Jump to content

SMCI - Super Micro


Recommended Posts

Hey all:

 

Anybody else familiar/watching/invested in this company?

 

I used to own it years ago...I will use their products from time to time.  I find their product to be somewhat above average, but not great.  I find my customers are receptive to their product, but once again, not a top tier brand.

 

Fast forward to today.  The stock hit a new 52 week low $14.20/share.  This is because the company will not be able to file their annual report on time, and thus will be removed from NASDAQ.

 

The company has been around for a long time, and ships product.  I don't think it is a fraud, but it is troubling that this relatively simple business can't get their financials under control and out on time.

 

SMCI has also suffered from high DRAM prices.  They also have some amount of margin compression.

 

Countering this is a relatively healthy balance sheet and strong sales growth.

 

Analysts think the company could earn well over $2/share in the upcoming year.

 

Anybody have any thoughts/opinions on this?

Link to post
Share on other sites
  • Replies 79
  • Created
  • Last Reply

Top Posters In This Topic

Definitely not the best business/brand in the world... Doesn't seem to have much of a moat and it's in a commodity-type business.

 

But they got the industry headwinds for sure. I think the demand for servers, data storage, racks, HPC, etc. will continue to grow and grow... So just based on that factor it might be worth trading this name.

Link to post
Share on other sites
  • 1 month later...

So the company is toast now? The article is quite alarming since putting this kind of spy hardware into the servers requires coordination and collusion on so many levels.

1) design and produce a spy chip

2) Make it work on targeted motherboard without detection

3) inject the t into a manufacturing line undetected by quality control systems ( or make sure they collide with you).

 

It seems that this company must have design engineers in the US colluding with the Chinese.

 

I think all western companies need to rethink  about ITAR level security on their components as well. ITAR level work requires US persons only. Components even in military hardware are often not ITAR to save costs.

 

Then what about spy chips in smartphones also used by government officials? Yes we need to think about security much more bradly and possibly require hardware used by the government to be completely yuk in friendly countries. I could envision Apple to build a model of the iPhone this way. In the long run, revelations like this will cost the Chinese dearly, imo.

Link to post
Share on other sites

So the company is toast now? The article is quite alarming since putting this kind of spy hardware into the servers requires coordination and collusion on so many levels.

1) design and produce a spy chip

2) Make it work on targeted motherboard without detection

3) inject the t into a manufacturing line undetected by quality control systems ( or make sure they collide with you).

 

It seems that this company must have design engineers in the US colluding with the Chinese.

 

I think all western companies need to rethink  about ITAR level security on their components as well. ITAR level work requires US persons only. Components even in military hardware are often not ITAR to save costs.

 

Then what about spy chips in smartphones also used by government officials? Yes we need to think about security much more bradly and possibly require hardware used by the government to be completely yuk in friendly countries. I could envision Apple to build a model of the iPhone this way. In the long run, revelations like this will cost the Chinese dearly, imo.

 

Well, the chip took over the IPMI, then had it connect and download a bigger payload.

 

To expand on the earlier comment the IPMI is a super level chip that watches the system.  This is how you get lights out management.  There is system on a chip that is almost a second computer.  It will have a dedicated ethernet port and runs even if the server is turned off.  As long as they're power the IPMI/remote management is running.

 

This has a legitimate purpose. You can remote into any machine and view it as if you are there in person, but it doesn't rely on the computer's subsystem itself.  We do this with our servers (not SuperMicro).  If something goes terribly wrong you can always get to the machine.  The only time you need to physically visit a datacenter is for hardware upgrades.

 

SuperMicro's remote stuff was notoriously bad.  It's wide open to the world by default.  That means if you buy a SuperMicro and plug it in without firewalling off the ports ANYONE can take over the machine.  No talent is required.

 

Here's how I believe this works.  The little chip attacks a vulnerability in the remote management.  When the machine is powered on it dumps a payload the SoC stuff.  All you need are a few bytes.  It adds a phone home to a malicious cloud, and from there since a socket is established it can pull in a larger payload that's more complicated.

 

Think of it like this. That chip just needs to open the door, once the door is open the attacker has a vector they can use.

 

SuperMicro isn't alone.  This stuff is rampant.  Look on eBay at Intel x520 NIC's, probably 60-70% are counterfeit from China.  There is speculation that most of these are seeds.  The hardware looks slighly different, and you really don't know what they're doing.  The same is true with ethernet switches.  Again on eBay there are a lot in China that appear to be new, or slightly used that are dramatically cheaper.  The suspicion is that these are compromised components that they're tryign to get into foreign networks.

 

Link to post
Share on other sites

@ $13 per share I think the market cap here is somewhere around $640 million. For $640 million you are buying:

 

$22 million in net debt (94 million cash - 116 million debt).

