The firefox fiasco



  •  After Installing Frefox 3.5, i found it to be rather slow while starting up. Hence I did a Google search, and came to this page which explains the cause of the problem.

    http://weblogs.asp.net/fbouma/archive/2009/07/09/the-firefox-3-5-fiasco.aspx

    Oh the horrors!! I didn't expect such wtf material from Mozilla.



  •  FF 3.5 starts up just fine on my computer.  Then again, with a Core i7, everything is fast... so maybe it's just being slow really fast. (Using Win7 RC1.)

    The article writer mentions "the usual plugin upgrade mess".  I have several plugins installed, and I didn't have any issues with any of them, so I blame the plugins he is using.

     I know the article goes on to talk about NSS, but my hard drives are just as "slow" as everyone else.  If it were truly just that, then everyone should have that issue, not just some (large) percentage of users.



  • @Heron said:

     I know the article goes on to talk about NSS, but my hard drives are just as "slow" as everyone else.  If it were truly just that, then everyone should have that issue, not just some (large) percentage of users.

    By my reading of it, it depends on three things:

    1. The size of your caches.  If you keep these small, you should have no problem.
    2. The performance of your anti-virus - which may benefit greatly from having a fast processor
    3. The performance of your file cache - which can be improved by how much RAM you have, and may also benefit from a fast processor (I know nothing of Microsoft's state of file cache, except that my work Windows XP system always seems dreadfully slow, compared to slower, older systems running Linux or MacOS X.)

    Judging from your prior posts, you strike me as the sort to keep reasonable cache sizes, rather than saying "Oh, I have a half terabyte of disk space I'm not using, I'll just have Firefox cache up to 100G of data." like some people (quite possibly those whose systems basically never manage to start Firefox 3.5).

    I, too, have no problems with it, but then I'll point out, MacOS X for this box, and I've told Firefox to store nothing in the disk cache, and I told Safari that back when I knew how to get to that config, so it may still be doing that.  Of course, that means I basically have no randomness to speak of, so here's me using an older Firefox...



  • I use whatever Firefox's default is for cache size... but it's not just Firefox's cache that NSS is supposedly reading, it's IE's temp directory, your Windows temp directory, probably your user account's temp directory, etc etc.



  • I have FFX 3.5 up and running smooth and fast on my 900MHz eeePC. But then again I am loading the FFX profile from a ramdisk and several temp folders/IE temp files have been relocated the the same ramdisk to improve windows speed.


  • Garbage Person

    @dev3 said:

    Oh the horrors!! I didn't expect such wtf material from Mozilla.
     

    Do we live in the same universe? Mozilla writes nothing but horrible, shitty, inefficient code. The only way to have Firefox not make multitasking a pain in the ass is to run 8gb of RAM on a quad core system under a 64bit OS - so Firefox can only address 2gb of RAM, and you still have plenty to spare - and it can only chew up one whole core, again, leaving you plenty to spare.

     On the plus side, 3.5 FINALLY fixed the memory leak that's been around since 0.6 - now it just hogs it all "legitimately"

     (Current Firefox utilization levels: 1.4GB, 50% of 1 core - 18 tabs)



  • That's sad because there are so many perfectly valid ways to do this.

    1) CryptGenRandom

    2) A private entropy pool stored on disk and perturbed each session.

    3) Reading a small set of randomly-selected files from the disk and timing the precise latency (ignore the contents).

    4) Using the precise timing of the loading of your own modules, fonts, and other code. Mixing in network data arrival time.

    A modern CPU has a TSC that can measure time intervals to a billionth of a second. Disk read times and even network data arrival times are unpredictable at that level of detail. (Largely because of clock skew and turbulence inside your disk drives.)



  • This kind of mistake is FP-worthy.

    I'm considering the option that the person responsible was on crack. The real kind; not the metaphorcal kind that Weng thinks they use.



  • @dev3 said:

    Oh the horrors!! I didn't expect such wtf material from Mozilla.

    It doesn't surprise me. In fact, the first time I ever ran Mozilla (way back on Mac OS 8.5) it did almost the opposite of what this new Firefox does... created a whole lot of randomly named files all over my desktop, and continued creating more and more of them until I force-quit it. Nothing resembling a web browser appeared. I didn't open it a second time.



  • @Weng said:

     (Current Firefox utilization levels: 1.4GB, 50% of 1 core - 18 tabs)
    18 tabs?  shit.

    I get annoyed when FF is chewing up a gig of space with only two tabs.   Those two tabs are Google Reader and TDWTF's "not read" thread list.



