[HN Gopher] Microsoft fixes 5-year-old Defender bug, reducing Fi... ___________________________________________________________________ Microsoft fixes 5-year-old Defender bug, reducing Firefox-related CPU use by 75% Author : ylere Score : 780 points Date : 2023-04-10 12:58 UTC (10 hours ago) (HTM) web link (bugzilla.mozilla.org) (TXT) w3m dump (bugzilla.mozilla.org) | nabakin wrote: | Firefox-related CPU use is only reduced by 75% when this bug is | caused. NOT in the general case as this title implies | yarg wrote: | That's actually fairly clear in the title - the second clause | depends upon the first. | nabakin wrote: | Then why are comments assuming a large decrease in power | consumption? | jldl805 wrote: | Because the bug is a frequent occurrence and the increased | CPU usage is frequently noticeable? | gtop3 wrote: | I would like anyone that considers Microsoft to be a recent | champion of Open Source to reflect on corporate doublespeak. It's | plausible that this bug was engineered as an attack on Firefox. | maccard wrote: | Have you any semblance of proof of this? | | By the looks of it took Firefox a few years to figure out what | the repro was, they reported it to MS, it was (very) promptly | fixed and they were warned that the syscall they were using | isn't being used as intended and they should consider changes | to FF for future use cases. | JustSomeNobody wrote: | >> It's plausible that this bug was engineered as an attack | on Firefox. | | > Have you any semblance of proof of this? | | Does it _need_ proof? Someone can make a statement like this | solely based upon past behavior. They 're merely stating that | it is _plausible_. | gtop3 wrote: | I don't have proof. I'm presenting a theory based on | circumstantial evidence. I think it says just as much to | reject a theory without proof as it does to present a theory | without proof. Let me break down the context in which I make | put forward my theory. | | * Corporate doublespeak is a well documented tactic in which | a business will project a message when the truth is the | opposite of the message. Sometimes they use euphemisms, | ambiguity, or omissions. I am stating that we cannot take | Microsoft's press releases about being Open Source friendly | at face value. | | * Five years ago Edge was rebuilt with a chromium backend and | Microsoft had a large campaign to increase adoption of Edge. | | * Reduced Firefox performance would make Edge compare more | favorably. This error was clearly in Microsoft's favor. | | * It is common for companies that own a platform to create | advantages for their applications running on the platform. | | * Microsoft has a long history in the browser wars, | highlighted by an antitrust lawsuit in the late 90s. Their | anticompetitive behavior regarding browsers was a key part of | the lawsuit. | xutopia wrote: | I've lived through the browser wars and I can tell you that | this would not surprise me one bit. | maccard wrote: | There's a difference between something not surprising you | and a wild, totally baseless accusation. Ill happily eat my | words if there is a shred of proof, but right now it's | "company fixes old bug when it was reported to them" | mrb wrote: | It's the AV that was calling TdhFormatProperty(), not FF. The | problem was mostly on the AV side, not FF. FF itself was | generating many events due to too many VirtualProtect() calls | which in itself was only a smaller part of the problem. | DonHopkins wrote: | If Microsoft were so good at software engineering that they | could pull off such an attack on Firefox, then maybe they do | deserve to have a monopoly. /s | vntok wrote: | What a weird take. If this bug was engineered as an attack on | Firefox, then it seems like the project has been infiltrated by | bad actors, because the bug comes from Firefox's codebase. | Indeed, the developers themselves contradict your comment in | the linked bug conversation: | | > This problem has two sides: Microsoft was doing a lot of | useless computations upon each event; and we are generating a | lot of events. The combination is explosive. Now that Microsoft | has done their part of the job (comment 82), we need to reduce | our dependency to VirtualProtect. | | (https://bugzilla.mozilla.org/show_bug.cgi?id=1441918#c90) | | Compare how many calls other browsers make (this is also quoted | in the link): Firefox was generating up to 46 times more | (costly) events than Chrome. It is a bit ludicrous to shame | Microsoft for the whole situation. | | > Firefox with normal configuration: ~14000 events, 98% of | which are PROTECTVM_LOCAL; | | > Firefox with the preferences from comment 83: ~6500 events, | 95% of which are PROTECTVM_LOCAL; | | > Edge: ~2000 events, 91% of which are ALLOCVM_LOCAL; | | > Chrome: ~300 events. | DoctorOW wrote: | Devils advocate, why then did they fix it? | mistrial9 wrote: | slow walk.. or.. in comparison, have you contacted your local | city government to fix obvious holes in the road recently? | Around here, a two-year wait time to fix it is common. | justinclift wrote: | Because it became public knowledge that it was happening? | stalfosknight wrote: | Do we have to assume negative intent every time something like | this happens? | agloe_dreams wrote: | Well no, but I also would question the inverse. Holding | accountable companies that gain from possibly bad actions and | asking the questions is helpful. | | See: Microsoft's Supreme court case over their preference for | IE and forced monopoly. While Microsoft 'won' the case, the | outcomes were exactly what the case feared but "convenient" | political climate helped them avoid travelling back to court | of course. Microsoft took extreme steps to avoid being broken | up in the 1990s however and it's arguable that one of their | political mitigation methods, investing in Apple, actually | had worse effects on them. (Prior to the iPhone in 2007, it | was assumed that RIM and Microsoft would be the big two | players in the smartphone space, Apple and Google have | basically become the big two players in the Computing space | mindshare) | | https://en.wikipedia.org/wiki/United_States_v._Microsoft_Cor. | ... | uoaei wrote: | We should at least be aware of it as an option. Many call | this "healthy skepticism". It becomes unhealthy when you veer | into blind optimism/pessimism/cynicism. | princevegeta89 wrote: | Very interesting point. They might have had the intentions of | pushing everyone to use Edge, and it is not surprising after | their so many consistent nags and misleading messages to think | its the "better" browser compared to anything else. | chaostheory wrote: | This is a relic of Bill's tenor. Satya is different in good | way. | markphip wrote: | It is amusing that anyone thinks a company with > 200K | employees and probably 10K products is organized enough for | something like this. | naremu wrote: | Inaction is a pretty low "bandwidth" form of action, and can | sometimes produce the results you're looking for just as | well, if not more effectively. | | Microsoft has a storied history of anti-competitive views | leaking to public eyes/ears, something like this is quite | literally a matter of _not_ organizing anyone. | garbagecoder wrote: | The WWEification of every discourse is the worst thing about | $current-year | echelon wrote: | Why would Microsoft attack Firefox specifically and not Chrome? | Chrome is the bigger threat to their business. Firefox has | become almost too small to care about - little revenue, small | browser market share. | agloe_dreams wrote: | There's an argument that Microsoft's Edge use of Chromium and | then the Surface Duo would cause 'don't bite the hand that | feeds you" problems. Not agreeing with OP, but it would make | sense. | babypuncher wrote: | This seems incredibly unlikely and overly cynical just for the | sake of being cynical. | layer8 wrote: | Never attribute to malice... | alpaca128 wrote: | Nowadays a lot of malicious acts are intentionally disguised | as stupidity and incompetence. Not necessarily in this case, | but that quote really is showing its age. | Animats wrote: | How fast would this have been fixed if was Microsoft Edge that | was wasting CPU time? | jahsome wrote: | Depends on how fast google patched it. | jiggawatts wrote: | Looks like there's more work left to do to catch up to Chrome: | https://bugzilla.mozilla.org/show_bug.cgi?id=1823634 | | That bug is more subtle. Apparently the various ways to use | VirtualAlloc is not self evident, and some variations have wildly | different performance characteristics due to undocumented | interactions with Event Tracing for Windows (ETW) events that get | sent to anti virus products. | | So it's not _only_ the original problem of the events being | handled inefficiently, it 's also that the way they're generated | is a bit of a black box and hard to predict without detailed | performance tracing work. | subarctic wrote: | When you say reduced by 75%, would that mean, say, going from %40 | to 10% or from 75% to 0%? | chucksmash wrote: | It means the former. | | If you reduced something to zero, you reduced it by 100%. | [deleted] | swamp40 wrote: | Title should be _Microsoft fixes 5-year-old Defender bug which | used up more energy than every Bitcoin ever created._ | dgellow wrote: | > mpengine.dll version 1.1.20200.4 was released on April 4, so | the fix should be available for everybody now. See the end of | comment 91 to know what version you are using. Also, the latest | discoveries in bug 1822650 comment 6 suggest that we can go even | further down in CPU usage, with all antivirus software this time, | not just Windows Defender. | | Really nice to see open collaboration between Mozilla and | Microsoft development teams resulting in a net improvement for | everybody. | hgsgm wrote: | Well, a net improvement for the