The world relies on TSMC for chips. Now, what if China invades Taiwan? CC-licensed photo by Kaiping Wen on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Not a variation. I’m @charlesarthur on Twitter. Observations and links welcome.

The world is dangerously dependent on Taiwan for semiconductors • Bloomberg

Alan Crawford, Jarrell Dillard, Helene Fouquet, and Isabel Reynolds:

»

Taiwan, which China regards as a province, is being courted for its capacity to make leading-edge computer chips. That’s mostly down to Taiwan Semiconductor Manufacturing Co., the world’s largest foundry and go-to producer of chips for Apple Inc. smartphones, artificial intelligence and high-performance computing.

Taiwan’s role in the world economy largely existed below the radar, until it came to recent prominence as the auto industry suffered shortfalls in chips used for everything from parking sensors to reducing emissions. With carmakers including Germany’s Volkswagen AG, Ford Motor Co. of the U.S. and Japan’s Toyota Motor Corp. forced to halt production and idle plants, Taiwan’s importance has suddenly become too big to ignore.

U.S., European and Japanese automakers are lobbying their governments for help, with Taiwan and TSMC being asked to step in. Chancellor Angela Merkel and President Emmanuel Macron discussed the potential for shortages last year and agreed on the need to accelerate Europe’s push to develop its own chip industry, according to a French official with knowledge of the matter.

The auto industry’s pleas illustrate how TSMC’s chip-making skills have handed Taiwan political and economic leverage in a world where technology is being enlisted in the great power rivalry between the US and China – a standoff unlikely to ease under the administration of Joe Biden.

Taiwan’s grip on the semiconductor business – despite being under constant threat of invasion by Beijing – also represents a choke point in the global supply chain that’s giving new urgency to plans from Tokyo to Washington and Beijing to increase self-reliance.

By dominating the US-developed model of outsourcing chip manufacture, Taiwan “is potentially the most critical single point of failure in the entire semiconductor value chain,” said Jan-Peter Kleinhans, director of the technology and geopolitics project at Berlin-based think tank Stiftung Neue Verantwortung.

«

It’s not beyond possibility that China invades Taiwan and thus has a chokehold on the world’s chip industry. I’d love to know what the US military’s game plan is in that eventuality.
unique link to this extract

---

An “angry mob” on Reddit is pushing up GameStop’s stock price and pissing off a bunch of Wall Street firms • Buzzfeed News

Amber Jamieson:

»

By encouraging everyday investors, also known as retail investors, to buy up GME stock and increase its price, hedge funds would have to sell out in order to cut their losses from having shorted the stock, which increases the stock price even further.

“Hedge funds are getting their asses kicked by the retail investor,” Lindzon said.

He noted that millennial investors have been sharing information across Reddit and social networks for years, but the sheer number of them now means they are a force to be reckoned with. “It’s like the velociraptors in Jurassic Park; they get smarter, and eventually they hop the fence,” he said.

The moment has also been a chance for young investors — many of whom have flocked to investing since the pandemic was declared, causing the stock market to jump, helped in part by free brokerage apps such as Robinhood — to flip the bird at established Wall Street firms.

…Their actions are having a very real impact on those hedge funds. Two firms announced they were investing over $2bn into Melvin on Monday — “an emergency influx of cash,” as the Wall Street Journal described it — aimed at stabilizing the fund.

But not all the young investors on WSB are making money from GameStop’s rise.

On Monday, David — a 25-year-old who works in corporate finance for a private tech company in the Bay Area and lives in the Midwest but asked that his last name not be used in this story — bought about $14,000 in GME stock after reading about it on WSB.

…He bought about $7,000 worth of stock priced at $115 on Monday morning. After watching it rise, he bought another $7,000 at $155 — except that ended up being the stock’s highest point that day.

David panicked as he realized he was possibly about to lose 15% of his total portfolio. He sold all of his GME investment and only lost about $600 in total. If he hadn’t sold them just moments after buying them, by the end of the day he would have been down around $10,000 (although he would have been up by the end of Tuesday).

«

It’s going to be a fight between “the market can stay irrational longer than you can stay solvent” v “the big guys can stay solvent longer than you can hold your nerve”.
unique link to this extract

---

Facebook apologises for flagging Plymouth Hoe as offensive term • The Guardian

Steven Morris:

»

Plymouth Hoe is one of the most well-known sites in the UK’s seafaring history, the spot where Sir Francis Drake reputedly finished a game of bowls before heading out to fight the Spanish Armada.

But Facebook has found itself in hot water after challenging some posts from local people who innocently mentioned the Hoe, mistakenly thinking they were using a misogynist term.

