Well.. this might be the most lack of any substance talk I've ever watched, riddled with personal jabs, poor taste embedded tweets, "basement dweller" jokes.
"What kind of security mitigations do you want.."
"UHH TPMS, I LIKE NO EXECUTE"
Embarrassing..
Conversation
Replying to
There are a lot of inaccurate / false claims in this talk too. One small example is confusing userspace ASLR with KASLR in that completely inaccurate timeline. I love that he's against both exploit mitigations and memory safe languages with plenty of misleading FUD about both.
1
4
13
This Tweet was deleted by the Tweet author. Learn more
Recent sponsored work includes x86 SMAP and SMEP, removing unnecessary kernel +X memory permission, adding build infrastructure for PIE, bind_now, retpoline, PTI, L1TF fixes, popss, kcov+syskaller, Capsicum, iommu support
1
2
Others in the community are working on userland memory protections, Arm pointer auth, Clang sanitizers, Arm BTI, lots of other things
1
1
That said, there's still a lot of work to do! We've had some great examples of the BSDs and other OSes working together to address issues (e.g. CVE-2018-8897), and I hope we can continue to collaborate on new issues and encourage more folks to work on FreeBSD security.
2
1
2
The best way to encourage likely does not involve providing a deliberately false narrative and ad hominem attacks as the keynote of a BSD conference.
1
1
This Tweet was deleted by the Tweet author. Learn more
The only FUD here is all the nonsense in your talk. For someone talking about working more closely together look at all the unnecessary drama and division you're causing. It's really the opposite of what you say you want to happen. I don't get the issue you have with .
2
I work primarily on Linux and Android security so my involved in the *BSD world as a developer is minimal. I've had nothing but good experiences with and the OpenBSD developers though. I tried to contribute changes back to OpenBSD malloc and was partially successful too.
I don't use or contribute to HardenedBSD. Still, I support the work he's doing, and I think it's useful. It doesn't mean he's the only one doing security work in the FreeBSD world or the most prominent one. I don't think he's been dishonest / misleading with how he presents it.