I am interested in furthering my DORS DXL skillset, however would like to progress this knowledge in my own time at home rather than staying at work where it is installed!
I was wondering is there a method to download and install IBM DOORS on my home PC for the purpose of practising beginner DXL coding (e.g. scripting to copy data from A to B).
Note: appreciate the usual setup for DOORS is a client / server relationship rather than local version so expect the answer is no!
DOORS client cannot run without a server, but it is not a problem to set up a DOORS server and client on your own PC (I have had up to three DOORS servers at the same time on my machine, depending on my current tasks), but you will need a license for the client to run. If you want to learn DXL for being able to work for your employer, you can ask him to contact your IBM sales representative for a trial / testing license that is valid for some months.
Related
We all know situations when you cannot go open source and freely distribute software - and I am in one of these situations.
I have an app that consists of a number of binaries (compiled from C sources) and Python code that wraps it all into a system. This app used to work as a cloud solution so users had access to app functions via network but no chance to touch the actual server where binaries and code are stored.
Now we want to deliver the "local" version of our system. The app will be running on PCs that our users will physically own. We know that everything could be broken, but at least want to protect the app from possible copying and reverse-engineering as much as possible.
I know that Docker is a wonderful deployment tool so I wonder: is it possible to create encrypted Docker containers where no one can see any data stored in the container's filesystem? Is there a known solution to this problem?
Also, maybe there are well known solutions not based on Docker?
The root user on the host machine (where the docker daemon runs) has full access to all the processes running on the host. That means the person who controls the host machine can always get access to the RAM of the application as well as the file system. That makes it impossible to hide a key for decrypting the file system or protecting RAM from debugging.
Using obfuscation on a standard Linux box, you can make it harder to read the file system and RAM, but you can't make it impossible or the container cannot run.
If you can control the hardware running the operating system, then you might want to look at the Trusted Platform Module which starts system verification as soon as the system boots. You could then theoretically do things before the root user has access to the system to hide keys and strongly encrypt file systems. Even then, given physical access to the machine, a determined attacker can always get the decrypted data.
What you are asking about is called obfuscation. It has nothing to do with Docker and is a very language-specific problem; for data you can always do whatever mangling you want, but while you can hope to discourage the attacker it will never be secure. Even state-of-the-art encryption schemes can't help since the program (which you provide) has to contain the key.
C is usually hard enough to reverse engineer, for Python you can try pyobfuscate and similar.
For data, I found this question (keywords: encrypting files game).
If you want a completely secure solution, you're searching for the 'holy grail' of confidentiality: homomorphous encryption. In short, you want to encrypt your application and data, send them to a PC, and have this PC run them without its owner, OS, or anyone else being able to scoop at the data.
Doing so without a massive performance penalty is an active research project. There has been at least one project having managed this, but it still has limitations:
It's windows-only
The CPU has access to the key (ie, you have to trust Intel)
It's optimised for cloud scenarios. If you want to install this to multiple PCs, you need to provide the key in a secure way (ie just go there and type it yourself) to one of the PCs you're going to install your application, and this PC should be able to securely propagate the key to the other PCs.
Andy's suggestion on using the TPM has similar implications to points 2 and 3.
Sounds like Docker is not the right tool, because it was never intended to be used as a full-blown sandbox (at least based on what I've been reading). Why aren't you using a more full-blown VirtualBox approach? At least then you're able to lock up the virtual machine behind logins (as much as a physical installation on someone else's computer can be locked up) and run it isolated, encrypted filesystems and the whole nine yards.
You can either go lightweight and open, or fat and closed. I don't know that there's a "lightweight and closed" option.
I have exactly the same problem. Currently what I was able to discover is bellow.
A. Asylo(https://asylo.dev)
Asylo requires programs/algorithms to be written in C++.
Asylo library is integrated in docker and it seems to be feаsable to create custom dоcker image based on Asylo .
Asylo depends on many not so popular technologies like "proto buffers" and "bazel" etc. To me it seems that learning curve will be steep i.e. the person who is creating docker images/(programs) will need a lot of time to understand how to do it.
Asylo is free of charge
Asylo is bright new with all the advantages and disadvantages of being that.
