And the entire Bloomberg takedown drama added fire to the flames.
By Namahanna 9 hours ago
A couple of years ago Bloomberg reported about spy chips/hw backdoors in SuperMicro mainboards but to my knowledge without a smoking gun proof. Maybe they had to settle outside of court and also had to sign papers to help protect the company from further damage in the future. Using (other) Bloomberg material may have triggered this. Of course this is a wild speculation. I have no evidence or insider knowledge.
By rmoriz 8 hours ago
Yeah what as the story behind the BBerg take down drama? I just remember it being something absurd.
By hangonhn 9 hours ago
GN used Bloomberg clips of US Gov officials speaking on AI chip matters, fully under fair use.
And Bloomberg did a DMCA takedown through youtube, copystrike in parlance which pulled the video down for a week. GN had no recourse other than to wait and counterclaim.
Week timed out, Bloomberg did nothing but be the bully.
As always, Louis is being a bit sensationalist and stretches the truth to whip up outrage. Contrary to what he claims, GN could have easily quoted the president without Bloomberg's video, and that would be fine. "that outlet now has a monopoly on who is able to quote the president" is just a totally false premise. Moreover he tries to argue that GN's video falls under fair use, because it's a 1 minute clip in a 3 hour video. However it's not hard to think of a rebuttal to this. If news organizations can copy each other's clips of official speeches, who would bother going out and making such recordings? Usually how this would be resolved would be by citing precedents, but he doesn't bother citing any.
By gruez 7 hours ago
> If news organizations can copy each other's clips of official speeches
Brother, wait until you learn about the associate press.
In U.S. copyright law, the four factors evaluated to judge fair use are:
1: Purpose and character of the use: including whether the use is commercial or nonprofit educational, and whether it is transformative.
2: Nature of the copyrighted work: for example, whether the work is more factual or more creative.
3: Amount and substantiality used: both how much was taken and whether it was a qualitatively important part of the work.
4: Effect on the market: whether the use harms the potential market for or value of the original work.
Courts weigh all four factors together. There is no fixed rule like "under 30 seconds" or "under 10%." GN's use seems to satisfy all four factors.
By timschmidt 7 hours ago
They did have the video uploaded to archive.org (or at least link to someone else who did) and gave permission to anyone else to repost it. Which is how I saw it, some rando burner account on YouTube :)
By nazgulsenpai 8 hours ago
It's sad to see what's happened to SuperMicro. They were one of the few vendors of server-grade hardware fitting standard ATX, mATX, and ITX form factors. In my experience their hardware was always better than the others who attempted to do the same (Gigabyte, Asus, ASRock). These days, motherboards with the features I want are going to be on AliExpress. Ironic considering this latest news is about putting trade barriers between the US and mainland China.
By evanjrowley 9 hours ago
Supermicro is definitely a "you get what you pay for". We bought thousands of servers from their vertical integrations partners, had massive board and backplane problems. Took a few years but they eventually took back over $30 million dollars worth of servers, which were scrapped ultimately because the rework on them was so cost prohibitive. We lost $30M on that even after the $30M in good will refunds.
Supermicro also has the lowest bios/efi/bmc/ipmi/redfish out of any vendor we have seen.
Just low tier cheap ass shit by a company who can barely survive quarter to quarter without running some new scam on customers, investors, and even governments.
By skullone 7 hours ago
Pretty much the same experience (on a much smaller scale). And just open up one of their servers and compare the engineering to a Dell or HPE server. Anything that can be cheaped out is. Corrugated plastic for cooling air channels, FRU assemblies held in place with sheet metal screws, all very bargin basement.
By SoftTalker 7 hours ago
They look cheap even from the outside. They all look like they last went through a chassis redesign in 2002.
By kube-system 5 hours ago
I haven't worked with anything at that scale, but the little bit that I was SuperMicro adjacent I was always unimpressed by the "fit and finish" of the entire experience, as compared to Dell and HP. (Having said that, the entire x86 commodity server experience is shitty anyway. I had a brief time, early in my career, when I did work with DEC Alpha machines. Man, they had their shit together. Stuff was expensive as sin, but stuff worked together and worked well. Build quality was tank-like.)
By EvanAnderson 6 hours ago
When Compaq servers were still a thing it was the same with those. You could drop them two stories and they'd probably continue playing if the cable was long enough ;)
Oh and you'd get fined for damage to the pavement.
By jacquesm 4 hours ago
Pretty much. But at one point you could buy 2 to 3 units to every equivalent Dell or HP unit unless you had enough scale to get volume discounts. At $30M I expect the price to be a lot closer though.
