cloudy cloudy

Author Topic: Meltdown & Spectre vulnerabilities and javascript  (Read 408 times)

0 Members and 1 Guest are viewing this topic.

Offline broadstairs

  • Stuart
  • Posts: 7,016
  • Broadstairs, Kent, UK
  • OS/Browser:
  • (Linux Mint)
  • Firefox 56.0.2
    • Broadstairs
Meltdown & Spectre vulnerabilities and javascript
« on: January 14, 2018, 08:43:56 AM »
I'm sure folks here are aware of the publicity surrounding these two issues with pretty much most hardware and software platforms. If not just google it  :wink: and you will be flooded with information.

Just to point out that disabling javascript is being recommended as a temporary fix for some of the problems associated. This in turn will stop  both freshWDL and the Steelseries gauges working in peoples browsers if this is implemented.

« Last Edit: January 14, 2018, 11:39:00 AM by broadstairs »

Offline saratogaWX

  • Global Moderator
  • Posts: 5,860
  • Ken True
  • Saratoga, CA, USA 37:16:28N, 122:01:23W - Elev: 374ft.
  • OS/Browser:
  • Win NT 10.0
  • Firefox 57.0
    • Saratoga Weather
Re: Meltdown & Spectre vulnerabilities and javascript
« Reply #1 on: January 14, 2018, 08:19:20 PM »
On Saratoga templates, it will stop the AJAX updates too.  But... the Saratoga templates were designed to work without requiring JavaScript -- the JavaScripts just provide a more realtime update capability.  Other templates using JavaScript frameworks for presentation will cease to operate if JavaScript is disabled.

The more prevalent issue (than Spectre/Meltdown) is the widespread deployment of cryptominer JavaScript malware via ad networks -- It's good to have plugins like ad block/uBlock/NoScript to prevent malicious ads from downloading and consuming all your CPU power to mine virtual currency for some miscreant.
Ken True
Saratoga Weather
CWOP: CW1792
WeatherUnderground: KCASARAT1
Free weather website PHP scripts and WD website AJAX templates

Offline MGCJerry

  • Posts: 227
  • Ohio
  • OS/Browser:
  • Win 7/Srvr 2008R2
  • Firefox 70.0
Re: Meltdown & Spectre vulnerabilities and javascript
« Reply #2 on: January 14, 2018, 10:34:10 PM »
I ALWAYS browse with javascript off. It is enabled on specific sites thanks to noscript. This is exactly the reason I have all browser side scripting off, dns blackhole, ublock, large hosts file, all set very aggressively. I do find a lot of sites are broken while doing this but its a price to pay.

FYI, this forum doesn't set off any of my blockers even with scripts being permitted here. Its disgusting out there and I've seen "popular" sites loading all kinds of 3rd party scripts of dubious origins. When your site is loading scripts from 20-30 different domains, you have problems.