  • @Weng said:

    @dev3 said:

    Oh the horrors!! I didn't expect such wtf material from Mozilla.
     

    Do we live in the same universe? Mozilla writes nothing but horrible, shitty, inefficient code. The only way to have Firefox not make multitasking a pain in the ass is to run 8gb of RAM on a quad core system under a 64bit OS - so Firefox can only address 2gb of RAM, and you still have plenty to spare - and it can only chew up one whole core, again, leaving you plenty to spare.

     On the plus side, 3.5 FINALLY fixed the memory leak that's been around since 0.6 - now it just hogs it all "legitimately"

     (Current Firefox utilization levels: 1.4GB, 50% of 1 core - 18 tabs)

     @belgariontheking said:

    18 tabs?  shit.

     

    I get annoyed when FF is chewing up a gig of space with only two tabs.   Those two tabs are Google Reader and TDWTF's "not read" thread list.

     

    What the hell if wrong with you people? I'm currently running FF3.0 with 42 tabs in 2 windows (with TMP, Live HTTP Headers, Web Developer Toolbar, Download Them All and Read It Later). The Core 2 Duo CPU is idling and memory usage is 355MB of the 4GB(ish) ram available on my 32bit XP Pro...



  • The problem is that Firefox is cross-platform and a number of important platforms don't have true random number generators (I am looking at you, Windows and OS X). Some of these pseudo-random number generators contain known vulnerabilities, depending on OS version and patch level.

    Poor NSS performance is the problem, but NSS shouldn't have to jump through hoops to get random numbers from an OS. This is especially true of a desktop OS that has more possible sources of entropy than would ever be needed.

    I don't see any performance problem on Linux, so I think NSS must use the operating system's random number generator if one exists.

    I suspect a great many of Firefox's problems are actually due to how they try to support multiple platforms on the same code base.



  •  @joelkatz said:

    CryptGenRandom

    I am curious why people keep commenting that Mozilla should use CryptGenRandom when they still are supporting Windows 2000 and Windows XP pre-SP3, both of which have known weaknesses in their CryptGenRandom implementation. (“A buffer overflow attack or a similar attack can be used to learn a single state of the generator, which can then be used to predict all random values, such as SSL keys, used by a process in all its past and future operation.”) I don’t know if NSS is actually any more secure, but don’t assume that CryptGenRandom is the best solution just because it came with the OS.



  • @Weng said:

    Do we live in the same universe? Mozilla writes nothing but horrible, shitty, inefficient code. The only way to have Firefox not make multitasking a pain in the ass is to run 8gb of RAM on a quad core system under a 64bit OS - so Firefox can only address 2gb of RAM, and you still have plenty to spare - and it can only chew up one whole core, again, leaving you plenty to spare.

     On the plus side, 3.5 FINALLY fixed the memory leak that's been around since 0.6 - now it just hogs it all "legitimately"

     (Current Firefox utilization levels: 1.4GB, 50% of 1 core - 18 tabs)

     

    What?  Ignoring the debacle of reading all cache files off disk instead of using windows' crypto library, Mozilla's code is actually pretty efficient.  It uses less ram than IE, and on my computer it's actually running with less memory than Outlook (the mail client), Sql Server Management studio, and Visual Studio, even though, well, I have another mail client open IN firefox (gmail).I run firefox on 4 different computers, two of them with 1.6 Ghz processors, and 1GB of ram, and it works fine.  Sure, if I open 14 youtube instances it slows to a crawl, but I'd hardly call that mozilla's fault.  Mozilla also has THE FASTEST javascript engine of all browsers that are actually used by more than 0.5% of people.

     It seems that every release of FF becomes more efficient at using memory, but the problem is not USING large amounts of memory but WASTING large amounts of memory. The POINT of memory IS to use it.  Firefox will gobble up more and more memory based on how much you have for caching etc, because it makes it faster.  Not using memory is wasting memory, something Microsoft is just finding out.  Programs and data should be kept in memory, so that they can load fast, but this extra space is given up to programs when they need it.  This is why Vista uses all your RAM & Linux has been doing this for ages.

    I have firefox open with 6 tabs now, I just closed about 10 a few minutes ago, and I haven't closed firefox for a week.  It's using 372 MB of RAM and 0-2% CPU usage.  I have 4 GB of ram so 372MB is nothing.  Like I said, RAM is supposed to be used, that's the point of it.