 

Based on the 6/30/17 balance sheet the company is close to being a net-net. Assuming no inventory write-offs, it probably is a net-net at this point given the growth that they showed last fiscal year.

 

FY 2018 results (ended 6/30/2018): $3.3 billion in revenue, at least $428 million in gross profit, and a minimum of $1 per diluted share GAAP earnings.

 

2 million sq feet of real estate in San Jose, CA + a manufacturing facility in Taiwan.

 

Obviously this is a speculative situation (do you own due diligence!), but I think a case can be made for buying this here.

Link to post
Share on other sites

Will customer still use their products after this Bloomberg piece?

 

That's the risk I see, reputational risk.  If it's a net-net now imagine where it will be after a few quarters of low growth?

 

Hopefully higher? The (implicit) point I was trying to make is that the balance sheet (both current assets and real estate) supports the current valuation. You don't need growth here to win. All you need is for them to get their financials current to help prove to the market that this isn't a big fat fraud.

 

 

 

 

 

 

 

 

Link to post
Share on other sites

No inventory write off seems to me a big assumption considering that they have produced components with a hardware Trojan horse in it.At the very least they. Would need to buff up their supply chain supervision, thoroughly inspect and test all their existing WIP and purge whatever is suspect.

Then there are e siting customers who demand that they take their already sold product back. The latter could easily make this a zero alone. Then we have lawsuits from customers, pot. criminal lawsuits from the government, class action lawsuits etc...It seems to me that a net net may not be good enough under these circumstances.

Link to post
Share on other sites

If someone offered you the chance to buy all of Super Micro's inventory what would you pay for it? I personally wouldn't be willing to pay anything near cost for it.

 

Whether individual pieces are infected or not may not even matter. Who is going to recommend the purchase of that hardware to their boss now? Seem like it would be a lot of career risk for an IT buyer...

Link to post
Share on other sites

A net net is only useful is you can flip a switch, shut the company down, monetize the assets. If the company continues to operate and losses mount that net/net advantage can quickly evaporate.

 

This is a company with a founder/shareholder in control. It's not a situation where the guy will go.... well it was fun while it lasted. Let's close her up, take the money and be merry.

 

There will be consequences from this for the company. The only reason why these guys have business it's because they're cheap. But it's also a commodity business. Which means that their competitors, while more expensive, won't be that expensive. So it won't cost so much to leave them. To a company risking reputational damage, leaving them is almost instinctive, a no thought decision. Notice how Nate mentioned in his post that they don't use SuperMicro?

 

I guess the extent of the damage will depend on the makeup of SuperMicro's customer base. For example, in the case of a porn company, they probably don't care much if Chinese Intelligence also gets a peek. So they'll keep going for the cheap servers (I imagine a discount will be forthcoming as well). But other types of clients will care very much. But there will be damage. This is also happening to a company that got delisted because it couldn't produce financials for their relatively simple business. Very hairy indeed.

Link to post
Share on other sites

Very intriguing story. As others pointed out, a perceived margin of safety in net asset value is probably not worth a lot in this case. If the allegations are true, the inventory requires a huge haircut and receivables will be disputed.

 

I'm inclined to think the market is overreacting. I mean, "Chinese spies are taking over all our computers" is basically a headline handcrafted to totally freak out US investors .. Decent chance this was done at one of their suppliers without their knowledge, that the chip only has very limited capabilities and/or can be worked around, that this hack affects only a limited percentage of their products and that in a year or two everybody has forgotten this. In that case this looks cheap now. However, I have absolutely no facts to justify my opinion and on the other hand, it could also be true that this company has severe security issues and that sales will drop off a cliff (they will drop in any case). And it's not like the company was perfect before the bomb dropped. All in all: probably too difficult for me. But I will follow it for popcorn value.

Link to post
Share on other sites

 

I mentioned it before, but if this Trojan horse motherboard exists, some of the hardware should show up and  should get dissected by hardware nerds in the next few weeks. If the hardware doesn’t show up, the scope if this was either very limited or the entire thing a hoax.

Link to post
Share on other sites

A net net is only useful is you can flip a switch, shut the company down, monetize the assets. If the company continues to operate and losses mount that net/net advantage can quickly evaporate.

 

This is a company with a founder/shareholder in control. It's not a situation where the guy will go.... well it was fun while it lasted. Let's close her up, take the money and be merry.

 

There will be consequences from this for the company. The only reason why these guys have business it's because they're cheap. But it's also a commodity business. Which means that their competitors, while more expensive, won't be that expensive. So it won't cost so much to leave them. To a company risking reputational damage, leaving them is almost instinctive, a no thought decision. Notice how Nate mentioned in his post that they don't use SuperMicro?

