Only firefox (and gecko) is in scope here.
myriad implementations and redundancies? Is it in fact the domain of
> network *applications* to do this?
>
>
when necessary to ensure security, performance and usability
applications have always availed themselves of customizations beyond
that provided by the operating system. Firefox will do so on a case by
case basis.
> Isn't this a systems function that should be left to the system
> itself?
That's always a judgment call. I mean we have our own set of PKI roots
bundled in firefox - so we aren't purists on the issue when we think we
can bring value.
> I seem to remember another out-of-scope foray where FF was using
> built-in dns server addresses behind the user's back a while ago,
>
I don't believe that is true - I would be interested in any citation you
had. That being said, we don't do that because at this point in time we
don't think it would be a good user experience. If we had a model where
it added value we would consider doing so openly and likely with user
choice.
> still happening too? Why is FF going here? Why does it *need* to? Do
>
sometimes the underlying services and even standards they implement have
trouble at web scale - especially at the tail.
The issues Daniel are working with are correlated with network mobility
- that's why he is using changes in addressing as a proxy for mobility.
This can manifest itself in some odd ways: TCP can simply stall for
minutes (or hours) before figuring out the connection isn't working any
more, that's a bad user experience. Your proxy selection may or may not
be relevant after such an event. Same thing with your DNS cache because
of split DNS. Some unauthenticated data that you used in one location
might want to be flushed from cache when you move, etc.. We see this
when you wake from a sleep with an open H2 session - an attempt to
reuse it can just hang for a long time without any feedback Daniel's
code provides a framework for when more aggressive timeouts are
appropriate.
And we are actively working on this stuff in the standards space where
applicable.
> This kind of stuff is out-of-authorized-and-expected-scope for a user
> program, and frankly is more than a little creepy. I know others will
> share this concern if/when they are aware of it.
>
>
I don't share your concern that awareness of local addressing is out of
scope for a user space application. Indeed, enforcing security around
that kind of thing is the role of the operating system and we wouldn't
attempt to subvert that. The OS provides an unpriv'd interface to learn
about address changes and we're listening to it - not a big deal.
========================================================================
I've had to cut and paste the thread parts into position above to help
provide some context here. Their nesting is of course broken now. It's
generally acceptable, and indeed appreciated to continue to use the
complete message thread, keeping it intact, replying inline if desired,
but it's generally not helpful to cherry pick parts of a thread and
still reply to the original thread with most of it missing. It simply
makes it impossible to follow without opening every single response
individually. That has been the case for the twenty plus years I've
been using mailing lists anyway.
From my read of the fist post that I saw, which I will admit was
incomplete and missing most of it's context, you, Daniel, are
discussing adapters being removed from the system, analyzing routing
tables, counters, considering virtual tunneling adapters, etc. What's
creepy, is that a generic user-level network application is concerning
itself with low level system information. Strictly speaking, this data
is really none of FF's business.
I get you are concerned with your users experience and you want to make
it as performant as possible, and while I laud your commitment to your
user base, I think your efforts could be more useful at the system
level.
I get also that you work for Mozilla, so you are seeing it through that
lens, that set of restrictions, and from that set of issues and
requirements.
However, I think your energies should probably be put toward helping to
fix the underlying part that's non-optimal, not hacking stuff on top of
a networking stack that's obviously inadequate to deal with roaming at
speed, or docking/un-docking/un-suspending - because apparently that's
become a huge issue.
Perhaps time better spent would be teaching users that changing network
adapters or state will negatively impact active network applications.
Hacking in workarounds to cater to the least aware and informed amongst
us is causing you to veer outside of your lane, and really should be
avoided.
Just because others (Chrome?) are taking the approach of cobbing system
stuff into a browser does not mean Mozilla should too.
As for the dns topic I mentioned, my concerns there were eerily similar
to these here. The dns thread is here Patrick, to which you responded a
few times:
https://groups.google.com/forum/#!topic/mozilla.dev.tech.network/D8UmrLZZh5k
The fact that the concern I mention is very similar for two very
different things says to me that straying into the system arena and
(attempting to) control and/or bypass system stuff is not an unusual
event, is not seen as off-limits, and in fact is seen as completely
acceptable if it serves your immediate purposes.
My opinion is that this basic mindset and approach is ineffective,
non-standard, somewhat irresponsible, will lead to multiple variously
hacky redundant implementations across similar applications, add even
more bloat, provide less security, and increase the likelihood of even
more privacy invasion. All in the name of 'fixing' something that
arguably is not actually broken.
That's what concerns me.
--
Regards,
Christopher