Beyond #Grsecurity: The Future of Linux security is Brighter than Ever

Ah the “no one is compensating us” fallacy:

• PaXTeam wants to get paid for work he never applied for. The way the normal world works is you apply to a company for a job position and they chose to hire you. What most companies don’t do is chase after you to shower you with money.

• Someone’s a bitter hypocrite. He seems to desperately want the money of the Linux Foundation who he’s been shitting on and criticizing for years.

• If he can’t get a job for over a decade when he writes such complex software, then maybe he should take a hard, long look why. Its anybody’s guess but my money is on his asshole attitude making him a non-viable candidate. No one wants to hire autistic manchildren who can’t work in a team.

• If he doesn’t think the copyleft license is good enough, he has other options. No one is forcing him to invest time hacking on a code base that anybody else can use with the requirement that changes are given back.

• The most likely conclusion: PaXTeam is not really interested in getting a job with Google. He wants to create a strawman justifying the their latest douchebagery. Why should he get paid to upstream stuff once when he can keep making money in perpetuity off the subscription model?

• Intel doesn’t wanna pay me REEEEE. Before closing their patches Spender attempted to twist Intel’s arm to pay him support fees. So he started a bogus trademark suit against a mega-coproration, what could possibly go wrong? (Bogus because Intel never modified grsec extensively to warrant a name change).

  • Grsecurity Limits Availability of Stable Linux Kernel Patches - SecurityWeek
  • grsecurity forums • View topic - GRsecurity patch breaks Linux kernel image to boot from EFI / https://archive.is/wip/PDSUn
  • Gentoo Forums :: View topic - Intel Subsidiary's Violations Made Grsec withdraw Stable?

• Before that they did the “we aren’t getting enough donations so we’re closing down” routine. Twice. In 2004 End Of Development For Grsecurity Announced? - Slashdot and 2009 Re: Grsecurity is about to be discontinued... [LWN.net] There were many earlier signs that things would end this way. I’m surprised it took that long.

Let’s move unto the next part, his technical gobbledygook criticism of KSPP:

• Understanding people’s code is very hard. So hard that people prefer to rewrite their own alternatives from scratch. If KSPP is struggling to understand a few things in a massive undocumented patch - that’s not their fault. I think they would have been better off not basing off grsec at all.

• You should take what PaXTeam says at face value. Sometimes there are differing opinions on the best way to technically implement things. You would understand this if you read the mail list and see how patches are constantly revised. He also self-contradicts:
  kernel-hardening - Re: [PATCH v4 2/2] x86/refcount: Implement fast refcount overflow protection

• Still using the opportunity to differentiate his codebase - that no one can see or use when now everybody stopped giving a shit and moved on.

• There are plenty of other competent people working to improve KSPP now. This time kernel security will improve without being hostage to the tantrums of two assholes : kernel-hardening - Re: It looks like there will be no more public versions of PaX and Grsec.

Edit by Patrick:
added Intel links as requested by HulaHoop