- The Gamers Nexus GPU Blackmarket deep dive was great at digging into this. https://www.youtube.com/watch?v=1H3xQaf7BFI
And the entire Bloomberg takedown drama added fire to the flames.
- A couple of years ago Bloomberg reported about spy chips/hw backdoors in SuperMicro mainboards but to my knowledge without a smoking gun proof. Maybe they had to settle outside of court and also had to sign papers to help protect the company from further damage in the future. Using (other) Bloomberg material may have triggered this. Of course this is a wild speculation. I have no evidence or insider knowledge.
- Yeah what as the story behind the BBerg take down drama? I just remember it being something absurd.
- GN used Bloomberg clips of US Gov officials speaking on AI chip matters, fully under fair use.
And Bloomberg did a DMCA takedown through youtube, copystrike in parlance which pulled the video down for a week. GN had no recourse other than to wait and counterclaim.
Week timed out, Bloomberg did nothing but be the bully.
Louis Rossmann's excellent explainer video here on the Bloomberg bit: https://www.youtube.com/watch?v=6RJvrTC6oTI
- >Louis Rossmann's excellent explainer video here on the Bloomberg bit: https://www.youtube.com/watch?v=6RJvrTC6oTI
As always, Louis is being a bit sensationalist and stretches the truth to whip up outrage. Contrary to what he claims, GN could have easily quoted the president without Bloomberg's video, and that would be fine. "that outlet now has a monopoly on who is able to quote the president" is just a totally false premise. Moreover he tries to argue that GN's video falls under fair use, because it's a 1 minute clip in a 3 hour video. However it's not hard to think of a rebuttal to this. If news organizations can copy each other's clips of official speeches, who would bother going out and making such recordings? Usually how this would be resolved would be by citing precedents, but he doesn't bother citing any.
- > If news organizations can copy each other's clips of official speeches
Brother, wait until you learn about the associate press.
In U.S. copyright law, the four factors evaluated to judge fair use are:
1: Purpose and character of the use: including whether the use is commercial or nonprofit educational, and whether it is transformative.
2: Nature of the copyrighted work: for example, whether the work is more factual or more creative.
3: Amount and substantiality used: both how much was taken and whether it was a qualitatively important part of the work.
4: Effect on the market: whether the use harms the potential market for or value of the original work.
Courts weigh all four factors together. There is no fixed rule like "under 30 seconds" or "under 10%." GN's use seems to satisfy all four factors.
- >Brother, wait until you learn about the associate press.
The same AP that licenses content to its members and charges non-members for the privilege of reusing their content?
"Many newspapers and broadcasters outside the United States are AP subscribers, paying a fee to use AP material without being contributing members of the cooperative. As part of their cooperative agreement with the AP, most member news organizations grant automatic permission for the AP to distribute their local news reports. "
> GN's use seems to satisfy all four factors.
It's weakest at #1 and #4.
#1: it's a commercial piece of work (so far as I can tell GN isn't a non-profit), and the use of the clip specifically isn't critical to the work. If you're critiquing a movie or something, and need to show a screengrab to get your point across, then that makes sense, but if the purpose of the video is just to establish "Trump said this", the video isn't really needed.
#4: see above regarding making recordings of official speeches.
Moreover I'm not trying to argue that GN is definitely not fair use, only that there's a plausible case otherwise. If there's actual disagreement over it's fair use or not, then the DMCA process is working as intended, and Bloomberg isn't abusing it as Louis implies.
- Yeah yeah, everyone enforces their copyrights to the maximum extent possible. But this does not prevent massive amounts of both licensed copying and free use copying. The framework I outlined above is from the US Supreme Court's rulings on fair use so applies for everyone in the US.
[responses to edited-out portion of parent comment]
Re: #1, GN's work while commercial is an educational investigative journalism / documentary piece which are well established users of Free Use protection. GN's use is absolutely transformative.
#4: Bloomberg would have to prove a financial loss to have standing. That would mean that GN must have no other option than to use Bloomberg's clip, and pay the license, which I don't think would fly. GN would have just produced the segment differently.
