Not just commenting but laying out this bogus summary and comparison speaking as an expert on the topic, without actually looking into what it's actually about. Now everyone thinks it's awful that I called that dishonest. Pretty much exactly my issue with the security community.
Conversation
So for example, at the 2018 Linux Security Summit, someone presented a completely inaccurate account of what happened with my project and turned it into a joke. Everyone got a laugh out of the suffering that I went through. They went out of the way to refuse to talk to me before.
2
1
I read Tom’s posts as an attempt to give your proposal fair consideration and weigh the pros and cons for their very particular requirements. To see this as some kind of personal persecution suggests you’re not professional enough to write Mozilla’s malloc().
1
I didn't make any proposal. I don't want Mozilla to use my code. I never proposed that they use my code. I don't know where you're getting these ideas. That post is incredibly inaccurate and and misleading and he clearly didn't actually look into it. Look at his follow-up post...
1
It's presented as an expert assessment. As you say yourself, it looks like it he put some thought into weighing the pros and cons, but he didn't. He barely glanced at the project and then wrote that post with a totally bogus overview / comparison. That's what I take issue with.
1
Look at his follow-up post replying to me. What you claim happened clearly isn't what happened. You can certainly disagree with me considering what happened dishonest but you're just making up a completely false narrative about what happened without actually looking into it.
1
It's the same issue. Jumping to a conclusion and claiming to provide a meaningful assessment without having a clue what's actually going on, and not because of an inability to understand it, but simply laziness and a desire to push a narrative without actually looking into it.
2
No one /owes/ you the time it takes to study the very subtle points of your security claims to the point they present them in a way you fully agree with, least of all Tor and Mozilla devs with very rare amounts of experience defending endpoint users from organized attackers
3
If you’re going to cry “unfair” the first time someone merely underestimates the benefits of your design, how are you going to react when an actual malicious actor pwns it?
Have you even systematically fuzzed it?
1
Once again, you're making a completely dishonest misrepresentation of what I've said. You just come out with one strawman argument and false narrative after another. It's exactly what I'm talking about. That isn't what happened, and you could at least read their follow-up email.
1
My issue with their post is that they're jumping into a thread speaking as an expert but they're talking about something they clearly didn't look into at all. It's not criticism but rather lazily spreading misinformation / assumptions to push a narrative they already had in mind.
They didn't read a few paragraphs about it let alone looking at the code and actually criticizing it. There are actual reasons for them not to use it. The design decisions have disadvantages. It's not a very mature project. That isn't what they said. They posted some nonsense.
1
They made a post to promote something else. You portray it as if I'm the one who made security claims when they're the person posting to a mailing list promoting hardening bolted onto jemalloc in Firefox misrepresenting what it accomplishes and downplaying using anything else.
1
Show replies