     I've never seen Firefox take up more than 500MB of RAM since FF 2.  If yours is using more than that, it's got to be a combination of extensions and terrible virusscan performance.  Extensions are more often than not the reason FF runs like crap, because extention designers don't take the time to optimize for performance and memory leaks like mozilla does.



  • @shakin said:

    I suspect a great many of Firefox's problems are actually due to how they try to support multiple platforms on the same code base.
     

    Not doing so would just be one step closer to "we don't really need a linux version" or "I'll add those features into the linux version whenever I get around to it". That mentality is why I'm still waiting around for Google Chrome, even though its been out for months, and why I don't expect to ever be able to use photoshop without a VM.

    Anyway, I'm sort of curious why you think that causes problems anyway. Many other programs are multi-platform and don't suffer a noticeable performance hit. If you do it the right way, it shouldn't.



  •  Those of you complaining that Firefox is hogging RAM might want to turn off Firebug (and other infrequently used extensions).  I used to see 512MB+ RAM usage from Firefox with just two tabs open until I disabled Firebug.

    Firefox isn't perfect, but let's make sure we're not blaming Firefox for issues caused by extensions we've installed ourselves :P



  • @jamesthedeveloper said:

    What the hell if wrong with you people? I'm currently running FF3.0 with 42 tabs in 2 windows (with TMP, Live HTTP Headers, Web Developer Toolbar, Download Them All and Read It Later). The Core 2 Duo CPU is idling and memory usage is 355MB of the 4GB(ish) ram available on my 32bit XP Pro...
    The rest of us tend to open fewer than 41 blank tabs.

    But while we're at it, 42 tabs?  are you serious?



  • @jamesthedeveloper said:

    The Core 2 Duo CPU is idling and memory usage is 355MB of the 4GB(ish) ram available on my 32bit XP Pro...
     

    On 32-bit you cannot have more than 3GB RAM (available). Other than that, that's also about what I have (I start my day by opening 25 tabs at once and another window with 3 tabs. I usually keep it open for a day with about 2-6 tabs). It currently uses 326MB on my Vista 64-bit.



  • @mann_jess said:

    @shakin said:

    I suspect a great many of Firefox's problems are actually due to how they try to support multiple platforms on the same code base.
     

    Not doing so would just be one step closer to "we don't really need a linux version" or "I'll add those features into the linux version whenever I get around to it". That mentality is why I'm still waiting around for Google Chrome, even though its been out for months, and why I don't expect to ever be able to use photoshop without a VM.

    Anyway, I'm sort of curious why you think that causes problems anyway. Many other programs are multi-platform and don't suffer a noticeable performance hit. If you do it the right way, it shouldn't.

     

     

    I fully agree with you that if the Linux port were maintained separately it would end up being dropped or lag behind the Win and Mac versions. The Linux version already suffers enough. It is also for this reason that I am weary about using Google Chrome: I don't want to use a browser that doesn't treat Linux as a first-class citizen.With ChromeOS coming it does look like Google will have a strong reason to support Chrome on Linux.

     

    Regarding Firefox, it seems like Mozilla has reinvented the wheel for a lot of components and they haven't always done a particularly good job.Other cross platform programs like Opera and Eclipse have taken better approaches, though totally different from each other.



  • Speechless. Human kind never ceases to amaze me. Darwin, please take some of us with you



  • @nocturnal said:

    It seems that every release of FF becomes more efficient at using memory, but the problem is not USING large amounts of memory but WASTING large amounts of memory. The POINT of memory IS to use it.  Firefox will gobble up more and more memory based on how much you have for caching etc, because it makes it faster.

    That's all well and good, until Firefox starts using memory that would be better used somewhere else (say, the disk cache, or other applications).



  • @Carnildo said:

    @nocturnal said:
    It seems that every release of FF becomes more efficient at using memory, but the problem is not USING large amounts of memory but WASTING large amounts of memory. The POINT of memory IS to use it.  Firefox will gobble up more and more memory based on how much you have for caching etc, because it makes it faster.

    That's all well and good, until Firefox starts using memory that would be better used somewhere else (say, the disk cache, or other applications).

    Or, to be more verbose: The OS is in a position to know how much memory it can use for low priority tasks without otherwise interfering with the system, and the OS can readily give up any such memory at a moment's notice.  No application is in such a position.  Further, by using that additional memory, and then leaving it idle for long periods of time, Firefox is just asking for it to be swapped out.  After that, even if Firefox decides it doesn't want it after all, but wants to store something else there instead, it'll have to swap that memory back in, when it could've just freed it before and malloced it later, with no swapping.

