#foo

Let me Google Salesforce lol...it's vaguely familiar

The Shadow Realms proposal mentioned it

Ayyyyy, no slowmode

Both are low-code platforms, basically allowing you to build business-line logic apps without having to code the entire thing - kind of like dynamic forms. Don't like it personally, not as a developer.

Sounds weird

"Dynamic Forms" reminds me of the form a certain college district has for K-12 dual enrollment

and I hate that too

lol

Anyways, why do you want to commit exported XML?

Shouldn't that be treated like...a build artifact or a database?

It's funny though, because I was working on a dynamic forms app prior to the reorg at my current job, but it was custom built. Basically allowed powerusers to create new forms for data collection and there's a mobile app so like, let's say you have a house inspection company and they go through and inspect the house, they can have a custom-built form and be able to enter all the data as they walk through, and it uploads to the backend and is stored in the database.

In source control (i.e. Git) you definitely want to commit changes to the CRM so you have versioning control. Also in those scenarios, typically you're using a CI/CD pipeline that automates builds and deploys to the environment, so it's more iterative and controllable rather than randos just making changes directly in the platform.

Does CI/CD update the XML files?

Well I'm not sure exactly for Dynamics, but we use Jenkins to automate deploys to the platform and yea it's all the XML files and stuff. So whatever changes are in the solution that are stored in source control get deployed to the actual environment after code reviews.

As long as the UI looks good and the data is structured properly, I'm happy

in the solution
Is this C/C++/C#?

Yea it's just that in order to extend functionality, the base platform doesn't offer it but does offer plugins that let you run a variety of languages to do sort of middleware operations. We're using C# and Java mostly.

C# and Java

The platform solution, basically all your Dynamics entities, forms, views, etc. are represented in XML.
Any plugins you might use can be in any language.

If the platform supports.

And yea I don't know why they're using both C# and Java.

but does offer plugins that let you run a variety of languages
Out of curiosity, is this...GraalVM?

Or are you using WebAssembly?

Not that I'm aware of. It's an out of the box thing with Dynamics. You just supply the code in the plugin and Dynamics will do the thing.
We're also using Liquid templates for transposing data into client-side views/portals. Think of it like a templating engine.

Weird

It seems unclean

I think my school district might have used Dynamics...

It's a Microsoft thing, right?

Yeah

Yea I don't like it. It's too much abstraction. I'm used to working in entirely custom apps. And it's the reason I accepted an offer recently at another company (for a 42.8% increase of salary!).

Amazing

Yea Dynamics is MS's version of basically... Salesforce

Okay

Does the content presented to the end-user tend to look like crap?

Depends, you can use the default CSS and stuff but you do have the option to use stuff like Bootstrap or whatever custom stuff you decide to code in to the client side portals.

Oh

I'm just wondering where the heck this UI came from

Could be anything. Maybe if you inspect with dev tools and look at how the elements are named, their classes, etc. you might get a hint.

/bootstrap.min.css?1608294641000
/css/glyphicons-font-awesome-migrate.min.css
https:// content.powerapps.com/resource/powerappsportal/dist/preform.bundle-909d63d1c4.css
/theme.css?1641795017000
/customcss.css?1623048484000
/jquery-ui.css?1641795017000
/home/jquery.dataTables.css?1647500684000
/css/offlinenotification.css

A wide assortment of CSS files

Yea I see those exact libraries in our portal code

powerapps, as well, is MS Dynamics

I definitely don't think that UI is made with Bootstrap

Might have a reference but not being used

are you joking

App is definitely a Dynamics portal though, the "powerapps" gives it away.

For context, last school year, all LAUSD students and probably teachers (2nd largest school district in the US by the way) had to use this web app to enter their school

Everyone signs in with their LAUSD Microsoft account and answers two questions

Yep, probably using Azure AD B2C

And then, you get a QR code

and the staff scans the QR code

and then you can get in

Not very advanced

The QR code is just a UUID

Sounds like a custom user flow or policy.

Overall, it's a very stupid system

I agree in a sense - the primary value of the platform is you can get business functionality without designing the entire system.

Anyways, we don't need to do it this year, and apparently this is how they removed those options

¯_(ツ)_/¯

It does what it's supposed to do

Is it great? No, hell no

I found where Bootstrap is used

Oh, the tables use it too

By the way, LAUSD suffered a ransomware attack earlier this year

Gotta say, whoever designed the UI was definitely not a UX expert. I mean, functionally it seems fine but whoever did it has no taste.

oof

Even I have better taste lol

It was good and bad

The bad part is almost no one could log in to their LAUSD account

The good part is almost no one could log into the LMS, Schoology, using their LAUSD account

so almost no one could submit assignments

Weird. Not sure how ransomware would affect Dynamics or its login mechanisms.

Don't ask me

LAUSD has some on-premises stuff I think

regular ol' organization login

Usually you see that via an email vector, running a malicious executable attachment and, the local user has file shares to critical systems where those files are then encrypted.

Yea that's definitely MS

B2C likely.

they also used to have this Microsoft stuff

obviously with a different logo and all

Yea that's the org-side stuff, basically the identity provider. Custom page for the user to log in and authenticate to the directory (in this case probably Azure AD), then an SSO flow (whether OpenID, SAML, etc.) occurs and a token is sent to the application which authorizes them in.

SAML

I have no clue

I understood what you said

But as for how they got infected

¯_(ツ)_/¯

Yea, so that auth mechanism will send an AuthN response to the service provider (the app) for authorization. But the flow is a little different from the start depending on whether it's IDP-initiated or SP-initiated.

The same credentials are also used for Google accounts by the way

Now that I need to Google

If you search for SAML idp vs sp initiated you'll see a bunch of diagrams for it. I've had to implement SAML SSO for multiple apps / projects.

Why don't people use OAuth again?

Or, what, OpenID?

They do.

You can use whatever you want if the platform supports it.

Anyhow, how would a ransomware affect Google and Microsoft credentials (which are the same)

The only way I could see it is if it was on-prem. But that's not the case unless they're using a local Active Directory server versus Azure AD or some other cloud directory.

They could very well be doing that

They even have their own AS number

Oh wow, as in routing?

They have a block of IP addresses assigned to them

Yea my current co has their own block as well.

When you look at ARIN

mylogin.lausd.net (which, since the ransomware attack, can only be accessed from within LAUSD's network) has an IP address of 204.108.65.79

Passwords are changed through that site

Yep, whois on that IP is LAUSD

Indeed

But that would be the public IP assigned to the public interface of their edge firewall.

wat

I'm not sure if the firewall they use for public-facing services (if any) is the same as the one used within LAUSD's network (for compliance reasons)

LAUSD's network (accessible at each school through Wi-Fi and Ethernet as far as I know) uses some firewall from Palo Alto Networks

Funny thing