Message boards :
Number crunching :
Anyone have any SuperMicro Boards? China hardware hack
Message board moderation
Author | Message |
---|---|
Ian&Steve C. Send message Joined: 28 Sep 99 Posts: 4267 Credit: 1,282,604,591 RAC: 6,640 |
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies i have several. not that any one of us would be a real target for something like this. and it *sounds* like it's only impacting boards with IPMI access via the BMC. but wow. Seti@Home classic workunits: 29,492 CPU time: 134,419 hours |
Al Send message Joined: 3 Apr 99 Posts: 1682 Credit: 477,343,364 RAC: 482 |
Holy Crap. This is Huge. SuperMicro's stock when I typed this is down almost 50% right now. This could actually kill the company, especially when the lawsuits start flying - if it can be independently verified that what Bloomberg stated is actually true. Wonder if it's still possible to short them? :-O |
Zalster Send message Joined: 27 May 99 Posts: 5517 Credit: 528,817,460 RAC: 242 |
This is what happens when you shift production overseas. Lack of oversight allows for such things. |
Ian&Steve C. Send message Joined: 28 Sep 99 Posts: 4267 Credit: 1,282,604,591 RAC: 6,640 |
This is what happens when you shift production overseas. Lack of oversight allows for such things. not just overseas, but China specifically. the government has the final say to which companies are "allowed" to continue operating. which likely involves allowing government access deep within the business and the ability to keep things like this under wraps. Seti@Home classic workunits: 29,492 CPU time: 134,419 hours |
TBar Send message Joined: 22 May 99 Posts: 5204 Credit: 840,779,836 RAC: 2,768 |
I've got a Chinese story of my own. It involves those Chinese Video cards selling on eBay. I ended up with one and decided it might be useful to just run the Display on My development machine. As long as you don't try to use it for compute, it seems to run the monitor fine in Linux. Most of My cards are in the Mining machine so I was short a card or two. All seemed well, the Apps passed the Benchmark App so I placed it on the Miner. Then I noticed the Inconclusives. Then I checked the results...most of the Stderr output was missing. Then I checked the Stderr output in the slots as it was being written. The Stderr output in the Slots were all in Chinese. You can't make this up. The client_state apparently doesn't do Chinese so the results were just missing in the Client_state file. The files in the Slots were full of Chinese though, even though the App wasn't being run on a Chinese card. Weird. So, I replaced the Chinese card, compiled another App, and all is well, No more Chinese in the Stderr output. Be careful with your Chinese video cards... |
MarkJ Send message Joined: 17 Feb 08 Posts: 1139 Credit: 80,854,192 RAC: 5 |
Great I have two as file servers. I wonder how you check for this chip, and if one can do anything about it apart from junking an otherwise perfectly good motherboard. BOINC blog |
RickToTheMax Send message Joined: 22 May 99 Posts: 105 Credit: 7,958,297 RAC: 0 |
You might also want to read the response from Apple, Amazon and Supermicro. https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond No idea if it is true or not, but bloomberg could at least provide some evidence, actual hardware proof of some sort to back up the claim. Not going to happen in today's journalism i don't think.. |
Tom M Send message Joined: 28 Nov 02 Posts: 5124 Credit: 276,046,078 RAC: 462 |
I hope ASRock and MSI mb's are not related to SuperMicro at all! On the other hand I have a generic Chinese X79 mb so maybe I should be worried :( Tom A proud member of the OFA (Old Farts Association). |
betreger Send message Joined: 29 Jun 99 Posts: 11361 Credit: 29,581,041 RAC: 66 |
|
Ian&Steve C. Send message Joined: 28 Sep 99 Posts: 4267 Credit: 1,282,604,591 RAC: 6,640 |
Great I have two as file servers. I wonder how you check for this chip, and if one can do anything about it apart from junking an otherwise perfectly good motherboard. I hope ASRock and MSI mb's are not related to SuperMicro at all! i wouldnt worry about it. no one cares about our home file servers or seti machines or cat pictures. they are after IP from big companies and government info. Seti@Home classic workunits: 29,492 CPU time: 134,419 hours |
Brent Norman Send message Joined: 1 Dec 99 Posts: 2786 Credit: 685,657,289 RAC: 835 |
Exactly, If they want to impress us, tell us which files need to be looked at closer :)) |
zoom3+1=4 Send message Joined: 30 Nov 03 Posts: 65759 Credit: 55,293,173 RAC: 49 |
Thankfully, No, just Asus and EVGA at the moment, though I had contemplated SuperMicro and this came up, that finished that. The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's |
Raistmer Send message Joined: 16 Jun 01 Posts: 6325 Credit: 106,370,077 RAC: 121 |
I've got a Chinese story of my own. It involves those Chinese Video cards selling on eBay. I ended up with one and decided it might be useful to just run the Display on My development machine. As long as you don't try to use it for compute, it seems to run the monitor fine in Linux. Most of My cards are in the Mining machine so I was short a card or two. All seemed well, the Apps passed the Benchmark App so I placed it on the Miner. Then I noticed the Inconclusives. Then I checked the results...most of the Stderr output was missing. Then I checked the Stderr output in the slots as it was being written. The Stderr output in the Slots were all in Chinese. You can't make this up. The client_state apparently doesn't do Chinese so the results were just missing in the Client_state file. The files in the Slots were full of Chinese though, even though the App wasn't being run on a Chinese card. Weird. So, I replaced the Chinese card, compiled another App, and all is well, No more Chinese in the Stderr output. Did you try just to install generic driver instead one provided by supplier? AFAIK GPU can't write into stderr on its own. So, it's driver API messages from localized driver. The single place that could give chinese symbols directly from hardware is device model name stored in it's ROM. Such weakness of BOINC XML parser is sad thing. What if app's stderr will contain let say cyrillic, will it break too?... SETI apps news We're not gonna fight them. We're gonna transcend them. |