people who paid Microsoft for | an OS that wasted their energy and wore down their computer | (heat damage) for 5 years. | bornfreddy wrote: | Yes. I mean it took 5 years, but who would count. /s | dan-robertson wrote: | People care about open Firefox bugs much older than that. | Basically any long-lived program will have ancient bugs that | never made it onto someone's todo list. | sicariusnoctis wrote: | For example, it only took 20 years (!!) to stop Ctrl+Q from | quitting Firefox on Linux. :) | | IIRC, a couple of patches did get submitted, but never | accepted for unknown reasons. | crest wrote: | "bug" | tcfunk wrote: | I wonder if this is why Firefox often gets killed when I have | other high-resource apps open? | cronix wrote: | If you're on a Mac and using FF (probably not FF specific), | turning off "ambient mode" in youtube can save 30% cpu. I just | found this out while searching why FF was taking 90% of my cpu | while watching youtube videos in normal mode, but went down to | 40% use if viewing in full screen. Turns out that this youtube | "ambient mode" was the culprit. My lap is now cooler and the fan | doesn't turn on anymore. I wonder how much power I've wasted due | to this new "feature" they added 6 months ago that I didn't know | about. | asvitkine wrote: | To save a search: | | "Ambient mode uses a lighting effect to make watching videos in | Dark theme more immersive, by casting gentle colors from the | video, into your screen's background." | qotgalaxy wrote: | [dead] | bee_rider wrote: | Neat idea, I bet the intern had fun implementing it, why was | it on by default? | tablespoon wrote: | > Neat idea, I bet the intern had fun implementing it, why | was it on by default? | | Total speculation, but Firefox seems to be pushing out a | lot of UI gimmicks. Maybe they're trying to drum up | interest in the browser that way, since they seem intent on | killing many of their other differentiators. | [deleted] | Georgelemental wrote: | This is a YouTube feature, not a Firefox one. | rejectfinite wrote: | I really like it! | | Then again, I am using a real computer and not a toy. | CyanBird wrote: | Because the target audience for the feature is not tech | savvy people but common users whom won't know it exists | until it is shown to them/might be intimidated to delve | onto FF settings | | If you are tech savvy, you are then expected to be able to | "bear the burden" of turning the feature off if it bothers | you | devilbunny wrote: | Hell, I'm tech savvy - not a tech worker, but you'd | better believe that you want me to be your end-user | contact, I know a hell of a lot more than the people I | work with - and I didn't even know this was an option. | I'm not afraid of fixing FF settings, done it plenty of | times. It's on by default. If someone who can install | OpenBSD and make it a router for DSL over PPPoE in 2001 | (side job) doesn't even know it exists and eats cycles | [i.e., a "prosumer", not an expert, but not too far below | a new hire and well beyond the masses), it's a bad idea. | I don't have _time_ to stay up on every way that people | want to eat my electricity. I _do_ know that YouTube | spins up the fan on my iMac with disturbing regularity in | a way that videos from alternative sources do not. So it | 's not the decoding. | oarsinsync wrote: | > might be intimidated to delve onto FF settings | | It's a YouTube setting, not a Firefox setting. | warent wrote: | This seems unnecessarily passive aggressive. Everyone makes | mistakes or bugs, intern or not. It makes no sense to get | this salty about basic human error. Also there's nothing | wrong with implementing minor UX enhancements. | | If anything redirect the frustration to the leadership that | doesn't prioritize fixing these kinds of errors. | TechBro8615 wrote: | It's not unreasonable to hold YouTube devs and QA | engineers to a higher standard than everyone else who | doesn't work for a ~trillion dollar corporation or deploy | code that runs on billions of devices. | wiseowise wrote: | We aren't talking about misaligned element here, you | know. | | There are millions of FF Mac users, it's not unreasonable | to expect YouTube to do some basic testing. Never got any | issues showing ads, though. | alluro2 wrote: | I don't think there's any error to fix. It's a feature - | casting light from the video onto the UI, using JS, | surely takes that amount of CPU. | | The question of why it is on by default stands - because | it's little bit of eye candy, vs people's laptop | batteries, CPU that could have been used to get other | stuff done faster - so also their time, device thermals | etc... I don't think it's just unnecessarily salty to | point out how the choice to turn this on by default | should have been more nuanced and thought through. | tempestn wrote: | How much can websites determine about the power of the | device they're running on? Obviously it'd be a security | issue for them to know too much, but it would be nice to | be able to progressively enhance the experience for more | powerful devices that can handle it, beyond just mobile | vs PC. Even just knowing whether a device was running off | battery power could be useful. | simlevesque wrote: | Here's what's available, requires permissions: | | - BatteryManager.charging | | - BatteryManager.chargingTime | | - BatteryManager.dischargingTime | | - BatteryManager.level | | https://developer.mozilla.org/en- | US/docs/Web/API/BatteryMana... | | https://caniuse.com/?search=BatteryManager | rileyphone wrote: | Isn't available in Firefox though... | lobocinza wrote: | IMO the implementation sucks and the feature is | questionable. Recently I set the browser to dark mode, | which tells YT to also use dark mode, and if I haven't | read here I wouldn't know that this is a toggleable | feature. It's sad when we can't tell a feature and a bug | apart. | Consultant32452 wrote: | Not being able to distinguish between a feature and a bug | is a feature, not a bug. | kortilla wrote: | This is definitely worth getting salty about when you | consider the cumulative electricity wasted for something | so trivial. Google should be strictly monitoring | performance and CPU consumption of their changes on | youtube since a screwup there is the climate change | equivalent of paying for 747s to fly in circles. | bee_rider wrote: | Just to be clear I was being a bit snarky, but what I | meant is that this is sort of a small, fun, less | important project that could be easily given to an | intern. | | I don't think there is a bug? It seems like a sort of | image processing thing that might take a bit of compute | run. To the extent that there's blame, I'd lay the blame | at the feet of whoever decided it should be turned on by | default. | Dwedit wrote: | Looks like it's a Youtube feature rather than a Firefox | feature? | [deleted] | shapefrog wrote: | They are not the intern anymore - they are senior vice | president of battery draining, this feature absolutely | killed it at the end of year review. | runnerup wrote: | [flagged] | tough wrote: | They went for copying philips ambient lights on tv's but with | software, what could go worng | javajosh wrote: | To save another search: | | On desktop and mobile devices: While | playing a video, select the Settings button. Locate | the Ambient Mode setting in the list of preferences. | Toggle it to off to disable Ambient Mode for all videos on | YouTube (in that browser). | | It's in the same popup used for video quality and playback | speed. | LegitShady wrote: | I dont have that option. firefox on windows 10. | jonesnc wrote: | For those who may be wondering, the Settings button | referred to here is the gear button in the Youtube video | player. | 867-5309 wrote: | for those unfamiliar with visualising a gear, seek the | doughnut with a notched circumference | musicale wrote: | for those unfamiliar with visualizing a doughnut, imagine | a bagel-shaped treat of sweet cake-like dough, deep-fried | and frosted, with optional sprinkles | JohnFen wrote: | What's a bagel? | shrewduser wrote: | oh i saw this happen to me the other day, i was wondering if | it was a new youtube feature or something. can't say i care | for it. | LanternLight83 wrote: | Just noticed it recently too, though it might have been an | update to the stylus theme I use, I actually quite like it | sicariusnoctis wrote: | The "average color" (or whatever it is) could have been pre- | computed server-side rather than tiring out the poor innocent | client CPUs. | Phiwise_ wrote: | But then Google would be responsible for that one-time | computation instead of making the clients do it billions of | times. | hsbauauvhabzb wrote: | They could do it on a few clients then ship the data back | to the server. If they're resourceful those clients don't | even need to be watching the video! (they could send it | and compute the output in the background of another | stream) | TeMPOraL wrote: | But that's a distributed problem now and those use up | valuable developer time, which we know is the most | important resource in the world... | KeplerBoy wrote: | Couldn't this be done cheaply on the GPU? | musicale wrote: | > make watching videos in Dark theme more immersive | | the best way to make youtube videos more immersive is to | block obnoxious advertisements, remove useless algorithm- | driven recommendations, and delete the comment section | tmtvl wrote: | As I don't use edgelord mode I'm guessing I don't have to | worry about it. | JohnFen wrote: | Thank you! I had no idea this was a thing YouTube did. | Tagbert wrote: | Where is that setting? In YouTube Settings? I don't see it, | there. | b215826 wrote: | If you use uBlock, add the following to the filters: | youtube.com###cinematics.ytd-watch-flexy | erulabs wrote: | It's not in the general settings - instead it's in the | setting menu in the video player itself, where you'd select | the quality and playback speed, etc. | LegitShady wrote: | its not there for me. I dont see it in any settings | anywhere. | zamadatix wrote: | I don't see it either, maybe it's on an A/B rollout for | desktop. | wslh wrote: | I think it is time to have a way to fine tune consumption based | on settings. I assume the less complex way to do this is, | really, use the telemetry information gathered. | treis wrote: | Similarly gifs and animated emojis in Slack chews up the CPU. | Something like 20% at idle before I turned it off. | hapticmonkey wrote: | I honestly thought my monitor or GPU was having issues with | weird colour banding around YouTube videos. Turns out it was an | intentional choice they made to do that. I don't know why it's | on by default. | thih9 wrote: | This is why I like terminal, rss, or other technologies where | it's hard to add this kind of fireworks to the UI. | | When done right, sure, they improves the user experience by | some percentage. But when done badly, the UX goes down by | orders of magnitude. | xk_id wrote: | absolutely. besides, graphical UIs bombard the brain with | everyone's unique take on visual aesthetics, consuming | limited mental resources like attention | tiagod wrote: | If you turn off your computer power usage goes to 0% too. | emoII wrote: | Same behaviour for me using Safari. | xk_id wrote: | as I don't care about the comments section or the recommender | algo, I search (youtube-fzf) and launch (yt-dlp + mpv) youtube | videos directly from the terminal. i have a bash pipeline for | this and, naturally, it is very resource efficient | Affric wrote: | post the script pretty please | winter_blue wrote: | This is one of the myriad reasons why I have a strong | preference for Linux. | ok_dad wrote: | I just bought a Macbook because my dedicated Linux laptop, | made by a popular Linux-only manufacturer, had so many issues | that I got tired of diagnosing. I love Linux, but it's not a | panacea for every computer issue under the sun, just a few of | them. I, personally, am stoked I no longer have to deal with | issues with this new machine, and can just take it into a | Genius bar appointment to let someone else deal with it, for | pennies a day. You can't get _that_ on Linux! | | Feel free to tell me I'm a sell-out, I am happy to be one | today. | mbernstein wrote: | You're a sellout but I am too, so welcome :). | zamnos wrote: | With all the attention being paid to macOS these days, | there's enough mods and addon's that I don't miss Linux | _so_ much on my laptop. Hammerspoon gets me drag and resize | windows how I want, and there 's Rectangle.app for tiling- | ish window management. There's no /proc, and all the rest | of the cli utilities are just wrong (netstat, route, top, | etc) but I can live with my M1. | | (brew addresses a lot of the issues though, even if I do | have to remember to run gdu instead of du (for gnu du)) | xk_id wrote: | yabai is the full featured window manager for macos | acomjean wrote: | I switched to linux. I like it and haven't really had any | issues to speak of. Not with sound, video, wifi or any of | the other things people complain about. My fan went, but | likely it was a pet fur issue, and easy to fix... I'm not | an admin. I know how to use the command line, and how to | use it as a work machine. Really my experience over the | past 3 years, its been as trouble free as my Mac used to | be. It really is the great development platform. | | Glad you like your machine. | grugagag wrote: | Can you hybernate your system without issues? | javaunsafe2019 wrote: | You are not sellout but just the average Joe. No problem | with that I guess. Have fun with your Mac that uses a | soldered ssd that when failing makes your whole Mac useless | as well. | jutrewag wrote: | Meh hasn't happened yet but I'd just buy a new one. That | being said, I always also have a windows and Linux | machine, they're just not my daily drivers. | freedomben wrote: | > _I, personally, am stoked I no longer have to deal with | issues with this new machine, and can just take it into a | Genius bar appointment to let someone else deal with it, | for pennies a day. You can 't get that on Linux!_ | | Honest question. If you _could_ get that on Linux, would | you? and what kind of pricing would you consider | reasonable? Is it something that would have to come with | the computer (i.e. would you pay for it separately or would | you only use it if it was "free" aka included with your | laptop purchase)? Did you stick with the vendor-provided | install or did you wipe and install your own preferred | distro? | runnerup wrote: | I would pay the same amount for a Linux laptop that | worked as easily as a MBP and had similar build quality, | performance and battery life. | | Howver, whatever crazy-stable and easy to use and well | supported hypothetical Linux this is wouldn't be | compatible with my "real" Linux use cases so I would then | also install Arch or whatever and live with constantly | borked everything and just swap between my Arch "Dev" OS | and my "Linux Mac" business/work/consumer OS. | | Current Linux cannot be made "MacOS"-stable. But maybe in | 5 years. | fiddlerwoaroof wrote: | This has nothing to do with macOS vs. Linux, though | ezfe wrote: | not sure what your point is... ambient mode is a visual | effects thing YouTube does and reading the descriptions, not | surprised it causes increased CPU usage regardless of OS. | DevKoala wrote: | _Something happens_ | | > This is one of the myriad reasons why I have a strong | preference for Linux. | xen2xen1 wrote: | Because browser users on Linux have never, ever been | shafted by a browser bug? Riiiiiight. | sicariusnoctis wrote: | This happens on Linux too. I was wondering if the weird CPU- | hogging flickering was a bug in my compositor (picom) or | window manager (i3) or browser (Firefox). Turns out to be a | "feature". | whalesalad wrote: | My only interaction with Windows Defender is the (undefeatable) | nag popup every boot that warns me it is disabled. | Renaud wrote: | If you use Windows Pro and Enterprise, you can use GPO to | disable Defender. Just run gpedit.msc and edit a few of the | policies to disable real-time protection etc. | | Under Computer Configuration > Administrative Templates > | Windows Components > Microsoft Defender Antivirus | - Turn off Microsoft Defender Antivirus -> set to Enabled | | Under Computer Configuration > Administrative Templates > | Windows Components > Microsoft Defender Antivirus > Real-Time | Protection - Turn on behavior monitoring -> set | to Disabled - Monitor file and program activity on your | computer -> set to Disabled - Turn on process scanning | whenever real-time protection -> set to Disabled - Turn | on behavior monitoring -> set to Disabled | | Restart the computer and Real-time protection should be | disabled permanently (until you reverse the same settings | through gpedit.msc at least). | bob1029 wrote: | You can also elevate to Trusted Installer or System and | completely remove this garbage from your computer. | | Alternatively, if you run windows server as your workstation | OS, you can perform an uninstall using Remove-WindowsFeature | from powershell. | | The old gpedit tricks don't really work anymore in my | experience. | zamadatix wrote: | With 11 (or possibly newer versions of 10, haven't tried | lately) this doesn't seem to actually disable MsMpEng.exe | from loading anymore. Using something like | https://github.com/jbara2002/windows-defender-remover seems | to work though. | ChuckNorris89 wrote: | My car also nags me every time I unbuckle my seatbelt to park | yet that doesn't mean everyone should have it unbuckled all the | time. There's a reason it's designed to be naggy. | | Having everyone easily disable Windows Defender will not lead | to a great outcome. | | There's a reason malware on Windows has been on a steep decline | from the Windows XP days and I'd prefer it to keep it that way. | whalesalad wrote: | TBH the main reason I commented this was to get some kind of | validation from the community (positive or negative). Sounds | like I need to turn it back on :) | | I really only use this machine for MWII, Halo and Titanfall. | It's a glorified Xbox. I even contemplated putting it on a | standalone VLAN to 100% physically isolate it from my core | net. | akira2501 wrote: | Not all uses cases for a car are the same. Some are held | entirely on private property and are used as work vehicles | where the seat belt chime would be unnecessary and | distracting. Which is why most manufacturers provide a sneaky | mechanism to disable it. I own the vehicle, why wouldn't they | let me disable the nag? | | Their solution? Make it intentionally complicated, but still | possible: | | Step 1: Turn your headlight switch off | | Step 2: Unbuckle your seatbelt and turn the key to the off | position | | Step 3: Turn your key to the on position till the seatbelt | warning light turns off | | Step 4: Buckle and unbuckle the seatbelt three times and end | on the unbuckled position | | Step 5: Turn your headlight switch on for three seconds and | then turn it off | | Step 6: Repeat step number 3 | | Step 7: Wait for the seat belt warning light to turn on and | off again then buckle and buckle the seat belt | callesgg wrote: | Sounds like you are arguing that seatbelts do not increase | the safety of its users when it is used on private | property. | | I know it's not your main point. But anyways.. it does not | increase the rhetorical power of your comment. | whalesalad wrote: | I remember doing this sort of song and dance with my RAM | and Jeep. Sometimes I am just moving around a parking lot | for a brief moment, or especially when off roading (read: | stuck) and don't want the constant