Category Archives: Computing

IBM HTTP Server For i (Apache) | IBMi v7r2 ROBOT Attack Mitigation

IBMi v7r2 ROBOT ATTACK  Mitigation

The best way to mitigate the vulnerability is to disable all SSL protocols apart from TLS 1.2. This will mean users with out of date operating systems and browsers will no longer be able to use the site but those will likely be minimal.

The Vulnerability

ROBOT is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server.

In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 v1.5 padding allowed an adaptive-chosen ciphertext attack; this attack fully breaks the confidentiality of TLS when used with RSA encryption.

Using some slight variations this vulnerability can still be used against many HTTPS hosts in today’s Internet.

From the 1st March 2018 Qualys SSL Labs will rate sites affected by ROBOT as F.

Make the following changes to your servers http config. This can be done by editing the config file directly (EDTF) or starting the *ADMIN http server and editing from within IBM Web Administration for i (/HTTPAdmin)

The required changes should already be applied if using v7r3 and above. The changes can also be applied by changing the allowed ciphers system value (QSSLCSL) but is best to change for the application required and leave the system values to save hassle when the OS is updated (if value is not default the settings will carry over to the upgraded OS).

The following settings will allow an A+ grade on SSLlabs:-

Qualys sslLabs rating

ServerName (enables SNI) but requires SSLServerCert directive be set.

Header Strict-Transport-Security directive (required to enable HSTS – HTTP Strict Transport Security)

SSLCipherSpec directive – Must have allowed cipher for the denied ciphers to take effect.

Values which need to be changed in bold italics.

SSLEngine On
SSLVersion TLSV1.2
SSLServerCert Certificate_Name_In_DCM
Header set Strict-Transport-Security “max-age=31536000;includeSubDomains;preload”

Node.js Example application

Node.js on IBMil. The following sample code queries the DB2 database table QIWS.QCUSTCDT and returns the result set to the browser. Add the following code to a file called /home/sample.js.


var http = require('http');
var db = require('/QOpenSys/QIBM/ProdData/Node/os400/db2i/lib/db2');
http.createServer(function (req, res) {
     db.exec("SELECT LSTNAM, STATE FROM QIWS.QCUSTCDT", function(rs) {
                 res.writeHead(200, {'Content-Type': 'text/plain'});
}).listen(8081, 'IPaddress');
console.log('Server running at http://IPaddress:8081/');

From a terminal session (best to run ssh server in separate subsystem)

node /home/njs/sample.js

If no problem, you can browse the site to get the query result from database. The output of result set is in JSON format. You can use the JSON.stringify() function to convert it to a readable text, or access the key-value pairs directly.




1.      DB2 for i Access APIs


1.1.    Introduction

DB2i add-on for Node.js is a JavaScript API set for DB2 database manipulation on IBM i. The add-on is shipped with Node.js and located in /QOpenSys/QIBM/ProdData/Node/os400/db2i/. It contains a binary module db2i.node in thebin directory and a library file db2.js in the lib directory. If you want to copy the add-on to other places, please remain the folder structure.

To use the DB2i add-on, you only need to require the db2.js file in your source code.

1.2.    Examples

1.2.1. Basic Query

var db = require('/QOpenSys/QIBM/ProdData/Node/os400/db2i/lib/db2');
    db.debug(true);  // Enable Debug Mode if needed.
    db.init(function(){  // Initialize the environment for database connections.
           db.serverMode(true); // Enable Server Mode if needed
    db.conn(*LOCAL”, “USER”, “PASSWORD”, function(){ // Connect to a database
           db.autoCommit(true); // Enable the Auto Commit feature if needed.
    db.exec(“CREATE TABLE TEST.NAMEID (ID INTEGER, NAME VARCHAR(50), SALARY DECIMAL(8,2)));  // Create a new table in the database.
    db.exec(“INSERT INTO TEST.NAMEID VALUES (0, 'David', 999.99)); // Insert a new record in the table.
    console.log(“There are %d rows affected.”, db.numRows()); // Get the execution result.
    db.exec(“SELECT * FROM TEST.NAMEID,   // Query the data in the new table.
           function(jsonObj) {  // Print the output in a readble way.
           console.log(“Result: %s”, JSON.stringify(jsonObj));
           var fieldNum = db.numFields();
           console.log(“There are %d fields in each row.”, fieldNum);
           console.log(Name | Length | Type | Precise | Scale | Null);  // Print all the fields information.
           for(var i = 0; i < fieldNum; i++)
                  console.log(%s | %d | %d | %d | %d | %d”, db.fieldName(i), db.fieldWidth(i), db.fieldType(i), db.fieldPrecise(i), db.fieldScale(i), db.fieldNullable(i));
    db.exec(“DROP TABLE TEST.NAMEID);  // Delete the example table from the database.
    db.close();  // Release any used resource.
    } catch(e) {  // Exception handler

Node.js on IBMi | The power to modernise legacy applications

Node.js on IBMi

Node.js is an open source project based on Google Chrome V8 Engine. Node.js on IBMi provides a platform for server-side JavaScript applications running without browsers.

