Liquify aka IWarp arrived in Harmony

136 lines of additional vanilla JS code, plus some more lines for new UI elements and I have added my 32nd brush to Harmony, the procedural painting tool:

Say hello to Liquify (PS), IWarp (GIMP) or however it is called in other full blown image manipulation applications!
I probably need another name to avoid trademark infringement (Is that a felony?)

I still have to tweak some parameters and clean up my messy code a bit ( 😉 ) but it is looking good so far.

PS: Did I say that it supports alpha transparency too?

Adding Search Engines to the Vivaldi Browser (followup)

Some search engines can’t be added to Vivaldi by right-click in the search field > “Add as Seach Engine …”, but only manually. The following describes a possible method to add some of those.

If searches do not use a regular search field in the code but a custom one, they cannot be be auto-detected.

How to add such Search engines anyway?

  • Enter e.g. “test” in the search field for a site and press return
  • On the result page: Look if the word “test” is in the address bar
  • If yes: Copy the whole address.
  • If not: Maybe the search engine uses POST and you must use a different method like: How to add search engines that use POST to Vivaldi
  • Open Settings > Search > Search Engines
  • Click at the “+” in the left column to add a new search engine
  • Give it a name e.g “my search engine” and a shortcut e.g. “mine”
  • Paste the URL in the URL field
  • In the URL field, replace “test” with “%s

If you then type “mine some search terms other than test” in the URL field of the address bar and if it works:

Congratulation! You have successfully added the search engine.

If it does not work and the linked article for adding POST searches did not work too, then you might be out of luck and the search engine uses JSON API calls, which is a beast of its own and needs case by case analysis of the web page code, if it is possible at all.


  • Those custom search fields were never meant to be added as search and they might break as soon as the site changes its code.
  • The general method described above might not work for other sites, so please test if it works for you and if not, remove the search again by pressing on the “-” in the left column of the search engine editor.

Discarding Problems in Vivaldi

While testing a new Vivaldi function (which is not yet in the public builds at the time of writing), I have found a serious bug (not a real bug, but more of a serious annoyance) in connection with my Auto Discard extension:

The extension cannot recognize if tabs are tiled, i.e. 2 tabs are visible at the same time.
This is a pure Vivaldi problem because other browsers cannot tile tabs.

If I have entered something in e.g. a text field of Tab1 and set Tab2 to active, because I need to e.g. scroll Tab2 to look something up, and the extension hits while I am in Tab2, it discards the not focused Tab1.

Tab1 will be immediately reloaded (probably a Vivaldi hack to make tiling possible at all) but I lose all contents I have entered, because obviously the browser doesn’t store the full state the site is in including the entered text (which is a long standing and highly annoying chromium behavior)

There are 3 tab states:

  • active
  • passive
  • disabled

According to the tabs API I only can access active:[boolean].
(see chrome.tabs API description )

Ideally the API would return all 3 states, but that is not feasible because it would break every other extension that makes use of the activity status and expects true or false.

For me it would be fully sufficient if I could check the visibility status of the tab instead (as it is shown in vivaldi://discards ) and only hibernate hidden tabs, because the inactive tab has the status visible loaded passive, in opposition to hidden loaded hidden of normal tabs or visible loaded active of regular active tabs.

Using the Page Visibility API is no solution because
document !== tab
I know that I can see it for the document, but I can’t use it because I don’t want to inject stuff and message back to the extension.

is possible with a content script, but messaging from the background script to the content script and back again inside of chrome.tabs.query seems to be incredibly clumsy in my eyes.
Problem: AFAICS the content script acts only on the active tab …

partially solved by adding

if (tab.extData){
    let temp = JSON.parse(tab.extData);
    if ('tiling' in temp ) {

which excludes all tiled tabs from hibernation.

Please let me know in the comments, if you know a better way how this Vivaldi problem can be mitigated or circumvented.

Better Tab Stacking

Vivaldi’s tab stacks are a fiddly thing if you don’t use the window panel.

Disadvantages of the existing tab stacking solution:

  • If you have a large tab stack of maybe 60+ tabs, the tab previews can block the whole UI.
    Tab stack blocking the whole UI(VB-17414)
  • Especially in windowed mode (restored node, i.e. not maximized) the tiny indicators / drag handles violate Fitts’s law and are a PITA to grab.
    I challenge you to drag a tab out of a stack like the following on a touch screen!
    Tab stacking handles violating Fitts's law
  • The artificial delay makes stacking quite unpredictable if your tabs are already small (which is one of the reason why one might start stacking tabs in the first place).

