
Follow-up on the 'Firefox v3.5 fiasco' - soundsop
http://weblogs.asp.net/fbouma/archive/2009/07/11/follow-up-on-the-firefox-v3-5-fiasco.aspx
======
blasdel
<https://bugzilla.mozilla.org/show_bug.cgi?id=501605#c121>

They're not removing the stupid tmp-walker, just keeping it from being called
on XP (most of the time, maybe?)

They seem to be deluded that it's _super important_ to get more entropy than
everyone else (TCP, IE, etc.) on Win2k and WinCE.

~~~
rbanffy
Actually they are keeping it as a plan-B for older releases of Windows that
can't generate good random numbers.

Keep in mind there is no IE 7 or 8 for Win2K. They should be praised for
supporting those users.

~~~
blasdel
If the default entropy source on those platforms was actually inadequate in
any way, it would have the everliving fuck exploited out of it, at levels far
below their product. Nobody gives a shit about HTTPS seed quality if the
entire TCP stack is compromised!

They should be excoriated for delivering a massive (and pointless) performance
regression to their users with the slowest computers. Every time they pull
shit like this, it just means that fewer users will upgrade, not just now but
in the future.

~~~
tptacek
It's actually the opposite; you use TLS exactly because you're not supposed to
trust the TCP stack.

But your basic point holds. There's lots of Win2k deployed in sensitive
production locations, and if they didn't have secure random numbers, we'd have
bigger problems than Firefox.

~~~
swolchok
I thought I used TLS because I didn't want my sensitive data going over the
wire in plaintext.

------
vinutheraj
Here's some info from -
<https://bugzilla.mozilla.org/show_bug.cgi?id=501605#c98>

_Here's the results of cold start time; the average of at least 3 tests.
Windows XP SP3, Pentium4 2.8G, 1.5G memory

Firefox 3.5 : 34.3 sec Build 1 (file scan completely disabled) : 19.7 sec
Build 2 (CSIDL_INTENET_CACHE disabled) : 20.0 sec Build 3
(CSIDL_COMPUTERSNEARME disabled) : 19.7 sec

As you can see, your builds are faster than 3.5, and I guess the difference
between builds is the measurement deviation. Both 3.5 and each builds can warm
start within 1 or 2 secs. There's no significant impact with antivirus on/off
on my side. (Avast! 4.8) Hope this helps._

Even without file scanning it takes around 20 secs !!

~~~
halo
...for a 6 year old PC.

~~~
Tuna-Fish
On my 5-year old pc, ff 3.5 boots from cold cache in ~4 seconds.

During those 4 seconds, the machine is capable of: Executing more than 8
billion instructions. Reading sequentially trough more than 20 gigabytes of
memory. Reading more than 240 megabytes from disk.

If pretty much anything takes more than 10 seconds to load on any hardware
even approaching modern, it means it was written badly.

~~~
barrkel
On a machine that's not constantly being defragged, temporary files will be
spread out all over the place. No way can you read 240 MB of fragmented files
in 4 seconds after a cold boot. Simply not possible on consumer-level magnetic
spindle media.

~~~
derefr
> On a machine that's not constantly being defragged

Windows _does_ "constantly defrag" in the background.

~~~
derefr
I'm really not sure why I'm being downmodded. "Constantly defragging in the
background" is exactly the meaning of the option that you can see listed in
XP's TweakUI, labelled "optimize hard disk when idle."

~~~
FooBarWidget
So it's disabled by default?

~~~
derefr
No, it's enabled; in XP at least, TweakUI is the only place you can go to
_dis_ able it (besides, perhaps, some Group Policy setting).

~~~
rbanffy
Well... Looking into my disk and how badly it fragments, I see Windows is
doing a lousy job.

------
tokenadult
"It's all too easy to simply close the eyes and ignore problems reported by
perhaps a minority of the users by cooking up excuses for not dealing with
them, but that's not the solution: the problems won't go away by ignoring
them, the vocal minority might actually be representing a big non-vocal group
or worse: a big non-vocal groups of ex-users."

This point about usability generalizes very well and applies to many more
software design issues than the issue at hand.

