It's easy to turn off the JIT if you want - you can even do it on the iPhone now. It makes the web dogshit slow and is a fundamental nonstarter of an idea.

A slightly more feasible way forward here is replacing JavaScript with dear god anything else but JavaScript but that's a long way off. WebAssembly seems to have stalled.

Are you on a very old iPhone model? I haven’t found disabling jit to be noticeably slower on my iPhone 13 when running iOS 16 in “Lockdown Mode”. The Microsoft Edge team has benchmarks supporting the impact is minimal on Chromium based browsers too (https://microsoftedge.github.io/edgevr/posts/Super-Duper-Sec...).

It’s not really noticeable on an iPhone 13 Pro. Just an FYI if you’re on latest hardware.

> WebAssembly seems to have stalled.

Can you elaborate?

We’ll stop using JITs when it becomes acceptable to make computers 2x slower, or more.

Or when it becomes acceptable to make them 100x faster by not using JS, but that's even less likely to happen :)

No JIT also rules out most modern uses of Java and C#, along with things like LuaJIT.

The JavaScript JIT is much more complex due to guessing whether a number is int or floating point or if a prototype is a class etc.

LuaJIT has a very good interpreter too. You could still use it in a lot of places.

Not using JS means you need to replace it with something, which means you gotta put it into the browser.

Who says we need JS?

Nobody? That's why the word replace is there?

For the stuff javascript code does directly? Especially now that we have WASM sitting around for heavy math? Hell yeah make it 2x slower. We've advanced the speed so much and have plenty to spare.

...but if that only solves half the vulnerabilities I don't think it's worth it. Still worth keeping in mind in case that ratio shifts significantly.