Slashdot Mirror

Links is great for work, while lynx is great for home.

Would be nice to have a new Browser project which is a bit more concerned about User's Security Policy than whatever w3c says how the Internet is "supposed" to work. If, for some reason, I am opposed to the Internet, and want the browser to only extract and display the text (using only a bitmap font), show a clickable button instead of an image or iframe (or anything more complex), run only first-party scripts under an interpreter, giving the Script only what it needs in terms of DOM manipulation to keep the Script happy (and to display the desired results), and validate any certificates the website shows [even if I am the CA and am only using the browser on an Intranet] -- I should be able to do that. Moreover, the browser's software components should be coded simply enough that its minimalistic browsing mode should be verifiable.

Here is the perfect answer to your dreams. It still works perfectly well and does almost all of what you desire perfectly and very securely if you run it without root priv.

Done.

Netscape 2.0 also counts, as it's miles ahead in stopping blind execution compared to stock modern browsers. It also had bandwidth saving features too, allows manually loading images. Modern browser developers must think those two features would never have any use.

You know which browser draws batteries even less than Edge?

Lynx.

Save your breath. There's a solution for everything

I use telnet as my web browser, you insensitive clod!

all your base are belong to Lynx

Yes here's one. Good luck.

I miss Lynx!

corrected link

I miss Lynx!

"I guess that it would be fine if you used it for word processing with an old version of Word, but it simply cannot handle a modern web browser."

your guess fails. here is a 'modern' browser that will run on this old hardware without bringing it to it's knees.
http://lynx.browser.org/

Maybe you meant to say "Iron Browser" rather than Chrome. The official Chrome or Chromium from Google scoops up more data than Firefox even dreams about.

http://www.srware.net/en/softw...

Yeah, I like Iron pretty well, but I'm growing to like Pale Moon better.

https://www.palemoon.org/

And, if those don't suit you, you can always go with this one.

http://lynx.browser.org/

The memory footprint for that last one is almost invisible on a 4 GB system!

Autoplay HTML5 video is the scourge on the Internet. Is there a way to stop it?

Absolutely.

Cant we just have that back?

Sure you can.

Hmm, an initial browser that will not interfere with competition. The only solution is a browser that is obviously less desirable than anything else. I propose lynx [http://lynx.browser.org/]

Why don't you just use a text browser? I mean, you are disabling every web innovation since like 1995. If you want lean, go lean. Why take a rambling piece of garbage like Nutscrape 4x and strip it?

Me thinks you are a bit paranoid. I use Firefox on an XP box (when I am not using Firefox on Ubuntu) and I have NEVER had a problem. Ever. Really. I look at images AND allow javascript. And, brace yourself -- allow XMLHTTPRequest calls. It's really not a big deal. No problems. None.

If you're still that paranoid, for what it's worth, I use lynx to test my sites and it's pretty good if that's what you're into. Meanwhile, I can hook you up with a good tinfoil haberdashery.

No, he probably meant what he said

sol ~ # eix links

* www-client/links
          Available versions: 2.1_pre26:2 2.1_pre28-r1:2
          Installed: none
          Homepage: http://links.twibright.com/
          Description: links is a fast lightweight text and graphic web-browser

Found 5 matches.
sol ~ # eix lynx
* www-client/lynx
          Available versions: 2.8.6-r1 2.8.6-r2
          Installed: 2.8.6-r1
          Homepage: http://lynx.browser.org/
          Description: An excellent console-based web browser with ssl support

sol ~ #

If the website designer has to pay for bits each time you view their website without viewing their banner ads, are you engaged in theft?

No more theft than it would be if you were viewing web content with a browser that couldn't physically render the content. What if everyone used Lynx, for example?

Give slackware booting to runlevel 3, gnu screen, gnu coreutils, vim, lynx/links/w3m/elinks, lftp, rtorrent, and moosic a try. There are many others of course.

Exactly.

As it happens all the time (remember OpenOffice.org destroying MS Office's market share? Real Player being installed and used on each and every win-based computer (instead of the builtin WMP)? Everybody using Trillian/Miranda/Kopete/GAIM/Whatever instead of the ole MSN Messenger?).

Just one thing remains to be asked: Why the heck would anybody use Firefox if there are better alternatives everywhere?

Lilly claims that Jobs' recent discussion of Safari on Windows is an attempt to create a duopoly of browsers (IE and Safari), with Firefox and the rest on the outside looking in.

