A couple of years ago Bloomberg reported about spy chips/hw backdoors in SuperMicro mainboards but to my knowledge without a smoking gun proof. Maybe they had to settle outside of court and also had to sign papers to help protect the company from further damage in the future. Using (other) Bloomberg material may have triggered this. Of course this is a wild speculation. I have no evidence or insider knowledge.
GN used Bloomberg clips of US Gov officials speaking on AI chip matters, fully under fair use.
And Bloomberg did a DMCA takedown through youtube, copystrike in parlance which pulled the video down for a week. GN had no recourse other than to wait and counterclaim.
Week timed out, Bloomberg did nothing but be the bully.
As always, Louis is being a bit sensationalist and stretches the truth to whip up outrage. Contrary to what he claims, GN could have easily quoted the president without Bloomberg's video, and that would be fine. "that outlet now has a monopoly on who is able to quote the president" is just a totally false premise. Moreover he tries to argue that GN's video falls under fair use, because it's a 1 minute clip in a 3 hour video. However it's not hard to think of a rebuttal to this. If news organizations can copy each other's clips of official speeches, who would bother going out and making such recordings? Usually how this would be resolved would be by citing precedents, but he doesn't bother citing any.
>Brother, wait until you learn about the associate press.
The same AP that licenses content to its members and charges non-members for the privilege of reusing their content?
"Many newspapers and broadcasters outside the United States are AP subscribers, paying a fee to use AP material without being contributing members of the cooperative. As part of their cooperative agreement with the AP, most member news organizations grant automatic permission for the AP to distribute their local news reports. "
> GN's use seems to satisfy all four factors.
It's weakest at #1 and #4.
#1: it's a commercial piece of work (so far as I can tell GN isn't a non-profit), and the use of the clip specifically isn't critical to the work. If you're critiquing a movie or something, and need to show a screengrab to get your point across, then that makes sense, but if the purpose of the video is just to establish "Trump said this", the video isn't really needed.
#4: see above regarding making recordings of official speeches.
Moreover I'm not trying to argue that GN is definitely not fair use, only that there's a plausible case otherwise. If there's actual disagreement over it's fair use or not, then the DMCA process is working as intended, and Bloomberg isn't abusing it as Louis implies.
Yeah yeah, everyone enforces their copyrights to the maximum extent possible. But this does not prevent massive amounts of both licensed copying and free use copying. The framework I outlined above is from the US Supreme Court's rulings on fair use so applies for everyone in the US.
[responses to edited-out portion of parent comment]
Re: #1, GN's work while commercial is an educational investigative journalism / documentary piece which are well established users of Free Use protection. GN's use is absolutely transformative.
#4: Bloomberg would have to prove a financial loss to have standing. That would mean that GN must have no other option than to use Bloomberg's clip, and pay the license, which I don't think would fly. GN would have just produced the segment differently.
>[responses to edited-out portion of parent comment]
readded.
edit: responses
>Re: #1, GN's work while commercial is an educational investigative journalism / documentary piece which are well established users of Free Use protection. GN's use is absolutely transformative.
I'm not going to argue too hard over whether taking a 1 minute clip for a 3 hr video counts as "transformative" because this is getting enough into the legal weeds that you'd want to start citing precedents, rather than having two armchair lawyers duking it out with random arguments.
That said, "investigative journalism / documentary piece" angle seems weak. It's not more "educational" than any other news organization (eg. Bloomberg or The New York Times), but apparently they still go out to record speeches, even though they can supposedly piggy back off another organization's footage under fair use.
>#4: Bloomberg would have to prove a financial loss to have standing. That would mean that GN must have no other option than to use Bloomberg's clip, and pay the license, which I don't think would fly. GN would have just produced the segment differently.
Right, but the purpose of DMCA is to take down infringing works, not to award damages. Whether they have losses or not is irrelevant. Moreover the implied argument of "it might be copyright infringement but Bloomberg isn't losing any money so they shouldn't be able to do takedowns" seems... questionable.
With regard to whether or not a work is transformative, the Supreme Court’s formulation from Campbell v. Acuff-Rose, a case about parody, asks whether the new work merely supersedes the original, or instead adds something new, with a further purpose or different character, altering the first with new expression, meaning, or message.
A practical way to think about it is this:
What is the new use for?
Courts look first at whether the secondary use serves a different purpose from the original, not just whether it looks different. Uses for criticism, commentary, parody, scholarship, search/indexing, or other new functions often have a stronger transformative argument.
Is there new expression, meaning, or message?
That still matters, but after Warhol, a claimed new meaning by itself is usually not enough, especially when the secondary use is being exploited in a similar commercial market as the original. The Court emphasized that the inquiry is tied to the specific use at issue and whether that use has a distinct purpose.
Does it substitute for the original in the same market?
Even if the new work has some new meaning, it looks less transformative if it is serving basically the same licensing or audience function as the original. That overlaps with factor 4 as well.
How much was taken, and was that amount justified by the new purpose?
A use is more defensible when it takes only what is reasonably needed for the transformative aim. In parody, for example, some copying may be necessary to “conjure up” the original, but not more than needed.
All of which I think can fairly be evaluated in GN's favor. Though as you point out, the lawyers are paid to argue each point.
They did have the video uploaded to archive.org (or at least link to someone else who did) and gave permission to anyone else to repost it. Which is how I saw it, some rando burner account on YouTube :)
Equally important, it was of a US government official speaking, not content Bloomberg specifically created, such as one of their employees giving analysis.
It's sad to see what's happened to SuperMicro. They were one of the few vendors of server-grade hardware fitting standard ATX, mATX, and ITX form factors. In my experience their hardware was always better than the others who attempted to do the same (Gigabyte, Asus, ASRock). These days, motherboards with the features I want are going to be on AliExpress. Ironic considering this latest news is about putting trade barriers between the US and mainland China.
Supermicro is definitely a "you get what you pay for". We bought thousands of servers from their vertical integrations partners, had massive board and backplane problems. Took a few years but they eventually took back over $30 million dollars worth of servers, which were scrapped ultimately because the rework on them was so cost prohibitive. We lost $30M on that even after the $30M in good will refunds.
Supermicro also has the lowest bios/efi/bmc/ipmi/redfish out of any vendor we have seen.
Just low tier cheap ass shit by a company who can barely survive quarter to quarter without running some new scam on customers, investors, and even governments.
Pretty much the same experience (on a much smaller scale). And just open up one of their servers and compare the engineering to a Dell or HPE server. Anything that can be cheaped out is. Corrugated plastic for cooling air channels, FRU assemblies held in place with sheet metal screws, all very bargin basement.
Pretty much. But at one point you could buy 2 to 3 units to every equivalent Dell or HP unit unless you had enough scale to get volume discounts. At $30M I expect the price to be a lot closer though.
Then it’s a matter of how well your engineering/ops org is setup to deal with silly hardware issues and annoyances. Some orgs will burn dozens of hours on a random failure, some will burn an hour or treat the entire server as disposable due to aforementioned cost differences. If you are not built to run on cheaply engineered gear that has lots of “quality of life” sharp edges (including actual physical sharp edges!) then you are gonna have a bad time. Silly things like rack rails sucking will bite you and run up the costs far more than anyone would expect unless you have experience to predict and plan for such things beforehand.
