John Louros

Allowing developers to pick the programming language they feel most comfortable when writing Windows 10 applications, has been Microsoft's the strategy to appeal more developers join their ecosystem. Since JavaScript popularity has increased tremendously in the last years, it's only natural that Microsoft supports application development using HTML and JavaScript. For increased productivity and compile-time validation, many of us choose TypeScript in favor of vanilla JavaScript. On this article I'll talk how can you use TypeScript for HTML/JavaScript Windows 10 development and how can you avoid file encoding problems reported by 'Windows App Certification Kit'.

Recently I spent some time working on a presentation about TypeScript, for my current company. The main purpose was to study the pros and cons and validate if it would make sense to use it on our Web Applications. The presentation itself is targeted for a boarder audience, with little or no experience with JavaScript. It begins by explaining the origin and evolution of JavaScript; concluding with how TypeScript can aid developers avoid common mistakes and tackle some flaws inherited from JavaScript's specification.

On my previous post 'Disabling cryptographic protocols for PCI compliance (focused on SSL 3.0 and TLS 1.0)' I mentioned how can you disable incoming SSL 3.0 and TLS 1.0 connections, by tweaking schannel settings in the Windows registry. Along with it, I also mentioned how to tweak ServicePointManager security settings to modify what cryptographic protocols shall be used for outgoing connections. On this post, I'm going to demonstrate another possible solution for this problem by modifying strong cryptography settings of all .Net based applications.

MSDN has a ton of information about this topic, from database setup to SqlClient configuration, however if you are fairly new to this topic you might get overwhelmed with all the available information. My goal for this blog post is to simply the idea behind this concept so anybody can understand the basics. Just keep in mind that the Network setup can be far more complex, but the fundamentals will be the same.

PCI DSS (Payment Card Industry, Data Security Standard) requires that cryptographic protocols with known vulnerabilities, must be disabled (recently introduced in revision 3.1). This includes SSL 2.0, SSL 3.0 and TLS 1.0, meaning that after June of 2016, any environment supporting those protocols will automatically fail a PCI audit. At the time of this writing, only TLS 1.1 and TLS 1.2 should be enabled (TLS 1.3 still in draft phase).