Let's say Super Micro is right and there were no malicious hardware at all for sure. What are the consequences for Bloomberg for this incompetence? I mean, there needs to be something..
Just because you're a news organization, you can't simply escape with "Oh, my bad". This had real implications on stock prices of so many companies and wiped off shareholder value on many of them, including Super Micro.
If Bloomberg's story was false, they shouldn't just walk away like that because "it's the free press".
Nothing, just like nothing will happen to the outlets who are currently pushing this "Huwai is spying on everybody" narrative with not an ounce of evidence for it except for unfounded and unsourced claims by FiveEyes intelligence services [0].
Afaik that whole Bloomberg/Super Micro thing was similarly set up, referring to "anonymous intelligence/industry services", not even naming the company that supposedly did the security audit.
People have to realize that these kinds of narratives are often pushed by parties in the West, with a vested interest, just as much as it happens in the supposedly "propaganda riddled" East.
It's for those same reasons that the amendments to the Smith-Mundson act, which happened back in 2013, haven't seen any widespread attention or even mention anywhere in the mainstream [1] because the good guys don't do "propaganda", they do "interventions" [2] and "information campaigns" [3].
I see people say this a lot, but I'm using an Honor 10 and have spent a bit of time this week alternately MITM proxying connections from the phone and capturing DNS at the router.
I found very infrequent calls to HiCloud (Huawei's cloud service), almost always using a HiCloud enabled app where it would make perfect sense to communicate with the service.
On the other hand, I seen third party apps (none of which were pre installed) almost constantly firing requests to analytics and ad services. Microsoft Edge was the worst culprit - virtually every action I took (opening menus, tabs, etc) triggered a request to vortex.data.microsoft.com. Spotify calls Scorecard Research in the background often, even if it appears not to be running. Google calls the connectivity check service very frequently (even when network conditions aren't changing). The BBC iplayer apps (when ostensibly not running) refresh channel and config data frequently in the background.
I see a lot of rhetoric calling out Huawei phones for being spyware ridden trash, but honestly my own research this week suggests that the privacy controls on the phone work well and that third party apps are more of a privacy threat.
"Seeing HiCloud request while having HiCloud app enabled" -> and so ... ? The question "if I refuse all their services, do they still collect my data". No surprise your phone makes request if you are using their services.
"Third Party apps are not privacy respecting and sending data to Google" -> yes nothing new, we're not talking about the spyware you can install from the playstore yourself, you have a lot of choice there too indeed, we're talking about pre-installed apps.
As far as I can tell, the concern with Huawei is not that their phones have some kind of obvious backdoor, but that the Chinese government has Huawei's private keys and can load arbitrary software on their phones, something the Chinese government uses sparingly to attack targets they don't like. And not just phones, their switches, routers, base stations, and other gear - in that case used to eavesdrop on cellular voice traffic around the world.
Even if Huawei didn't do this willingly the Chinese government doesn't operate by open rule of law. If the Party decides they will comply then they will comply. No news outlet will report on it. Social media will be censored. None of us in the west will ever know. There is no court to appeal to because the courts are under the thumb of the Party. Huawei is required to hire Party members as employees - Huawei leadership might not even be aware of it for plausible deniability reasons.
This is the direct result of the State apparatus that the Party in China has built for itself. They can cry all the rivers they want about Huawei; it's their own fault. Even if nothing nefarious is going on the suspicion alone has a huge impact.
To address the whataboutism: The whole issue around NSA revelations is entirely because that sort of thing isn't supposed to be possible in the USA (and nominally wrt NSA is only supposed to be valid when it involves foreign individuals). Individuals and companies regularly challenge government over-reach so there are at least some checks and balances, even if they aren't as strong as we'd like. Apple can choose to fight a court order. Trump's executive orders can be blocked.
Now imagine a new story claiming someone sued to block Xi Jinping's executive order in China. Such a scenario is absolutely laughable.
There is a difference between China and the West. To pretend they're the same is to pretend a bicycle is identical to a semi. They're both methods of transportation with wheels that carry cargo but there is a wide gulf in practice.
edit: As for the Supermicro story, who knows. The attack is certainly theoretically possible. Whether such an attack took place is another matter and so far no one has provided a tampered board as evidence.
The only way to be reasonably sure it isn't happening is to sample the final product, tearing down every individual component to verify everything (down to the traces on boards and gates on chips). That's a lot of work, expensive, and time-consuming. Most manufacturers probably don't bother. That applies regardless of where the product is assembled unless your own factories are producing every single component.
I worked for several US-based handset manufacturers as a consultant. It's common to have the handset mfgr host features on its own cloud such that the phone is entirely dependent on it to function: the cloud goes away, large swaths of phone functionality breaks. It sucks but it's true.
