I see lots of concern about what Meltdown and Spectre mean for the web, containers, and VMs, but not much about what it means for hosted ecosystems like Android and iOS. Are people so confident they can trust the App Store, or am I not seeing it b/c of bias in my twitter feed?
-
-
That said, I’d say on balance we should do something like process-per-some-subset-of-trusted-origins like Chrome is doing regardless…
-
It’s better than *not* doing it. I’m just not as excited about Site Isolation’s benefits as many others are. :)
- 2 more replies
New conversation -
-
-
I tend to doubt the feasibility of provoking useful mis-speculation cross-process in this context, but I could be missing something. But there's also branch target injection, & a lot of older but still usable Intel CPUs haven't gotten IBRS/IPBP support.
-
Why do you doubt the feasibility? Keep in mind that Chromium IPC very much uses shmem…
- 2 more replies
New conversation -
-
-
That is a really great resource, thanks! Addresses a lot of the confusion that I complained about on my blog.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Aren't the OS and CPU microcode updates supposed to mitigate the cross-process vulnerabilities?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.