Then it’s a matter of how well your engineering/ops org is setup to deal with silly hardware issues and annoyances. Some orgs will burn dozens of hours on a random failure, some will burn an hour or treat the entire server as disposable due to aforementioned cost differences. If you are not built to run on cheaply engineered gear that has lots of “quality of life” sharp edges (including actual physical sharp edges!) then you are gonna have a bad time. Silly things like rack rails sucking will bite you and run up the costs far more than anyone would expect unless you have experience to predict and plan for such things beforehand.
Of course you do have the risk of a totally shit batch or model of server where all that goes out the window. I got particularly burned by some of their high density blade servers, where it was a similar story to yours. Total loss in the 7 figures on that one!
Totally agreed on their BMC/firmware department. Flashbacks to hours of calls with them trying to explain the basics. My favorite story from that group is arguing with them over what a UUID is - they thought it was just a randomly generated string. Worked until one didn’t pass parsing on some obscure deeply buried library and caused mysterious automation failures due to being keyed against chassis UUID… and that’s when they’d actually burn one into firmware in the first place.
It was also always a tradeoff of having to deal with cheaped out hardware engineering with supermicro or with some horrible enterprise quarterly numbers driven sales process with Dell.
By phil21 6 hours ago
> unless you had enough scale to get volume discounts
Volume discounts from the big American brands are at least sometimes available at volumes that are remarkably close to one unit.
By amluto 2 hours ago
How do you even find motherboards on AliExpress properly? Do you have a methodology to split the chaff from the wheat?
By cobertos 9 hours ago
what chaff? Just search, find what you want and buy. It's like ebay.
By segmondy 8 hours ago
Being like eBay is why it's full of chaff. There's a lot of really bad hardware on Aliexpress.
You either take a gamble on something and hope it's good, or try to buy the same thing that someone else bought and reviewed.
By Aurornis 8 hours ago
I always figured that was the trade-off for paying 1/3 the price. Having to buy 3x as many to find a good one. :P
By timschmidt 8 hours ago
"Another Slot A motherboard :(, maybe the 4th one I buy from AliExpress will finally be that X870 motherboard I want!"
By dessimus 7 hours ago
Have you heard of paying with PayPal/credit card?
By killingtime74 4 hours ago
Curious what the features are that you like and can source from AliExpress? I have usually gotten boards from Asus and its ilk, these days with 4+ M.2 slots...
By SomeHacker44 6 hours ago
You either become an Apple or you eventually circle the drain competing to zero margins which forces 'other methods' of generating growth.
By nebula8804 9 hours ago
And ideal effective market must have a zero margins. That's normal, what the economy strives for, what customers want.
If some market has large margins, it means it has some inefficiencies.
By deepsun 8 hours ago
Ideally yes, in practice it needs to return more than just parking your money in a savings account.
By SoftTalker 6 hours ago
If bank is able to pay interest on your savings account, then it means it invests your money into businesses with positive margins.
By deepsun 3 hours ago
It is impossible to have (actual) zero margins.
By lazide 7 hours ago
Of course. Just as it's impossible to have zero inefficiencies in any business or market. That's why I said "ideal", i.e. unachievable. But the closer we get, the better we are.
Most inefficiencies come from hard-to-get-into markets, like telecom market is an oligopoly. Or information disbalance (business actors hide their pricing, khm.. hospitals khm..). A good government would try to remove them inefficiencies as much as possible (public pricing, easy-to-get capital), and make every business race-to-the-bottom competition.
By deepsun 2 hours ago
It isn't, you can do things as a side project.
I thought about quite often while visiting a pub owned by the land lord renting out 150 rooms above. Each floor had a large industrial shared kitchen, shared bathrooms, toilets and a large shared living room. If people had 1-2 guests they would stay in their room, if they had 2-10 guests they would use the shared space, if they had 4-80 guests they would take the elevator to the pub. When one was bored with the guests or didn't have time they were left in the pub. Technically people had bar shifts in their rent contract (that you could buy your way out of) but there were plenty who enjoyed running the bar for free. Drinks were at cost. If you tried to tip or didn't take your change they left it on the counter and it would sit there for a day or two. The problem of the pinball machine earnings they solved with rounds of free drinks and chips.
When asked the owner said exploiting a bar was entirely to much work. If he wanted more money from the people living there he could just increase the rent?
By 6510 7 hours ago
Those are negative margins.
By lazide 7 hours ago
It depends on what you mean, do you mean both gross and net? Just one of the two?
