Hi Ivan, You can isolate data by just adding another key to all queries, but that has to be effectively done for all data access, which is the hard part. For example, there is a window.name DOM property that is used as a window cookie. That access would need to be keyed by origin to properly follow the same-origin policy. It is much easier to just constrain a process to your security context.
For example, when you log into a server with ssh, it does "privilege separation" where your user's protocol handling gets its own process run under your user. Each connection gets its own process as well. It could technically be more efficient to have one giant server process, but it probably doesn't bother many people that sshd uses privilege separation, because the design is so much easier to secure. The lack of privilege separation is a design issue, because it is harder to design and implement other aspects correctly. I use surf with patches to isolate processes by origin domain. All of these fancy new cache attacks don't work because my browser process and profile is limited to the origin domain. The CSS :visited hack for snooping my browser history doesn't work. It solves whole classes of vulnerabilities. When I look at top, I see a lot of memory usage, but most of that is shared mappings. What I look at is the active memory use, and virtual memory statistics, to see what is going on with memory. The only performance issue I deal with is when crossing origin domains in links, because it opens up a whole new surf process, but since my browser profiles are per-origin, the cache lookups stay fast, and the browser doesn't get sluggish over time the way firefox does. When I close a window for an origin, the state for that window gets killed completely. For example, if I leave Facebook by closing the window, its memory-cached objects are totally gone, unlike with firefox, where the objects are still sprinkled everywhere, so their memory pages have a harder time being marked inactive, because they are touching other objects. For example, if those objects are in a linked data structure, like a linked list or a tree, then they need to be constantly traversed to find other data, so the pages can't be marked inactive. Firefox actually has a feature that asks you to reset your browser profile and restart the process periodically, because it gets so bloated. The unified state design meant to improve efficiency clearly backfires in that case. Basically, memory usage is actually a topic with a lot of subtleties that affect performance, and to speak of it generally, if you manage state in a way that is generally more organized, then the VM subsystem of the OS can manage it more effectively. Surf has a different design, so it hangs in different places than other browsers do, and it is noticeable, so it may feel sluggish sometimes, but it also is noticeably less likely to bloat over time. I often have a lot of browser windows open, and it doesn't seem to have more memory pressure than firefox. When I am taxing my system, surf and firefox both take some time to page back into active state, and that is the true test of memory issues, I think. I doubt you would see another browser beating surf in that test, except for dillo, and other browsers with minimal rendering engines. If you are seriously concerned about memory usage, you can do a portion of your browsing in dillo, and leave surf for the stuff that doesn't work. I have a dmenu(1) command to start a new browser in a new tabbed(1) tab, and have an argument that lets me specify dillo instead of surf. I still run firefox for convoluted billing systems, but not for daily browsing that is exposed to ad networks. I use surf for most browsing. Ben Original Message From: Ivan Tham Sent: Tuesday, June 2, 2015 7:37 AM To: dev@suckless.org Reply To: dev mail list Subject: Re: [dev] [surf] Using more memory than firefox On Mon, Jun 01, 2015 at 09:54:46AM -0700, tauto...@gmail.com wrote: >Hi Ivan, >Also, I prefer to isolate state between different browser windows/tabs. If >firefox is sharing process state between windows, and saving memory usage that >way, then I see it as a security design issue. Hi, Is there any way to share process to save memory without having a security design issue? This may save up a lot of memory. Extra: How do I open a link in surf using the keyboard in the current window and in a new window? -- _____________________________________ < Do what you like, like what you do. > ------------------------------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || ||
