Hacker Remix

Vimium – The Hacker's Browser

121 points by stefankuehnel 8 months ago | 84 comments

lvncelot 8 months ago

For Firefox, I'm using Tridactyl[1] and am very happy with it, hint mode is an absolute god send.

[1] https://github.com/tridactyl/tridactyl

kqr 8 months ago

I'm still a little sad Vimperator – the precursor to all of these – does not work in modern browsers because it was so good but Tridactyl is certainly as close as one is allowed to get with WebExtensions.

mmcdermott 8 months ago

Same here. I've never been able to stick with any extension post-Vimperator. They've all just felt too clumsy. It's led to my tinkering with qutebrowser from time to time because it is seamless.

_giorgio_ 8 months ago

I had a lot of problems with that. The "disable on some domains" functionality was broken for years. Probably they fixed it by now. Vimium worked and works better.

bovine3dom 8 months ago

You can almost totally disable Tridactyl on a domain with `:seturl [URL] superignore true` now for what it's worth.

`:blacklistadd [URL]` remains a much better option for most people for most sites because it lets you easily re-enable Tridactyl temporarily.

Glad you're happy with Vimium :)

mikae1 8 months ago

I'm sorry but this is near unusable since the death of XUL and introduction of WebExtensions. I was a truly avid user of VimFX which did the same thing. Vimium these days does not work when a page hasn't finished loading and it doesn't work on blank pages (about:blank) or any other "system page" (like the preferences or addons). The "o" key can no longer highlight the address bar but brings up a non-native address bar that does not find my bookmarks as it should.

Imagine you couldn't click on another tab with your mouse pointer while the current active one is loading. Yes, it's as terribly frustrating as it sounds.

In the XUL days I could even use vim shortcuts to access every button in the Firefox UI!

Luckily there is a solution for now. VimFx[1] is still being updated and works with the LegacyFox shim!

[1] https://github.com/akhodakivskiy/VimFx

forgotmypw17 8 months ago

Have you heard about qutebrowser, Luakit, and Nyxt?

I like qb the most, as it's fairly stable and fully-featured. It offers full keyboard control, and many cool features like bindings for host-granular permissions for js and images, and is also scriptable. Built-in decent adblocker.

The main annoyance about it for me is it doesn't come with DRM, but it could also be seen as a feature, because it saves me a lot of time I'd otherwise watch arguably crap content.

mikae1 8 months ago

> Have you heard about qutebrowser, Luakit, and Nyxt?

Yes, but neither support extensions AFAIK. Not ready to take my browsing back to a pre 2004 era. :)

anthk 8 months ago

Nyxt doesn't need limited Chrome/Firefox like extensions. With Common Lisp you can do far more, and by default.

mikae1 8 months ago

…if you have time and knowledge to rewrite all the WebExtensions you rely on in day-to-day browsing in Common Lisp?

That's a rather big if. :-D

anthk 8 months ago

You understimate the power of CL...

https://nyxt.atlas.engineer/article/dbscan.org

forgotmypw17 8 months ago

The two extensions I use by far the most, an ad blocker and keyboard accessibility are built-in.

The-Compiler 8 months ago

DRM should work just fine via Widevine if you have a Qt build with proprietary codec support, and you have an appropriate version of Widevine available.

See https://doc.qt.io/qt-6/qtwebengine-features.html#html5-drm

bramhaag 8 months ago

Keep in mind that using LegacyFox is not a silver bullet. It will disable sandboxing and add-on signing, which will impact the security of your browser.

rauli_ 8 months ago

Completely agree but it's the best we got at the moment if you want to use the non-XUL version of Firefox.

mikae1 8 months ago

There's Waterfox too. It supports VimFx without LegacyFox.

_giorgio_ 8 months ago

All addons are disabled on system pages.

I've never experienced your problems, Vimium works on any tab, indipendently from the others.

I don't understand your glitches, really.

mikae1 8 months ago

> All addons are disabled on system pages.

Yes, this is true for all WebExtensions. But I don't care if uBlock Origin or any other extension I use doesn't work on "system pages". However, I'd like to use my choice of navigation wherever I am in the browser.

Keyboard navigation requires a deeper integration with the browser (than WebExtensions allows for) to achieve a consistent experience.

> Vimium works on any tab, indipendently from the others.

What I'm trying to say is that Vimium keyboard navigation stops working when a page is loading.

