LPE is a very well-known acronym within the security community, it's not purely academic or obscure or anything.
I agree that it would be a good idea to define it explicitly when writing for a broader audience, but I don't think it's particularly egregious that they didn't. It's certainly something I could see myself forgetting.
Then again, the whole writeup appears to be AI-generated, so...
Understanding a term with the help of context is very different from guessing what the letters of an acronym might mean. The latter is more like a crosswords puzzle, and a totally unneccessary task for the reader.
It is nowhere near this. There are very few acronyms in the IT world that are actually well-known outside of it. LPE is less well-known than LVAD or MCU.
To be fair, I just consulted 3 cybersecurity glossaries (SANS.org, NIST CSRC, Huntress), and none of them list "LPE" nor "Local Privilege Escalation".
If you type "LPE" into English Wikipedia's search bar, and press "Enter", you'll be sent to a disambiguation page which contains a link to the relevant article.
Sure, nobody’s saying it’s an inscrutable mystery but if your goal is to inform a wide audience it’s considered good form to expand all but the most common acronyms. It’ll even get you more internet points than petty smugness.
I'm sure lots of people have heard of CVEs, but have you actually read many? LPE is an extremely common term. It's like not knowing RCE. These are the terms used.
I'm as stunned as you are. I have to read CVEs on a weekly cadence (like contractually required to) and LPE/RCE are kind of the main keywords we look for in them. Also increasingly TOCTOU. If anyone who actually has to respond to CVEs told me they had never seen these terms before I would judge them as being unserious.
I'll raise my hand here and risk downvotes from very smart people who are smarter than me, but I've heard of CVE but not LPE or RCE. I know what the latter two terms are but am not used to seeing them in acronyms.
So what's missing is that keeping up-to-date with CVEs is important and some CVEs are Internet-nerd famous. Remember Heartbleed? Even some casual gamers I know had heard of it. And everyone who's mildly serious about sysadmin knows you want to defensively keep systems patched against important CVEs. The second layer of that, what the exploits actually are or do, is a second-layer term of art, one that one might miss the jargon for even if one has familiarity with the concepts.
To me, the fact that the page is obviously AI-assisted is way more upsetting than some guy not knowing what an acronym means. There's something about AI prose that is just so fucking tedious. It makes the mind glaze over.
To be clear, I'm not suggesting that you if have heard of CVEs therefor you must have heard of LPE. I'm saying if you have read many of them you would have seen these terms.
I obviously do not expect someone who has merely heard of various CVEs before to know anything about the contents of those CVEs. The other poster said they had "read many CVEs", which I took to mean they have read many CVE disclosures, where the term is extremely common. Perhaps they meant that they've read about CVEs, in which case I can see why the term would not be on their radar.
some people just don't have a good memory for acronyms. It's one thing to learn the concept of a privilege escalation, but an entirely different thing to play mental memory with TLAs (three letter acronyms). Acronyms remove all the context from a term which makes them way harder to memorize. A bit like knowing your friends vs knowing their phone numbers.
I think they've almost certainly seen it written out, just not as an acronym. I figured out what it stood for based on context and knowing the full phrase, but I don't recall actually seeing the LPE acronym in recent memory. Whereas with CVE it's the opposite: I almost never see it written out, and even now find it non-obvious what the E stands for, bizarrely enough.
Oh man, not sure if it's a good or bad memory... but that was the first linux bug I experienced as a newbie. Not so much a bug, but an unknown config I had to change so my first monitor would stop turning off when I moved the cursor to the second monitor.
Yes, “all calories are the same” is a statement about thermodynamics, not the subjective experience of eating.
People who value other things higher than how it feels to eat and be full, like athletes and actors, can accurately manage their weight with calorie counting. It’s often not a pleasurable experience, but they subject themselves to it to meet their professional goals.
Feeling full matter a lot. It drives when you stop eating, fetch something else to eat and also is related to how active you are. It drives whether your thoughts are turning back to figuring out where to get food or whether they happily go elsewhere with no effort.
I see some comments about soft lockups during memory pressure. I have struggled with this immensely over the years. I wrote a userspace memory reclaimer daemon and have not had a lockup since: https://gist.github.com/EBADBEEF/f168458028f684a91148f4d3e79... .
The hangs usually happened when I was stressing VFS (the computer was a samba server) along with other workloads. To trigger a hang manually I would read in large files (bigger than available ram) in parallel while running a game. I could get it to hang even with 128GB ram. I tweaked all the vfs settings (swappiness, etc...) to no avail. I tried with and without swap.
In the end it looked like memory was not getting reclaimed fast enough, like linux would wait too long to start reclaiming memory and some critical process would get stuck waiting for some memory. The system would hang for minutes or hours at a time only making the tiniest of progress between reclaims.
If I caught the problem early enough (just as everything started stuttering) I could trigger a reclaim manually by writing to '/sys/fs/cgroup/memory.reclaim' and the system would recover. I wonder if it was specific to btrfs or some specific workload pattern but I was never able to figure it out.
I do wish I had documented what I tried better! There might be a magic combo that could have helped but I tried tweaking a lot of the vm settings.
One day I will probably see if I can still reproduce the original problem and be more methodical about it. More likely on list of things I might not ever get around to.
reply