Isn‘t the given example of a phone for the chinese market?
From the thread there:
“this will only happen with phones that are meant to stay in china, and also using software made for the chinese market. if your phone is shipped outside of china or has google play services, they're fine”
“It's only Chinese roms that don't have Google play store. This has been known for awhile and honestly this while ep 2 shit is nothing new.”
Can't open the link because of rate limiting - hn effect?
Anyway, is any phone-home spying? What if it phones US servers, say Google's? Unfortunately I can't think of a popular brand that doesn't spy on its users (no matter what the reasons are).
thats not entirely true, while isp's do get a copy of your plain text data if its not end to end encrypted(and likely offsell it), bgp routes would likely need to hijacked or somehow compromised while the data was in transit for a chinese server to get a copy of that data
Seems like anonymous sources inside the intelligence agencies is how a lot of the news gets generated these days. Anonymous figures don't have to worry about their reputation or credibility and can just leak occasionally true information to keep getting published.
When to grant anonymity is a complex question, but I'm immensely frustrated by how many reporters don't even stop to question why a source might want anonymity. In particular, why a source who's part of the government, making a claim that supports a government narrative, via unclassified data, would have any need for anonymity if they had faith in their claim.
Conor Friedersdorf summarized matters very nicely years ago, and it's a shame so few people seem to have paid attention:
> The very weakest case for withholding a source’s name is when 1) powerful officials 2) with a clear incentive to lie 3) use anonymity to spread a self-serving narrative 4) without accountability 5) on a matter of great consequence.
Agencies always have official spokespeople and anyone making comments to the press about things they shouldn't be talking about (like an active investigation) can get in a lot of trouble if that agency finds out it was them who leaked to the press.
They do have a reputation, to the journalist. It's not as far reaching, but you bet that journalist isn't going to trust that source again if they are caught lying. Or even that agency.
This is certainly how things ought to work, but it's far from clear that it does.
A reporter on an international affairs beat can't possibly dismiss sources as broad as the State Department or CIA - which makes it very possible to rotate through mouthpieces as they're proven unreliable. (And that's usually when clear dishonesty is found, not just plausibly-mistaken claims.) And anonymity is usually protected even when a source is found to having knowingly mislead journalists, which means a dishonest source is only burned for a single reporter or outlet and can go seek out a new audience. Multiply the number of mid-level employees at a major government body by the number of reputable news orgs and this starts to look completely sustainable.
It's something (reputable) news accountability groups have been upset about for years, but no one seems to have solved it. Conventional wisdom appears to be that publications are scared they'll lose source access completely if they start unmasking dishonest USG sources.
> A reporter on an international affairs beat can't possibly dismiss sources as broad as the State Department or CIA
It's actually worse, the power dynamics are completely lopsided: He/she can't disgruntle his governmental sources or else there's the very real possibility of being cut out of the loop/any access at all in the future.
Which isn't a great prospect for any journalist because you can't get any "scoops" when your competitors have privileged access to information.
In-depth interviews, early story tip-offs, and 'approved' leaks with accurate content aren't just a way to distribute information and build connections with reporters, they're a way to cultivate dependence. If 95% of unverified content is accurate, a reporter who can't get pithy 'official' quotes or advance warning on stories will consistently produce worse output than those who can.
It seems like a few particularly famous publications can push back because they're too big to shut out, though their individual reporters often still fold. (e.g. the NYT on Iraqi WMDs.) And there's a bit of room for dedicated 'dissenting' sources like The Intercept and CounterSpin, because they can curate a reputation as leak recipients and then fill out the rest of their schedule with media analysis instead of breaking news. But overall, first-line sources seem to be very effectively trapped by this pattern.
The journalists should lose whatever credibility they have as well as their news org that shamelessly supported the "story". I sure as hell don't trust Bloomberg nearly as much as I used to.
When it comes to information on traded companies, people should always consider that anonymous sources are 99% of the time biased. Nobody goes out giving information about a public company for nothing, and when the information is true they will be open and present documents proving it.
Those are very different cases. Also, public citations of classified intel is a dumb thing to require. I hope the reason why is obvious.
In the SuperMicro example, the same shadowy government organizations you accuse of conspiring to build a narrative against China are some of the people who debunked this story.
They do provide sources sometimes - even when their stories are false - which makes credulity without proof that much more surprising.
They're not inviting anyone into Langley, and if this were a claim about e.g. cyberattacks on Ukraine we might not expect evidence. But for something evaluated domestically, especially with physical evidence like SuperMicro, it's relatively common for intelligence sources to point to people who can confirm key elements. That might be a non-government firm which examined the physical evidence, a non-intelligence researcher who can assess the context of a factual claim, or an affected business which can verify what they experienced.
