Major new release GT.M V6.3-000 available

[Bhaskar, K.S]

V6.3-000 brings significant enhancements to GT.M's use of encryption. One defensive technique is to reduce the "surface" available to an attacker. V6.3-000 reduces the surface in several ways.

An attacker with the wherewithal for a brute-force attack on encryption can in theory benefit from the voluminous, long-lived, and structurally similar data in a typical application database, such as financial transactions and medical records. One component of a traditional layered defense-in-depth is to change the actual encryption keys periodically. By enabling encryption keys for database files to be changed "on the fly" while a database is in use (GTM-6310), V6.3-000 operationally simplifies changing the keys, and makes key changes less prone to human error. The prior technique required database regions to be extracted and loaded into newly created database files with keys different from those of their predecessors. Context-sensitive initialization vectors (IVs) in database, journal, extract and bytestream backup files (GTM-8117) further reduce the surface for a brute-force attack.

A properly configured Transport Layer Security (TLS; formerly known as SSL) session is required to secure a TCP connection. However, an attacker that can record a TCP session, and with the wherewithal for a brute force attack, or with more affordable future computing power, can in theory retroactively break into and eavesdrop on the recorded session. Periodically renegotiating the session key (GTM-8302) means that an attacker who succeeds in breaking a key can only eavesdrop on that part of the session - every renegotiation generates a new key that must be separately broken.

V6.3-000 also brings a number of useful enhancements, as well as other improvements. For example:

• Parallelization speeds MUPIP JOURNAL RECOVER/ROLLBACK operations (GTM-5007).
• For a replicated database even of an application that does not use transaction processing, MUPIP JOURNAL -ROLLBACK -FORWARD applies updates from a set of journal files to the restored backup of a multi-region database, bringing it to the same state that MUPIP JOURNAL -ROLLBACK -BACKWARD would when performed on the original database, providing the same consistency across regions that the MUPIP JOURNAL -ROLLBACK provides (GTM-7291).
• Faster database exit, especially with large numbers of processes and databases with many regions (GTM-6301).
• Evaluation of certain string literal operations during compilation rather than execution (GTM-7762 and GTM-8404).
• Concurrent access by more than 32,767 processes to a database file (GTM-8137).
• Significant performance improvements for certain UTF-8 mode use cases (GTM-8352).

As always, the release bring numerous smaller enhancements, and fixes. Details are in the release notes (http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V6.3-000_Release_Notes.html).

Please use V6.3-000 and tell us what you think. Thank you for using GT.M.

Regards
-- Bhaskar

--
GT.M - Rock solid. Lightning fast. Secure. Pick any three.

_____________
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.

[Ignacio Valdes]

Thanks, looks great and I hope it will solve some new problems we are having. Say for whatever reason finding this on either Google or Sourceforge.net search it doesn't come up as GTM or GT.M for 'the' link to the software which is https://sourceforge.net/p/fis-gtm/discussion/47842/thread/b4cdd2d4/?limit=25

-- IV

--
You received this message because you are subscribed to the Google Groups "VistA" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vista+un...@googlegroups.com.
To post to this group, send email to vi...@googlegroups.com.
Visit this group at https://groups.google.com/group/vista.
For more options, visit https://groups.google.com/d/optout.

[Bhaskar, K.S]

Thanks, Ignacio. I'm having trouble parsing your sentence: "Say …".

Regards
-- Bhaskar

[OldMster]

Ignacio,

It has never come up in a sourceforge.net search for GT.M, I have never been able to figure out why.

Here is the link:

https://sourceforge.net/projects/fis-gtm/

Mark

[Ignacio Valdes]

The link for GT.M on Sourceforge.net and Google search chronically does not reveal the proper link which is https://sourceforge.net/p/fis-gtm It shows a bunch of not related links. It has been like this for years. 

-- IV

[Bhaskar, K.S]

Interesting - when I search on Google for GT.M, it takes me straight to the GT.M home page in the FIS web space as the first link, and then to https://sourceforge.net/projects/fis-gtm/ as the second link. When I search on https://duckduckgo.com the first three sites are the GT.M home page, the Wikipedia page, and the Source Forge download page.