I tried to illustrate my frustration to those only used to mouse navigation by saying that switching tabs with your mouse buttons and pointer freezed if the current page was loading. That would suck, right?

> I don't understand your glitches, really.

Do yourself a service and just be happy that you can't tell the difference between XUL generation keyboard navigation and the current state if affairs. :-D

_giorgio_ 8 months ago

LOL, this is the most crazy stuff I've ever read.

Since all addons are disabled on the system pages, you come up with a lunatic analogy that means absolutely nothing. "Imagine that...". What addon, if any, works on firefox system pages?

Vimium always works... what low speed connection do you have for being unable to load any page in a fraction of a second? Beside that, I often use jk or whatever before the page is completely loaded.

mikae1 8 months ago

> Since all addons are disabled on the system pages, you come up with a lunatic analogy that means absolutely nothing. "Imagine that...". What addon, if any, works on firefox system pages?

You've misinterpreted me twice. I don't know how I would rephrase it again so that you understand.

tonoto 8 months ago

_giorgio_ is probably not a vi/vim/nvim/neovim user..

Many years ago I used vimperator and it made Firefox behave with a very much vi-like experience. Unfortunately, the halfway implementation of Vimium (and Tridactyl) is too annoying for me so I don't have it installed.

mikae1 8 months ago

Same here. XUL style VimFx works in Waterfox if you're interested. At least it did the last time I tried.

_giorgio_ 8 months ago

Lol vimperator was horrible.

A prison for your mind.

_giorgio_ 8 months ago

[flagged]

weinzierl 8 months ago

I wish there was a browser as secure as Chrome but hackable without restrictions.

I do not think this is a contradiction, at least not from a technical perspective. I am willing to take the responsibility for all actions and modifications I do to my own browser but I need it be secure against all influences out of my control. And I need it come with secure defaults. To be competitive it needs to come without awkward restrictions that e.g. an external sandbox would impose.[1]

I don't think projects like qutebrowser, LuaKit and the many others fit that definition. Not being mainstream means by definition not getting as much security scrutiny as the dominant browsers.

What we really need is a hackable mainstream browser for people that need protection from the bad guys but not from themselves.

[1] I personally would make the concession that supporting a reasonable subset of the web was fair game.

The-Compiler 8 months ago

The majority of security issues in browsers is in the more low-level components (rendering engine, sandbox, network stack, JS runtime, etc.). None of those small browsers implement any of that themselves, they either build on top of WebKit (e.g. via WebKitGTK, like Luakit), or on top of Chromium (via QtWebEngine like qutebrowser, or via Electron like Vieb).

So you'll mostly need to focus on keeping that up to date. Some distributions (Debian/Ubuntu for example) unfortunately do a bad job at that, but you can also quite easily install them as a binary from upstream.

You still will lag behind a bit on security fixes compared to Chromium directly, that's true. In the case of QtWebEngine, they backport security fixes to the next patch release, and I know of some distributions (I think it was Fedora?) that continuously backport those before Qt releases.

That leaves you with any security issue that's e.g. in the UI, or anything that's in the browser code itself.

For the former, I believe browsers aimed at more technical users can select different tradeoffs that make things more secure (e.g. qutebrowser always shows the punycode-encoded version of a URL if there's non-ASCII in it, while big browsers try to detect whether there are any confusables in it and only show it then - yet new ones are added every once in a while).

For the latter, qutebrowser has had three security bugs in almost 11 years.

weinzierl 8 months ago

Unfortunately I don't share your optimism regarding how hard it is to mess up in the upper layers. I also don't think it really is a technical problem.

The question is if we can get a significant number of eyeballs on such a hackable browser. If enough people have a vested interest, security will follow. Without enough users every effort is futile.

I really hate to be harsh to alternative browsers, because they are all we've got right now now, but three security bugs in 11 years says not much if the user base is that small.

slightwinder 8 months ago

Maybe someone should fork Firefox and make it hackable again. Probably not even that hard. Fix the keybindings, add some first-class-support for userscripting, local extensions and interaction with local system.. All those forks are just focused on adding more privacy or new addons at the moment.

omeid2 8 months ago

https://firefox.com

weinzierl 8 months ago

Not hackable enough. Just see the comments here about how extensions like Vimium are limited why projects like the mentioned qutebrowser and Luakit exist.

