[tor-dev] TBB Memory Allocator choice fingerprint implications

Daniel Micay danielmicay at gmail.com
Wed Aug 21 21:33:57 UTC 2019


On Wed, 21 Aug 2019 at 16:42, Richard Pospesel <richard at torproject.org> wrote:
>
> Yeah same, this convo went from 'wow an interesting discussion about
> allocators' to 'fuck you Tom' real quick and without provocation.

The email I replied to makes a bunch of false claims and attacks on my
project. It was never a friendly conversation. It was a series of
attacks and misleading claims which I had to go out of my way to
counter. I was not subscribed to this list and had to figure out how
to reply to a past thread to defend my work. If you got the impression
that I was posting here to participate in an interesting discussion,
you were wrong. I'm posting here because there was an incredibly
offensive post attacking / dismissing what I've spent so much time
working on from someone that hadn't even bothered to read the
documentation explaining it. I don't want to be wasting my time here.
I want to be doing useful privacy / security work and not having to
keep defending my work from misinformation. My response is absolutely
not without provocation. Every day, there are people attacking my work
with misinformation. This is yet another case of it, and it happens to
be from someone working at a company with an unresolved conflict with
me where they took advantage of me and substantially harmed me. This
is not the only case that I've had to defend myself or my work today,
and the people who need to stop are the ones spreading dishonest
attacks / misinformation. I replied with facts, and it's a fact that
the post was incredibly misleading spin.

> From a human standpoint, maybe try and be your best self?

This is my best self, standing up for myself against people inflicting
harm on me. Maybe you should stop supporting unethical and dishonest
behavior including attacking a project and dismissing the niche for it
without even understanding the basics of it, while falsely pretending
to be an expert on the topic. It's not me that needs to start being a
better person. It's you that's supporting this. It's not my community
endorsing dishonesty. This doesn't happen in the communities that I
manage. I stop people from attacking other projects with
misinformation and false claims, even if I don't like those projects.
I correct it, and if they don't stop, they simply get banned. I expect
that people stick to the facts and don't misrepresent them. Dishonesty
is the most prominent issue in the privacy / security world. There are
endless projects / products making dishonest claims about themselves
and their competitors, and users are not in a position to evaluate
those claims. Those users rely on experts being honest and people not
pretending to be experts on something they don't know about.

> Or (if you prefer) from a practical standpoint, maybe berating on one of the devs
> that would be reviewing your allocator patches isn't the best path
> forward to achieving your goals?

I have no intention of submitting patches to any Mozilla projects.
Even if I did contribute to jemalloc again in the future, that's not a
Mozilla project. I don't have any issues with the jemalloc developers
or project. Also, to be clear, jemalloc is not in any way a hardened
allocator and the kind of security work that I do is not in scope for
it. The patches that I submitted to jemalloc in the past were
performance improvements and had nothing to do with my work on
security or GrapheneOS. The hardened_malloc project is not a fork of
an existing malloc implementation, and certainly not jemalloc. I would
recommend reading
https://github.com/GrapheneOS/hardened_malloc/blob/master/README.md
rather than continuing what Tom started by making bad assumptions. My
goals have nothing to do with submitting any patches to Mozilla
projects or jemalloc. I have a pile of bugs including security issues
that I've found in Mozilla products that I cannot report to them
because of how I've been treated. Improving their software is their
problem, not mine. They drove me away a long time ago.

I would suggest that if people don't want to be called out for
spreading misinformation and making dishonest / misleading claims,
they should simply avoid doing it. You won't find me trashing and
dismissing jemalloc anywhere. It's a solid project making sensible
design compromises based on the goals. It's heavily oriented towards
throughput, low fragmentation and efficiency. It's not a hardened
allocator, and is in fact extremely friendly to exploitation even
compared to a traditional baseline like dlmalloc. It isn't meant to be
a hardened allocator, and that's not some design flaw, but rather the
consequence of all the design choices and compromises involved in it.
An allocator cannot be all things to all people. There is no best
allocator for all use cases / needs and there won't be one. They have
substantial design compromises / trade-offs. This applies to lots of
software and many things beyond software. I have no problem with
someone stating that hardened_malloc isn't for them or their project
and optionally explaining why. My issue is with someone attacking it
with misleading / false claims and portraying it as negligibly useful
or something that can be obsoleted with some tweaks / features bolted
onto jemalloc.

The equivalent would be someone that's seen / portrayed as an expert
completely downplaying the work of Tor developers, dismissing the
usefulness of the project and portraying matching what it provides as
simply a matter of making some tweaks to OpenVPN. That's much less
personal, because it's an attack on a collaborative project by a bunch
of people, not the work of a specific individual. It would also be
much more easily seen as bogus compared to someone doing the same
thing with memory allocators. It's very harmful to have someone making
those false claims about my work. This is my full time job. It's how I
earn an income. There is no company funding my work on this but rather
I depend entirely on donations. I depend on people understanding the
value of the work and someone attacking it with false claims is a
direct attack on the sustainability of the project and my job. It's an
extremely personal attack. I'm perfectly fine with people criticizing
it but they need to be honest and stick to facts. If they have no clue
what they're talking about and haven't even read the documentation,
they shouldn't be talking about as if they're an expert, especially if
what they're doing is attacking / dismissing it. I put a lot of work
into writing that kind of documentation for the projects too. The
reality is that I have to deal with people attacking these projects
with misinformation on quite literally a daily basis and I don't
tolerate it.


More information about the tor-dev mailing list