Frideas! 6/14/2024

Randy · June 14, 2024, 1:44pm

On Friday, it’s EpiUsers Frideas Day! Have you been to the Epicor Ideas Portal recently? If so, are there some ideas you want to encourage other users to vote for? Maybe want to add comments to an existing idea?

Typically @Mark_Wonsil starts these so apologies if I step on any toes.

I’m going to start off by advocating for my new idea. Kinetic BAQ designer has a missing feature from Classic when creating criteria for {fieldname} IN {Constant List}.

Also going to bump @josecgomez idea of adding a new report engine.. Thread here: IDEA: KIN-I-5057 Replace tired SSRS with a modern really web friendly document reporting tool

Ideas from thread:

Revert from 135 character passwords
Green checkmark for completed jobmtls
Bring back context menu calculator
Import-export home page layout
App Studio needs ability to do a static text blob (not editable) for long-winded descriptions of what this page is for, etc…
Server file download stinks today
Allow for the option to include freight KIN-I-5103
Would love some votes for this DocStar/ECM idea please: Improve the LDAP import to automatically sync with AD on a specified schedule https://epicor.ideas.aha.io/ideas/ECM-I-1274

aosemwengie1 · June 14, 2024, 1:47pm

Yep, this is the ONE time I still go back to classic baq designer.

Please vote to undo this newest preposterous change (135 character passwords):
https://epicor.ideas.aha.io/ideas/KIN-I-5094

mbayley · June 14, 2024, 1:49pm

KIN-I-5095: Icon for complete material on a job should be a green checkmark, not a yellow circle.

Self explanatory:

josecgomez · June 14, 2024, 1:49pm

I’m sorry… 135???

What in the literal…

Randy · June 14, 2024, 1:51pm

I’m still moving into Kinetic BAQ Designer. Yes, yes, I know I’m an

Banderson · June 14, 2024, 1:52pm

hmwillett · June 14, 2024, 2:03pm

Seems completely reasonable and normal to me.

Ernie · June 14, 2024, 2:04pm

Bring back the context menu calculator… PLEASE!

https://epicor-manufacturing.ideas.aha.io/ideas/KNTC-I-2775

Randy · June 14, 2024, 2:12pm

I never knew of it until @timshuwy made a thread here asking if anyone used it.

Ernie · June 14, 2024, 2:20pm

It’s one of those things that if you never use it (and I didn’t for the first 10 years or so of my Epicor lifetime), you might not even know it exists (and I didn’t). Then it got pointed out to me by a colleague.

Once upon a time I could do quite a bit of (simple) math in my head, but that ship sailed… and pretty much every Buyers’ jaw dropped when I demoed it.

JosGreeve · June 14, 2024, 2:20pm

has already been changed in 2024.1.6 now 128, sorry @hmwillett

maybe i should ask if the paste option for password fields can be removed. to prevent people from keeping their passwords on a txt file

josecgomez · June 14, 2024, 2:26pm

Now I’m a little irritated,famously (in my own life) and much to @Banderson’s amusement, I spent way too much of my free time writing a custom authentication server and client software for a passwordless protocol called SQRL that nobody other than me and maybe @Mark_Wonsil have ever heard of, so I have a little bit of knowledge in this area and when I see stuff like this it hurts my brain.

Passwords do not need to be excessively long to be effective. The effectiveness of a password comes down to entropy—essentially, how large of a search space is required to brute force it.

Entropy can be increased via several methods, including:

Length: While longer passwords can increase entropy, there’s a point of diminishing returns, and 135 characters is well beyond that point.
Complexity: Using a mix of uppercase, lowercase, numbers, and special characters can greatly increase entropy without requiring excessive length.
Unpredictability: Avoiding common words or patterns and using random sequences helps make passwords more secure.

A password with a reasonable length (e.g., 10-16 characters) that incorporates these principles can be very secure without being absurdly long.

For good measure:
A 135-character password using all alphanumeric characters, digits, and symbols (as Epicor’s generator does, such as this):

s-SQ87DFMa)C_En^T>w0wL<hTNTM_yBZSWCCpjeKC],ENw44+UFH_TU7aS`z2nDs-SQ87DFMa)C_En^T>w0wL<hTNTM_yBZSWCCpjeKC],ENw44+UFH_TU7aS`z2nD123456556

Has a search space of 9.94 x 10²⁶⁶ and would take 3.16 thousand trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion centuries… to brute force with the most powerful GPU array in existence.

Meanwhile, something like this:

C0mPleXPassw0rD

Has a search space of 7.82 x 10²⁶ and would still take 2.48 thousand centuries to brute force with the biggest badest GPU Array in existence

So maybe take a chill pill, Epicor… none of us are even going to be around for either of those measures. I know
manager/manager
was a weak standard and the pendulum is swinging the other way… but… chill out

hmwillett · June 14, 2024, 2:27pm

Shoot–how did you guess my password?! Now I’m gonna have to go an change it… Probably.

knash · June 14, 2024, 2:35pm

When I see a password conversation I always think of this nice little video.

FREE WIFI! · take a password · (youtube.com)

klincecum · June 14, 2024, 2:35pm

Too late, I’m in.

Your search history is wild.

hmwillett · June 14, 2024, 2:37pm

I’m sure you can’t top what’s already in the history, sir.

JasonMcD · June 14, 2024, 2:46pm

Not mine, but I agree:

Import-export home page layout:
https://epicor.ideas.aha.io/ideas/KIN-I-4470

App Studio needs ability to do a static text blob (not editable) for long-winded descriptions of what this page is for, etc…
https://epicor.ideas.aha.io/ideas/KIN-I-4471

Server file download stinks today:
https://epicor.ideas.aha.io/ideas/KIN-I-5061

Banderson · June 14, 2024, 2:51pm

I’ve said this before, and I’ll say it again

You know how your security is working?
You’ve stopped legitimate work from happening.
Congratulations!

I also like to congratulate my dog for saving my life when he barks at the leaf blowing by outside.

josecgomez · June 14, 2024, 2:55pm

So for giggles I hit the Reset password a bunch of times in a row because again if you know about security there’s something called “Fuzzing” where you throw unexpected random characters at something to see if it breaks.

Fuzzing: an automated software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities [.]

Generating a 135 random password is pretty akin to fuzzing and well as predicted you can make some things act a little angry / un-usual.

First Email:

All good…

Second Email:

Got randomly cut off, the half generated password didn’t work…

Third Email:
All Good

Fourth Email:

That’s right its a LINK… now…

Randy · June 14, 2024, 3:09pm

Stinks on SOOOO many levels.

Topic		Replies	Views
Frideas for 7 June 2024 Off Topic	5	410	June 7, 2024
Frideas for 10 May 2024 Kinetic ERP epicor-ideas	14	754	May 13, 2024
Frideas for 31 May 2024 Off Topic	14	599	May 31, 2024
My Frideas Entry for 3/29/2024 - Create BAQ from SQL Kinetic ERP sql , baq	5	325	April 1, 2024
Need votes for a program to remove kinetic personalizations Kinetic ERP	62	10943	October 16, 2024

Frideas! 6/14/2024

Related Topics