Also, even if Firefox retains some of its hackability it can be gone tomorrow. I say this with a heavy heart, I personally lost trust in Mozilla as reasonable stewards of Firefox and allies that would protect Firefox users' freedoms. I don't want to drive this thread into that direction, if you're interested there should be enough in my comment history to give you an idea about the reasons and why I think like that.

speedgoose 8 months ago

Is it as secure as Google Chrome though?

eproxus 8 months ago

If you are on macOS and mainly use the link hints, Homerow (paid) gives you link hints for the entire OS (including browsers and web pages): https://www.homerow.app

It's one of my favorite macOS apps that I can't live without.

the_absurdist 8 months ago

I'm surprised no one has mentioned Surfingkeys https://github.com/brookhong/Surfingkeys. I switched over from Vimium a couple years ago. I think its more performant than Vimium and also allows you quite a bit more flexibility in your configuration.

I prefer and recommend browser add-ons over Nyxt. You'll get more compatibility by being able to use Chrome/Firefox. You'll also have a much higher chance of being able to use the same environment at work - since you can typically still install browser add-ons in developer mode even if you aren't able to get rights to install apps.

ikety 8 months ago

Not to mention the input mode

firefax 8 months ago

Does anyone have any suggestions on useful vi commands to learn?

I prefer vi over emacs, but mostly because before I was a hacker, I had an interest in systems administration -- it's so much simpler to edit config files in vi than rely on a tool that seems to require a lot of customization, but I actually usually use Sublime for anything more than a short shell script.

ilioscio 8 months ago

I personally use neovim and something I love doing is :tabedit to create a new tab and then I slap a :term in there and baby you've got a fullscreen terminal in a separate tab right inside vim and get this, you can yank text from this buffer and easily move this between your terminal tab and the files you have open.

I think regular vim will do all this as well but I think maybe the commands are different?

midgetjones 8 months ago

If you're in a terminal and want to edit just that command (and Vim is your $EDITOR), you can type `ctrl-x ctrl-e` and it will open your command in a buffer. Once you're satisfied, you can `:wq` and the edited command will be ready to execute in your terminal.

Not exactly your usecase, but a useful one nevertheless.

mojifwisi 8 months ago

Since Neovim 0.10, `:tab term` now opens the terminal window in a new tab. And you could use the exact same command in Vim since they introduced their own terminal emulation feature in Vim 8.0.0693.

calvinmorrison 8 months ago

yes vim does this. same commands.

sarlalian 8 months ago

For gaining expertise in vim, I generally point people at https://danielmiessler.com/p/vim/ which will teach you how to think about vim as a text manipulation language rather than just as an editor.

firefax 8 months ago

Thanks for this, just the sort of primer I was looking for.

(I was wondering why the name seemed familiar, then realized... they also are the person who put together a bunch of password lists[1] that are incredibly useful.)

[1] https://github.com/danielmiessler/SecLists/

xphos 8 months ago

Vi is power but you are limiting yourself using it because its much harder to extend it. Emacs is very extendable but not everyone likes writing lisp to do so. And nvim offers Lua as opposed to vimscript which can be opinionated.

If you need help setting up an config file I recommend checking out ThePrimeagen or just look at some peoples .dotfiles repos they already did the setup! I won't plug my own but I challenge you to challenge yourself with the complex setup for the downstream knock-on effects you get.

jauntywundrkind 8 months ago

Find a good pre-pack that can help, is my recommendation.

I went from pretty vanilla neovim to using AstroVim, & it's been pretty lovely. It uses the very widely used lazy.nvim for plugin loading, which is quite standard. It has a pretty nice visual leader-key menu that helps explore &show off what is setup; great for discovery. https://astronvim.com/

As well as being a good base, AstroVim also has an excellent "community pack" setup, which is a collection of many many many mostly drop in init files that setup a couple plugins in a nice way. If trying to get LSP working or better, or looking for better treesitter nav options, the community packs are great drop ones or references to get started, show what's out there. It's a huge part of what makes AdtroVim community so good. https://github.com/AstroNvim/astrocommunity

ikety 8 months ago

switched to surfingkeys for the great Input mode. 'I' lets you edit any text box like a vim buffer.

ugh123 8 months ago

This has been a great extension but i'm always nervous about Chrome extensions and their seemingly global access to everything and some dev's willingness to sell to malware devs.

It would be interesting if Chrome let you point an extension to a github repo (and tag or commit hash) and pull source from there.

delvinj 8 months ago

You can do this by enabling developer mode in chrome://extensions, which lets you install from a directory.

