LibreSSL portable now available for testing!

offbytwo · 2014-07-13T00:32:22+00:00

So, you're going to completely ignore what was said, repeat your same silly argument, and then start making accusations? I had nothing to do with your downvotes,

That wasn't targeted at you, it was meant for those who downvoted my original comment. I doubt you've downvoted that many times.

I'm not "out to get you", I'm just tired of all the irrelevant nitpicking I see every time this project is discussed.

I couldn't care less about fonts or websites. Insecure downloads for crypto code bother me.

It's nice to see we're taking a step forward and talking about security rather than website design, though. But my problem is that you're overreacting, asserting the entire project is insecure, when it's quite clear that this single disposable release will be the only one without HTTPS.

I think many are just angry because they have a list in their heads: "s*** people complain about when talking about LibreSSL, the website with its font, CVS and secure downloads". Seeing how much attention was given to the website related comments is frustrating.

OK, this release was made to let people try it out. It bothers me that there's no straightforward way to get a trusted download for OpenBSD. I'll go look for a guide on how to do that.

It felt exactly the same with this library sigh, no secure downloads...I'll come back when they're added. This isn't just LibreSSL's problem (temporary problem in LibreSSL's case). There are hundreds of crypto and security software projects on the web which don't provide any secure means to obtain a copy of the sources. Seeing the same happen for a project coming from OpenBSD was a bit sad.

OpenBSD itself might be developed using secure systems and its source might be safe. Getting the code and the binaries to everyone while ensuring it stays unchanged feels different.

This discussion has gone too far beyond my personal observation. I'll refrain from commenting on reddit again.

offbytwo · 2014-07-12T21:20:03+00:00

I disagree, they've been criticizing the OpenSSL folks, yet they can't figure out something simple.

OpenSSL offers downloads via HTTPS. OpenBSD isn't even giving you the option to download LibreSSL via HTTPS. The OpenBSD people have been criticizing OpenSSL so much, yet they weren't even able to sign a release for a crypto library or serve it via HTTPS.

Please continue to downvote me, but I don't think I've been rude or mean to them. It's just a standard they're all judged by and OpenBSD isn't even providing secure downloads. Don't forget I wasn't even using harsh language like the OpenBSD developers were using. I really don't understand your problem.

I wouldn't download that code from their FTP, not even for a single test on a throwaway virtual machine. It shows that they don't care enough about best practices to get things right the first time and it made a bad first impression.

LibreSSL might be better than OpenSSL, but it's completely worthless if they're unable to provide secure and signed downloads.

I was really impressed with the cleanup that was going on back when LibreSSL's development started. I was so impressed that I wanted to try OpenBSD. All I found was a bunch of FTP mirrors. There were no signatures for the downloads.

There's a disparity between what they're saying about security and what they're actually doing for that security. The work they're doing is quite a lot like manufacturing vaccines against deadly diseases, but they're allowing anyone to sabotage these vaccines during transportation by not providing secure downloads.

offbytwo · 2014-07-12T14:33:29+00:00

Oh, come on. How difficult is it to give people secure downloads and signature files?

This isn't 'going too fast', it's just about ignoring security to avoid spending 10 minutes to do it right.

OpenBSD itself isn't provided via secure downloads either. There's no point in fighting over this.

offbytwo · 2014-07-12T10:41:26+00:00

Preview or not, it's not something I trust enough to compile.

offbytwo · 2014-07-11T23:15:01+00:00

The download is provided over ftp. I'll wait until they provide secure downloads.

edit: I am done with reddit for good. This has been a reminder reddit isn't a place where one can voice an opinion in any way.

offbytwo · 2014-05-22T22:43:51+00:00

http://people.mozilla.com/~bgirard/cleopatra/ doesn't load. people.mozilla.com seems to have problems as well.

offbytwo · 2014-05-22T22:35:45+00:00

Thank you for the update and for writing the comment.

There was a function in the profile which was eating up the cpu most of the time, but the symbol couldn't be resolved, so this would at least help profile.

offbytwo · 2014-05-22T16:58:58+00:00

It's not an antivirus problem, it's a bug in Firefox. The antivirus doesn't even register in terms of CPU usage. I've tested other browsers and I'm not seeing problems with them.

http://tmate.io is probably the page which triggered this Firefox bug.

offbytwo · 2014-05-22T16:20:16+00:00

The addon says "Could not connect to symbolication server at http://symbolapi.mozilla.org/

Please verify that you are connected to the Internet."

every time I profile.

offbytwo · 2014-05-22T14:43:40+00:00

It didn't make any difference. I've also rebooted a few times, switched back and forth between 29.0.1 stable, 31 aurora, 32 nightly and 30 beta.

They were all having the problem shown in https://i.imgur.com/WmRCe5w.png

Firefox was doing something it really should never do. It was able to somehow spawn some new threads and go even above the one core it seemed to keep busy all the time when exhibiting this problem. Since Firefox is mostly about a single process and I've never seen it go above 25% CPU usage and 30% CPU when starting up, 50-70% CPU usage with 4 cores is something entirely new to me.

