I'm surprised no one has mentioned Surfingkeys https://github.com/brookhong/Surfingkeys. I switched over from Vimium a couple years ago. I think its more performant than Vimium and also allows you quite a bit more flexibility in your configuration.
I prefer and recommend browser add-ons over Nyxt. You'll get more compatibility by being able to use Chrome/Firefox. You'll also have a much higher chance of being able to use the same environment at work - since you can typically still install browser add-ons in developer mode even if you aren't able to get rights to install apps.
I'm still a little sad Vimperator – the precursor to all of these – does not work in modern browsers because it was so good but Tridactyl is certainly as close as one is allowed to get with WebExtensions.
I had a lot of problems with that. The "disable on some domains" functionality was broken for years. Probably they fixed it by now. Vimium worked and works better.
I wish there was a browser as secure as Chrome but hackable without restrictions.
I do not think this is a contradiction, at least not from a technical perspective. I am willing to take the responsibility for all actions and modifications I do to my own browser but I need it be secure against all influences out of my control. And I need it come with secure defaults. To be competitive it needs to come without awkward restrictions that e.g. an external sandbox would impose.[1]
I don't think projects like qutebrowser, LuaKit and the many others fit that definition. Not being mainstream means by definition not getting as much security scrutiny as the dominant browsers.
What we really need is a hackable mainstream browser for people that need protection from the bad guys but not from themselves.
[1] I personally would make the concession that supporting a reasonable subset of the web was fair game.
The majority of security issues in browsers is in the more low-level components (rendering engine, sandbox, network stack, JS runtime, etc.). None of those small browsers implement any of that themselves, they either build on top of WebKit (e.g. via WebKitGTK, like Luakit), or on top of Chromium (via QtWebEngine like qutebrowser, or via Electron like Vieb).
So you'll mostly need to focus on keeping that up to date. Some distributions (Debian/Ubuntu for example) unfortunately do a bad job at that, but you can also quite easily install them as a binary from upstream.
You still will lag behind a bit on security fixes compared to Chromium directly, that's true. In the case of QtWebEngine, they backport security fixes to the next patch release, and I know of some distributions (I think it was Fedora?) that continuously backport those before Qt releases.
That leaves you with any security issue that's e.g. in the UI, or anything that's in the browser code itself.
For the former, I believe browsers aimed at more technical users can select different tradeoffs that make things more secure (e.g. qutebrowser always shows the punycode-encoded version of a URL if there's non-ASCII in it, while big browsers try to detect whether there are any confusables in it and only show it then - yet new ones are added every once in a while).
For the latter, qutebrowser has had three security bugs in almost 11 years.
Maybe someone should fork Firefox and make it hackable again. Probably not even that hard. Fix the keybindings, add some first-class-support for userscripting, local extensions and interaction with local system.. All those forks are just focused on adding more privacy or new addons at the moment.
Not hackable enough. Just see the comments here about how extensions like Vimium are limited why projects like the mentioned qutebrowser and Luakit exist.
Also, even if Firefox retains some of its hackability it can be gone tomorrow. I say this with a heavy heart, I personally lost trust in Mozilla as reasonable stewards of Firefox and allies that would protect Firefox users' freedoms. I don't want to drive this thread into that direction, if you're interested there should be enough in my comment history to give you an idea about the reasons and why I think like that.
I'm sorry but this is near unusable since the death of XUL and introduction of WebExtensions. I was a truly avid user of VimFX which did the same thing.
Vimium these days does not work when a page hasn't finished loading and it doesn't work on blank pages (about:blank) or any other "system page" (like the preferences or addons). The "o" key can no longer highlight the address bar but brings up a non-native address bar that does not find my bookmarks as it should.
Imagine you couldn't click on another tab with your mouse pointer while the current active one is loading. Yes, it's as terribly frustrating as it sounds.
In the XUL days I could even use vim shortcuts to access every button in the Firefox UI!
Luckily there is a solution for now. VimFx[1] is still being updated and works with the LegacyFox shim!
Have you heard about qutebrowser, Luakit, and Nyxt?
I like qb the most, as it's fairly stable and fully-featured. It offers full keyboard control, and many cool features like bindings for host-granular permissions for js and images, and is also scriptable. Built-in decent adblocker.
The main annoyance about it for me is it doesn't come with DRM, but it could also be seen as a feature, because it saves me a lot of time I'd otherwise watch arguably crap content.
Keep in mind that using LegacyFox is not a silver bullet. It will disable sandboxing and add-on signing, which will impact the security of your browser.
If you like vimium, or the idea of it, consider giving qutebrowser a spin. Chrome hampers extensions in a variety of ways (e.g., not being able to use vimium bindings on any "internal" pages), and a fully fledged browser makes the experience much more cohesive.
nyxt would be awesome when it has a decent browser engine. For now you cannot use nyxt on most regular websites (youtube is broken most of the time), They are working on moving it to chromium engine if I understood correctly. But yeah when it will be ready, it's the browser I waiting for the most.
