this post was submitted on 01 Jan 2026
1094 points (98.4% liked)

Microblog Memes

9999 readers
2657 users here now

A place to share screenshots of Microblog posts, whether from Mastodon, tumblr, ~~Twitter~~ X, KBin, Threads or elsewhere.

Created as an evolution of White People Twitter and other tweet-capture subreddits.

Rules:

  1. Please put at least one word relevant to the post in the post title.
  2. Be nice.
  3. No advertising, brand promotion or guerilla marketing.
  4. Posters are encouraged to link to the toot or tweet etc in the description of posts.

Related communities:

founded 2 years ago
MODERATORS
ReadyUser31@lemmy.world
aeronmelon@lemmy.world
needanke@feddit.org
1094
It's probably not reasonable to expect this to improve in 2026. (media.piefed.world)
submitted 1 day ago by The_Picard_Maneuver@piefed.world to c/microblogmemes@lemmy.world
226 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[โ€“] AmbitiousProcess@piefed.social 2 points 4 hours ago (1 children)

While true, copying and pasting is much easier to exploit, especially since websites can alter your clipboard. Not to mention that people are already more wary of downloadable executables, but less so for commands.

For example, I'm not sure if you saw the newer attack vector a lot of scammers are using, but essentially they'll have a 3-step process saying "Press Win + R" and "Press Ctrl + V" then "Hit Enter", as a fake captcha, and the site automatically copies a malicious command to their clipboard, which then gets run when they paste.

A similar attack vector could take place where a user copies a command that looks legitimate, hits paste and enter, and only then is it clear that the site copied a new command to their clipboard that isn't the one on the site they thought they checked.

I do agree that Windows is still pretty shit in this regard though. I just think we should seek to not emulate that as a requirement for users to edit certain settings if we can help it :)

[โ€“] azertyfun@sh.itjust.works 3 points 2 hours ago

The attack vector of convincing users to do stuff exists regardless of whether a niche GUI exists somewhere to do . The only proper defense against social engineering is a) training and b) following the least privilege principle (which neither Windows or traditional Linux desktop's permission model properly, as the current user in either case has full permissions to retrieve extremely sensitive credentials such as browser cookies without interaction).

xkcd 1200

Trying to defend against this from the perspective of de-normalizing the CLI is like defending against drunk driving by adding a bittering agent to Guiness beer exclusively.

As for clipboard highjacking, I am well aware, which is why any decent modern terminal emulator should a) strip escape codes by default and b) support bracketed-paste, to prevent immediate execution of a pasted command. If yours does not, please consider switching to a safer alternative (such as kitty).