Of course you do have the risk of a totally shit batch or model of server where all that goes out the window. I got particularly burned by some of their high density blade servers, where it was a similar story to yours. Total loss in the 7 figures on that one!
Totally agreed on their BMC/firmware department. Flashbacks to hours of calls with them trying to explain the basics. My favorite story from that group is arguing with them over what a UUID is - they thought it was just a randomly generated string. Worked until one didn’t pass parsing on some obscure deeply buried library and caused mysterious automation failures due to being keyed against chassis UUID… and that’s when they’d actually burn one into firmware in the first place.
It was also always a tradeoff of having to deal with cheaped out hardware engineering with supermicro or with some horrible enterprise quarterly numbers driven sales process with Dell.
I haven't worked with anything at that scale, but the little bit that I was SuperMicro adjacent I was always unimpressed by the "fit and finish" of the entire experience, as compared to Dell and HP. (Having said that, the entire x86 commodity server experience is shitty anyway. I had a brief time, early in my career, when I did work with DEC Alpha machines. Man, they had their shit together. Stuff was expensive as sin, but stuff worked together and worked well. Build quality was tank-like.)
Curious what the features are that you like and can source from AliExpress? I have usually gotten boards from Asus and its ilk, these days with 4+ M.2 slots...
I've never received something other than what I've ordered. At worst the documentation is scant or missing entirely. Specifically with respect to motherboards, most of the aliexpress specials I've interacted with have had completely unlocked BIOSes. Which are easy to get yourself into trouble with, but kind of nice to have when you need them.
> Remember the 2018 accusations of spy chips implanted in supermicro motherboards that everyone denied so strongly
It'd be easy to prove the existence of a pervasive "spy-chip" problem using a camera or a microscope. Unsurprisingly, neither Bloomberg nor it's quoted "experts" ever managed to do so, deapite loudly banging that drum.
I thought about quite often while visiting a pub owned by the land lord renting out 150 rooms above. Each floor had a large industrial shared kitchen, shared bathrooms, toilets and a large shared living room. If people had 1-2 guests they would stay in their room, if they had 2-10 guests they would use the shared space, if they had 4-80 guests they would take the elevator to the pub. When one was bored with the guests or didn't have time they were left in the pub. Technically people had bar shifts in their rent contract (that you could buy your way out of) but there were plenty who enjoyed running the bar for free. Drinks were at cost. If you tried to tip or didn't take your change they left it on the counter and it would sit there for a day or two. The problem of the pinball machine earnings they solved with rounds of free drinks and chips.
When asked the owner said exploiting a bar was entirely to much work. If he wanted more money from the people living there he could just increase the rent?
Yeah this is just describing providing amenity for common areas in a shared building. Not much different from the doorman and free water bottles in the lobby or the rooftop swimming pool being baked into the rent of the units.
It depends on what you mean, do you mean both gross and net? Just one of the two?
Gross margin of zero would be mean you sell at exactly the cost to produce. Net margin of zero means you cover all your expenses including COGS. The only really difficult, practically impossible, thing would be doing both at the same time. Though, I could also see a case where you drive down net margins once sunk costs are paid and achieve both.
Doing so practically, or sustainably, in most circumstances would be uhh crazy… but it’s not impossible. Even then I think aiming for zero margin is a pretty credible tactic in eliminating competition if you can out sustain them.
TLDR; Weird? Sure. But not impossible. And even sort of likely if you’re trying to atrophy your competition out of existence.
Remember when Singapore buyers were an abnormally high percentage of nvidia's revenue? You have to wonder if these companies are this brazen because they know the DoJ will have political pressure not to nuke the bubble which is more important than being China hawks.
Yep, same how the sales of German industrial CNC, machines, tools and lathes exploded in Russia's neighbouring former soviet republics after 2022 for some reason.
Man, Kazakhstan must be an industrial powerhouse by now with all that German machinery. Can't wait for Kazakh EVs and semiconductors to hit the market.
MICE is the acronym for categorizing the common motivations for espionage:
M - Money/Greed
I - Ideology/Divided Loyalty
C - Coercion/Compromise
E - Ego
Sometimes, I think we look at people who are this wealthy and think they should be immune to these kinds of shenanigans, but I'd wager that the -ICE becomes even easier to exploit in people once they no longer need money, if they were already susceptible to it to begin with.
The timing is brutal - SMCI already had the accounting restatement scandal in 2024, spent months fighting delisting, finally got somewhat rehabilitated in the AI infrastructure boom... and now this. 25% single-day drop on a company that was already trading at a discount to peers tells you the market was still pricing in tail risk. For anyone tracking institutional holdings - the 13F filings from Q4 showed several funds adding back SMCI after the accounting mess cleared up. Those bets just got very painful.
For fun, I will sometimes buy trivial positions in solid companies whose stock price falls 8-10% or so due to some minor temporary bad press and then resell in a month or two when the news cycle forgets about them and price rebounds. I make a decent amount of play money this way.
SMCI has a pattern of missteps over the years, I would not qualify them as a solid future bet.
(And in case someone asks the question, no that is not a viable long-term strategy one's retirement savings because it's very much speculating and doesn't work AT ALL when the market is volatile or falling as a whole.)
You could be right. But reading the comments here it seems it's had 2-3 scandals in the last 4 years, which makes me suspect that more could be brought to light.
Can someone shed light on why China still couldn't copy the Nvidia GPUs in some form?
I understand its complex and there many parts to it, but which is the most complex part making it difficult for China to copy it?
Let's say they don't have access to 3nm process, what if they just use 12nm and create GPUs with much bigger size but comparable performance with CUDA compatibility? Or other option could be less tensor units, training will take longer, but they might be able to produce it cheaply
Copying CPUs isn't really a thing: they are too complex.
If you could steal all the designs at TSMC, and you had exactly the process that TSMC uses, you could definitely make counterfeits. If you didn't have TSMC's specific process, you could adapt the designs (to Intel or Samsung) with serious but not epic effort. If you couldn't make the processes similar (ie, want to fab on SMIC), you are basically back to RTL, and can look forward to the most expensive and time-consuming part of chip design.
This is nothing like copying a trivial, non-complex item like a car. Copying a modern jet engine is starting to get close (for instance, single-crystal blades), but even they are much simpler. I mention the latter because the largest, most resourced countries in the world have tried and are still trying.
Even if you had 'ai tools' guessing at component blocks on evaluation you would have to have some evaluation of the result.
And, thats assuming NVDA hasn't pulled a Masatoshi Shima type play on their designs (i.e. complex traps that could require lots of analysis to determine if they are real or fake)
Im not sure how much of a speedup even modern tooling/workflow could do reliably.
Even then,
The elephant in the room is that China is working on their own AI accelerators/etc, so while there can be benefit from -studying- the existing designs, however I think they do not want to clone regardless.