- >[responses to edited-out portion of parent comment]
readded
- They did have the video uploaded to archive.org (or at least link to someone else who did) and gave permission to anyone else to repost it. Which is how I saw it, some rando burner account on YouTube :)
- He used a clip from Bloomberg without permission.
- He used a clip legally under fair use without permission, which you don't need if it is under fair use.
- Equally important, it was of a US government official speaking, not content Bloomberg specifically created, such as one of their employees giving analysis.
- I'd just add, it was like a 1 minute clip in like a 2 or 3 hour video.
- Worth noting that it was entirely legal do so, due to fair use rules.
- It's sad to see what's happened to SuperMicro. They were one of the few vendors of server-grade hardware fitting standard ATX, mATX, and ITX form factors. In my experience their hardware was always better than the others who attempted to do the same (Gigabyte, Asus, ASRock). These days, motherboards with the features I want are going to be on AliExpress. Ironic considering this latest news is about putting trade barriers between the US and mainland China.
- Supermicro is definitely a "you get what you pay for". We bought thousands of servers from their vertical integrations partners, had massive board and backplane problems. Took a few years but they eventually took back over $30 million dollars worth of servers, which were scrapped ultimately because the rework on them was so cost prohibitive. We lost $30M on that even after the $30M in good will refunds. Supermicro also has the lowest bios/efi/bmc/ipmi/redfish out of any vendor we have seen. Just low tier cheap ass shit by a company who can barely survive quarter to quarter without running some new scam on customers, investors, and even governments.
- Pretty much. But at one point you could buy 2 to 3 units to every equivalent Dell or HP unit unless you had enough scale to get volume discounts. At $30M I expect the price to be a lot closer though.
Then it’s a matter of how well your engineering/ops org is setup to deal with silly hardware issues and annoyances. Some orgs will burn dozens of hours on a random failure, some will burn an hour or treat the entire server as disposable due to aforementioned cost differences. If you are not built to run on cheaply engineered gear that has lots of “quality of life” sharp edges (including actual physical sharp edges!) then you are gonna have a bad time. Silly things like rack rails sucking will bite you and run up the costs far more than anyone would expect unless you have experience to predict and plan for such things beforehand.
Of course you do have the risk of a totally shit batch or model of server where all that goes out the window. I got particularly burned by some of their high density blade servers, where it was a similar story to yours. Total loss in the 7 figures on that one!
Totally agreed on their BMC/firmware department. Flashbacks to hours of calls with them trying to explain the basics. My favorite story from that group is arguing with them over what a UUID is - they thought it was just a randomly generated string. Worked until one didn’t pass parsing on some obscure deeply buried library and caused mysterious automation failures due to being keyed against chassis UUID… and that’s when they’d actually burn one into firmware in the first place.
- Pretty much the same experience (on a much smaller scale). And just open up one of their servers and compare the engineering to a Dell or HPE server. Anything that can be cheaped out is. Corrugated plastic for cooling air channels, FRU assemblies held in place with sheet metal screws, all very bargin basement.
- I haven't worked with anything at that scale, but the little bit that I was SuperMicro adjacent I was always unimpressed by the "fit and finish" of the entire experience, as compared to Dell and HP. (Having said that, the entire x86 commodity server experience is shitty anyway. I had a brief time, early in my career, when I did work with DEC Alpha machines. Man, they had their shit together. Stuff was expensive as sin, but stuff worked together and worked well. Build quality was tank-like.)
- Curious what the features are that you like and can source from AliExpress? I have usually gotten boards from Asus and its ilk, these days with 4+ M.2 slots...
- How do you even find motherboards on AliExpress properly? Do you have a methodology to split the chaff from the wheat?
- what chaff? Just search, find what you want and buy. It's like ebay.
- Being like eBay is why it's full of chaff. There's a lot of really bad hardware on Aliexpress.
You either take a gamble on something and hope it's good, or try to buy the same thing that someone else bought and reviewed.
