Will there be any changes in Vivaldi due to the Spectre/Meltdown PC issue?
-
-
What kind of changes would you expect?
-
@dxace1 I'm also keen to read a response from the team, but until then, fyi, there's already a flag you can set if you wish ... https://forum.vivaldi.net/topic/23531/strict-site-isolation-surprise
-
@luetage said in Will there be any changes in Vivaldi due to the Spectre/Meltdown PC issue?:
What kind of changes would you expect?
Perhaps some Vivaldi official assurance that the Strict Site Isolation function in chromium is properly implemented and functional in Vivaldi, and not just a dead-end chromium flag? And better yet, a switch to implement it in Settings along with ability to set per-site exceptions, since it has been reported to break some sites...
-
Personally i've decided to be mega hyper super proactive here. I've ditched the OS altogether, & am now running Vivaldi on my old slide-rule & log-tables. If in time they also become vulnerable, then i'll install V onto my abacus... but only with it unplugged from the wall of course [i mean, c'mon, i'm not entirely stupid].
-
@steffie said in Will there be any changes in Vivaldi due to the Spectre/Meltdown PC issue?:
Personally i've decided to be mega hyper super proactive here. I've ditched the OS altogether, & am now running Vivaldi on my old slide-rule & log-tables. If in time they also become vulnerable, then i'll install V onto my abacus... but only with it unplugged from the wall of course [i mean, c'mon, i'm not entirely stupid].
Unfortunately, those work-arounds are also capable of being compromised. In the old days, we called it "copying over the shoulder", a hacking technique familiar to all clever school kids at the time.
-
@blackbird Ah yes, but i omitted to mention the large aluminium foil blanket covering my SR+LT, under which i slither to operate said devices, so that i can Faraday-away any possible inductive remote detection techniques that might otherwise discover my slide & cursor positions & change-frequencies. With a bit of luck my technological innovation will offer dual protection, ie, also against those pesky schoolkids employed by Them.
-
The Spectre vulnerability can be misused through remote-site calls from within a website's JavaScript to attack a multi-process browser via its process memory. Using Strict Site Isolation causes each separate remote site to be loaded into a separate process so an attacking site can't reach the process memory of another site. This prevents login data for a site from being stolen by another site through the browser.
There is currently a downside, since some sites are intentionally coded to rely on the remote site having access to the process of the invoking site - hence those sites may break in peculiar ways. That breakage problem will remain until the SSI technique becomes more widespread and the site coding is changed. Vivaldi (containing a lot of native HTML code itself) along with certain extensions may also exhibit some functionality breakage for a time until repairs eventually get made, if SSI is used.
The following threads give more specifics (and possible problems) about Vivaldi's existing 'experimental flag' SSI functionality:
https://forum.vivaldi.net/topic/23531/strict-site-isolation-surprise
https://forum.vivaldi.net/topic/23538/issues-after-strict-site-isolation
https://forum.vivaldi.net/topic/23580/if-i-close-a-windows-it-closes-all-windows (added by edit) -
-