Gross margin of zero would be mean you sell at exactly the cost to produce. Net margin of zero means you cover all your expenses including COGS. The only really difficult, practically impossible, thing would be doing both at the same time. Though, I could also see a case where you drive down net margins once sunk costs are paid and achieve both.
Doing so practically, or sustainably, in most circumstances would be uhh crazy… but it’s not impossible. Even then I think aiming for zero margin is a pretty credible tactic in eliminating competition if you can out sustain them.
TLDR; Weird? Sure. But not impossible. And even sort of likely if you’re trying to atrophy your competition out of existence.
By rubyn00bie 6 hours ago
Ehhh, I think it's more like the CEO and others were Chinese assets for a long time.
Remember the 2018 accusations of spy chips implanted in supermicro motherboards that everyone denied so strongly?
By colechristensen 8 hours ago
> Remember the 2018 accusations of spy chips implanted in supermicro motherboards that everyone denied so strongly
It'd be easy to prove the existence of a pervasive "spy-chip" problem using a camera or a microscope. Unsurprisingly, neither Bloomberg nor it's quoted "experts" ever managed to do so, deapite loudly banging that drum.
By overfeed 5 hours ago
Spy chips could be just slightly different firmware for... any number of different things. It could be pretty stealthy, too.
By mlyle 2 hours ago
This news doesn't magically make those 2018 accusations true.
By platinumrad 7 hours ago
Remember when Singapore buyers were an abnormally high percentage of nvidia's revenue? You have to wonder if these companies are this brazen because they know the DoJ will have political pressure not to nuke the bubble which is more important than being China hawks.
By int32_64 9 hours ago
Yep, same how the sales of German industrial CNC, machines, tools and lathes exploded in Russia's neighbouring former soviet republics after 2022 for some reason.
Man, Kazakhstan must be an industrial powerhouse by now with all that German machinery. Can't wait for Kazakh EVs and semiconductors to hit the market.
By joe_mamba 8 hours ago
Sanctions evasions happen A LOT and enforcement has always been spotty.
By colechristensen 8 hours ago
This is even after the Hindenburg research report that found numerous screaming red flags a few years ago.
Having a net worth of ~$474 million just isn't enough for some people, I guess.
By hereme888 7 hours ago
MICE is the acronym for categorizing the common motivations for espionage:
M - Money/Greed
I - Ideology/Divided Loyalty
C - Coercion/Compromise
E - Ego
Sometimes, I think we look at people who are this wealthy and think they should be immune to these kinds of shenanigans, but I'd wager that the -ICE becomes even easier to exploit in people once they no longer need money, if they were already susceptible to it to begin with.
By avidruntime 7 hours ago
I wonder which of these the intelligence services prefer. Every one of them has their own advantages and drawbacks in terms of predictability, reliability, long term stability and chances of double dipping/playing both sides.
By jacquesm 4 hours ago
Most of these assets are not super spies. They have access to one particular type of information and the adversary squeezes all they can until all the juice is gone. Sophisticated espionage and double agents only exist in le Carre novels now.
By driftnet 2 hours ago
Ultra wealthy people are not in it for money. They like the game, and the money is a side effect. Many are willing to cheat evidently too.
By WarmWash 7 hours ago
interesting insight
By hereme888 6 hours ago
People are commonly in it for the money, so they naturally project this on the ultra-wealthy. But you will (almost) never get to ultra-wealthy status without some other external drive. Everyone else hits $20M, set for life, checks out and retires.
All these billionaires are unfathomably rich, and still slamming 60-80hr work weeks. They are not in it for the money.
By WarmWash 4 hours ago
More likely he was subject to blackmail or threats by the CCP.
By 0xy 5 hours ago
(I don't understand hardware well)
Can someone shed light on why China still couldn't copy the Nvidia GPUs in some form?
I understand its complex and there many parts to it, but which is the most complex part making it difficult for China to copy it?
Let's say they don't have access to 3nm process, what if they just use 12nm and create GPUs with much bigger size but comparable performance with CUDA compatibility? Or other option could be less tensor units, training will take longer, but they might be able to produce it cheaply
By throwaw12 8 hours ago
Copying CPUs isn't really a thing: they are too complex.
If you could steal all the designs at TSMC, and you had exactly the process that TSMC uses, you could definitely make counterfeits. If you didn't have TSMC's specific process, you could adapt the designs (to Intel or Samsung) with serious but not epic effort. If you couldn't make the processes similar (ie, want to fab on SMIC), you are basically back to RTL, and can look forward to the most expensive and time-consuming part of chip design.
