It is using what OS processes where created in first place.

Unfortunately the security industry has proven the why threads are a bad ideas for applications when security is a top concern.

Same applies to dynamically loaded code as plugins, where the host application takes the blame for all instabilty and exploits they introduce.

Yes, Firefox is also doing the same, however due to the nature of Firefox's processes, the OS doesn't lose much responsiveness or doesn't feel bogged down when I have 50+ tabs open due to some research.

If you need security, you need isolation. If you want hardware-level isolation, you need processes. That's normal.

My disagreement with Google's applications are how they're behaving like they're the only running processes on the system itself. I'm pretty aware that some of the most performant or secure things doesn't have the prettiest implementation on paper.

There used to be a setting to tweak Chrome's process behavior.

I believe the default behavior is "Coalesce tabs into the same content process if they're from the same trust domain".

Then you can make it more aggressive like "Don't coalesce tabs ever" or less aggressive like "Just have one content process". I think.

I'm not sure how Firefox decides when to spawn new processes. I know they have one GPU process and then multiple untrusted "content processes" that can touch untrusted data but can't touch the GPU.

I don't mind it. It's a trade-off between security and overhead. The IPC is pretty efficient and the page cache in both Windows and Linux _should_ mean that all the code pages are shared between all content processes.

Static pages actually feel light to me. I think crappy webapps make the web slow, not browser security.

(inb4 I'm replying to someone who works on the Firefox IPC team or something lol)

> inb4 I'm replying to someone who works on the Firefox IPC team or something lol

The danger and joy of commenting on HN!

I'm harmless, don't worry. :) Also you can find more information about me in my profile.

Even if I was working on Firefox/Chrome/whatever, I'd not be mad at someone who doesn't know something very well. Why should I? We're just conversing here.

Also, I've been very wrong here at times, and this improved my conversation / discussion skills a great deal.

So, don't worry, and comment away.

> As another test point, Firefox doesn't even blink at a symmetric gigabit connection going at full speed (my network is capped by my NIC, the pipe is way fatter).

FWIW Firefox under Linux (Firefox Browser 100.0.2 (64-bit)) behaves pretty much the same as Chrome. The speed raises quickly to 5-8Gb/s, then the UI starts choking, and the shown speed drops to 500Mb/s. It could be that there's some scheduling limit or other bottleneck hit in the OS itself, assuming these are different codebases (are they?).

I'd love to test and debug the path where it dies, but none of the systems we have firefox have pipes that fat (again NIC limited).

However, you can test the limits of Linux by installing CLI version of Speedtest and hitting a nearby server.

The bottleneck maybe in the browser itself, or in your graphics stack, too.

Linux can do pretty amazing things in the network department, otherwise 100Gbps Infiniband cards wouldn't be possible at Linux servers, yet we have them on our systems.

And yes, Chrome and Firefox are way different browsers. I can confidently say this, because I'm using Firefox since it's called Netscape 6.0 (and Mozilla in Knoppix).

From my experience long ago, all high performance networking under Linux was traditionally user space and pre-allocated pools (netmap, dpdk, pf-ring...). Did not follow, how much io_uring has been catching up for network stack usage... Maybe somebody else knows?

While I'm not very knowledgeable in specifics, there are many paths for networking in Linux now. The usual kernel based one is there, also there's kernel-bypass [0] paths used by very high performance cards.

Also, Infiniband can directly RDMA to and from MPI processes for making "remote memory local", allowing very low latencies and high performance in HPC environments.

I also like this post from Cloudflare [1]. I've read it completely, but the specifics are lost on me since I'm not directly concerned with the network part of our system.

[0]: https://medium.com/@penberg/on-kernel-bypass-networking-and-...

[1]: https://blog.cloudflare.com/how-to-receive-a-million-packets...

I have a service that beats epoll with io_uring (it reads gre packets from one socket, and does some lookups/munging on the inner packet and re-encaps them to a different mechanism and writes them back to a different socket). General usage for io_uring vs epoll is pretty comparable IIUC. It wouldn't surprise me if streams (e.g. tcp) end up being faster via io_uring and buffer registration though.

Totally tangential - it looks like io_uring is evolving beyond just io and into an alternate syscall interface, which is pretty neat imho.

I'm not talking about the version which evolved to Seamonkey. I'm talking about Mozilla/Firefox 0.8 which had a Mozilla logo as a "Spinner" instead of Netscape logo on the top right.

Netscape 6 was not firefox based https://en.m.wikipedia.org/wiki/Netscape_6

Firefox 0.8 did not have netscape branding http://theseblog.free.fr/firefox-0.8.jpg

> Netscape 6 was not Firefox based.

I know. Firefox was not even an idea when Netscape 6 was released. However, inverse is true. Firefox is based on Netscape. It's just branched off actually. It started as a pared down version of SeaMonkey apparently.

The thing I was remembering from Knoppix 3.x days was "Mozilla Navigator" of SeaMonkey/Mozilla Suite, which is even older than Firefox, and discontinued 3 years later. I just booted the CD to look at it.

At the end of the day, Firefox is just Netscape Navigator, evolved.