Modern web browsers provide more and more functionality, so it won't be
a surprise that new lightweight web browsers crop up from time to time to
please users who prefer a "back to the basics" approach. In April 2009,
Arch Linux release engineer Dieter Plaetinck announced Uzbl, a refreshingly minimalist web browser
that prides itself for following the UNIX philosophy (LWN looked at Uzbl in July 2009). In August 2010, OpenBSD developer Marco Peereboom published the initial release of xxxterm, a lightweight and secure web browser with a vi-like command-line interface for heavy keyboard users.
The name xxxterm comes from xterm but with a triple "x" as a reference
to www. Xxxterm was initially developed for OpenBSD, but it was later
ported to Linux, and it's available in the repositories of Debian Sid,
Gentoo, Arch Linux, and FreeBSD. It uses the WebKit browser engine and its
source code is
published under the ISC license, which is a permissive free software
license written by the Internet Systems Consortium. It's equivalent to the two-clause BSD license and is the preferred license for OpenBSD.
In a wiki page entitled "XXXTerm Rationale", Peereboom explains why he wrote xxxterm. First and foremost, he noticed that Firefox became slower and slower, and second, he was an avid Vim user and wanted the same level of keyboard control in his web browser. So he tried a bunch of Vim-like web browsers, but none of them had the right mix of features for Peereboom. So he began tinkering with WebKit and after a few hours he had a working minimal web browser which eventually became xxxterm.
At first sight, xxxterm looks like a regular web browser, although with a somewhat boring layout: at the top of the window it has an address bar with back, forward, stop, and go buttons to the left and a search bar to the right. You can use xxxterm like any browser: Ctrl-t opens a new tab, and you can use the mouse to switch between tabs, follow links, and so on. Thanks to its WebKit engine, it has no problem rendering modern web sites, including HTML video and Flash (using the Adobe Flash plugin). However, the real beauty is that xxxterm allows fully mouse-less browsing by offering its Vim-like command-line mode.
Before you begin with the commands, you first have to know something
about focus: F6 focuses on the address bar, F7 on the search bar, "i" on
the default page input and Esc removes the focus. The latter two shortcut
keys are not accidentally the same as for entering input mode and command
mode in Vim. In command mode, you can use search commands like "/" (search
forward), "?" (search backward), "n" (next item) and "N" (previous
item). "0" (zero) scrolls the page to the far left and "$" to the far
right, while "gg" goes to the top of the page and "G" to the end. A Vim
user will probably know by now what actions are performed by the shortcut
keys "j", "k", "h", and "l" ...
If you want to use xxxterm without touching the mouse at all, just press
"f", after which the browser highlights all links and prefixes them with a
number. Entering a number will follow the corresponding link. Switching to
another tab without the mouse is equally easy: type :ls in command
mode, which lists all the tabs in a drop down menu, and type the tab number
or navigate the menu with the arrow keys.
The number of available commands is quite large, and fortunately the
command mode has tab completion, so you can discover a lot of these
commands yourself. For a full list, have a look at the man page. There are commands for session saving, plug-ins, tabs, and so on. A convenient, and for Vim users quite natural, command is :wq, which saves all open tabs and quits the web browser. All tabs will be reopened next time you start xxxterm.
Another interesting feature is that you can execute arbitrary commands
in your running xxxterm instance by running
xxxterm -e <command> in your terminal. This
requires the enable_socket option to be enabled in the
configuration file, but after this, you are able to control your browser
session from outside the browser. For instance,
xxxterm -e tabnew example.com opens example.com in
a new tab and xxxterm -e wq closes your running xxxterm
instance. So if your terminal emulator, email reader, or RSS feed reader
supports custom commands to open links in a web browser, this is how you
could configure them to use xxxterm.
Security and privacy
Xxxterm is also meant to be a secure web browser, and this is visible in
policies on a per-website basis. For each of these security risks, the user
can define whitelists of which trusted web sites are allowed to use
your current site with the command :cookie save or
:js save. However, by default xxxterm behaves like any other
browser, so to be able to use the whitelists, you have to place
"browser_mode = whitelist" at the top of the .xxxterm.conf configuration file. The man page explains the details of what you can whitelist and how.
