I saw some worrying stats about PaX 3.14.21 at http://cybersecurity.upv.es/tools/aslra ... index.html referred to by the authors' paper at BlackHat Asia 2016: https://www.blackhat.com/asia-16/briefings.html
Then I found spender's 2015 article at https://lwn.net/Articles/668735/ and was wondering if those objections (anti-bruterforcing etc.) still apply. Is there any real reason to use ASLR-NG's approach? Thanks.