beeping. | | Seat belts are 100% an immediate habit for me. Driving at | any rate of speed without one makes me feel super sketchy | and uncomfortable, so the nag is not needed at all. | | On my Ford's I would use FORScan to defeat it via the OBD2 | port. | | I do have a security gateway bypass module for my truck | though so hopefully I will be able to start playing around | with AlfaOBD soon. | garbagecoder wrote: | It's humbling to be in the presence of such greatness. | badrabbit wrote: | Haha, you should enable it with exclusions. It's the best AV | out there that isn't an EDR. I disable it in labs but I can't | imagine running windows in prod with defender enabled. Don't | use windows like it's Linux. | TecoAndJix wrote: | Defender, under certain licenses, is an EDR - | https://learn.microsoft.com/en- | us/microsoft-365/security/def... | mesebrec wrote: | What is an EDR? | libraryatnight wrote: | endpoint detection and response: | https://learn.microsoft.com/en- | us/microsoft-365/security/def... | [deleted] | [deleted] | Brosper wrote: | Wow Microsoft should say at least sorry to Mozilla and somehow | repay them for this! | nabakin wrote: | Previous post: | | https://news.ycombinator.com/item?id=35458746 | | @dang | jeffbee wrote: | That's one way to look at it, but a very biased take. An equally | valid take is that Firefox was calling an expensive platform | feature too often, and even though it has been killing | performance for years (possibly, for the entire history of the | project) nobody noticed or bothered to fix it on the application | side. | jupp0r wrote: | The platform feature in question was normally cheap and just | made artificially expensive by Defender intercepting calls to | it and blocking until analysis was performed. I don't think | it's the FireFox' team's responsibility to be aware of and take | into account arbitrary software intercepting system calls. | pradn wrote: | It's the application owner's responsibility to make it the | app run as best as it can on a given platform. Platforms are | messy, but you have to deal with it. You should escalate to | the platform owner, sure, but you can't rely on them fixing | it in any reasonable time-frame. | | I worked on a desktop<->cloud file sync app. On Windows, only | one badge can show up on a file's icon in Explorer. If | there's multiple apps trying to set the badge, who wins? | Well, it depends on the lexicographical order of the | registrants names. So what did we do? We added some spaces to | our registration name to make them show up first. Good for | the user, as best as we can know - since the user or their | admin had to install the app to get these badges in the first | place. And they were useful ones too - whether a file was | synced or not. We tried our best, and escalated. | jeffbee wrote: | Windows Defender real-time protection is enabled by default. | shadowgovt wrote: | > I don't think it's the FireFox' team's responsibility to be | aware of and take into account arbitrary software | intercepting system calls. | | One of the first, hard lessons I had to learn about web | development (like, stare-at-a-wall-and-consider-my-career- | hard) is that web development is _way_ more about network | effects than application architecture. | | Real people run systems with real configurations, and when | you're targeting "the public" as your userbase you must | account for that. And Mozilla knows this: if you go into the | source code (circa 2009, YMMV) and look through the | initialization and boot-up logic, you would find places where | the system used heuristics to figure out whether some | extensions had been installed in odd places instead of the | "Extensions" directory (because the tool had been installed | before Firefox) and hot-patch paths to pull in that | component. Because if a user installs Flash and then installs | Firefox and Flash doesn't work in Firefox, it's not Flash | that's broken... It's Firefox. | | It doesn't matter if the bug is in "Microsoft's code" or | "Mozilla's code." That's unimportant. If you're a Mozilla | engineer, all that matters is whether this bug would cause a | user to get pissed off and uninstall Firefox. | | Thats. All. That. Matters. | jupp0r wrote: | I completely agree with you and have been on the other side | of this too, having worked on a native enterprise app | running on various MacOS, Windows, iOS and Android | versions. Customers don't care if you have a great | explanation why stuff with your app doesn't work. That | being said, it's completely unreasonable to have the | proactive expectation of something working well today | (writing many files) breaking tomorrow (due to defender | heuristics changing) and proactively trying to prevent this | by optimizing. Mozilla reacting to this by both reporting | the bug to Microsoft and optimizing to work around the | problem is really the best you can do. | | "They shouldn't have written so many files in the first | place" is not a valid preventative strategy, but a one way | road to premature optimization hell. | chris_wot wrote: | Yes, but it's incredibly difficult to work out what is | causing the problem. That's what happened here. | vntok wrote: | > I don't think it's the FireFox' team's responsibility to be | aware of and take into account arbitrary software | intercepting system calls. | | Per the bug report, Firefox was generating up to ~14,000 | calls where Chrome was generating ~300, though. | | Surely it is Firefox' team's responsibility to use system | calls in a sane way, say not almost 50x more than the | competition? | bogwog wrote: | > Surely it is Firefox' team's responsibility to use system | calls in a sane way, say not almost 50x more than the | competition? | | The docs for that function don't say anything about | performance: https://learn.microsoft.com/en- | us/windows/win32/api/memoryap... | | They also don't say anything about "sane" usage, and while | I don't have an MBA, I'm pretty sure they don't teach | anything about `VirtualProtect` ratios when doing | competitor analysis. | | One possibility is that the Chrome team's implementation | was more efficient due to luck, or they invested the | resources to identify the performance characteristics of | this function call, whereas the Firefox team missed it. I | don't think "Chrome has more development resources than | Firefox" is news to anybody. | [deleted] | shadowgovt wrote: | There are three facets to any protocol, API, or standard | in software: | | The spec, the intent of the spec, and the implementation | of the spec. | | Doesn't matter what the docs say; what matters is what | performance testing shows. Docs lie. | | And even if Chrome lucked into a cheaper implementation: | that luck has given them a market edge. | jupp0r wrote: | Did you read the bug report? This is literally about | writing to files in a temp folder. Surely you can optimize | that but you should also be able to assume that this does | not use excessive amounts of CPU on a modern operating | system. | vntok wrote: | Yes, I have read the bug report. It mentions that Firefox | writes wayyyyy too much in the temp folder. It also | mentions that the team should fix this behaviour | independently of the fact that some of those calls are | more costly than they should be because of the bug in | Defender: | | > With a standard Firefox configuration, _the amount of | calls to VirtualProtect is currently very high,_ and that | is what explains the high CPU usage with Firefox. The | information that the most impactful event originates from | calls to VirtualProtect was forwarded to us by Microsoft, | and I confirm it. In Firefox, disabling JIT makes | MsMpEng.exe behave much more reasonably, as _JIT engines | are the source of the vast majority of calls_ to | VirtualProtect. | | > On Firefox's side, _independently from the issue | mentioned above, we should not consider that calls to | VirtualProtect are cheap. We should look for | opportunities to group multiple calls to VirtualProtect | together,_ if possible. Even after the performance issue | will be mitigated, each call to VirtualProtect will still | trigger some amount of computation in MsMpEng.exe (or | third-party AV software); the computation will just be | more reasonably expensive. | cesarb wrote: | > It mentions that Firefox writes wayyyyy too much in the | temp folder. | | > > the amount of calls to VirtualProtect is currently | very high | | Calling VirtualProtect is not writing to the temp folder. | The VirtualProtect call is to change the permissions of | the in-memory pages. It should be an inexpensive system | call (other than the cost of TLB flushes and/or | shootdowns). | IshKebab wrote: | Come on, anyone that has even unzipped Linux-centric | stuff on Windows knows how slow individual file | operations are compared to Mac or Linux. | | It's very common knowledge that on Windows you will get | terrible performance if you have many many small files. | | I don't know why Microsoft doesn't fix that. Maybe they | can't for compatibility reasons or something. But that's | the way it is, and any software that wants to run well on | Windows needs to deal with it by using fewer bigger | files. | thfuran wrote: | I usually assume that even vaguely considering looking in | the same direction as a file on windows will melt my CPU. | hgsgm wrote: | Windows Search Indexer automates that for me. CPU keeps | burning even when monitor is off and I'm working on | another computer. | 0cf8612b2e1e wrote: | Why is Search Indexer constantly rescanning the same | files? Can they not cache the results from the previous | scan? That and OneDrive are constantly making my work | laptop scream. | [deleted] | BuckRogers wrote: | You really shouldn't assume anything in software or any | complex system. I know this wouldn't fly at my job, and I | don't work