The xxxterm wiki page also mentions that many web sites not only track
visitors by cookies, but also by embedding links with host names that
require a DNS lookup. Because many web browsers have DNS prefetch enabled
by default, your browser does all these DNS lookups whether you visit these
other sites or not. This is even made worse by browsers performing link
prefetching: with this feature enabled, they download the pages referenced
by links with the rel="prefetch" attribute on the current
page. Xxxterm has DNS and link prefetching disabled by default to thwart
these web tracking techniques, which may be a bit far-fetched, but xxxterm prefers to be on the safe side.
At first sight, the prospective xxxterm user will search in vain for an
ad blocker, which is strange for a web browser that prides itself on
security and privacy. However, this feature is intentionally missing: the
developers recommend using AdSuck, a
special-purpose DNS server that can blacklist addresses belonging to
advertisers, thus preventing the browser from ever connecting to the
advertisers' sites. AdSuck, too, was created by Peereboom. This approach
actually makes sense:
it makes sure that ads and other unwanted content never make it into the
browser, and as a side effect the browser becomes a bit more
The focus on security is also visible in some small things. For
instance, many other web browsers have been treating non-URLs in the
address bar as a search string. This is quite a convenient feature, but the
developers of xxxterm have intentionally disabled it by default, because
otherwise accidentally pasting a password or any other private information
into the address bar would send it to a search engine. Another nice thing for the privacy-conscious is that the default search engine in the search bar is Scroogle, a web site that uses Google but disguises your IP address so Google can't track your search terms.
Compared with other minimalist web browsers, xxxterm has clearly found its own niche. With its focus on security, it's not surprising that it's quite popular in the OpenBSD community. However, it's not the only minimalist web browser. We already mentioned Uzbl, which is much more flexible than xxxterm, but requires the user to write a lot of external shell scripts. Uzbl is actually more of a personal web browser building kit. A project with a similar approach is Luakit, which the developers call a "browser from scratch", because the user creates the entire interface in a rc.lua configuration file. There's also surf, an extremely minimalist web browser from the suckless project which just displays web pages and follows links, but doesn't even support tabbed browsing. The philosophy behind it is that tabs are not meant to be a feature of the browser but of the window manager, and hence it's a natural companion of a window manager like dwm (another project under the suckless umbrella) or awesome. However, compared with Uzbl, Luakit, and surf (which are all based on WebKit), xxxterm seems to have found a sweet spot between minimalism and usability.
It takes some time to get used to xxxterm, because the interface is really minimalist: there are no menus, and the context menu only has back, forward, stop, and reload actions. Settings like the HTTP proxy or the CA file to validate SSL certificates have to be changed in the configuration file, and the user has to memorize commands for a lot of the non-browsing tasks. However, if you are a Vim user, you already have a head start for a lot of the default shortcut keys, and under the surface of this minimalist web browser lies a surprising amount of functionality. If you're a heavy keyboard user and looking for a web browser focused on security, xxxterm is definitely something to try out.
Comments (14 posted)
The overhead of formatting a patch properly is trivial. Getting a
patch set into thunderbird or the web so totally dwarfs the tedium
of actually creating the patch, it's unbelievable.
For me, if I had to design a new language today, I would probably
use braces, not because they're better than whitespace, but because
pretty much every other language uses them, and there are more
interesting concepts to distinguish a new language.
-- Guido van Rossum
I've mentioned this before, and I keep getting back to it: With all the
great work that has been put into OsmocomBB, we are "at an arms lengh"
away from being able to create a true Free Software mobile phone.
We already have the hardware drivers, protocol stack and even the
'mobile' program which can be used for making and receiving voice calls
and sending/receiving SMS text messages on real GSM networks!
While the journey has been a lot of fun and everyone involved has
learned a lot, we have so far been catering mostly about "scratching our
own itch", i.e. implementing what we needed in order to satisfy our ego
and/or to implement the ideas we had regarding cellular security.
