Whenever you work with data, an integration, or code, you will invariably work with strings. Usually lots of strings.
In some cases, every data field you work with will be a string. In other cases, you'll need to convert strings to numbers, dollars, or dates. And sometimes you'll need to format strings, whether composing data into XML, formatting social security numbers, or working with different date formats.
In this video, I share 3 stories about working with strings in C# that I encountered recently on projects.
I have been working on a few Dynamics GP Document Attach projects lately, and I haven't been able to find a complete list of the record type codes used in the Doc Attach tables.
To find the codes, query the CO00101 table and look at the ODESCTN field values.
CO00101 Table
Here's the partial list that I've compiled so far for a US installation of Dynamics GP. As I test additional record types, I'll update this list.
If anyone knows of a complete list or has updates, let me know.
Customer:CC
Vendor:Vendor (Creditor in UK)
Item:IC
GL Transaction:GL
PM Transaction:PM
Purchase Order:PO
Purchase Requisition:REQ
PO Shipment:PS
PO Shipment/Invoice:PSI
Receivables Transaction:RM
SOP Order:SO
SOP Invoice:SI
Note:NOTES
**NOTE: It appears that some of the Doc Attach record type codes may vary by region. For example, UK installations use "Creditor" instead of "Vendor". But "CC" is still used for UK Customers, rather than "Debtor".
Steve Endow is a Microsoft MVP in Los Angeles. He is the owner of Precipio Services, which provides Dynamics GP integrations, customizations, and automation solutions.
This type of attack can apparently defeat most, if not all code based 2FA systems. I have a separate blog post discussing YubiKeys / U2F tokens, which are touted as being more secure than code-based 2FA authentication schemes. The article mentions that the tool "is inefficient against U2F-based schemes that rely on hardware security keys." I am not sure if author did mean inefficient, or if he meant ineffective, but I don't think U2F tokens would prevent the browser from authenticating with a YubiKey with the MITM in place.
If anyone has information indicating that U2F validates the URL and / or can prevent this type of MITM proxy attack, I would love to read about it.
The other day I received a Skype message from a friend. It was an abbreviated URL using the Google URL shortener.
Since it was from a friend I knew well, I was about to click on it.
Then I paused.
The URL format seemed a bit odd. After a moment of reflection, I realized it looked suspicious. Then I realized that the message appeared in Skype. And this friend doesn't message me on Skype. And I vaguely recall receiving a similar message on Skype from a customer a few years ago.
I messaged my friend through another app and let him know that his Skype account had been compromised.
He was able to login to his Skype account and confirm it had been compromised. He was able to see several logins from other countries.
He let me know that he reset his password, and considered the problem resolved.
I then recommended enabling two factor authentication on the account.
His response: "I don't regularly use the account, so I don't want to deal with the potential hassle of 2FA".
"Rufus is a utility that helps format and create bootable USB flash drives, such as USB keys/pendrives, memory sticks, etc."
The method below does still work, but in most cases, I've found that Rufus is simpler and works just as well. It also has some nice enhancements for Windows, allowing you to default some setup options, like skipping the privacy questions and setting up default local accounts.
It also works well for Linux boot drives.
===============
I'm currently building a new dedicated Windows server for running Dynamics 365 Business Central Docker images.
Since I only build a new machine every 2-3 years, I always have to lookup how to setup a bootable USB flash drive with the Windows installation files.
I am confident that I will forget this information in 2 weeks, so I'm posting this for posterity.
Here are the two articles that I used.
I initially tried to use Windows Disk Manager, but it didn't allow me to set the USB partition to "Active". So I had to use the steps from this first article to set the active partition.
Insert USB flash drive
Administrator Command Prompt
diskpart
list disk
select disk <#> (make sure to select the correct disk for your USB drive!!!!)
clean
create part pri
select part 1
format fs=fat32 quick
active
exit
And because Windows ISO images now have files larger than 4GB, you can't copy them to FAT32 file systems. So I had to use the commands from this article to copy the Windows installation files to the USB drive.
After mounting the Windows ISO file so that it shows up as a new drive letter, run the two commands listed at the bottom of the article. Make sure to set the drive letters to match your source and destination drive letters.
