Firefox Lorentz Keeps Plugin Crashes Under Control 115
pastababa writes "A beta of the Firefox Lorentz project is now available for download and public testing. Eming reports Firefox 'Lorentz' provides uninterrupted browsing for Windows and Linux users when there is a crash in plugins. Plugins run in a separate process from the browser. If a plugin crashes it will not crash the browser, and unresponsive plugins are automatically restarted. The process-isolation feature has been in Google's Chrome from the beginning. Chrome sandboxes individual tabs, and the crash of one tab does not affect the running of the rest of Chrome browser. Firefox currently isolates only Adobe Flash, Apple Quicktime, and Microsoft Silverlight, but will eventually isolate all plugins running on a page. Mozilla encourages users to test Firefox 'Lorentz' on their favorite websites. Users who install Firefox 'Lorentz' will eventually be automatically updated to a future version of Firefox 3.6 in which this feature is included."
Comment removed (Score:4, Interesting)
Only as a side effect of being 32-bit (Score:5, Interesting)
No, this has not been the normal plugin architecture. When Linux moved to 64-bit, firefox was ported to 64-bit but all of the proprietary plugins were still 32-bit. The solution to this problem was to create nspluginwrapper which would run the apps in a separate process. It had some bugs of it's own, wasn't always reliable about letting you restart crashed plugins, and has itself crashed the browser on me, but it largely prevented plugins from crashing the browser as a side effect.
Older 32-bit versions of firefox on linux, and all versions on windows did not have this capability.
Re: (Score:2)
Gnash has 64 bit version that doesn't use nspluginwrapper, and Flash has a 64 bit alpha (that works rather well).
Re: (Score:2, Informative)
Firefox plugins have been able to "voluntarily" use a subprocess for most activities for a long time - going back to netscape! They just need to, well, fork and exec a subprocess to do whatever they're doing. X11 even allows different processes to directly control subwindows as a design feature, though the subprocess could also talk back to the in-process segment of the plugin.
However, initially for performance reasons and later when that became a realtive nonissue apparently just due to laziness (and pro
Oblig. Futurama (Score:2)
Fixit!Fixit!Fixit!Fixit!Fixit!Fixit!Fixit!Fixit!Fixit!
Fixit!Fixit!
---
System response: Your comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition.
"I'm sorry, whaaa?"
"Good news, everyone! I violated the 'postercomment' compression filter! Wheeee!"
Another oblig. Futurama (Score:2)
Jam a bastard in it, you crap!
Re: (Score:1)
Does this also keep Slashdot's 503 errors when trying to login under control?
Re: (Score:1, Informative)
Re: (Score:3, Insightful)
Re: (Score:2)
That's never happened to me on Slashdot - but it has happened elsewhere. I like to discuss or argue politics. Voicing a non-liberal opinion gets you banned on many liberal news sites.
Funny - the manics over at Fox just call me nasty things, tell me I'm a moron, then go their way. I've never been banned on a conservative, or even a neocon news site. Damn, I hate fascists.
Anyway - don't feel lonely. Stupid shit happens to other people too.
Re: (Score:3, Interesting)
I agree, my browser is already stable enough (all things considered). I wish there was a way to prevent flash from trashing 100% of my cpu for a stupid game.
Re: (Score:3, Informative)
Re: (Score:2)
HAHAHAHAHAHAHAHA
I installed PCBSD not long ago. That motherfucker can't keep Firefox or anything else that uses Gtk running for more than 10 minutes at a time, right out of the box. It's swell.
Re: (Score:1)
There already is, run FreeBSD. After all something can't crash that isn't available.
I'd think it'd be easier to just uninstall Flash on his current system...
This is all fine and dandy, (Score:5, Insightful)
but can it be extended so that plugins are not only run in their separate processes, but separate SELinux sandboxes as well?
Re:This is all fine and dandy, (Score:5, Funny)
I'd prefer they run on a separate machine. Someone else's machine in fact.
Re: (Score:2)
Re: (Score:2)
As funny as it may be, it's actually possible with X and XEmbed. Even though X haters have been screaming for years that network transparency needs to go.
Re:This is all fine and dandy, (Score:4, Insightful)
[quote]Even though X haters have been screaming for years that network transparency needs to go.[/quote]
Largely because they do not realise how useful it can be...
Sorry, X11 ain't all that... (Score:2)
Largely because they do not realise how useful it can be...
