Seeing is Believing
Encrypted Opinions
What’s more in need of rehabilitation? The bonepile, or supplier gateway?
Hello, I would like to get some information about your capabilities for Bonepile Rehabilitation. I have some legacy circuit cards that were previously tested on a FACTRON 750. Can you reverse engineer the schematics/gerbers from a known good board? Once you have diagnosis (sic) the problem on a failed board, can you also perform the repair? Are you cybersecurity certified for ITAR data?

This is how an unsolicited customer engagement often begins. No unusual requirements here, other than the obvious need for remedial grammar lessons.

“Yes, yes and yes.”

Good. Then you may be able to assist us. What is your process?

Bonepile rehabilitation and reverse engineering in our world are two different things. When we say bonepile rehabilitation, we are usually talking about troubleshooting boards that have failed, either in the field or in functional/system test, and using the tools we have here at our facility to troubleshoot, repair, and restore them to service. In most cases design documentation (bill of materials, CAD, schematic, Gerber files, etc.) still exist, and are used in this activity, especially to develop test programs (flying probe, JTAG/boundary scan, etc.).

I would classify what you are asking for more as reverse engineering, in that (I assume) documentation and data are mostly or completely gone, due to time, business transitions, or recordkeeping ineptitude. Full restoration of a doc set, compared with bonepile rehabilitation, is a more difficult, time-consuming, and, by nature, expensive task. It typically involves various forms of flying probe testing, CT scanning of individual layers, followed by re-layout and redesign using the forensic data our tools provide. If copy exact methods are required, the process will not work. Time and faded memory demand some latitude of interpretation. Projects like these usually start at about $10,000 per part number (very simple part numbers), and go up from there, frequently way up. If it is a bargain you seek, you’re in the wrong place.

To give you a definitive answer whether we can help you with a particular board, I would need to see it. Ideally, I’d need to see one assembled board and one bare board at a minimum.

That is our process.

We are ITAR registered and AS9100 certified. Matter of fact, we just had our AS9100D transition audit two weeks ago. Regarding data security, I’m assuming you are asking whether we meet NIST 800-171 and related DFARs. Today we do not, but we have developed a roadmap toward meeting the NIST standard, which we would be happy to share if a project goes forward.

Meanwhile, if you would like to proceed further, send me an NDA and I’ll review and sign it immediately. Then we can discuss in depth the particulars of your project.

Any questions? Does this sound like a plan? When can we get started? Tomorrow? Next week?

We’re interested. You’ll be hearing next from our security and purchasing groups, the first to establish your bona fides, the second to install you in our ERP system as a vendor. This is urgent.

That was September. Our next communication arrived in February. Urgent indeed.

Greetings Robert: Our company wishes to discuss and potentially engage in the process of CCA rehabilitation with your company, and to further pursue and release details I am enclosing our Standard Bilateral NDA for your review and execution. How many weeks will it take your legal department to review and amend and sign this document?

“About 10 minutes.”

Seriously? How can you do that so fast and without the assistance of legal counsel?

“I see one to two of them every week. That’s 50 to 100 per year. I know what to look for and what the pinch points are. The review takes no time at all if you know what you’re looking for. It’s in the attorneys’ best interest that you remain ignorant of that. Anyway, I should have a signed, scanned copy of your NDA ready for countersigning back to you within the hour.”

Good. Once the NDA is received, you will receive an invitation to become a vendor from our ERP system. You will also receive a security notification asking that you authenticate yourself and your company.

Sure enough, next day comes the email prompt.

You have been invited by a Member of our Supplier System to join their select supply network. You were nominated by a Customer Buyer. Please supply your Federal Tax ID Number; your DUNNS number; your CAGE Code; a copy of your DDTC (ITAR) letters and your ISO9001/AS9100 certifications for review.

Invited? Nominated?

Or condemned?

In order to transact with a Supplier System Customer, you must complete all of the actions indicated below. All potential/pending purchase orders will be held pending completion of the vendor profile and two-factor authentication registration. Failure to complete all of these listed actions, in the sequence described below, will result in immediate rejection of this application with no appeal.

In plain English, don’t screw it up.

  1. Register with our Supplier System (SS), which provides supplier profile and user identity management services for Our Company Pay to Play (P2P) transaction system via the Monitored Access Gateway Arrangement or MAGA. A link has been provided in a downloadable document for you to initiate the registration process. You will need to set up a login and password with the Download Advanced Management Node, or DAMN, in order to retrieve this document.

