Google created seccomp-bpf which is crucial to a meaningful sandbox and has no equivalent on other platforms. It was not an obvious innovation or it would have been done years earlier. It exists because someone paid by Google to improve Chromium security had the epiphany that BPF would be a good way to filter system calls.

Isn't seccomp-bpf similar to OpenBSD's (failed) systrace? Both are basically filters for system calls if I'm not mistaken.

Calling comex a "fawning fanboy"? That's ballsy for a throwaway account.

Wouldn't comex be the "Google" in the comment, rather than the "fanboy"?

comex doesn't work for Google.

No one is claiming that Google invented sandboxing. You should stop lying to push your bias because it only makes you look foolish.

But do you know who comex is? People sometimes are not exactly precise and sometimes make mistakes too.

  But do you know who comex is?

I didn't, and it was not that easy to find out, but I was curious. He is Nicholas Allegra and he is known for jailbreaking the iPhone. See http://www.androidbeat.com/2013/04/google-comex/ and http://www.forbes.com/sites/andygreenberg/2011/08/01/meet-co.... He went on to work for Apple and now for Google, apparently on the Chome or Chrome OS teams.

Damn, now honestthrowaway looks even more foolish. I can understand why he used a throwaway now.