Hacker Remix

Vimium – The Hacker's Browser

93 points by stefankuehnel 1 day ago | 81 comments

lvncelot 1 day ago

For Firefox, I'm using Tridactyl[1] and am very happy with it, hint mode is an absolute god send.

[1] https://github.com/tridactyl/tridactyl

kqr 1 day ago

I'm still a little sad Vimperator – the precursor to all of these – does not work in modern browsers because it was so good but Tridactyl is certainly as close as one is allowed to get with WebExtensions.

mmcdermott 17 hours ago

Same here. I've never been able to stick with any extension post-Vimperator. They've all just felt too clumsy. It's led to my tinkering with qutebrowser from time to time because it is seamless.

_giorgio_ 24 hours ago

I had a lot of problems with that. The "disable on some domains" functionality was broken for years. Probably they fixed it by now. Vimium worked and works better.

bovine3dom 14 hours ago

You can almost totally disable Tridactyl on a domain with `:seturl [URL] superignore true` now for what it's worth.

`:blacklistadd [URL]` remains a much better option for most people for most sites because it lets you easily re-enable Tridactyl temporarily.

Glad you're happy with Vimium :)

eproxus 17 hours ago

If you are on macOS and mainly use the link hints, Homerow (paid) gives you link hints for the entire OS (including browsers and web pages): https://www.homerow.app

It's one of my favorite macOS apps that I can't live without.

mikae1 1 day ago

I'm sorry but this is near unusable since the death of XUL and introduction of WebExtensions. I was a truly avid user of VimFX which did the same thing. Vimium these days does not work when a page hasn't finished loading and it doesn't work on blank pages (about:blank) or any other "system page" (like the preferences or addons). The "o" key can no longer highlight the address bar but brings up a non-native address bar that does not find my bookmarks as it should.

Imagine you couldn't click on another tab with your mouse pointer while the current active one is loading. Yes, it's as terribly frustrating as it sounds.

In the XUL days I could even use vim shortcuts to access every button in the Firefox UI!

Luckily there is a solution for now. VimFx[1] is still being updated and works with the LegacyFox shim!

[1] https://github.com/akhodakivskiy/VimFx

forgotmypw17 1 day ago

Have you heard about qutebrowser, Luakit, and Nyxt?

I like qb the most, as it's fairly stable and fully-featured. It offers full keyboard control, and many cool features like bindings for host-granular permissions for js and images, and is also scriptable. Built-in decent adblocker.

The main annoyance about it for me is it doesn't come with DRM, but it could also be seen as a feature, because it saves me a lot of time I'd otherwise watch arguably crap content.

mikae1 1 day ago

> Have you heard about qutebrowser, Luakit, and Nyxt?

Yes, but neither support extensions AFAIK. Not ready to take my browsing back to a pre 2004 era. :)

forgotmypw17 4 hours ago

The two extensions I use by far the most, an ad blocker and keyboard accessibility are built-in.

anthk 17 hours ago

Nyxt doesn't need limited Chrome/Firefox like extensions. With Common Lisp you can do far more, and by default.

mikae1 17 hours ago

…if you have time and knowledge to rewrite all the WebExtensions you rely on in day-to-day browsing in Common Lisp?

That's a rather big if. :-D

anthk 14 hours ago

You understimate the power of CL...

https://nyxt.atlas.engineer/article/dbscan.org

The-Compiler 20 hours ago

DRM should work just fine via Widevine if you have a Qt build with proprietary codec support, and you have an appropriate version of Widevine available.

See https://doc.qt.io/qt-6/qtwebengine-features.html#html5-drm

bramhaag 23 hours ago

Keep in mind that using LegacyFox is not a silver bullet. It will disable sandboxing and add-on signing, which will impact the security of your browser.

rauli_ 1 day ago

Completely agree but it's the best we got at the moment if you want to use the non-XUL version of Firefox.

mikae1 19 hours ago

There's Waterfox too. It supports VimFx without LegacyFox.

_giorgio_ 24 hours ago

All addons are disabled on system pages.

I've never experienced your problems, Vimium works on any tab, indipendently from the others.

I don't understand your glitches, really.

mikae1 19 hours ago

> All addons are disabled on system pages.

Yes, this is true for all WebExtensions. But I don't care if uBlock Origin or any other extension I use doesn't work on "system pages". However, I'd like to use my choice of navigation wherever I am in the browser.

Keyboard navigation requires a deeper integration with the browser (than WebExtensions allows for) to achieve a consistent experience.