The event-driven, non-blocking I/O model makes it lightweight and very efficient. It also provides several built-in modules to simplify programming, especially for networking applications. Additionally, there are more third-party modules that can be easily installed with the built-in npm (Node Packaged Modules) tool.

The node.js engine allows you to run JavaScript code without the need for a browser.

The Node.js engine converts the JavaScript into machine code.

Node.js on IBMi

 Node.js on IBMi

Node.js is now being delivered and packaged for IBM i with the new IBM i product 5733-OPS – Open Source for IBM i – Option 1. This new offering includes the following:

  • Node.js runtime – Core Node.js runtime engine compiled to run in PASE on IBM i
  • DB2 for i access library  – Allows user to access content stored in DB2 for i.
  • Node.js toolkit for IBM i  – Allows user to access IBM i system resources, such as system status, system values, job information, message queue, object information, ILE Programs etc.
Note:  Node.js is a registered trademark of Joyent, Inc. in the United states and other countries. This module is not formally related to or endorsed by the official Joyent Node.js project.

Getting Started

To get going with Node.js on IBM i, use the following instructions

Software Prerequisites
How to obtain the new Open Source for IBM i Product – 5733OPS
Install & Setup Node.js on IBM i
Verifying the Node.js Environment
Running ‘Hello World’ in Node.js on IBM i
DB2 Access from Node.JS
Access IBM i Native Objects

API Reference

DB2 for i access APIs
Toolkit for IBM i APIs

Node.js Updates

It contains all the node.js PTF information.

Node.js updates

Additional References

XML Service
Node.js Community Site
IBM SDK for Node.js
Native JavaScript applications on IBM i with Node.js
Running Node.js with IBM HTTP Server for i

Source: IBM i Technology Updates : Node.js

RDI 9.5 Enhancements | IBM Systems Magazine

Fun Times for RDi Users With v 9.5

RDI 9.5 Enhancements, Version 9.5 of Rational Developer for i is now available. It does require a re-install—not just an update.  So what’s new in RDi V9.5?

RDI 9.5 Enhancements

The most significant new feature is the capability to format (or more accurately re-format) your free-form logic. What we’re talking about here is the matter of indentation of the code.Let’s say, for example, you have a FOR or DOx loop that has a SELECT/WHEN block nested inside it and an IF/ELSE block nested inside that. Now you need to add another level of nesting with another IF/ELSE block that falls between the FOR/DOx and the SELECT block.

One of the benefits of free-form logic is the capability to indent code to show the levels of nesting. This makes it easier for the next programmer coming along to follow the logic. Needless to say, this makes it critical that the indentation is accurate! Even if we make the bold assumption that the original code was indented properly to begin with (sadly in our experience, this is often not the case), introducing a new level in the middle requires shifting a bunch of code around to get the indentation to correctly reflect the nesting levels. There are various ways to do this manually, of course, but it was often not done properly or at best was time-consuming to do and tended to be somewhat error-prone. The new formatter only works on code that is already in free format—including file and data declarations, etc.

The built-in formatter for RDi V9.5 can be used on a specific block of code or, if no block is selected, the entire member is formatted.

The Crtl+Shift+F keyboard shortcut will invoke it or you can use menu options—either under the Source menu or via the right-click context menu under Source.You do have a few options on how the formatting is done. These are controlled via preferences on a new Formatter preference page under ILE RPG parser preferences.

There are options for how many spaces to indent and an option for whether or not you want WHEN/OTHER statements within a SELECT block indented. Take a look at the preference page to find a few others.



Source: IBM Systems Magazine – Fun Times for RDi Users With V9.5 Enhancements



Open Source Technologies on IBM i | Technology Updates

The world of Open Source continues to rapidly evolve and change. This is also very much the case for the IBM i. Over the past few years there have been an increased number of Open Source Technologies added to the IBM i.

Open Source Technologies on IBM i


New Open Source Product for IBM i

Recently, the IBM i development  team has taken a more active role in compiling open source products exclusively  to run in the PASE environment for IBM i. In order deliver these new technologies in a safe manner IBM have created a new license program option – 5733OPS – Open Source for IBM i.  For details on how to get this new product see –  How to obtain the new Open Source for IBM i Product – 5733OPS page.

Source: IBM i Technology Updates

Open Source Technologies on IBMi

Open Source Technologies 5733OPS Installation

Step 1: Install XMLSERVICE and any requisite products

  • Install XMLSERVICE to the XMLSERVICE library on IBM i. See the XMLSERVICE install documentation for more details.
  • PASE (SC1 option 33) is required for all 5733-OPS options.
  • Other product requirements will be called out in the documentation for the individual product options. For instance, Python requires SC1 for many functions.