As someone who uses remote X regularly, I think the above is a really odd thing to say about a GUI.
Windows and Mac graphics have had network transparency for a while, but anyone using them who wants to explore in that direction can do so by clicking on icons with a mouse. This disparity is a reason why people like me hate the typical X11+whatever subsystem stacks: OS features (including features of the GUI subsystem itself) are seldom discoverable when using that self same GUI.
If I were the Xorg devs, I wou
Re: (Score:2)
Technically, you don't even need XEmbed, it's all in the core protocol. When you use Flash on FreeBSD, you do something similar. You run the Flash plugin in nspluginwrapper. This, in turn, runs in the Linux ABI compatibility layer, but communicates with the same X display as your native browser. The communication, I think, happens via pipes, but it could easily happen via sockets or even through the X server via event notifications.
There are lots of things wrong with X, and I'd love it if someone would
Re: (Score:2)
That way you can use one browser instance for your banking (and whatever weird plugins, user agent etc your bank requires), another browser instance for facebook, one for "usual sites", and one for "default" (which is what opens when you accidentally click on email links).
Then you adjust your sandbox/risk exposure for a category of sites, not just plugins.
Re: (Score:2, Insightful)
Well, why not just create two user accounts for your girlfriend and yourself respectively? That makes almost everything easier. Heck, you can even run them concurrently.
Re: (Score:2)
I find it a bit strange that firefox doesn't allow you to run different instances concurrently.
Re: (Score:2)
Start all subsequent instances, preferably with different profiles, with the --no-remote switch.
Re: (Score:1)
Problem with that is Advertising and other things that you get you directed to nasty sites, when in a 'more trusted site' security context.
Your bank probably includes links or items imported inline from other websites. One of those sites might be less trusted or more prone to attack.
It also does nothing for your compromised Bank A site using XSRF/CSRF techniques against your browser to compromise your details with Bank B in your 'bank security' context.
Re: (Score:1, Funny)
With all the rage about cloud computing they should make the plugins run on the web.
Re: (Score:2, Interesting)
We are working on that.
https://wiki.mozilla.org/Plugins:PlatformIndependentNPAPI
It will require the plugins to be re-written to not use any system APIs but here is work on that as well.
Re: (Score:1)
if they are in a separate process, they can be using a different selinux domain.
in fact, I'm already doing this with RSBAC (similar to SeLinux) with the preversions of this "lorentz" since a while.
Have been doing it using nspluginwrapper before.
Basically all plugins using the process separation have the separate role/domain (albeit same one) (so, plugins have 1 role/domain, browser another)
Re: (Score:1)
Thanks for the search keyword provided in your post. Haven't paid attention to RSBAC which seems worth knowing.
This is all fine and dandy, (Score:2)
Will this completely prevent all crashes? (Score:4, Informative)
Re: (Score:3, Informative)
If you see the same problems in a development Firefox build, please file a bug report against Core::Plugins at bugzilla.mozilla.org. We'd love to figure out what's wrong and fix it.
Re: (Score:2)
Are you mad? It has already been tested and confirmed to be stable. If it doesn't work for me at this point, I am a customer who will vote with my feet, meaning I will try something else. "Stable" means it works, and if stable doesn't work, it is not the end user's obligation to fix it. I want stable things that work, not to debug crap that doesn't work. That is not my job, as a
Re: (Score:1)
>>>one flash-heavy site I know delivers a lot of streaming video and absolutely will crash either Firefox or Chrome in linux
Which site is it? I'd like to try it myself to see if it does the same for me.
.
>>>(I use Mint, mainly)
Just curious - Why would I choose to use Mint Linux instead of, say, Fedora Linux?
Re: (Score:1)
[...] one flash-heavy site I know [...]
Never heard of it.
Nice... but why (Score:1)
Re: (Score:3, Informative)
About time (Score:1)
Re: (Score:2, Insightful)
We've known about plugin crashiness for a long time. We're just now going multi-process for this?
Translating that to FOSS speak: We've known about plugin crashiness for a long time. This problem would never be fixed if it was up to me to fix it.
Re: (Score:3, Informative)
Using it now (Score:4, Insightful)
Re:Using it now (Score:5, Informative)
Re: (Score:2)
Never mind that, as the OP hints if the plugin is crashing because something in its input is causing it to barf the last thing you want is to just restart it with the same input; chances are it'll just barf again...
