At 04:28 PM 7/11/01 -0400, Bagotronix Tech Support wrote:
>All ranting aside, has anyone (any real PCB designers, that is) actually
>used the AutoRFQ thingy yet?  I would be interested to know how effective it
>is at getting competitive quotes from REPUTABLE PCB shops.  With regard to
>the NDA stuff, the marketing fluff says it "extracts the minimum numerical
>data required for quotation".  I assume this is board area, # of
>plated/unplated holes, # of layers, SMOBC y/n, # of hole sizes, smallest
>hole, etc.  It should NOT put the actual Gerber data in the quote package, I
>hope!  How about someone from Protel actually putting our fears at ease (or
>at high alert) on this by telling us exactly what data it sends?  Are you
>listening, Protel?

Such a tool should be accompanied with *very* specific information about 
what is sent. What is sent should be in a text file that can easily be 
read. In fact, the program should merely create the appropriate e-mail, 
which could then be reviewed by the designer before it is queued for 
sending. Proprietary data, if any, should be separately sent encrypted, 
with a separate permission required.

From: "Gordon Price" <[EMAIL PROTECTED]>
>Sent: Wednesday, July 11, 2001 2:25 PM
>Subject: Re: [PEDA] New on-line PCB quoting service for Protel 99 SE
> > Dear Brent,
> > This is really a stupid idea, as I have mentioned before. We are
> > interested in getting Protel 99 SE to work in a stable way, not how you
> > broaden your market. Please do not put AutoRFQ in any products or we will
> > drop PROTEL!! There are NDA issues and extreme product confidentiality
> > issues that no smart company will put up with here!

This may be overstated. If AutoRFQ is automatically installed, or is easily 
to install in error, then, yes, it is a very serious defect, one that would 
cause me to postpone installation of any version or service pack that 
included it. Similarly, if it sends proprietary data (numbers of holes and 
board size are not particularly proprietary, without ample opportunity to 
review by the system operator, it would likewise be a security risk. I have 
not downloaded the add-on because it is only rarely that I make fabrication 
purchase decisions, so I don't know.

An install option should allow the substitution of a user-definable address 
to which all submissions would go, and, as I mentioned, the submissions 
should be in ASCII text, user readable and understandable. This would allow 
review by an officer of the company tasked with security. It might just be 
another engineer, it might be the designer himself (and then he could 
choose to forward it to a known address.

There is no reason to allow such a program to function as a server, and 
that, too, raises serious security issues. Otherwise it creates no new 
security issue.

At the present there is little problem because it is an add-on which is 
voluntarily installed. Don't trust your engineers to install executables? 
Obviously in this case one would not allow them to do so. The real concern 
is the risk that the program would become part of a default installation 
without the security concerns being addressed.

Abdulrahman Lomax
P.O. Box 690
El Verano, CA 95433

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* To post a message: mailto:[EMAIL PROTECTED]
* To leave this list visit:
*                      - or email -
* mailto:[EMAIL PROTECTED]?body=leave%20proteledaforum
* Contact the list manager:
* Browse or Search previous postings:
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Reply via email to