> Vimium works on any tab, indipendently from the others.

What I'm trying to say is that Vimium keyboard navigation stops working when a page is loading.

I tried to illustrate my frustration to those only used to mouse navigation by saying that switching tabs with your mouse buttons and pointer freezed if the current page was loading. That would suck, right?

> I don't understand your glitches, really.

Do yourself a service and just be happy that you can't tell the difference between XUL generation keyboard navigation and the current state if affairs. :-D

_giorgio_ 18 hours ago

LOL, this is the most crazy stuff I've ever read.

Since all addons are disabled on the system pages, you come up with a lunatic analogy that means absolutely nothing. "Imagine that...". What addon, if any, works on firefox system pages?

Vimium always works... what low speed connection do you have for being unable to load any page in a fraction of a second? Beside that, I often use jk or whatever before the page is completely loaded.

mikae1 15 hours ago

> Since all addons are disabled on the system pages, you come up with a lunatic analogy that means absolutely nothing. "Imagine that...". What addon, if any, works on firefox system pages?

You've misinterpreted me twice. I don't know how I would rephrase it again so that you understand.

_giorgio_ 10 hours ago

You're just trying to give reality and consistency to problems that exist only in your head. It's sad to witness such a dissonance.

weinzierl 23 hours ago

I wish there was a browser as secure as Chrome but hackable without restrictions.

I do not think this is a contradiction, at least not from a technical perspective. I am willing to take the responsibility for all actions and modifications I do to my own browser but I need it be secure against all influences out of my control. And I need it come with secure defaults. To be competitive it needs to come without awkward restrictions that e.g. an external sandbox would impose.[1]

I don't think projects like qutebrowser, LuaKit and the many others fit that definition. Not being mainstream means by definition not getting as much security scrutiny as the dominant browsers.

What we really need is a hackable mainstream browser for people that need protection from the bad guys but not from themselves.

[1] I personally would make the concession that supporting a reasonable subset of the web was fair game.

The-Compiler 20 hours ago

The majority of security issues in browsers is in the more low-level components (rendering engine, sandbox, network stack, JS runtime, etc.). None of those small browsers implement any of that themselves, they either build on top of WebKit (e.g. via WebKitGTK, like Luakit), or on top of Chromium (via QtWebEngine like qutebrowser, or via Electron like Vieb).

So you'll mostly need to focus on keeping that up to date. Some distributions (Debian/Ubuntu for example) unfortunately do a bad job at that, but you can also quite easily install them as a binary from upstream.

You still will lag behind a bit on security fixes compared to Chromium directly, that's true. In the case of QtWebEngine, they backport security fixes to the next patch release, and I know of some distributions (I think it was Fedora?) that continuously backport those before Qt releases.

That leaves you with any security issue that's e.g. in the UI, or anything that's in the browser code itself.

For the former, I believe browsers aimed at more technical users can select different tradeoffs that make things more secure (e.g. qutebrowser always shows the punycode-encoded version of a URL if there's non-ASCII in it, while big browsers try to detect whether there are any confusables in it and only show it then - yet new ones are added every once in a while).

For the latter, qutebrowser has had three security bugs in almost 11 years.

weinzierl 15 hours ago

Unfortunately I don't share your optimism regarding how hard it is to mess up in the upper layers. I also don't think it really is a technical problem.

The question is if we can get a significant number of eyeballs on such a hackable browser. If enough people have a vested interest, security will follow. Without enough users every effort is futile.

I really hate to be harsh to alternative browsers, because they are all we've got right now now, but three security bugs in 11 years says not much if the user base is that small.

slightwinder 20 hours ago

Maybe someone should fork Firefox and make it hackable again. Probably not even that hard. Fix the keybindings, add some first-class-support for userscripting, local extensions and interaction with local system.. All those forks are just focused on adding more privacy or new addons at the moment.

omeid2 23 hours ago

https://firefox.com

weinzierl 22 hours ago

Not hackable enough. Just see the comments here about how extensions like Vimium are limited why projects like the mentioned qutebrowser and Luakit exist.

Also, even if Firefox retains some of its hackability it can be gone tomorrow. I say this with a heavy heart, I personally lost trust in Mozilla as reasonable stewards of Firefox and allies that would protect Firefox users' freedoms. I don't want to drive this thread into that direction, if you're interested there should be enough in my comment history to give you an idea about the reasons and why I think like that.

speedgoose 23 hours ago

Is it as secure as Google Chrome though?