July 9th, 2009

ronin

Why is FireFox 3.5 is so slow to start up? Clean out your temp dirs and see...


That forum thread revealed what the true cause was of this disk trashing and delay at startup. I have to warn you though. If you're a developer, your software engineering fire will die a little when you read the true cause and from then on you will have to fight off thoughts of giving up development altogether and apply for a job in marketing or HR. So what was it, what's the cause of this slowness? It's NSS. What? The Network Security System. It turns out that NSS needs to do all kinds of encryption and other security related tasks, and for that it needs random numbers. Sounds reasonable, right?

True random numbers are hard to produce, because in a computer system, nothing is really random, it all is a result of some action which was a result of some action etc. etc. The clever boys and girls of the NSS team had to crack this problem: how to get 'true' random numbers which are as random as possible? Instead of using the randomization functionality of the underlying operating system (which has this feature build-in as every TCP stack for example needs it), they did what Mozilla in general always does: they re-invented the wheel.

To solve the problem of the randomization, the NSS team came up with something clever, something so great, that no-one else had ever thought of that before: they decided to read the files in all possible temp folders on disk with multiple threads so these files can be used as seeds for the randomization. Brilliant. Temp folders! Why hasn't anyone else thought of using a disk-based resource for random number generation! I mean, these folders change every couple of milliseconds, have immediate access, no latency to read their contents and are never filled to the brim with useless cruft!

That is, if you're on the NSS team. In the outside world, things are a tad different. You see, Firefox v3.5 reads the Internet Explorer Cache and the central Windows temp folder in your user profile, through its NSS subsystem. Not only is it, in my humble opinion, not done to read another application's caches or temp folders, it's also amazingly ignorant towards the real bottlenecks of our modern computers: hard-drives. If you're using a virus-scanner which is set to paranoia mode, this whole temp folder traversal by NSS will be even slower because every file accessed will be scanned by the virus scanner. Over and over and over again. And what happens if the user doesn't do anything else but browse with Firefox, so these temp folders will not change (or are empty)? Isn't using file reading the worst way to obtain a seed for randomization?


http://weblogs.asp.net/fbouma/archive/2009/07/09/the-firefox-3-5-fiasco.aspx

Often in life, you know that X is the wrong way to do things. You just don't know what the right way is. This is obviously the wrong way, but what's the right way?

If you ask me, it's long past time we stopped using software psuedo-random number generators. Hardware based single microchip true RNGs are available and not very expensive. There's no good reason we can't have one on every motherboard. (Or for that matter, just put one on a USB stick.)

Until then? Well, maybe the short-term fix is simply to not read every damn file in the temp directory on program startup? Some kind of read limit (read N files and then stop; read up to X kB from as many files as required to get there and then stop), or sampling scheme (read only 1 out of every N files, and scale N proportionally to the number of files in the temp directory, so as to maintain a constant number of files read) might be in order.

Failing that, maybe what we need is to delay all this randomization until it's actually used. I suspect most of us never use HTTPS in a typical browsing session. How about a dialog window that pops up the first time we start an HTTPS connection, reading "Generating random encryption keys..." That way at least people understand that their security comes at a time cost. And those of us who don't want (or need) secure connections don't pay a time penalty for functionality we're not using.


Edit:

So, here's what I did in Vista: Open IE, use the Tools or Options or whatever menu to clear all caches, cookies, saved form data, everything. (I never use IE, so I don't mind wiping it. If you use IE... well, you're pretty much screwed anyway.) Second, open a command prompt. Now close all other running applications - everything. In the command prompt, type "cd %temp%". That will take you to your user temp dir. Now type "cd .." to jump up a level. Now do "rmdir /s Temp" to remove the temp dir and all the files in it. Exit the command prompt. Just to be safe, I also rebooted.

The first startup of FireFox was still about 3 seconds, mostly due to loading time. The second and subsequent startups are all < 500ms.