Regards
-- Bhaskar

[Ignacio Valdes]

Yes, so it is now on straight Google. If you try it on sourceforge.net you get:

[K.S. Bhaskar]

Interesting - for me, the first on the list is GT.M…

Regards

-- Bhaskar

[OldMster]

Ignacio,

I got an answer from sourceforge.  When you search, it defaults to a 'Windows O/S' filter.  If you look below the 'n Programs for GT.M' line after the search, there is a blue 'Windows' filter active.  Remove that filter and then it shows up.

Mark

[OldMster]

See right below the grey line that has '6 Programs for GT.M', there is a blue button with 'Windows' in it.  That means the filter is active for Windows O/S only - click it to remove, and GT.M High End TP Database will appear.

Mark

[Ignacio Valdes]

Aha! 

[Nancy Anthracite]

WOW! This ought to make more people interested in taking the Hacking GT.M course that will be offered before the VistA Community Meeting (and will soon be formally announced)!

 

--

Nancy Anthracite

> * Parallelization speeds MUPIP JOURNAL RECOVER/ROLLBACK operations

> (GTM-5007).

> * For a replicated database even of an application that does not use

> transaction processing, MUPIP JOURNAL -ROLLBACK -FORWARD applies

> updates from a set of journal files to the restored backup of a

> multi-region database, bringing it to the same state that MUPIP

> JOURNAL -ROLLBACK -BACKWARD would when performed on the original

> database, providing the same consistency across regions that the

> MUPIP JOURNAL -ROLLBACK provides (GTM-7291).

> * Faster database exit, especially with large numbers of processes and

> databases with many regions (GTM-6301).

> * Evaluation of certain string literal operations during compilation

> rather than execution (GTM-7762andGTM-8404).

> * Concurrent access by more than 32,767 processes to a database file

> (GTM-8137).

> * Significant performance improvements for certain UTF-8 mode use cases

[Bhaskar, K.S]

I want to alert you to two issues with the string literal optimizations in V6.3-000 (GTM-7762 and GTM-8404). We will address both in V6.3-000A, which we hope to release in the next few weeks. Draft release notes for the fixes are:

Intrinsic functions that use numeric arguments actually constructed using compile-time optimizations to resolve expressions consisting entirely of literals for concatenation and some string functions work as documented. In V6.3-000, odd source code such as $ORDER(xxx,"-"_"1"), where xxx is any legal first argument produced errors such as GTM-E-ORDER2. Not invoking the optimization by avoiding the operation with literal operands worked correctly - e.g., $ORDER(xxx,"-1") - as did any operation that coerced the result - e.g., $ORDER(xxx,"-"_"1"+0). (GTM-8540)

$TEXT(x) where x is a label works correctly when there is a label xyz in the current routine (a) preceding label x and (b) where x is a leading substring of xyz. In V6.3-000, $TEXT(x) would under these circumstances incorrectly provide the source code $TEXT(xyz). (GTM-8549)

We would like to thank Sam Habiel for alerting us to the latter issue, and to the fact that VistA routine %DT is affected (there may be others). The former issue is an edge case that is unlikely to occur in code that a programmer would write. Please either modify your application code to work around the issues or defer upgrading till we release V6.3-000A. We apologize for the inconvenience. Thank you for using GT.M.

Regards
-- Bhaskar

[Bhaskar, K.S]

V6.3-000A brings timely fixes to issues, including the two issues described below in the string optimization introduced in V6.3-000, GTM-8540 and GTM-8549. The release includes other fixes and performance enhancements, as described in the release notes (http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V6.3-000_Release_Notes.html). Please do use V6.3-000A.

While not a part of the GT.M distribution, we would also like to let you know about a reference implementation of GT.M Peer Replication, a type of bi-directional replication that uses GT.M triggers. Subsets of application logic which do not need update / transaction serialization, but which can benefit by aggregating updates from separate instances, can be deployed using peer replication. For example, financial transactions on a bank account must be serialized because each transaction depends on the result of the previous transaction on that account; balance inquiries need not be serialized because, while an inquiry to an account depends on the last financial transaction on that account, it does not depend on the last inquiry to that account. The reference implementation of GT.M peer replication is available as a plugin that you can add to your application (the reference implementation of a plugin is code that you can use as-is if it meets your needs, or adapt to your needs as appropriate; an existing example is the POSIX plugin). Plugins are not part of the GT.M core release but are separately released packages. The plugin includes a detailed readme file on implementing peer replication using the plugin.

Regards
-- Bhaskar