You lose automatic updates though.

bpev 8 months ago

yeah the permissions and ecosystem are scary. I have a very small extension (1000-ish users), and even I get "monetization opportunity for your extension" emails maybe... every other week?

Sometimes I feel like the only reason it's not a platform-breaking problem is that most extension devs make enough money from their day job to not care about a quick buck.

hansvm 8 months ago

If you like vimium, or the idea of it, consider giving qutebrowser a spin. Chrome hampers extensions in a variety of ways (e.g., not being able to use vimium bindings on any "internal" pages), and a fully fledged browser makes the experience much more cohesive.

yasser_kaddoura 8 months ago

You can extend Qutebrowser with userscripts [1].

For the Lisp fans, Nyxt [2] is a decent choice as well.

[1] https://qutebrowser.org/doc/userscripts.html

[2] https://nyxt.atlas.engineer/

yashasolutions 8 months ago

nyxt would be awesome when it has a decent browser engine. For now you cannot use nyxt on most regular websites (youtube is broken most of the time), They are working on moving it to chromium engine if I understood correctly. But yeah when it will be ready, it's the browser I waiting for the most.

kataklasm 8 months ago

i used QB for years and loved it but eventually i couldn't stand not having uBlock Origin anymore.. shame there's not a good adblocker for QB

mariusor 8 months ago

I'm pretty sure they have an adblocker in Qutebrowser. It might need some additional dependencies installed.

griffzhowl 8 months ago

No. 8 in the faqs:

"Is there an ad blocker?

Since version 2.0.0, if the Python adblock library is available, it will be used to integrate Brave’s Rust adblocker library for improved adblocking, based on ABP-like filter lists (such as EasyList). If that library is unavailable or on older versions of qutebrowser, a simpler built-in ad blocker is used instead. It takes /etc/hosts-like lists and thus is only able to block entire hosts.

Note that even the more sophisticated blocker does not support element hiding (cosmetic filtering) yet, it only blocks network requests."

So depends on what one means by "good adblocker"...

https://qutebrowser.org/doc/faq.html

beretguy 8 months ago

I wish textareas had keybindings

The-Compiler 8 months ago

You might like Firenvim or Wasavi:

https://github.com/glacambre/firenvim https://github.com/akahuku/wasavi

qutebrowser (and some others) also allow spawning vim from inside a text area, and reading the result back when the file is saved. I know Tridactyl can do it via its native messaging integration, but I suppose Vimium doesn't offer that.

fantod 8 months ago

This is supported by vimium with `gi`

beretguy 8 months ago

> gi - focus the first text input on the page

No, that's not what I'm talking about. I want to be able to use shortcuts to navigate inside atextarea when I'm writing a lot of text.

_giorgio_ 8 months ago

I've tried most firefox vim addons, and Vimium is the one that I ended up using.

The only configuration: I disabled it on banking sites... you never know.

To disable it, just press its icon on any website, and it will stay disabled on all the domain.

notorandit 8 months ago

Hacker's BrowserExtension.

Vimium is not a Bowser on its own. Not yet at least.

shiroiushi 8 months ago

>Vimium is not a Bowser on its own. Not yet at least.

It certainly doesn't look like a turtle.

notorandit 8 months ago

Typpo

bayesianbot 8 months ago

I've used this and other similar extensions but always them being an extension makes for a slow and unreliable experience imo. Pressing shortcut keys just might work depending on the focus and other current state. Going back to qutebrowser after trying out these extensions feels so fast and reliable in comparison - when you press a key it will instantly work like it should.

rendaw 8 months ago

I just looked and qutebrowser is basically a webview right? I've played with webviews a little and it didn't feel much different than other injection-style scripting. What would make that better than the extension?

FWIW I tried the vimium or vimperator before and found it clunkier than I expected, so I can believe qutebrowser is better.

bayesianbot 8 months ago

qutebrowser UI is on top of the engine running inside it so it catches every key press (and then submits it to the web engine when needed).

Clunky would be the exact term I find my day to day with these extensions - it's often pressing a key, noticing the focus is somewhere that makes the extension not catch it, and then either using a mouse or a key shortcut just to move focus somewhere the extension works with before repeating the actual command. I'd get so used to it that even when the keys do work I'm using them really slowly as I expect they might not. That never happens in qute, if I press a key it will work unless I've made a mistake myself. Also the UI being native Qt it feels snappier for me than extensions bolted on existing browsers.

