I'm still a little sad Vimperator – the precursor to all of these – does not work in modern browsers because it was so good but Tridactyl is certainly as close as one is allowed to get with WebExtensions.
Same here. I've never been able to stick with any extension post-Vimperator. They've all just felt too clumsy. It's led to my tinkering with qutebrowser from time to time because it is seamless.
I had a lot of problems with that. The "disable on some domains" functionality was broken for years. Probably they fixed it by now. Vimium worked and works better.
I'm sorry but this is near unusable since the death of XUL and introduction of WebExtensions. I was a truly avid user of VimFX which did the same thing.
Vimium these days does not work when a page hasn't finished loading and it doesn't work on blank pages (about:blank) or any other "system page" (like the preferences or addons). The "o" key can no longer highlight the address bar but brings up a non-native address bar that does not find my bookmarks as it should.
Imagine you couldn't click on another tab with your mouse pointer while the current active one is loading. Yes, it's as terribly frustrating as it sounds.
In the XUL days I could even use vim shortcuts to access every button in the Firefox UI!
Luckily there is a solution for now. VimFx[1] is still being updated and works with the LegacyFox shim!
Have you heard about qutebrowser, Luakit, and Nyxt?
I like qb the most, as it's fairly stable and fully-featured. It offers full keyboard control, and many cool features like bindings for host-granular permissions for js and images, and is also scriptable. Built-in decent adblocker.
The main annoyance about it for me is it doesn't come with DRM, but it could also be seen as a feature, because it saves me a lot of time I'd otherwise watch arguably crap content.
DRM should work just fine via Widevine if you have a Qt build with proprietary codec support, and you have an appropriate version of Widevine available.
Keep in mind that using LegacyFox is not a silver bullet. It will disable sandboxing and add-on signing, which will impact the security of your browser.
Yes, this is true for all WebExtensions. But I don't care if uBlock Origin or any other extension I use doesn't work on "system pages". However, I'd like to use my choice of navigation wherever I am in the browser.
Keyboard navigation requires a deeper integration with the browser (than WebExtensions allows for) to achieve a consistent experience.
> Vimium works on any tab, indipendently from the others.
What I'm trying to say is that Vimium keyboard navigation stops working when a page is loading.
I tried to illustrate my frustration to those only used to mouse navigation by saying that switching tabs with your mouse buttons and pointer freezed if the current page was loading. That would suck, right?
> I don't understand your glitches, really.
Do yourself a service and just be happy that you can't tell the difference between XUL generation keyboard navigation and the current state if affairs. :-D
I wish there was a browser as secure as Chrome but hackable without restrictions.
I do not think this is a contradiction, at least not from a technical perspective. I am willing to take the responsibility for all actions and modifications I do to my own browser but I need it be secure against all influences out of my control. And I need it come with secure defaults. To be competitive it needs to come without awkward restrictions that e.g. an external sandbox would impose.[1]
I don't think projects like qutebrowser, LuaKit and the many others fit that definition. Not being mainstream means by definition not getting as much security scrutiny as the dominant browsers.
What we really need is a hackable mainstream browser for people that need protection from the bad guys but not from themselves.
[1] I personally would make the concession that supporting a reasonable subset of the web was fair game.
The majority of security issues in browsers is in the more low-level components (rendering engine, sandbox, network stack, JS runtime, etc.). None of those small browsers implement any of that themselves, they either build on top of WebKit (e.g. via WebKitGTK, like Luakit), or on top of Chromium (via QtWebEngine like qutebrowser, or via Electron like Vieb).
So you'll mostly need to focus on keeping that up to date. Some distributions (Debian/Ubuntu for example) unfortunately do a bad job at that, but you can also quite easily install them as a binary from upstream.
You still will lag behind a bit on security fixes compared to Chromium directly, that's true. In the case of QtWebEngine, they backport security fixes to the next patch release, and I know of some distributions (I think it was Fedora?) that continuously backport those before Qt releases.
That leaves you with any security issue that's e.g. in the UI, or anything that's in the browser code itself.
For the former, I believe browsers aimed at more technical users can select different tradeoffs that make things more secure (e.g. qutebrowser always shows the punycode-encoded version of a URL if there's non-ASCII in it, while big browsers try to detect whether there are any confusables in it and only show it then - yet new ones are added every once in a while).
For the latter, qutebrowser has had three security bugs in almost 11 years.
Unfortunately I don't share your optimism regarding how hard it is to mess up in the upper layers. I also don't think it really is a technical problem.
The question is if we can get a significant number of eyeballs on such a hackable browser. If enough people have a vested interest, security will follow. Without enough users every effort is futile.
I really hate to be harsh to alternative browsers, because they are all we've got right now now, but three security bugs in 11 years says not much if the user base is that small.
Maybe someone should fork Firefox and make it hackable again. Probably not even that hard. Fix the keybindings, add some first-class-support for userscripting, local extensions and interaction with local system.. All those forks are just focused on adding more privacy or new addons at the moment.
Not hackable enough. Just see the comments here about how extensions like Vimium are limited why projects like the mentioned qutebrowser and Luakit exist.
Also, even if Firefox retains some of its hackability it can be gone tomorrow. I say this with a heavy heart, I personally lost trust in Mozilla as reasonable stewards of Firefox and allies that would protect Firefox users' freedoms. I don't want to drive this thread into that direction, if you're interested there should be enough in my comment history to give you an idea about the reasons and why I think like that.
If you are on macOS and mainly use the link hints, Homerow (paid) gives you link hints for the entire OS (including browsers and web pages): https://www.homerow.app
It's one of my favorite macOS apps that I can't live without.
I'm surprised no one has mentioned Surfingkeys https://github.com/brookhong/Surfingkeys. I switched over from Vimium a couple years ago. I think its more performant than Vimium and also allows you quite a bit more flexibility in your configuration.
I prefer and recommend browser add-ons over Nyxt. You'll get more compatibility by being able to use Chrome/Firefox. You'll also have a much higher chance of being able to use the same environment at work - since you can typically still install browser add-ons in developer mode even if you aren't able to get rights to install apps.
Does anyone have any suggestions on useful vi commands to learn?
I prefer vi over emacs, but mostly because before I was a hacker, I had an interest in systems administration -- it's so much simpler to edit config files in vi than rely on a tool that seems to require a lot of customization, but I actually usually use Sublime for anything more than a short shell script.
I personally use neovim and something I love doing is :tabedit to create a new tab and then I slap a :term in there and baby you've got a fullscreen terminal in a separate tab right inside vim and get this, you can yank text from this buffer and easily move this between your terminal tab and the files you have open.
I think regular vim will do all this as well but I think maybe the commands are different?
If you're in a terminal and want to edit just that command (and Vim is your $EDITOR), you can type `ctrl-x ctrl-e` and it will open your command in a buffer. Once you're satisfied, you can `:wq` and the edited command will be ready to execute in your terminal.
Not exactly your usecase, but a useful one nevertheless.
Since Neovim 0.10, `:tab term` now opens the terminal window in a new tab. And you could use the exact same command in Vim since they introduced their own terminal emulation feature in Vim 8.0.0693.
For gaining expertise in vim, I generally point people at https://danielmiessler.com/p/vim/ which will teach you how to think about vim as a text manipulation language rather than just as an editor.
Thanks for this, just the sort of primer I was looking for.
(I was wondering why the name seemed familiar, then realized... they also are the person who put together a bunch of password lists[1] that are incredibly useful.)
Vi is power but you are limiting yourself using it because its much harder to extend it. Emacs is very extendable but not everyone likes writing lisp to do so. And nvim offers Lua as opposed to vimscript which can be opinionated.
If you need help setting up an config file I recommend checking out ThePrimeagen or just look at some peoples .dotfiles repos they already did the setup! I won't plug my own but I challenge you to challenge yourself with the complex setup for the downstream knock-on effects you get.
Find a good pre-pack that can help, is my recommendation.
I went from pretty vanilla neovim to using AstroVim, & it's been pretty lovely. It uses the very widely used lazy.nvim for plugin loading, which is quite standard. It has a pretty nice visual leader-key menu that helps explore &show off what is setup; great for discovery. https://astronvim.com/
As well as being a good base, AstroVim also has an excellent "community pack" setup, which is a collection of many many many mostly drop in init files that setup a couple plugins in a nice way. If trying to get LSP working or better, or looking for better treesitter nav options, the community packs are great drop ones or references to get started, show what's out there. It's a huge part of what makes AdtroVim community so good. https://github.com/AstroNvim/astrocommunity
This has been a great extension but i'm always nervous about Chrome extensions and their seemingly global access to everything and some dev's willingness to sell to malware devs.
It would be interesting if Chrome let you point an extension to a github repo (and tag or commit hash) and pull source from there.
yeah the permissions and ecosystem are scary. I have a very small extension (1000-ish users), and even I get "monetization opportunity for your extension" emails maybe... every other week?
Sometimes I feel like the only reason it's not a platform-breaking problem is that most extension devs make enough money from their day job to not care about a quick buck.
Readit News
[1] https://github.com/tridactyl/tridactyl
`:blacklistadd [URL]` remains a much better option for most people for most sites because it lets you easily re-enable Tridactyl temporarily.
Glad you're happy with Vimium :)
Imagine you couldn't click on another tab with your mouse pointer while the current active one is loading. Yes, it's as terribly frustrating as it sounds.
In the XUL days I could even use vim shortcuts to access every button in the Firefox UI!
Luckily there is a solution for now. VimFx[1] is still being updated and works with the LegacyFox shim!
[1] https://github.com/akhodakivskiy/VimFx
I like qb the most, as it's fairly stable and fully-featured. It offers full keyboard control, and many cool features like bindings for host-granular permissions for js and images, and is also scriptable. Built-in decent adblocker.
The main annoyance about it for me is it doesn't come with DRM, but it could also be seen as a feature, because it saves me a lot of time I'd otherwise watch arguably crap content.