Step 2: Obtain the new Open Source for IBM i Product – 5733OPS

The new License Program Option 5733OPS – Open Source for IBM i is being included as part if the IBM i Bonus Package. This means that if you are current on your IBM i software maintenance you are entitled to this new offering. Below are the designated ways that you can obtain this new support.

  • Starting at 5733OPS GA, it will begin shipping with IBM i 7.1 and 7.2 Operating System Keyed Media Set. All orders with ship date of GA and later would receive this new media
  • If entitled to the IBM i V7 OS’s at GA, 5733OPS will become part of the 7.1 and 7.2 Operating System ESD download package under 5770-SS1 base FC’s 5817, 5818, 5819, 5827, 5828, and 5829 the package is titled F_MULTI_NLV_110_IBM_i_Open_Source_Solutions on ESS
  • At GA 5733OPS will become part of the 7.1 and 7.2 Operating System ESD download package under the IBM i Evaluation, Try & Buy and NLV download section, under 5770-SS1 base FC’s 5817, 5818, 5819, 5827, 5828, and 5829 the package is titled F_MULTI_NLV_110_IBM_i_Open_Source_Solutions on ESS

Step 3: Install necessary PTF’s

Once you have installed the product and options of interest, install the latest SC1 PTF’s and the individual PTF’s needed for the 5733OPS option of interest (for instance, SI55499 for Node.js, SI57008, SI57253, SI57254, SI57255, and SI57256 for Python), or their latest superceding PTF.

Note that OPS PTF’s may call out requisites that are not applicable for your runtime environment. For instance, both 7.1 and 7.2 versions of SC1 PTF’s are listed as requisites, but you may disregard warnings about PTF’s for a different release.

Once you have obtained the new product and options of interest, all future updates will also be included with the Latest HTTP PTF Group:
  • SF99368 – level 31 for IBM i 7.1
  • SF99713 – level 5 for IBM i 7.2





RPG IV programming | IBM Redbooks

RPG IV programming guide

RPG IV programming resource, this redbook is one the best RPG IV programming resources I have found.
This redbook may be old but is still relevant and very well written.
Source: IBM Redbooks | Who Knew You Could Do That with RPG IV? A Sorcerer’s Guide to System Access and More

cover image


This IBM Redbooks publication is focused on RPG IV as a modern, thriving, and rich application development language for the 21st century. It is written for those AS/400 system programmers that are in the cusp between RPG/400 and RPG IV and are looking for hints and tips to make the move forward worth their while. This book promises to drop little golden nuggets of information in the form of code samples and style guidelines. Picking up each golden nugget will lead you step-by-step down the path that will eventually allow you to take full advantage of RPG IV and the Integrated Language Environment (ILE). Even the most experienced RPG IV programmer will find something useful in this book.

***Update Notice***
The SSERVER3 and SCLIENT3 example program as an example of multiple I/O between one server and multiple clients was not correct and has been updated. The updated sections are marked by change bars in Sections 5.5.5 and 5.5.6.

In addition, we updated the RPGISCOOL library SAVF found under Additional materials on the IBM Redbooks Web site. See Appendix A “Example RPG IV programs on the Web” for instructions to download these examples. The source files in library RPGISCOOL file SCKSRC that have been updated are: SCKSELF, SCKCPY, SCLIENT3, SSERVER3, SCLIENT3B, and SSERVER3B.

Table of contents

Chapter 1. An introduction to RPG IV
Chapter 2. Programming RPG IV with style
Chapter 3. Subprocedures
Chapter 4. An ILE guide for the RPG programmer
Chapter 5. Exploring new ways to exploit your AS/400 system
Chapter 6. Database access with RPG IV
Chapter 7. A modern tool for a modern language: CODE/400
Chapter 8. VisualAge for RPG as a GUI for RPG applications
Appendix A. Example RPG IV programs on the Web
Appendix B. An introduction to the Integrated File System (IFS)
Appendix C. PTFs for *SRCSTMT and *NODEBUGIO

Modernizing IBM i Applications from the Database up to the User Interface and Everything in Between

cover image


This IBM® Redbooks® publication is focused on melding industry preferred practices with the unique needs of the IBM i community and providing a holistic view of modernization. This book covers key trends for application structure, user interface, data access, and the database.

Modernization is a broad term when applied to applications. It is more than a single event. It is a sequence of actions. But even more, it is a process of rethinking how to approach the creation and maintenance of applications. There are tangible deliveries when it comes to modernization, the most notable being a modern user interface (UI), such as a web browser or being able to access applications from a mobile device. The UI, however, is only the beginning. There are many more aspects to modernization.

