Page 8 of 20 FirstFirst ... 67891018 ... LastLast
Results 71 to 80 of 193

Thread: Join the fight against malicious commands given to new users

  1. #71
    Join Date
    Oct 2004
    Location
    Cupertino, CA
    Beans
    5,092
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Join the fight against malicious commands given to new users

    Quote Originally Posted by kebes View Post
    May I suggest that, in addition to warning users about suspicious commands (like "sudo rm"), that everyone explains commands when providing them to new users. Yes, even safe commands, like "ls" or "find."

    If users see (quick, simple) explanations provided with helpful post (rather than just a terse "type this in a terminal"), they will be more suspicious when they see a strange command without any explanation. They will also learn what the commands do, which is very important.

    And if trolls provide "fake explanations" for what a command is doing, it's still easier for users to detect the trickery (if a troll says "rm" installs software, a quick search will contradict that, and make the user suspicious...).
    This is a great practice. I will try working it into the Forum Guidelines. (yes I'm still in a utopian state where I believe people read that document. Don't burst my bubble )
    Quote Originally Posted by tuxradar
    Linux's audio architecture is more like the layers of the Earth's crust than the network model, with lower levels occasionally erupting on to the surface, causing confusion and distress, and upper layers moving to displace the underlying technology that was originally hidden

  2. #72
    Join Date
    Jul 2007
    Location
    Gauteng, South Africa
    Beans
    248
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Join the fight against malicious commands given to new users

    Quote Originally Posted by kebes View Post
    May I suggest that, in addition to warning users about suspicious commands (like "sudo rm"), that everyone explains commands when providing them to new users. Yes, even safe commands, like "ls" or "find."

    If users see (quick, simple) explanations provided with helpful post (rather than just a terse "type this in a terminal"), they will be more suspicious when they see a strange command without any explanation. They will also learn what the commands do, which is very important.

    And if trolls provide "fake explanations" for what a command is doing, it's still easier for users to detect the trickery (if a troll says "rm" installs software, a quick search will contradict that, and make the user suspicious...).
    Agreed this will also help the new guys understand what it is that they are doing and also teach them some of the command line skills required for Linux
    The original point and click interface was The Smith & Wesson.



  3. #73
    Join Date
    Nov 2005
    Beans
    259
    Distro
    Ubuntu 7.10 Gutsy Gibbon

    Re: Join the fight against malicious commands given to new users

    Quote Originally Posted by kebes View Post
    May I suggest that, in addition to warning users about suspicious commands (like "sudo rm"), that everyone explains commands when providing them to new users. Yes, even safe commands, like "ls" or "find."
    Check it, ya'll. If you like what he says, add a quick explination of "rm" in your sig (see mine). I'm seeing a lot of sigs that say "Never use rm!" which sounds like there's something wrong with linux. rm is a perfectly good command. Let's use education, not scare tactics.

  4. #74
    Join Date
    Mar 2006
    Location
    Devon UK
    Beans
    419

    Re: Join the fight against malicious commands given to new users

    I havn't seen any malaicious posts but I've added a warning to my sig, I don't get some people I mean why screw people just for the hell of it?
    In /dev/null no one can hear the kernel panic!
    Don't EVER use sudo rm -rf / . if you don't understand a command check it out first!
    BACK UP YOUR DATA OR YOU WILL LOSE IT!!
    Supergrub - The best thing since sliced bread www.supergrubdisk.org

  5. #75
    Join Date
    May 2007
    Location
    Washington
    Beans
    909

    Re: Join the fight against malicious commands given to new users

    Made it my new sig. I've never seen any of these posts but better safe than sorry.

  6. #76
    Join Date
    Aug 2005
    Beans
    462

    Re: Join the fight against malicious commands given to new users

    i think the sticky in the Absolute Beginner forum is rubbish, go and have a look quickly at the stickys and see if sudo rm -rf stands out in a title. i bet you miss it!
    http://ubuntuforums.org/forumdisplay.php?f=73

    if you highlight don't sudo rm -rf / in a sticky title then you will see it even if only subconsciously.

    if you can make it permanently stay as the first post, just below the stickys if that's possible??, then it will be almost impossible to miss it!
    Last edited by ice60; November 21st, 2007 at 05:57 PM.
    Thanks to the forums staff for your dedication and hard work
    (the admins changed my sig to that lol )

  7. #77
    Bruce M. is offline Chocolate Ubuntu Mocha Blend
    Join Date
    Sep 2007
    Beans
    Hidden!

    Re: Join the fight against malicious commands given to new users

    Count me in!

    I stripped my signature of everything personal and changed it to:

    Education is the best form of defence!

  8. #78
    Join Date
    Jan 2007
    Location
    Houston, TX
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Join the fight against malicious commands given to new users

    Again, not trying to beat a dead horse here, but are you sure calling "sudo rm -rf" malicious is a good thing to instill in a new user to linux. sudo rm -rf is not malicious, but can be dangerous if you don't know what you are doing. Telling someone not to ever sudo rm -rf doesn't seem like the right approach... Its probably been too long since I've been a new user of an OS to understand the viewpoint, but knowing how many times I've used that command for very productive reasons makes me think its a bad choice in teaching.

    so, if I were to post a productive script on the forums which made use of rm -rf, would I get banned???

    I could tell someone how to edit their sudoers file so everything they run in sudo is executed without being prompted for a password, or how to sudo vi something, then shell out and get a root prompt. (a behaviour ubuntu is subject to out of the box.) All those things COULD be used maliciously, but they are NOT malicious.

    Finally, from the example on the beginners page.. mkfs..
    From MAN pages:

    NAME
    mkfs - build a Linux file system
    mkfs, is a part of how you setup drives in Linux!! If I were to make a post detailing mkfs, and they still blew up one of their drives, would I get banned?? Was I being malicious because I tried to show someone how to use mkfs and they blindly used the command?? There are a lot of users that just cut and paste code under a thread name they are looking for. THAT is the behavior it seems we sould be working to curb. Even apt-get, the most commonly quoted command in the forums, could be scripted and used maliciously.

    Teaching people what these commands mean, and what they can do rather than discouraging their use seems like a much more educational approach.

    Any script I write, whether it be in C, Korn, Bash, perl, Windows shell or vbs, I put comments before each command or set of commands explaning what each component is doing. You will never see a script I wrote posted any other way.

    I guess I'm just saying, there are better ways to prevent malicious intent than blacklisting common system commands. If you want to get Linux to catch on, making people afraid of CLI commands is not the way to do it.
    Last edited by toupeiro; November 21st, 2007 at 07:52 PM.
    "Its easy to come up with new ideas, the hard part is letting go of what worked for you two years ago, but will soon be out of date." -Roger von Oech

  9. #79
    Join Date
    May 2006
    Beans
    379

    Re: Join the fight against malicious commands given to new users

    *posting to see signature*

    edit

    much better
    Cya!

  10. #80
    Join Date
    Apr 2006
    Location
    The Netherlands
    Beans
    21
    Distro
    Ubuntu Karmic Koala (testing)

    Re: Join the fight against malicious commands given to new users

    Good idea, added to sig.

    But we should maybe not focus too much on 'rm -rf'. There are loads of other dangerous commands like dd...

Page 8 of 20 FirstFirst ... 67891018 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •