Author Topic: SMCI - Super Micro  (Read 6481 times)

Foreign Tuffett

  • Hero Member
  • *****
  • Posts: 537
Re: SMCI - Super Micro
« Reply #20 on: October 06, 2018, 05:46:31 PM »
A net net is only useful is you can flip a switch, shut the company down, monetize the assets. If the company continues to operate and losses mount that net/net advantage can quickly evaporate.

This is a company with a founder/shareholder in control. It's not a situation where the guy will go.... well it was fun while it lasted. Let's close her up, take the money and be merry.

There will be consequences from this for the company. The only reason why these guys have business it's because they're cheap. But it's also a commodity business. Which means that their competitors, while more expensive, won't be that expensive. So it won't cost so much to leave them. To a company risking reputational damage, leaving them is almost instinctive, a no thought decision. Notice how Nate mentioned in his post that they don't use SuperMicro?

I guess the extent of the damage will depend on the makeup of SuperMicro's customer base. For example, in the case of a porn company, they probably don't care much if Chinese Intelligence also gets a peek. So they'll keep going for the cheap servers (I imagine a discount will be forthcoming as well). But other types of clients will care very much. But there will be damage. This is also happening to a company that got delisted because it couldn't produce financials for their relatively simple business. Very hairy indeed.

I'm impressed that you managed to slip the words "porn" and "very hairy" into the same paragraph. You sir, are a sly one!

On net-nets generally, I think they are worth paying attention to because they are the cheapest of the cheap, not because (in most cases anyways) they are likely to liquidate. I can seen how my earlier post could be easily misinterpreted.

In the present case, my point about the company possibly being a net-net at the current price was to point out just how little credit the market is giving it as a viable enterprise - despite its track record of success. I would be very surprised if management moved to liquidate the company.

I mentioned it before, but if this Trojan horse motherboard exists, some of the hardware should show up and  should get dissected by hardware nerds in the next few weeks. If the hardware doesn’t show up, the scope if this was either very limited or the entire thing a hoax.

This is a really smart thought.


If someone offered you the chance to buy all of Super Micro's inventory what would you pay for it? I personally wouldn't be willing to pay anything near cost for it.

Whether individual pieces are infected or not may not even matter. Who is going to recommend the purchase of that hardware to their boss now? Seem like it would be a lot of career risk for an IT buyer...

OK, you think their inventory is likely worth less than it is likely* marked at. That's definitely a valid position. I think sales could decline + they could take an inventory haircut and, despite all that, investors could still do well here if they get their financials up-to-date and continue to sanely operate the core business.

* I say likely since we don't have an up-to-date balance sheet




writser

  • Hero Member
  • *****
  • Posts: 1632
Re: SMCI - Super Micro
« Reply #21 on: October 08, 2018, 02:38:58 AM »
Interesting, skeptical article on the whole affair: https://www.theregister.co.uk/2018/10/04/supermicro_bloomberg/ (warning: nerd stuff). Some snippets:

Quote

[..]

A fourth thing is this: why go to the bother of smuggling another chip on the board, when a chip already due to be placed in the circuitry could be tampered with during manufacture, using bribes and pressure? Why not switch the SPI flash chip with a backdoored one – one that looks identical to a legit one? Perhaps the disguised signal coupler was the best way to go.

And a fifth thing: the chip allegedly fits on a pencil tip. That it can intercept and rewrite data on the fly from SPI flash or a serial EEPROM is not impossible. However, it has to contain enough data to replace the fetched BMC firmware code, that then alters the running operating system or otherwise implements a viable backdoor. Either the chip pictured in Bloomberg's article is incorrect and just an illustration, and the actual device is larger, or there is state-of-the-art custom semiconductor fabrication involved here.

One final point: you would expect corporations like Apple and Amazon to have in place systems that detect not only unexpected network traffic, but also unexpected operating system states. It should be possible that alterations to the kernel and the stack of software above it should set off alarms during or after boot.

[..]


You could be forgiven for believing Bloomberg's story in its entirely and discounting Amazon, Apple and Super Micro's denials for trying to cover their backs while refusing to acknowledge understandably confidential national security investigations.

Except the denials are far more precise and concrete than typical non-denial denials. It remains very unlikely that public companies would issue outright falsehoods, even in the current political climate, due to the market and regulatory ramifications if they were found to be outright lying to investors. Usually, assessing whether a company is telling the truth comprises of carefully parsing statements and seeing what aspects of a story they don't address.


Regarding Apple denial:

Quote
But it also makes a strong denial that deserves attention: "On this we can be very clear: Apple has never found malicious chips, 'hardware manipulations' or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement."

Whichever way you parse that, it remains a strong denial. If it turns out the Bloomberg report is true, it would be hard to paint that sentence as anything but a lie.

It is also worth noting that neither Amazon nor Apple went for the usual "we do not discuss any national security or law enforcement issues as a matter of policy" – which is the most common tacit way of acknowledging something happened without saying what.

I wouldn't be surprised if the whole story turns out to be exaggerated. Though even if it is, it can still have a horrible effect on SMCI's sales.
When you are dead, you do not know you are dead. It's only painful and difficult for others. The same applies when you are stupid.

