August 27, 2015

In This Issue

Synergy/DE 10.3.1b is available for download
Free Mai Tais
OpenVMS customers: Join us at the upcoming OpenVMS Boot Camp
Synergy ventures into Universal Windows apps
2015 DevPartner Conference Tutorials now available online
Synergex Holiday Reminder
Industry News
Synergy/DE Links

Synergy/DE 10.3.1b is available for download

New Synergy/DE version provides support for Windows 10 and Visual Studio 2015

Version 10.3.1b includes:

Synergy/DE 10.3.1b is available for download from the Synergex web site.


Free Mai Tais

Security can’t afford to take a vacation: strengthen your application’s security with Synergy/DE 10.3.1b

By James Sahaj
Project Manager, Synergy .NET compiler

Earlier this year someone booked a flight on a major airline using my credit card. They probably went somewhere nice, like Hawaii, where they could enjoy a Mai Tai, adorned with a paper umbrella, while sinking their toes into a sparkly sandy beach and gazing upon a postcard-perfect orange sunset. Problem is, it wasn’t me!  I wonder how they got the card. Did I swipe it through a card skimmer? Did a store where I had used it get hacked? In my case, because I seldom used the card, I’m assuming the latter. With credit card fraud on the rise, many of you reading this article have probably gone through a similar experience. This brings us to today’s topic: What are you going to do about security in your own applications?

Because there have been so many recent security breaches, industry experts no longer consider SSL2 and SSL3 protocols to be secure. In fact, current browsers and other products completely disable the use of these protocols.  This is because hackers are able, through various attacks, to downgrade to this lower encryption and get access to data supposedly protected by SSL3. Other security flaws make even TLS1.0—the first iteration of the next generation of cryptographic protocols—vulnerable. Although TLS1.0 is still widely used, it is being superseded by TLS1.1 and TLS1.2. For detailed information about attacks against TLS/SSL, click here.

If your application handles credit card transactions, you’ll be familiar with PCI. It’s the information security standard for organizations that handle any of the major credit cards. Starting in June 2016, in order for a website to be PCI-compliant, it must use the latest TLS protocol, TLS1.2; SSL and early TLS versions will not be allowed. (See section 2.2.3 of the PCI Data Security Standards document.) Some older operating systems such as HP-UX (PA-RISC), Vista, and Windows Server 2008 (and, of course, the unsupported-but-still-clinging-to-life XP) are simply not capable of being PCI-compliant. OpenVMS is not currently capable of being PCI-compliant, but an expected SSL release should be available before the end of the year to make it so. In addition, versions of Synergy/DE on UNIX below 10.3.1 and on Windows below 10.1.1 cannot be used for PCI-compliance. For xfNetLink .NET and xfNetLink Java, version 10.3.1b or higher is required.

Another security standard that is of concern for some Synergex customers in the U.S. is the one imposed by HIPAA. Currently, HIPAA compliance requires TLS1.0/TLS1.1/TLS1.2 for business communication and TLS1.1/TLS1.2 for government communication of sensitive data.

With the release of Synergy/DE 10.3.1b, the default SSL protocol is now TLS1.0/TLS1.1/TLS1.2, and you have the option to specify that only the most secure protocols (TLS1.1/TLS1.2) be used. All Synergy products that include encryption functionality to handle data transfer over a network have been updated: the HTTP document transport API, xfServer and xfServer client, xfServerPlus, and the three xfNetLinks—Synergy, Java, and .NET.   

In a future version, we plan to change the default protocol to TLS1.1/TLS1.2. Note that this change could break your code if you’re using the defaults and haven’t updated your OpenSSL recently. And using SSL on the older platforms mentioned above, which don’t support protocols above TLS1.0, will no longer be supported. I encourage you to take advantage of this time (and the new options we’ve added to Synergy’s encryption features) to get your Synergy applications up to speed with the newer protocols. This will enable you to not only be ready for future versions of Synergy, but also to offer your customers the most secure applications available right now.