I've been using it for years and am quite happy with it. I also write some bookmarklets and userscripts to go along with it. For example, I have a bookmarklet for my bookmark service called BM. When I want to save a webpage, I type 'b' (to open bookmarks) -> 'bm', and everything is ready.
This has been a great extension but i'm always nervous about Chrome extensions and their seemingly global access to everything and some dev's willingness to sell to malware devs.
It would be interesting if Chrome let you point an extension to a github repo (and tag or commit hash) and pull source from there.
yeah the permissions and ecosystem are scary. I have a very small extension (1000-ish users), and even I get "monetization opportunity for your extension" emails maybe... every other week?
Sometimes I feel like the only reason it's not a platform-breaking problem is that most extension devs make enough money from their day job to not care about a quick buck.
The first commit dates back to September 2009. That's fifteen years ago. Wow. Made me check when Chrome was first released. September 2008, as it turned out. So this extension was started just one year into Chrome's existence.
I've been using this for a while now with brave and it's indispensable really. There are some weird behaviours sometimes but it's site depending. AWS control center comes to mind.
I've used this and other similar extensions but always them being an extension makes for a slow and unreliable experience imo. Pressing shortcut keys just might work depending on the focus and other current state. Going back to qutebrowser after trying out these extensions feels so fast and reliable in comparison - when you press a key it will instantly work like it should.
I just looked and qutebrowser is basically a webview right? I've played with webviews a little and it didn't feel much different than other injection-style scripting. What would make that better than the extension?
FWIW I tried the vimium or vimperator before and found it clunkier than I expected, so I can believe qutebrowser is better.
It's a lot more than a webview in the sense that keyboard is a first-class citizen, everything is accessible via keyboard, the bindings are much more reliable and responsive, and many more features make it a predictable and stable experience.
For example, qutebrowser supports a hinting mode where I press Enter to activate a link after selecting it with hints, which almost entirely eliminates accidentally clicking the wrong link, something I still do occasionally with Vimium+Firefox.
It is also much more scriptable, so I can for example create a keyboard binding for clipping selected text (with references) directly to my localhost pastebin.
Every action you can imagine is scriptable and bindable.
It has built-in support for adblock and granular JS/image/etc permissions.
Great keyboard-accessible bookmarking system.
Keyboard-accessible and reproducible settings and bindings with autocomplete and lookups.
Not to mention that it does not on a regular basis non-consensually take away features I use/introduce features I don't want and can't disable.
qutebrowser UI is on top of the engine running inside it so it catches every key press (and then submits it to the web engine when needed).
Clunky would be the exact term I find my day to day with these extensions - it's often pressing a key, noticing the focus is somewhere that makes the extension not catch it, and then either using a mouse or a key shortcut just to move focus somewhere the extension works with before repeating the actual command. I'd get so used to it that even when the keys do work I'm using them really slowly as I expect they might not. That never happens in qute, if I press a key it will work unless I've made a mistake myself. Also the UI being native Qt it feels snappier for me than extensions bolted on existing browsers.
The features qutebrowser can implement are somewhat limited by the web engine API and it doesn't have some things other browsers do, which is exactly why sometimes I try out these extensions, but usually after trying them for a day it feels so good to get back to qute and get an instant reliable response to key presses that I don't care about the few missing things.
Maybe somebody knows: is it possible to exit Vimium's insert mode with any key other than ESC?
Exiting full screen video on YouTube requires ESC as well.
I'm surprised no one has mentioned Surfingkeys https://github.com/brookhong/Surfingkeys. I switched over from Vimium a couple years ago. I think its more performant than Vimium and also allows you quite a bit more flexibility in your configuration.
I prefer and recommend browser add-ons over Nyxt. You'll get more compatibility by being able to use Chrome/Firefox. You'll also have a much higher chance of being able to use the same environment at work - since you can typically still install browser add-ons in developer mode even if you aren't able to get rights to install apps.
For Firefox, I'm using Tridactyl[1] and am very happy with it, hint mode is an absolute god send.
[1] https://github.com/tridactyl/tridactyl
I'm still a little sad Vimperator – the precursor to all of these – does not work in modern browsers because it was so good but Tridactyl is certainly as close as one is allowed to get with WebExtensions.
I had a lot of problems with that. The "disable on some domains" functionality was broken for years. Probably they fixed it by now. Vimium worked and works better.
I wish there was a browser as secure as Chrome but hackable without restrictions.
I do not think this is a contradiction, at least not from a technical perspective. I am willing to take the responsibility for all actions and modifications I do to my own browser but I need it be secure against all influences out of my control. And I need it come with secure defaults. To be competitive it needs to come without awkward restrictions that e.g. an external sandbox would impose.[1]
I don't think projects like qutebrowser, LuaKit and the many others fit that definition. Not being mainstream means by definition not getting as much security scrutiny as the dominant browsers.
What we really need is a hackable mainstream browser for people that need protection from the bad guys but not from themselves.
[1] I personally would make the concession that supporting a reasonable subset of the web was fair game.
The majority of security issues in browsers is in the more low-level components (rendering engine, sandbox, network stack, JS runtime, etc.). None of those small browsers implement any of that themselves, they either build on top of WebKit (e.g. via WebKitGTK, like Luakit), or on top of Chromium (via QtWebEngine like qutebrowser, or via Electron like Vieb).
So you'll mostly need to focus on keeping that up to date. Some distributions (Debian/Ubuntu for example) unfortunately do a bad job at that, but you can also quite easily install them as a binary from upstream.
You still will lag behind a bit on security fixes compared to Chromium directly, that's true. In the case of QtWebEngine, they backport security fixes to the next patch release, and I know of some distributions (I think it was Fedora?) that continuously backport those before Qt releases.
That leaves you with any security issue that's e.g. in the UI, or anything that's in the browser code itself.
For the former, I believe browsers aimed at more technical users can select different tradeoffs that make things more secure (e.g. qutebrowser always shows the punycode-encoded version of a URL if there's non-ASCII in it, while big browsers try to detect whether there are any confusables in it and only show it then - yet new ones are added every once in a while).
For the latter, qutebrowser has had three security bugs in almost 11 years.
Maybe someone should fork Firefox and make it hackable again. Probably not even that hard. Fix the keybindings, add some first-class-support for userscripting, local extensions and interaction with local system.. All those forks are just focused on adding more privacy or new addons at the moment.
https://firefox.com
Not hackable enough. Just see the comments here about how extensions like Vimium are limited why projects like the mentioned qutebrowser and Luakit exist.
Also, even if Firefox retains some of its hackability it can be gone tomorrow. I say this with a heavy heart, I personally lost trust in Mozilla as reasonable stewards of Firefox and allies that would protect Firefox users' freedoms. I don't want to drive this thread into that direction, if you're interested there should be enough in my comment history to give you an idea about the reasons and why I think like that.
Is it as secure as Google Chrome though?
I'm sorry but this is near unusable since the death of XUL and introduction of WebExtensions. I was a truly avid user of VimFX which did the same thing. Vimium these days does not work when a page hasn't finished loading and it doesn't work on blank pages (about:blank) or any other "system page" (like the preferences or addons). The "o" key can no longer highlight the address bar but brings up a non-native address bar that does not find my bookmarks as it should.
Imagine you couldn't click on another tab with your mouse pointer while the current active one is loading. Yes, it's as terribly frustrating as it sounds.
In the XUL days I could even use vim shortcuts to access every button in the Firefox UI!
Luckily there is a solution for now. VimFx[1] is still being updated and works with the LegacyFox shim!
[1] https://github.com/akhodakivskiy/VimFx
Have you heard about qutebrowser, Luakit, and Nyxt?
I like qb the most, as it's fairly stable and fully-featured. It offers full keyboard control, and many cool features like bindings for host-granular permissions for js and images, and is also scriptable. Built-in decent adblocker.
The main annoyance about it for me is it doesn't come with DRM, but it could also be seen as a feature, because it saves me a lot of time I'd otherwise watch arguably crap content.
> Have you heard about qutebrowser, Luakit, and Nyxt?
Yes, but neither support extensions AFAIK. Not ready to take my browsing back to a pre 2004 era. :)
Keep in mind that using LegacyFox is not a silver bullet. It will disable sandboxing and add-on signing, which will impact the security of your browser.
Completely agree but it's the best we got at the moment if you want to use the non-XUL version of Firefox.
All addons are disabled on system pages.
I've never experienced your problems, Vimium works on any tab, indipendently from the others.
I don't understand your glitches, really.
If you like vimium, or the idea of it, consider giving qutebrowser a spin. Chrome hampers extensions in a variety of ways (e.g., not being able to use vimium bindings on any "internal" pages), and a fully fledged browser makes the experience much more cohesive.
You can extend Qutebrowser with userscripts [1].
For the Lisp fans, Nyxt [2] is a decent choice as well.
[1] https://qutebrowser.org/doc/userscripts.html
[2] https://nyxt.atlas.engineer/
nyxt would be awesome when it has a decent browser engine. For now you cannot use nyxt on most regular websites (youtube is broken most of the time), They are working on moving it to chromium engine if I understood correctly. But yeah when it will be ready, it's the browser I waiting for the most.
i used QB for years and loved it but eventually i couldn't stand not having uBlock Origin anymore.. shame there's not a good adblocker for QB
I've been using it for years and am quite happy with it. I also write some bookmarklets and userscripts to go along with it. For example, I have a bookmarklet for my bookmark service called BM. When I want to save a webpage, I type 'b' (to open bookmarks) -> 'bm', and everything is ready.
