Right before I left Samsung Austin Semiconductor (Samsung’s fab in the U.S.), in 2019, they were phasing out local share drives in favor of a self-hosted cloud that Samsung created. The supposed reason was better security, though it’s unclear to me why they couldn’t globally apply whatever rules they wanted to enforce to all office locations, instead of forcing everyone to use a remote endpoint. The throughput was absolutely terrible, like < 1 MBps. My department had some large files, so that was fun.
One such file was an Excel file that was more script than anything else. We had to have labels in a specific format on every machine we owned in the fab, which was something like 250 of them. The normal stuff like its id number, and also which points of contact for a technician and engineer, as well as their photos and phone numbers. Manually balancing and re-balancing every time a shift gained or lost an employee would’ve been obnoxious, so naturally instead countless hours were spent coercing VBA and ODBC to query a DB containing employee info, extracting and resizing their headshot, applying all of this to a template label, queuing a print job, and repeating. It was pretty fun to watch, honestly. I think I also had created a floor plan map somehow, and it would do its best to group a given technician’s assigned machines such that they minimized distance traveled during inspections. Anyway, the large file size was due to it caching the headshots (might have made a hidden tab for each? I don’t remember) for better performance, as that had proven to be a bottleneck.
It's always worth remembering there's exactly one reason Excel is abused -- IT isn't giving "non-developers" access to tools they need to automate their work.
Roko's Basilisk or whatever it is should more properly be called Excel's Visual Basicilisk - once Excel becomes self-aware it is going to punish everyone who tortured it for decades.
It just sounds like Mail Merge to me. Which if you were using a computer for work in the 90s, you might know something about. (It was also convoluted) :)
> it’s unclear to me why they couldn’t globally apply whatever rules they wanted to enforce to all office locations, instead of forcing everyone to use a remote endpoint
My guess is that they're worried that you'll download data and then copy it out of the device while the device is offline. An employee could even "lose" the device, giving an attacker unbound time to extract data from it.
Another equally likely explanation is that the exec in charge of their cloud services gains more prestige due to his solution being universally adopted internally, or some other crap along this line.
It is great that particular tools enable employees automate stuff and make their work more effective.
From developer point of view I see that the effort would most certainly be diverted in another kind of solution.
But yeah, "citizen developer" stuff is a thing that microsoft pushes especially in Power Platform / Canvas Apps - one programs with WYSIWIG and Excel-like formulas (PowerFX)
But then again I wonder who are the people that can program in VBA and chooses excel. Is it the constraint around software they can use? An excel being a GUI which you don't have to implement? Anyways, a net positive for business.
I'm sure the free GUI is the gateway drug, but at this point practically everybody in finance uses Excel. You can pass files and scripts around and be pretty confident that the external auditor will be able to use them.
This is a pathology of megacorps who don't continually reinvest in process and support infrastructure and instead abuse backoffice desktop software inefficiently. In 20/20 retrospect, it should've been converted from Excel to a proper app as soon as it became a bottleneck.
A common and innovative solution to this problem now, that I have seen in other fabs (not semis, but other industries), is to put QR codes on each machine. That way the info behind it can be dynamic and maintained
At least they didn’t make you use Sharepoint and OneDrive. How fun using VBA and ODBC in 2019, proving the mighty Excel will go on as the new MS Access.
Just knowing how the thing is built doesn't seem to be enough. Comac still sources its jet engines from Pratt and Whitney for instance, despite many years of trying no local manufacturer has been able to build them to the same spec.
The product I oversee at my job is something that can only be built by people who are intimately aware of the process and have a strong understanding of the underlying engineering.
We could hand the full project file to a competitor and they almost certainly would not be able to build functional units. The failure points are fractal, so you need a strong intuition about what part you are installing, what qualities an ideal part has, what qualities the one in your hand has, how you might install it differently because of those qualities, and/or how you might change a later process to accommodate it. Or if the part should just be junked. The process is fraught with seemingly good intuitions that will ultimately lead you to failure as well.
These units also cannot be reworked, reused, or repaired, so any mistake before finalizing the build junks the entire thing.
For extremely low-entropy products, mother nature is incredibly unforgiving.