When a CIA source told Judy Miller that Iraq was buying aluminum tubes to centrifuge uranium, they claimed that Oak Ridge nuclear scientists had confirmed their assessment of what the tubes were for. They hadn't, but she apparently didn't bother to check.
When "U.S. officials" told the Washington Post that Russian Grizzly Steppe malware had infected the US electric grid, they provided the name of the utility company which had been attacked - Burlington Electric. Again, this was untrue (the code was found on one laptop unconnected to 'the grid'), but the reporter involved didn't check.
In the SuperMicro case, there doesn't seem to have even been a name given to check, just vague assertions that some company had performed an audit. That ought to have been a warning sign, but it looks like Bloomberg accepted source diversity in place of concrete or verifiable details - we're told of six national security officials, three Apple insiders, two AWS sources (and a partridge in a pear tree).
If they want their claims to be taken seriously, then they really should.
Without that, it's just hearsay, hearsay by agencies who have deceit as part of their job description and as such should be taken with a massive grain of salt.
Imho they've also become shy about openly sharing sources because it allows them plausible deniability, they don't want an Iraq style curveball [0] all over again, where the attribution of the misinformation can be too easily traced back straight to them.
They don’t share sources because simply it would reveal the sources. It has nothing to do with plausible deniability because they don’t care whether you believe them or not. The governments do and that’s all that matters.
I dunno, maybe they've (who is "they" anyway?) become shy because when their claims are examined, they so often turn out to be nonsense? When was the last time anonymous "government sources" or even "five eyes official" told us something which is demonstrably true? Cuban missile crisis?
I wouldn't, but I also wouldn't expect a reporter to publish this info without finding anything corroborating. This whole story is about physical sabotage devices, supposedely planted in large quantities, why couldn't they find any of these devices or a single person willing to state they saw one?
No, they shouldn't just walk away. They should apply sound journalistic principles to investigate exactly how they came to the conclusion, and then publish that investigation with full disclosure. Not sure if I've ever seen a news organization do that though (minimal retractions in a place no-one looks doesn't count).
CBS Killian Papers pretty much. There have been some significant examples but there actually aren’t that many cases of a major pub running a “scoop” that no other major pub runs with as well that turns out to be flat out wrong.
There are certainly examples of mainstream media as a whole getting behind a story like lead-up to Iraq War but this is something different.
Another one that comes to mind is This American Life with the iPhone Chinese factory story. They did an entire episode (hour long) and how/why the error happened.
And still another is the Rolling Stone campus rape story. It does happen but when major media outlets are found to have published a major story that’s flat out untrue there does tend to be a pretty loud mea culpa.
I think that's in large part because often many others will pile in by referring to the newspaper that ran it. I wouldn't count that in same class, as they're often "technically" not wrong in that they're reporting that "according to X, Y happened" rather than making the false claim that "Y happened".
The fake Hitler diaries would be one of the really major examples of this, where Stern, Newsweek and the Sunday Times ran the primary stories, and lots of other publications ran stories about the stories in those three.
And that's also a major example of the main sources taking a lot of flack afterwards, with firings, lawsuits, and books and movies about it afterwards, but it's not clear if it actually harmed the newspapers themselves. E.g. Murdoch has suggested the Sunday Times actually profited from it in the long run as Stern paid them back what they paid for access, and it boosted their subscription numbers even after the hoax was revealed.
>it's not clear if it actually harmed the newspapers themselves
As long as 1.) it's a rare event and 2.) the publication gives the appearance, and perhaps the reality of, throwing the guilty and those in the wrong place at the wrong time under the bus, putting better processes in place, apologizing profusely,and being very introspective about the whole affair, people tend to forgive and forget--or at least forget. And their peers probably have at least a bit of "there but for the grace..." about the whole thing anyway.
I'm being a bit snarky about throwing people under the bus. Usually there are people who are guilty mostly in a "the buck stops here" sort of way. But, in most of the recent cases I can think of, there were individuals in the news organizations who so wanted stories to be true that they were at best inept in a way it's not clear they understood even in retrospect.
Presuming it was him, the story would go like "I'll create a blatantly forged document that confirms a narrative that CBS wants to push and send it to them. I expect they will publish it immediately with no fact checking whatsoever, double down when called out on it, and the entire rest of the mainstream media will stick behind them."
Now if that's the story... I'm not saying Karl Rove is an angel or anything, but this seems like he's 10% bad and CBS news and every media source that stuck behind them is 90% bad.