Hackers never stop trying to exploit weaknesses in security, which is why OpenSSL continually updates its releases to keep up with the ever-changing security landscape. Just this year, OpenSSL has gone from version 1.0.1j to 1.0.1p (as of this writing). Here is the extensive list of changes.  If you use any of Synergy/DE’s products or features that use encryption, we recommend that you regularly update your systems with these changes. Many operating system manufacturers incorporate OpenSSL in their OS these days. Typically in these situations, they fall behind on the version number but may port many of the security fixes back into their current SSL offering. Regardless of whether you install it directly or rely on the version in the OS, it’s important to keep up with improvements in OpenSSL, as they can be critical to your application’s effectiveness and your customers’ data.

Even if the encryption in your Synergy application doesn’t require PCI or HIPAA compliance, it’s still good practice to keep it as secure as possible. I want to encourage all Synergy developers to keep up with the latest security offerings, install Synergy 10.3.1b, and start using the most secure protocols and ciphers available. As they say in Hawaii, do it “wikiwiki!” (quickly). If you don’t keep up to date, just remember: Hackers never take a break, unless they’re on vacation, enjoying a free Mai Tai on your credit card. Aloha!

For more information about using the new security features in Synergy/DE 10.3.1b, go here.

OpenVMS customers: Join us at the upcoming OpenVMS Boot Camp

Synergex to sponsor September 27-30 event in New Hampshire

Join the OpenVMS community and silver sponsor Synergex at the “largest gathering of global OpenVMS professionals in the world”, September 27 – 30, at the Radisson Hotel Nashua. This is a great opportunity to learn about OpenVMS roadmaps and to network with HP, OpenVMS partners and customers, and Synergex. Get more information here.

Synergy ventures into Universal Windows apps

How to make a Synergy Windows app run almost anywhere (that a Windows app can run)

As you’ve no doubt heard once or twice over the years, Synergy DBL is a highly portable language. So it should come as no surprise that we’re all over the latest portability opportunity, the Universal Windows Platform (UWP), introduced in Windows 10. The UWP unifies previously separate Windows-based platforms and offers a way to create apps that can run on any Windows 10 device — be it a PC, a tablet, a Windows phone, an Xbox console, or even a wearable device or household appliance. Such apps are called Universal Windows apps.

According to MSDN, “At the core of Universal Windows apps is the idea that users want their experiences to be mobile across ALL their devices, and they want to use whatever device is most convenient or productive for the task at hand.” The UWP provides built-in features that make it easier to develop an effective UI and a consistently enjoyable user experience across multiple devices. Even the app state can be portable across devices. For example, if you’re working with a customer record on a tablet and then you move to your desktop computer and open the same app, it can take you straight to the same spot you were in on the tablet.

The UWP includes universal controls and layout panels, tooling, adaptive scaling, and common input handling (so input can be received via keyboard, mouse, touch, stylus, or controller). Universal Windows apps can call the WinRT APIs that are common to all devices, as well as APIs specific to the device family on which the app is running (for example, Win32 and .NET APIs). The UWP’s core API layer enables you to create a single app package that can be installed onto many different devices. Furthermore, the Windows Store provides a one-stop shop to submit and manage your app for all device types it can run on.
The new 10.3.1b Synergy/DE release provides initial support for the UWP. So what are you waiting for? Upgrade to Synergy/DE 10.3.1b today to start taking advantage of the newest opportunities on Windows.

Learn more about Universal Windows apps:
Guide to Universal Windows Platform (UWP) apps
Introduction to Universal Windows Platform (UWP) apps for designers
Guidelines for roaming app data

2015 DevPartner Conference Tutorials now available online

Access the hands-on tutorials and learn more about the latest features in Synergy/DE

Whether you made it to the recent conference or not, the hands-on, self-paced tutorials are a great way to learn about the latest features in Synergy/DE. They are among the most popular features of the annual conference. You can access the hands-on tutorials from 2015 and the past several conferences here:

Synergex Holiday Reminder

Synergex will be closed on Monday, September 7 for Labor Day.

If you anticipate needing our services on this day, please let us know.

Industry News

Microsoft Windows 10 review: Microsoft gets it right
Microsoft to deliver third Windows Server 2016 preview with Windows Container support
Microsoft Azure supports bigger backups
Black Hat reveals expanding threat landscape, code analytics potential

Synergy/DE Links

Product Documentation
Current Release (10.3)
Changes Per Version
Product Videos
Resource Center Login
Contact Us
Stay up-to-date on the latest Synergex information & news