For many many years, I've thought of my infosec friends with NoScript enabled by default as hopelessly paranoid. Today, I have NoScript enabled by default. It's actually not that painful.https://twitter.com/MalwareJake/status/948755289716772869 …
-
-
any loss of functionality that matters to you* FTFY
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Are you sure that with the pipeline deep enough and a good branch predictor the whole path in the *interpreter itself* cannot be speculatively executed with the data you want?
-
Not 100%. Branch-free interpreters are actually a topic of interest for me as one step to [the closest thing you can get to] portable constant-time code.
-
The "not 100%" is why I'm considering Spectre a fatal flaw that can't be solved with software and that requires trashing affected cpu models. But turning off JIT will make it a damn lot harder to exploit.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.