    If you have trouble accessing either URL, an alternate URL is available by contacting our Help Desk. In every case described above, in order to access each site, you will first be prompted to accept Our Company’s 180-day payment terms. If you do not select “accept,” you will be jettisoned from the system and this transaction will cease immediately with no right of appeal.

    In all transactions, please reference the 37 character transaction codes and confirmation codes provided in the downloadable document retrieved from DAMN. For security reasons, the system will not respond without prior insertion of these codes, twice.

    To assist you with the Supplier System (SS) vendor registration process, the following help documents are available: (1) SS Vendor Registration Checklist (SSVRC) and (2) SS Vendor Registration User Guide (SSVRUG). Both are accessible through the DAMN Portal, once you have established an account and accepted our payment terms. Please use a high-speed internet connection, as each document exceeds 350 pages and contains both PowerPoint and video content.

  2. In order to securely access Our Company’s Pay to Play (P2P) and Supplier Systems (SS), it is required to either purchase or be in possession of an approved 2-Factor Authentication credential. For more information on the process and recommended/approved credentials, please see the Supplier System Pay to Play (P2P) 2-Factor Authentication Support Site located on Our Company’s Website. You will need to produce a scanned copy of a federally approved and authorized Real ID and a birth certificate (notarized) in order to be granted access to the P2P section of the website. Please note that UPS Store notarizations are invalid for this purpose. Bank notarizations with gold certificate stamp are preferred.

    Additional Instructions (if any):

    If you have any questions regarding this request or need assistance with completing these actions, please contact SS Customer Service.

    The SS Customer Service team is available online via the SS Customer Support Self-Help site. The Self-Help site is also accessible via the P2P section of the website. The same access credentials noted above apply, with the addition of a signed, notarized letter on company letterhead authorizing access to SS Customer Support, and stating the precise reasons for seeking support. Allow 10-15 working days for replies to letters seeking customer support. Your SS Customer Service Team sincerely believes we are the final solution to procurement security, and we truly appreciate your endurance.

So this is what Hell feels like.

In all the foregoing excitement, I’m also forgetting what it is they want from us in the first place.

One month later:

Rodger, how are you coming with the SS setup process?

“I’m not. I tried three times, and it kicked me out after the third failed attempt in 45 days, saying I lacked correct or sufficient login credentials. Also, between the time of my first attempt and my last, the two-factor authentication requirement has inflated to a three-factor requirement. And we’ve changed presidents and gone from English to metric. Because I made three failed attempts in 45 days, I cannot make another try at registration for 90 business days. Two of my associates then took over for me and made the same attempt, and were similarly, and regrettably, ejected. Oh, and it’s Robert.”

Right. This is extremely hot. We need to reverse-engineer these boards and have new archives within the next 24 months. Otherwise things that fly won’t. Federal dollars are riding on this and need to be spent. It’s an urgent national security issue.

“Your Supplier Portal is a national security issue too. As in, nobody with room-temperature IQ, much less the Russians, can access it and do business with you. Congratulations.”

We’ve seen that comment before in a few supplier surveys. Have you done one of ours? We use SurveyMonkey. Cool stuff.

“Then I guess you have a cost/benefit calculation to make. Do you need our services, or don’t you? If the latter, we’re done. If the former, what’s it worth to you to set us up? Your call.”

I have emergency authorization to bypass the system and set you up on a 30-day provisional basis. Give me a login first and password second that you want to use. In both please use at least 8 characters and also be sure they are a combination of numbers, letters (both lower case and caps) and symbols. Do not use roman numerals as they are symbols of a failed empire. Our system doesn’t like that.

“L!v!d!666. I!0@TH3pw$!!!!!”

Much obliged. Give me 5 minutes and you’ll be all set. Look for the DocuSign prompt on your email with 10 pages of government disclaimers and 12 signature lines. Please sign and return immediately so we can send downloadable data to you to quote.

I’m always here to help our vendors. We are all about making it easy for them to do business with us. Have a blessed day! Warm regards, Frederick Kafka.

Robert Boguski
Robert Boguski
is president of Datest Corp. (datest.com); rboguski@datest.com. His column runs bimonthly.