The genius of what I'm accusing him of is this: the story itself was real (Bush going AWOL; taking advantage of his father's position).
Why not make a document that ostensibly validates that and bake in the fact that it was a forgery to be revealed so that all focus is on the forgery and not the facts that Bush shirked his service?
It's a brilliantly devious move and exactly the type of thing Rove would do (e.g., bugging his own office and then accusing his opponent of the misdeed, etc. etc)
I see what you mean better now. It still strikes me as rather odd though. The AWOL story never got all that much traction in the first place. Why undertake a high-risk plan to kill a relatively minor story? Theoretically, CBS could have identified the forgery, realized someone was trying to pull a dirty trick on them, investigated the source much more closely, and went live with details of that instead of taking it at face value. Unless of course he was so confident that CBS is completely incompetent and will do absolutely anything to push their chosen narrative that he thought there really wasn't any risk at all. If he did do it and thought that, he ended up being far more right than anyone could have imagined.
I distinctly remember the overall landscape of the time being that the mainstream media was constantly poo-pooing bloggers and internet sources for not having the "journalistic standards" of themselves. It's quite an attention-getter to prove by their own actions that their only real journalistic standard is keeping their positions of power and promoting a preselected narrative.
In the context of all that, it seems a little weak to whine that they were set up by a Republican dirty trickster. They had just spent the last few years claiming that they were the only news source that could be trusted because they were the only ones competent enough to properly fact-check sources exactly like that.
That would have been brilliant insofar as the Killian Papers pretty much blew up a legitimate news story, albeit one without quite such a visibly smoking gun. But I don't actually believe that.
Nothing out of the ordinary for people like Roger Stone or Karl Rove. That's what they did for a living for decades, and they were (are?) very good at it.
So, when looking at this, we have to remember that reporters aren't analysts; they're not expected to have subject-specific background and make personal judgement calls as to what the underlying truth is. If you want that you can certainly get it - for a much higher price than a newspaper. That's what firms like Gartner are for.
Reporters to a very large extent report what sources say. Their judgement comes in considering the credibility of the source.
In this case they got a number of "credible" but anonymous sources. What they need to do now is make a choice:
a) burn the sources: publish the names and start investigating them and why they might have fed false information to Bloomberg. This will make it harder for them to get stories in the future, and may be considered a breach of journalistic ethics by some, but it also makes it less likely that people will try to play them like this in the future.
b) try to find some on-the-record sources for their story.
This is a case of c) Reporters were completely reckless. They bought a small 0402 decoupling capacitor, put it on pencil tip, and then claimed that it was a chip that could hack your device.
Any EE worth their salt knows exactly what 0402 decoupling capacitors do, and that there's no way you can hack from that angle. It has to do where that particular chip is placed: usually on power-lines... not really signal-traces.
The fact that all known security forces are denying the story (not just big companies like Apple... but also Homeland Security), means that the reporters likely misunderstood what their sources were trying to say. They published a bad story, exaggerating a molehill into a mountain.
-----------
The thing is: we all know that BMCs are very insecure. A lot of the problem is that the Bloomberg article is pointing at lol 0402 decoupling capacitors, when any security researcher worth their salt is looking at the BMC instead.
There are too many technical details in the Bloomberg article that were outright WRONG. Its a clear cut case of reporters misunderstanding things and focusing on the wrong thing.
A lot of people got hung up on the photos, but did the text actually state what they were or were they just "for illustrative purposes" like stock photos?
I wish news services would stop placing pictures "for illustrative purposes". Either show the real thing, or don't show anything at all. Otherwise, people who aren't experts in the subject domain will have no way to determine which aspects of the picture matches reality, and will implicitly assume most of them do (the alternative, unseeing a picture, is harder).
I know I had this problem in this particular case. I assumed the chip on the photo was real, and only learned on HN that it wasn't.
Bloomberg never indicated that the imaged chip wasn't the backdoor chip. The article repeatedly suggests that they're actually showing the backdoor chip.
That's an 8-pin decoupling capacitor. But there are "really" only 2-pins. The 8-pins are there to reduce resistance and inductance.
----------
Its very clear what happened. One expert probably said something like "The Chinese are using small chips to hack us". And a 2nd expert said "The smallest chip I know of is the 0402 chip-capacitor".
The reporters then combined the two expert opinions into an incorrect statement. I would NOT be surprised if the Chinese were using small chips to hack BMCs of SuperMicro (although there's no evidence of it... it would have at least been a believable story).
But as soon as I saw the above graphic, I just WTF'd at Bloomberg. The infographic was about as misleading and WRONG as you can get.
