[00:54] <hallyn> you dawg i heard you like browsers, so i put a browser in your browser...   actually firefox has a 'remote' mode that kind of works like that right?
[00:55] <hallyn> i miss the old vimprobable.  if only someone had the time and the inclination to rewrite it against newer webkit or another kit
[00:56] <hallyn> hundreds of tabs.  that seems like the wrong behavior to reinforce but what do i know, i'm not one of the cool kids.
[00:56] <sarnold> there's qutebrowser, kinda similar, and it even seems to be developed https://launchpad.net/ubuntu/+source/qutebrowser
[00:57] <sarnold> but of course there's basically no security support for the boutique browsers
[01:03]  * hallyn wonders if he coudl pay someone...
[01:04] <hallyn> qutebrowser soudns familiar, i must have tried it, i wonder why i didn't pick it up as my main replacement
[01:12] <hallyn> hm, looks nice.  (just trial-installed it)  but like you say, can i trust it...
[01:12] <hallyn> i've actually gotten very used to using w3m for a lot of my browsing
[02:04] <JanC> well, most of the need for security is in the SSL library & the browser engine, I guess, which are maintained well enough probably?
[02:05] <JanC> as essentially all these alternative browsers use Qt Webkit or Gtk Webkit or Blink?
[02:06] <sarnold> https://launchpad.net/ubuntu/+source/qtwebengine-opensource-src  focal, no updates since 2020-07-16
[02:06] <sarnold> bionic never got any updates
[02:08] <JanC> the Qt people don't do security updates or nobody works on keeping Qt up-to-date in Ubuntu?
[02:11] <JanC> it seems like Qt webkit is getting updates?
[02:14] <hallyn> so we just need to bribe a new debian maintainer?
[02:14] <JanC> (I seem to remember webengine is being removed from some distros also?)
[02:15] <JanC> there is a qutebrowser-version that uses webkit
[02:15] <JanC> instead of webengine
[02:16] <JanC> I think webengine is blink?
[02:18] <hallyn> sounds right - https://www.reddit.com/r/Nyxt/comments/rl6kiw/whats_the_deal_with_blink_qt_webengine/
[02:23] <JanC> if you want a barebones browser there is also luakit & such
[02:24] <JanC> which is based on webkit gtk
[02:26] <JanC> and that is getting security fixes, it seems
[02:26] <hallyn> heh, lua .  maybe i should try it.
[02:26] <hallyn> promising
[02:28] <sarnold> I wonder why the link hints use numbers rather than letters, that's an odd choice :(
[02:28] <hallyn> i've seen that...  
[02:29] <JanC> (there might be unfixed bugs in luakit itself, of course, but e.g. webkit-gtk & libsoup should get security updates)
[02:29] <hallyn> actually the vimium ff plugin right now does letters, but unrelated to the letters in the link.
[02:30] <hallyn> though i'm finding the link hint numbers hard to read...
[02:31] <sarnold> webkit2gtk is certainly a happier story https://launchpad.net/ubuntu/+source/webkit2gtk
[02:31] <sarnold> whether or not the webkit folks can put in the effort in finding and fixing bugs that eg firefox or google can is another question.. and how much of that work makes it to the webkit2gtk upstream is another question
[02:32] <hallyn> webkit is still apple?
[02:33] <JanC> you have the advantage that it's more obscure so less likely to be a target too though  :)
[02:33] <sarnold> apple is basically a blackbox. I'd be shocked if any of their work makes it out
[02:33] <JanC> webkit is Apple & Gnome & Qt & others maybe?
[02:34] <sarnold> alright, time to take off, have a good night :)
[02:34] <hallyn> \o
[02:36] <JanC> upstream WebKit is active enough... https://github.com/WebKit/WebKit
[02:40] <JanC> and the Gtk version is part of upstream, so essentially the browser engine gets all the same fixes as on Mac
[02:42] <JanC> and PlayStation... https://github.com/WebKit/WebKit/blob/main/Source/WebCore/PlatformPlayStation.cmake  :)
[02:46] <JanC> sarnold: so in this case Apple work in the open, it seems  :)
[02:47] <JanC> I see apple.com, igalia.com & webkit.org email addresses mostly in the recent changelogs
[02:48] <JanC> oh, and some sony.com guy
[12:17] <mdeslaur> the problem with webkit is that dependencies, including compilers, get bumped once in a while preventing updates from working on older releases. We can't currently build webkit on bionic because of that.
[12:18] <mdeslaur> so we get a couple of years, then it breaks
[18:26] <JanC> mdeslaur: don't the LTS releases get newer compilers versions?  (I know it happens with rust compilers at least...)
[18:26] <mdeslaur> yes, but that doesn't mean it's trivial to get a new libstd to go with them
[18:27] <mdeslaur> firefox has a whole shim thing to be able to build with a newer compiler but use the old libstd
[18:27] <mdeslaur> AFAIK webkit doesn't
[18:37] <mdeslaur> plus, there are other dependencies that get bumped too, like ICU for example...and it's difficult to bump library versions on a distro level since everything breaks ABI all the time
[18:38] <JanC> well, you can install versions in parallel, but that might require changes to build systems too, etc.
[18:39] <sarnold> might as well use nixos at that point
[18:39] <sarnold> or snaps :)
[18:40] <mdeslaur> then since webkit is a library that gets used by other things, those other things need to be linked with the new versions too...
[18:40] <mdeslaur> basically, this turns into a can of worms pretty fast
[18:40] <JanC> nah, snaps would result in 10 different versions being reused in 10 packages each, resulting in 100 copies  :P
[18:41] <sarnold> hahaha
[18:41] <mdeslaur> yeah but then it's Someone Else's Problem(tm)
[18:41] <mdeslaur> ;)
[18:44] <hallyn> 18:39 < sarnold> or snaps :)
[18:44] <hallyn> lol
[18:44] <sarnold> :D
[19:08] <sbeattie> hey, thanks to rust, you can have all those multiple copies/versions of libraries embedded in one binary application!
[19:08] <sbeattie> (I examined all the vendered/cargoed deps in a recent rustc build in jammy and of the ~450 built in dependencies, about 25 of them had two different versions included.)
[19:12] <JanC> ugh
[19:13] <JanC> good luck doing a security audit on that...
[19:15] <tobhe> but you don't need to because rust is immune to bugs /s
[19:16] <hallyn> \o/