I believe we cannot miss the bigger opportunity here to put our code
into bigger use: To create something like a very simple GSM feature
-- Harald Welte
Comments (none posted)
Facebook has announced
the release of the HipHop Virtual Machine. "So, early last year, we
put together a small team to experiment with dynamic translation of PHP
code into native machine code. What resulted is a new PHP execution engine
based on the HipHop language runtime that we call the HipHop Virtual
Machine (hhvm). We're excited to report that Facebook is now using hhvm as
a faster replacement for hphpi, with plans to eventually use hhvm for all
" They claim some significant speed improvements; the
announcement has a fair amount of detail about how it works. The source is
Comments (23 posted)
The KDE project has announced
the release of Plasma Active Two, the second iteration of its mobile device
environment. Changes include a lot of user interface improvements, better
performance, and "recommendations": "Plasma Active is now able to
learn as you use your device. It uses that information to make
recommendations as to what content, web sites and applications are likely
to be related to what you are doing right now. This technology uses the
power of the 'semantic desktop' efforts from KDE Nepomuk to make your
device a more valuable adviser and helper. Future releases will build on
predictive power as well as the breadth of recommendations.
Comments (13 posted)
ODB is a C++ object-relational mapping library for C++. The 1.7.0 release
includes a new "optimistic concurrency" mechanism, SQL statement tracing,
Oracle database support, read-only data members, and more; see this
for more information.
Full Story (comments: none)
implementation of Dylan, "an advanced, object-oriented, dynamic
language which supports rapid program development.
" The 2011.1
- the first since beta4 in 2007 - is out. This release
includes some relicensing (to the MIT license) and a sizeable reduction in
code size among other things.
Comments (none posted)
On its tenth anniversary, December 7, Rockbox released version 3.10
of the free alternative firmware for a wide variety of music players. Version 3.10 is considered stable on more than two dozen different players as can be seen in the release notes
. Notable features in the release include better catalog handling, theming improvements, a fully functional audio mixer, support for a bunch of gaming audio formats, additional embedded album art support, Ogg Vorbis decoding performance improvements, and more. More information can be found on the Rockbox home page
Comments (10 posted)
Version 1.4 of the upstart system init daemon is out. New features include
the ability to capture standard error and output streams from system jobs
to a log file, the ability to run system jobs under specific user and group
IDs, and more.
Full Story (comments: none)
The WordPress 3.3
(code-named "Sonny") is available. "Experienced users
will appreciate the new drag-and-drop uploader, hover menus for the
navigation, the new toolbar, improved co-editing support, and the new
Tumblr importer. We've also been thinking a ton about what the WordPress
experience is like for people completely new to the software. Version 3.3
has significant improvements there with pointer tips for new features
included in each update, a friendly welcome message for first-time users,
and revamped help tabs throughout the interface. Finally we've improved the
dashboard experience on the iPad and other tablets with better touch
On this topic the LWN site (which is not based on WordPress) is seeing a
flood of attempts to exploit the TimThumb
vulnerability; anybody running a WordPress site who has not closed this
hole should do so immediately.
Comments (14 posted)
Newsletters and articles
Comments (none posted)
Git maintainer Junio C. Hamano reports on GitTogether 2011
on the Google Open Source blog. A two-day "unconference" event was held at Google's Mountain View headquarters to discuss various Git features, including: "Support for large blobs that would not fit in the memory has been always lacking in Git. There recently has been a lot of work in the native support (e.g. storing them straight to the object store without having to read and hold the whole thing in core, checking out from the object store to the working tree without having to hold the whole thing in core, etc.). There are a few third-party tools and approaches with their own pros-and-cons, but it was generally agreed that adding a split-object encoding like Avery Pennarun's "bup" tools uses would be the right way to help support object transfer between repositories to advance the native support of large objects in Git further.
Comments (47 posted)
Page editor: Jonathan Corbet
Next page: Announcements>>