Combine that with Mozilla's business model being explicitly based around exploiting contributors as free labour. It's official Mozilla policy to manipulate people into giving time to the project at their expense of their well being while employees look down on them and harm them.
Conversation
This is the thanks I get for spending thousands of hours contributing to Mozilla projects. Manipulation / gaslighting to trick me into continuing to give my time to them, followed by years of Mozilla employees attacking my character and my work with dishonest claims / attacks.
1
5
On a positive note, I learned how to send replies to a mailing list without having been subscribed. Download a mailbox archive from somewhere like lists.torproject.org/pipermail/tor- ([ Gzip'd Text 28 KB ]) decompress it, use `mutt -f 2019-August.txt.gz` then reply with an edited To header.
1
2
14
I've never bothered figuring out how to do this but there's something to be said for the motivation from being angry. For whatever reason, mutt converts the `name at domain` addresses to `nameatdomain@hostname`and I forgot to fix that the 2nd time but it doesn't really matter.
1
5
Fun fact: the hostname for my workstation is `thinktank` because it was a silly name for a long dead T530 ThinkPad. After it died, I moved over the Samsung 840 EVO to an earlier incarnation of this workstation, and then later copied over everything to the current Samsung 960 Pro.
1
2
You don't see me claiming jemalloc isn't a well written, useful project because it's focused on performance and doesn't pay attention to defending against exploitation. There are substantial design tradeoffs involved in memory allocator design and it's not a hardened allocator.
1
4
There is no best approach providing everything. Bolting on superficial security features to jemalloc won't make it a hardened allocator design. Ripping out those features from hardened_malloc won't turn it into a performance-oriented design. I've written / worked on both kinds.
2
3
I've put a lot of time into the design and implementation, with the approach informed by allocators like OpenBSD malloc, DieHard(er), PartitionAlloc and jemalloc in various ways. It's primarily designed around deterministic defences, and with features like memory tagging in mind.
1
1
5
Randomization is a bonus, and it's being integrated in a thoughtful way. Try exploiting assorted use-after-free bugs or other temporal memory safety issues with it. I think you'll find it's already a lot more than an annoying obstacle and it'll do more (github.com/GrapheneOS/har).
1
1
3
Replying to
Given your clear disdain for Mozilla, where would you recommend parties interested in the ideals they claim to support focus our time supporting? It sounds like youβre likely to have kind things to say about Firefox these days.
1
Replying to
I have disdain for Mozilla as an organization but I support projects with merit like Rust and pdf.js despite that. My technical opinions about Firefox are based on the current state of it such as not yet having site isolation, no sandbox on Android (my focus) and a lot more.
They're working on improving the security, so it's quite possible that my opinion on Firefox is going to change in the future. Browser vendors as a whole are increasingly very into privacy theatre offering little to no fundamental improvements and I can't see that changing much.
1
1
Replying to
Is there anything those of us not intimately involved in the projects can do to help support contributors politically/structurally? Iβd like to avoid a mob badmouthing Mozilla, but I donβt want motivated individuals like you getting beat up by politics.