- I always figured that was the trade-off for paying 1/3 the price. Having to buy 3x as many to find a good one. :P
- "Another Slot A motherboard :(, maybe the 4th one I buy from AliExpress will finally be that X870 motherboard I want!"
- I've never received something other than what I've ordered. At worst the documentation is scant or missing entirely. Specifically with respect to motherboards, most of the aliexpress specials I've interacted with have had completely unlocked BIOSes. Which are easy to get yourself into trouble with, but kind of nice to have when you need them.
- Ehhh, I think it's more like the CEO and others were Chinese assets for a long time.
Remember the 2018 accusations of spy chips implanted in supermicro motherboards that everyone denied so strongly?
- This news doesn't magically make those 2018 accusations true.
- You either become an Apple or you eventually circle the drain competing to zero margins which forces 'other methods' of generating growth.
- And ideal effective market must have a zero margins. That's normal, what the economy strives for, what customers want.
If some market has large margins, it means it has some inefficiencies.
- Ideally yes, in practice it needs to return more than just parking your money in a savings account.
- It is impossible to have (actual) zero margins.
- It depends on what you mean, do you mean both gross and net? Just one of the two?
Gross margin of zero would be mean you sell at exactly the cost to produce. Net margin of zero means you cover all your expenses including COGS. The only really difficult, practically impossible, thing would be doing both at the same time. Though, I could also see a case where you drive down net margins once sunk costs are paid and achieve both.
Doing so practically, or sustainably, in most circumstances would be uhh crazy… but it’s not impossible. Even then I think aiming for zero margin is a pretty credible tactic in eliminating competition if you can out sustain them.
TLDR; Weird? Sure. But not impossible. And even sort of likely if you’re trying to atrophy your competition out of existence.
- It isn't, you can do things as a side project.
I thought about quite often while visiting a pub owned by the land lord renting out 150 rooms above. Each floor had a large industrial shared kitchen, shared bathrooms, toilets and a large shared living room. If people had 1-2 guests they would stay in their room, if they had 2-10 guests they would use the shared space, if they had 4-80 guests they would take the elevator to the pub. When one was bored with the guests or didn't have time they were left in the pub. Technically people had bar shifts in their rent contract (that you could buy your way out of) but there were plenty who enjoyed running the bar for free. Drinks were at cost. If you tried to tip or didn't take your change they left it on the counter and it would sit there for a day or two. The problem of the pinball machine earnings they solved with rounds of free drinks and chips.
When asked the owner said exploiting a bar was entirely to much work. If he wanted more money from the people living there he could just increase the rent?
- Those are negative margins.
- Remember when Singapore buyers were an abnormally high percentage of nvidia's revenue? You have to wonder if these companies are this brazen because they know the DoJ will have political pressure not to nuke the bubble which is more important than being China hawks.
- Yep, same how the sales of German industrial CNC, machines, tools and lathes exploded in Russia's neighbouring former soviet republics after 2022 for some reason.
Man, Kazakhstan must be an industrial powerhouse by now with all that German machinery. Can't wait for Kazakh EVs and semiconductors to hit the market.
- Sanctions evasions happen A LOT and enforcement has always been spotty.
- This is even after the Hindenburg research report that found numerous screaming red flags a few years ago.
- Having a net worth of ~$474 million just isn't enough for some people, I guess.
- MICE is the acronym for categorizing the common motivations for espionage:
M - Money/Greed
I - Ideology/Divided Loyalty
C - Coercion/Compromise
E - Ego
Sometimes, I think we look at people who are this wealthy and think they should be immune to these kinds of shenanigans, but I'd wager that the -ICE becomes even easier to exploit in people once they no longer need money, if they were already susceptible to it to begin with.
- The timing is brutal - SMCI already had the accounting restatement scandal in 2024, spent months fighting delisting, finally got somewhat rehabilitated in the AI infrastructure boom... and now this. 25% single-day drop on a company that was already trading at a discount to peers tells you the market was still pricing in tail risk. For anyone tracking institutional holdings - the 13F filings from Q4 showed several funds adding back SMCI after the accounting mess cleared up. Those bets just got very painful.