If engines are hard to build, why not build a car 3x the size of a normal one, well you can but due to things like aerodynamics, etc etc you'll never match the speed or fuel economy of cars.
Same with chips, efficiency, speed, etc all depend on good design, and cutting edge factors, if the main reason your chip isn't faster is because of the distance between your L1 cache and your core is far, then having a bigger node process but bigger chip won't make it quicker.
> Can someone shed light on why China still couldn't copy the Nvidia GPUs in some form?
They have alternatives, like the Tian supercomputer was originally built with Xeon Phi chips that have been replaced with their own domestic alternatives.
A big limitation is getting access to fab slots. Nvidia and Apple are very aggressive about buying up capacity from TSMC, etc, and China's own domestic fabs are improving fast but still not a real match, particularly for volume.
But there's a distinct time/value of investment equation with the current AI boom. The jury is at best still out on what that equation is for the goals of capital (it's increasingly looking like there's no moat), but if you're a national government trying to encourage local bleeding edge expertise in new fields like this it's quite a bit more clear.
You can you just have to use a tiled architecture. And microprocessors already have far shorter wiring distances than the simple speed of light calculation because it takes time for the gates to make the transition as well.
With processors it's customary to use the "Fan out of 4" metric as a measurement of the critical paths. It's the notional display for a gate with fan out of 4, which is the typical case for moving between latches/registers. Microprocessor critical paths are usually on the scale of ~10 FO4.
The largest chip at the moment is Cerebras's wafer scale accelerator. There the tile is basically at the reticule limit, and they worked with TSMC to develop a method to wire across the gaps between reticules.
They can copy it. And no, the software moat is not there if someone choose the blatant copy route. They just can't build it in the scale they want yet.
> what if they just use 12nm and create GPUs with much bigger size but comparable performance
well, physics does work that way, depending on what you mean by performance.
(in the sense that power is normally part of performance when we're talking about chips).
you could certainly use a larger process and clone chips at an area and power penalty. but area is the main factor in yield, and talking about power is really talking about "what's the highest clockrate can you can still cool".
so: a clone would work in physics, but it would be slow and hot and expensive (low yield). I think issues like propagation delay would be second- or third-order (the whole point of GPUs is to be latency-tolerant, after all).
I'd been assuming that the Chinese AI labs producing excellent LLMs despite the NVIDIA export restrictions was due to them finding new optimizations for training against the hardware they had access to.
I wonder if any of those $2.5B of smuggled chips ended up being used for those training runs.
combination of both, they published papers so we can clearly see they are not just duplicating old methods but coming up with new optimizations. ... yet we can't rule out that they used Nvidia. I don't even see how the export restrictions work, it's stupid. A Chinese company can go to another country, say France or Canada, setup a business buy a bunch of GPUs then make it available to their subsidiary in China. The export restrictions doesn't restrict usage/sharing/renting as far as I know...
They definitely are using Nvidia. Part of deepseek's special sauce was using an "undocumented" ptx instruction to get a cute microoptimization with the memory hierarchy.
They don't work. Chinese are skilled enough to desolder and smuggle just the ships themselves. They make the rest of GPU in-house. With more VRAM than the nvidia offers, comically, in case of 4090.
If they were using banned chips they wouldn't declare them in public papers. There have been multiple documented/alleged cases of chips being routed through Singaporean shell companies.
Did you think the hesitancy of westerners engaging and relying on Chinese labs was due to vibes? There are fundamental cultural differences at play, wether we are comfortable admitting that or not.
Simon, love your work. Hope this is sarcasm. If not, imagine the opposite: Sam Altman and co suddenly started producing tons of content about how smart they are in Mandarin. Why do they even need a story to begin with, let alone one they push halfway around the world?
The $2.5B number is just these guys. It could be 10x in total.
If you do, you could protect yourself with a sell stop below $17.25... because if it breaks that on weekly candles, next are $14 and $10. Or you could buy some calls instead when the volatility calms down. If you do it now, the volcrush could happen even if you're correct.
Not investment advice, do you own research. I'm just someone on the Internet.
Well, also had other pen testers come forward saying that they had found implants on supermicro servers and had talked to federal authorities who had said it was a known relatively large issue they were trying to get a handle on while keeping it under wraps.
And if it were posted to move the market, that would have been about the most cut and dry SEC violation possible, posted at a time when the federal government still enforced such things.
Whenever some soylent-drinking, impossible foods-eating dilettante says "debunked" I find myself not fully believing them. And Supermicro has always been sus. I can't believe people are only just now noticing.
I've had my own dealings with this awful company. Including Wally.
Let's just say that none of this comes as any surprise.
Now, what people should be asking is how much Jensen knew. In May he said there was nothing going on. But the videos of the Chinese guy holding H1/200's ... never got to him?
Also interesting how they waited until just after GTC...
Those claims were never confirmed, no? Some of it might be true or trueish but I'm not talking Bloomberg's anonymous sources word for it, and with so much supermicro gear out there you would think some other evidence would show up.
It depends on what you consider confirmed. It was kind of corroborated, at least. There was a CEO of a hardware security firm that came forward after the original article. He claimed that his firm had actually found a hardware implant on a board during a security audit. It wasn't exactly as Bloomberg described, though.
His take was that it was very unlikely that it impacted exclusively Supermicro, though.
I don't think it was a confirmed story. That is, the tiny "grain of rice" size Ethernet module that CEO of a security audit company allegedly found, was not present in other SuperMicro servers. SuperMicro itself, as well as it's buggest customers did not confirm the findings.
From what i recall, the story was very vague, there were no pictures of the specific chip, no pictures of the motherboard of the motherboard that would include serial, i.e. no details that would accompany a serious security research.
A supply chain attack similar to Supermicro's would be much more targeted and recalls with national security implications do get flagged via a separate chain.
Bloomberg's tech coverage is not great from what I've seen. Last year they published a video which was intended to investigate GPUs being smuggled into China, but they couldn't get access to a data center so they basically said we don't know if it's true or not. Meanwhile an independent Youtuber with a fraction of the resources actually met and filmed the smugglers and the middlemen brokering the sales between them and the data centers. Bloomberg responded by filing a DMCA takedown of that video.
What Bloomberg proposed - sniffing the TTL signal between BMC and boot ROM and flipping a few bits in transit - is far from science fiction. It would be easy to implement in the smallest of microcontrollers using just a few lines of code: a ring buffer to store the last N bits observed, and a trigger for output upon observing the desired bits. 256 bytes of ROM/SRAM would probably be plenty. Appropriately tiny microcontrollers can also power themselves parasitically from the signal voltage as https://en.wikipedia.org/wiki/1-Wire chips do. SMBus is clocked from 10khz to 1mhz, assuming that's what the ROM was hanging off of, which is comfortably within the nyquist limit on an 8 - 20mhz micro.
Something similar has been done in many video game console mod chips. IIRC, some of the mod chips manage it on an encrypted bus (which Bloomberg's claims do not require).