at Mozilla. | | This is basic testing. | | Normally this is the mark of a bad software engineer, but | attempting to blame the platform you're on for your lack | of testing takes it a to a new low. | | Mistakes happen, admitting full incompetence that basic | testing isn't done is damning. This is not a good defense | of Firefox nor Mozilla. | jupp0r wrote: | Not sure what your job is, but in my job: | | - we implement a feature, test it thoroughly for | functional and non-functional requirements | | - when we are happy, we release it | | I don't see myself being responsible for a third party | software company coming along years later and introducing | a bug in code that injects itself between my software and | the operating system that users of the software I wrote | happens to install at some point. | garbagecoder wrote: | You basically just said you stop supporting things once | they ship. Doesn't work properly on Windows? Shrug. | dpkirchner wrote: | Maybe you're not responsible, but if someone says | "something changed in the OS and your previous method is | now adding substantial overhead", you could either a) | report the change to the OS and mitigate or b) report the | change to the OS and ignore the problem for years. It | sounds like Mozilla chose b, for whatever reason. | | As a software developer, I've had to workaround many many | bugs in OSs, especially when dealing with updates to | Android. It's just part of the job. | thfuran wrote: | The OS isn't some random third party software, it's one | of your dependencies. Your software doesn't work without | the OS and if it also doesn't work with the OS, it just | plain doesn't work. | wtallis wrote: | That's really not a tenable mindset to be taking these | days. With how much Windows has become a constantly- | moving target rather than a stable platform, you need to | regard it first and foremost as your adversary, whether | you are developing against it or are simply an end user. | And the days of being able to thoroughly test against | every relevant version of the OS are long gone; Microsoft | has ensured your QA will be Sisyphean. | shadowgovt wrote: | At the end of the day, it's about your users. | | If your users are on Windows, you have to be where they | are. Moving target, wonky API, warts, and all. | | Yes, it's Sisyphean. That's why my shop had a whole room | stuffed with parallel Windows installs. We couldn't | afford to have our users be the first ones to notice | Microsoft pulled the rug out from under us again. | jesse__ wrote: | I'm not sure how you can possibly qualify VirtualProtect as "an | expensive platform feature". Looking at the operation that | VirtualProtect actually has to perform, from first principals, | it should be one of the cheapest syscalls in the entire kernel. | | The bug was that ETW (in the antivirus process) was doing | something braindead; zeroing a megabyte of memory unnecessarily | every time someone called it just to get the size of a buffer. | kramerger wrote: | > it should be one of the cheapest syscalls in the entire | kernel. | | That's an educated guess... that is unfortunately very easy | to disprove :( | jeffbee wrote: | Exactly. If you're going to assume some call is free, write | that down in a test that can be periodically verified and, | preferably, is. | shadowgovt wrote: | Branch prediction should be a super-dumb algorithm, but then | Spectre comes along and, oh dear. | | Malware protection algorithms make fools of us all. | jupp0r wrote: | Also worth noting that the "expensive platform feature" you | refer to in this specific case means "writing to a file". | Something as basic as this should be assumed to be fast on | modern operating systems. | jeffbee wrote: | It is not a bug that there are overlooked optimizations in | some platform features. Windows has a ton of slow features. | Starting a process, for example, takes forever. It is the | responsibility of application authors to write their | performance-sensitive critical path in such a way as to avoid | bogus platform behaviors. This goes for Linux, which has more | than its fair share of brain damage, as well as Windows. | jupp0r wrote: | I generally agree with you. Having worked on lots of cross | platform software, a big part of that job is to work around | quirks of the underlying platforms, which can be | significant. However in this case, it's not that Firefox | was introducing the usage of these APIs and was then | starting to have performance problems. They used the APIs | without problems when suddenly Defender came along and | slowed them down by orders of magnitude when they had been | working fine for years. | pavon wrote: | No it had nothing to do with Firefox writing files. Firefox | was making a bunch of calls to VirtualProtect. Windows | Defender (MsMpEng.exe) was then writing to file (an sqlite | database) every time one of these calls was made, which was | slowing down the system. | | This comment is a good summary of what the issue was once | they understood the problem: | https://bugzilla.mozilla.org/show_bug.cgi?id=1441918#c82 | Randor wrote: | Where did you get that idea? Sqlite? Windows Defender isn't | using sqlite at all. | sroussey wrote: | It detects the use of SQLite, then copies it, etc etc. | Read the bug for more details. | vntok wrote: | Yeah, your program definitely should not do as many useless | writes on the system it runs on, it's just bad behaviour. If | every program did the same the disk would grind to a halt, | SSD or not. | CWuestefeld wrote: | Recent discussion of this here also cited a problem (not sure | if it was the same problem) with Defender causing 100x | performance drop with some PowerShell operations. | arnaudsm wrote: | Quick napkin math of the wasted power : Firefox has ~300e6 users, | let's assume the bug wasted 5 extra watts 4 hours a day. | | That's 250 megawatts saved, the equivalent of an average coal | power plant. Because some Microsoft engineer missed a bug. | HPsquared wrote: | Would be interesting to see the energy usage of Windows Update | computed in a similar way. | marricks wrote: | > Because some Microsoft engineer missed a bug | | That might be a bit too kind given how much Google liked to | Oops Firefox. Wouldn't be surprised if MS did too. | | Oops: | | https://www.computerworld.com/article/3389882/former-mozilla... | cutler wrote: | Don't underestimate Microsoft Won't Fix which helped IE | dominate the browser market for over a decade. | jonhohle wrote: | I love calculations like this and hope they are part of every | engineer's line of thinking. I originally came across this | thinking in Andy Hertzfeld's book - | https://www.folklore.org/StoryView.py?story=Saving_Lives.txt | | Performance is time, energy, heat. It's one of the easiest | features to get and there are lots of tools, research, and | philosophies to help get it. Memory and storage are similar. | | For anyone working on large scale apps that are on millions of | devices, hundreds of thousands of servers, or even just some | back office guy who has minutes less stress in his day, | performance benefits the world. For programmers, it's one of | the easiest ways to Save the Planet(tm). | harshreality wrote: | How did the idea of avoiding premature optimization get | misapplied to client-side apps where the entity writing the | software is not the one paying for electricity, cooling, and | people's time when the software takes much longer to run than | it could? When did a lot of software devs stop caring? | | Pardon me, I think there are some electron devs at my door | asking for a word. They might have baseball bats. | rocqua wrote: | Premature optimization should be avoided client side as | well I imagine? It just seems like lots of development | shops skip optimization altogether, even when it stops | being Premature (when it matures?). | | And it's not like those Shops suffer for it, so it isn't | very surprising they continue. | aranchelk wrote: | I use a 7 year old low-power laptop. Cooling, electricity | usage, and performance of Electron apps are never an issue. | Crashes, bugs, lost data, and bad usability still are. I'd | rather have devs spend time on that stuff. | | If Electron frees up organizational resources to do what's | actually important, I applaud devs for using it. | zerkten wrote: | >> When did a lot of software devs stop caring? | | I'm not sure the devs stopped caring as much as the powers | at be. Software development has become more commoditized | than we want to believe. Devs following an agile workflow | with every intent of performing multiple rounds of | optimization find that the product gets shipped as soon as | it approximates the thing that had been conceived | originally. | | It doesn't look like an immediate failure, so the less that | leadership takes from it is frequently that the level of | maturity they shipped is safe. The cycle continues and | eventually folks lower down succumb to this shipping | pattern. The only things that get them to optimize is | competition that successfully drive home their win was due | to performance. This doesn't always lead to optimizations | when you are an incumbent who can still close more feature | gaps because those often result in higher sales and | revenue. | zerocrates wrote: | There's a similar calculation (in a slightly different | context) in a good scene in the movie _Margin Call_ , about | all the miles and hours saved by one bridge: | https://www.youtube.com/watch?v=m8Mc-38C88g | sseagull wrote: | Don't forget the waste caused by people throwing away devices | that are "too slow", and the resources required to build new | computers/phones. | | Somewhere I saw a rough figure about phones. Something like: | if everyone was able to keep their phone one year longer, it | would be the equivalent of 600,000 cars off the