The social media company has apologised for its mistake and promised to take steps to ensure residents and visitors can use the term in relation to the Devon landmark.

It has argued that some words can be slurs or offensive if used in certain ways and certain contexts, but not in others – but admitted it was at fault in this case.

The problem emerged when some Plymouth Facebook users spotted that their posts were coming under unexpected scrutiny.

«

Bet this is down to some machine learning software getting a bit excitable. A Scunthorpe classic.
unique link to this extract

---

UNIX and Time • revidwerd

Drew Diver references yesterday’s linked article on Why the iPhone Timer Lies (a little) :

»

I recently finished Jaron Lanier’s book You Are Not A Gadget which sort of makes sense of the above issue:

»

There’s a core design feature in UNIX called a “command line interface.” In this system, you type instructions, you hit “return,” and the instructions are carried out.* A unifying design principle of UNIX is that a program can’t tell if a person hit return or a program did so. Since real people are slower than simulated people at operating keyboards, the importance of precise timing is suppressed by this particular idea. As a result, UNIX is based on discrete events that don’t have to happen at a precise moment in time. The human organism, meanwhile, is based on continuous sensory, cognitive, and motor processes that have to be synchronized precisely in time..

…I have an iPhone in my pocket, and sure enough, the thing has what is essentially UNIX in it. An unnerving element of this gadget is that it is haunted by a weird set of unpredictable user interface delays. One’s mind waits for the response to the press of a virtual button, but it doesn’t come for a while. An odd tension builds during that moment, and easy intuition is replaced by nervousness. It is the ghost of UNIX, still refusing to accommodate the rhythms of my body and my mind, after all these years.

«

«

So in the spirit of The Chain (on RadMac), can you link to this? (You’ll either get the reference of you won’t.)
unique link to this extract

---

Magic Leap founder Rony Abovitz creates startup Sun and Thunder to build synthetic beings • VentureBeat

Dean Takahashi:

»

Former Magic Leap CEO Rony Abovitz has started a new company called Sun and Thunder to focus on AI characters and interactive storytelling.

In an interview with GamesBeat, Abovitz said the company represents a fusion of technology, intellect, and art. The aim is to create “synthetic beings” and tell stories within worlds made possible by “spatial computing,” or the kind of mixed reality experiences that Abovitz has tried to create in his prior company Magic Leap. Abovitz will talk about his new startup today at our GamesBeat Summit: Into the Metaverse conference in a session entitled Notes From Our Science Fiction Future.

«

Promising area. So were AR headsets once. And perhaps in the future. Magic Leap managed to burn a gigantic amount of money being in what might be the right place at definitely the wrong time.
unique link to this extract

---

A game designer’s analysis of QAnon • Medium

Rabbit Rabbit:

»

I am a game designer with experience in a very small niche. I create and research games designed to be played in reality. I’ve worked in Alternate Reality Games (ARGs), LARPs, experience fiction, interactive theater, and “serious games”. Stories and games that can start on a computer, and finish in the real world. Fictions designed to feel as real as possible. Games that teach you. Puzzles that come to life all around the players. Games where the deeper you dig, the more you find. Games with rabbit holes that invite you into wonderland and entice you through the looking glass.

When I saw QAnon, I knew exactly what it was and what it was doing. I had seen it before. I had almost built it before. It was gaming’s evil twin. A game that plays people. (cue ominous music)

QAnon has often been compared to ARGs and LARPs and rightly so. It uses many of the same gaming mechanisms and rewards. It has a game-like feel to it that is evident to anyone who has ever played an ARG, online role-play (RP) or LARP before. The similarities are so striking that it has often been referred to as a LARP or ARG. However this beast is very very different from a game.

«

I promise, no more QAnon stuff unless something very, very important happens with it. (Thanks to Sean Mulcahy for the link.)
unique link to this extract

---

Oklahoma trying to return its $2m stockpile of hydroxychloroquine • The Frontier

Dylan Goforth:

»

The Oklahoma Attorney General’s Office has been tasked with attempting to return a $2m stockpile of a malaria drug once touted by former President Donald Trump as a way to treat the coronavirus.

In April, Gov. Kevin Stitt, who ordered the hydroxychloroquine purchase, defended it by saying that while it may not be a useful treatment for the coronavirus, the drug had multiple other uses and “that money will not have gone to waste in any respect.”

But nearly a year later the state is trying to offload the drug back to its original supplier, California-based FFF Enterprises, Inc, a private pharmaceutical wholesaler. 

Alex Gerszewski, a spokesman for Oklahoma Attorney General Mike Hunter, told The Frontier this week that the AG’s office was working with the state health department “to try to figure out a solution.”