A relative of mine worked at a medical devices company (brain sensors). She told me how small intricacies of the manufacturing process were critical to reach good enough yield or functioning devices, at all. The critical process steps were closely guarded and only a handful employees knew how to do them. The devil is often in the details - and the moat, too.
> Just knowing how the thing is built doesn't seem to be enough.
See perhaps:
> Tacit knowledge or implicit knowledge is knowledge that is difficult to extract or articulate—as opposed to conceptualized, formalized, codified, or explicit knowledge—and is therefore more difficult to convey to others through verbalization or writing. Examples of this include individual wisdom, experience, insight, motor skill, and intuition.[1] An example of "explicit" information that can be recorded, conveyed, and understood by the recipient is the knowledge that London is in the United Kingdom. Speaking a language, riding a bicycle, kneading dough, playing an instrument, or designing and operating sophisticated machinery, on the other hand, all require a variety of knowledge that is difficult or impossible to transfer to other people and is not always known "explicitly," even by skilled practitioners.
Building even basic things is difficult. Friend of mine tried like dozen companies from around the world to manufacture very basic milled aluminium part. None of them could make it. Only one company could make 1 or 2 right out of 100.
I can't remember but I think Lance Air or Epic got split in a sale and a company bought the type design/blueprints but ran into issues actually manufacturing from them.
There is a very nice chapter in the somewhat dated but classic book Business Adventures [1] on trade-secrets and what happens when employees of one company move to another. In chapter 11, "A man, his knowledge, and his job", there is a story of a "space-suit" manufacturer Goodrich suing an employee for moving to its rival Latex for stealing trade-secrets. The story is timely in context of Meta hiring researchers from open-ai, deepmind etc for 100s of millions for the knowledge in their heads of the recipes which work for making superior LLMs - the knowledge of which is empirical and may take years to discover.
Lots of space technology is classified as weapons subject to export control. ITAR has plenty of rules about who can see information. US immigration status generally has to be green card or citizen, and country of origin and any second citizenships are considered.
("export control" in this sense really doesn't have to do with moving a physical object out of the country but sharing information, to the extent that a conversation in an elevator could be an export violation. most export violations amount to emails being sent to the wrong person)
When I worked briefly in defense, for example, there would be regular random searches of my stuff as I exited the building and security would wander the building and look at what you left out on your desk while you went to lunch. Entirely seriously they told us not to wear our badge in public if we left the building and not to leave our laptops in our cars because someone might follow us and steal it. Had colleagues who were visiting a foreign country for work have their hotel rooms obviously thoroughly and messily searched while they were out.
They also do national security missions so there are folks there with high clearances.
Thing is that even if you did steal a bunch of information, that doesn't mean you could just copy and be successful. Any one of a million things can go wrong with a self-landing rocket that will cause it to explode, you can't just steal the whole system of operation that keeps these things from happening.
You couldn't steal all of the secrets of a circus performer and suddenly be able to juggle chainsaws while riding a unicycle.
I would say the main element of their success is not really in any specific close kept secrets - its in actually committing to reusable rockets and keep working until they had a working system.
While there are some really nice components and clever ideas (Merlin/Raptor engines & very good guidance tech) this all really has been doable for decades in less efficient form.
But so far no one other than Space X has been able to win against all the naysayers who were so sure only single use rockets are ever going to work, get enough funding to build a partial RLV & then operate it successfully as a business.
I don't think it depends on any single technology or a set of them only they have access to - rather that they have been able to persist and see it through, unlike all the other RLV projects that never got funding to go past the paper stage or very simply not viable (Space shuttle).
So, this is admittedly a little tinfoil, but I wouldn't be surprised if Musk is happy for some degree of espionage to happen. If it looked like there was a possibility of China getting this capability first, it would light a fire under the US government to give financial and regulatory assistance to the Starship program.
I imagine SpaceX having pretty fishbowl conference rooms for customers in the center of everything, with guest network ports just segmented off from the main but using the same hardware. Oh man that would stress me out if I was IT. And of course the '<Customer name> needs to print something off and needs access to the MFCs'. No, you print it out for them, like has been discussed and agreed to and keeps with ITAR. 'No, they need access, and now. Because I'm a sales guy and I won't tell them no' but if they get into/past the MFC, it's all on IT and IT being bad at their job/security, not the sales guy that demanded they get physical access.