Hmm, my CPU usage is hovering around 1.5%. Sounds like you could use NoScript, Adblock, Adblock Filterset.G Updater, and Flashblock. If that sounds like bloat to you, you can lower your CPU usage to ~0 with Lynx, w3m, or Links. If that's still too much overhead for you, give LineMode a try.

If you want to see through a search engine's eyes, open the page in Lynx. The funniest part about showing that method to another developer is when they think Lynx is broken because the page is empty. "It didn't load. How do I refresh the page? This browser sucks." Heh. Endless fun.

(method does not account for image crawlers)

I work as the web master for a non-profit or not-for-profit group (I personally do not know its IRS filing status). One of the requirements written into our web publishing policies is that it must meet W3C accessibility guild lines. By default, this means that it must be reasonably standards compliant. I run into no issues making it work on any browser other then IE.

The thing I find most annoying is that everyone seems to consider writing a standards complaint web page is difficult. It's not unless you are using a WYSIWYG generator, especially FontPage, or your site requires JavaScript to display properly. Both of which are extremely bad practices for professional web sites and make them near impossible to read on hand held devices and screen readers for the blind.

For all of you web developers that have no idea why what I am talking about is such a big deal. As was mentioned in an earlier post, check out the Lynx text-only web browser and view your sites. Please note: Everything you see in the Lynx browser is all your average screen reader for the blind can see! Now, before I get nick-picked. There are better screen readers for the blind out there that can see more but, these programs cost money that blind people often do not have.

So please, don't be a web dork (name a co-worker called "web masters" that knew nothing more then FrontPage/Dreamweaver and didn't even know what an .htaccess file was, much less how to write one). Take the extra time it takes to look over your sites and see what others can really see of your site.

Now, that's still no justification or reason for saying "don't use Opera,"

Really? 0.6% marketshare? Can I complain because it doesn't render properly in Lynx?

Take my comment as flamebait if you want to. But I have much bigger things to complain about on the web. Like webpages that won't work without Javascript. Or webpages that use stupid flash interfaces. Or how about webpages that aren't dialup friendly? I suspect there's more dialup users out there then Opera users. Don't see anybody on /. jumping up to defend them.

Have you tried Lynx?

Details here.

(hey, we gotta get creative every once in a while, no?)

The article uses an awful example of an XSS exploit. The vast majority of XSS exploits don't have to jump through the hoop of an HTTP POST, so they're mindlessly simple to pull off, and there's no phishing involved. Plus, the fact that he used a proxy to modify his own web browsing is a complete red herring and detracts from the article.

In contrast to phishing (and in contrast to what's been said in most of the posts so far), an XSS exploit is a legitimate link to the target website. No amount of looking at the host part of the URL will tell you that it's a phish, because it truly, honestly isn't. If you take the time to manually browse the GET parameters individually before you click the link, you might catch that it's an XSS exploit (or an attempt at one) if you know some HTML and Javascript.

What's worse, though, is that instead of a clickable link, the exploit could even be the URL of an <iframe> tag. Completely automatic, no clicking required, and AFAIK no modern browser allows the user to disable or manually confirm <iframe> tags. Even worse, XSS attacks on some sites are persistent and shared. For instance, if someone home-rolls their own comment system and forgets some checks, it might be possible to post an XSS exploit in the subject line of the comment, which not only affects everyone who reads the post, but also everyone who even reads a list of new messages.

The important characteristic of an XSS attack is that, unlike most web-based attacks, XSS attacks are exploiting the website itself -- not you, and not your browser. You click the link, the website ships some HTML to your browser, and whaddya know, there's one of them newfangled <script> tags to run.... The injected Javascript code, which the webmaster didn't intend but nonetheless his website actually delivered to your browser, runs with the same permissions as any of his own code, which includes access to the document.cookie property. Since most websites these days stick session IDs or even *groan* username/passwords in cookies, all it takes is for the Javascript to e.g. generate an <img> or <iframe> tag that points to the attacker's website, with '?'+document.cookie tacked onto the end of the GET request. Now the attacker can log in as you, and can explore other, non-XSS exploits that require him to be logged in.

Your only recourse as a user is to disable Javascript. Full stop. You can't even enable it on "trusted" sites, because if you mark them as "trusted", you're saying "I trust that this website will never, ever be hacked so long as I live". One or more of your "trusted" sites might have undiscovered XSS flaws in their backends, and you can't "untrust" them faster than the blackhats can exploit them.

There is nothing, I repeat nothing that you can do as a user or as a browser designer that will simultaneously (a) prevent XSS and other server-side exploits, and (b) allow the features that modern web sites depend on by design. If you think you want a browser that's completely safe from server-side exploits, spend a week browsing the web using strictly Lynx, then see if you're still of the same opinion. (While XSS requires Javascript to pull off, there are other server-side data validation problems on many websites, and those can be exploited by something as innocuous as a CSS stylesheet reference.)

