I agree with the sentiment, and it would definitely make a lot of troubleshooting easier, but you do gotta remember that 99% of people are so non-technical they won’t read anything going into their terminal, or if they do, they won’t know what it means.
You could just as easily replace that with sudorm -rf /* and they’d run it just as quickly, and that’s my worry.
IMO we should just have settings menus alongside commands for most things any normal user might have to encounter, since that’s just a more user-friendly interface in terms of preventing accidental bad command execution and also just letting people find things on their own without having to look up a command every time if they don’t want to learn a short book’s worth of terminal commands.
The kind of person who blindly runs commands also blindly runs any .exe or .bat they download from github which is not any better.
Of course in an ideal world there’d be a perfect GUI for everything, and we’ve gotten a lot better at that in the last few years. But it’s not like windows is lacking in things that are only configurable through CLI or the registry (which is even more opaque). I’m not saying Linux is perfect, just pointing out the hypocrisy.
While true, copying and pasting is much easier to exploit, especially since websites can alter your clipboard. Not to mention that people are already more wary of downloadable executables, but less so for commands.
For example, I’m not sure if you saw the newer attack vector a lot of scammers are using, but essentially they’ll have a 3-step process saying “Press Win + R” and “Press Ctrl + V” then “Hit Enter”, as a fake captcha, and the site automatically copies a malicious command to their clipboard, which then gets run when they paste.
A similar attack vector could take place where a user copies a command that looks legitimate, hits paste and enter, and only then is it clear that the site copied a new command to their clipboard that isn’t the one on the site they thought they checked.
I do agree that Windows is still pretty shit in this regard though. I just think we should seek to not emulate that as a requirement for users to edit certain settings if we can help it :)
The attack vector of convincing users to do stuff exists regardless of whether a niche GUI exists somewhere to do <the thing>. The only proper defense against social engineering is a) training and b) following the least privilege principle (which neither Windows or traditional Linux desktop’s permission model properly, as the current user in either case has full permissions to retrieve extremely sensitive credentials such as browser cookies without interaction).
Trying to defend against this from the perspective of de-normalizing the CLI is like defending against drunk driving by adding a bittering agent to Guiness beer exclusively.
As for clipboard highjacking, I am well aware, which is why any decent modern terminal emulator should a) strip escape codes by default and b) support bracketed-paste, to prevent immediate execution of a pasted command. If yours does not, please consider switching to a safer alternative (such as kitty).
IMO we should just have settings menus alongside commands for most things any normal user might have to encounter, since that’s just a more user-friendly interface in terms of preventing accidental bad command execution and also just letting people find things on their own without having to look up a command every time if they don’t want to learn a short book’s worth of terminal commands.
THIS. As a lifelong Windows user I’d rather deal with layers of shitty GUI, than having to memorise terminal commands and always pay attention not to mistype them lest I fuck my system up.
I can’t switch to Linux yet due to lack of support from my essential programs, but even if it wasn’t for those, I’d still be annoyed if I had to use a terminal to change settings in my system.
I agree with the sentiment, and it would definitely make a lot of troubleshooting easier, but you do gotta remember that 99% of people are so non-technical they won’t read anything going into their terminal, or if they do, they won’t know what it means.
You could just as easily replace that with
sudo rm -rf /*and they’d run it just as quickly, and that’s my worry.IMO we should just have settings menus alongside commands for most things any normal user might have to encounter, since that’s just a more user-friendly interface in terms of preventing accidental bad command execution and also just letting people find things on their own without having to look up a command every time if they don’t want to learn a short book’s worth of terminal commands.
The kind of person who blindly runs commands also blindly runs any .exe or .bat they download from github which is not any better.
Of course in an ideal world there’d be a perfect GUI for everything, and we’ve gotten a lot better at that in the last few years. But it’s not like windows is lacking in things that are only configurable through CLI or the registry (which is even more opaque). I’m not saying Linux is perfect, just pointing out the hypocrisy.
While true, copying and pasting is much easier to exploit, especially since websites can alter your clipboard. Not to mention that people are already more wary of downloadable executables, but less so for commands.
For example, I’m not sure if you saw the newer attack vector a lot of scammers are using, but essentially they’ll have a 3-step process saying “Press Win + R” and “Press Ctrl + V” then “Hit Enter”, as a fake captcha, and the site automatically copies a malicious command to their clipboard, which then gets run when they paste.
A similar attack vector could take place where a user copies a command that looks legitimate, hits paste and enter, and only then is it clear that the site copied a new command to their clipboard that isn’t the one on the site they thought they checked.
I do agree that Windows is still pretty shit in this regard though. I just think we should seek to not emulate that as a requirement for users to edit certain settings if we can help it :)
The attack vector of convincing users to do stuff exists regardless of whether a niche GUI exists somewhere to do <the thing>. The only proper defense against social engineering is a) training and b) following the least privilege principle (which neither Windows or traditional Linux desktop’s permission model properly, as the current user in either case has full permissions to retrieve extremely sensitive credentials such as browser cookies without interaction).
Trying to defend against this from the perspective of de-normalizing the CLI is like defending against drunk driving by adding a bittering agent to Guiness beer exclusively.
As for clipboard highjacking, I am well aware, which is why any decent modern terminal emulator should a) strip escape codes by default and b) support bracketed-paste, to prevent immediate execution of a pasted command. If yours does not, please consider switching to a safer alternative (such as kitty).
THIS. As a lifelong Windows user I’d rather deal with layers of shitty GUI, than having to memorise terminal commands and always pay attention not to mistype them lest I fuck my system up.
I can’t switch to Linux yet due to lack of support from my essential programs, but even if it wasn’t for those, I’d still be annoyed if I had to use a terminal to change settings in my system.
So like KDE