This is nothing like copying a trivial, non-complex item like a car. Copying a modern jet engine is starting to get close (for instance, single-crystal blades), but even they are much simpler. I mention the latter because the largest, most resourced countries in the world have tried and are still trying.
By markhahn 8 hours ago
They have done a bit of this. SMIC is basically operating off of a cloned TSMC N7 node that they have since iterated on to get to a 5nm class node.
By monocasa 7 hours ago
But its still such a complex sort of beast.
Even if you had 'ai tools' guessing at component blocks on evaluation you would have to have some evaluation of the result.
And, thats assuming NVDA hasn't pulled a Masatoshi Shima type play on their designs (i.e. complex traps that could require lots of analysis to determine if they are real or fake)
Im not sure how much of a speedup even modern tooling/workflow could do reliably.
Even then,
The elephant in the room is that China is working on their own AI accelerators/etc, so while there can be benefit from -studying- the existing designs, however I think they do not want to clone regardless.
By whaleofatw2022 5 hours ago
Oh, absolutely. Straight up soviet style cloning of masks makes no sense for multitude of reasons. In addition to what you've said, China isn't banned from N7 class Nvidia architectures so could just buy those on the open market.
By monocasa 5 hours ago
If engines are hard to build, why not build a car 3x the size of a normal one, well you can but due to things like aerodynamics, etc etc you'll never match the speed or fuel economy of cars.
Same with chips, efficiency, speed, etc all depend on good design, and cutting edge factors, if the main reason your chip isn't faster is because of the distance between your L1 cache and your core is far, then having a bigger node process but bigger chip won't make it quicker.
By willx86 8 hours ago
Exactly, you can build 12nm but you can't quadruple the speed of light
By dixie_land 8 hours ago
> Can someone shed light on why China still couldn't copy the Nvidia GPUs in some form?
They have alternatives, like the Tian supercomputer was originally built with Xeon Phi chips that have been replaced with their own domestic alternatives.
A big limitation is getting access to fab slots. Nvidia and Apple are very aggressive about buying up capacity from TSMC, etc, and China's own domestic fabs are improving fast but still not a real match, particularly for volume.
By jasonwatkinspdx 7 hours ago
They can given enough time.
But there's a distinct time/value of investment equation with the current AI boom. The jury is at best still out on what that equation is for the goals of capital (it's increasingly looking like there's no moat), but if you're a national government trying to encourage local bleeding edge expertise in new fields like this it's quite a bit more clear.
At 3 GHz, a signal can travel at most 10 cm per clock cycle. You can't really physically scale a chip up.
By post-it 8 hours ago
You can you just have to use a tiled architecture. And microprocessors already have far shorter wiring distances than the simple speed of light calculation because it takes time for the gates to make the transition as well.
With processors it's customary to use the "Fan out of 4" metric as a measurement of the critical paths. It's the notional display for a gate with fan out of 4, which is the typical case for moving between latches/registers. Microprocessor critical paths are usually on the scale of ~10 FO4.
The largest chip at the moment is Cerebras's wafer scale accelerator. There the tile is basically at the reticule limit, and they worked with TSMC to develop a method to wire across the gaps between reticules.
By jasonwatkinspdx 7 hours ago
Mostly high end lithography.
They can copy it. And no, the software moat is not there if someone choose the blatant copy route. They just can't build it in the scale they want yet.
> what if they just use 12nm and create GPUs with much bigger size but comparable performance
Physics do not work this way :/
By rfoo 8 hours ago
well, physics does work that way, depending on what you mean by performance.
(in the sense that power is normally part of performance when we're talking about chips).
you could certainly use a larger process and clone chips at an area and power penalty. but area is the main factor in yield, and talking about power is really talking about "what's the highest clockrate can you can still cool".
so: a clone would work in physics, but it would be slow and hot and expensive (low yield). I think issues like propagation delay would be second- or third-order (the whole point of GPUs is to be latency-tolerant, after all).
By markhahn 8 hours ago
The timing is brutal - SMCI already had the accounting restatement scandal in 2024, spent months fighting delisting, finally got somewhat rehabilitated in the AI infrastructure boom... and now this. 25% single-day drop on a company that was already trading at a discount to peers tells you the market was still pricing in tail risk. For anyone tracking institutional holdings - the 13F filings from Q4 showed several funds adding back SMCI after the accounting mess cleared up. Those bets just got very painful.
By vicchenai 10 hours ago
Seems like a good buy now. They're still making and selling hardware.