Decoupling capacitors perform a very specific, and very easy to see function. They have two pins: C+ and C-, and the capacitor tries to keep C+ and C- at roughly the same voltage level across time. In particular, Decoupling capacitors are fully passive (non-powered) devices.
Ex: If the C+ and C- pins are 3V (on the average), then a decoupling capacitor will help keep the voltage stay at 3V. The mechanical analogue would be a flywheel: it helps regulate the voltage and prevents voltage spikes.
-------------
It makes NO SENSE for a chip to disguise itself as a decoupling capacitor. There are lots of other chips that would be a better disguise. The fundamental premise and explanation is a joke to begin with.
Like, how are you supposed to hack into a computer at the electrical level using only two pins?
Mind you: an intelligent chip-level hacking device needs... at minimum... Power, and Ground. Bam, you already used up the two pins that a decoupling capacitor has... and you haven't even touched memory or other issues yet.
Clearly, the reporters have gotten something wrong. I can believe that the reporters maybe have a real story here, but they are wandering into technical details that they clearly do NOT understand. Clearly, a mistake or misunderstanding is somewhere in that explanation.
At very least, a chip-level attacker would need... I dunno, maybe 3 or 4 pins, at the minimum. I haven't thought about it much, but its instinctively obvious that the 2-pins of a decoupling capacitor is insufficient to do any kind of hacking.
> I haven't thought about it much, but its instinctively obvious that the 2-pins of a decoupling capacitor is insufficient to do any kind of hacking.
Your instincts seem to have deceived you. There's a top-level comment with a variety of replies that discusses a 2-pin device to snoop or modify data to an I2C device, and plenty of other literature documenting the feasibility of such devices.
The distinction there is the type of device. Caps are not used on data lines. The parent comment is talking particularly about how the Bloomberg article kept referencing the attack vector as a disguised cap.
The comment that you are referring to used a 2-pin device in place of the pull-up resistor on the SDA line of an I2C bus. That does seem fascinating and I would like to read more about it but I still have a lot of reservations about real-world applications.
Caps can be used on data lines to filter out high frequency noise, as it forms an RC lowpass filter with the source impedence (see here for an example: https://jretest.com/understanding-data-signals/ ), although I do not know enough about motherboard design to know whether these caps are needed on any of the data lines.
c) report it as what it is: unsubstantiated hearsay.
A story can be interesting and relevant but impossible to prove, and you can still report it honestly by simply making it clear what came from an anonymous source and what is verifiable fact. But it's very easy (and appears to have happened all over the place in this particular article) to cite what someone tells you as fact without making it clear you're just reporting what somebody said.
In fact, the article in a couple of places appends "sources say" at the end of some statement, making you think you're reading a fact until you've reached the end of the sentence. Which IMHO is a "journalism anti-pattern".
Most of the top-tier publications actually do make a point of hiring people with subject-specific expertise. I first noticed this when The New York Times' lead medical correspondent was identified as Lawrence K. Altman M.D., because he really had earned a medical degree before heading into journalism.
In my own journalistic travels, I've worked alongside legal reporters who graduated from Harvard Law School, Wall Street reporters who earned certification as Chartered Financial Analysts, tech reporters who majored in computer science at Stanford, etc. That doesn't make them instantly right about everything. But it does mean they have the training to parse conflicting claims.
I'm not sure about the credentials of the specific Bloomberg reporters on this one. But Bloomberg does have budget and resources to hire subject experts to report on complex subjects.
Unqualified does not mean incorrect or wrong, and somebody who is unqualified can employ the services of somebody who is in order to overcome that deficiency.
“If someone says it’s raining & another person says it’s dry, it’s not your job to quote them both. Your job is to look out of the fking window and find out which is true.”
>What are the consequences for Bloomberg for this incompetence?
You, not the general concept of the reader, but you personally neya. You stop trusting Bloomberg's reporting. That's the consequence. Their reputation suffers.
Why do threads like this on HN always have such a desire for retribution?
The thing is – if you have such an incentive and you are faced with the choice between reporting a boring truth or a spiced up lie, you will go for the later. And that has nothing to do with journalism anymore.
It _could_ work – if the editors are espeically on the hunt for bogus stories.
The reason trading on stocks they cover is bad is that it creates an incentive to create news that may not be true to move the market, thus indirectly rewarding them with financial benefit.
The policy of rewarding them for moving the market simply removes the intervening steps and directly rewards them.
In concept, this only makes it worse. How much worse depends on how compensated they are, which I don't know. (e.g., if the bonus is $50 and your boss buys you a latte the next morning, it's not really that big a deal, vs. if it's $25,000 and everyone knows it's a fast track to promotions it's a pretty significant problem)
I can see how it incentivises sensationalism though. I was a tech magazine editor. I did my utmost to check the veracity of stories. I would have hated to think that my journalists were being incentivised to exaggerate.