Asylo is produced by Google but it is NOT an officially supported Google product according to the disclaimer on its page.
Asylo promises that data in trusted environment could be saved even from user with root privileges. However, there is lack of documentation and currently it is not clear how this could be implemented.
B. Scone(https://sconedocs.github.io)
It is binded to INTEL SGX technology but also there is Simulation mode(for development).
It is not free. It has just a small set of functionalities which are not paid.
Seems to support a lot of security functionalities.
Easy for use.
They seems to have more documentation and instructions how to build your own docker image with their technology.
For the Python part, you might consider using Pyinstaller, with appropriate options, it can pack your whole python app in a single executable file, which will not require python installation to be run by end users. It effectively runs a python interpreter on the packaged code, but it has a cipher option, which allows you to encrypt the bytecode.
Yes, the key will be somewhere around the executable, and a very savvy costumer might have the means to extract it, thus unraveling a not so readable code. It's up to you to know if your code contains some big secret you need to hide at all costs. I would probably not do it if I wanted to charge big money for any bug solving in the deployed product. I could use it if client has good compliance standards and is not a potential competitor, nor is expected to pay for more licenses.
While I've done this once, I honestly would avoid doing it again.
Regarding the C code, if you can compile it into executables and/or shared libraries can be included in the executable generated by Pyinstaller.
I am using neo4j as server solution but was thinking of also using it in other situations.
Is it, from a technical, installation, licensing perspective etc, possible to install neo4j at each users own computer for local storage of data?
I would like to incorporate the neo4j db installation as part of my own software installation process to avoid technical problems for the end user.
It will probably only be very small set of data in each database so performance is probably not an issue in this case.
It is not clear why you want every user to have their own local neo4j installation (since, for example, their local DBs will not contain the same data).
But, if you really wanted to, there is no problem (technically or legally) with installing the community edition of neo4j on multiple machines.
In this You Tube Video, about 30 minutes into it, "Neo4j Licensing: Which Edition Is Right For You" Rik Van Bruggen mention that one must contact neo4j if one want to distribute neo4j together with other software. One possible solution, according to the video, is an OEM agreement. One need to discuss the commercial terms.
He also says that it is not allowed to be done with the Community Edition
It also written at neo4j.com/licensing that
"I want to include Neo4j in software that I’m shipping. What are my options?
Neo4j offers a mature OEM program tailored to your needs. Learn more →"
I recently started using IBM Doors program, I also did start writing scripts for it in DXL. However when I checked the eclipse main page, I realized that a tool called MDAccess for Doors exsists. My question is that is it possible to write code in java for Doors if so, what are the disadvantages compared to DXL?
Yes, it is possible to write Java code for DOORS. You already found the solution: MDAccess is a commercial product provided by Sodius. According to the product specs and some marketing presentation it provides access to a DOORS server using the Java programming language.
Sodius sent me this information on personal request, indicating a disadvantage which might concern you:
Our Java layer is done to manipulate DOORS data, meaning read/write
DOORS data. You will not find Java wrappers of DXL functions that
interact with DOORS UI for example.
Note we are able to execute DXL code trough the Java layer so you can
always get this mean to achieve DXL-based operations.
However, it's not too cheap.
This might interest you, as it is using available APIs and does not rely on additional commercial products:
https://www.ibm.com/developerworks/rational/library/oslc-services-rational-doors/index.html
Disclaimer:
I work for IBM DOORS product support, however all information posted here is done so in a personal, private capacity and does not necessarily reflect the position of my employer. Therefore what I post does not constitute an official statement by IBM nor is any endorsement of the information by IBM to be assumed, implied or otherwise.
For your own benefit, please do not contact me in a business capacity on this platform, but use the official IBM Support community web portal. Thank you! :-)
What options exist to query RMS files in OpenVMS? The context for the query/access would be for BI & reporting. Currently, a very old FOCUS (Infomation Builders, v. 6.9.8) is in use, and that only from within the native OpenVMS command line shell.