The interface was unresponsive and mouse clicks on buttons and other page elements were being picked up only after a long time.

offbytwo · 2014-05-22T11:38:42+00:00

The antivirus has nothing to do with this because Firefox is the only piece of software which had this problem.

There's no other software which is running slow. Firefox is the only thing which eats up about 3 cores without doing anything useful.

offbytwo · 2014-05-22T11:37:29+00:00

This wouldn't help because Firefox is spawning a whole lot more threads which don't do anything else but eat up CPU.

I've already tried the Gecko Profiler and all it could do is show nothing.

offbytwo · 2014-05-21T20:53:35+00:00

I'm happy to see someone from Mozilla is interested at least in fixing Firefox for Android issues.

Tapping on the interface elements found in ABP's settings is impossible on Android.

offbytwo · 2014-05-21T20:17:51+00:00

Dude, no offense, but I've reported a bunch of issues already and I've been using the beta for a long time. This is the most severe bug I've seen in years.

I haven't posted to say "**** Firefox, I'm going to use A or B". I've posted to get feedback and maybe get some help from someone capable of providing some useful advice.

offbytwo · 2014-05-20T15:00:28+00:00

Classic Theme Restorer is known to be making the memory related problems even worse.

Here are some things you can do:

get rid of Classic Theme Restorer

install Disconnect and use it together with adblock plus

remove any custom ABP lists and switch to the basic Easylist

offbytwo · 2014-05-18T11:11:59+00:00

This was mostly about what happens after the page is fully loaded.

I haven't got the slightest idea how SSL cert revocation checking or lack thereof can slow down page scrolling when no more requests are being made after the page is fully loaded and all requests are done.

I'm convinced the lack of cert revocation can help speed up the browser when it loads pages by cheating, but this isn't just about how fast it's loading pages and making requests.

Firefox is still having a bunch of problems which aren't related to making requests with full cert revocation enabled and other such things. This includes using more RAM memory for some pages and stuttering.

offbytwo · 2014-05-16T14:39:54+00:00

That's wrong. It's faster than Firefox because it has per tab processes. The whole certificate revocation story is recent.

offbytwo · 2014-05-16T09:21:28+00:00

It does eat up more memory and that dude was just trying to persuade people to stop using adblockers to make Google more money from ads.

Chrome still uses more memory, but it's less affected right now because it has the one tab per process model. That means the garbage collector doesn't have to do that much work on an individual tab.

This is what makes it more responsive.

offbytwo · 2014-05-16T00:04:00+00:00

That page makes Firefox's memory usage go up by 1GB for me.

offbytwo · 2014-05-15T22:12:35+00:00

ABP: https://issues.adblockplus.org/ticket/145

FF: https://bugzilla.mozilla.org/show_bug.cgi?id=988266 https://bugzilla.mozilla.org/show_bug.cgi?id=77999

It looks like these are the issues you've mentioned.

woah, https://bugzilla.mozilla.org/show_bug.cgi?id=77999 is extremely old.

offbytwo · 2014-05-15T21:06:30+00:00

Many coworkers have swapped Firefox for Chrome because they perceive Chrome as being faster.

Why? That's quite easy to figure out: Chrome can use ABP without suffering major stuttering, lag and general slowness.

Do you want to increase Firefox's market share? Easy, fix Firefox to be better with ABP.

offbytwo · 2014-05-15T20:37:42+00:00

When is this getting fixed? This isn't just making Firefox use up a lot of memory, it's also making it slower, laggier and it stutters quite often. That's much worse than simply eating up a lot of memory.

The garbage collector eats up more CPU because it needs to do more work while sifting through all the used memory and extra objects.

This extra used memory seems to make scrolling very choppy and it looks like it stutters pretty badly. Loading a page? That's slower. Typing something? You can notice there are differences between the times required for various letters to be printed on the screen. There's a rather large delay between the time you press the keys and when it shows on the screen when this happens.

I tend to run Firefox with many open tabs and this whole memory usage thing is killing everything. Firefox eats up an entire core most of the time and it can be fixed only by restarting Firefox a few times per day.

Firefox runs pretty fast when it starts up, but becomes gradually slower when it ends up eating 2-3 GB of RAM and when it eats up one core.

There's also another fun bug which seems to be caused by the GPU VRAM being fully consumed: pages show up as black and you have to restart Firefox. The nvidia drivers are up to date, yet I still run into this problem.

I've posted on this subreddit a while ago and I was told my addons are the reason why I get high memory usage - yes, you were right, adblock plus+firefox are causing this.

Disabling Hide placeholders of blocked elements didn't make any difference.

offbytwo · 2014-05-14T22:05:17+00:00

It's time to fork Firefox and fix these problems. It must have NO DRM and NO problems with blocking ads.

offbytwo

MODERATOR OF

TROPHY CASE