Pastejacking:
Had an awful roomie that used to do that.
[note sarcasm]
The default Mac terminal warns users when theyāre pasting commands that have a carriage return, and gives them the option of removing it. This seems like a good countermeasure to me
Wonāt do much about simicolons or the other fun methods to make one-liners, but I guess it does help prevent it from just runningā¦ so long as you havenāt seen too many of those warnings and just gotten used to bypassing it.
On the bright side, this is at least more preventable than the old āmess with someone using voice commands by shouting ārm -rf /āā. Easiest thing is to copy any command first into a text editor before running it. And after all, you ought to be documenting what commands youāre running so you can refer back to it laterā¦ right?
Thereās a very old joke that one of the last things you want to hear from your sysadmin is āI found these instructions on the internet. Letās run them and see if it worksā¦ā
There is a simple workaround: ctrl+c the text on the website, then ctrl+v onto a text file, to make sure you are really getting what you intend. Then copypasta from the text file into your terminal. It isnāt the most elegant workaround, but itās one that I already use when Iām copypasta-ing text from a website or PDF into a word document or something similar where it will try to copy all the formatting, font, etc., and I only want the text itself.
This is a good strategy for links in emails or anywhere else you canāt mouseover to preview the URL.
Plain text and bare bones text editors do not get enough love, from regular folks. I know the hardcore love them, and have religious wars about which is superior.
I habitually do that as well. Even tho current incarnations of M$w0rd have a format stripper built into CTRL+V options, which will keep, strip or merge formatting.
I still use notepad on M$ to both strip any errant formatting and to cut it up for later use. In all my years, I have never CTRL+C ā CTRL+V a console command. That just begs to have yourself p0wnd - click and clipboard hijacking predates CSS by quite some time, as long as there has been a clipboard, there have been ways to abuse it. CSS just gives some a layer of abstraction to make things like this easier to write.
The FA discusses the possibility of embedding vim macros that execute malicious code in pastebombs, specifically to attack this countermeasure.
just a heads up: javascript copy and paste hijacking predates the css trick and was discussed in some length in the last thread on this subject.
Just have to tell users to pipe the output of curl from an http source to bash to avoid the risks of cut/paste.
Thatās why you should always use pico.
Which is why you should always use nano. 
Letās not unleash another pico vs nano text editor holy war.
I was enjoying Sarah Jeongās reporting on the Google v. Oracle lawsuit yesterday (and everyone else should be following her take as well, methinks), and at some point the court requested reading materials be made available to the jury. But when I say āreading materialsā, I mean, among other things, the source code of java.
just gonna let that settle in a touch
Itās only like 15 million lines of code, but whatevs.
also, nano is clearly the best. I mean, nobody even knows wtf emacs is
Iāve been following Sarah Jeongās reporting for a while, her play-by-play on Google v Oracleās been great. Sadly, her article about the foundering nerds in the trial that got posted here was badly misunderstood in the comments.
emacs is hard to define since itās not so much a text editor as a different undefinable thing. nano is fairly good, except that itās not the best editor: pico.
You should checkout PureText.
Just copy/cut whatever you want to the clipboard, click on the PureText tray icon, and then paste to any application. Better yet, you can configure a hot-key to convert and paste the text for you. The pasted text will be pure and free from all formatting.
Iāve been using it for years.
At least it would be a small war.
On a Mac you can do shift-opt-cmd-v to paste without formatting, though itās not a very easy key combo.
Nonsense. Itās a pre-GUI environment that also happens to be a text editor. Or: Itās a spatula, a can opener, and a waffle iron.
