CVE-less vulnerabilities

Posted Jun 27, 2019 21:42 UTC (Thu) by nilsmeyer (guest, #122604)
In reply to: CVE-less vulnerabilities by nix
Parent article: CVE-less vulnerabilities

> The cloud and microservices are all very well, but eventually you come down to the machines people are actually using, and those machines tend to have state in RAM, and that state is not all always recovered instantly and perfectly on reboot. Session saving is not a panacea :(

I hear ya, having an external service or API respond slower for a few milliseconds isn't as big of a deal as the kind of disruption a single reboot of the workstation does, so I often find myself using suspend-to-ram instead of shutting down the machine.

Don't underestimate the amount of state that is only present in your mind as well...

CVE-less vulnerabilities

Posted Jun 30, 2019 10:16 UTC (Sun) by nix (subscriber, #2304) [Link]

Don't underestimate the amount of state that is only present in your mind as well...

If that gets wiped on a desktop reboot you need to get looked at fast. :) going to sleep, on the other hand...

(It's actually almost inverted: going to sleep is helpful even though it results in loss of state: the state that is lost is mostly useless and the improvements gained in knowledge and clarity of thought and just not being tired any more and so on are much greater than the loss.)