Foreign Tuffett

  • Hero Member
  • *****
  • Posts: 537
Re: SMCI - Super Micro
« Reply #22 on: October 08, 2018, 06:54:44 AM »
Stock bouncing this morning on news that the Department of Homeland Security "has no reason to question" the tech companies' denials.

https://www.bloomberg.com/news/articles/2018-10-07/dhs-backs-u-s-tech-companies-denying-china-hacked-their-systems?utm_source=google


writser

  • Hero Member
  • *****
  • Posts: 1632
Re: SMCI - Super Micro
« Reply #23 on: October 08, 2018, 06:55:30 AM »
As another user pointed out in the Amazon thread, the DHS has now also issued a statement: "we have no reason to doubt the statements from the companies named in the story", i.e. Apple, Amazon & Super Micro. Either is is a technological infiltration of unprecedented scale followed a by deep state cover-up or the Bloomberg article was somewhat sensational. I'm betting on the latter. Extraordinary claims require extraordinary evidence. To put my money where my mouth is I bought a few hundred shares. Shares are already up ~50% from the bottom but still down 33% from before the article. Wouldn't surprise me if this trades a few dollars higher in a few weeks.
« Last Edit: October 08, 2018, 06:57:33 AM by writser »
When you are dead, you do not know you are dead. It's only painful and difficult for others. The same applies when you are stupid.

Foreign Tuffett

  • Hero Member
  • *****
  • Posts: 537
Re: SMCI - Super Micro
« Reply #24 on: October 08, 2018, 10:34:26 AM »
Apple has released a letter it sent to members of Congress today:

https://www.scribd.com/document/390316327/Letter?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axiosam&stream=top

Also, here's a good Twitter thread with opinions from computer security professionals:

https://twitter.com/taviso/status/1048931456599220225

pcm983

  • Jr. Member
  • **
  • Posts: 51
Re: SMCI - Super Micro
« Reply #25 on: October 08, 2018, 07:48:55 PM »
Seems like a long here. Also potential lawsuit against bberg.

https://risky.biz/RB517_feature/



Foreign Tuffett

  • Hero Member
  • *****
  • Posts: 537
Re: SMCI - Super Micro
« Reply #28 on: October 10, 2018, 10:38:31 AM »
Was feeling pretty smug yesterday until I realized that Bloomberg had publisher another "spy chip" article, which (again) crashed the stock.   :P

Nibbled a little more @ $12.15 yesterday, only to sell that nibble today @ $12.85. Still hold the bulk of my position.

As hilfronter83 pointed out, several hardware security professionals on Twitter are quite skeptical about many of the substantive claims made in the Bloomberg articles. I don't have the technical expertise to have a much of an opinion, but do think it's odd that no picture of a spy chip has surfaced.





oddballstocks

  • Lifetime Member
  • Hero Member
  • *****
  • Posts: 2209
    • Oddball Stocks Blog
Re: SMCI - Super Micro
« Reply #29 on: October 10, 2018, 10:49:21 AM »
Was feeling pretty smug yesterday until I realized that Bloomberg had publisher another "spy chip" article, which (again) crashed the stock.   :P

Nibbled a little more @ $12.15 yesterday, only to sell that nibble today @ $12.85. Still hold the bulk of my position.

As hilfronter83 pointed out, several hardware security professionals on Twitter are quite skeptical about many of the substantive claims made in the Bloomberg articles. I don't have the technical expertise to have a much of an opinion, but do think it's odd that no picture of a spy chip has surfaced.

Why would it be odd?  How does a picture do much?  It's a small thing that looks like a capacitor.  My guess is if someone posted a picture people would still say "but it just looks like a chip, we don't know it's real."

I don't know if this exact story is real, but the NSA has chips and spies with this sort of hardware.  Technically the functionality exists, that's not a stretch.

I remember back in 2000/2001 on the underground of the internet there was a lot of rumbling about the NSA being able to tap lines and record all traffic.  It was a rumor, there were some data points, but it was all rumor level.  Very similar to this.  Then suddenly Snowden released his cache and validated those claims.  More than ten years later those rumors were proved to be very accurate.

This story has a lot of similarities.  It's plausible, we know the US does it, so why wouldn't China, and there are weird rumors.  Apple started to build their own servers in 2015 to avoid hardware security issues.  Then Apple cut off SuperMicro in 2017.  I mean it could all be coincidence, or it could be accurate.

As to this having an impact? I'd suggest reading some of the SysAdmin reddits or forums.  There is skepticism on all levels.  I've seen a lot of "to be safe we're just going to go with someone else" type posts.  I don't know if that trickles down into future earnings or what.

I love net-nets and I love depressed stocks.  But you don't buy as the knife is falling.  You wait until they've had three or four bad quarters, they've cleaned things up, and the market still doesn't care.  That's when you buy.  If I miss out, then oh well.  But buying here seems really risky verses waiting for things to settle some.
The ultimate edge for bank investors: http://www.completebankdata.com