Spacex rocketry tech is subject to ITAR regulations. That restricts who they’re allowed to contract with, data encryption and handling, but altogether those regulations are quite bare. It likely wouldn’t be enough to stop a state actor or rogue employees.
I don't think what SpaceX is doing is that hard to replicate. There's already competitors launching smaller payloads for smaller costs per weight. Just a matter of time until they creep into SpaceX's market, while SpaceX tries to build a starship inspired by the Futurama rocket.
am i crazy for not caring if a company in a foreign country obtains trade secrets and manufactures the same thing? like we're all humans and we all want access to whatever it is they're building, it seems like more people building the thing is a good thing. if that impacts Samsung's profits, why do I care? its not like corporations give a shit about me
Compartmentalize your company. Make sure people from one compartment are unaware about things people from other compartments are doing. Don't transfer/hire across compartment boundaries.
Grandpa worked heat treat at the alegany national forge, where they made stuff like the beams for the empire state building, periscope tubes, and the 16" guns for the biggest battle ships, each thing had to be tempered in a very specific way, and to deal with spying and espionage, the charts and instuments used on the shop floor were all deliberatly wrong,and the written instructions were also wrong leaving the person in charge to know how to convert the given instructions into
what was actualy done through a secret method, not complicated, but essentialy impossible to reverse engineer.
There is a story of soviet engineers who somehow were invited to tour the RR jet turbine factory, and were given shoes that had extra sticky soles they wore only for the tour, which ewere then used to anyalise the metal chips that get picked up from the shop floor.....
never ends, expected.....even honored
I love that there is the headline, an intro, a heading for a section about the iPhone 18, and then another heading titled "TSMC says employees tried to steal trade secrets", which is literally a word-for-word substring of the headline.
There is literally no indication in the article that this has anything to do with apple other than them being a potential user of the TSMC 2nm process. Strange they tried to connect this story to apple.
Yep. It doesn’t detail what was stolen, how they were found, if they’re arrested right now, or who it is suspected they are working for. Useless article beyond the headline.
Unless it has great yields with 0 issues, there's always things to learn from. It's also possible the IBM process isn't what it seems and there's more to it.
> [...] A materials scientist working for Rubycon in Japan left the company, taking the secret water-based electrolyte formula for Rubycon's ZA and ZL series capacitors, and began working for a Chinese company. The scientist then developed a copy of this electrolyte. Then, some staff members who defected from the Chinese company copied an incomplete version of the formula and began to market it to many of the aluminium electrolytic manufacturers in Taiwan [...]
TIL! The only time (knock on wood) I ever had a motherboard go bad was an MSI from around 2002, due to a blown capacitor. To their credit, MSI had great support at the time, and sent me a new one after I sent a photo of the blown capacitor.
Serious props to TSMC for having the processes in place to catch this or figure it out, sacking the alleged bastards, announcing the insider breach publicly (and accepting the consequences of a moment of corporate vulnerability, but at the same time showing their transparency and commitment to protecting client IP), and further not allowing mere job loss to be the end of the story. I had no particular opinion about TSMC, but my respect for them has moved up a notch now.
Readit News
One such file was an Excel file that was more script than anything else. We had to have labels in a specific format on every machine we owned in the fab, which was something like 250 of them. The normal stuff like its id number, and also which points of contact for a technician and engineer, as well as their photos and phone numbers. Manually balancing and re-balancing every time a shift gained or lost an employee would’ve been obnoxious, so naturally instead countless hours were spent coercing VBA and ODBC to query a DB containing employee info, extracting and resizing their headshot, applying all of this to a template label, queuing a print job, and repeating. It was pretty fun to watch, honestly. I think I also had created a floor plan map somehow, and it would do its best to group a given technician’s assigned machines such that they minimized distance traveled during inspections. Anyway, the large file size was due to it caching the headshots (might have made a hidden tab for each? I don’t remember) for better performance, as that had proven to be a bottleneck.
My guess is that they're worried that you'll download data and then copy it out of the device while the device is offline. An employee could even "lose" the device, giving an attacker unbound time to extract data from it.
Another equally likely explanation is that the exec in charge of their cloud services gains more prestige due to his solution being universally adopted internally, or some other crap along this line.
From developer point of view I see that the effort would most certainly be diverted in another kind of solution.
