My goal isn't to be 'socially right'. I'm completely burned out dealing with people attacking my work and my character on a daily basis and I'm not trying to win accolades from remaining diplomatic all the time. Compare the work I had to put into countering it with their effort.
Conversation
Having ~5 posts like this on a daily basis where I need to respond with an asymmetric amount of effort to prevent people from getting misinformed is not sustainable. They wanted to push the view that it's useless and easily replicated and didn't bother doing any research/reading.
1
1
Can you make a "common misconceptions" section in your documentation and mostly respond to falsehoods with that?
(A significant fraction of) the software development community has more time than you, beat them in efficiency or accept defeat and move on to willing users.
1
1
This person was more than capable of understanding the documentation if they had simply not been lazy and jumped right to dismissing the project as useless and without a niche. I don't understand why they had to do it. I shouldn't have to reply essentially rewording the README.
2
1
"The security mitigations in mozjemalloc are a marginal improvement over jemalloc and far weaker than hardened_malloc, see https://github[.]com/GrapheneOS/hardened_malloc/blob/master/README.md#mitigation_comparison for details."
Don't reply, update documentation and link.
2
I don't want to criticize other projects there, and it would need to be extremely carefully worded to make it clear that jemalloc's design choices are not wrong or poorly chosen but rather it's a performance oriented allocator, not a hardened allocator. Where's the limit too?
1
1
i.e. why compare specifically to jemalloc and not everything else? I have some comparisons about the philosophy / approach to OpenBSD malloc because it's the closest cousin of it and is the most direct inspiration for it. It just stopped being a viable platform for what I wanted.
1
1
1
I don't portray design choices in hardened_malloc as being more valid or better but rather I explain why it takes the approach that it does based on the goals and compromises. The jemalloc design isn't any less modern and it's not badly implemented. It's just not the same thing.
1
1
1
It very aggressively uses address space and it explicitly makes performance sacrifices as part of the design for security. I'm not on that thread telling them that they should use it. I simply don't want it portrayed unfairly/inaccurately and dismissed as something near useless.
1
1
1
This Tweet was deleted by the Tweet author. Learn more
They aren't someone clueless / ignorant making comments about something they can't understand. They chose to post an overview / comparison posing as an expert assessment without looking into what they were talking about but rather spinning it as useless and promoting their stuff.