No restart on plugin installtion/update? (Score:5, Interesting)
Does this mean that, when "Lorentz" covers all plugins, we can install and update plugins without having to restart Firefox?
That would be a worthwhile feature. It's annoying having to restart the browser for any plugin changes.
Re: (Score:3, Informative)
Re: (Score:1)
Hey, at least it's not Internet Explorer where changing a plugin can result in restarting the OS!
***bad-dump-ting***
Thank you, and tip your waitress!
Re: (Score:3, Interesting)
Ah yeah, that is one of the most irritating things I hate on firefox. Why would I have to restart the web browser after installing an extension like scrapbook? this is from the people who whined that you have to restart Windows for any reason...
What I would really like is an "extension profiler", that is, a program that let you check exact statistics of resources used by the different Firefox extensions. This way you could see which is the extension that is taking more memory or time and it may be a good to
Re:No restart on plugin installtion/update? (Score:4, Informative)
Plugins are not extensions.
Re: (Score:2)
Yay! (Score:2)
I crash Firefox several times a day right now. I leave it running all day and when I come back to the machine it's toast 9 times out of 10. I think it's a combination of Flash! and Java but other things seem to take it out too. I finally got pissed and found out more about how to look at the Firefox bug reports and am slowly trying to add more info to the ones that plague me! this one https://bugzilla.mozilla.org/show_bug.cgi?id=537630 [mozilla.org] is a bitch for instance. If you want to see yours put this in the addres
Re: (Score:3, Funny)
I think it's a combination of Flash! and Java but other things seem to take it out too.
Did Yahoo! buy out Flash while I wasn't looking?
Re: (Score:2)
So much for that - got up this morning and Firefox was toast again. No troubleshooting info available for them to dissect either which has been happening more and more often. I can say I was able to watch more video on Break and YouTube than I'd been able to watch in the past without issue so for that I'm happy. We'll see... Sadly IE is rock stable for me but I think if I pushed it nearly as hard as I do FF it too would fail - it has in the past.
Plugins, not extensions! (Score:4, Informative)
Firefox currently isolate [sic] only Adobe Flash, Apple Quicktime and Microsoft Silverlight, but will eventually isolate all plugins running on a page.
The quote emphasizes that Lorentz affects only plugins, not extensions, a distinction that seems to be escaping many posters.
I've had flash behave pretty screwily short of crashing, so this might be nicer if it included a mechanism to manually stop & restart plugins. Perhaps it will expose API allowing other add-ons to do so.
The plugin that gives me by far the most trouble (on Windows) is Adobe Acrobat Reader. I can already restart that (by killing the process) without crashing firefox.
Re: (Score:3, Informative)
Re: (Score:3, Funny)
The plugin that gives me by far the most trouble (on Windows) is Adobe Acrobat Reader. I can already restart that (by killing the process) without crashing firefox.
There are much better products even on Windows which provide the same functionality as Acrobat Reader. E.g. the built-in Remote Desktop is quite ok these days, and TeamViewer is very nice.
Re: (Score:3, Funny)
Anything is better than running Acrobat Reader, even if it doesn't accomplish the same purpose.
Re: (Score:2)
MATLAB on a ram-constrained windows machine without root, at least for older versions. acroread you ran as you, so you could kill the process, but matlab ran a big chunk as admin which didn't go away. Finding that my memory had been swallowed by matlab made me like acroread, at least for a little while.
Windows and Linux - not Mac (Score:3, Informative)
There appears to be a download for Mac available right at the same link - but from the FAQ:
2. Why aren't multi-process plugins available on Mac?
Mozilla is working on making multi-process plugins available on Mac. Because of architectural differences, the code is not ready for beta testing.
Why processes and not threads? (Score:2, Interesting)
Can anyone please explain to me why there's a need for completely new processes, as opposed to using threads?
I'm curious as to what's the difference, and where the thread mechanism "fails" here.
Re:Why processes and not threads? (Score:5, Informative)
Re: (Score:3, Informative)
yeah that's also why chrome uses so much memory, and also, processes are be nature slightly slower to communicate since you can't just lock and access the memory. In practice however its peanuts, and on Linux its pretty much just as good.
anyways, using subprocesses for plugins makes complete sense. using them for tabs etc are just a way to work around the browser's instability. Rather have quick threads and non buggy code, than people just thinking a plugin went wrong while really, the browser is at fault.
