Modern web browsers provide more and more functionality, so it won't be
a surprise that new lightweight web browsers crop up from time to time to
please users who prefer a "back to the basics" approach. In April 2009,
Arch Linux release engineer Dieter Plaetinck announced Uzbl, a refreshingly minimalist web browser
that prides itself for following the UNIX philosophy (LWN looked at Uzbl in July 2009). In August 2010, OpenBSD developer Marco Peereboom published the initial release of xxxterm, a lightweight and secure web browser with a vi-like command-line interface for heavy keyboard users.
The name xxxterm comes from xterm but with a triple "x" as a reference
to www. Xxxterm was initially developed for OpenBSD, but it was later
ported to Linux, and it's available in the repositories of Debian Sid,
Gentoo, Arch Linux, and FreeBSD. It uses the WebKit browser engine and its
source code is
published under the ISC license, which is a permissive free software
license written by the Internet Systems Consortium. It's equivalent to the two-clause BSD license and is the preferred license for OpenBSD.
In a wiki page entitled "XXXTerm Rationale", Peereboom explains why he wrote xxxterm. First and foremost, he noticed that Firefox became slower and slower, and second, he was an avid Vim user and wanted the same level of keyboard control in his web browser. So he tried a bunch of Vim-like web browsers, but none of them had the right mix of features for Peereboom. So he began tinkering with WebKit and after a few hours he had a working minimal web browser which eventually became xxxterm.
At first sight, xxxterm looks like a regular web browser, although with a somewhat boring layout: at the top of the window it has an address bar with back, forward, stop, and go buttons to the left and a search bar to the right. You can use xxxterm like any browser: Ctrl-t opens a new tab, and you can use the mouse to switch between tabs, follow links, and so on. Thanks to its WebKit engine, it has no problem rendering modern web sites, including HTML video and Flash (using the Adobe Flash plugin). However, the real beauty is that xxxterm allows fully mouse-less browsing by offering its Vim-like command-line mode.
Before you begin with the commands, you first have to know something
about focus: F6 focuses on the address bar, F7 on the search bar, "i" on
the default page input and Esc removes the focus. The latter two shortcut
keys are not accidentally the same as for entering input mode and command
mode in Vim. In command mode, you can use search commands like "/" (search
forward), "?" (search backward), "n" (next item) and "N" (previous
item). "0" (zero) scrolls the page to the far left and "$" to the far
right, while "gg" goes to the top of the page and "G" to the end. A Vim
user will probably know by now what actions are performed by the shortcut
keys "j", "k", "h", and "l" ...
If you want to use xxxterm without touching the mouse at all, just press
"f", after which the browser highlights all links and prefixes them with a
number. Entering a number will follow the corresponding link. Switching to
another tab without the mouse is equally easy: type :ls in command
mode, which lists all the tabs in a drop down menu, and type the tab number
or navigate the menu with the arrow keys.
The number of available commands is quite large, and fortunately the
command mode has tab completion, so you can discover a lot of these
commands yourself. For a full list, have a look at the man page. There are commands for session saving, plug-ins, tabs, and so on. A convenient, and for Vim users quite natural, command is :wq, which saves all open tabs and quits the web browser. All tabs will be reopened next time you start xxxterm.
Another interesting feature is that you can execute arbitrary commands
in your running xxxterm instance by running
xxxterm -e <command> in your terminal. This
requires the enable_socket option to be enabled in the
configuration file, but after this, you are able to control your browser
session from outside the browser. For instance,
xxxterm -e tabnew example.com opens example.com in
a new tab and xxxterm -e wq closes your running xxxterm
instance. So if your terminal emulator, email reader, or RSS feed reader
supports custom commands to open links in a web browser, this is how you
could configure them to use xxxterm.
Security and privacy
Xxxterm is also meant to be a secure web browser, and this is visible in
policies on a per-website basis. For each of these security risks, the user
can define whitelists of which trusted web sites are allowed to use
your current site with the command :cookie save or
:js save. However, by default xxxterm behaves like any other
browser, so to be able to use the whitelists, you have to place
"browser_mode = whitelist" at the top of the .xxxterm.conf configuration file. The man page explains the details of what you can whitelist and how.
The xxxterm wiki page also mentions that many web sites not only track
visitors by cookies, but also by embedding links with host names that
require a DNS lookup. Because many web browsers have DNS prefetch enabled
by default, your browser does all these DNS lookups whether you visit these
other sites or not. This is even made worse by browsers performing link
prefetching: with this feature enabled, they download the pages referenced
by links with the rel="prefetch" attribute on the current
page. Xxxterm has DNS and link prefetching disabled by default to thwart
these web tracking techniques, which may be a bit far-fetched, but xxxterm prefers to be on the safe side.
At first sight, the prospective xxxterm user will search in vain for an
ad blocker, which is strange for a web browser that prides itself on
security and privacy. However, this feature is intentionally missing: the
developers recommend using AdSuck, a
special-purpose DNS server that can blacklist addresses belonging to
advertisers, thus preventing the browser from ever connecting to the
advertisers' sites. AdSuck, too, was created by Peereboom. This approach
actually makes sense:
it makes sure that ads and other unwanted content never make it into the
browser, and as a side effect the browser becomes a bit more
The focus on security is also visible in some small things. For
instance, many other web browsers have been treating non-URLs in the
address bar as a search string. This is quite a convenient feature, but the
developers of xxxterm have intentionally disabled it by default, because
otherwise accidentally pasting a password or any other private information
into the address bar would send it to a search engine. Another nice thing for the privacy-conscious is that the default search engine in the search bar is Scroogle, a web site that uses Google but disguises your IP address so Google can't track your search terms.
Compared with other minimalist web browsers, xxxterm has clearly found its own niche. With its focus on security, it's not surprising that it's quite popular in the OpenBSD community. However, it's not the only minimalist web browser. We already mentioned Uzbl, which is much more flexible than xxxterm, but requires the user to write a lot of external shell scripts. Uzbl is actually more of a personal web browser building kit. A project with a similar approach is Luakit, which the developers call a "browser from scratch", because the user creates the entire interface in a rc.lua configuration file. There's also surf, an extremely minimalist web browser from the suckless project which just displays web pages and follows links, but doesn't even support tabbed browsing. The philosophy behind it is that tabs are not meant to be a feature of the browser but of the window manager, and hence it's a natural companion of a window manager like dwm (another project under the suckless umbrella) or awesome. However, compared with Uzbl, Luakit, and surf (which are all based on WebKit), xxxterm seems to have found a sweet spot between minimalism and usability.
It takes some time to get used to xxxterm, because the interface is really minimalist: there are no menus, and the context menu only has back, forward, stop, and reload actions. Settings like the HTTP proxy or the CA file to validate SSL certificates have to be changed in the configuration file, and the user has to memorize commands for a lot of the non-browsing tasks. However, if you are a Vim user, you already have a head start for a lot of the default shortcut keys, and under the surface of this minimalist web browser lies a surprising amount of functionality. If you're a heavy keyboard user and looking for a web browser focused on security, xxxterm is definitely something to try out.
to post comments)