Jord Send message Joined: 9 Jun 99 Posts: 15184 Credit: 4,362,181 RAC: 3 |
The Chinese spy on you through Chinese hardware? And that's news? North Korea does it better: Today, the country’s firms generate foreign revenue from the sale of a wide range of related goods and services, including website and app development, administrative and business management software, radio and mobile communications platforms, IT security software, and biometric identification software for law enforcement applications. North Koreans appear to have marketed virtual private networks (VPNs) and encryption software in Malaysia, sold fingerprint-scanning technology to large Chinese companies and parts of the Nigerian government, produced facial recognition software for law enforcement agencies via front operations, and built websites for myriad individual and corporate clients. (from this PDF). It sells all that from apparently legitimately looking businesses outside of NK. So watch out what you order on the internet. Or have it vetted. Or don't put it on your network without some air gap or sandboxing. |
Raistmer Send message Joined: 16 Jun 01 Posts: 6325 Credit: 106,370,077 RAC: 121 |
I'd say what you give is what you get in return. Nothing new. Absolutely same measures required when one deals with "good old" non-outsourced Americans firms and their hardware/software . History of different hardware bookmarks in Intel's production lasts decades. "Ooops, just bug-just bug" every time when disclosed :) Not to say about last Google/M$ trends that got in user's underwear already. Re-phrase Twain, rumors of NK danger are greatly exaggerated. SETI apps news We're not gonna fight them. We're gonna transcend them. |
TBar Send message Joined: 22 May 99 Posts: 5204 Credit: 840,779,836 RAC: 2,768 |
Common Raistmer, you know the only drivers supplied by the 'Suppliers' are for Windows. That driver CD would be more useful being used as a Frisbee with Fido than a Linux driver CD. The Driver was the standard one from nVidia, which has Never embedded Chinese in an App before. Obviously the stderr was being written by the App, the machine running the App didn't even have a Chinese card, I believe I mentioned that. The only question is how the Chinese card trigger the App to write stderrs in Chinese. I wasn't aware a GPU can override the code being used by a compiler. Both Systems involved were using English, US as the language.I've got a Chinese story of my own. It involves those Chinese Video cards selling on eBay. I ended up with one and decided it might be useful to just run the Display on My development machine. As long as you don't try to use it for compute, it seems to run the monitor fine in Linux. Most of My cards are in the Mining machine so I was short a card or two. All seemed well, the Apps passed the Benchmark App so I placed it on the Miner. Then I noticed the Inconclusives. Then I checked the results...most of the Stderr output was missing. Then I checked the Stderr output in the slots as it was being written. The Stderr output in the Slots were all in Chinese. You can't make this up. The client_state apparently doesn't do Chinese so the results were just missing in the Client_state file. The files in the Slots were full of Chinese though, even though the App wasn't being run on a Chinese card. Weird. So, I replaced the Chinese card, compiled another App, and all is well, No more Chinese in the Stderr output. |
Raistmer Send message Joined: 16 Jun 01 Posts: 6325 Credit: 106,370,077 RAC: 121 |
The only question is how the Chinese card trigger the App to write stderrs in Chinese. Yep, very hard question :) And if app is Lunatics based I'm sure it has no any localization strings beside English at all. So, still only driver/ runtime could be responsible. Trigger factor could be ID string in ROM. Hardly believable though driver/runtime selects language based on card ID. SETI apps news We're not gonna fight them. We're gonna transcend them. |
TBar Send message Joined: 22 May 99 Posts: 5204 Credit: 840,779,836 RAC: 2,768 |
So, still only driver/ runtime could be responsible....Hard to believe you keep saying that when the problem doesn't exist when a US marketed card is used. Obviously the Fake Chinese 970 is responsible. This is a Fake 970, to fool the BIOS the card uses a Boot ROM prior to entering BIOS. If you watch the screen closely you can see the card info appear on screen just before the machine enters BIOS. This is how they can fool the machine/OS into reporting a 550Ti is really a 970. Remove the Chinese Fakery and the problem goes away. |
Jord Send message Joined: 9 Jun 99 Posts: 15184 Credit: 4,362,181 RAC: 3 |
I'd say what you give is what you get in return. Nothing new. Absolutely same measures required when one deals with "good old" non-outsourced Americans firms and their hardware/software .Yes, and you're a Russian, anything you say has to be not believed or let's call out the Russian Ambassador on that. :-) |
Raistmer Send message Joined: 16 Jun 01 Posts: 6325 Credit: 106,370,077 RAC: 121 |
So, still only driver/ runtime could be responsible....Hard to believe you keep saying that when the problem doesn't exist when a US marketed card is used. Obviously the Fake Chinese 970 is responsible. This is a Fake 970, to fool the BIOS the card uses a Boot ROM prior to entering BIOS. If you watch the screen closely you can see the card info appear on screen just before the machine enters BIOS. This is how they can fool the machine/OS into reporting a 550Ti is really a 970. Remove the Chinese Fakery and the problem goes away. So you suppose GPU BIOS is able to redirect text output to file? Hm... I would like to look at such card, really. Sounds like this masterpiece would be much more costly that usual 1080Ti perhaps :) SETI apps news We're not gonna fight them. We're gonna transcend them. |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.