- Seems like a good buy now. They're still making and selling hardware.
- You could be right. But reading the comments here it seems it's had 2-3 scandals in the last 4 years, which makes me suspect that more could be brought to light.
- (I don't understand hardware well)
Can someone shed light on why China still couldn't copy the Nvidia GPUs in some form?
I understand its complex and there many parts to it, but which is the most complex part making it difficult for China to copy it?
Let's say they don't have access to 3nm process, what if they just use 12nm and create GPUs with much bigger size but comparable performance with CUDA compatibility? Or other option could be less tensor units, training will take longer, but they might be able to produce it cheaply
- Copying CPUs isn't really a thing: they are too complex.
If you could steal all the designs at TSMC, and you had exactly the process that TSMC uses, you could definitely make counterfeits. If you didn't have TSMC's specific process, you could adapt the designs (to Intel or Samsung) with serious but not epic effort. If you couldn't make the processes similar (ie, want to fab on SMIC), you are basically back to RTL, and can look forward to the most expensive and time-consuming part of chip design.
This is nothing like copying a trivial, non-complex item like a car. Copying a modern jet engine is starting to get close (for instance, single-crystal blades), but even they are much simpler. I mention the latter because the largest, most resourced countries in the world have tried and are still trying.
- They have done a bit of this. SMIC is basically operating off of a cloned TSMC N7 node that they have since iterated on to get to a 5nm class node.
- If engines are hard to build, why not build a car 3x the size of a normal one, well you can but due to things like aerodynamics, etc etc you'll never match the speed or fuel economy of cars.
Same with chips, efficiency, speed, etc all depend on good design, and cutting edge factors, if the main reason your chip isn't faster is because of the distance between your L1 cache and your core is far, then having a bigger node process but bigger chip won't make it quicker.
- Exactly, you can build 12nm but you can't quadruple the speed of light
- > Can someone shed light on why China still couldn't copy the Nvidia GPUs in some form?
They have alternatives, like the Tian supercomputer was originally built with Xeon Phi chips that have been replaced with their own domestic alternatives.
A big limitation is getting access to fab slots. Nvidia and Apple are very aggressive about buying up capacity from TSMC, etc, and China's own domestic fabs are improving fast but still not a real match, particularly for volume.
- They can given enough time.
But there's a distinct time/value of investment equation with the current AI boom. The jury is at best still out on what that equation is for the goals of capital (it's increasingly looking like there's no moat), but if you're a national government trying to encourage local bleeding edge expertise in new fields like this it's quite a bit more clear.
- Another factor, it's not just GPUs it's the full hardware stack. https://static.tweaktown.com/news/1/1/110521_2_nvidia-update...
- At 3 GHz, a signal can travel at most 10 cm per clock cycle. You can't really physically scale a chip up.
- You can you just have to use a tiled architecture. And microprocessors already have far shorter wiring distances than the simple speed of light calculation because it takes time for the gates to make the transition as well.
With processors it's customary to use the "Fan out of 4" metric as a measurement of the critical paths. It's the notional display for a gate with fan out of 4, which is the typical case for moving between latches/registers. Microprocessor critical paths are usually on the scale of ~10 FO4.
The largest chip at the moment is Cerebras's wafer scale accelerator. There the tile is basically at the reticule limit, and they worked with TSMC to develop a method to wire across the gaps between reticules.
- Mostly high end lithography.
They can copy it. And no, the software moat is not there if someone choose the blatant copy route. They just can't build it in the scale they want yet.
> what if they just use 12nm and create GPUs with much bigger size but comparable performance
Physics do not work this way :/
- well, physics does work that way, depending on what you mean by performance. (in the sense that power is normally part of performance when we're talking about chips).
you could certainly use a larger process and clone chips at an area and power penalty. but area is the main factor in yield, and talking about power is really talking about "what's the highest clockrate can you can still cool".
so: a clone would work in physics, but it would be slow and hot and expensive (low yield). I think issues like propagation delay would be second- or third-order (the whole point of GPUs is to be latency-tolerant, after all).