 

I guess the extent of the damage will depend on the makeup of SuperMicro's customer base. For example, in the case of a porn company, they probably don't care much if Chinese Intelligence also gets a peek. So they'll keep going for the cheap servers (I imagine a discount will be forthcoming as well). But other types of clients will care very much. But there will be damage. This is also happening to a company that got delisted because it couldn't produce financials for their relatively simple business. Very hairy indeed.

 

I'm impressed that you managed to slip the words "porn" and "very hairy" into the same paragraph. You sir, are a sly one!

 

On net-nets generally, I think they are worth paying attention to because they are the cheapest of the cheap, not because (in most cases anyways) they are likely to liquidate. I can seen how my earlier post could be easily misinterpreted.

 

In the present case, my point about the company possibly being a net-net at the current price was to point out just how little credit the market is giving it as a viable enterprise - despite its track record of success. I would be very surprised if management moved to liquidate the company.

 

I mentioned it before, but if this Trojan horse motherboard exists, some of the hardware should show up and  should get dissected by hardware nerds in the next few weeks. If the hardware doesn’t show up, the scope if this was either very limited or the entire thing a hoax.

 

This is a really smart thought.

 

 

If someone offered you the chance to buy all of Super Micro's inventory what would you pay for it? I personally wouldn't be willing to pay anything near cost for it.

 

Whether individual pieces are infected or not may not even matter. Who is going to recommend the purchase of that hardware to their boss now? Seem like it would be a lot of career risk for an IT buyer...

 

OK, you think their inventory is likely worth less than it is likely* marked at. That's definitely a valid position. I think sales could decline + they could take an inventory haircut and, despite all that, investors could still do well here if they get their financials up-to-date and continue to sanely operate the core business.

 

* I say likely since we don't have an up-to-date balance sheet

 

 

 

Link to post
Share on other sites

Interesting, skeptical article on the whole affair: https://www.theregister.co.uk/2018/10/04/supermicro_bloomberg/ (warning: nerd stuff). Some snippets:

 

 

[..]

 

A fourth thing is this: why go to the bother of smuggling another chip on the board, when a chip already due to be placed in the circuitry could be tampered with during manufacture, using bribes and pressure? Why not switch the SPI flash chip with a backdoored one – one that looks identical to a legit one? Perhaps the disguised signal coupler was the best way to go.

 

And a fifth thing: the chip allegedly fits on a pencil tip. That it can intercept and rewrite data on the fly from SPI flash or a serial EEPROM is not impossible. However, it has to contain enough data to replace the fetched BMC firmware code, that then alters the running operating system or otherwise implements a viable backdoor. Either the chip pictured in Bloomberg's article is incorrect and just an illustration, and the actual device is larger, or there is state-of-the-art custom semiconductor fabrication involved here.

 

One final point: you would expect corporations like Apple and Amazon to have in place systems that detect not only unexpected network traffic, but also unexpected operating system states. It should be possible that alterations to the kernel and the stack of software above it should set off alarms during or after boot.

 

[..]

 

 

You could be forgiven for believing Bloomberg's story in its entirely and discounting Amazon, Apple and Super Micro's denials for trying to cover their backs while refusing to acknowledge understandably confidential national security investigations.

 

Except the denials are far more precise and concrete than typical non-denial denials. It remains very unlikely that public companies would issue outright falsehoods, even in the current political climate, due to the market and regulatory ramifications if they were found to be outright lying to investors. Usually, assessing whether a company is telling the truth comprises of carefully parsing statements and seeing what aspects of a story they don't address.

 

 

Regarding Apple denial:

 

But it also makes a strong denial that deserves attention: "On this we can be very clear: Apple has never found malicious chips, 'hardware manipulations' or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement."

 

Whichever way you parse that, it remains a strong denial. If it turns out the Bloomberg report is true, it would be hard to paint that sentence as anything but a lie.

 

It is also worth noting that neither Amazon nor Apple went for the usual "we do not discuss any national security or law enforcement issues as a matter of policy" – which is the most common tacit way of acknowledging something happened without saying what.

 

I wouldn't be surprised if the whole story turns out to be exaggerated. Though even if it is, it can still have a horrible effect on SMCI's sales.

Link to post
Share on other sites

As another user pointed out in the Amazon thread, the DHS has now also issued a statement: "we have no reason to doubt the statements from the companies named in the story", i.e. Apple, Amazon & Super Micro. Either is is a technological infiltration of unprecedented scale followed a by deep state cover-up or the Bloomberg article was somewhat sensational. I'm betting on the latter. Extraordinary claims require extraordinary evidence. To put my money where my mouth is I bought a few hundred shares. Shares are already up ~50% from the bottom but still down 33% from before the article. Wouldn't surprise me if this trades a few dollars higher in a few weeks.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...