> Why do threads like this on HN always have such a desire for retribution?
I, personally, am sick of being lied to. Single source reportage violates journalism 101; they really should suffer some consequences, just as someone should pay for the 2008 bubble, the Iraq war (Bill Kristol ... finally losing one of his platforms) and any number of other examples of the managerial class' screw ups from the last 20 years.
Hundreds of locked-in AAPL shareholders who react with venom to anyone perceived to be hurting their financial performance, irrespective of truth or morality. (Same is true for FB and GOOG.)
> Why do threads like this on HN always have such a desire for retribution?
Let's say the Bloomberg article incurred 50% loss of revenues after it was published for Super Micro. (just making up numbers for the sake of the argument). Following this, Super Micro would have to scale down their operations and potentially fire people.
That's just the same thing as sending a DMCA request on Youtube for something that is someone's own work. Currently it's "free" to do so, but don't you think there should be consequences in destroying someone's else business / reputation / work? How would you feel if it happened to you?
Bloomberg has no intrinsic power over the revenue of Super Micro. They only have that influence because people trust them. People only trust them because their reports tend to be trustworthy.
False reports harm Bloomberg, as it erode their trustworthiness and trustworthiness is very nearly their only actual value/product. False reporting is inherently its own repercussion/consequence here.
This is different from DMCA as that has power granted to it by law, not by inherent trust. DMCA does also have consequences for fake claims, so it's a false equivalency here anyway.
> Why do threads like this on HN always have such a desire for retribution?
Seeing a situation where one person/group does something that negatively affects another group without consequence tends to have this emotional response from emotionally healthy individuals.
Where do you see a problem with this type of response?
So why are we giving these reporters the time of day, then? They've demonstrably published crap and not retracted it. That reduces their credibility to nil in my mind.
I believe the current line there, at least in the US, is whether they knowingly ran factually inaccurate information.
Given their doubling down, unless we assume they somehow didn't ask their legal department, I would bet they have enough sources for the information that they think they're not at risk of being prosecuted for libel or slander.
The bar for libel and slander is very high. I also think it’s civil and not criminal, so there would be no prosecution in any case, they would just get sued.
SuperMicro, Apple, Amazon, and others could sue Bloomberg.
But they didn't.
I guess if you sue every news outlet for Rumours then Apple would be basically suing everyone. My problem is, why Apple and Amazon has such as "restrained" action to Bloomberg. May be the story isn't true, but something do smells fishy to me.
Apple isn't going to win a libel case because some source lied or made a mistake, and calling more attention to it is bad PR. It's extremely unlikely that Bloomberg team did this with malicious lies.
This is the same logic Musk applied to “pedo guy” and it was just as ridiculous then. A lack of legal action is in no way an admission that the story was accurate.
Accusing two Trillion dollar company with allegation on a national security level from a reasonably respected Business Journal is not the same as Mush calling another guy pedo.
Although I do agree A lack of legal action is in no way an admission that the story was accurate, I just thought they should do something more.
I believe freedom of speech and press is one thing but when you present serious and very specific allegations you should be able to back them up with comparably serious and specific proofs ("extraordinary claims require extraordinary evidence"). Otherwise we are crossing the boundary between fact and fiction.
The way Bloomberg presented it in the article is as if they had entire story backed by facts. That was my takeaway they sounded pretty sure save for presenting the evidence. Now, what you do if press outright misrepresents the facts and presents fictional story as if it was entirely factual.
Any individual merely accused of a salacious crime has his face spread all over the evening news just to pump ratings. Guilt, innocence, evidence or trial outcome are utterly irrelevant. So it's quite wide spread.
Of course the power dynamic between an ordinary joe and broadcasters is far different than between large corporations and broadcasters. This and worries around sponsors means there is already considerable self censorship when criticizing the latter. But I would not be surprised if industry lobbyist ultimately craft legislation to allow the former while preventing the latter through some high bar liability laws in such away that they get five already sympathetic SCOTUS justices to sign on.
Why does there need to be something more? Do you trust Bloomberg the same amount you did bebfore the story was published? Are you buying just as many Businessweeks as before?
Are you sure it isn't Bloomberg who was misled? Is that more or less likely than a billion dollar company declining to confirm a story that would cost them hugely? In lieu of proof either way, what punishment do you think is just -- and for whom?
I personally think the reward system related current human evolution punishes blunt liars, but reward "Lie Lie" teller.
A "Lie" is something that is easy to falsify with consensus.
