MQ Safety Tips for the Pandemic

Every day I receive one or more new email memes in my inbox purporting to have the most up to date information available to keep me safe from the virus. Of course, none of these point to authoritative sources and most have at least one egregious error in them, begging the question of why anyone believes them in the first place.

Worse, none of these informal memes, at least among those I’ve personally seen, deal with #IBMMQ specifically, which I think is a damned shame and one I hope to correct here and now. I have rounded up the most relevant health and safety tips for MQ available from the CDC (Centers for Data Control), Irene Ken whose daughter is an assistant Prof at Johns Hopkins, a friend who is a distant relative of Dr. Anthony Fauci, and IBM’s Viral Marketing Department.

Here then I present to you my comprehensive list of IBM MQ Tips for the Pandemic.

Detection

  1. Virus scan your messages! Unlike the real world in which testing requires atoms, our scanners are made out of software and indefinitely replicable. So when I say “we have enough scanners for everyone” it is provably true.
  2. Border patrol: If your internal QMgr attempts to break quarantine and contact another country, it probably has a virus.
  3. Use Advanced Message Security to hash message data. Altered messages will automatically be quarantined in the Protection Queue for their own protection. And yours.
  4. Check the temperature of your servers regularly. Viruses often cause servers to run hot.
  5. Your QMgr may have a virus if the Dead Queue fills rapidly or overflows.

Prevention

  1. Use SOAP. Except for PCF, of course. But for everything else, use SOAP.
  2. When using SOAP, process messages for at least 20 ms.
  3. REST often to boost the immune system. In fact, if you can use SOAP over REST that’s even better.
  4. Mask sensitive data! And not just in the public domain. The CDC (Centers for Data Control) which has previously been ambiguous on the matter now recommends masking sensitive data at all times. (Or was that the PCI Council? I forget. )
  5. Use short messages to help #FlattenTheQueue.
  6. Switch your listeners from TCP to UDP to avoid the handshake.
  7. Prefer stand-alone QMgrs to clustering. If you must cluster, try to maintain 6 network hops between adjacent nodes and adhere to any emergency policies mandated by the Full Repository.
  8. Space out your messages. Try to keep at least 6 ms between each one. Out of an abundance of caution 10 ms or more is even better.
  9. STAY IN YOUR QUEUE! Seriously, only essential messages should leave their queue during the pandemic.
  10. Scrub your input data for at least 20ms. Invalid user input is a common source of infection.
  11. To the extent possible, stop processing transactions on-prem and allow your QMgrs to work remotely in the cloud.
  12. The virus is sensitive to infrared wavelengths so purchase and install Infrared-360 because it has infrared right there in the name.
  13. Disable Message Expiry. It should go without saying but here it is: Message Expiry is the number one cause of messages expiring.
  14. Set persistence. Again, it should go without saying but non-persistence is the number one cause of messages lost in transit.
  15. Avoid Pub/Sub queues. With their one-to many and many-to-one relationships, Pub/Sub queues are the IBM MQ equivalent of Spring Breakers packed onto the beach in the middle of a pandemic.
  16. Avoid hot spots. Some queues seem to have custom properties that result in most or all messages in those queues expiring. Related messages that visit these queues succumb to expiry as well, so be sure to identify and quarantine such queues.

General

  1. Avoid hoarding. A queue is not a database!
  2. Also, everyone else still needs to perform memory wipes, disk wipes, and flush their buffers too. Please be considerate
  3. If you print statements or other documents for mailing, consider switching to flushable paper. (See previous bullet point.)
  4. Beware of Delayed Delivery. Everything can appear to be just fine for minutes, hours or days, then a virus-laden message just pops up out of nowhere.

Mythbusting

  1. Converting a message to a file does not defeat the virus.
  2. The virus CAN be transmitted in the RFH header or message properties.
  3. The so-called “Schrödinger Test” might detect the virus. Or it might not.
  4. Using Advanced Message Security to specify an enumerated list of recipients helps to limit the spread but does NOT totally prevent the virus which may have been in the payload prior to encryption.
  5. No, this is not the fault of the prior MQ Administration team.
  6. Mutual authentication does NOT prevent the spread of the virus. (Although it does greatly simplify contact tracing.) Same with CONNAUTH.
  7. Enabling Accounting and Statistics does NOT increase the spread of the virus. It merely provides accurate reporting which can appear to inflate numbers when prior reporting was understated. Seriously, when has your app team ever given you volume estimates that turned out to be correct?
  8. There is no advantage to FIFO vs LIFO. When it comes to the virus any-O is about as good as any other.

Coping with the inevitable

Despite our best efforts, some messages are non-persistent or set to expire. Here are some ways to deal with that when it happens.

  1. Turn on exception reporting. We cannot save all of our precious messages but we can arrange to be notified when they go.
  2. Keep the Dead Queue cleared. If it is allowed to fill it could overflow the disk partition, causing collapse of the entire system. #FlattenTheQueue
  3. Turn on linear logging and use transactions. Then you will at least have the memory of messages that are no longer queued.
  4. Use Advanced Message Security to establish non-repudiation so that nobody can credibly deny that your precious messages ever existed.
  5. Try to think of Exception Reports not as message obituaries, but rather as Confirmation Of Arrival to the messaging afterlife.

Summing up

Don’t believe everything you read on the Internet. Especially this blog post and random emails that land in your in-box purporting to have information that will save your life but can’t be found on any authoritative web site.

For example, if you get the email claiming to be passed on by Irene Ken, whose daughter is an Asst. Prof at Johns Hopkins, maybe go to the actual Johns Hopkins web site and see what they say rather than believing the email at face value. Most relatives of actual scientists know better than to act as unofficial spokespersons so if this email were real Irene Ken’s daughter would be livid since posting a link to Johns Hopkins would have been MUCH better.

Also, no actual epidemiologist would conflate antibiotics with antibodies so whoever sent this email to you believing it was true, or at least useful, needs an intervention. Feel free to be the one to intervene, we’d all be better for it.

When it comes to pandemic advice, please ignore the viral memes and look for authoritative sources. Add “site:.gov” to your Google searches, for example. This will limit results to things posted on government web sites. Has the CDC waffled on important stuff? Sure. Is that a problem? Yes. But does that make them less authoritative than a viral email from some mystery person who claims to have a daughter working at an authoritative source institution and who is posting vital info that the source in question supposedly won’t? (Hint: If you answered ‘yes’ please unfollow me, remove me from your contact lists, and pray you make it through this alive.)

IreneKen
This entry was posted in General, Humor. Bookmark the permalink.

6 Responses to MQ Safety Tips for the Pandemic

  1. Pingback: MQGem Monthly (April 2020) | MQGem Software

  2. Marimuthu says:

    Vow what a comparison with live real time scenario. Hats off.

  3. Ronald A Bower says:

    This is great stuff!

  4. Neil Casey says:

    Hey T.Rob. Hang in there. Thanks for brightening my day. (If only AMS could actually do non-repudiation. Give me access to the hash, signature and certificate!). Maybe we can start a viral campaign on that theme!

    • T.Rob says:

      I’ll drink to that! Hell, these days I’ll drink to just about anything.

      The sad part about that email is that it was sent to me by a guy whose name is Robert Wyatt and in whose contact list my email address is listed as Robert Wyatt Jr. Not only doesn’t he know how ridiculous the email is that he resent, he doesn’t even know I’m not his actual son! I’ve been getting emails from him for several years now, and you’d think at Thanksgiving or something the subject might come up.

      “Hey, how come you either ignore my emails or when you do respond you insist you don’t know me?”

      “What emails?”

Leave a Reply to T.RobCancel reply