year 2013 (or even 2003)? Really? When exactly are you going to take security even half seriously?

As another example, is your idea of application integration to dump half your customers' most sensitive personal information into sequential files every night then FTP that — unencrypted of course — to dozens of different distributed servers, only to run a poorly secured application? How is that possibly secure? How is that being a responsible steward of your customers' private information? It isn't, yet I see it practically every day. Too many IT people think it's a good idea to copy data everywhere, all the time. There's no way you're ever going to protect your organization against even rank amateurs with that architectural approach. Stop copying data and start securing it. That means, paradoxically, opening up your mainframe to authenticated, authorized, and (usually) encrypted, direct access to application and information services. Why, just last week I had a conversation with an IT manager about this very issue. That manager questioned whether it was secure to access DB2 for z/OS directly from a PC-installed productivity tool. Compared to what? Compared to extracting all the data (not just the records the end user is supposed to be accessing) to a flat file, FTPing it (on a clear wire) to another database running on Microsoft Windows (!), then accessing it there, without any security context whatsoever? Of course that isn't secure. And I'm going to partially blame "mainframe people" — you know who you are — for setting arbitrary "security policies" which end users inevitably must circumvent in order to get their jobs done, or because they think they're "saving MIPS." I've even seen end user departments set up elaborate screen scraping tools on batteries of client PCs in order to perform data extracts, because that's what the "mainframe people" and their "security policies" require them to do to keep the business running. This madness must stop!

Now, for those two organizations in the world that have eliminated the low hanging vulnerabilities and that have stopped all the madness, I would recommend getting a mainframe if you don't already have one. (If you don't have one you probably aren't one of those two organizations.) Use your mainframe as your premier security hub to better protect your organization. We don't know everything yet — I'll keep reading the press reports with great interest — but what we do know from decades of experience to the present is that mainframes, well managed, have proven especially resistant to security threats. And, I write only half jokingly, we also know that the only organizations that might rival government intelligence agencies in their political power and influence are large financial institutions. All of them would presumably scream bloody murder if their core systems were exposed. Moreover, if you want open source software, you've got it on zEnterprise. Linux on zEnterprise is 100% open source software. There are no proprietary drivers or other closed source binaries required, unlike many other hardware platforms. z/OS has a large and growing collection of open source software available, too, and you can go grab whatever you like and quickly deploy it. (On z/TPF as well.) There's also the unparalleled statement of integrity for z/OS and for z/VM.

Stay vigilant, and stay safe.

by Timothy Sipples September 6, 2013 in Security
Permalink | Comments (0) | TrackBack (0)

Two Big Deals in the Mobile World

The U.S. Labor Day weekend has not been a restful one in the mobile communications and devices industry. Vodafone is selling its share of Verizon Wireless to Verizon in a blockbuster $130 billion cash and stock deal, and Microsoft is buying Nokia's struggling mobile phone business, other assets, and licenses for 5.4 billion euro (about $7.2 billion).

What have these deals got to do with mainframes? Plenty. The mobile business is still growing rapidly, and mobile devices (smartphones and tablets) are rapidly displacing traditional PCs as the dominant application and information service clients. That growth is increasing transaction volumes and associated batch processing on mainframes. It's also encouraging existing and new mainframe customers to add applications and application functions to their mainframes, especially to support increasing demands for continuous service and improved security given the challenges mobile devices present.

So how can mainframes address mobile platforms? They already do, and it's quite easy to do more. One excellent example is IBM Worklight for zEnterprise which makes it easy to support multiple mobile device types from your mainframe with functionally rich, device-appropriate, secure "apps" and mobile Web user interfaces. Another example is the IBM CICS Transaction Server Feature Pack for Mobile which is available to CICS customers at no additional charge and which supports lightweight, mobile-appropriate JSON Web services.

The contrast between the two deal sizes is interesting all by itself because it demonstrates where the value has shifted in the mobile market. The smaller Nokia-Microsoft deal is an attempt to combine two weak mobile players into one in order to try to compete with Apple and Google, in particular. The trouble is that Google (especially) has a different business model with lots of services, advertising, and content, and that business model is working well. Google seems to have won the mobile OEMs who were perhaps a bit uncomfortable with Google's acquisition of Motorola, but Microsoft's acquisition of Nokia trumps their mild concern. In other words, Microsoft isn't going to get any help now from Samsung, HTC, LG, ZTE, Lenovo, and other mobile device makers. It'll also be tough for Microsoft to compete against Apple in the premium segment of the mobile device market, and Apple is also strong in content. All that said, I think the acquisition makes sense for Microsoft. Microsoft really doesn't have much choice. Nor does Nokia. When Nokia's CEO, Stephen Elop, a former Microsoft executive (and soon a Microsoft executive again it seems, perhaps even the next CEO) bet his new company on Microsoft's struggling mobile Windows platform, he set in motion a chain of events that would very likely result in Nokia's divestiture of its mobile device business to Microsoft. I don't think too many people are surprised that Microsoft is carving up Nokia now. Cynical observers might even say that was the plan all along.

An interesting footnote is what happens to struggling Canadian mobile pioneer Research In Motion (RIM), makers of the Blackberry. Their new BB10 platform is technically very good, but that's never enough. According to reports RIM is at least open to the idea of selling itself to another company, but there's no perfect suitor available. None of the Chinese companies make much sense given that many of RIM's government customers would flee if such an acquisition came to fruition. HP might make some sense, but is there room for both a third and a fourth mobile platform, and would HP have any chance of finding room in the mobile market given Microsoft's still deep pockets? (Microsoft's Nokia acquisition is another piece of bad news for HP at least in terms of limiting HP's options and in terms of pulling some of Microsoft's attention away from the traditional PC business and OEMs like HP.) Samsung might be interested in acquiring RIM. Samsung would probably take BB10 and merge it with Android, retaining Android application compatibility but adding some more Samsung/RIM differentiation. That'd make some sense if the price is right. Google might have similar ideas, also at the right price. Both Samsung and Google wouldn't mind having RIM's patent portfolio. I don't see IBM being too interested except perhaps for RIM's Blackberry Enterprise Server (BES) software which another suitor might be willing to carve out for IBM, HP, or somebody else. Oracle, Facebook, and Dell are longshot candidates to buy RIM, each for different reasons. Or maybe nobody buys RIM, and we (probably) fondly remember the Blackberry much like we remember Amiga computers.

It's rarely boring in the technology industry.

by Timothy Sipples September 3, 2013 in CICS, Current Affairs, Financial, Web Technology
Permalink | Comments (0) | TrackBack (0)

The postings on this site are our own and don’t necessarily represent the positions, strategies or opinions of our employers.
© Copyright 2005 the respective authors of the Mainframe Weblog.