But yeah, "citizen developer" stuff is a thing that microsoft pushes especially in Power Platform / Canvas Apps - one programs with WYSIWIG and Excel-like formulas (PowerFX)
But then again I wonder who are the people that can program in VBA and chooses excel. Is it the constraint around software they can use? An excel being a GUI which you don't have to implement? Anyways, a net positive for business.
Converting costs money. Unless there is a good reason, nobody will do it.
Link: https://asia.nikkei.com/business/technology/tsmc-fires-worke...
Archive: https://archive.ph/ta1kq
We could hand the full project file to a competitor and they almost certainly would not be able to build functional units. The failure points are fractal, so you need a strong intuition about what part you are installing, what qualities an ideal part has, what qualities the one in your hand has, how you might install it differently because of those qualities, and/or how you might change a later process to accommodate it. Or if the part should just be junked. The process is fraught with seemingly good intuitions that will ultimately lead you to failure as well.
These units also cannot be reworked, reused, or repaired, so any mistake before finalizing the build junks the entire thing.
For extremely low-entropy products, mother nature is incredibly unforgiving.
See perhaps:
> Tacit knowledge or implicit knowledge is knowledge that is difficult to extract or articulate—as opposed to conceptualized, formalized, codified, or explicit knowledge—and is therefore more difficult to convey to others through verbalization or writing. Examples of this include individual wisdom, experience, insight, motor skill, and intuition.[1] An example of "explicit" information that can be recorded, conveyed, and understood by the recipient is the knowledge that London is in the United Kingdom. Speaking a language, riding a bicycle, kneading dough, playing an instrument, or designing and operating sophisticated machinery, on the other hand, all require a variety of knowledge that is difficult or impossible to transfer to other people and is not always known "explicitly," even by skilled practitioners.
* https://en.wikipedia.org/wiki/Tacit_knowledge
[1] https://www.amazon.com/Business-Adventures-Twelve-Classic-St...
("export control" in this sense really doesn't have to do with moving a physical object out of the country but sharing information, to the extent that a conversation in an elevator could be an export violation. most export violations amount to emails being sent to the wrong person)
When I worked briefly in defense, for example, there would be regular random searches of my stuff as I exited the building and security would wander the building and look at what you left out on your desk while you went to lunch. Entirely seriously they told us not to wear our badge in public if we left the building and not to leave our laptops in our cars because someone might follow us and steal it. Had colleagues who were visiting a foreign country for work have their hotel rooms obviously thoroughly and messily searched while they were out.
They also do national security missions so there are folks there with high clearances.
Thing is that even if you did steal a bunch of information, that doesn't mean you could just copy and be successful. Any one of a million things can go wrong with a self-landing rocket that will cause it to explode, you can't just steal the whole system of operation that keeps these things from happening.
You couldn't steal all of the secrets of a circus performer and suddenly be able to juggle chainsaws while riding a unicycle.
While there are some really nice components and clever ideas (Merlin/Raptor engines & very good guidance tech) this all really has been doable for decades in less efficient form.
But so far no one other than Space X has been able to win against all the naysayers who were so sure only single use rockets are ever going to work, get enough funding to build a partial RLV & then operate it successfully as a business.
I don't think it depends on any single technology or a set of them only they have access to - rather that they have been able to persist and see it through, unlike all the other RLV projects that never got funding to go past the paper stage or very simply not viable (Space shuttle).
Dead Comment
But when push comes to shove if manufacturing is cheaper in a country where lots of folks want to steal your things. -shrug- Short term profits win.
Dead Comment
So strange
People are questioning whether the technology was leaked to Rapidus through Japanese equipment suppliers.
Unless it has great yields with 0 issues, there's always things to learn from. It's also possible the IBM process isn't what it seems and there's more to it.
I still want to get a look at China's. Right down to the metallurgy.
[1] https://en.wikipedia.org/wiki/Capacitor_plague
> [...] A materials scientist working for Rubycon in Japan left the company, taking the secret water-based electrolyte formula for Rubycon's ZA and ZL series capacitors, and began working for a Chinese company. The scientist then developed a copy of this electrolyte. Then, some staff members who defected from the Chinese company copied an incomplete version of the formula and began to market it to many of the aluminium electrolytic manufacturers in Taiwan [...]
[1] https://youtu.be/rSpzAVpnXo4