top | item 42172984

(no title)

axxto | 1 year ago

> if the thief could use an AFU exploit to tell the SE to only trigger the reboot after 300 days, the entire feature becomes useless

Then why not simply hardcode some fixed modes of operation? Just as an example, a forced choice between 12, 24, 48, or a maximum of 72 hours. You can't cheat your way into convincing the SE to set an unlimited reset timer. I'm sure there must be a better reason.

discuss

F7F7F7|1 year ago

Any "choice" suffers from the same user exploit you responded to. The attack surface remains.

Plus, vulnerability often follows complexity. Whether it's human written validation logic being attacked for 6 months in a lab somewhere in Israel or the overly complex UX exposed to some soccer Mom in Minneapolis.

Save money. Save headaches. K.I.S.S.