Discover more from hrbrmstr's Daily Drop
Drop #356 (2023-10-19): Alternate Browser & Shell Realities
Thorium; nushell; yavascript
My spouse & I are intermittently re-watching Fringe, so I occasionally drift into thoughts of alternate universes, these days, especially since our particular timeline is fairly awful rn. But, there's more than one way to freshen up our experience on whatever Earth # this happens to be. One path for that journey is to step out of our comfort zones and use something different as a daily driver.
So, today we look at an alternative Chromium browser (that passes the sociopath test), and two alternate shells, one of which I cannot believe I haven't covered before.
This is an AI-generated summary of today's Drop.
The first section discusses the Thorium browser, a Chromium fork designed to be the fastest browser on Earth. It works on various platforms and outperforms Chromium by 8-40% through compiler optimizations and patches from various sources. It also enhances privacy, security, and usability by incorporating the best available anti-exploit technologies and additional functionalities present in Google Chrome but not available on Chromium builds.
The second section introduces Nushell, a new type of shell designed to work with structured and typed data. It offers syntax and built-ins that make it easy to work with this type of data. Nushell pipelines use structured data, allowing users to safely select, filter, and sort the same way every time. It also provides clear error messages and offers clean IDE support. The shell has a powerful plugin system that makes it easy to extend its functionalities.
Thorium (GH) is a web browser that is a fork of Chromium, the open-source project that forms the basis for Google Chrome. Named after the radioactive element number 90, Thorium aims to be “the fastest browser on Earth”. It is designed to work on a variety of platforms, including Linux, Windows, MacOS, Android, and Raspberry Pi.
It achieves speedster status (Thorium outperforms Chromium by 8-40%) by making use of compiler optimizations and patches from various sources, including popular Chromium forks such as Ungoogled Chromium, Bromite, Iridium, Brave, and Vanadium, as well as patches developed by the Thorium team and the Debian/Ubuntu package maintainers.
The browser also incorporates additional functionality that is present in Google Chrome but not available on Chromium builds. For example, it includes the Widevine module to play protected content (DRM), multimedia codecs, and plugins used in Chrome.
Thorium also aims to enhance privacy, security, and usability. It incorporates the best available anti-exploit technologies, including ASLR, DEP, JIT hardening, and SafeSEH, along with custom technologies like Safe Browsing, out-of-date plugin blocking, silent auto-update, and verified boot on Chrome OS.
macOS folks will want to head here to grab it, and you'll need to
sudo xattr -r -d com.apple.quarantine on the binary or right-click & open it in the Finder.
I won't be ditching Arc for this any time soon, but it has real promise, and the speed improvements real.
Nushell (GH) is a new type of shell that is designed to work with structured and typed data, such as arrays, tables, records, numeric/boolean types, etc. It offers syntax and built-ins that make it easy to work with this type of data. It is a non-POSIX shell, meaning that most of your regular shell knowledge (e.g., zsh, bash, ksh, etc.) can't be applied to it. Like other shells, it is both a programming language and a shell, though it has its own way of working with files, directories, websites, and more.
It was built with a simple idea: working in the shell should be a more intuitive and useful experience. It was designed to take the Unix philosophy of shells, where pipes connect simple commands together, and bring it into the modern era. The goal was to create a shell that could handle structured data, provide clear error messages, and offer clean IDE support.
Nushell solves several problems that are common with traditional shells. One of the main problems it addresses is the difficulty of working with structured data in a shell environment. Nushell pipelines use structured data, so you can safely select, filter, and sort the same way every time. This means you can stop parsing strings and start solving problems. In fact, it comes with a bonkers number of commands.
For instance, if you want to find all the known exploited vulnerabilities involving Microsoft Exchange and involved in ransomware campaigns, you can use the
http command and some pipes:
~> http get "https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv" | where knownRansomwareCampaignUse == "Known" and product == "Exchange Server" | get cveID ╭────┬────────────────╮ │ 0 │ CVE-2021-34523 │ │ 1 │ CVE-2020-0688 │ │ 2 │ CVE-2021-34473 │ │ 3 │ CVE-2021-31207 │ │ 4 │ CVE-2021-26855 │ │ 5 │ CVE-2021-26858 │ │ 6 │ CVE-2021-27065 │ │ 7 │ CVE-2021-26857 │ │ 8 │ CVE-2018-8581 │ │ 9 │ CVE-2022-41082 │ │ 10 │ CVE-2022-41040 │ │ 11 │ CVE-2022-41080 │ ╰────┴────────────────╯
| to json to the end of that command to return json vs the human-readable table output.
It has similar “data frame”-esque support for commands such as
ps (and more).
Another problem that Nushell solves is the difficulty of understanding error messages in traditional shells. Nushell operates on typed data, so it catches bugs that other shells don't. And when things break, Nushell tells you exactly where and why. It also has a powerful plugin system that makes it easy to extend its functionalities. This means you can customize Nushell to suit your specific needs.
Once again, macOS folk will need to do the
sudo xattr -r -d com.apple.quarantine dance on the downloaded components.
We can somewhat replicate the CVE example from the nushell section with yavascript:
> exec(["curl", "-s", "-o", "kev.json", "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"]); > kev.vulnerabilities .filter( d => d.knownRansomwareCampaignUse == 'Known' && d.product == 'Exchange Server' ) .map(d => d.cveID) [ "CVE-2021-34523" "CVE-2020-0688" "CVE-2021-34473" "CVE-2021-31207" "CVE-2021-26855" "CVE-2021-26858" "CVE-2021-27065" "CVE-2021-26857" "CVE-2018-8581" "CVE-2022-41082" "CVE-2022-41040" "CVE-2022-41080" ]
I say “somewhat” as network-ops in yavascript are kind of “klunky” at the moment.
It provides basic support for bash-like command shims, such as
ls(), and has an increasingly robust set of objects that help build a JS-mental model over traditional shell/filesystem/OS interactions.
However, it does lack both documentation and a robust, engaged community.
I mention it, today, since it is built on a solid foundation as a fork of QuickJS, and could be a fun project for some intrepid Drop reader to contribute to.
Unlike the Fringeverse, there's no danger of being encased in Amber if one abuses any of the items mentioned in today's Drop. ☮️
hrbrmstr's Daily Drop is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.