Copy the files to the USB drive using Robocopy and DISM: (commands at bottom)
Steve Endow is a Microsoft MVP in
Los Angeles. He is the owner of Precipio Services, which provides
Dynamics GP integrations, customizations, and automation solutions.
For the last month, I've been using an iPad Pro with the Apple Smart Keyboard Folio and Apple Pen to see how much work I could do on the iPad, and see whether I could use it to replace my laptop.
When I am away from the office and have a few minutes to get some work done, I want to start working immediately, and get a task done immediately. It feels like it's getting harder for me to do that without interruption on my Windows laptop. Sometimes WiFi is flaky and I have to reboot. Other times the VPN won't connect and I have to reboot. Then there are the incessant, nagging Windows updates that regularly interrupt my work and sometimes require a reboot. I'm currently having a weird issue where Windows File Explorer is unresponsive for 10-60 seconds, CPU utilization spikes for no obvious reason, and I either have to wait for things to calm down, or have to, you guessed it, reboot to try and clear things up.
Obviously, this topic isn't even relevant for many people who primarily work at a desk, but if you regularly work remotely, or regularly use a laptop for productivity tasks, I think the iPad is worth trying.
In this video, I show how to code Azure Functions on an iPad and use the Azure Continuous Deployment feature to automatically deploy the changes made on the iPad.
The entire video was made on my iPad. The presentation, the screen shots, the code, and even the video editing was done completely on my iPad.
But the BCP solution is only for a single attachment, and the .NET solution didn't have any features for filtering or organized export of attachments.
So today I updated the .NET solution to allow the user to select a Database, Record Type, and indicate whether Deleted attachments should be exported.
Once those options are selected, the user can retrieve a list of all of the attachments, which shows the type, the associated record number, the file name, and file size.
The user can then select an export path and click a button to export all of the attachments to disk.
The application and full source code can be downloaded here:
Version 1.30 adds support for the EFOQUS SharePoint Connector for Business Central
-Save files as <Attachment Name>!<BC Table Num>!<Record ID>
-Save files as <Attachment Name>!<BC Table Num>!<BC Record Type Num><Record ID>
New record types can be added by editing the SaveDocAttachFiles.exe.config file. Locate the RecordTypes setting at the bottom of the file and add new name + code pairs to the list.
Please note that this .NET application was assembled in a few hours, and is not a refined, polished, commercial software release. It does not have lots of configuration options or error handling, so you will want to test it in a TEST environment and be aware that it may need some modifications to work in your environment.
Steve Endow is a Microsoft MVP in
Los Angeles. He is the owner of Precipio Services, which provides
Dynamics GP integrations, customizations, and automation solutions.
TL;DR: If you're a typical computer user, save your money and do not purchase U2F keys at the moment. The technology is promising, but adoption is still so limited that it probably doesn't make sense for most people to use U2F on just one or two accounts.
This type of attack can apparently defeat most, if not all code based 2FA systems. The article only mentions that the tool "is inefficient against U2F-based schemes that rely on hardware security keys." I am not sure if author did mean inefficient, or if he meant ineffective, but I don't think U2F tokens would prevent the browser from authenticating with a YubiKey with the MITM in place. This YubiKey article explains that U2F prevents authentication with a fake phishing site, but does not appear to directly address the MITM proxy attack used by the Modlishka tool, which accesses the real Google site.
If anyone has information indicating that U2F validates the URL and / or can prevent a MITM proxy attack, I would love to read about it.
I read about physical USB security keys quite a while ago, but it wasn't clear to me exactly how they worked and I couldn't fully understand the value that they provide.
I had previously considered trying one, but couldn't figure out what I would use it for, until last month when Troy Hunt wrote an article on how he researched Google's new Advanced Protection Program and how it uses U2F.
The article is very informative and speaks well to how easy it is to setup the U2F keys.
Shortly after, I read some announcements claiming that Microsoft had added YubiKey support to Microsoft logins. Awesome, right? (I failed to read the fine print)
So I decided to buy some and give them a try.
The reviews I read about Google's Titan keys were mixed. While they are more economically priced, the key fob version is apparently cheap plastic that can fall apart or break if dropped.
So I decided to pay more and get the YubiKey version, which appears to be much higher quality. And that's where the first issue becomes obvious.