By b112 8 hours ago
For fun, I will sometimes buy trivial positions in solid companies whose stock price falls 8-10% or so due to some minor temporary bad press and then resell in a month or two when the news cycle forgets about them and price rebounds. I make a decent amount of play money this way.
SMCI has a pattern of missteps over the years, I would not qualify them as a solid future bet.
(And in case someone asks the question, no that is not a viable long-term strategy one's retirement savings because it's very much speculating and doesn't work AT ALL when the market is volatile or falling as a whole.)
By bityard 5 hours ago
External factors can be a quick recovery. Internal factors are often a long road. Accounting and corruption failures sounds internal to me.
By phatfish an hour ago
You could be right. But reading the comments here it seems it's had 2-3 scandals in the last 4 years, which makes me suspect that more could be brought to light.
By pinkmuffinere 7 hours ago
I'd been assuming that the Chinese AI labs producing excellent LLMs despite the NVIDIA export restrictions was due to them finding new optimizations for training against the hardware they had access to.
I wonder if any of those $2.5B of smuggled chips ended up being used for those training runs.
By simonw 9 hours ago
combination of both, they published papers so we can clearly see they are not just duplicating old methods but coming up with new optimizations. ... yet we can't rule out that they used Nvidia. I don't even see how the export restrictions work, it's stupid. A Chinese company can go to another country, say France or Canada, setup a business buy a bunch of GPUs then make it available to their subsidiary in China. The export restrictions doesn't restrict usage/sharing/renting as far as I know...
By segmondy 8 hours ago
They definitely are using Nvidia. Part of deepseek's special sauce was using an "undocumented" ptx instruction to get a cute microoptimization with the memory hierarchy.
They don't work. Chinese are skilled enough to desolder and smuggle just the ships themselves. They make the rest of GPU in-house. With more VRAM than the nvidia offers, comically, in case of 4090.
By whatevaa 8 hours ago
The answer is, of course lol?
Gamers Nexus did a whole deep dive which basically proved that Chinese researchers had access to whatever they wanted.
Qwen and Kimi haven't disclosed their hardware as far as I can tell.
By simonw 9 hours ago
If they were using banned chips they wouldn't declare them in public papers. There have been multiple documented/alleged cases of chips being routed through Singaporean shell companies.
Did you think the hesitancy of westerners engaging and relying on Chinese labs was due to vibes? There are fundamental cultural differences at play, wether we are comfortable admitting that or not.
By tcdent 9 hours ago
If you're so brave, you should state what these fundamental cultural differences are.
Simon, love your work. Hope this is sarcasm. If not, imagine the opposite: Sam Altman and co suddenly started producing tons of content about how smart they are in Mandarin. Why do they even need a story to begin with, let alone one they push halfway around the world?
The $2.5B number is just these guys. It could be 10x in total.
By peyton 9 hours ago
Of course they're using the best chips they can get, but this is a bizarre theory. English is the lingua franca of scientific publishing.
By platinumrad 5 hours ago
Wild timing on this. SMCI was already under scrutiny from the accounting issues last year, and now this. Institutional holders have been quietly reducing positions over the last two quarters if you check the 13F filings. Sometimes the smart money exit is the real signal.
By vicchenai 2 hours ago
Not a fan of trade barriers, but love it when CEOs go to jail for ignoring the law. Now start enforcing copyright laws against AI companies please <3
A (classically) liberal society can only work if everyone is held to the same standard of the law.
By whacko_quacko 5 hours ago
So, good time to buy on the panic?
By simonebrunozzi 9 hours ago
If you do, you could protect yourself with a sell stop below $17.25... because if it breaks that on weekly candles, next are $14 and $10. Or you could buy some calls instead when the volatility calms down. If you do it now, the volcrush could happen even if you're correct.
Not investment advice, do you own research. I'm just someone on the Internet.
By czbond 9 hours ago
Thank you stock astrologist
By stevewodil 9 hours ago
I might go as this for Halloween.
By czbond 10 minutes ago
In know you're in jest, but no worries. Strong support around $17 for lots of reasons - would be difficult to push it below that.
In fact there is an open gap that I'd expect it to close around $16.30 and another one around $19
By czbond 7 hours ago
How did you learn algotrading?
By brcmthrowaway 5 hours ago
Id like to sell you a bridge
By daedrdev 5 hours ago
interesting that the stock market (a subset of the prediction market now, right?) would even care, or would take this as a negative.
"sorry guys, I did something token-bad a while ago that got you more money."
that's the sort of meaculpa I'd expect to get rewarded these days...
