Development

Xxxterm: Surfing like a Vim pro

Modern web browsers provide more and more functionality, so it won't be a surprise that new lightweight web browsers crop up from time to time to please users who prefer a "back to the basics" approach. In April 2009, Arch Linux release engineer Dieter Plaetinck announced Uzbl, a refreshingly minimalist web browser that prides itself for following the UNIX philosophy (LWN looked at Uzbl in July 2009). In August 2010, OpenBSD developer Marco Peereboom published the initial release of xxxterm, a lightweight and secure web browser with a vi-like command-line interface for heavy keyboard users.

The name xxxterm comes from xterm but with a triple "x" as a reference to www. Xxxterm was initially developed for OpenBSD, but it was later ported to Linux, and it's available in the repositories of Debian Sid, Gentoo, Arch Linux, and FreeBSD. It uses the WebKit browser engine and its source code is published under the ISC license, which is a permissive free software license written by the Internet Systems Consortium. It's equivalent to the two-clause BSD license and is the preferred license for OpenBSD.

In a wiki page entitled "XXXTerm Rationale", Peereboom explains why he wrote xxxterm. First and foremost, he noticed that Firefox became slower and slower, and second, he was an avid Vim user and wanted the same level of keyboard control in his web browser. So he tried a bunch of Vim-like web browsers, but none of them had the right mix of features for Peereboom. So he began tinkering with WebKit and after a few hours he had a working minimal web browser which eventually became xxxterm.

At first sight, xxxterm looks like a regular web browser, although with a somewhat boring layout: at the top of the window it has an address bar with back, forward, stop, and go buttons to the left and a search bar to the right. You can use xxxterm like any browser: Ctrl-t opens a new tab, and you can use the mouse to switch between tabs, follow links, and so on. Thanks to its WebKit engine, it has no problem rendering modern web sites, including HTML video and Flash (using the Adobe Flash plugin). However, the real beauty is that xxxterm allows fully mouse-less browsing by offering its Vim-like command-line mode.

Browser commands

Before you begin with the commands, you first have to know something about focus: F6 focuses on the address bar, F7 on the search bar, "i" on the default page input and Esc removes the focus. The latter two shortcut keys are not accidentally the same as for entering input mode and command mode in Vim. In command mode, you can use search commands like "/" (search forward), "?" (search backward), "n" (next item) and "N" (previous item). "0" (zero) scrolls the page to the far left and "$" to the far right, while "gg" goes to the top of the page and "G" to the end. A Vim user will probably know by now what actions are performed by the shortcut keys "j", "k", "h", and "l" ...

If you want to use xxxterm without touching the mouse at all, just press "f", after which the browser highlights all links and prefixes them with a number. Entering a number will follow the corresponding link. Switching to another tab without the mouse is equally easy: type :ls in command mode, which lists all the tabs in a drop down menu, and type the tab number or navigate the menu with the arrow keys.

The number of available commands is quite large, and fortunately the command mode has tab completion, so you can discover a lot of these commands yourself. For a full list, have a look at the man page. There are commands for session saving, plug-ins, tabs, and so on. A convenient, and for Vim users quite natural, command is :wq, which saves all open tabs and quits the web browser. All tabs will be reopened next time you start xxxterm.

Another interesting feature is that you can execute arbitrary commands in your running xxxterm instance by running xxxterm -e <command> in your terminal. This requires the enable_socket option to be enabled in the configuration file, but after this, you are able to control your browser session from outside the browser. For instance, xxxterm -e tabnew example.com opens example.com in a new tab and xxxterm -e wq closes your running xxxterm instance. So if your terminal emulator, email reader, or RSS feed reader supports custom commands to open links in a web browser, this is how you could configure them to use xxxterm.

Security and privacy

Xxxterm is also meant to be a secure web browser, and this is visible in features like the ability to control cookies, plug-ins, and JavaScript policies on a per-website basis. For each of these security risks, the user can define whitelists of which trusted web sites are allowed to use them. For instance, you can permanently whitelist the use of cookies on your current site with the command :cookie save or permanently whitelist the use of JavaScript with the command :js save. However, by default xxxterm behaves like any other browser, so to be able to use the whitelists, you have to place "browser_mode = whitelist" at the top of the .xxxterm.conf configuration file. The man page explains the details of what you can whitelist and how.

The xxxterm wiki page also mentions that many web sites not only track visitors by cookies, but also by embedding links with host names that require a DNS lookup. Because many web browsers have DNS prefetch enabled by default, your browser does all these DNS lookups whether you visit these other sites or not. This is even made worse by browsers performing link prefetching: with this feature enabled, they download the pages referenced by links with the rel="prefetch" attribute on the current page. Xxxterm has DNS and link prefetching disabled by default to thwart these web tracking techniques, which may be a bit far-fetched, but xxxterm prefers to be on the safe side.

At first sight, the prospective xxxterm user will search in vain for an ad blocker, which is strange for a web browser that prides itself on security and privacy. However, this feature is intentionally missing: the developers recommend using AdSuck, a special-purpose DNS server that can blacklist addresses belonging to advertisers, thus preventing the browser from ever connecting to the advertisers' sites. AdSuck, too, was created by Peereboom. This approach actually makes sense: it makes sure that ads and other unwanted content never make it into the browser, and as a side effect the browser becomes a bit more responsive.

The focus on security is also visible in some small things. For instance, many other web browsers have been treating non-URLs in the address bar as a search string. This is quite a convenient feature, but the developers of xxxterm have intentionally disabled it by default, because otherwise accidentally pasting a password or any other private information into the address bar would send it to a search engine. Another nice thing for the privacy-conscious is that the default search engine in the search bar is Scroogle, a web site that uses Google but disguises your IP address so Google can't track your search terms.