I thought the Hacker's Browser was Nyxt.
Bloody typical for a project with vim in the title, no instructions on how to quit!
Joking aside, I’ll have to give this extension a spin.
This has been a great extension but i'm always nervous about Chrome extensions and their seemingly global access to everything and some dev's willingness to sell to malware devs.
It would be interesting if Chrome let you point an extension to a github repo (and tag or commit hash) and pull source from there.
You can do this by enabling developer mode in chrome://extensions, which lets you install from a directory.
You lose automatic updates though.
yeah the permissions and ecosystem are scary. I have a very small extension (1000-ish users), and even I get "monetization opportunity for your extension" emails maybe... every other week?
Sometimes I feel like the only reason it's not a platform-breaking problem is that most extension devs make enough money from their day job to not care about a quick buck.
The first commit dates back to September 2009. That's fifteen years ago. Wow. Made me check when Chrome was first released. September 2008, as it turned out. So this extension was started just one year into Chrome's existence.
I wish textareas had keybindings
This is supported by vimium with `gi`
Hacker's BrowserExtension.
Vimium is not a Bowser on its own. Not yet at least.
>Vimium is not a Bowser on its own. Not yet at least.
It certainly doesn't look like a turtle.
I've been using this for a while now with brave and it's indispensable really. There are some weird behaviours sometimes but it's site depending. AWS control center comes to mind.
I've used this and other similar extensions but always them being an extension makes for a slow and unreliable experience imo. Pressing shortcut keys just might work depending on the focus and other current state. Going back to qutebrowser after trying out these extensions feels so fast and reliable in comparison - when you press a key it will instantly work like it should.
I just looked and qutebrowser is basically a webview right? I've played with webviews a little and it didn't feel much different than other injection-style scripting. What would make that better than the extension?
FWIW I tried the vimium or vimperator before and found it clunkier than I expected, so I can believe qutebrowser is better.
It's a lot more than a webview in the sense that keyboard is a first-class citizen, everything is accessible via keyboard, the bindings are much more reliable and responsive, and many more features make it a predictable and stable experience.
For example, qutebrowser supports a hinting mode where I press Enter to activate a link after selecting it with hints, which almost entirely eliminates accidentally clicking the wrong link, something I still do occasionally with Vimium+Firefox.
It is also much more scriptable, so I can for example create a keyboard binding for clipping selected text (with references) directly to my localhost pastebin.
Every action you can imagine is scriptable and bindable.
It has built-in support for adblock and granular JS/image/etc permissions.
Great keyboard-accessible bookmarking system.
Keyboard-accessible and reproducible settings and bindings with autocomplete and lookups.
Not to mention that it does not on a regular basis non-consensually take away features I use/introduce features I don't want and can't disable.
To add to the list, in addition to the bookmarking system they have "quickmarks" which means to open this site I type "b hn<enter>" and that's it
qutebrowser UI is on top of the engine running inside it so it catches every key press (and then submits it to the web engine when needed).
Clunky would be the exact term I find my day to day with these extensions - it's often pressing a key, noticing the focus is somewhere that makes the extension not catch it, and then either using a mouse or a key shortcut just to move focus somewhere the extension works with before repeating the actual command. I'd get so used to it that even when the keys do work I'm using them really slowly as I expect they might not. That never happens in qute, if I press a key it will work unless I've made a mistake myself. Also the UI being native Qt it feels snappier for me than extensions bolted on existing browsers.
The features qutebrowser can implement are somewhat limited by the web engine API and it doesn't have some things other browsers do, which is exactly why sometimes I try out these extensions, but usually after trying them for a day it feels so good to get back to qute and get an instant reliable response to key presses that I don't care about the few missing things.
Nyxt it's the truest hacker's browser.
Browser?
telnet to port 80
port 70, magical.fish
is there something comparable, providing emacs bindings instead? asking for a friend.
Yes, I like this plug-in very much and have been using it for many years. Thank you to the author for his wisdom and contribution!
Maybe somebody knows: is it possible to exit Vimium's insert mode with any key other than ESC? Exiting full screen video on YouTube requires ESC as well.
https://github.com/philc/vimium/wiki/Tips-and-Tricks#using-t...
surfingkeys seems to have more features and works well for me
and homerow is a pretty cool tool for navigating/scrolling like vimium outside the browser (on Mac)
I've tried most firefox vim addons, and Vimium is the one that I ended up using.
The only configuration: I disabled it on banking sites... you never know.
To disable it, just press its icon on any website, and it will stay disabled on all the domain.