One other important note that I failed to mention.
Whether using SNDPTFORD or downloading from fix central,
Ordering SF99711 or the individual groups may not give you all critical PTFs.
This is another reason I check PTF Cover Letters by Available Date, once or twice a week.

Paul

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Steinmetz, Paul
Sent: Tuesday, August 25, 2015 11:10 AM
To: 'Midrange Systems Technical Discussion'
Subject: RE: If you have SSDs, please read

I concur with Rob, some cover letters are including more detail, but still a long way to go.
I actually got lucky with these two PTFs, V7R1M0 - MF60296, MF60293. Created 06/17/15 Applied 07/19/15 I got them applied during an emergency production IPL on 7/19 for 2 other critical/broken issues.

1) MF60348 - EL-ERRLOG task using significant CPU.
MF60070- Unnecessary VLOGs when PAL is managing space for high value entries.

2) MF60335 - The SSLv3 protocol and RC4 cipher suites should not be used due to the POODLE and Bar Mitzvah vulnerabilities.
SI57332 - Customer is unable to get 3rd party application updated to support the TLSv1.2 protocol. The need exists to make

Production IPL's for PTF apply are becoming more and more difficult, usually 3 to 4 months.
Too many times when reporting an issue via a PMR, IBM support suggests PTF(S) which normally resolve the issue.
Because of this, if a critical PTF comes out, I need to beware of these ASAP and have them downloaded, ready to be applied if needed.
I have two items in place for this.
1) IBM My notifications - IBM I - usually a daily email. The notifications are good, but not 100% complete.
2) I check PTF Cover Letters by Available Date, once or twice a week.

http://www-912.ibm.com/a_dir/as4ptf.nsf/WWWPTFBYDATE?OpenView

I've found this is the quickest way to stay informed of all PTFs, of which some may be critical.

Using SNDPTFORD, I order the above PTFs, at least once a week.
Once downloaded to *SAVF, using an AJS utility I created, all PTF cover letters are combined, selecting out the "Description of Problem"

10 DSPPTF LICPGM(*ALL) SELECT(*ALL) RLS(*ALL) OUTPUT(*OUTFILE) OUTFILE(QGPL/PTF)
20 CPYF FROMFILE(QGPL/QAPZCOVER) TOFILE(QGPL/QAPZCOVERC) FROMMBR(*ALL) MBROPT(*REPLACE) CRTFILE(*YES)
30 CALL PGM(PTFCOVER) /* Create QAPZCOVERS-Sel Desription of Problem */
40 RUNQRY QRY(PTFCOVSUM) /* Mtch PTF QAPZCOVERS Sel *NOTAPY *SAVFONLY */

This allows me to quickly and easily review all PTF covers, and forward to staff for review, if needed.

I'm probably one of the few opposites with PTFs, more current than most.

Paul





-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Monday, August 24, 2015 1:11 PM
To: Midrange Systems Technical Discussion
Subject: RE: If you have SSDs, please read

In IBM's defense they have started to open up on security patches. Used to be they simply said "Integrity problem" or some such thing. Now they will often mention the exact CVE(s) that the fix is intended to repair.
Used to be security by obscurity. Now if you're in the "If it ain't broke don't fix it" camp they just publish it out to the world "IBM i at such and such a level without fix such and such is prone to CVE such and such".

Sample:
Search for CVE-2014-3566 at
http://www-912.ibm.com/a_dir/as4ptf.nsf/as4ptfhome

This is a big change.

Then again, back in the day the paranoid could search all PTF cover letters for "integrity problem". And some on this list who will deny until their last breath that IBM i has any security breaches would sputter that an integrity problem could be something like no CRC on writing data or some such thing. Although, in one person's defense, they did start to admit that there may be such fixes, but it's not nearly as bad as Windows...

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: Matt Olson <Matt.Olson@xxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Date: 08/24/2015 12:37 PM
Subject: RE: If you have SSDs, please read
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



The problem here is that hardly no information is given here. There is no mention of what Sue wrote:

Sue:
They prevent high fallout, system hangs, and possibly severe performance issues.

There is also no mention in those doc's with the keyword SSD.

There is no mention of what was fixed exactly. I'm guessing they forgot to use the SSD's TRIM() command, but that information isn't divulged either.

A system administrator will look at this PTF and say, hmm low priority not sure what it does. Where as if he had more information he may raise his level of priority for this patch.

More information is always a better position to take, especially when it comes to patchs. IBM needs to step up their game in this area as indicated by the lack of notes on this (and other PTF's).

My 2 cents.



-----Original Message-----
From: rob@xxxxxxxxx [mailto:rob@xxxxxxxxx]
Sent: Monday, August 24, 2015 7:16 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: RE: If you have SSDs, please read

In all honesty, what would the average system administrator (let alone
developer) do based on more information?
"If we send out code xxx to card yyy to drive zzz, which is often done as part of operation aaa, then data loss may occur if the last write on the SSD indicated a faulty overused section of the SSD and it had to activate a new section of chip. This code, based on the Gandalf corollary of the Feanor theorem, should correct that issue."

Most admins would be happy with:
"We have found an issue that may occur over time and it is strongly recommended that you apply this fix ASAP and IPL to activate it. Don't buy that "if it ain't broke don't fix it" bullshirt since you just may not have had an occurrence yet, of which we predict the odds are 99% that you will over time. Length of time will vary depending on write operations."


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: rob@xxxxxxxxx
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Date: 08/24/2015 08:02 AM
Subject: RE: If you have SSDs, please read
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



If you look at the cover letter for one of these PTFs (let's pick MF60294
for example)
http://www-912.ibm.com/a_dir/as4ptf.NSF/d274b8e7d37f34a786256e320076c355/b9150768a9c7a96386257e6e00526993?OpenDocument


You will see "APAR Fixed". That should tell you what problem was fixed.
However, in this case it will tell you less than the PTF cover letter.
http://www-912.ibm.com/n_dir/nas4apar.nsf/ALLAPARS/MA44690

Just trying to raise your stress level up. Have a nice Monday.


Rob Berendt

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].