I've had my own dealings with this awful company. Including Wally.
Let's just say that none of this comes as any surprise.
Now, what people should be asking is how much Jensen knew. In May he said there was nothing going on. But the videos of the Chinese guy holding H1/200's ... never got to him?
Also interesting how they waited until just after GTC...
By latchkey 8 hours ago
They need a new logo.
By maxglute 9 hours ago
For a split second I read that as Super Mario shares
By Razengan 7 hours ago
same!
By chourobin 7 hours ago
Maybe it's time to re-visit that "spy chip" story from almost a decade ago.
Edit: Officially-debunked, I should note
By phendrenad2 9 hours ago
Yes, debunked or at least never backed up any actual evidence.
(Allegedly) just some Bloomberg (alleged) bullshittery, (allegedly) posted to move the market.
By CamperBob2 8 hours ago
Well, also had other pen testers come forward saying that they had found implants on supermicro servers and had talked to federal authorities who had said it was a known relatively large issue they were trying to get a handle on while keeping it under wraps.
And if it were posted to move the market, that would have been about the most cut and dry SEC violation possible, posted at a time when the federal government still enforced such things.
By monocasa 8 hours ago
Whenever some soylent-drinking, impossible foods-eating dilettante says "debunked" I find myself not fully believing them. And Supermicro has always been sus. I can't believe people are only just now noticing.
By midtake 7 hours ago
Oof. SuperMicro also had it's hardware supply chain compromised back in the 2010s [0][1][2][3]
Those claims were never confirmed, no? Some of it might be true or trueish but I'm not talking Bloomberg's anonymous sources word for it, and with so much supermicro gear out there you would think some other evidence would show up.
By progbits 10 hours ago
It depends on what you consider confirmed. It was kind of corroborated, at least. There was a CEO of a hardware security firm that came forward after the original article. He claimed that his firm had actually found a hardware implant on a board during a security audit. It wasn't exactly as Bloomberg described, though.
His take was that it was very unlikely that it impacted exclusively Supermicro, though.
I don't think it was a confirmed story. That is, the tiny "grain of rice" size Ethernet module that CEO of a security audit company allegedly found, was not present in other SuperMicro servers. SuperMicro itself, as well as it's buggest customers did not confirm the findings.
From what i recall, the story was very vague, there were no pictures of the specific chip, no pictures of the motherboard of the motherboard that would include serial, i.e. no details that would accompany a serious security research.
By kantselovich 9 hours ago
Did they originally say it was a grain of rice Ethernet module?
I thought it was supposed to be an incredibly tiny micro sitting on the bmc's boot flash to break inject vulnerabilities.
By monocasa 7 hours ago
I recall, at the time Bloomberg and their source were taking about tiny chip on the bmc that was masking as a resistor.
However they did not produce any concrete evidence, citing NDA between that security company and their client.
By kantselovich 3 hours ago
A supply chain attack similar to Supermicro's would be much more targeted and recalls with national security implications do get flagged via a separate chain.
Bloomberg's tech coverage is not great from what I've seen. Last year they published a video which was intended to investigate GPUs being smuggled into China, but they couldn't get access to a data center so they basically said we don't know if it's true or not. Meanwhile an independent Youtuber with a fraction of the resources actually met and filmed the smugglers and the middlemen brokering the sales between them and the data centers. Bloomberg responded by filing a DMCA takedown of that video.
By frenchtoast8 9 hours ago
What Bloomberg proposed - sniffing the TTL signal between BMC and boot ROM and flipping a few bits in transit - is far from science fiction. It would be easy to implement in the smallest of microcontrollers using just a few lines of code: a ring buffer to store the last N bits observed, and a trigger for output upon observing the desired bits. 256 bytes of ROM/SRAM would probably be plenty. Appropriately tiny microcontrollers can also power themselves parasitically from the signal voltage as https://en.wikipedia.org/wiki/1-Wire chips do. SMBus is clocked from 10khz to 1mhz, assuming that's what the ROM was hanging off of, which is comfortably within the nyquist limit on an 8 - 20mhz micro.
Something similar has been done in many video game console mod chips. IIRC, some of the mod chips manage it on an encrypted bus (which Bloomberg's claims do not require).
"On PsNee, there are two separate mechanisms. One is the classic PS1 trick of watching the subchannel/Q data stream and injecting the SCEx symbols only when the drive is at the right place; the firmware literally tracks the read pattern with a hysteresis counter and then injects the authentication symbols on the fly. You can see the logic that watches the sector/subchannel pattern and then fires inject_SCEX(...) when the trigger condition is met.