A "Lie Lie" is not a lie but a statement intend to mislead people, difficult to get caught, easy to find a lot of lie believer to defend, eventually make a technical evidence based debate into a religious belief based debate. It's a lie about lie or a decoration upon a "lie" so the "lie" can not be categorized as a lie.
There are signatures of "Lie Lie":
* Claim there's a proof instead of provide the proof. actually any claimed proof often is not a proof but just claimers' belief.
* The claims are mixed topics some legitimate and defendable possibility along with some thing that really happened. In simple words mix truth with lie so later the can defend truth topics.
* When they give proof, they will provide the one that there are less controversial topics but not the needed ones.
* Shift the focus to defendable topics so the undefendable part(i.e. belief based part)
* Usually attached with moral high grounded good cause such as "raised the public awareness of threat from an oppressive regime" just as an example, so the "Lie Lie" teller can convince themselves and their friends, coworkers the claimers are decent people.
*The claimers themselves believe the claims so they can claim they are not lying but they don't think they are using deceptive narratives to sell their beliefs.
Most activists are "Lie Lie" tellers. The problem of our society is a lot of journalists become activists involved into ideological fight but pretend they are providing truth.
> Let's say Super Micro is right and there were no malicious hardware at all for sure. What are the consequences for Bloomberg for this incompetence? I mean, there needs to be something..
What are the consequences for a public figure deliberately lying?
What about accidentally lying? What if they are a private figure?
If we're going to have consequences for this sort of stuff, we'd need to lock up most of the people in government, and the employees of every single PR department.
It's difficult to sue a news organization, but you can sue them for false reporting if you prove two things A) actual malice occurred and B) you suffered economic damages.
If companies didn't lose money over this report, this is pretty moot. It's just embarrassing for Bloomberg.
If companies did lose money, the next step is proving that they knowingly went with a poorly-sourced story. That would require discovery, which may be fruitful.
What if there is some truth to such /similar allegations and Bloomberg knows that SunMicro would never sue, discovery and all. If during discovery it is shown that SunMicro dropped the ball 7 years or 5 months ago, it's no good news for their stockholders.
I doubt anything will happen to Bloomberg. If the journalists are found to have fabricated the story, they will probably let go. Even if bloomberg was to suffer financially or legally, some billionaire or company would bail or buy them out like what happened with Rolling Stone or WashingtonPost in the past few years. Well Bloomberg wouldn't even need outside help since their owner and namesake is one of the wealthiest men in the world. These large news companies are pretty much untouchable since they are viewed as systematically important and are backed by the wealthy class.
Using the press to manipulate stock prices has been the standard practice for as long as these two institutions exist. You can go way back to the last years of the 19th century and will find that there was already a thriving business going on between stock manipulators and the press.
"It's capitalism, let's all compete. But wait, if you're getting better than me you're the enemy. "
It goes both ways. US Capitalism vs meets Chinese Capitalism with C.
Does anyone pay attention to the media in China? It's an equally bad actor.
Now seriously, Bloomberg lost a lot of credibility publishing this. Let's see if they say anything about it in the coming days.
You've been identified by Napier's "Black Rooster."
In order to figure out which servant was stealing from him, Napier instructed each to go in the shed and pet a magic rooster that he claimed could reveal to him who the thief was. In reality, Napier covered the rooster in soot. Thus he could identify the culprit-- it was the only servant who exited the shed without soot on their hands.
Here, you correctly applied one sense of the Gell-Mann amnesia effect-- a novelist's speculation about experts' inability/refusal to generalize their criticism of a news item within their field to the entire newspaper that contains it. In practice, however, "Gell-Mann amnesia effect" is a gambit that giving a proper name to rank speculation will cause the speculation to propagate as if it were an insight gleaned from a robust research project. If you had understood that part you would have used the rank speculation only an entry point for a comment that provided greater insight (or at least further rank speculation), rather than an insightful phenomenon unto itself.
Edit: In other words, you've emerged from the shed without anything other than someone's rank speculation masquerading as research. This makes it clear you've fallen for the 2nd-order effect of the term.
By saying I did not pet the rooster you are saying that I misapplied it in way that was lying. This is odious. They published a story not considering the feasability of it. People who knew better called them out.
Crichton himself noted the irony of it by using the famous name to attach greater importance to it. Yet he noted it is true that we will quickly forget when reading other stories and himself has called for turning away from media.
Finally Overton's Window for me is about framing debate and can be applied over broad areas.
They're free to sue the paper, but it'd be futile because the standard for such lawsuits to succeed in the US basically requires Bloomberg to have known that the claims were false. Just (say) completely ignoring normal journalistic practices to get a juicy scoop would not be enough.