I found a way too make myspace readable and usable, it's called Lynx. (http://lynx.browser.org/)

Lynx is still alive and kickin' – I'm a Linux hacker, so use it all the time myself (great if the latest dev build of X doesn't want to work, or I just need to grab a quick file and don't know the exact URL... plus it's just so much faster than most of the other browsers I know, and I'm always running at least one Eterm window so I like having it run in the terminal). Of course, if you'd rather have a more graphical browser, Dillo (see also another comment I wrote so I don't have to repeat myself) is a really nice one, at least if you run a UNIX-ish operating system – actually, I think there's a Windows port available as well, although I don't remember the site.

Personally, I think the best "power user's browser" is Konqueror – it has tabs and split windows, supports XHTML/CSS/JavaScript, manages my files, can open almost every known filetype embedded within its own program window, – and the rarely-mentioned but highly useful ability to run a terminal emulator inside itself, which is great if you're trying to design a Web site and need to see both the code and preview at the same time.

Ever use lynx? It makes a difference.

Who needs CSS when you have Lynx?

(Oh, and don't mention that other text-mode browser. I like my browsers coarse and ugly, thank you.)

I don't get it ... what's a mouse? Have you ever heard of Lynx?

lynx is a good choice for many sites too :)

Download here

OK, OK, so I wanted to be different from those "get Firefox" jokes!

lynx.browser.org

If you're worried about malware, you should switch to a browser that has little chance of ever becoming the dominant browser. While you might think Opera is the obvious choice for this, I think there's a better one.

Geez! I do it one way - it's 'Redundant', I do it another way - it's a 'Troll'. Seems like the 'damned if you do, damned if you don't /. special on the menu!

Oh well, I probably should go the other route ;)

Use lynx http://lynx.browser.org/
Secure out of the box.

Absolutely it should work in text-only browsers. Blind people may have to submit claims too, right? HTML is designed so that your site will automatically work in any setting (even lynx) if you're using it properly. Sensible alt attributes aren't very hard, and few things actually require java/graphics/flash/etc.

People with disabilities prefer CSS because it allows them to trivally alter layout and visual presentation in a way that works for them. For example, some people have trouble seeing low-contrast presentations; they can insert their own CSS into a CSS-aware page to make any site readable.

Actually, they don't. Pixel-precise css layouts (and numerous css hacks) make client-side stylesheets a nice idea in theory mostly.

Secondly, the use of CSS for layout has lead to a lot of web designers pretty much neglecting the presentability of plain HTML. Open Slashcode in lynx and you'll see what I mean; three pages of (mostly) irrelevant links before you get to the articles themselves.
Keep in mind, an individual using a screen reader will have to read or listen to all of these links before getting to the content.

CSS, like all the layout tools for the web that preceded it, is something that needs to be applied with great care if usability is to be maintained.

He's old school, serious old school. I would say LYNX. Plus lynx is text only, no chance of naughty pics. Which would explain soo soo much about him.

my favorite browser for rendering: http://lynx.browser.org/ the one for efficiency: http://www.gnu.org/software/wget/wget.html

Heck, I'm amazed they even used colors. I half expected it to look a lot like the Lynx website.

(1) elinks

(2) lynx

I'd say this one is fairly safe...

Lynx(browser.org) schools them both. Especially in the way in which it views ads graphics!~

I just tried loband and it resembles with w3m or lynx would display. It's true the text probably isn't getting compress, but text usually isn't the issue with low bandwidth, though text is highly compressible.

But looking at the source of the file I just downloaded. What it basically does is strip off the css and replace with its own. images will get a link to the actual image, which doesn't get compress anymore. I don't see any compression at all either.

Another problem I see with this is that what loband is doing seems to be able to be done on a client side app instead of a server side app. With the server side app, it seems to be a waste of bandwidth to and from loband.

all that matters is that we have to LOOK productive 24x7

And that's why Lynx is wonderful. A DOS-looking terminal window always looks productive.

Actually, Lynx is.

But then again, I'm just being pedantic.
This hijacking thing is becoming a real PITA, and his recommendations to the search engines at the end of the article are reasonable.

The fix i personally recommend is simple: treat cross-domain 302 redirects differently that same-domain 302 redirects. Specifically, treat same-domain 302 redirects exactly as per the RFC, but treat cross-domain 302 redirects just like a normal link.

Solution Here.

Brand new, from what I hear.