Created attachment 1028068 [details] Compressed wireshark capture file showing konqueror starting up Description of problem: When konqueror opens the start.fedoraproject.org page, there's a hidden video that a kioslave starts pulling immediately: https://mattdm.fedorapeople.org/council/2015-05-11_Fedora-Council_Subproject-Status-Marketing.webm despite the fact it's not exposed. Konqueror won't then go away but has to be killed. I didn't realise this was happening until I hit the ISP's monthly bandwidth cap on the 18th of the month having apparently inadvertently downloaded around 24G from this file during working hours. I used wireshark to capture a trace (attached) which shows almost 8000 packets being shifted in around 15 seconds. Konqueror is started 15 seconds into the trace (at packet 2) and killed at about 30 seconds in (at around packet 7600). The vast majority of packets are to/from local TCP6 port 56477, starting with packet 51. Address 2001:8b0:194:0:96de:80ff:feb4:ecc3 is my home machine (warthog). Address 2610:28:3090:3001:5054:ff:fedb:7f5a is {mattd,mattdm}.fedorapeople.org - though there's no reverse DNS mapping for it, the server name can be picked out of the opening TLS packet. Grabbing the source for the start page, the only URL to mattd is this: <img src="https://mattdm.fedorapeople.org/council/2015-05-11_Fedora-Council_Subproject-Status-Marketing.webm"> which seems to be placing a streaming video as a static image. The video should be hidden according to the previous line: <div class="col-xs-1 col-sm-1 hidden-xs"> and shouldn't be played until it is exposed. It appears that the IMG tag is assumed to be a static image (or an animated image) and just downloaded to the cache by the kioslave - with bad results when the image turns out to be video. Version-Release number of selected component (if applicable): konqueror-15.04.0-1.fc21.x86_64 How reproducible: 100% Steps to Reproduce: 1. Start konqueror at start.fedoraproject.org 2. Observe lights on switch go beserk as the kioslave hammers the network. 3.
This problem affect Chrome also.
I suspect the website code doesn't work as intended, probably ought to raise issue with websites team.
Opened ticket, https://fedorahosted.org/fedora-websites/ticket/327
The website has already been fixed. However, it may be worth limiting the amount of data that will be downloaded for an IMG tag, just in case something like this happens again. Also, if I close my browser, the IMG tag downloads it is waiting for should perhaps be aborted rather than accruing konqueror corpses.
Sounds like a potentially good report/feature-request for upstream (at bugs.kde.org)
Closing (cantfix here, upstream needs to implement the fix/feature), and since the immediate problem is fixed.
Should I raise it?
That's up to you, if you want.