Yes, but neither support extensions AFAIK. Not ready to take my browsing back to a pre 2004 era. :)
See https://doc.qt.io/qt-6/qtwebengine-features.html#html5-drm
I've never experienced your problems, Vimium works on any tab, indipendently from the others.
I don't understand your glitches, really.
Yes, this is true for all WebExtensions. But I don't care if uBlock Origin or any other extension I use doesn't work on "system pages". However, I'd like to use my choice of navigation wherever I am in the browser.
Keyboard navigation requires a deeper integration with the browser (than WebExtensions allows for) to achieve a consistent experience.
> Vimium works on any tab, indipendently from the others.
What I'm trying to say is that Vimium keyboard navigation stops working when a page is loading.
I tried to illustrate my frustration to those only used to mouse navigation by saying that switching tabs with your mouse buttons and pointer freezed if the current page was loading. That would suck, right?
> I don't understand your glitches, really.
Do yourself a service and just be happy that you can't tell the difference between XUL generation keyboard navigation and the current state if affairs. :-D
I do not think this is a contradiction, at least not from a technical perspective. I am willing to take the responsibility for all actions and modifications I do to my own browser but I need it be secure against all influences out of my control. And I need it come with secure defaults. To be competitive it needs to come without awkward restrictions that e.g. an external sandbox would impose.[1]
I don't think projects like qutebrowser, LuaKit and the many others fit that definition. Not being mainstream means by definition not getting as much security scrutiny as the dominant browsers.
What we really need is a hackable mainstream browser for people that need protection from the bad guys but not from themselves.
[1] I personally would make the concession that supporting a reasonable subset of the web was fair game.
So you'll mostly need to focus on keeping that up to date. Some distributions (Debian/Ubuntu for example) unfortunately do a bad job at that, but you can also quite easily install them as a binary from upstream.
You still will lag behind a bit on security fixes compared to Chromium directly, that's true. In the case of QtWebEngine, they backport security fixes to the next patch release, and I know of some distributions (I think it was Fedora?) that continuously backport those before Qt releases.
That leaves you with any security issue that's e.g. in the UI, or anything that's in the browser code itself.
For the former, I believe browsers aimed at more technical users can select different tradeoffs that make things more secure (e.g. qutebrowser always shows the punycode-encoded version of a URL if there's non-ASCII in it, while big browsers try to detect whether there are any confusables in it and only show it then - yet new ones are added every once in a while).
For the latter, qutebrowser has had three security bugs in almost 11 years.
The question is if we can get a significant number of eyeballs on such a hackable browser. If enough people have a vested interest, security will follow. Without enough users every effort is futile.
I really hate to be harsh to alternative browsers, because they are all we've got right now now, but three security bugs in 11 years says not much if the user base is that small.
Also, even if Firefox retains some of its hackability it can be gone tomorrow. I say this with a heavy heart, I personally lost trust in Mozilla as reasonable stewards of Firefox and allies that would protect Firefox users' freedoms. I don't want to drive this thread into that direction, if you're interested there should be enough in my comment history to give you an idea about the reasons and why I think like that.
It's one of my favorite macOS apps that I can't live without.
I prefer and recommend browser add-ons over Nyxt. You'll get more compatibility by being able to use Chrome/Firefox. You'll also have a much higher chance of being able to use the same environment at work - since you can typically still install browser add-ons in developer mode even if you aren't able to get rights to install apps.
I prefer vi over emacs, but mostly because before I was a hacker, I had an interest in systems administration -- it's so much simpler to edit config files in vi than rely on a tool that seems to require a lot of customization, but I actually usually use Sublime for anything more than a short shell script.
I think regular vim will do all this as well but I think maybe the commands are different?
Not exactly your usecase, but a useful one nevertheless.
(I was wondering why the name seemed familiar, then realized... they also are the person who put together a bunch of password lists[1] that are incredibly useful.)
[1] https://github.com/danielmiessler/SecLists/
If you need help setting up an config file I recommend checking out ThePrimeagen or just look at some peoples .dotfiles repos they already did the setup! I won't plug my own but I challenge you to challenge yourself with the complex setup for the downstream knock-on effects you get.
I went from pretty vanilla neovim to using AstroVim, & it's been pretty lovely. It uses the very widely used lazy.nvim for plugin loading, which is quite standard. It has a pretty nice visual leader-key menu that helps explore &show off what is setup; great for discovery. https://astronvim.com/
As well as being a good base, AstroVim also has an excellent "community pack" setup, which is a collection of many many many mostly drop in init files that setup a couple plugins in a nice way. If trying to get LSP working or better, or looking for better treesitter nav options, the community packs are great drop ones or references to get started, show what's out there. It's a huge part of what makes AdtroVim community so good. https://github.com/AstroNvim/astrocommunity
It would be interesting if Chrome let you point an extension to a github repo (and tag or commit hash) and pull source from there.
You lose automatic updates though.
Sometimes I feel like the only reason it's not a platform-breaking problem is that most extension devs make enough money from their day job to not care about a quick buck.