    You (meaning nocturnal) might think it would be nice if there was a way an app could specifically request memory which could be ripped from it with no prior notice, or otherwise mark blocks of its memory as such, and an API for the kernel to let the app know it's been taken.  I don't think it could be done in a sufficiently simple manner.  The best I can come up with is having an API that allows an app to register for receiving 'memory low' interrupts, and those apps could then do some cleanups.  Given the lousy performance I've seen out of garbage collection built into various languages, I think doing that would be a horrible disaster.

    In any event, there is no OS I am aware of with such a feature.  Without that feature, any application which uses gratuitous amounts of memory for long periods of time for its own performance gains is a hog, and on either a multi-user system or a power user's system, it's liable to hurt its own performance rather than help it.



  • @dtech said:

    On 32-bit you cannot have more than 3GB RAM (available).

     

    false.



  • @tster said:

    @dtech said:

    On 32-bit you cannot have more than 3GB RAM (available).

     

    false.

    How so? If he meant "in the usable portion of your address space if you are a usermode application", then I don't see why not.



  • @Spectre said:

    @tster said:

    @dtech said:

    On 32-bit you cannot have more than 3GB RAM (available).

     

    false.

    How so? If he meant "in the usable portion of your address space if you are a usermode application", then I don't see why not.

     

    Even the OS cannot access the 4GB of RAM fully. To be accurate, 3GB RAM may indeed not be the correct number, however.

    The cause is that a portion of the virtual 32-bit adress space (usually 1GB in modern systems) gets reserved for memory mapped I/O. afaik this is never less than 512MB on modern systems, and can be up to 1,5GB, and usually is 1GB. That is why even the (32 bit) OS cannot use all of the 4GB of RAM.

    How much exactly gets reserved depends on your chipset, hardware and configuration. But for example you'll always lose the amount of MB on your PCI-express video-card (e.g. if you have a card with 512MB of memory that gets mapped and you'll lose that part of the memory)



  • @Spectre said:

    @tster said:

    @dtech said:

    On 32-bit you cannot have more than 3GB RAM (available).

     

    false.

    How so? If he meant "in the usable portion of your address space if you are a usermode application", then I don't see why not.

     

    I am using a 32-bit operating system and I have 3.25 GB of useable memory.  It depends on video card, and motherboard.



  • @dtech, tster said:

    We mean physical memory, dumbass!

    Oh. Well, in that case you can still have more than that if you buy more memory.



  •  My laptop motherboard's chipset (Intel 945GM I think) is only capable of addressing 3.3GB of RAM, regardless of what operating system you have installed (e.g. my 64-bit Gentoo install only sees 3.3GB RAM despite having 4GB installed).



  • @Heron said:

     My laptop motherboard's chipset (Intel 945GM I think) is only capable of addressing 3.3GB of RAM, regardless of what operating system you have installed (e.g. my 64-bit Gentoo install only sees 3.3GB RAM despite having 4GB installed).

     

    The chipset doesn't support memory mapping then (which I think is rather strange for a 64-bit chipset)

    If your chipset is capable, you could theoratically buy 8GB of ram (because it's a laptop it'll probably only have one slot) and use 7.3GB of RAM, because only the 3.3-4GB range is reserved.



  • @dtech said:

    (because it's a laptop it'll probably only have one slot)

    WTF?  I've seen plenty of laptops with more than one memory slot.



  • @Spectre said:

    @dtech, tster said:
    We mean physical memory, dumbass!

    Oh. Well, in that case you can still have more than that if you buy more memory.

    No, I have 4GB of physical memory, but only 3.25 GB usable because my PCI slots use 256 MB of addressable space and my video card uses 512 MB of addressable space.



  • @morbiuswilters said:

    @dtech said:

    (because it's a laptop it'll probably only have one slot)

    WTF?  I've seen plenty of laptops with more than one memory slot.

     

    most laptops have 1 internal slot and 1 easily accessable "upgrade" slot.



  • @tster said:

    @morbiuswilters said:

    @dtech said:

    (because it's a laptop it'll probably only have one slot)

    WTF?  I've seen plenty of laptops with more than one memory slot.

     

    most laptops have 1 internal slot and 1 easily accessable "upgrade" slot.

    One of my old laptops (Inspiron something-or-other) had both memory slots easily accessible.  This laptop (cheapy Vostro) I'm not sure about because I've never looked.  I've got a unibody MBP around here somewhere but I'm not sure you can even get to the memory on those.



