Confirmed users
381
edits
Performance/Telemetry: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
Telemetry allows developers to receive aggregate data of browser health in the field | Telemetry allows developers to receive aggregate data of browser health in the field. Note, currently Telemetry info is not gathered by the crash reporter. | ||
* [https://developer.mozilla.org/en/XPCOM_Interface_Reference/nsITelemetry MDC Doc] | |||
* [[Privacy/Reviews/Telemetry|Privacy Review]] | |||
* [[Security/Reviews/Firefox6/ReviewNotes/telemetry|Security Review]] | |||
== Telemetry gotchas == | == Telemetry gotchas == | ||
= Aborts = | === Aborts === | ||
Telemetry uses chrome's UMA_* macros in histogram.h. These are presented via nsITelemetry to JS. | Telemetry uses chrome's UMA_* macros in histogram.h. These are presented via nsITelemetry to JS. | ||
In debug mode histogram code will check the histogram name is always used with the same histogram type, minimum, maximum, bucket_count parameters. If these checks fail, then the program aborts. One needs to make sure that the same histogram is used consistently across the codebase. Typically histograms are only accessed from a single place in a codebase, so this isn't a problem. | In debug mode histogram code will check the histogram name is always used with the same histogram type, minimum, maximum, bucket_count parameters. If these checks fail, then the program aborts. One needs to make sure that the same histogram is used consistently across the codebase. Typically histograms are only accessed from a single place in a codebase, so this isn't a problem. | ||
= Threading = | === Threading === | ||
Histograms should always be accessed from the same thread as they are created. Creating a new histogram (or obtaining an existing one) is protected by a lock. However accumulating data is not thread-safe. | Histograms should always be accessed from the same thread as they are created. Creating a new histogram (or obtaining an existing one) is protected by a lock. However accumulating data is not thread-safe. | ||
= Timing Attacks = | === Timing Attacks === | ||
Probes must not appear in code paths that are sensitive to timing attacks on passwords/keys. | Probes must not appear in code paths that are sensitive to timing attacks on passwords/keys. | ||
= Addons = | === Addons === | ||
Addons must not add probes because we cannot evaluate them for privacy problems. Addons introduce a security liability of having Firefox send potentially private information to our servers. | Addons must not add probes because we cannot evaluate them for privacy problems. Addons introduce a security liability of having Firefox send potentially private information to our servers. | ||