Hacker News with Generative AI: Supply Chain

Supply Chain Attacks on Linux Distributions (fenrisk.com)
Supply chain attacks have been a trendy topic in the past years. Rather than directly attacking their primary target, attackers infiltrate less secure assets, such as software depenencies, firmware, or service providers, to introduce malicious code. In turn, these components also have their own layers of dependencies, and we can start to understand why this becomes a very complex problem.
Lack of copper, reliance on imports more critical to US than "rare earth" metals (npr.org)
In recent weeks, you've likely heard a lot about rare-earth substances, thanks to President Trump's stalled efforts to secure a minerals deal with Ukraine and his talk of annexing Greenland. These vital substances fuel the growing renewables and electric-vehicle industries. However, many experts warn that the shortage of another crucial metal, used in electronics, wiring and even plumbing could be just as concerning.
Decathlon's Chinese subcontractor is suspected of using forced Uyghur labor [video] (youtube.com)
Tesla gets more than 20% of parts from Mexico, it will be affected by tariffs (electrek.co)
Tesla gets more than 20% of its parts from Mexico, as well as some from Canada on top of it. So, yes, Tesla will be negatively affected by the tariffs.
Silk Typhoon targeting IT supply chain (microsoft.com)
Executive summary: Microsoft Threat Intelligence identified a shift in tactics by Silk Typhoon, a Chinese espionage group, now targeting common IT solutions like remote management tools and cloud applications to gain initial access.
Flexport Intelligence (flexport.com)
Explainable Linear Programs (jeremykun.com)
Back in 2020, when I worked in the supply chain side of Google, I had a fun and impactful side project related to human-level explanations of linear programs.
GeForce RTX 5090 and 5080 sell out almost instantly (pcworld.com)
No points for guessing this one in advance. The morning of the official retail launch for Nvidia’s next-gen GeForce RTX 50-series graphics cards, they’re almost impossible to actually order at online stores in the United States just an hour after the sales began.
Investigating an “evil” RJ45 dongle (lcamtuf.substack.com)
When it comes to information security headlines, a good rule of thumb is that claims about about widespread supply-chain sabotage are usually false.
Apple Hit with Criminal Complaints over Congo Mineral Trade (macrumors.com)
Apple's subsidiaries in France and Belgium have had criminal complaints filed against them by the Democratic Republic of Congo, which is accusing the tech giant of using conflict minerals in its product supply chain (via Reuters).
A transformer supply crisis bottlenecks energy projects (ieee.org)
A transformer supply crisis bottlenecks energy projects
The bad news: the US is 100% reliant on imported gallium, primarily from China (twitter.com)
Supply Chain Attack Detected in Solana/Web3.js Library (socket.dev)
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Beekeepers halt honey awards over fraud in global supply chain (theguardian.com)
The World Beekeeping Awards will not award a prize for honey next year after warnings of widespread fraud in the global supply chain.
The Biggest EV Maker Has the Industry's Worst Human Rights Appraisal (wired.com)
The race to keep pace with EV development could be taking a dark turn. Amnesty International has released a report claiming the world’s leading EV makers are failing to adequately demonstrate how they address human rights risks in their mineral supply chains, which gather vital materials for making electric car batteries.
Stores don't sell your favorite product anymore. That's on purpose (cnn.com)
China blocks Skydio battery supply (ft.com)
China Tightens Its Hold on Minerals Needed to Make Computer Chips (nytimes.com)
The vise-tight grip that China wields over the mining and refining of rare minerals, crucial ingredients of today’s most advanced technologies, is about to become even stronger.
US Government Says Relying on Chinese Lithium Batteries Is Too Risky (wired.com)
A new document shows the Department of Homeland Security is concerned that Chinese investment in lithium batteries to power energy grids will make them a threat to US supply chain security.
Growing Cannabis and Opium Poppies May Be Key to U.S. Supply Chains (nytimes.com)
After supply chain disruptions that made critical medicines scarce, a federal effort is underway to ensure domestic stocks of pharmaceutical ingredients.
Datacenter Anatomy Part 1: Electrical Systems (semianalysis.com)
The surge in power demand triggered by AI has huge macro and micro implications and supply is tight.
McDonald's says Tyson and other suppliers fixed beef prices (bloomberglaw.com)
McDonald’s is suing some of its suppliers over allegations they conspired to sell the fast-food chain beef at artificially inflated prices, in violation of federal antitrust laws, according to a new lawsuit Friday.
Helene ravaged the NC plant that makes 60% of the country's IV fluid supply (arstechnica.com)
Hospitals nationwide are bracing for a possible shortage of essential intravenous fluids after the cataclysmic storm inundated a vital manufacturing plant in North Carolina.
Dockworkers at ports from Maine to Texas go on strike (apnews.com)
PHILADELPHIA (AP) — Dockworkers at ports from Maine to Texas began walking picket lines early Tuesday in a strike over wages and automation that could reignite inflation and cause shortages of goods if it goes on more than a few weeks.
Essential node in global semiconductor supply chain hit by Hurricane Helene (npr.org)
A tiny town in North Carolina that’s just been devastated by hurricane Helene could end up severely disrupting the global supply chain for microchips and solar panels.
Britain buys semiconductor factory for defence purposes (ukdefencejournal.org.uk)
The UK government has acquired a semiconductor factory in Newton Aycliffe, County Durham, in a move to strengthen the defence supply chain and support the Armed Forces.
Gitlab patches bug that could expose a CI/CD pipeline to supply chain attack (scmagazine.com)
GitLab patched 17 bugs, including a critical flaw with a CVSS score of 9.9  that could let an attacker trigger a pipeline as an arbitrary user, leading to privileged escalation, data exfiltration, and a software supply chain compromise.
AMD laptop OEMs decry poor support, chip supply, and communication (tomshardware.com)
Taiwan Exports to US Surpass China Record to Hit Monthly High (bnnbloomberg.ca)
Taiwan’s exports to the US topped the record for any month’s shipments to China, underscoring rapidly shifting East Asian supply chains.
Small grocers feel squeezed by suppliers, and shoppers bear the pain (washingtonpost.com)