My challenge working within the VMS environment is that output is intended for off-platform consumption & analysis in Excel, R, and Business Objects/Crystal Reports, and Splunk/Hunk. On-platform, I'm limited in what I can use by whatever I can compile &/or run from within my own user space, and the CONNX & similar tools all look to require a server process in the VMS environment.
Edit: I have accepted a comprehensive answer which, given organizational constraints, may not be feasible. My likely path will be to write additional data extractions jobs in FOCUS, and incur the latency & maintenance overhead that goes along with that.
Do you want to the reporting to be on-platform, or off-platform (for example with Excel)?
On-platform, after 30+ years, I still really really like Datatrieve, as mentions in a comment.
This tool was created before SQL became all the rage, so its query language takes a little getting use. It knows show to used just about every RMS option (keys, RFA's for collections, joins, locks and sharing,...)
I'm sure there are multiple commercial tools like Focus you mention, and perhaps the IGH tool Vselect for data extraction, column shuffling, sorting. Some would even recommend OpenVMS native SORT but now you are still in Command Line space.
For a (green screen) windows approach, and command line, perhaps check out the freeware tool DIX: http://www.oooovms.dyndns.org/dix/
Off-platform google for "openVMS odbc" (jdbc). You'll find tools from Connx, Easysoft and "Connect" from the company I work for : Attunity.
Those will allow you to use (windows, linux) tools like DBvizualizer or Excell to get to the OpenVMS sourced data.
Perhaps an interesting hybrid could be Attunity's Connect ( "AIS" ) solution which allows for SQL language RMS file access, but on platform (NAV_UTIL) and off-platform, ("Studio, Nav_util, Oracle db-link, ODBC, JDBC, XML, ... )
For better help, please clearify the query still better. Notably the remark " only from within the native OpenVMS command line shell". What's wrong with that? :-). What alternative access did you envision? fake-gui, DECwindows? Native API? Remote API? ...
Hope this helps some already,
Hein
You could consider writing code in a native language such as C or Java. The company I work for uses Apache, DCL scripts in cgi-bin, and the Userbase 4GL to put an Intranet reporting front-end over an OpenVMS legacy system. As long as you wrap the output in HTML etc Apache will stream it back to a browser which will interpret it accordingly. However, with the impending move to Itanium we're faced with no support for porting Userbase. If anyone knows who holds the source code could they tag a reply onto the end of this. We're looking for a terminal (character mode) reporting solution for Itanium as not all users have PCs. If it weren't for this we'd just slap Crystal over CONNX and call it a day. Many thanks.
Further to my previous answer I'm now evaluating R as a reporting solution, using the RODBC to interrogate the RMS database via CONNX using R's RODBC library.
As the Silverlight team worked through the betas, one glaring pain point that is existing in the realm of Silverlight 3 is the ability to have an offline database, so that you can right-click on the SL application, install it locally, and then be able to manipulate data in a local setting, without the Internet.
I've read a few articles where items such as Google Gears with SQLite had been used, but so far, no one has come up with a decent method by which someone can do the same thing with a SQL CE database.
I'm theorizing, and wanted to gain feedback... So many times, with LOB applications, you have the need for installing a "driver" into your system, which winds up being some sort of data access component or other monitoring device used by the LOB application. What I'm thinking about is to use a ClickOnce strategy and build a driver that would get installed on the local machine, and then make a "local" webservice for when the user is offline.
Has anyone tried this scenario, and if so, what were the pros/cons of the method? If you didn't finalize on this method, then what was your final decision based on experience, and what would you advise going forward for someone trying to crack this nut for their project?
Here's the best I could find for a SQLite-ish experience:
http://silverdb.codeplex.com/
I've been trying for supporting the direct database access in Silverlight since five or six months back. After exploring quite a few different to port the database to Silverlight, we got one POC working with one object database but it's a bit far for us to release it... I may probably write about this in my blog soon.
I dont think that making a "local" webservice is a good idea since the clients may not have any web service installed on their machine.
Thanks to Jeremy Likeness, there seems to be a great open-source project that he developed which may indeed solve most of my problems... just need to figure out how to render reports without a callback to the server, and then I'm golden, when it's time to revive this project (if all goes well, that'll be sometime in 2012)