The glitch paper suggests that:
To protect the system against both GPU and CPU sidechannel
attacks, currently the only practical solution in the
browser is disabling all possible timing sources.
You see the issue with this is that it breaks our ability to measure time. That's a big deal.
This is one of the early marine chronometers. It's the device that enabled precise naval navigation because now not only could you determine latitude (from the stars) but you could also pinpoint longitude fairly precisely.
As the name suggests "real-time" rendering has a time component (that's the time, in "real-time"). You might infer from that fact that "time" is a rather important quantity in "real-time", and you'd be absolutely correct. Breaking time alone wouldn't be a problem if everybody had the same hardware. But that's in fact, surprisingly, not the case. Developers need to write software for hardware whose real-time performance can differ up to a factor 1000x at the extremes, up to 100x between major device categories and up to around 10x within a device category.
Measuring time is therefore rather important if you want to keep it "real". Not just your time, and not just the time of individual samples of hardware you luckily happen to have access to, but time as broadly as possible. We can't do that now can we anymore? No we can't.
With Site Isolation enabled, the amount of data exposed to side-channel attacks is reduced as Chrome renders content for each website in a separate process
The glitch paper does not suggest that "putting stuff into a process" is a mitigation strategy.
Accordingly, they will remain disabled in Chrome until Site Isolation is on by default
When is site isolation going to be on by default? When do other UAs have this?
at which point they will be re-enabled with sufficiently reduced precision to mitigate GLitch attacks
What does that mean exactly? So imprecise we can't practically use them anymore to measure any performance or what?
This whole episode is so unacceptable at so many levels. You're breaking the tools we need to build applications. Native applications don't have this problem (they just ignore it, any natively installed game can now steal your whatevers). You're breaking the empirical method. Now there's nothing left but blindly stabbing in the dark. Well done you, well done.