Modern web browsers provide more and more functionality, so it won't be a surprise that new lightweight web browsers crop up from time to time to please users who prefer a "back to the basics" approach. In April 2009, Arch Linux release engineer Dieter Plaetinck announced Uzbl, a refreshingly minimalist web browser that prides itself for following the UNIX philosophy (LWN looked at Uzbl in July 2009). In August 2010, OpenBSD developer Marco Peereboom published the initial release of xxxterm, a lightweight and secure web browser with a vi-like command-line interface for heavy keyboard users.
The name xxxterm comes from xterm but with a triple "x" as a reference to www. Xxxterm was initially developed for OpenBSD, but it was later ported to Linux, and it's available in the repositories of Debian Sid, Gentoo, Arch Linux, and FreeBSD. It uses the WebKit browser engine and its source code is published under the ISC license, which is a permissive free software license written by the Internet Systems Consortium. It's equivalent to the two-clause BSD license and is the preferred license for OpenBSD.
In a wiki page entitled "XXXTerm Rationale", Peereboom explains why he wrote xxxterm. First and foremost, he noticed that Firefox became slower and slower, and second, he was an avid Vim user and wanted the same level of keyboard control in his web browser. So he tried a bunch of Vim-like web browsers, but none of them had the right mix of features for Peereboom. So he began tinkering with WebKit and after a few hours he had a working minimal web browser which eventually became xxxterm.
At first sight, xxxterm looks like a regular web browser, although with a somewhat boring layout: at the top of the window it has an address bar with back, forward, stop, and go buttons to the left and a search bar to the right. You can use xxxterm like any browser: Ctrl-t opens a new tab, and you can use the mouse to switch between tabs, follow links, and so on. Thanks to its WebKit engine, it has no problem rendering modern web sites, including HTML video and Flash (using the Adobe Flash plugin). However, the real beauty is that xxxterm allows fully mouse-less browsing by offering its Vim-like command-line mode.
Before you begin with the commands, you first have to know something about focus: F6 focuses on the address bar, F7 on the search bar, "i" on the default page input and Esc removes the focus. The latter two shortcut keys are not accidentally the same as for entering input mode and command mode in Vim. In command mode, you can use search commands like "/" (search forward), "?" (search backward), "n" (next item) and "N" (previous item). "0" (zero) scrolls the page to the far left and "$" to the far right, while "gg" goes to the top of the page and "G" to the end. A Vim user will probably know by now what actions are performed by the shortcut keys "j", "k", "h", and "l" ...
If you want to use xxxterm without touching the mouse at all, just press "f", after which the browser highlights all links and prefixes them with a number. Entering a number will follow the corresponding link. Switching to another tab without the mouse is equally easy: type :ls in command mode, which lists all the tabs in a drop down menu, and type the tab number or navigate the menu with the arrow keys.
The number of available commands is quite large, and fortunately the command mode has tab completion, so you can discover a lot of these commands yourself. For a full list, have a look at the man page. There are commands for session saving, plug-ins, tabs, and so on. A convenient, and for Vim users quite natural, command is :wq, which saves all open tabs and quits the web browser. All tabs will be reopened next time you start xxxterm.
Another interesting feature is that you can execute arbitrary commands in your running xxxterm instance by running xxxterm -e <command> in your terminal. This requires the enable_socket option to be enabled in the configuration file, but after this, you are able to control your browser session from outside the browser. For instance, xxxterm -e tabnew example.com opens example.com in a new tab and xxxterm -e wq closes your running xxxterm instance. So if your terminal emulator, email reader, or RSS feed reader supports custom commands to open links in a web browser, this is how you could configure them to use xxxterm.
The xxxterm wiki page also mentions that many web sites not only track visitors by cookies, but also by embedding links with host names that require a DNS lookup. Because many web browsers have DNS prefetch enabled by default, your browser does all these DNS lookups whether you visit these other sites or not. This is even made worse by browsers performing link prefetching: with this feature enabled, they download the pages referenced by links with the rel="prefetch" attribute on the current page. Xxxterm has DNS and link prefetching disabled by default to thwart these web tracking techniques, which may be a bit far-fetched, but xxxterm prefers to be on the safe side.
At first sight, the prospective xxxterm user will search in vain for an ad blocker, which is strange for a web browser that prides itself on security and privacy. However, this feature is intentionally missing: the developers recommend using AdSuck, a special-purpose DNS server that can blacklist addresses belonging to advertisers, thus preventing the browser from ever connecting to the advertisers' sites. AdSuck, too, was created by Peereboom. This approach actually makes sense: it makes sure that ads and other unwanted content never make it into the browser, and as a side effect the browser becomes a bit more responsive.
The focus on security is also visible in some small things. For instance, many other web browsers have been treating non-URLs in the address bar as a search string. This is quite a convenient feature, but the developers of xxxterm have intentionally disabled it by default, because otherwise accidentally pasting a password or any other private information into the address bar would send it to a search engine. Another nice thing for the privacy-conscious is that the default search engine in the search bar is Scroogle, a web site that uses Google but disguises your IP address so Google can't track your search terms.
Compared with other minimalist web browsers, xxxterm has clearly found its own niche. With its focus on security, it's not surprising that it's quite popular in the OpenBSD community. However, it's not the only minimalist web browser. We already mentioned Uzbl, which is much more flexible than xxxterm, but requires the user to write a lot of external shell scripts. Uzbl is actually more of a personal web browser building kit. A project with a similar approach is Luakit, which the developers call a "browser from scratch", because the user creates the entire interface in a rc.lua configuration file. There's also surf, an extremely minimalist web browser from the suckless project which just displays web pages and follows links, but doesn't even support tabbed browsing. The philosophy behind it is that tabs are not meant to be a feature of the browser but of the window manager, and hence it's a natural companion of a window manager like dwm (another project under the suckless umbrella) or awesome. However, compared with Uzbl, Luakit, and surf (which are all based on WebKit), xxxterm seems to have found a sweet spot between minimalism and usability.
It takes some time to get used to xxxterm, because the interface is really minimalist: there are no menus, and the context menu only has back, forward, stop, and reload actions. Settings like the HTTP proxy or the CA file to validate SSL certificates have to be changed in the configuration file, and the user has to memorize commands for a lot of the non-browsing tasks. However, if you are a Vim user, you already have a head start for a lot of the default shortcut keys, and under the surface of this minimalist web browser lies a surprising amount of functionality. If you're a heavy keyboard user and looking for a web browser focused on security, xxxterm is definitely something to try out.
We already have the hardware drivers, protocol stack and even the 'mobile' program which can be used for making and receiving voice calls and sending/receiving SMS text messages on real GSM networks!
While the journey has been a lot of fun and everyone involved has learned a lot, we have so far been catering mostly about "scratching our own itch", i.e. implementing what we needed in order to satisfy our ego and/or to implement the ideas we had regarding cellular security.
I believe we cannot miss the bigger opportunity here to put our code into bigger use: To create something like a very simple GSM feature phone.
On this topic the LWN site (which is not based on WordPress) is seeing a flood of attempts to exploit the TimThumb vulnerability; anybody running a WordPress site who has not closed this hole should do so immediately.
Newsletters and articles
Page editor: Jonathan Corbet
Next page: Announcements>>
Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds