Well.. this might be the most lack of any substance talk I've ever watched, riddled with personal jabs, poor taste embedded tweets, "basement dweller" jokes.
"What kind of security mitigations do you want.."
"UHH TPMS, I LIKE NO EXECUTE"
Embarrassing..
Conversation
Replying to
There are a lot of inaccurate / false claims in this talk too. One small example is confusing userspace ASLR with KASLR in that completely inaccurate timeline. I love that he's against both exploit mitigations and memory safe languages with plenty of misleading FUD about both.
1
4
13
He says the BSDs should work more closely together while attacking the work in HardenedBSD and OpenBSD along with people working on it. Not to mention all the uninformed attacks on other technologies / projects throughout the talk, all clearly without actually being informed.
1
5
15
He's informed, though. He simply chooses to advance a false narrative just to trash others, which is worse than being uninformed.
1
3
I take issue with the misleading attacks on other projects / technologies beyond just your work in that presentation too. That's just one of the problems I have with it. As a whole, it gives the impression of a clueless security charlatan attacking people who do useful work.
I'm always disappointed when I see people fighting about whether resources should be invested in dynamic analysis / fuzzing / vs. exploit mitigations vs. memory safe languages vs. verification, etc. when all of it is useful and important. It's worse when clueless people do it.
2