Gerszewski said Hunter’s office had gotten involved at the request of the Oklahoma State Department of Health.

Stitt was criticized last year for the $2m purchase, a move viewed by some as a partisan move to curry favor with conservatives who were defending Trump amid criticism of his own support of the drug. But Stitt defended the purchase at the time by likening it to the race early last year to procure personal protective equipment for Oklahomans, believing it was better to have the hydroxychloroquine stockpile and not need it, rather than to later learn the drug was useful but not have it.

«

Those “multiple other uses” never materialised, huh. It would be nice to think that the desire to lie will go away in US politics, but perhaps it will only be doing stupid things suggests by a stupid person that will stop.

Also, what do we think the HCL is worth now – one-tenth the original price, now it’s shown not to be an effective Covid treatment?
unique link to this extract

---

Biden’s plan to replace government fleet with electric vehicles will take forever • Axios

Joann Muller:

»

President Biden’s plan to replace the government’s fleet of 650,000 cars and trucks with electric vehicles assembled in the US by union workers is easier said than done.

The populist “Buy American” message sounds good, but the vehicles Biden wants are still several years away and his purchase criteria would require an expensive overhaul of automakers’ manufacturing strategies, not to mention a reversal of fortune for labour organizers long stymied by Tesla and other non-union companies.

Right now, not a single model fits the president’s criteria: battery-powered, made in America, by union workers.

• Tesla produces the vast majority of EVs in the US, and all of its models contain at least 55% American-made parts, according to federal data. But Tesla doesn’t have a union and CEO Elon Musk has run afoul of federal labor laws.
• General Motors’ Chevrolet Bolt is the only US-built EV made by union labor. But it’s made mostly with parts imported from Korea. Just 24% of the content is considered domestic.
• The Nissan Leaf, another popular EV, is made in Tennessee. But the factory is non-union and only 35% of the parts are domestic.

«

Might be a race between Nissan and GM, since I can’t imagine Tesla wanting to unionise, nor to fulfil the USG requirement. But achieving it would be a second-term thing, it seems.
unique link to this extract

---

Apple says iOS 14.4 fixes three security bugs ‘actively exploited’ by hackers • TechCrunch

Zack Whittaker:

»

Apple has released iOS 14.4 with security fixes for three vulnerabilities, said to be under active attack by hackers.

The technology giant said in its security update pages for iOS and iPadOS 14.4 that the three bugs affecting iPhones and iPads “may have been actively exploited.” Details of the vulnerabilities are scarce, and an Apple spokesperson declined to comment beyond what’s in the advisory.

It’s not known who is actively exploiting the vulnerabilities, or who might have fallen victim. Apple did not say if the attack was targeted against a small subset of users or if it was a wider attack. Apple granted anonymity to the individual who submitted the bug, the advisory said.

Two of the bugs were found in WebKit, the browser engine that powers the Safari browser, and the Kernel, the core of the operating system. Some successful exploits use sets of vulnerabilities chained together, rather than a single flaw.

«

Apple’s caginess about this is unusual. Might be something to do with the next link…
unique link to this extract

---

Sudo vulnerability allows attackers to gain root privileges on Linux systems (CVE-2021-3156) • Help Net Security

Zeljka Zorz:

»

A vulnerability (CVE-2021-3156) in sudo, a powerful and near-ubiquitous open-source utility used on major Linux and Unix-like operating systems, could allow any unprivileged local user to gain root privileges on a vulnerable host (without authentication).

“This vulnerability is perhaps the most significant sudo vulnerability in recent memory (both in terms of scope and impact) and has been hiding in plain sight for nearly 10 years,” said Mehul Revankar, Vice President Product Management and Engineering, Qualys, VMDR, and noted that there are likely to be millions of assets susceptible to it.

Also dubbed Baron Samedit (a play on Baron Samedi and sudoedit), the heap-based buffer overflow flaw is present in sudo legacy versions (1.8.2 to 1.8.31p2) and all stable versions (1.9.0 to 1.9.5p1) in their default configuration.

«

As Alex Hern points out, the flaw in the code was introduced in July 2011, which means a) it’s on gazillions of machines b) has survived all the people looking at it since then, thus offering an empirical disproof to the “many eyes make bugs shallow” premise. (Though how many eyes have looked at the source code?) Very reminiscent of Heartbleed, which was a flaw in OpenSSL that was introduced in 2012, but spotted in 2014.

If I had a suspicious mind, I’d wonder if some person or group had cleverly gone around various crucial open source projects after 2010 introducing subtle but exploitable flaws, knowing that very few people would review the code, or understand what to look for if they did.
unique link to this extract

---

Errata, corrigenda and ai no corrida: none notified