PsNee also includes an optional PSone PAL BIOS patch mode which tells the installer to connect to the BIOS chip’s A18 and D2 pins, then waits for a specific A18 activity pattern and briefly drives D2 low for a few microseconds before releasing it back to high-impedance. That is not replacing the BIOS; it is timing a very short intervention onto the ROM data bus during fetch."
By timschmidt 9 hours ago
Didn't that turn out to be incorrect?
Multiple security companies looked into this and found nothing malicious.
By throwa356262 10 hours ago
Nope. Bloomberg doubled down on it and even Bruce Schneider accepted it despite initially being a skeptic.
By alephnerd 10 hours ago
What was the last thing Schneier wrote on it? I thought it was this:
I don’t think it’s real. Yes, it’s plausible. But first of all, if someone actually surreptitiously put malicious chips onto motherboards en masse, we would have seen a photo of the alleged chip already. And second, there are easier, more effective, and less obvious ways of adding backdoors to networking equipment.
HNers are acting reflexively skeptical (which isn't always a bad thing), but targeted supply chain based attacks conducted by a nation statein the manner described are actually doable, and back when I was still a line-level SWE this was when we started putting significant engineering effort into hardware tampering protections back in the 2015-17 period.
The hardware supply chain incident itself most likely happened in the late 2000s to early 2010s when hardware supply chain security wasn't top of mind as an attack surface.
Modchips targeting contemporaneous gaming systems like the PS1 and PS2 use a similar approach to the SuperMicro incident.
By alephnerd 6 hours ago
I don't believe that there was ever extra chips being added to the boards, but what I could believe is that they shipped with firmware on specific chips that enabled data exfiltration for specific customers and due to a game of telephone with non technical people it turned into "they're adding chips inside the pcb layers!"
By unsnap_biceps 10 hours ago
I thought the point was an extra chip in the place of a pull up resistor or something that would edit the firmware image as it made its way across the bus, so you wouldn't see the modifications even if you pulled the flash chip and read it out manually, and would also be persistent across flash updates.
By monocasa 7 hours ago
There also was a CEO of a hardware security company that came out and said that his firm had found an implanted chip during an audit. IIRC, he was convinced that it was very unlikely to be limited to Supermicro hardware.
By protimewaster 10 hours ago
> he was convinced that it was very unlikely to be limited to Supermicro hardware
Yep. This was why there was a significant movement around mandating Hardware BOMs in both US and EU procurement in the early 2020s.
Also, the time period that the Bloomberg story took place was the late 2000s and early 2010s, when hardware supply chain security was much less mature.
By alephnerd 9 hours ago
Schneier was simply taking at face value the contents of the Bloomberg article, especially the statement by Mike Quinn who claimed he was told by the Air Force not to include any Supermicro gear in a bid.
By greedo 9 hours ago
No evidence was ever presented and nobody ever found anything, as far as I can tell?
By tumult 10 hours ago
There was a security auditing firm that came out a few days later claiming they'd found a chip, similar to the one Bloomberg described, during a security audit.
It's still nothing concrete, though. Their CEO basically said that they'd found one and that they couldn't say much more about it due to an NDA.
By protimewaster 10 hours ago
From thousands of miles away you can hear the fans at the NSA data center as they spin up checking the background to all responses to this posting.
By fidotron 9 hours ago
I'd like to think that modern centers are water cooled so it'd be more quiet these days unless you are implying that this application of theirs is running on legacy hardware? :P
By nebula8804 9 hours ago
I have it on good authority they only use SuperMicro ;)
By jacquesm 8 hours ago
Violating sanctions isn't exactly the same thing as smuggling. It also doesn't seem like it should be a crime to disagree with your state on who deserves what service... i never voted for the dingbats who control who is called a terrorist, let alone the people scared of china.
By throwaway27448 7 hours ago
> Violating sanctions isn't exactly the same thing as smuggling.
The actions described in the article is both smuggling and a violation of sanctions.
By kube-system 4 hours ago
> It also doesn't seem like it should be a crime to disagree with your state on who deserves what service...
Seems like that's a pretty obvious and straightforward power for a state to have. The state has to make foreign and domestic policy decisions, and to be effective that would have to include trade restrictions. Otherwise you could have situations like businessmen profiting by selling weapons to the enemy to kill his own countrymen--and there are sociopaths who'd do that.
> i never voted for the dingbats who control who is called a terrorist, let alone the people scared of china.
So what?