  • @morbiuswilters said:

    @dtech said:

    (because it's a laptop it'll probably only have one slot)

    WTF?  I've seen plenty of laptops with more than one memory slot.

     

    I now know about 8 laptops, and 2 have 2 memory slots. I'm not saying it isn't possible, but a laptop (in my experience) "probably" has one memory slot.

    To be fair, 3 of those laptops were netbooks, but even then in my experience it's still a 60% chance.



  • @dtech said:

    The chipset doesn't support memory mapping then (which I think is rather strange for a 64-bit chipset)

     Is the 945GM 64-bit?  I don't think so...



  • @tster said:

    @Spectre said:

    @dtech, tster said:
    We mean physical memory, dumbass!

    Oh. Well, in that case you can still have more than that if you buy more memory.

    No, I have 4GB of physical memory, but only 3.25 GB usable because my PCI slots use 256 MB of addressable space and my video card uses 512 MB of addressable space.

    Yes... and if you get more memory, you'll get more usable memory. Which is what I already said.



  • @Spectre said:

    @tster said:

    @Spectre said:

    @dtech, tster said:
    We mean physical memory, dumbass!

    Oh. Well, in that case you can still have more than that if you buy more memory.

    No, I have 4GB of physical memory, but only 3.25 GB usable because my PCI slots use 256 MB of addressable space and my video card uses 512 MB of addressable space.

    Yes... and if you get more memory, you'll get more usable memory. Which is what I already said.

    If he has 4G of physical memory and a processor with 32 bit addressing, there's only three ways he can increase his amount of usable RAM.

    1. Unmap his video card and/or PCI slot memory (crippling the performance of said hardware)
    2. Implement the kind of kludges Commodore used to give the C128 128K of addressable memory despite its 16 bit addressing (by tacking on a 'Memory Management Unit', which added a couple of additional address bits, which could be accessed through the I/O register area (or through FF00).  Note that this completely fails any parallel processing that wants to access the original memory banks, unless one invests a lot more effort than Commodore did.)
    3. Increase the processor address space

    Only one of these is a viable answer.



  • @tgape said:

    If he has 4G of physical memory and a processor with 32 bit addressing, there's only three ways he can increase his amount of usable RAM.

    1. Unmap his video card and/or PCI slot memory (crippling the performance of said hardware)
    2. Implement the kind of kludges Commodore used to give the C128 128K of addressable memory despite its 16 bit addressing (by tacking on a 'Memory Management Unit', which added a couple of additional address bits, which could be accessed through the I/O register area (or through FF00).  Note that this completely fails any parallel processing that wants to access the original memory banks, unless one invests a lot more effort than Commodore did.)
    3. Increase the processor address space

    Only one of these is a viable answer.

    I'm not sure what you're getting at. Modern x86 processors can address more than 4G of physical memory.



  • Has firefox ever been anything less than a steaming pile, though? I mean come on, XUL? Who the hell thought that was a good idea. All a freaking web browser needs to do is open web pages and display them accurately and have a decent bookmarks/history feature but leave it to the open source community to complicate the hell out of something so simple with "addons" and "themes".



  • @Dudehole said:

    Has firefox ever been anything less than a steaming pile, though? I mean come on, XUL? Who the hell thought that was a good idea. All a freaking web browser needs to do is open web pages and display them accurately and have a decent bookmarks/history feature but leave it to the open source community to complicate the hell out of something so simple with "addons" and "themes".

    I like simplicity in my software, but extensions is why I use Firefox and why I don't use any other browser.  The power and customization afforded by extensions makes FF the best browser, IMHO.  I just wish they'd fix the memory leaks, speed up JS and implement a one-process-per-page feature like Chrome has.



  •  The process model is their main push for the next version of FF.

    Extensions are the reason I use Firefox, too (besides the usual "I hate IE").  I've heard good things about Opera, but nothing good enough to make me switch, and Chrome doesn't have (m?)any plugins, at least not ones I'm most interested in (AdBlock, S3Fox, etc).



  • @Spectre said:

    I'm not sure what you're getting at. Modern x86 processors can address more than 4G of physical memory.
     

    The addressable memory of an X86 processor does not interest me considering I don't have an x86.  Its the limitation of my 32-bit OS that I am most concerned with.



  • @morbiuswilters said:

    ...and implement a one-process-per-page feature like Chrome has.
    Wasn't that an IE feature before Chrome?



  • @benryves said:

    @morbiuswilters said:
    ...and implement a one-process-per-page feature like Chrome has.
    Wasn't that an IE feature before Chrome?

