Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
MG Profile picture
@_MG_
May 1, 2021 23 tweets 8 min read Read on X
Want cliff notes on the chip shortage?

It’s fairly complex with all kinds of defensive & offensive tactics at play, but here is a summary from my position:
1/n
I design PCBs & have them assembled. All the little components on the board are purchased from a supplier, and have a reliable cost.

Many of the components have a piece of silicon inside them. Take this Arduino PCB for instance:
2/n Image
There are very few places that can produce this piece of silicon. The component makers are basically paying for time slots on the machines at the silicon fabs.

The pandemic cause auto makers to cancel their slots because they expected low demand.
3/n
All the other component makers gladly took the slots. But then the auto makers realized their estimates were wrong. So they bought back those slots at 6-8x the cost. And governments pushed to give priority to the auto makers.
4/n
This translates to higher costs for everyone else, but also much longer wait times as everyone gets bumped out. Add in increased chip demand, & suddenly we have shortages.

If just one component is out of stock, my entire PCB cannot be made.
5/n
Normally that means waiting 1-2months for the stock to come back. But now the lead time is more like 1 year.
6/n Image
The amount of finished components on the market is fairly limited. So now PCB manufacturers of all sizes are resorting to buying up what they can and hoarding it. If they don’t, they won’t have products for their customers for a year or longer.
7/n
But you also have market competitors. What happens if your competitor has components but you don’t? What happens if you buy up what your competitor needs to hurt them? (it’s happening!)
8/n
When it gets down to the small independent hardware makers, we don’t have as much $ to participate in most of this.

If we are lucky, we can rebuild our PCB to use a different component. But by the time you do so, the replacement part is out of stock.
9/n
There is way more going on, but that’s the high level.

You will probably see hardware go out of stock for extended periods of time. And if the maker is small, they may not survive long enough to put them back on the shelves. Sadly, that has already started happening.

10/n
I’m certainly missing a lot here. So I welcome additional info!

People off the top of my head who are also in this space: @colinoflynn @securelyfitz @esden @ktemkin @Chris_Gammell @zhovner @obra @GregDavill @timonsku @joegrand @nwsayer
I may actually do a video that allows this to be covered in slightly more depth if anyone is interested in viewing that (or collaborating on it!)
I have seen varying opinions on when chip supply returns to normal if nothing else bad happens (like one chip fab starting on fire, one losing power for an extended period, or the upcoming drought for another). Seems to be in the range of 1-2 years.

13/n
From that point, it usually takes 2-5 months for a PCB to get assembled and eventually go up for sale.

14/n
FOLLOWUP
Since this thread seems to be helpful for others, I’ll add more as it comes up.

Some of us are seeing significant rises in component prices from those who hoarded with the intent to resell. Colin here was quoted a 60x jump in price. 😭

15/n
A month later and the pricing is still silly
Shipping costs are going through the roof now. This obviously applies to anything being transported in a shipping container, not just electronics.
The shipping container issue is its own complex supply chain problem. Heavily backed up ports, under staffing, empty containers on the wrong side of the world (imbalanced trade flows), etc.

But it goes to show how many fragile & complex pipelines are needed for goods.

18/n
Assembly houses are now sending cold emails that offer up cannibalism services to deal with the shortage.

This kind of thing costs SO much money to do.

19/n Image
This is continuing to take a heavy toll on small companies. This is terrible.

20/n
Flipper Zero is hitting some serious hurdles of delays and component prices jumping by 20x

@zhovner must have his hands full right now. Pretty detailed post on the numerous problems:
kickstarter.com/projects/flipp…

21/n
I just tried to buy a chip antenna. (No silicon. Just a wire encapsulated in ceramic) It’s out of stock almost everywhere with a 10 month lead time.

One shop hoarded them all and wants 500% the normal price.

22/n
It’s the time of year when contracts are negotiated for most silicon fab. Costs are going up by 20% and discounts for big customers are going away.

While this means prices will rise, I’m hoping it means that chip access for small players improves.

wsj.com/articles/world…

23/n

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with MG

MG Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @_MG_

MG Profile picture
May 2
People were concerned that gov record retention laws were being broken due to the use of Signal. This picture shows that’s not the case!

See the “TM SGNL” on screen? That’s a Signal wrapper specifically for maintaining archives of the messages.

telemessage.com/mobile-archive…

I can’t comment on security implications of the wrapper, but I suspect my prior criticism of “probably not using Signal securely” are fairly off base considering how this alters the threat model.Image
Yes. I’d love to know what “I have confirmation … its turned off” refers to as well :p
Looks like TeleMessage was probably procured and rolled out under Biden. There are public records for it. Image
Image
Read 9 tweets
MG Profile picture
Mar 24
I have a slightly different take on these leaked signal messages of the Trump admin planning the attack on Houthis…

Once again, it’s that nobody seems to use Signal SECURELY. If they had, this leak would have been less likely.
🧵1/n Image
Image
Image
The Atlantic article on this touches on policy of where & how these comms should happen, but completely misses the Signal failure that started this.