road or | something. (Just looked it up - source is possibly the | founder of iFixit). | | But you know, development velocity or whatever. | einpoklum wrote: | Actually, in the PC/laptop space, I believe this phenomenon | has been waning somewhat over the past... oh, the better | part of a decade. | | This is a result of: | | * Single-core performance no longer dramatically improving | - almost plateauing | | * The rate or extent of "bells and whistles" and other OS | overhead being added - decreasing. | | * Budget consumer CPUs having reached smooth desktop | performance (with sufficient memory and and an SSD) | already, even with multiple applications open. | | .. and all of these had not been the case during the 1980s, | 1990s and 2000s. Now, if your machine's hardware doesn't | brake down - and you're just a plain desktop user - your | motivation for throwing away your machine is quite limited. | | --- | | Of course, this is not the case for smartphones, we're | still on the roller-coaster there. | RodgerTheGreat wrote: | It can be a bit dangerous (especially to your employer) to | continue that line of thinking, though. How many pieces of | software do we collectively work on which would make the | world a better place _if they didn 't exist at all_? | hinkley wrote: | Oh no! | | ... anyway... | asoneth wrote: | Is that really a downside? | | In some cases you convince your organization to shift focus | onto more useful products, and that can be a really great | feeling. In other cases (company is too large, management | too committed) it helps you confront exactly who you're | working for. Because if you're going to sell your soul, you | should at least make sure you're getting a good price. | i-use-nixos-btw wrote: | Meh. I feel like there needs to be an active movement to | assess programs that have huge scale (>10m users) to | identify unnecessary power usage - whether it be because of | a bug, because of unused functionality that nonetheless | takes resources, or intermediate steps that take | unnecessary power. | | Perhaps I'm getting into a bit of a niche here, but the | rise of stringy formats for data transfer concerns me. | There are many-stage pipelines on machines that agree on | what a 64 bit integer is, yet each stage performs encoding | and decoding of JSON twice (decoding upon receipt, encoding | to pass it on to the right place, decoding the response, | encoding it in another manner to reply to the original | sender). Sounds like a minor concern, but the scale of this | instinctively feels like it'd dwarf 250MW globally. | chillstreem wrote: | doesn't this bug only manifest itself if one is using microsoft | defender as their only security solution, and not a 3rd party | AV/IS? if so, then the number of Firefox users in this | calculation is much lower. | slowmovintarget wrote: | I run an antivirus suite and have attempted to turn Defender | off several times. Windows Update keeps switching it back on. | SketchySeaBeast wrote: | I don't know if that's the case. I'm a Firefox user but | consider all the 3rd party apps nearly as much malware as the | things they are trying to solve. I run strictly defender and | try to make good choices when downloading and browsing. | chillstreem wrote: | well, if we're taking strictly subjective personal | experiences as some sort of a relevant benchmark, then I'm | a Windows Firefox user that has never used MS defender for | any length of time, and always strictly a reliable low- | impact 3rd party AV like ESET or Emsisoft. so I guess the | two of us cancel each other out. | hgsgm wrote: | > strictly a reliable low-impact 3rd party AV | | Sounds good | | > like ESET | | What?! ESET used to burn constant CPU when wifi | disconnected. | SketchySeaBeast wrote: | So based upon rigorous analysis, approximately half of | all Firefox users use the default choice, and half use a | different AV. | UberFly wrote: | I actually replace Defender with a 3rd party choice (Eset) | for this very same reason - to wrestle some control over my | OS from Microsoft. I find Defender to be overbearing in so | many ways. | guestbest wrote: | I agree with this and try to practice myself. I download | portablespps.com hoping they have a scanner and stick to | the open source ones | Neil44 wrote: | More complicated still, defender does not completely stop | working when 3rd party AV is installed. Also maybe Firefox is | not the only app triggering this bug? | zerkten wrote: | This is just one bug in the world affecting power usage with | Firefox. There are loads more like | https://bugzilla.mozilla.org/show_bug.cgi?id=1404042 which | caused me to abandon it on macOS as my primary browser. | recursive wrote: | The units don't make sense. You might mean megawatt-hours? | hgomersall wrote: | It was not so well explained, but the GP does mean averaged | over 24 hours, the power requirement is 250MW. | arnaudsm wrote: | No typo, I meant Watts. I averaged the 4 hours per day | teraflop wrote: | No, it makes sense. The parent is talking about continuous | power measured in megawatts, i.e. megawatt-hours per hour, or | megawatt-days per day. | | 300 million users * 4 hours/day * 5 watts = an _average_ | continuous savings of 250 MW. | recursive wrote: | Ok, I get it now. This does make sense. | xdavidliu wrote: | one way it could just be mW is if he/she meant "a coal power | plant for the 5 years that the bug was active" | ChuckNorris89 wrote: | You assume all Firefox users are on Windows (they're not) and | that all Firefox users on Windows are affected (I and my SO | were not). | | Who knows what edge case triggered that bug to manifest but I | for one haven't seen it in the wild in the years we've been | using FF. | | Probably difficult in such a large org to allocate dev | resources to chase down and fix a bug few people were impacted | by. | callahad wrote: | Around 80% of Firefox users are on Windows, per | https://data.firefox.com/dashboard/hardware | | That same site also suggests that Firefox has around 200e6 | monthly active users, the average user uses Firefox 3.5 days | a week, and for 5.5 hours per day. | | My math could be wrong, but taking the above into account, | and arnaudsm's 5 W estimate, I come up with an upper bound of | around 80 MW. Discount that further by whatever proportion of | Windows users you assume were actually affected. Not a whole | coal power plant, but nothing to sneeze at. | warner25 wrote: | Wow, that's fascinating. It really speaks to the utter | dominance of Windows over Linux more than anything else. | Like _even among Firefox_ users, as of _last year_ , there | were an order-of-magnitude more Windows _7 and 8_ users | than Linux 5.x users. | jonas-w wrote: | Don't have any data to back this up, but I would think | that the average linux user will instantly turn off | firefox telemetry and won't show up on these graphs. It's | one of the first things when I install firefox, disable | ff telemetry, set privacy mode to strict and then install | uBlock. Nevertheless Windows has a huge market share, | even if no one turned off data collection, and the year | of linux on desktop didn't happen. | perfmode wrote: | user must be running windows | pjmlp wrote: | If it isn't on the Sprint board it doesn't exist. | dylan604 wrote: | You also have to assume that at least one Microsoft employee | has Firefox installed. There's no bug if there's no users | sterlind wrote: | I work at MS, tried to use Firefox but couldn't because FF | doesn't integrate with the Windows cert store. Crucially, | this keeps Windows Hello (TPM auth) from working, which | makes it useless for any internal websites. For a while I | used a hand-compiled PKCS#12 plugin that bridged to the | cert store, but that was extremely fragile and eventually I | gave up. | | I think this is probably a major blocker for many | enterprise users, and wish Mozilla would have fixed it. | | edit: it looks like they may have fixed this in the past | couple years, though you might have to go poking around in | about:config. | reynoldsbd wrote: | Current MS employee here. For a time this was true, but | FF recently added this integration. No about:config | needed, there's simply a checkbox under the FF security | settings. Since this was added, I have gone back to using | FF as my daily driver, and I haven't really encountered | any other friction. | protastus wrote: | Indeed. https://support.mozilla.org/en-US/kb/windows-sso | pixel16 wrote: | Microsoft now blocks non edge browsers with conditional | access policies. | anonymousiam wrote: | Firefox not integrating with the Windows cert store is | actually a good thing in many use cases. The ability to | have an alternate browser that's not integrated has saved | my butt more than once. | chlorion wrote: | Gaming on a mid-tier modern GPU probably uses around 50-100w, | the Steam stats probably have a number of users to multiply | with. I'm sure it's a massive amount of power. | | I don't like video games and they are not-necessary so I | propose that we ban them globally, or only allow gaming if | using renewable energy. If you don't live in a place where this | is an option, too bad! | | Maybe instead of this we require all games to be limited in | graphical effect (imagine early source games or something). We | could save a lot of power globally if we enforced this. | | This is why I strongly dislike this line of thinking. I don't | think power plants work that way anyways, they probably make a | constant-ish amount of power rather than taking exactly 50w | worth of fuel every time someone opens up Call Of Duty. | | There are also much lower hanging fruit to get upset about if | you care about the planet, like cars with large motors or | people with heated drive ways (yes thats a thing). | ericye16 wrote: | This is a bad comparison, gaming presumably brings