- I'd been assuming that the Chinese AI labs producing excellent LLMs despite the NVIDIA export restrictions was due to them finding new optimizations for training against the hardware they had access to.
I wonder if any of those $2.5B of smuggled chips ended up being used for those training runs.
- combination of both, they published papers so we can clearly see they are not just duplicating old methods but coming up with new optimizations. ... yet we can't rule out that they used Nvidia. I don't even see how the export restrictions work, it's stupid. A Chinese company can go to another country, say France or Canada, setup a business buy a bunch of GPUs then make it available to their subsidiary in China. The export restrictions doesn't restrict usage/sharing/renting as far as I know...
- They definitely are using Nvidia. Part of deepseek's special sauce was using an "undocumented" ptx instruction to get a cute microoptimization with the memory hierarchy.
- They don't work. Chinese are skilled enough to desolder and smuggle just the ships themselves. They make the rest of GPU in-house. With more VRAM than the nvidia offers, comically, in case of 4090.
- The answer is, of course lol?
Gamers Nexus did a whole deep dive which basically proved that Chinese researchers had access to whatever they wanted.
https://youtu.be/1H3xQaf7BFI?si=ojlxOC7uiPqZxv0N
edit: not sure if this was sarcasm
- Some of the big LLM labs have written about their training hardware.
DeepSeek v3 was trained on 2,048 NVIDIA H800s. https://arxiv.org/abs/2412.19437
MiniMax M1 used 512 H800s. https://arxiv.org/abs/2506.13585
The H800 wasn't banned in the first round of export controls - but was after October 2023: https://www.cnbc.com/2023/10/17/us-bans-export-of-more-ai-ch...
Z.ai say they used Huawei hardware: https://www.theregister.com/2026/01/15/zhipu_glm_image_huawe...
Qwen and Kimi haven't disclosed their hardware as far as I can tell.
- If they were using banned chips they wouldn't declare them in public papers. There have been multiple documented/alleged cases of chips being routed through Singaporean shell companies.
For example: https://www.tomshardware.com/tech-industry/artificial-intell...
- I'm kindof surprised by this take.
Did you think the hesitancy of westerners engaging and relying on Chinese labs was due to vibes? There are fundamental cultural differences at play, wether we are comfortable admitting that or not.
- If you're so brave, you should state what these fundamental cultural differences are.
- Simon, love your work. Hope this is sarcasm. If not, imagine the opposite: Sam Altman and co suddenly started producing tons of content about how smart they are in Mandarin. Why do they even need a story to begin with, let alone one they push halfway around the world?
The $2.5B number is just these guys. It could be 10x in total.
- So, good time to buy on the panic?
- If you do, you could protect yourself with a sell stop below $17.25... because if it breaks that on weekly candles, next are $14 and $10. Or you could buy some calls instead when the volatility calms down. If you do it now, the volcrush could happen even if you're correct.
Not investment advice, do you own research. I'm just someone on the Internet.
- Thank you stock astrologist
- In know you're in jest, but no worries. Strong support around $17 for lots of reasons - would be difficult to push it below that.
In fact there is an open gap that I'd expect it to close around $16.30 and another one around $19
- interesting that the stock market (a subset of the prediction market now, right?) would even care, or would take this as a negative.
"sorry guys, I did something token-bad a while ago that got you more money."
that's the sort of meaculpa I'd expect to get rewarded these days...
- Maybe it's time to re-visit that "spy chip" story from almost a decade ago.
Edit: Officially-debunked, I should note
- Yes, debunked or at least never backed up any actual evidence.
(Allegedly) just some Bloomberg (alleged) bullshittery, (allegedly) posted to move the market.
- Well, also had other pen testers come forward saying that they had found implants on supermicro servers and had talked to federal authorities who had said it was a known relatively large issue they were trying to get a handle on while keeping it under wraps.
And if it were posted to move the market, that would have been about the most cut and dry SEC violation possible, posted at a time when the federal government still enforced such things.
