Opened 6 years ago

Closed 2 years ago

#10355 closed defect (worksforme)

Pipeline defense interferes with twitter and flickr photostreams

Reported by: mikeperry Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-usability-website, tbb-testcase, tbb-firefox-patch
Cc: isis, gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The Pipelining defense appears to damage flickr photostreams and twitter media streams. In both cases, these sites experience page load issues and dead images.

In brief ad-hoc testing, reducing network.http.pipelining.max-optimistic-requests to 10 seems to allow all images to load, but more testing is needed.

Child Tickets

Change History (14)

comment:1 Changed 6 years ago by gk

Cc: gk added

comment:2 Changed 6 years ago by gk

Keywords: tbb-testcase added

comment:3 Changed 5 years ago by isis

Keywords: mikeperry201406R added
Status: newneeds_review

I've been setting:

user_pref("network.http.pipelining.aggressive", false);
user_pref("network.http.pipelining.maxrequests", 10);


in my prefs.js, and I'm not certain that it entirely fixes the issue, but it appears to help immensely.

comment:4 Changed 5 years ago by mikeperry

Hrmm.. Well we need to determine if this is due to the additional pipeline backoff logic that disabling "aggressive" mode causes to be used, or if it is simply the reduction in pipeline depth in general that is helping here.

I took a look at the aggressive mode code, and it looks like it *also* currently governs the depth to which we randomize the pipeline. If you disable aggressive mode, you are also disabling randomizing the depth. I am going to change this in 3.6.2/4.0-alpha-1 so that we can test these prefs independently.

comment:5 Changed 5 years ago by mikeperry

So I am unable to get this to happen on flickr or with twitter.. If someone can give me a site for which it still causes images to get dropped, we can see if either pref makes a difference independently.

comment:6 Changed 5 years ago by erinn

Keywords: tbb-firefox-patch added

comment:7 Changed 5 years ago by erinn

Component: Firefox Patch IssuesTor Browser

comment:8 Changed 5 years ago by mikeperry

Keywords: mikeperry201408R added; mikeperry201406R removed

comment:9 Changed 5 years ago by mikeperry

Keywords: MikePerry201408R added; mikeperry201408R removed
Status: needs_reviewneeds_information

comment:10 Changed 5 years ago by isis

I can't trigger this bug anymore, not even with http://postersofberlin.tumblr.com/, which has been one of my choice pipelining optimisation test pages for a while.

I tested with both my preferences that I thought were helping

Preference Name Value
network.http.pipelining.maxrequests 10

and the default:

Preference Name Value
network.http.pipelining.maxrequests 12

and I couldn't see a difference; both seemed fine.

Perhaps we were being affected by one/some of the major CDNs not having their shit together and now they've finally fixed it?

comment:11 Changed 5 years ago by mikeperry

Keywords: MikePerry201408R removed

Possible. Untagging this for now.

comment:12 Changed 2 years ago by cypherpunks

Owner: set to tbb-team
Severity: Normal
Status: needs_informationassigned

What is the current status of this ticket?

reducing network.http.pipelining.max-optimistic-requests to 10

Now it is set to 3. Is this randomization level enough for defense?
What is the way to go in esr59 where pipelining is removed?

comment:13 in reply to:  12 Changed 2 years ago by gk

Replying to cypherpunks:

What is the current status of this ticket?

I think WORKSFORME. (If not, please reopen with steps to reproduce)

reducing network.http.pipelining.max-optimistic-requests to 10

Now it is set to 3. Is this randomization level enough for defense?

As far as this experimental defense goes I think so, yes. But keep in mind this still needs thorough evaluation.

What is the way to go in esr59 where pipelining is removed?

If we want to have an (additional) in-browser defense then adapting HTTP/2 to our needs might be a good strategy.

comment:14 Changed 2 years ago by gk

Resolution: worksforme
Status: assignedclosed
Note: See TracTickets for help on using tickets.