Welcome to another edition of Talsco Weekly
- News: An IBM i seat costs less than your iPhone per month.
- Career: Curiosity Shapes The Future.
- Security: What you need to know about IBM i Hacking.
- Modernization: Debunking Modernization Myths.
- Python: Python String Methods to Know.
The folks over at IT Jungle did an interesting thought experiment.
How much would a single monthly subscription be for the “hardware-software-maintenance” bundle on a single-socket Power S1014 for IBM i customers?
Big Blue charges around $50 per user per month for the bundle.
As a comparison:
A high-end iPhone smartphone with cell service and a data plan – somewhere between $75 and $80
The full Power S1014 subscription offering was just released, and for those of you looking at the pricing for a Power10, this article dives into the details and gives you insight into the various Power10 models and configuration options.
As technology providers move towards a subscription-based approach, IBM seems to have stepped up to the plate.
“The idea that this is a platform as a service, or PaaS, since database software and application development software is bundled in” is offering some interesting options for a large number of IBM i shops.
My mother always taught me to be curious. Ask questions. And then more questions. Never stop asking questions because it is how you grow, and it will naturally create more and more opportunities for you.
“Curiosity is such a basic component of our cognition that we are nearly oblivious to its pervasiveness in our lives. Consider, though, how much of our time we spend seeking and consuming information and its importance as a motivator for learning, influential in decision-making, and crucial for healthy development.”
It’s hard to deny the power of curiosity.
The Curiosity Zone is a great framework.
Here it is:
“The Curiosity Zone is a great framework that describes our tendency to be the most curious when you know “something” about a subject. And the most incurious when we are completely ignorant about it or see ourselves as an expert in it.”
“The Curiosity Zone is divided into three categories:”
- Curiosity Zone 1
- Curiosity Zone 2
- Curiosity Zone 3
So, are you curious?
Many in the IBM i community seem to think the IBM i is unhackable.
Here is a detailed post from Silent Signal an IT Security firm that focuses on Ethical Hacking. Basically, they “find out what security issues and threats affect IT systems and employees at your organization.”
They recently focused on the IBM i. Once they realized that the AS/400, now IBM i, is here to stay, they decided to create their own IBM i lab to better understand its security architecture.
This blog post is the first step of publishing their findings to the security community where they share a walkthrough of the penetration testing result of an IBM i system.
Table of Contents:
- Initial Program Breakout: “The first task was trying to break out of the initial program limitation.”
- Privilege Escalation by Profile Swapping: “Information gathering about the accessible user profiles (WRKUSRPRF) exposes…”
- Becoming A Security Administrator: “A simple SQL query in the STRSQL command reveals the potential candidates” that have privileges on the system.
- Beyond The Green Screen: “One of the challenges of securing IBM i systems is that the high integration of features provides access to the same attack surface through different interfaces, all of which need individual protections.”
“This little case study shows, that while approaching IBM i systems requires learning the unusual ways of the platform, these systems are affected by really similar misconfigurations as our more common targets – in the end, all systems are programmed and configured by humans, usually under pressure to ‘just make it work.'”
“If you’re embarking upon an application modernization project, you’re not alone, as many organizations running older computer systems are looking for an upgrade. But that increased need for modernization has coincided with the rise of several myths on the topic, which is a cause for concern.”
The three common myths:
The 1st “modernization myth is that all you need for a modernization project is a code converter that takes your legacy source code and automatically converts it to a modern codebase.”
Code converters play a critical role, however, there is much more involved than simply converting code. Proper project planning and setting realistic expectations are key here.
The 2nd modernization myth “is that business rule extraction is too time-consuming and tedious for a company undertaking an application modernization effort.”
In reality, you “are better off extracting the rules you want to keep, and then either rewriting the application or moving it to a business rules engine, where you can add new rules.”
The 3rd modernization myth is “the customer always knows their code.”
The real story is, more often than not, companies don’t really understand what they have in their code base.
If your organization is dipping its toes into the modernization waters, it is absolutely essential to take ownership of the project initiative. No matter the size or complexity. Modernization projects fail without the proper buy-in from the business, IT, and the vendor of your choice.
“Python’s strings have 47 methods. That’s almost as many string methods as there are built-in functions in Python! Which string methods should you learn first?”
“There are about a dozen string methods that are extremely useful and worth committing to memory. Let’s take a look at the most useful string methods and then briefly discuss the remaining methods and why they’re less useful.”
The most useful string methods:
- join: Join iterable of strings by a separator
- split: Split (on whitespace by default) into list of strings
- replace: Replace all copies of one substring with another
- strip: Remove whitespace from the beginning and end
- casefold: Return a case-normalized version of the string
- startswith: Check if string starts with 1 or more other strings
- endswith: Check if string ends with 1 or more other strings
- splitlines: Split into a list of lines
- format: Format the string (consider an f-string before this)
- count: Count how many times a given substring occurs
- removeprefix: Remove the given prefix
- removesuffix: Remove the given suffix
If you are diving into Python, I highly recommend bookmarking this site for future reference.
Sign up for Talsco Weekly to get the latest news, insight and job openings for the IBM i professional.
If you are an RPG programmer looking to explore opportunities or a client who is looking for a talented IBM i professional, please contact us. We look forward to assisting you.
Do you know of someone who could benefit from Talsco Weekly? If so, please use the social media buttons to spread the word. Thank you!