Comparison

Compared with other minimalist web browsers, xxxterm has clearly found its own niche. With its focus on security, it's not surprising that it's quite popular in the OpenBSD community. However, it's not the only minimalist web browser. We already mentioned Uzbl, which is much more flexible than xxxterm, but requires the user to write a lot of external shell scripts. Uzbl is actually more of a personal web browser building kit. A project with a similar approach is Luakit, which the developers call a "browser from scratch", because the user creates the entire interface in a rc.lua configuration file. There's also surf, an extremely minimalist web browser from the suckless project which just displays web pages and follows links, but doesn't even support tabbed browsing. The philosophy behind it is that tabs are not meant to be a feature of the browser but of the window manager, and hence it's a natural companion of a window manager like dwm (another project under the suckless umbrella) or awesome. However, compared with Uzbl, Luakit, and surf (which are all based on WebKit), xxxterm seems to have found a sweet spot between minimalism and usability.

It takes some time to get used to xxxterm, because the interface is really minimalist: there are no menus, and the context menu only has back, forward, stop, and reload actions. Settings like the HTTP proxy or the CA file to validate SSL certificates have to be changed in the configuration file, and the user has to memorize commands for a lot of the non-browsing tasks. However, if you are a Vim user, you already have a head start for a lot of the default shortcut keys, and under the surface of this minimalist web browser lies a surprising amount of functionality. If you're a heavy keyboard user and looking for a web browser focused on security, xxxterm is definitely something to try out.

Comments (14 posted)

Brief items

Quotes of the week

-- Dave Täht

-- Guido van Rossum

-- Harald Welte

Comments (none posted)

Facebook's "HipHop Virtual Machine" released

Facebook has announced the release of the HipHop Virtual Machine. "So, early last year, we put together a small team to experiment with dynamic translation of PHP code into native machine code. What resulted is a new PHP execution engine based on the HipHop language runtime that we call the HipHop Virtual Machine (hhvm). We're excited to report that Facebook is now using hhvm as a faster replacement for hphpi, with plans to eventually use hhvm for all PHP execution." They claim some significant speed improvements; the announcement has a fair amount of detail about how it works. The source is available from Github.

Comments (23 posted)

KDE Plasma Active Two released

The KDE project has announced the release of Plasma Active Two, the second iteration of its mobile device environment. Changes include a lot of user interface improvements, better performance, and "recommendations": "Plasma Active is now able to learn as you use your device. It uses that information to make recommendations as to what content, web sites and applications are likely to be related to what you are doing right now. This technology uses the power of the 'semantic desktop' efforts from KDE Nepomuk to make your device a more valuable adviser and helper. Future releases will build on predictive power as well as the breadth of recommendations."

Comments (13 posted)

ODB 1.7.0

ODB is a C++ object-relational mapping library for C++. The 1.7.0 release includes a new "optimistic concurrency" mechanism, SQL statement tracing, Oracle database support, read-only data members, and more; see this posting for more information.

Full Story (comments: none)

Open Dylan 2011.1

Open Dylan is an implementation of Dylan, "an advanced, object-oriented, dynamic language which supports rapid program development." The 2011.1 release - the first since beta4 in 2007 - is out. This release includes some relicensing (to the MIT license) and a sizeable reduction in code size among other things.

Comments (none posted)

Rockbox 3.10 released

On its tenth anniversary, December 7, Rockbox released version 3.10 of the free alternative firmware for a wide variety of music players. Version 3.10 is considered stable on more than two dozen different players as can be seen in the release notes. Notable features in the release include better catalog handling, theming improvements, a fully functional audio mixer, support for a bunch of gaming audio formats, additional embedded album art support, Ogg Vorbis decoding performance improvements, and more. More information can be found on the Rockbox home page.

Comments (10 posted)

Upstart 1.4 released

Version 1.4 of the upstart system init daemon is out. New features include the ability to capture standard error and output streams from system jobs to a log file, the ability to run system jobs under specific user and group IDs, and more.

Full Story (comments: none)

WordPress 3.3 released

The WordPress 3.3 release (code-named "Sonny") is available. "Experienced users will appreciate the new drag-and-drop uploader, hover menus for the navigation, the new toolbar, improved co-editing support, and the new Tumblr importer. We've also been thinking a ton about what the WordPress experience is like for people completely new to the software. Version 3.3 has significant improvements there with pointer tips for new features included in each update, a friendly welcome message for first-time users, and revamped help tabs throughout the interface. Finally we've improved the dashboard experience on the iPad and other tablets with better touch support."

On this topic the LWN site (which is not based on WordPress) is seeing a flood of attempts to exploit the TimThumb vulnerability; anybody running a WordPress site who has not closed this hole should do so immediately.

Comments (14 posted)

Newsletters and articles

Development newsletters from the last week

• Caml Weekly News (December 13)
• LibreOffice development summary (December 14)
• Perl Weekly (December 12)
• PostgreSQL Weekly News (December 11)
• Tahoe-LAFS Weekly News (December 12)

Comments (none posted)

Hamano: GitTogether 2011

Git maintainer Junio C. Hamano reports on GitTogether 2011 on the Google Open Source blog. A two-day "unconference" event was held at Google's Mountain View headquarters to discuss various Git features, including: "Support for large blobs that would not fit in the memory has been always lacking in Git. There recently has been a lot of work in the native support (e.g. storing them straight to the object store without having to read and hold the whole thing in core, checking out from the object store to the working tree without having to hold the whole thing in core, etc.). There are a few third-party tools and approaches with their own pros-and-cons, but it was generally agreed that adding a split-object encoding like Avery Pennarun's "bup" tools uses would be the right way to help support object transfer between repositories to advance the native support of large objects in Git further."

Comments (47 posted)

Page editor: Jonathan Corbet
Next page: Announcements>>