I could go on, but these are the main problems.

A better solution

Sadly tab stacks did not get much attention lately, despite better solutions exist, like shown in the following screen recording.

Tab stacking with accordion

This is probably not the only solution, but almost anything is better than the the situation as it is now.

Benefits of an “accordion” solution:

  • The drop zones are starting at 20% from both sides, i.e. 20% non-drop, 60% drop into a stack, 20% move tabs to make space for dropping. This goes for both directions.
  • There is no artificial delay needed to avoid or enable dropping.
  • It is easy to stack tabs.
  • It is easy to add more tabs and position them in the tab stack(s) without having to open the window panel.
  • It is easy to drag a tab out of the stack again.
  • It is easy to delete a single tab from the stack without activating it first.
  • It is easy to drag a tab from one stack to another.
  • Stacks can be “opened” and expand to the full available width
  • Multiple stacks can be kept open at once.

I wonder how long we have to wait, until we get a better solution.

edit 2020-11-13:
It looks like Chromium got it before Vivaldi. It can be activated via:
Additionally the tab bar is scrollable if you activate:
Both functions work flawless in Chromium 88 and have added some nice touches to show which tabs belong to which group (colors!)
It works in the latest Edge too, but (as of today) Edge cannot collapse the groups.

First American exposed 885 MILLION full datasets. Translation of their statement to plain English

After exposing 885 MILLION full datasets title insurance records, including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images, which covers the last 16(!) years, the estate title insurance giant First American Financial Corp issued this statement:

“First American has learned of a design defect in an application that made possible unauthorized access to customer data.”
Translation: We have used a cobbled together web page which had no security audit in any way (because if we had, this would have been checked in the first place, because breaches exactly of this kind are the most common in “the industry” and happened multiple times before on other big sites. If you were logged in to their website, you needed only to manipulate the sequential number in the address bar to get access to any other account. Of course nobody expects to change one number in a 9 digit sequential number to see if there is another record. We are totally surprised! Such things were previously unheard of … NOT!
“At First American, security, privacy and confidentiality are of the highest priority and we are committed to protecting our customers’ information.”
Translation: Now that we’ve got caught with it, we try some damage control. (Damage control for the company, because the damage for the users and and for the customers of the users already happened in the past)
“The company took immediate action to address the situation and shut down external access to the application.”
Translation: We did not yet fix it, but now that we’ve got caught, we took it offline (which we wouldn’t have needed if we had a full security audit of the public facing side of our site in the first place).
“We are currently evaluating what effect, if any, this had on the security of customer information. We will have no further comment until our internal review is completed.”
Translation: We are frantically searching for someone else we can blame – preferably an outsider. Of course we know that all of the data was unencrypted facing the web and evaluate how we can get out of it, because if enough people sue us we might see a billion dollar fine. Other than that: No Comment until it’s all water under the bridge.

Other translations of other breaches would be welcome.

Edit 2019-06-03: Meanwhile New York regulators are investigating the a weakness as the first test of the state’s strict new cybersecurity regulation. That regulation, which went into effect in March 2019 and is considered among the toughest in the USA, requires financial companies to regularly audit and report on how they protect sensitive data, and provides for fines in cases where violations were reckless or willful.

Let’s hope they use it to send a strong signal and give them a decent rap on their knuckles.

Edit 2019-07-02: It seems that, according to Bloomberg, a Class Action Lawsuit was filed. That can become expensive …

Edit 2020-06-18: New York State Department of Financial Services (DFS) found, the vulnerability was discovered in a penetration test First American conducted on its own in December 2018 and they did not fix it or shut it down before it went public in May 2019. The DFS was not amused:

Respondent’s mishandling of its own customers’ data was compounded by its willful failure to remediate the Vulnerability, even after it was discovered by a penetration test in December 2018.

Source: (Page 2 at the bottom)

Edit 2021-02-14:

Penalty total since 2000: $14,145,524

… now we know what a full data set of an average First American customer is worth: 585,000,000 / 14,145,524 ≅ 2.504 ct
Source: Violation Tracker

Photo by Cytonn Photography on Unsplash

How to write a good bug report for video bugs …

… so that we have a chance to reproduce it.

In the end of the day, developers can only fix bugs they can analyze or see. This is especially valid for video bugs.

If you encounter a video bug, like e.g. video flickers, shows green or purple blotches, does not play at all, shows an error message, please fill out the form in the following way:

Affected product *: select Vivaldi browser

Type of issue *: select Problem / Defect

Summary *: This is a misnomer, it is actually the headline we see in the Bugtracker and the space is limited. A short description in one sentence. Please don’t try to make the sentence longer than absolutely needed, because everything that is too long gets cut off.

Example of a good Summary

Video on Youtube shows purple stripes / freezes / shows error message

Example of not really helpful summary

Lately, when I was visiting my grandmother and we wanted to watch videos on her Vivaldi, while the cat was sleeping on the sofa, I saw that sometimes (I hope you get the point by now, and yes, we have got such bug reports in the past)

URL where it occurred, if relevant: This is a crucial info, when it comes to video bugs. Enter the exact url to one page where the bug happens and where it always happens for you.

Example of an exact URL

Examples of unusable URLs
because those sites play videos for us just fine. We can not visit all pages of e.g. Youtube to find all of the videos that don’t work, our lifespan is not long enough for that.

You can add other exact urls in the following field:

Describe in steps how to reproduce the bug: This is the most important part. Here goes all of the information for how to trigger the bug. Split it into small chunks that we can follow step by step. Please include the video settings. Additional info goes here too. Try to format it like this and please include the dashes in front of the steps:

- open 
- switch to 1080p / 60 Hz 
  (important because the site might deliver 
   different formats on different resolutions)
- click on the fullscreen button in the video
- stop the video
- leave fullscreen again

GPU: Nvidia 1060 (important!)
Driver version: (if you know it)

Does it work in older versions of Vivaldi or other browsers?
(list here)

Settings you have changed in the browser (like hardware acceleration)
blocking extensions you use (like uBlock)
audio and video related extensions you use

If you can, try to confirm if it works with a clean profile or with the latest Snapshot. You can install it in parallel to your regular install as a Stand alone Version of Vivaldi to avoid clashes.

What did you expect to happen *: Here goes the description what should have happened when you performed the steps:

- the page should open
- the video goes to fullscreen
- the video should stop
- the video returns to normal view

What had actually happened *: Well …

After stopping the video and leaving fullscreen
the video showed purple stripes

Apart from the Email (Only used if we need to ask for info regarding this bug) * and answering the security question at the end of the form you don’t need to change the other fields if you report the bug with the Vivaldi Browser where the bug occurred, otherwise be as exact as you can.

The email address should be valid if you want to receive the automatic confirmation mail from the bug tracking system, which includes the VB-#### number. You can reply to that mail and even send attachments with additional info (if needed), some of it being the following:

Info about your video settings and GPU

  • Type vivaldi://gpu into the address-bar and hit Enter
  • Press the “Copy Report to Clipboard” button at the top
  • Open a text editor of your choice and paste it and store it as e.g. vivaldi-gpu-info.txt
  • If possible: Zip it
  • Attach it to the mail

In case of a browser or tab crash (dead bird, black or gray screen)

  • type vivaldi://about/ into the address-bar and press Enter
  • Look for the Profile Path and open that path in your OS file manager
  • In the profile folder or in the containing User Data folder should be a folder named crashpad
  • Open the reports folder inside of the crashpad folder
  • If there is a crash report with the same timestamp when the latest crash happened, zip it (if possible) and attach it to the mail
  • Please do not send any other reports that are in that folder, they are unrelated.

Some additional info in case of extensions (optional, if not too much, you can copy it into the Steps field)

  • Type vivaldi://system/ into the address-bar and hit Enter
  • Click on “expand all”
  • Copy the right column of the “extensions” row to the clipboard
  • Open a text editor of your choice and paste it and store it as e.g. vivaldi-extensions-info.txt
  • If possible: Zip it
  • Attach it to the mail

Thank You for reading through all of this! It might sound complicated and tedious, but it helps us a lot to analyze what went wrong – and we can only fix bugs we can analyze.

Thank You for your time and using Vivaldi!

(Title photo by Chris Murray on Unsplash, cropped to fit here)

This is frustrating (small things matter)

134 lines of code, 4 normal functions, 20 calls to chrome.something APIs, some of them nested, 0 const, 0 let, 0 var, 0 ESLint errors, 0 Vivaldi debugger errors.

5h wasted with refactoring and debugging because I wanted to make it run, but it didn’t want to work as I wanted and I thought I am an idiot – until I cross checked in naked Chromium.

Result: I am not an idiot.

There are at least 4 BUGS in Vivaldi’s implementation of multiple browser windows, extensions buttons and history display handling.

This is no fun.