Using modern tools and methodologies can significantly improve productivity and reduce long-term cost while positioning applications for the next decade. It is time to put the past away. Tools and methodologies have undergone significant transformation, improving functionality, usability, and productivity. This is true of the plethora of IBM tools and the wealth of tools available from many Independent Solution Providers (ISVs).

This publication is the result of work that was done by IBM, industry experts, and by representatives from many of the ISV Tool Providers. Some of their tools are referenced in the book. In addition to reviewing technologies based on context, there is an explanation of why modernization is important and a description of the business benefits of investing in modernization. This critical information is key for line-of-business executives who want to understand the benefits of a modernization project. This book is appropriate for CIOs, architects, developers, and business leaders.

Table of contents

Chapter 1. Why modernize
Chapter 2. Path to modernization
Chapter 3. Modern application architecture techniques
Chapter 4. Modern development tools
Chapter 5. Interfacing
Chapter 6. User interface
Chapter 7. Modern RPG
Chapter 8. Data-centric development
Chapter 9. Database re-engineering
Chapter 10. Mobile, UI, and database modernization tools
Chapter 11. EGL
Chapter 12. PHP
Chapter 13. Java
Chapter 14. Web serving: What and why
Chapter 15. HTML, CSS, and JavaScript
Chapter 16. Security
Chapter 17. Globalization
Chapter 18. Cloud

RPGLE screen driven python on IBMi

By creating simple display files and corresponding RPGLE programs to display we can call Python programs to provide users with features that are either very complex or impossible to implement with pure RPGLE.

At the moment I have been calling a CL program from the RPGLE program. I plan to update this to use the QCMDEXC API and negate the need for a CL program.

We check the users input then call the CL program which in turn calls the python script

In this excerpt we use the users logon name to lookup an email address in our users table

DDsUSer 254 263
 DLsOkay S N
 C EVAL *IN90 = *ON
 C DOW *IN03 = *OFF
 C* MoveA '00000' *In(30)
 C* MOVEA '00' *IN(42)
 C* MOVEA '000' *IN(42)
 C* MOVEA '0000' *IN(42)
 C* Eval *In46 = *Off
 C IF *IN03 = *OFF
 C IF *IN30 = *OFF
 * Get users email address
 C+ Where EMUSER = :DsUSer
 C+ Fetch first row only
 C If SQLSTT = '00000'
 C Parm DsUSer
 C Eval MSGNO = 'TRI0069'
 C* EVAL *IN30 = *ON

Python on IBMi 5733OPS

IBM opening up System I with the addition of languages such as Python, Node.JS & Ruby is a major step forward and has helped us achieve some amazing results. Python has many library’s available that enable the programmer to perform complex operations with ease. It is also very easy to read Python code so it is always clear what’s going on, I don’t think we can say that with RPG code.

The best way of working with these new options is to create a subsystem for Openssh server (following the excellent IBM Redbook on Openssh Server it may be old but still relevant). QSH/PASE can be tedious.


Using Python we can extend native report programs to include formatted XLSX output.

Access to system services (programs,commands,database) is provided through the excellent XMLSERVICE library from Young i Professionals (

  Requires XMSLERVICE library installed, see following link installation
  1) XMLSERVICE direct call (current job)
  from itoolkit.lib.ilibcall import *
  itransport = iLibCall()
  2) XMLSERVICE db2 call (QSQSRVR job)
  from itoolkit.db2.idb2call import *
  itransport = iDB2Call(config.user,config.password)
  -- or --
  conn = ibm_db.connect(database, user, password)
  itransport = iDB2Call(conn)
  3) XMLSERVICE http/rest/web call (Apache job)
  from import *
  itransport = iRestCall(url, user, password)
from itoolkit.lib.ilibcall import *
itransport = iLibCall()
from itoolkit import * 
 sQry = 'QUERY' 
 itool = iToolKit()
 itool.add(iSqlQuery('custquery', sQry))
 # xmlservice
 QCUSTCDT = itool.dict_out('custfetch')
 if 'error' in QCUSTCDT:
   print (QCUSTCDT['error'])
   # Loop record set

Internet Explorer 11 BREAKS Google, Outlook Web Access • The Register

Internet Explorer 11 BREAKS Google, Outlook Web Access

The Windows 8.1 train wreck rollout continues apace

via Internet Explorer 11 BREAKS Google, Outlook Web Access • The Register.


So fed up of having to roll back Internet Exploder updates because Microsoft have broken compatibility again.

IE 11 kills our in house applications & sonic wall vpn. Best of all its installed automatically. Enterprise side can be blocked through WSUS. The best solution here is to move away from IE altogether.

Pushing all our suppliers to develop browser agnostic applications.

One day we may even be able to move away from Windows altogether.

Microsoft – Listen to your customers or loose them forever.