ASLR is not quite dead yet. Those new techniques still need some time to read thru all memories. Fork+reexec+ASLR will throw a big wrench in those PoC.

until someone has spectered/rowhammered their way into sshd its hard to argue against your viewpoint. I predict this will come sooner than later and new mitigations will need to be developed. 35%-65% perf hit isnt going to cut it for all.

buying enough time to implement proper mitigation is what it's all about. You see lots of PoC out there that only work when you disable some mitigations like aslr or canaris... there is a big difference between a practical PoC and an actual exploit, fortunately.

what you and me see here is just the tip of the iceberg. Real exploits are being developed using these new techniques as we speak.

I expect it's still going to take enough time for practical exploits to emerge that most things are going to get patched first. I'm more worried about rushed fixes that will open other avenues to exploit. Of course, there's still the possibility of a "perfect storm" situation

agreed, rushed buggy patch would be the worst. From my understanding there wont be any proper fix however, only workarounds. Maybe openbsd comes up with something smart and innovative? :)

I didn't invent ASLR (I invented ASCII armoring for shared library mappings, which might be a precursor but it's not ASLR). I think ASLR will survive last year's & yesterday's attacks, even if it's now understood to be quite limited (KASLR was understood that way from the start).

you implemented very early mmap "randomization", which was the first (?) time the notion of ASLR was introduced. Higher entropy ASLR surely has been developed since then... but nonetheless you inspired what became ASLR. @paxteam did a lot of work with PIE later on

I think you misrecall. While I played with changing mmap addresses (ASCII armoring), I did not introduce any randomness in there. Others did.

its all to your honor to deny the credits. Its been a long time, I trust your word for it :) Many people worked on ASLR over time so there is no one creator. Re: AES side channel attacks referenced in the spectre paper. Kocher et al. are well aware of DJB and Shamir's work