Yeah it is, it’s very old. But I’m not in the minority, half of my family uses crappy phones too, and I know some other people in my area with old phones too. Unfortunately neither of us have the means of upgrading. My circumstances are awful and I live in a place where there’s a war happening. Hence I can conclude that recommending disabling JIT for everyone isn’t a solution, yet. I think all three of us can reach a compromise on that JIT topic and say that disabling JIT can only apply to those who have at least a mid-tier device.
Answered in another thread.
No, I wouldn’t use a browser with JIT disabled even if my device allowed me to use it without sacrificing usability and performance. I would disable JIT only if there were 100% no drawbacks and performance regressions. I know what JIT is, know the effects of disabling/enabling it, and I know for myself whether I need to disable JIT or not. I don’t sacrifice my security because I’m sure I won’t get exploited by a JIT-related vulnerability. But as we can infer from this thread, everyone has their own priorities, use-cases, ideas and even seemingly “entrenched” ideologies, etc. It’s everyone’s own business I guess.
Some old devices I have laying around: Samsung Galaxy S8, a Lenovo Laptop with a core i3 dual core and 4GB RAM and a Google Pixel 4a5G. I would consider the former two to be pretty low-powered in today’s terms.
Okay I see. My standards are lower because the standard of living in my area is extremely low. I guess, from my low-standard point of view, I would call Google Pixel 4a a mid-tier device. My phone is worse than either Samsung Galaxy S8 or Google Pixel 4a. However I’m not in the minority, as I said. So it’s kinda early to recommend everyone to disable JIT, in my opinion.
You said that the performance impact is negligible, but it still does have an impact. It could be even as little as 100 or 50 milliseconds. And if you sum up all those 50 milliseconds of all the times when you loaded a page — it would amount to a big number eventually. It is sacrificing UX/performance for that tiny chance of being JIT-exploited. I think it’s better to wait until the technology improves (both software and hardware), and until all people in the world will run no less than phones with specs similar to those of Google Pixel 3, for example. Then we can recommend disabling JIT to everyone.
Can you also point me to any sources that say that JIT exploits are common? If I’m not right in my opinion that a regular user getting exploited by a JIT-related vulnerability is a rare case, you can prove me wrong by linking some info.
I’m sorry we haven’t been able to review this PR… I just want to let you know that I’m going to be working on completing this guide for the next website release by the end of the year. The work you’ve done is really appreciated even though it’s taken us a long time to get to it, and you’ll be credited in the final draft