"On PsNee, there are two separate mechanisms. One is the classic PS1 trick of watching the subchannel/Q data stream and injecting the SCEx symbols only when the drive is at the right place; the firmware literally tracks the read pattern with a hysteresis counter and then injects the authentication symbols on the fly. You can see the logic that watches the sector/subchannel pattern and then fires inject_SCEX(...) when the trigger condition is met.
PsNee also includes an optional PSone PAL BIOS patch mode which tells the installer to connect to the BIOS chip’s A18 and D2 pins, then waits for a specific A18 activity pattern and briefly drives D2 low for a few microseconds before releasing it back to high-impedance. That is not replacing the BIOS; it is timing a very short intervention onto the ROM data bus during fetch."
What was the last thing Schneier wrote on it? I thought it was this:
I don’t think it’s real. Yes, it’s plausible. But first of all, if someone actually surreptitiously put malicious chips onto motherboards en masse, we would have seen a photo of the alleged chip already. And second, there are easier, more effective, and less obvious ways of adding backdoors to networking equipment.
HNers are acting reflexively skeptical (which isn't always a bad thing), but targeted supply chain based attacks conducted by a nation statein the manner described are actually doable, and back when I was still a line-level SWE this was when we started putting significant engineering effort into hardware tampering protections back in the 2015-17 period.
The hardware supply chain incident itself most likely happened in the late 2000s to early 2010s when hardware supply chain security wasn't top of mind as an attack surface.
Modchips targeting contemporaneous gaming systems like the PS1 and PS2 use a similar approach to the SuperMicro incident.
I don't believe that there was ever extra chips being added to the boards, but what I could believe is that they shipped with firmware on specific chips that enabled data exfiltration for specific customers and due to a game of telephone with non technical people it turned into "they're adding chips inside the pcb layers!"
I thought the point was an extra chip in the place of a pull up resistor or something that would edit the firmware image as it made its way across the bus, so you wouldn't see the modifications even if you pulled the flash chip and read it out manually, and would also be persistent across flash updates.
Schneier was simply taking at face value the contents of the Bloomberg article, especially the statement by Mike Quinn who claimed he was told by the Air Force not to include any Supermicro gear in a bid.
There also was a CEO of a hardware security company that came out and said that his firm had found an implanted chip during an audit. IIRC, he was convinced that it was very unlikely to be limited to Supermicro hardware.
> he was convinced that it was very unlikely to be limited to Supermicro hardware
Yep. This was why there was a significant movement around mandating Hardware BOMs in both US and EU procurement in the early 2020s.
Also, the time period that the Bloomberg story took place was the late 2000s and early 2010s, when hardware supply chain security was much less mature.
There was a security auditing firm that came out a few days later claiming they'd found a chip, similar to the one Bloomberg described, during a security audit.
It's still nothing concrete, though. Their CEO basically said that they'd found one and that they couldn't say much more about it due to an NDA.
I'd like to think that modern centers are water cooled so it'd be more quiet these days unless you are implying that this application of theirs is running on legacy hardware? :P
Violating sanctions isn't exactly the same thing as smuggling. It also doesn't seem like it should be a crime to disagree with your state on who deserves what service... i never voted for the dingbats who control who is called a terrorist, let alone the people scared of china.
> It also doesn't seem like it should be a crime to disagree with your state on who deserves what service...
Seems like that's a pretty obvious and straightforward power for a state to have. The state has to make foreign and domestic policy decisions, and to be effective that would have to include trade restrictions. Otherwise you could have situations like businessmen profiting by selling weapons to the enemy to kill his own countrymen--and there are sociopaths who'd do that.
> i never voted for the dingbats who control who is called a terrorist, let alone the people scared of china.
115 comments:
The Gamers Nexus GPU Blackmarket deep dive was great at digging into this. https://www.youtube.com/watch?v=1H3xQaf7BFI
And the entire Bloomberg takedown drama added fire to the flames.
A couple of years ago Bloomberg reported about spy chips/hw backdoors in SuperMicro mainboards but to my knowledge without a smoking gun proof. Maybe they had to settle outside of court and also had to sign papers to help protect the company from further damage in the future. Using (other) Bloomberg material may have triggered this. Of course this is a wild speculation. I have no evidence or insider knowledge.
Yeah what as the story behind the BBerg take down drama? I just remember it being something absurd.
GN used Bloomberg clips of US Gov officials speaking on AI chip matters, fully under fair use.
And Bloomberg did a DMCA takedown through youtube, copystrike in parlance which pulled the video down for a week. GN had no recourse other than to wait and counterclaim.
Week timed out, Bloomberg did nothing but be the bully.
Louis Rossmann's excellent explainer video here on the Bloomberg bit: https://www.youtube.com/watch?v=6RJvrTC6oTI
>Louis Rossmann's excellent explainer video here on the Bloomberg bit: https://www.youtube.com/watch?v=6RJvrTC6oTI
As always, Louis is being a bit sensationalist and stretches the truth to whip up outrage. Contrary to what he claims, GN could have easily quoted the president without Bloomberg's video, and that would be fine. "that outlet now has a monopoly on who is able to quote the president" is just a totally false premise. Moreover he tries to argue that GN's video falls under fair use, because it's a 1 minute clip in a 3 hour video. However it's not hard to think of a rebuttal to this. If news organizations can copy each other's clips of official speeches, who would bother going out and making such recordings? Usually how this would be resolved would be by citing precedents, but he doesn't bother citing any.
> If news organizations can copy each other's clips of official speeches
Brother, wait until you learn about the associate press.
In U.S. copyright law, the four factors evaluated to judge fair use are:
1: Purpose and character of the use: including whether the use is commercial or nonprofit educational, and whether it is transformative.
2: Nature of the copyrighted work: for example, whether the work is more factual or more creative.
3: Amount and substantiality used: both how much was taken and whether it was a qualitatively important part of the work.
4: Effect on the market: whether the use harms the potential market for or value of the original work.
Courts weigh all four factors together. There is no fixed rule like "under 30 seconds" or "under 10%." GN's use seems to satisfy all four factors.
>Brother, wait until you learn about the associate press.
The same AP that licenses content to its members and charges non-members for the privilege of reusing their content?
"Many newspapers and broadcasters outside the United States are AP subscribers, paying a fee to use AP material without being contributing members of the cooperative. As part of their cooperative agreement with the AP, most member news organizations grant automatic permission for the AP to distribute their local news reports. "
> GN's use seems to satisfy all four factors.
It's weakest at #1 and #4.
#1: it's a commercial piece of work (so far as I can tell GN isn't a non-profit), and the use of the clip specifically isn't critical to the work. If you're critiquing a movie or something, and need to show a screengrab to get your point across, then that makes sense, but if the purpose of the video is just to establish "Trump said this", the video isn't really needed.
#4: see above regarding making recordings of official speeches.
Moreover I'm not trying to argue that GN is definitely not fair use, only that there's a plausible case otherwise. If there's actual disagreement over it's fair use or not, then the DMCA process is working as intended, and Bloomberg isn't abusing it as Louis implies.
Yeah yeah, everyone enforces their copyrights to the maximum extent possible. But this does not prevent massive amounts of both licensed copying and free use copying. The framework I outlined above is from the US Supreme Court's rulings on fair use so applies for everyone in the US.