By palmotea 7 hours ago
I agree. this is about US corporations using the government to protect their business moat. But 300M citizens can't use the government to ensure we have access to a doctor. It's sickening. China would be such a great competitor at what, making deep fakes or stealing from artists/musicians? It's stupid-on-top-of-stupid.
By Namahanna 9 hours ago
By rmoriz 8 hours ago
By hangonhn 9 hours ago
By Namahanna 8 hours ago
By gruez 7 hours ago
By timschmidt 7 hours ago
By nazgulsenpai 8 hours ago
By evanjrowley 9 hours ago
By skullone 7 hours ago
By SoftTalker 7 hours ago
By kube-system 5 hours ago
By EvanAnderson 6 hours ago
By jacquesm 4 hours ago
By phil21 6 hours ago
By amluto 2 hours ago
By cobertos 9 hours ago
By segmondy 8 hours ago
By Aurornis 8 hours ago
By timschmidt 8 hours ago
By dessimus 7 hours ago
By killingtime74 4 hours ago
By SomeHacker44 6 hours ago
By nebula8804 9 hours ago
By deepsun 8 hours ago
By SoftTalker 6 hours ago
By deepsun 3 hours ago
By lazide 7 hours ago
By deepsun 2 hours ago
By 6510 7 hours ago
By lazide 7 hours ago
By rubyn00bie 6 hours ago
By colechristensen 8 hours ago
By overfeed 5 hours ago
By mlyle 2 hours ago
By platinumrad 7 hours ago
By int32_64 9 hours ago
By joe_mamba 8 hours ago
By colechristensen 8 hours ago
By deepsquirrelnet 7 hours ago
By hereme888 7 hours ago
By avidruntime 7 hours ago
By jacquesm 4 hours ago
By driftnet 2 hours ago
By WarmWash 7 hours ago
By hereme888 6 hours ago
By WarmWash 4 hours ago
By 0xy 5 hours ago
By throwaw12 8 hours ago
By markhahn 8 hours ago
By monocasa 7 hours ago
By whaleofatw2022 5 hours ago
By monocasa 5 hours ago
By willx86 8 hours ago
By dixie_land 8 hours ago
By jasonwatkinspdx 7 hours ago
By monocasa 8 hours ago
By kcb 8 hours ago
By post-it 8 hours ago
By jasonwatkinspdx 7 hours ago
By rfoo 8 hours ago
By markhahn 8 hours ago
By vicchenai 10 hours ago
By b112 8 hours ago
By bityard 5 hours ago
By phatfish an hour ago
By pinkmuffinere 7 hours ago
By simonw 9 hours ago
By segmondy 8 hours ago
By monocasa 7 hours ago
By whatevaa 8 hours ago
By John23832 9 hours ago
By simonw 9 hours ago
By tyre 9 hours ago
By tcdent 9 hours ago
By platinumrad 7 hours ago
By beeflet an hour ago
By peyton 9 hours ago
By platinumrad 5 hours ago
By vicchenai 2 hours ago
By whacko_quacko 5 hours ago
By simonebrunozzi 9 hours ago
By czbond 9 hours ago
By stevewodil 9 hours ago
By czbond 10 minutes ago
By czbond 7 hours ago
By brcmthrowaway 5 hours ago
By daedrdev 5 hours ago
By markhahn 8 hours ago
By dwa3592 9 hours ago
By latchkey 8 hours ago
By maxglute 9 hours ago
By Razengan 7 hours ago
By chourobin 7 hours ago
By phendrenad2 9 hours ago
By CamperBob2 8 hours ago
By monocasa 8 hours ago
By midtake 7 hours ago
By alephnerd 10 hours ago
By progbits 10 hours ago
By protimewaster 10 hours ago
By kantselovich 9 hours ago
By monocasa 7 hours ago
By kantselovich 3 hours ago
By alephnerd 10 hours ago
By frenchtoast8 9 hours ago
By timschmidt 9 hours ago
By throwa356262 10 hours ago
By alephnerd 10 hours ago
By WillPostForFood 6 hours ago
By alephnerd 6 hours ago
By unsnap_biceps 10 hours ago
By monocasa 7 hours ago
By protimewaster 10 hours ago
By alephnerd 9 hours ago
By greedo 9 hours ago
By tumult 10 hours ago
By protimewaster 10 hours ago
By fidotron 9 hours ago
By nebula8804 9 hours ago
By jacquesm 8 hours ago
By throwaway27448 7 hours ago
By kube-system 4 hours ago
By palmotea 7 hours ago
By gosub100 3 hours ago