utility to | someone whereas this was a pure bug with no upside. | kortilla wrote: | People get entertainment out of games. They got nothing out | of this wasted cpu. | dist-epoch wrote: | > _That 's 250 megawatts saved, the equivalent of an average | coal power plant. Because some Microsoft engineer missed a | bug._ | | Are you sure you want to invoke this logic? Because following | it through imagine the energy savings if Firefox users switched | to Chrome. | volkk wrote: | > Because following it through imagine the energy savings if | Firefox users switched to Chrome | | i've read everywhere that Firefox at this point is far more | energy efficient than Chrome...is that not true? | hanoz wrote: | _> imagine the energy savings if Firefox users switched to | Chrome._ | | Imagine the energy squandered on all the extra goods and | services bought by users using a browser owned by an | advertising company, instead of Firefox. | LeoPanthera wrote: | > Are you sure you want to invoke this logic? Because | following it through imagine the energy savings if Firefox | users switched to Chrome. | | Ironically, Mac users routinely complain about how power- | hungry Chrome is on the Mac. Safari is _significantly_ more | efficient. | ChuckNorris89 wrote: | _> Safari is significantly more efficient._ | | Based on the increased laptop battery life I notice, so is | using Edge on Windows. | | It makes sense that both Apple and Microsoft can extract | the best out of their OS + browser. There's no way Firefox | can compete on such OS specific optimizations. | Karunamon wrote: | Is that because of the quality of Chrome or because Safari | is a "blessed" application and probably gets to do things | other applications do not? | | Entirely serious question. Apple is known to severely | privilege their own applications over competitors. | ojosilva wrote: | Totally guesswork here, but I'd say Chrome has a lot more | telemetry, profiling and tracking built-in and its users | tend to use a lot more plugins, including things like ad- | blockers that scan over each webpage and can be | beneficial (battery-wise) or not depending on content. | Safari users are more of a barefoot type. A power user is | more likely to not be running Safari. And a _power_ user | may, well, prefer to sacrifice battery _power_ to get the | _power_ they seek. | | Besides, there's some precedent set in 1998 by a certain | OS that "favored" their embedded browser over the | competition, so I doubt Apple would want to tickle that | fancy. | LeoPanthera wrote: | It's not impossible, but I doubt it, if only because very | few third party applications use as much as Chrome does. | The only exceptions are things that actively use a lot of | CPU, like compilers or compressors. | jeron wrote: | Blessed or not, I still end up using Safari. The | improvement in battery life is too significant to ignore | dijit wrote: | Its been a really long time but safari on Windows was a | thing and it did run a lot leaner in the background than | anything else available at the time (except Opera if | memory serves). | | It's entirely possible that Safari is intentionally | avoiding features that make it wake up- | | I doubt that it does anything unavailable to other | browsers, thats MS territory, because they wanted | features. I feel like safari, by contrast, doesn't want | to add features. | drdrey wrote: | That's because optimizing for battery life is a stated | goal of the Safari team, it's actively benchmarked | harry8 wrote: | Imagine the power savings if chrome users switched to lynx. | | Imagine the power savings if everyone used pihole, ublock | etc. | | Second uses more power than the first and is better. Do it! | ChuckNorris89 wrote: | Or the energy used by all the electron apps on all operation | systems. | xxs wrote: | >Firefox users switched to Chrome. | | Far worse due to privacy/adblock addons. | wiseowise wrote: | > Because following it through imagine the energy savings if | Firefox users switched to Chrome. | | Enlighten us. | airza wrote: | There are good reasons to not use chrome over firefox, but | few reasons to leave firefox bugged. I don't think the same | utilitarian logic applies. | throwbadubadu wrote: | Yeah, finally as the market share is where it should be for | Firefox Microsoft had no more reasons to leave it on :D | omneity wrote: | It's not too bad an analogy. Think of it this way: | | - Switching from Firefox to Chrome might be similar to | switching between two car models, one consuming less energy | than the other. | | - Fixing this bug is more like going to a car workshop to fix | an injector issue in your car that was causing higher fuel | consumption and more pollutants. | | The first one is really a matter of tradeoffs and personal | choices. The second one is less of a choice and more of an | actual issue that was left due to negligence. Hardly similar. | sgtnoodle wrote: | Isn't it more like an auto maker issuing a recall to fix an | injector issue in all their cars? | omneity wrote: | An analogy can only get you so far, but in this case the | bug is caused by Microsoft Defender, yet Firefox, the car | manufacturer, is a different entity. So I wouldn't call | it a recall. | sgtnoodle wrote: | A bunch of cars across many manufacturers were recalled | in the 2010's due to a defect in the airbags made by the | same manufacturer. | | One could also argue that the OS is the car, the browser | is the chauffeur, and the user is the passenger. | Georgelemental wrote: | If one user switches to Chrome, the energy savings are only | for that one user. If one Microsoft engineer fixes a bug, the | energy savings are for the many thousands who use Firefox on | up-to-date Windows. | lkbm wrote: | I mean, sure, I could also just turn off my computer. | Presumably people use Firefox for a reason, and making that a | option use less energy is pure upside, and it's very | interesting to see how big of an upside it might be. | tgv wrote: | Think more like this: this bug cost an average coal power | plant, all other things being equal. I doubt it's that much, | but it certainly did waste a lot of energy. | | > imagine the energy savings if Firefox users switched to | Chrome. | | Imagine the privacy savings if Chrome users switched to | Firefox. | axolotlgod wrote: | Does Chrome really use significantly less resources than | Firefox? Are there numbers there? | haupt wrote: | According to Tom's Guide[1] Microsoft Edge beats out both | when it comes to RAM utilization but Chrome just edges out | Firefox when loading >10 tabs. That was in 2021. I'd be | interested to see any other comparisons or benchmarks. | | 1. https://www.tomsguide.com/news/chrome-firefox-edge-ram- | compa... | prmoustache wrote: | This is with no extensions installed right? | IntelMiner wrote: | It took a lot longer for Firefox to get GPU accelerated | video playback on Linux iirc | | Perhaps a "niche" use case for some, but there's a lot more | Firefox users on Linux in particular | lotsofpulp wrote: | The cause and effect exists whether or not some commenter on | HN writes about it. | | The reason it is not "invoked" is because energy prices are | sufficiently low (due to not pricing in externalities) that | there exists little incentive for end users to optimize for | power usage. | gruez wrote: | >The reason it is not "invoked" is because energy prices | are sufficiently low (due to not pricing in externalities) | that there exists little incentive for end users to | optimize for power usage. | | You're right in principle, but in practice even factoring | in externalities electricity prices won't be high enough | for people to care. Using current US carbon intensity for | electricity generation[1] and the higher end estimates for | the social cost of carbon[2] gets us carbon costs of $0.142 | per kWh. The average prices in US is $0.168. Adding in | carbon costs would almost double the price, but there are | countries with even higher electricity prices[4] and | they're not exactly switching to more efficient software in | droves to save energy. | | [1] https://emissionsindex.org/ | | [2] https://en.wikipedia.org/wiki/Social_cost_of_carbon#Car | bon_p... | | [3] https://www.bls.gov/regions/midwest/data/averageenergyp | rices... | | [4] https://www.statista.com/statistics/263492/electricity- | price... | kramerger wrote: | > imagine the energy savings if Firefox users switched to | Chrome. | | Nah, I like my privacy. How about replacing Electron apps | with native apps instead? | shapefrog wrote: | > imagine the energy savings if Firefox users switched to | Chrome | | This _is_ why I left firefox. | ouid wrote: | Using firefox without memory errors is a pareto optimization | over using firefox with memory errors. | tyingq wrote: | Maybe compare manifest v2 friendly Firefox with uBlock Origin | vs eventual Chrome without it :) | revolvingocelot wrote: | Serious savings indeed when the Javascript cryptominer some | ad network blithely serves up is ad-blocker'd, but we | prefer _synthetic benchmarks_. | | In seriousness, though, this is an issue. Elsewhere, I | observe arguments about eg userbenchmark rankings, and the | comparative relevance of single-core vs multicore | performance. Are you playing a game, or rendering video | 24/7 -- or running some entirely synthetic workload that | allows for a peak performance the real world would never | achieve? Same kinda problem. | duxup wrote: | > the equivalent of an average coal power plant | | Produces in an hour, four hours? | rimunroe wrote: | I'm pretty sure you're mistaking power for energy. Watts are | units of power, which is the rate of change in energy (joules | per second). Asking for how much power something produces in | an hour is like asking how many miles per hour your car goes | in an hour. | lordnacho wrote: | Continuous. We