Well, Rolling Stone settled over the UVA rape story. Then again, that settlement is rather small in the grand scheme of things. Given the nature of the case, maybe it was cheaper than going to trial.
As I recall, Rolling Stone got done on a (somewhat dubious) technicality - the jury decided that them adding the disclaimer counted as republishing the article after they knew it was false. If it wasn't for that they'd most likely have got away with it despite all the astoundingly bad reporting.
> They're free to sue the paper, but it'd be futile because the standard for such lawsuits to succeed in the US
Not sure about whether Bloomberg was knowingly publishing false stories. But lawsuits causing media to bankrupt have precedence before - Gwarker Media, that was.
Maybe Super Micro could demand a full-page retraction, just to put the record straight in public. Either that or Super Micro could sue them for $1 just to get a point across. If Bloomberg were wrong they need to admit it.
Nothing. I was downvoted to oblivion less than a week when I said Bloomberg is over and Hackernews should embargo them and people shouldn't click them. Edit: and the downvote brigade is here again, downvoting and not giving a word of explanation. Are you paid by Bloomberg?
When the state department tells you to write a story you write the story, or face the real prospect of the end of access which will be the end your journalism career. Not an ideal system for anyone, except the state department.
As I've now said multiple times and I've not seen anyone argue against very strongly at all, there is no reason to believe this was a government-pushed story, because there are plenty of equally bad or worse things that are known to be true that could easily have been used instead. There are abundant examples of corporate and governmental espionage of this sort, in all directions. Indeed, when the article was first posted, many HN posters were skeptical precisely because they could name two or three much better ways to do it, some provided examples, and some told stories of having found these better examples already in the field.
And because if it had been a government push, it would have been accompanied by a government PR push on other fronts. But I saw no evidence the government picked up this story in particular, or even hardly referenced it. Being now months later we can also observe the government has not lifted a finger to substantiate this storyline or pull Bloomberg's bacon out of the increasingly hot fire.
The theory that this was government-pushed falls down on the ground that even if the government or some aspect of it wanted to push this narrative, this is not even remotely their best choice on how to do it.
Something like that happening would be an even juicier story than the one they published. I totally buy that some people in the government lied to some credulous reporters to get a false story they wanted out there. But there are tons of reporters out there, some of them are easy to trick, and leaning on reporters is likely to trigger their Woodward and Bernstein fantasies and result in some huge blowback. I'm not going to say that I find the level of incompetence you're assigning impossible, just that I find it unlikely.
Your snark aside, Bloomberg made these claims, it's on them to back it up. Not the other way around. So far, not a single fact has surfaced that lends those claims any credence.
I personally have learned more about the supply chain for various big tech firms. I have learned that something like what the original story described is possible, in that USA-based firms have no reliable way to prevent such hacking. That doesn't mean I believe Bloomberg's version, but then again I rarely do. I'm just not in such a hurry to believe SuperMicro's version either... We don't have to act as if we know what really happened. I don't see why anyone would be so sure that GP's speculation above about the State Department is unfounded either.
The general case of hardware being backdoored is believable, but the problems come down to, not just the lack of any kind of corroborating evidence, but the nature of these specific claims themselves having some hard-to-believe holes in them.
Basic informational hygiene is that the claim is garbage until proven otherwise, "credibility" notwithstanding. There is not only not a single positive reason to believe this story, there is mounting evidence that it should not be believed.
Haha, "credibility". A thing which does not exist.
Seriously, though, it seems that your idea of "basic informational hygiene" conflicts with a basic security posture in this case. We don't have to assume Super Micro has never been hacked, so I don't know why we would assume that. More in keeping with the topic of this thread, we don't have to assume the State Department (or whoever) has never caused a story to be published or discredited, so I don't know why we would assume that.
We're on the internet, a medium in which information can be trivially exchanged. Easily-defeated heuristics like "authority" and "credibility" are meaningless, if not harmful, when individual claims can (and should!) be evaluated on their own merits.
Basic security posture, sure, but nobody's arguing that we should change that and pretend that Supermicro is completely safe. Nothing is ever completely safe.
..but we're talking about a very specific claim which already has a number of gaping holes blown into it.
These reporters cover tech and ostensibly do not need access to the State Department. Nevermind the fact that the reporters who do cover the State Dept still enjoy access despite continuing to publish unflattering stories about the govt.
Just because you're a news organization, you can't simply escape with "Oh, my bad". This had real implications on stock prices of so many companies and wiped off shareholder value on many of them, including Super Micro.
If Bloomberg's story was false, they shouldn't just walk away like that because "it's the free press".