IBM i (AS/400, RPG) Recruiting, Staffing & Consulting

IBM i Recruitment Experts: Connecting IBM i Talent with Direct Hire and Consulting Openings. Unmatched IBM i Market Knowledge & Insight.

Talsco Weekly: AI Vulnerabilities Uncovered by NIST

AI security on IBM i

Welcome to another edition of Talsco Weekly

  • IBM i Brief:  🔄 ​IBM transforms IBM i software with subscription changes. 🔒 ​New FTP Security tool FT4i.
  • AI:  🚀 ​Nvidia rockets to success with generative AI and what this means for the IBM i platform. ⚙️ ​Local LLMs for enhanced security. 🔧 ​Companies utilizing AI to modernize legacy tech.
  • Development:  🚀 ​Node.js Creator Introduces New JavaScript Runtime. 👥 ​IBM i User Profiles Expiring?
  • Learning:  🔐 ​IBM i Security Measures and Exit Points.
  • Security:  🔒 ​IBM i Security Update. 📈 ​AI vulnerabilities uncovered by NIST.

IBM i Brief

🔄 ​IBM transforms IBM i software with subscription changes

Big Blue shifts to utility pricing, bundling features, yet core IBM i subscriptions are more costly than the perpetual license option. Updates include an extension of perpetual license sales, new processor and user transfer offerings, and a revised subscription pricing structure. The transition raises questions among IBM i users. As usual, IT Jungle does the hard work, in trying to make sense of all of this.

🔒 ​New FTP Security tool FT4i

FT4i provides much-needed logging for IBM i FTP, including SFTP. It offers IP restrictions, user-based controls, and modern PHP interface. Tracking and securing FTP access is crucial for safeguarding data against internal breaches.

AI

🚀 ​Nvidia rockets to success with generative AI and what this means for the IBM i platform

Nvidia’s revenue is poised to reach $100 billion in 2024, driven by generative AI technology. This innovation propels Nvidia’s datacenter business rapidly, leading the industry. The company’s profitability is forecasted to skyrocket, with significant cash reserves expected. Nvidia’s dominance in generative AI will be showcased at the GPU Technical Conference 2024, shaping the tech landscape.

Nvidia will be the fifth company in the datacenter market to hit $100B. In the data center market, few companies in history have reached this level of success.

  • IBM: Achieved $100 billion sales level from 2008 through 2012.
  • Hewlett Packard (HP): Reached $100 billion in sales in the late 2000s and early 2010s.
  • Dell Technologies: Attained $100 billion in sales during fiscal years 2022 and 2023, but sales have started to decline.

What does this mean for the IBM i marketplace?

This might seem irrelevant for the 120,000 IBM i and OS/400 shops, but the necessity for a GenAI strategy is pressing, “as only 18% are currently adopting GenAI enhancements.”

The GenAI revolution presents a significant and understated risk to businesses that are not actively engaging with this technology.

Recommendation: If you are an IBM i developer, learn as much about AI as you can.

Not necessarily because you will be using it in your day-to-day development, but because when the .NET team, the CFO, or the President of the company inquires about it or recommends using it, you can have intelligent conversations about it.

There are clearly major upsides to AI as well as risks, and it is important to understand what those are.

TechChannel has a comprehensive beginner’s guide to AI.

Here are a number of Talsco Weekly issues covering the varying aspects of AI and how it relates to the IBM i platform.

What has hurt the IBM i community over the years is when we have been invited to meetings where important technology decisions are being made, as we say, we can do that.

⚙️ ​Local LLMs for enhanced security

One of the major risks to the use of LLMs for enterprise IT departments revolves around privacy and data protection.

ReverserAI, an offline project, leverages large language models to automate and improve reverse engineering. Its debut version suggests meaningful function names, aiming to facilitate the reverse engineering process. While needing significant computational resources, the plugin can be integrated with reverse engineering platforms beyond Binary Ninja, showcasing a balance between performance and security.

🔧 ​Companies utilizing AI to modernize legacy tech

Businesses like ADP are experimenting with generative AI to update outdated Cobol code to Java, reducing the need for specialized engineers. This approach aims to increase efficiency, keep IT costs in check, and address the challenge of legacy systems. Other firms, such as IBM and Wayfair, are also leveraging AI-based coding assistants to facilitate the upgrade of old code.

Development

🚀 ​Node.js Creator Introduces New JavaScript Runtime

This is for the 18% of IBM i developers (according to the 2024 Marketplace survey) that use Node.js.

Ryan Dahl, known for Node.js, shares insights on his software journey. He unveils Deno, a fresh JavaScript runtime, providing an alternative to NPM. Emphasizing security in the ecosystem, Dahl hints at the future with TypeScript and aligning server-side with browser JavaScript.

Remember: While RPG is one of the most valuable tools in your toolbelt, it is not the only one, nor should it be.

👥 ​IBM i User Profiles Expiring?

Every IBM i User Profile can have an automatic expiration date, leading to password changes. Service accounts may face issues if passwords expire suddenly. Identify expiring user names with SQL, email the list, and automate the process. SQL script saves user names to a file, adding descriptions and expiry dates and efficiently managing expiring IBM i User Profiles.

Learning

🔐 ​IBM i Security Measures and Exit Points

Security exit points on the IBM i (and its predecessor OS/400) have been present since the mid-1990s, offering extra layers of security for network access. IBM allowed customers access to specific decision points within network server functions to address security needs. As network functions like FTP, ODBC, and file operations expanded, so did the exit points to safeguard the system.

Not all exit points are security related, but the technology is essential for protecting network connected systems.

Learn more about the nuances of IBM i Security Exit Points.

Security

🔒 ​IBM i Security Update

Three new vulnerabilities pose risks to IBM i systems. Vulnerabilities include issues in IBM Db2 Web Query for i, IBM HTTP Server, and privilege elevation in Db2 for IBM i. IBM has released patches for affected releases to mitigate potential threats. Stay informed and secure your system against these vulnerabilities.

📈 ​AI vulnerabilities uncovered by NIST

While AI has incredible promises, as with anything, there are major risks as well.

NIST reports on AI cybersecurity vulnerabilities, highlighting prompt injection targeting generative AI. Attacks manipulate machine learning systems, leading to unauthorized actions. NIST defines direct and indirect prompt injection with examples like DAN attack circumventing ChatGPT filters.

What is a prompt injection?

NIST defines two prompt injection attack types: direct and indirect. With direct prompt injection, a user enters a text prompt that causes the LLM to perform unintended or unauthorized actions. An indirect prompt injection is when an attacker poisons or degrades the data that an LLM draws from.

Solutions include curated datasets, reinforcement learning, and model interpretability to mitigate these threats.

Join

Sign up for Talsco Weekly to get the latest news, insight and job openings for the IBM i professional.

Contact us

If you are an RPG programmer looking to explore opportunities or a client who is looking for a talented IBM i professional, please contact us. We look forward to assisting you.

Share

Do you know of someone who could benefit from Talsco Weekly? If so, please use the social media buttons to spread the word. Thank you!

Tweet
Share
Share

NEWSLETTER

Get hand-picked roundup of the best, helpful IBM i, Modernization and Open Source related links every week.

Learn More

CONTACT US

We would love to speak with you to discuss your IBM i related needs and to answer any questions you might have.

Contact Us

JOB OPENINGS

We have IBM i, iSeries and AS400 direct-hire and consulting openings all over the United States of America.

Job Openings