[responses to edited-out portion of parent comment]
Re: #1, GN's work while commercial is an educational investigative journalism / documentary piece which are well established users of Free Use protection. GN's use is absolutely transformative.
#4: Bloomberg would have to prove a financial loss to have standing. That would mean that GN must have no other option than to use Bloomberg's clip, and pay the license, which I don't think would fly. GN would have just produced the segment differently.
>[responses to edited-out portion of parent comment]
readded.
edit: responses
>Re: #1, GN's work while commercial is an educational investigative journalism / documentary piece which are well established users of Free Use protection. GN's use is absolutely transformative.
I'm not going to argue too hard over whether taking a 1 minute clip for a 3 hr video counts as "transformative" because this is getting enough into the legal weeds that you'd want to start citing precedents, rather than having two armchair lawyers duking it out with random arguments.
That said, "investigative journalism / documentary piece" angle seems weak. It's not more "educational" than any other news organization (eg. Bloomberg or The New York Times), but apparently they still go out to record speeches, even though they can supposedly piggy back off another organization's footage under fair use.
>#4: Bloomberg would have to prove a financial loss to have standing. That would mean that GN must have no other option than to use Bloomberg's clip, and pay the license, which I don't think would fly. GN would have just produced the segment differently.
Right, but the purpose of DMCA is to take down infringing works, not to award damages. Whether they have losses or not is irrelevant. Moreover the implied argument of "it might be copyright infringement but Bloomberg isn't losing any money so they shouldn't be able to do takedowns" seems... questionable.
With regard to whether or not a work is transformative, the Supreme Court’s formulation from Campbell v. Acuff-Rose, a case about parody, asks whether the new work merely supersedes the original, or instead adds something new, with a further purpose or different character, altering the first with new expression, meaning, or message.
A practical way to think about it is this:
What is the new use for? Courts look first at whether the secondary use serves a different purpose from the original, not just whether it looks different. Uses for criticism, commentary, parody, scholarship, search/indexing, or other new functions often have a stronger transformative argument.
Is there new expression, meaning, or message? That still matters, but after Warhol, a claimed new meaning by itself is usually not enough, especially when the secondary use is being exploited in a similar commercial market as the original. The Court emphasized that the inquiry is tied to the specific use at issue and whether that use has a distinct purpose.
Does it substitute for the original in the same market? Even if the new work has some new meaning, it looks less transformative if it is serving basically the same licensing or audience function as the original. That overlaps with factor 4 as well.
How much was taken, and was that amount justified by the new purpose? A use is more defensible when it takes only what is reasonably needed for the transformative aim. In parody, for example, some copying may be necessary to “conjure up” the original, but not more than needed.
All of which I think can fairly be evaluated in GN's favor. Though as you point out, the lawyers are paid to argue each point.
They did have the video uploaded to archive.org (or at least link to someone else who did) and gave permission to anyone else to repost it. Which is how I saw it, some rando burner account on YouTube :)
He used a clip from Bloomberg without permission.
He used a clip legally under fair use without permission, which you don't need if it is under fair use.
Equally important, it was of a US government official speaking, not content Bloomberg specifically created, such as one of their employees giving analysis.
I'd just add, it was like a 1 minute clip in like a 2 or 3 hour video.
Worth noting that it was entirely legal do so, due to fair use rules.
It's sad to see what's happened to SuperMicro. They were one of the few vendors of server-grade hardware fitting standard ATX, mATX, and ITX form factors. In my experience their hardware was always better than the others who attempted to do the same (Gigabyte, Asus, ASRock). These days, motherboards with the features I want are going to be on AliExpress. Ironic considering this latest news is about putting trade barriers between the US and mainland China.
Supermicro is definitely a "you get what you pay for". We bought thousands of servers from their vertical integrations partners, had massive board and backplane problems. Took a few years but they eventually took back over $30 million dollars worth of servers, which were scrapped ultimately because the rework on them was so cost prohibitive. We lost $30M on that even after the $30M in good will refunds. Supermicro also has the lowest bios/efi/bmc/ipmi/redfish out of any vendor we have seen. Just low tier cheap ass shit by a company who can barely survive quarter to quarter without running some new scam on customers, investors, and even governments.
Pretty much the same experience (on a much smaller scale). And just open up one of their servers and compare the engineering to a Dell or HPE server. Anything that can be cheaped out is. Corrugated plastic for cooling air channels, FRU assemblies held in place with sheet metal screws, all very bargin basement.
Pretty much. But at one point you could buy 2 to 3 units to every equivalent Dell or HP unit unless you had enough scale to get volume discounts. At $30M I expect the price to be a lot closer though.
Then it’s a matter of how well your engineering/ops org is setup to deal with silly hardware issues and annoyances. Some orgs will burn dozens of hours on a random failure, some will burn an hour or treat the entire server as disposable due to aforementioned cost differences. If you are not built to run on cheaply engineered gear that has lots of “quality of life” sharp edges (including actual physical sharp edges!) then you are gonna have a bad time. Silly things like rack rails sucking will bite you and run up the costs far more than anyone would expect unless you have experience to predict and plan for such things beforehand.
Of course you do have the risk of a totally shit batch or model of server where all that goes out the window. I got particularly burned by some of their high density blade servers, where it was a similar story to yours. Total loss in the 7 figures on that one!
Totally agreed on their BMC/firmware department. Flashbacks to hours of calls with them trying to explain the basics. My favorite story from that group is arguing with them over what a UUID is - they thought it was just a randomly generated string. Worked until one didn’t pass parsing on some obscure deeply buried library and caused mysterious automation failures due to being keyed against chassis UUID… and that’s when they’d actually burn one into firmware in the first place.
It was also always a tradeoff of having to deal with cheaped out hardware engineering with supermicro or with some horrible enterprise quarterly numbers driven sales process with Dell.
I haven't worked with anything at that scale, but the little bit that I was SuperMicro adjacent I was always unimpressed by the "fit and finish" of the entire experience, as compared to Dell and HP. (Having said that, the entire x86 commodity server experience is shitty anyway. I had a brief time, early in my career, when I did work with DEC Alpha machines. Man, they had their shit together. Stuff was expensive as sin, but stuff worked together and worked well. Build quality was tank-like.)
Curious what the features are that you like and can source from AliExpress? I have usually gotten boards from Asus and its ilk, these days with 4+ M.2 slots...
How do you even find motherboards on AliExpress properly? Do you have a methodology to split the chaff from the wheat?
what chaff? Just search, find what you want and buy. It's like ebay.
Being like eBay is why it's full of chaff. There's a lot of really bad hardware on Aliexpress.
You either take a gamble on something and hope it's good, or try to buy the same thing that someone else bought and reviewed.
I always figured that was the trade-off for paying 1/3 the price. Having to buy 3x as many to find a good one. :P
"Another Slot A motherboard :(, maybe the 4th one I buy from AliExpress will finally be that X870 motherboard I want!"