It starts right at the beginning. A new connection request was made by Mike Waltz, and then immediately added to a signal group. Waltz did NOT do anything to verify the identity of the person (else he’d quickly notice it was a journalist), and clearly did not verify the Signal Safety Number over a trusted channel (which means it’s susceptible to interception).

I doubt they are using things like Registration Lock either, which means anyone can hijack their Signal accounts with a simple SIM swap… which should be assume an automatic threat when the telcos have admitted China has access to everything.

The failure to do this also points to a strong indication that this is likely a recurring pattern of OPSEC failure when using Signal. The consequences could be much more severe than this leak.

🧵2/nImage
We constantly hear about “Signal being broken” and it’s always seems to be from people who don’t know how to securely use Signal.
🧵3/n
Read 7 tweets
MG Profile picture
Feb 27
Anyone can track the physical location of Bluetooth devices across the earth, & it flew under the radar.

All you need is the MAC, which is trivial to get by just using a BT scanning app neatly the target.*

Then you guess (90% success rate) a matching key that makes Apple’s FindMy network think this device happens to be a lost AirTag.**

That’s it! The FindMy Network then tells you the latest location. It was discovered by George Mason University & called nRootTag. Apple has started to roll out some sort of change, but it’s unclear how impacting it will be or how long it will take. GMU researchers worry it could take years to be effective.

*unless it’s Bluetooth 4.2+ and is using the optional privacy features.
**requires running the MAC address through a GPU cluster, which can also be done in advance by building a rainbow table.
Details are a bit sparse, but more will come in August, according to the GMU post:

cec.gmu.edu/news/2025-02/f…
Exactly. It doesn’t matter who the manufacturer of the Bluetooth device is, it’s findable by the FindMy network!

There are a few ways Apple can minimize this I believe. Heavier restrictions on how a devices is reported as lost. Blocking lookups of devices not rotating their key (which will probably break a lot of non-Apple devices using the FindMy network). Etc.
Read 4 tweets
MG Profile picture
Jan 12
“recognized as malware” is the end of the analysis? Bruh…

At least share the exe so others can check it out and either validate this or put the nail in the coffin.

There are so many ways something gets flagged without it being malicious itself. Down to being simply unsigned.

The chances of this being intentionally malicious are very low. And you haven’t done nearly enough to demonstrate otherwise.

That doesn’t mean it’s necessarily safe. You paid pennies above the cost of the hardware via AliExpress. That gets you the lowest effort software too, where security is not a concern.
Imagine buying DIY canned food from an alley and then pearl clutching when it’s not FDA approved… and then acting like the makers are spies trying to poison you. 🙃
Prove it!
Don’t get me wrong. China is an intentional adversary in many avenues. But the threat posed by AliExpress & Temu is economic.

If you are buying lowest cost hardware, you aren’t getting any effort beyond basic functionality. Safety and security aren’t part of that. Don’t confuse that for intentionality.

COULD these things be leveraged by a 3rd party to undermine your security? Very likely. But you are just about as intentionally complicit in that as the seller.

I’ve ranted about this before:
Read 7 tweets
MG Profile picture
Nov 26, 2024
When we added C2 capabilities to OMG Cable, people would say “But I’d notice it on my network!”

I said: yeah, but would you notice it on your neighbor’s wifi, free cafe wifi, etc? 😈

Also, here is a free nightmare: when wifi drops due to power loss, those battery powered IOT devices do ALL kinds of useful things if you’re in range.
Oh absolutely. Most places won’t notice. Especially with the added MAC spoofing and the C2 traffic looking like misc web traffic. There are lots of options before needing to use a nearby network, or supplying your own.
The guest net is often a great option too!
Read 4 tweets
MG Profile picture
Sep 17, 2024
The exploding Hezbollah pagers situation is an incredibly impressive supply chain attack by Israel (most likely). I am sure more details will come, but there are already some educated guesses to be made that narrow it down.

🧵1/n
First, with over 1000 instances being reported, this is likely supply chain as opposed to a few modified devices. Done either during shipment and/or at the factory.
🧵2/n
2nd, the explosions are substantial. Probably a high explosive like RDX or PETN. I am guessing the explosive was integrated into the battery for physical stealth. But, unlike Israel, I don’t know if Hezbollah checks their internals for it to matter.

🧵3/n
Read 25 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(