- Whenever some soylent-drinking, impossible foods-eating dilettante says "debunked" I find myself not fully believing them. And Supermicro has always been sus. I can't believe people are only just now noticing.
- They need a new logo.
- I've had my own dealings with this awful company. Including Wally.
Let's just say that none of this comes as any surprise.
Now, what people should be asking is how much Jensen knew. In May he said there was nothing going on. But the videos of the Chinese guy holding H1/200's ... never got to him?
Also interesting how they waited until just after GTC...
- Oof. SuperMicro also had it's hardware supply chain compromised back in the 2010s [0][1][2][3]
[0] - https://www.bloomberg.com/news/features/2018-10-04/the-big-h...
[1] - https://www.bloomberg.com/features/2021-supermicro/
[2] - https://www.schneier.com/blog/archives/2021/02/chinese-suppl...
[3] - https://www.theinformation.com/articles/apple-severed-ties-w...
- Those claims were never confirmed, no? Some of it might be true or trueish but I'm not talking Bloomberg's anonymous sources word for it, and with so much supermicro gear out there you would think some other evidence would show up.
- It depends on what you consider confirmed. It was kind of corroborated, at least. There was a CEO of a hardware security firm that came forward after the original article. He claimed that his firm had actually found a hardware implant on a board during a security audit. It wasn't exactly as Bloomberg described, though.
His take was that it was very unlikely that it impacted exclusively Supermicro, though.
It was covered various places, including The Register https://www.theregister.com/2018/10/09/bloomberg_super_micro...
- I don't think it was a confirmed story. That is, the tiny "grain of rice" size Ethernet module that CEO of a security audit company allegedly found, was not present in other SuperMicro servers. SuperMicro itself, as well as it's buggest customers did not confirm the findings.
From what i recall, the story was very vague, there were no pictures of the specific chip, no pictures of the motherboard of the motherboard that would include serial, i.e. no details that would accompany a serious security research.
- Did they originally say it was a grain of rice Ethernet module?
I thought it was supposed to be an incredibly tiny micro sitting on the bmc's boot flash to break inject vulnerabilities.
- A supply chain attack similar to Supermicro's would be much more targeted and recalls with national security implications do get flagged via a separate chain.
- Bloomberg's claims sound like science fiction: https://www.servethehome.com/investigating-implausible-bloom...
Bloomberg's tech coverage is not great from what I've seen. Last year they published a video which was intended to investigate GPUs being smuggled into China, but they couldn't get access to a data center so they basically said we don't know if it's true or not. Meanwhile an independent Youtuber with a fraction of the resources actually met and filmed the smugglers and the middlemen brokering the sales between them and the data centers. Bloomberg responded by filing a DMCA takedown of that video.
- What Bloomberg proposed - sniffing the TTL signal between BMC and boot ROM and flipping a few bits in transit - is far from science fiction. It would be easy to implement in the smallest of microcontrollers using just a few lines of code: a ring buffer to store the last N bits observed, and a trigger for output upon observing the desired bits. 256 bytes of ROM/SRAM would probably be plenty. Appropriately tiny microcontrollers can also power themselves parasitically from the signal voltage as https://en.wikipedia.org/wiki/1-Wire chips do. SMBus is clocked from 10khz to 1mhz, assuming that's what the ROM was hanging off of, which is comfortably within the nyquist limit on an 8 - 20mhz micro.
Something similar has been done in many video game console mod chips. IIRC, some of the mod chips manage it on an encrypted bus (which Bloomberg's claims do not require).
Here's one example of a mod chip for the PS1 which sniffs and modifies BIOS code in transit: https://github.com/kalymos/PsNee
"On PsNee, there are two separate mechanisms. One is the classic PS1 trick of watching the subchannel/Q data stream and injecting the SCEx symbols only when the drive is at the right place; the firmware literally tracks the read pattern with a hysteresis counter and then injects the authentication symbols on the fly. You can see the logic that watches the sector/subchannel pattern and then fires inject_SCEX(...) when the trigger condition is met.