I've never received something other than what I've ordered. At worst the documentation is scant or missing entirely. Specifically with respect to motherboards, most of the aliexpress specials I've interacted with have had completely unlocked BIOSes. Which are easy to get yourself into trouble with, but kind of nice to have when you need them.
Ehhh, I think it's more like the CEO and others were Chinese assets for a long time.
Remember the 2018 accusations of spy chips implanted in supermicro motherboards that everyone denied so strongly?
> Remember the 2018 accusations of spy chips implanted in supermicro motherboards that everyone denied so strongly
It'd be easy to prove the existence of a pervasive "spy-chip" problem using a camera or a microscope. Unsurprisingly, neither Bloomberg nor it's quoted "experts" ever managed to do so, deapite loudly banging that drum.
This news doesn't magically make those 2018 accusations true.
You either become an Apple or you eventually circle the drain competing to zero margins which forces 'other methods' of generating growth.
And ideal effective market must have a zero margins. That's normal, what the economy strives for, what customers want.
If some market has large margins, it means it has some inefficiencies.
Ideally yes, in practice it needs to return more than just parking your money in a savings account.
It is impossible to have (actual) zero margins.
It isn't, you can do things as a side project.
I thought about quite often while visiting a pub owned by the land lord renting out 150 rooms above. Each floor had a large industrial shared kitchen, shared bathrooms, toilets and a large shared living room. If people had 1-2 guests they would stay in their room, if they had 2-10 guests they would use the shared space, if they had 4-80 guests they would take the elevator to the pub. When one was bored with the guests or didn't have time they were left in the pub. Technically people had bar shifts in their rent contract (that you could buy your way out of) but there were plenty who enjoyed running the bar for free. Drinks were at cost. If you tried to tip or didn't take your change they left it on the counter and it would sit there for a day or two. The problem of the pinball machine earnings they solved with rounds of free drinks and chips.
When asked the owner said exploiting a bar was entirely to much work. If he wanted more money from the people living there he could just increase the rent?
Those are negative margins.
Yeah this is just describing providing amenity for common areas in a shared building. Not much different from the doorman and free water bottles in the lobby or the rooftop swimming pool being baked into the rent of the units.
It depends on what you mean, do you mean both gross and net? Just one of the two?
Gross margin of zero would be mean you sell at exactly the cost to produce. Net margin of zero means you cover all your expenses including COGS. The only really difficult, practically impossible, thing would be doing both at the same time. Though, I could also see a case where you drive down net margins once sunk costs are paid and achieve both.
Doing so practically, or sustainably, in most circumstances would be uhh crazy… but it’s not impossible. Even then I think aiming for zero margin is a pretty credible tactic in eliminating competition if you can out sustain them.
TLDR; Weird? Sure. But not impossible. And even sort of likely if you’re trying to atrophy your competition out of existence.
Remember when Singapore buyers were an abnormally high percentage of nvidia's revenue? You have to wonder if these companies are this brazen because they know the DoJ will have political pressure not to nuke the bubble which is more important than being China hawks.
Yep, same how the sales of German industrial CNC, machines, tools and lathes exploded in Russia's neighbouring former soviet republics after 2022 for some reason.
Man, Kazakhstan must be an industrial powerhouse by now with all that German machinery. Can't wait for Kazakh EVs and semiconductors to hit the market.
Sanctions evasions happen A LOT and enforcement has always been spotty.
This is even after the Hindenburg research report that found numerous screaming red flags a few years ago.
https://hindenburgresearch.com/smci/
Having a net worth of ~$474 million just isn't enough for some people, I guess.
MICE is the acronym for categorizing the common motivations for espionage:
M - Money/Greed
I - Ideology/Divided Loyalty
C - Coercion/Compromise
E - Ego
Sometimes, I think we look at people who are this wealthy and think they should be immune to these kinds of shenanigans, but I'd wager that the -ICE becomes even easier to exploit in people once they no longer need money, if they were already susceptible to it to begin with.
Ultra wealthy people are not in it for money. They like the game, and the money is a side effect. Many are willing to cheat evidently too.
interesting insight
More likely he was subject to blackmail or threats by the CCP.
The timing is brutal - SMCI already had the accounting restatement scandal in 2024, spent months fighting delisting, finally got somewhat rehabilitated in the AI infrastructure boom... and now this. 25% single-day drop on a company that was already trading at a discount to peers tells you the market was still pricing in tail risk. For anyone tracking institutional holdings - the 13F filings from Q4 showed several funds adding back SMCI after the accounting mess cleared up. Those bets just got very painful.
Seems like a good buy now. They're still making and selling hardware.
For fun, I will sometimes buy trivial positions in solid companies whose stock price falls 8-10% or so due to some minor temporary bad press and then resell in a month or two when the news cycle forgets about them and price rebounds. I make a decent amount of play money this way.
SMCI has a pattern of missteps over the years, I would not qualify them as a solid future bet.
(And in case someone asks the question, no that is not a viable long-term strategy one's retirement savings because it's very much speculating and doesn't work AT ALL when the market is volatile or falling as a whole.)
You could be right. But reading the comments here it seems it's had 2-3 scandals in the last 4 years, which makes me suspect that more could be brought to light.
(I don't understand hardware well)
Can someone shed light on why China still couldn't copy the Nvidia GPUs in some form?
I understand its complex and there many parts to it, but which is the most complex part making it difficult for China to copy it?
Let's say they don't have access to 3nm process, what if they just use 12nm and create GPUs with much bigger size but comparable performance with CUDA compatibility? Or other option could be less tensor units, training will take longer, but they might be able to produce it cheaply
Copying CPUs isn't really a thing: they are too complex.
If you could steal all the designs at TSMC, and you had exactly the process that TSMC uses, you could definitely make counterfeits. If you didn't have TSMC's specific process, you could adapt the designs (to Intel or Samsung) with serious but not epic effort. If you couldn't make the processes similar (ie, want to fab on SMIC), you are basically back to RTL, and can look forward to the most expensive and time-consuming part of chip design.
This is nothing like copying a trivial, non-complex item like a car. Copying a modern jet engine is starting to get close (for instance, single-crystal blades), but even they are much simpler. I mention the latter because the largest, most resourced countries in the world have tried and are still trying.
They have done a bit of this. SMIC is basically operating off of a cloned TSMC N7 node that they have since iterated on to get to a 5nm class node.
But its still such a complex sort of beast.
Even if you had 'ai tools' guessing at component blocks on evaluation you would have to have some evaluation of the result.
And, thats assuming NVDA hasn't pulled a Masatoshi Shima type play on their designs (i.e. complex traps that could require lots of analysis to determine if they are real or fake)
Im not sure how much of a speedup even modern tooling/workflow could do reliably.
Even then,
The elephant in the room is that China is working on their own AI accelerators/etc, so while there can be benefit from -studying- the existing designs, however I think they do not want to clone regardless.
If engines are hard to build, why not build a car 3x the size of a normal one, well you can but due to things like aerodynamics, etc etc you'll never match the speed or fuel economy of cars.
Same with chips, efficiency, speed, etc all depend on good design, and cutting edge factors, if the main reason your chip isn't faster is because of the distance between your L1 cache and your core is far, then having a bigger node process but bigger chip won't make it quicker.