need one less coal plant to support the | Firefox code after the bug fix. | akomtu wrote: | Coal makes only 12% of the electricity, in the US at least. | Natural gas makes 36% and oil makes 33%. | | https://www.eia.gov/energyexplained/us-energy-facts/ | flangola7 wrote: | What does that have to do with anything? "Coal plant" is | being used as a unit of power here. | akomtu wrote: | And a unit of pollution. I'm sure that one extra solar | plant or hydro plant wouldn't draw as much attention. | sdfghswe wrote: | > let's assume the bug wasted 5 extra watts 4 hours a day. | | How did you come to this? | mrinterweb wrote: | Great question. Based on my use, it would be a lot more than | 5 watts/day. | rationalfaith wrote: | [dead] | MagicMoonlight wrote: | "Bug" | dbg31415 wrote: | I have screamed about this like a crazy person and filed bugs and | was always told, "Meh there's nothing there..." | | But if you use Firefox to call yourself on Chrome... you'll see | that Firefox takes up a TON more energy on an Intel MBP than | Chrome does. | | You can tell because Firefox literally heats your laptop up to do | streaming videos. You hear the fans kick on, the laptop gets | hotter to hold. | | Anyway I'm sure there are more bugs like this! Glad Firefox is | getting some of the people to fix their code... but look, | Microsoft isn't the only culprit. Until Firefox takes as little | power as Chrome in MacOS & Windows... I think we should all stay | outraged! (= | GrumpyNl wrote: | maybe AI helped them out. | neilv wrote: | When I've heard people speak of changing Web browsers in recent | years, I think the two most common reasons given are performance | and privacy. | | I wonder whether this situation with Microsoft Defender cost | Firefox some market share. | dalmo3 wrote: | I can count at least one user that Firefox lost to this bug. | Pretty happy with Brave now, won't even bother trying FF again. | somid3 wrote: | Conspiracy theory -- could this have been done on purpose for | browser share dominance purposes? | toenailtag wrote: | I would bet it is more likely that MS devs noticed but just | didn't care. The farthest it would have gotten in conversation | with QA triage would have been "does this issue affect any of | our services? Ok then that is Mozilla's problem." | shadowgovt wrote: | Sometimes, but probably not in this context. | | a) That'd be a very untargeted way to get that effect; Firefox | isn't the only app that's going to be making calls like that. | | b) Mozilla doesn't need any help losing marketshare in this | era. | shadowgovt wrote: | Woof, that's a long time for a bug like that to have sat around | and Mozilla to not have come up with a workaround for it. | 29athrowaway wrote: | "DOS ain't done until Lotus won't run" | | "Windows ain't done until Firefox won't run" | jupp0r wrote: | You'd think they'd target Chrome (>60% market share on Desktop) | rather than Firefox with < 8% market share. | uoaei wrote: | The new Edge browser is basically a revamped Chromium, so | that'd be a pretty dumb move. | recursive wrote: | Seems less dumb than targeting Firefox though. Presumably, | in the universe of this conspiracy hypothesis, they would | do it in a way that wouldn't effect Edge. | uoaei wrote: | Then they would lose any semblance of plausible | deniability, which would expose them to being positively | identified as bad actors. What it looks like now is mere | incompetence in the face of enormous complexity, which | means they lose a lot less face compared to doing what | you suggest. Put bluntly, they're hiding within the space | covered by Hanlon's razor. | dylan604 wrote: | if processName != Edge {} | andrewstuart wrote: | DOS ain't done till lotus won't run. | NelsonMinar wrote: | It's so frustrating this discussion took _five years_. | | I'd be grateful for an overview of the bug. I don't think I've | seen it on my two systems but I can't be confident. | stronglikedan wrote: | Five years is nothing for MS. You should see how long the bug | in File Explorer has been there, where after navigating to a | folder and pressing the down arrow, the _second_ item is | selected instead of the first. And it 's one of those things | that, even though I'm aware of it, it still always catches me | causing extra keystrokes. It's like they're trying to _force_ | me to use the mouse for some reason. | zamadatix wrote: | That one I can almost agree with the reasoning for. The first | item is selected by default but also by default you have to | intentionally trigger a keyboard navigation for it to go into | that mode since most don't intend to do that when hitting | enter on a freshly loaded directory. As evidence of this | behavior instead of hitting a directional key to change the | selection whacking space should activate the highlight on the | first item and then another navigation action is needed to | actually do anything. | | I think it'd be more convenient (for me as a keyboard centric | user at least) if it were done differently but I don't think | it's actually a bug as much as an intentional decision at the | cost of keyboard user. This is unlike the Defender issue | where it's of no purpose to be significantly slower than it | needed to be. | bsder wrote: | Windows Update and Windows Defender are _notorious_ piles of | shit that eat up huge amounts of CPU for seemingly no reason. | | The problem is that there is _zero_ incentive to get them | right. Nobody is going to get promoted because they use 10% | less CPU. Nobody is losing their bonus because 10% of all | computers melt down. etc. | MuffinFlavored wrote: | What apps other than Firefox might this have affected that badly | (75% CPU usage)? | CWuestefeld wrote: | It's not clear to me if it's the same bug, but recent | conversation here about this issue had this to say [1]: | | > It also has a bug(?) which makes method calls 100x slower in | PowerShell 7: | https://github.com/PowerShell/PowerShell/issues/19431 | | [1] https://news.ycombinator.com/item?id=35459984 | fsfod wrote: | I would think anything with a JIT that is toggling the page | protection for machine code many times a second, based on a | very quick reading of the bug report talking about | VirtualProtect calls and the processing of ETW events for them | by defender. | sfink wrote: | I don't think anything is toggling them back and forth, it's | just that a lot of chunks of executable code are being | produced. But I could be wrong; maybe if you have space left | for more code on a page, you'll toggle it off and append some | new code, then toggle it on again. | | My guess is that this would mostly come from inline caches | (ICs), since they're typically small and a lot of them are | generated. | xnx wrote: | I'm hoping that this fixes other apps, because Defender active | scanning is a huge and near constant strain on my CPU. | agloe_dreams wrote: | I had an issue in early builds of W11 with use of WSL 2 & Node, | Github and VS Code. Something in the git change detection | process caused Defender to decide it just decided it wanted | 100% of a single thread on the 5600X system I was using. While | coding it would just have a core screaming at well over 4Ghz. | Just all of Mankind's greatest innovations that lead to 7nm | lithography and incredible processor design just to be a space | heater. I never did get it figured out at the time. It also re- | enables itself. So that's cool. | sfink wrote: | Defender (or other AV) can slow down a lot of things, but in | terms of the exact way that Firefox ran into it, the other apps | would be anything with a JIT. Well, a JIT that uses memory | protection as a security measure, though that's very common. | (After generating executable code, the JIT marks the pages as | executable but non-writable, so an attacker can't change the | code after it starts running.) | | Although the V8 JIT stopped using this, at least in some | configurations (?), for the stated reason that it's not perfect | --another thread could sneak in and modify the executable code | in between when it was generated and when it is protected in | preparation for execution. They're instead planning to rely on | memory protection keys, which should be faster and more robust, | but are only available on some hardware. | | JITs can show up in unexpected places. Regular expression | engines will sometimes have a JIT. | | So... I don't know? | snerbles wrote: | Newer versions of Thunderbird have been rendered completely | unusable unless I exclude | %userprofile%\AppData\Local\Thunderbird from real-time scans. | Avamander wrote: | Thunderbird is atrociously slow even without an AV with any | mailbox that isn't tiny. Could it be that yours has just | grown over the years and Defender amplifies it? | snerbles wrote: | It went from ~20 seconds of freezing on every server | request to no freezing at all after adding the exception. | That's quite the amplification. | Culonavirus wrote: | All of them? From IDEs through games to email clients. Remove | that malware as soon as you can. Either replace it with some | more competent antivirus (not sure there are any) or don't use | any antivirus at all - as a visitor of this site you should | generally know what you're doing and what is and what isn't | safe. I use https://github.com/jbara2002/windows-defender- | remover and have been running my Windows machines without any | antivirus and without any issue for years (if you ask how do I | know Defender sucks if I don't run it - I do run it at work | where I can't remove it - only disable it temporarily and it | turns itself on again after a while). | rzzzt wrote: | Eclipse and IDEA both have tickets dedicated to Defender's | shenanigans: https://github.com/microsoft/java-wdb/issues/9 ___________________________________________________________________ (page generated 2023-04-10 23:00 UTC)