    True, but when a page crashes in IE it takes down the whole browser.  Supposedly this does not happen in Chrome.



  • @tster said:

    @Spectre said:

    I'm not sure what you're getting at. Modern x86 processors can address more than 4G of physical memory.
     

    The addressable memory of an X86 processor does not interest me considering I don't have an x86.  Its the limitation of my 32-bit OS that I am most concerned with.

     

    32-bit OSes can address more than 4GB of memory.  I'm not sure what OS you run, but it probably supports it.



  • @morbiuswilters said:

    32-bit OSes can address more than 4GB of memory.  I'm not sure what OS you run, but it probably supports it.
     

    If you're mentioning PAE, only the server editions of the windows family support it. Linux and most UNIX os'ses do support it, but windows non-server still is 99%* of the desktop market.

    * Number not based on any data



  • @morbiuswilters said:

    True, but when a page crashes in IE it takes down the whole browser.

    What? That would be pointless, plus I've already seen a page that crashed and was subsequently resurrected by the browser.



  • @Spectre said:

    @morbiuswilters said:
    True, but when a page crashes in IE it takes down the whole browser. 

    What? That would be pointless, plus I've already seen a page that crashed and was subsequently resurrected by the browser.

    Pointless?  It happens.  Maybe not so much anymore, but I haven't used IE for regular browsing for several years.  Back then it happened at least once a day.  Sometimes it would resurrect and sometimes not.



  • @tgape said:

    You (meaning nocturnal) might think it would be nice if there was a way an app could specifically request memory which could be ripped from it with no prior notice, or otherwise mark blocks of its memory as such, and an API for the kernel to let the app know it's been taken.  I don't think it could be done in a sufficiently simple manner.  The best I can come up with is having an API that allows an app to register for receiving 'memory low' interrupts, and those apps could then do some cleanups.  Given the lousy performance I've seen out of garbage collection built into various languages, I think doing that would be a horrible disaster.

    I dunno. I think it could be done rather well.

    Consider a function, say, cache_malloc() that's similar to malloc(), except that the memory is freed completely at the OS's behest, and that an attempt to access memory so freed results in a new signal, SIGCACHE, instead of a SIGSEGV. Failing to handle SIGCACHE is a core dump (not handling SIGCACHE is certainly a bug).

    Use case: As firefox moves to load a new page, it cache_malloc()s space for the previous page, then copies the page's data into that fresh memory. Then, when it wants to load this previous page, it sets a signal handler for SIGCACHE that falls back to loading the page from disk or directly from the server, then attempts to access the cache_malloc()'d memory. If the read succeeds, it copies in the data from the page and uses it. If it gets a SIGCACHE, the signal handler kicks in. Either way, the correct page is displayed, and if the memory happened to be there, Firefox didn't need to touch the disk.

    The only issue I see is race conditions (OS freeing the memory right in the middle of a cache read, etc), but we already have ways of dealing with that (and even then, with careful memory management you could deal with an unexpected SIGCACHE in the middle of a cache read).



  • @snover said:

     @joelkatz said:

    CryptGenRandom

    I am curious why people keep commenting that Mozilla should use CryptGenRandom when they still are supporting Windows 2000 and Windows XP pre-SP3, both of which have known weaknesses in their CryptGenRandom implementation. (“A buffer overflow attack or a similar attack can be used to learn a single state of the generator, which can then be used to predict all random values, such as SSL keys, used by a process in all its past and future operation.”)

    Four reasons:

    1) That vulnerability has minimal applicability to FireFox. FireFox is not really that concerned with protecting you from other processes on the same box. (Which could just as well push the browser itself around.)

    2) NSS uses an entropy pool that cannot be harmed by additional entropy sources, even if they are compromised. Additional entropy can only improve security. This is a key design aspect of its PRNG, and if it's not reliable, then NSS itself is not reliable. (In other words, there is no way it could make things worse and many ways it could make things better.)

    3)  The workarounds used by both NSS and OpenSSL have created many more problems than using CryptGenRandom could ever have caused, including long startup delays in both NSS and OpenSSL for a variety of different reason.

    4) The other choices used are demonstrably inferior. For example, using the contents of temporary files has the same problems old implementations of CryptGenRandom did -- it's available to any other process on the box too.

    Of course, your response would be 100% correct if someone suggested ditching NSS's entropy pool entirely and using the raw random data from CryptGenRandom as key or seed material directly. That would be a mistake for at least the reasons you mentioned.


Log in to reply