Exactly, you can build 12nm but you can't quadruple the speed of light
> Can someone shed light on why China still couldn't copy the Nvidia GPUs in some form?
They have alternatives, like the Tian supercomputer was originally built with Xeon Phi chips that have been replaced with their own domestic alternatives.
A big limitation is getting access to fab slots. Nvidia and Apple are very aggressive about buying up capacity from TSMC, etc, and China's own domestic fabs are improving fast but still not a real match, particularly for volume.
They can given enough time.
But there's a distinct time/value of investment equation with the current AI boom. The jury is at best still out on what that equation is for the goals of capital (it's increasingly looking like there's no moat), but if you're a national government trying to encourage local bleeding edge expertise in new fields like this it's quite a bit more clear.
Another factor, it's not just GPUs it's the full hardware stack. https://static.tweaktown.com/news/1/1/110521_2_nvidia-update...
At 3 GHz, a signal can travel at most 10 cm per clock cycle. You can't really physically scale a chip up.
You can you just have to use a tiled architecture. And microprocessors already have far shorter wiring distances than the simple speed of light calculation because it takes time for the gates to make the transition as well.
With processors it's customary to use the "Fan out of 4" metric as a measurement of the critical paths. It's the notional display for a gate with fan out of 4, which is the typical case for moving between latches/registers. Microprocessor critical paths are usually on the scale of ~10 FO4.
The largest chip at the moment is Cerebras's wafer scale accelerator. There the tile is basically at the reticule limit, and they worked with TSMC to develop a method to wire across the gaps between reticules.
Mostly high end lithography.
They can copy it. And no, the software moat is not there if someone choose the blatant copy route. They just can't build it in the scale they want yet.
> what if they just use 12nm and create GPUs with much bigger size but comparable performance
Physics do not work this way :/
well, physics does work that way, depending on what you mean by performance. (in the sense that power is normally part of performance when we're talking about chips).
you could certainly use a larger process and clone chips at an area and power penalty. but area is the main factor in yield, and talking about power is really talking about "what's the highest clockrate can you can still cool".
so: a clone would work in physics, but it would be slow and hot and expensive (low yield). I think issues like propagation delay would be second- or third-order (the whole point of GPUs is to be latency-tolerant, after all).
I'd been assuming that the Chinese AI labs producing excellent LLMs despite the NVIDIA export restrictions was due to them finding new optimizations for training against the hardware they had access to.
I wonder if any of those $2.5B of smuggled chips ended up being used for those training runs.
combination of both, they published papers so we can clearly see they are not just duplicating old methods but coming up with new optimizations. ... yet we can't rule out that they used Nvidia. I don't even see how the export restrictions work, it's stupid. A Chinese company can go to another country, say France or Canada, setup a business buy a bunch of GPUs then make it available to their subsidiary in China. The export restrictions doesn't restrict usage/sharing/renting as far as I know...
They definitely are using Nvidia. Part of deepseek's special sauce was using an "undocumented" ptx instruction to get a cute microoptimization with the memory hierarchy.
https://youtube.com/watch?v=iEda8_Mvvo4
They don't work. Chinese are skilled enough to desolder and smuggle just the ships themselves. They make the rest of GPU in-house. With more VRAM than the nvidia offers, comically, in case of 4090.
The answer is, of course lol?
Gamers Nexus did a whole deep dive which basically proved that Chinese researchers had access to whatever they wanted.
https://youtu.be/1H3xQaf7BFI?si=ojlxOC7uiPqZxv0N
edit: not sure if this was sarcasm
Some of the big LLM labs have written about their training hardware.
DeepSeek v3 was trained on 2,048 NVIDIA H800s. https://arxiv.org/abs/2412.19437
MiniMax M1 used 512 H800s. https://arxiv.org/abs/2506.13585
The H800 wasn't banned in the first round of export controls - but was after October 2023: https://www.cnbc.com/2023/10/17/us-bans-export-of-more-ai-ch...
Z.ai say they used Huawei hardware: https://www.theregister.com/2026/01/15/zhipu_glm_image_huawe...
Qwen and Kimi haven't disclosed their hardware as far as I can tell.
If they were using banned chips they wouldn't declare them in public papers. There have been multiple documented/alleged cases of chips being routed through Singaporean shell companies.
For example: https://www.tomshardware.com/tech-industry/artificial-intell...
I'm kindof surprised by this take.
Did you think the hesitancy of westerners engaging and relying on Chinese labs was due to vibes? There are fundamental cultural differences at play, wether we are comfortable admitting that or not.
If you're so brave, you should state what these fundamental cultural differences are.
Simon, love your work. Hope this is sarcasm. If not, imagine the opposite: Sam Altman and co suddenly started producing tons of content about how smart they are in Mandarin. Why do they even need a story to begin with, let alone one they push halfway around the world?
The $2.5B number is just these guys. It could be 10x in total.
So, good time to buy on the panic?
If you do, you could protect yourself with a sell stop below $17.25... because if it breaks that on weekly candles, next are $14 and $10. Or you could buy some calls instead when the volatility calms down. If you do it now, the volcrush could happen even if you're correct.
Not investment advice, do you own research. I'm just someone on the Internet.
Thank you stock astrologist
In know you're in jest, but no worries. Strong support around $17 for lots of reasons - would be difficult to push it below that.
In fact there is an open gap that I'd expect it to close around $16.30 and another one around $19
How did you learn algotrading?
Id like to sell you a bridge
For a split second I read that as Super Mario shares
same!
interesting that the stock market (a subset of the prediction market now, right?) would even care, or would take this as a negative.
"sorry guys, I did something token-bad a while ago that got you more money."
that's the sort of meaculpa I'd expect to get rewarded these days...
https://substack.com/home/post/p-191531928
Maybe it's time to re-visit that "spy chip" story from almost a decade ago.
Edit: Officially-debunked, I should note
Yes, debunked or at least never backed up any actual evidence.
(Allegedly) just some Bloomberg (alleged) bullshittery, (allegedly) posted to move the market.
Well, also had other pen testers come forward saying that they had found implants on supermicro servers and had talked to federal authorities who had said it was a known relatively large issue they were trying to get a handle on while keeping it under wraps.
And if it were posted to move the market, that would have been about the most cut and dry SEC violation possible, posted at a time when the federal government still enforced such things.
Whenever some soylent-drinking, impossible foods-eating dilettante says "debunked" I find myself not fully believing them. And Supermicro has always been sus. I can't believe people are only just now noticing.
They need a new logo.
I've had my own dealings with this awful company. Including Wally.
Let's just say that none of this comes as any surprise.
Now, what people should be asking is how much Jensen knew. In May he said there was nothing going on. But the videos of the Chinese guy holding H1/200's ... never got to him?
Also interesting how they waited until just after GTC...
Oof. SuperMicro also had it's hardware supply chain compromised back in the 2010s [0][1][2][3]
[0] - https://www.bloomberg.com/news/features/2018-10-04/the-big-h...