The features qutebrowser can implement are somewhat limited by the web engine API and it doesn't have some things other browsers do, which is exactly why sometimes I try out these extensions, but usually after trying them for a day it feels so good to get back to qute and get an instant reliable response to key presses that I don't care about the few missing things.

forgotmypw17 8 months ago

It's a lot more than a webview in the sense that keyboard is a first-class citizen, everything is accessible via keyboard, the bindings are much more reliable and responsive, and many more features make it a predictable and stable experience.

For example, qutebrowser supports a hinting mode where I press Enter to activate a link after selecting it with hints, which almost entirely eliminates accidentally clicking the wrong link, something I still do occasionally with Vimium+Firefox.

It is also much more scriptable, so I can for example create a keyboard binding for clipping selected text (with references) directly to my localhost pastebin.

Every action you can imagine is scriptable and bindable.

It has built-in support for adblock and granular JS/image/etc permissions.

Great keyboard-accessible bookmarking system.

Keyboard-accessible and reproducible settings and bindings with autocomplete and lookups.

Not to mention that it does not on a regular basis non-consensually take away features I use/introduce features I don't want and can't disable.

mdiesel 8 months ago

To add to the list, in addition to the bookmarking system they have "quickmarks" which means to open this site I type "b hn<enter>" and that's it

anthk 8 months ago

Nyxt it's the truest hacker's browser.

bubblesnort 8 months ago

Browser?

telnet to port 80

anthk 8 months ago

port 70, magical.fish

Crosseye_Jack 8 months ago

Bloody typical for a project with vim in the title, no instructions on how to quit!

Joking aside, I’ll have to give this extension a spin.

Kevin-Xi 8 months ago

I've been using it for years and am quite happy with it. I also write some bookmarklets and userscripts to go along with it. For example, I have a bookmarklet for my bookmark service called BM. When I want to save a webpage, I type 'b' (to open bookmarks) -> 'bm', and everything is ready.

azangru 8 months ago

The first commit dates back to September 2009. That's fifteen years ago. Wow. Made me check when Chrome was first released. September 2008, as it turned out. So this extension was started just one year into Chrome's existence.

bilekas 8 months ago

I've been using this for a while now with brave and it's indispensable really. There are some weird behaviours sometimes but it's site depending. AWS control center comes to mind.

m1keil 8 months ago

Maybe somebody knows: is it possible to exit Vimium's insert mode with any key other than ESC? Exiting full screen video on YouTube requires ESC as well.

k3vinw 8 months ago

https://github.com/philc/vimium/wiki/Tips-and-Tricks#using-t...

BillLucky 8 months ago

Yes, I like this plug-in very much and have been using it for many years. Thank you to the author for his wisdom and contribution!

taikon 8 months ago

Nowadays I use Vimium C because it supports PDFs. Adding PDF support requires the PDF Viewer for Vimium C plugin.

zopic_drone 8 months ago

surfingkeys seems to have more features and works well for me

zopic_drone 8 months ago

and homerow is a pretty cool tool for navigating/scrolling like vimium outside the browser (on Mac)

tmtvl 8 months ago

I thought the Hacker's Browser was Nyxt.

froh 8 months ago

is there something comparable, providing emacs bindings instead? asking for a friend.

The-Compiler 8 months ago

Nyxt[1] caters to emacs people (being extensible in Lisp and all that), but personally I'm somewhat wary of it: They handled a critical security vulnerability[2] quite badly a few years ago, and the project seems to get more and more commercialized.

Webmacs[3] used to be around for a while, but is pretty dead nowadays.

I know of various emacs users who use qutebrowser, and its keybindings/configurations are flexible enough to make that work. The docs have a couple of suggested configs[4].

[1] https://nyxt.atlas.engineer/ [2] https://jgkamat.gitlab.io/blog/next-rce.html [3] https://github.com/parkouss/webmacs/ [4] https://github.com/qutebrowser/qutebrowser/blob/main/doc/hel...

bovine3dom 8 months ago

there's a somewhat popular repo for Tridactyl Emacs bindings here https://github.com/jumper047/tridactyl_emacs_config

struanr 8 months ago

I use this; it does require changing the Firefox accelKey to something other than control, but works well. I also tried using nyxt but found it to be far too slow.

bovine3dom 8 months ago

You can patch Firefox (no rebuild required) to not reserve keys if you'd rather. Discussion here [1] and convenient AUR script here [2].

[1]: https://github.com/glacambre/firefox-patches/issues/1

[2]: https://aur.archlinux.org/packages/firefox-no-reserved-keys-...