PsNee also includes an optional PSone PAL BIOS patch mode which tells the installer to connect to the BIOS chip’s A18 and D2 pins, then waits for a specific A18 activity pattern and briefly drives D2 low for a few microseconds before releasing it back to high-impedance. That is not replacing the BIOS; it is timing a very short intervention onto the ROM data bus during fetch."
- Didn't that turn out to be incorrect?
Multiple security companies looked into this and found nothing malicious.
- Nope. Bloomberg doubled down on it and even Bruce Schneider accepted it despite initially being a skeptic.
- What was the last thing Schneier wrote on it? I thought it was this:
I don’t think it’s real. Yes, it’s plausible. But first of all, if someone actually surreptitiously put malicious chips onto motherboards en masse, we would have seen a photo of the alleged chip already. And second, there are easier, more effective, and less obvious ways of adding backdoors to networking equipment.
https://www.schneier.com/blog/archives/2018/11/that_bloomber...
- https://www.schneier.com/blog/archives/2021/02/chinese-suppl...
HNers are acting reflexively skeptical (which isn't always a bad thing), but targeted supply chain based attacks conducted by a nation statein the manner described are actually doable, and back when I was still a line-level SWE this was when we started putting significant engineering effort into hardware tampering protections back in the 2015-17 period.
The hardware supply chain incident itself most likely happened in the late 2000s to early 2010s when hardware supply chain security wasn't top of mind as an attack surface.
Modchips targeting contemporaneous gaming systems like the PS1 and PS2 use a similar approach to the SuperMicro incident.
- I don't believe that there was ever extra chips being added to the boards, but what I could believe is that they shipped with firmware on specific chips that enabled data exfiltration for specific customers and due to a game of telephone with non technical people it turned into "they're adding chips inside the pcb layers!"
- I thought the point was an extra chip in the place of a pull up resistor or something that would edit the firmware image as it made its way across the bus, so you wouldn't see the modifications even if you pulled the flash chip and read it out manually, and would also be persistent across flash updates.
- Schneier was simply taking at face value the contents of the Bloomberg article, especially the statement by Mike Quinn who claimed he was told by the Air Force not to include any Supermicro gear in a bid.
- There also was a CEO of a hardware security company that came out and said that his firm had found an implanted chip during an audit. IIRC, he was convinced that it was very unlikely to be limited to Supermicro hardware.
- > he was convinced that it was very unlikely to be limited to Supermicro hardware
Yep. This was why there was a significant movement around mandating Hardware BOMs in both US and EU procurement in the early 2020s.
Also, the time period that the Bloomberg story took place was the late 2000s and early 2010s, when hardware supply chain security was much less mature.
- No evidence was ever presented and nobody ever found anything, as far as I can tell?
- There was a security auditing firm that came out a few days later claiming they'd found a chip, similar to the one Bloomberg described, during a security audit.
It's still nothing concrete, though. Their CEO basically said that they'd found one and that they couldn't say much more about it due to an NDA.
- From thousands of miles away you can hear the fans at the NSA data center as they spin up checking the background to all responses to this posting.
- I'd like to think that modern centers are water cooled so it'd be more quiet these days unless you are implying that this application of theirs is running on legacy hardware? :P
- I have it on good authority they only use SuperMicro ;)
- Violating sanctions isn't exactly the same thing as smuggling. It also doesn't seem like it should be a crime to disagree with your state on who deserves what service... i never voted for the dingbats who control who is called a terrorist, let alone the people scared of china.
- > It also doesn't seem like it should be a crime to disagree with your state on who deserves what service...
Seems like that's a pretty obvious and straightforward power for a state to have. The state has to make foreign and domestic policy decisions, and to be effective that would have to include trade restrictions. Otherwise you could have situations like businessmen profiting by selling weapons to the enemy to kill his own countrymen--and there are sociopaths who'd do that.
> i never voted for the dingbats who control who is called a terrorist, let alone the people scared of china.
So what?
238 points by pera 5 hours ago | 107 comments