[1] - https://www.bloomberg.com/features/2021-supermicro/
[2] - https://www.schneier.com/blog/archives/2021/02/chinese-suppl...
[3] - https://www.theinformation.com/articles/apple-severed-ties-w...
Those claims were never confirmed, no? Some of it might be true or trueish but I'm not talking Bloomberg's anonymous sources word for it, and with so much supermicro gear out there you would think some other evidence would show up.
It depends on what you consider confirmed. It was kind of corroborated, at least. There was a CEO of a hardware security firm that came forward after the original article. He claimed that his firm had actually found a hardware implant on a board during a security audit. It wasn't exactly as Bloomberg described, though.
His take was that it was very unlikely that it impacted exclusively Supermicro, though.
It was covered various places, including The Register https://www.theregister.com/2018/10/09/bloomberg_super_micro...
I don't think it was a confirmed story. That is, the tiny "grain of rice" size Ethernet module that CEO of a security audit company allegedly found, was not present in other SuperMicro servers. SuperMicro itself, as well as it's buggest customers did not confirm the findings.
From what i recall, the story was very vague, there were no pictures of the specific chip, no pictures of the motherboard of the motherboard that would include serial, i.e. no details that would accompany a serious security research.
Did they originally say it was a grain of rice Ethernet module?
I thought it was supposed to be an incredibly tiny micro sitting on the bmc's boot flash to break inject vulnerabilities.
A supply chain attack similar to Supermicro's would be much more targeted and recalls with national security implications do get flagged via a separate chain.
Bloomberg's claims sound like science fiction: https://www.servethehome.com/investigating-implausible-bloom...
Bloomberg's tech coverage is not great from what I've seen. Last year they published a video which was intended to investigate GPUs being smuggled into China, but they couldn't get access to a data center so they basically said we don't know if it's true or not. Meanwhile an independent Youtuber with a fraction of the resources actually met and filmed the smugglers and the middlemen brokering the sales between them and the data centers. Bloomberg responded by filing a DMCA takedown of that video.
What Bloomberg proposed - sniffing the TTL signal between BMC and boot ROM and flipping a few bits in transit - is far from science fiction. It would be easy to implement in the smallest of microcontrollers using just a few lines of code: a ring buffer to store the last N bits observed, and a trigger for output upon observing the desired bits. 256 bytes of ROM/SRAM would probably be plenty. Appropriately tiny microcontrollers can also power themselves parasitically from the signal voltage as https://en.wikipedia.org/wiki/1-Wire chips do. SMBus is clocked from 10khz to 1mhz, assuming that's what the ROM was hanging off of, which is comfortably within the nyquist limit on an 8 - 20mhz micro.
Something similar has been done in many video game console mod chips. IIRC, some of the mod chips manage it on an encrypted bus (which Bloomberg's claims do not require).
Here's one example of a mod chip for the PS1 which sniffs and modifies BIOS code in transit: https://github.com/kalymos/PsNee
"On PsNee, there are two separate mechanisms. One is the classic PS1 trick of watching the subchannel/Q data stream and injecting the SCEx symbols only when the drive is at the right place; the firmware literally tracks the read pattern with a hysteresis counter and then injects the authentication symbols on the fly. You can see the logic that watches the sector/subchannel pattern and then fires inject_SCEX(...) when the trigger condition is met.
PsNee also includes an optional PSone PAL BIOS patch mode which tells the installer to connect to the BIOS chip’s A18 and D2 pins, then waits for a specific A18 activity pattern and briefly drives D2 low for a few microseconds before releasing it back to high-impedance. That is not replacing the BIOS; it is timing a very short intervention onto the ROM data bus during fetch."
Didn't that turn out to be incorrect?
Multiple security companies looked into this and found nothing malicious.
Nope. Bloomberg doubled down on it and even Bruce Schneider accepted it despite initially being a skeptic.
What was the last thing Schneier wrote on it? I thought it was this:
I don’t think it’s real. Yes, it’s plausible. But first of all, if someone actually surreptitiously put malicious chips onto motherboards en masse, we would have seen a photo of the alleged chip already. And second, there are easier, more effective, and less obvious ways of adding backdoors to networking equipment.
https://www.schneier.com/blog/archives/2018/11/that_bloomber...
https://www.schneier.com/blog/archives/2021/02/chinese-suppl...
HNers are acting reflexively skeptical (which isn't always a bad thing), but targeted supply chain based attacks conducted by a nation statein the manner described are actually doable, and back when I was still a line-level SWE this was when we started putting significant engineering effort into hardware tampering protections back in the 2015-17 period.
The hardware supply chain incident itself most likely happened in the late 2000s to early 2010s when hardware supply chain security wasn't top of mind as an attack surface.
Modchips targeting contemporaneous gaming systems like the PS1 and PS2 use a similar approach to the SuperMicro incident.
I don't believe that there was ever extra chips being added to the boards, but what I could believe is that they shipped with firmware on specific chips that enabled data exfiltration for specific customers and due to a game of telephone with non technical people it turned into "they're adding chips inside the pcb layers!"
I thought the point was an extra chip in the place of a pull up resistor or something that would edit the firmware image as it made its way across the bus, so you wouldn't see the modifications even if you pulled the flash chip and read it out manually, and would also be persistent across flash updates.
Schneier was simply taking at face value the contents of the Bloomberg article, especially the statement by Mike Quinn who claimed he was told by the Air Force not to include any Supermicro gear in a bid.
There also was a CEO of a hardware security company that came out and said that his firm had found an implanted chip during an audit. IIRC, he was convinced that it was very unlikely to be limited to Supermicro hardware.
> he was convinced that it was very unlikely to be limited to Supermicro hardware
Yep. This was why there was a significant movement around mandating Hardware BOMs in both US and EU procurement in the early 2020s.
Also, the time period that the Bloomberg story took place was the late 2000s and early 2010s, when hardware supply chain security was much less mature.
No evidence was ever presented and nobody ever found anything, as far as I can tell?
There was a security auditing firm that came out a few days later claiming they'd found a chip, similar to the one Bloomberg described, during a security audit.
It's still nothing concrete, though. Their CEO basically said that they'd found one and that they couldn't say much more about it due to an NDA.
From thousands of miles away you can hear the fans at the NSA data center as they spin up checking the background to all responses to this posting.
I'd like to think that modern centers are water cooled so it'd be more quiet these days unless you are implying that this application of theirs is running on legacy hardware? :P
I have it on good authority they only use SuperMicro ;)
Violating sanctions isn't exactly the same thing as smuggling. It also doesn't seem like it should be a crime to disagree with your state on who deserves what service... i never voted for the dingbats who control who is called a terrorist, let alone the people scared of china.
> It also doesn't seem like it should be a crime to disagree with your state on who deserves what service...
Seems like that's a pretty obvious and straightforward power for a state to have. The state has to make foreign and domestic policy decisions, and to be effective that would have to include trade restrictions. Otherwise you could have situations like businessmen profiting by selling weapons to the enemy to kill his own countrymen--and there are sociopaths who'd do that.
> i never voted for the dingbats who control who is called a terrorist, let alone the people scared of china.
So what?