Yeah it is, it’s very old. But I’m not in the minority, half of my family uses crappy phones too, and I know some other people in my area with old phones too. Unfortunately neither of us have the means of upgrading. My circumstances are awful and I live in a place where there’s a war happening. Hence I can conclude that recommending disabling JIT for everyone isn’t a solution, yet. I think all three of us can reach a compromise on that JIT topic and say that disabling JIT can only apply to those who have at least a mid-tier device.
Answered in another thread.
No, I wouldn’t use a browser with JIT disabled even if my device allowed me to use it without sacrificing usability and performance. I would disable JIT only if there were 100% no drawbacks and performance regressions. I know what JIT is, know the effects of disabling/enabling it, and I know for myself whether I need to disable JIT or not. I don’t sacrifice my security because I’m sure I won’t get exploited by a JIT-related vulnerability. But as we can infer from this thread, everyone has their own priorities, use-cases, ideas and even seemingly “entrenched” ideologies, etc. It’s everyone’s own business I guess.
I’ve just tested it. Same story with Brave Search: the effect of disabling JIT compilation is visually noticeable. Same page loading delay. So it’s an issue related to a low-end device, not Google’s fault. I would also certainly not call Google Search website crap. For your information, Google Search works amazingly without JavaScript too. But, well, as always — to each his own.
I wanted to base my statements on official Microsoft documentation. I haven’t argued for not using a local account.
The technical documentation is largely targeted at enterprises, not end-users. In corporate environments it makes sense to hand out privileged access only to a limited set of employees.
With UAC set to highest, the default way of opening Windows Task Manager will show the user a UAC prompt. You may of course adjust this through group policy, or lower the UAC security level.
Perhaps by “local account” you mean a (in Windows’s terms) “standard user” account?
Some old devices I have laying around: Samsung Galaxy S8, a Lenovo Laptop with a core i3 dual core and 4GB RAM and a Google Pixel 4a5G. I would consider the former two to be pretty low-powered in today’s terms.
Yeah I noticed that. That’s why I advised people on searching up something from the documentation on the internet.
No, I’m on Windows 10 now, and opening Task Manager doesn’t invoke a UAC prompt. UAC is on highest.
Yes-yes. But opening Task Manager doesn’t do invoke a UAC, no matter if you are on a Standard User account, or on an Administrator account. That’s the default behavior.
Okay I see. My standards are lower because the standard of living in my area is extremely low. I guess, from my low-standard point of view, I would call Google Pixel 4a a mid-tier device. My phone is worse than either Samsung Galaxy S8 or Google Pixel 4a. However I’m not in the minority, as I said. So it’s kinda early to recommend everyone to disable JIT, in my opinion.
You said that the performance impact is negligible, but it still does have an impact. It could be even as little as 100 or 50 milliseconds. And if you sum up all those 50 milliseconds of all the times when you loaded a page — it would amount to a big number eventually. It is sacrificing UX/performance for that tiny chance of being JIT-exploited. I think it’s better to wait until the technology improves (both software and hardware), and until all people in the world will run no less than phones with specs similar to those of Google Pixel 3, for example. Then we can recommend disabling JIT to everyone.
Can you also point me to any sources that say that JIT exploits are common? If I’m not right in my opinion that a regular user getting exploited by a JIT-related vulnerability is a rare case, you can prove me wrong by linking some info.
I’m sorry we haven’t been able to review this PR… I just want to let you know that I’m going to be working on completing this guide for the next website release by the end of the year. The work you’ve done is really appreciated even though it’s taken us a long time to get to it, and you’ll be credited in the final draft
Thank you for your work on this!