What about resource usage (Score:3, Interesting)
Crashes are a hassle for sure, but if you're lucky and don't have an unstable plugin installed, you rarely crash. What I tend to see is runaway memory and CPU usage that forces me to close the browser and start again.
Re: (Score:2)
Has nobody attached a profiler and just let it go until this happens? Is it really that hard to find the cause?
Re: (Score:2)
Chrome's stability is oversold (Score:3, Informative)
I'm using it now and I like it, but Chrome is not stable for me.
It's problem is that it gets "stuck" in flash in such a way that nothing on my system can use the sound card.
I can kill off all the tabs but there's still a chrome process running and until I kill that manually I can't play any music.
I find this an incredible nuisance. Firefox has the same problem but when I kill it it's gone - no processes left behind.
Chrome sandboxing (Score:3, Funny)
> Chrome sandboxes individual tabs, crashes of one tab does not affect the running of the rest of Chrome browser.
Will Chrome also restart sentences in the event of comma splices?
Re: (Score:2)
You pick up on a slightly misdirected interpunctuation (semicolon or even a colon would have been fine) but ignore the glaring grammar errors?
Re: (Score:2)
> You pick up on a slightly misdirected interpunctuation (semicolon or even a colon would have been fine) but ignore the glaring grammar errors?
Not so much "ignore" as "refrain from correcting in disgust". I'm only dedicated to drive-by snark to a point.
Automatic update? (Score:1)
Well, I would gladly test this. But "automatically updated to a future version of Firefox 3.6"? I normally wait about a week for my critical extensions to catch up to a new release. Potentially a week without Tab Mix Plus? No thanks.
Will this completely prevent all crashes? Not now. (Score:3, Informative)
Been running nightly 64-bit Firefox, automatically updated. I guess I got Lorentz a couple of nights ago, not sure when because I was traveling.
Now no Flash instances run, they take 30 seconds or more to "initialize" before they crash, and the entire Lorentz-enabled Firefox browser crashed on me once. It just suddenly and unexpectedly disappeared. It's been a year or more since Firefox crashed on me.
So at this point there are lots of bugs to shake out. Going back to vanilla 3.6.3 for the time being.
Re: (Score:1)
Re: (Score:2, Informative)
Eh?
Chrome sailed past 1.0 (on Windows) years ago. Look for the word "beta" in the About dialog (or anywhere else); you won't find it.
Even on Linux and MacOS, it's going to be released as a stable in a couple of weeks, and even that distinction is mostly a formality. And they haven't used the word "beta" in over six months, either (and are also in-step with the version numbering used for Windows builds).
Re: (Score:1, Insightful)
Point taken. They have sailed past 1.0 and, as far as I know, are up to v5.0. But look at:
http://www.google.com/chrome [google.com] and you'll see in capital letters (upper-right) that its definitely still in beta.
My point is, until Google itself thinks Chrome is ready-to-go, why should I?
Re: (Score:1, Interesting)
I have a dream that one day even on Slashdot, a site sweltering with the heat of trolls, sweltering with the heat of flame wars, will be transformed into an oasis of rationality and logic.
have a dream that software will one day exist in a world where it will not be judged by the version number or release status, but by the functionality it presents to the user.
I have a dream today!
Re: (Score:2)
Your dream is still in alpha status, therefore I will not roll it into my currently stable worldview. I will wait for release status before accepting it.
Re: (Score:1, Informative)
That's for linux version and mac which development started much later. On the windows download, beta doesn't appear unless except for the beta builds (dev versions). I'm pretty sure google redirects you on initial page load to the platform your browser says it is on. So yeah, for google, chrome is does have what they consider a stable release at least in the windows platform.
Re: (Score:1, Funny)
They have sailed past 1.0 and, as far as I know, are up to v5.0.
It's clear they're trying to pseudo-legitimately get the highest version-numbered browser in existence, so they can have people going "Look ma, Microsoft has the Internet 9!" "Pshaw pa, Google's got the Internet 15!".
Re: (Score:3, Insightful)
The "beta" label has pretty much died. In Google-ese "beta" means a normal release, and when they hit the "1.0" and finally take of the beta tag, it pretty much means nothing.
Have you been able to tell the difference between the beta of Gmail, and the full on release? I haven't.
Now if you said this about the "dev channel", or Chromium daily, you would have a point. Though even being at "full-on release" status doesn't mean much, how often does Firefox update, and push bug patches, even at release status?