ASLR is implemented in the kernel; although some unscrupulous programs are able to bypass it entirely (or force it to be disabled system-wide as is the case for Dropbox on mac)
I think what they were getting at is that ASLR doesn't work at all (for the main program) if you're not running a PIE binary. The libraries still get it (they usually have to be PIC by design) but that's not much benefit when the application using those libraries has entirely predictable addresses.
So yeah, your binaries need to be built with CFLAGS="-fPIE" and linked with LDFLAGS="-pie".
There is a script which reads elf binaries and outputs security info: https://unix.stackexchange.com/a/89214