
Show HN: A cross platform app for mirroring the clipboard between synced devices - tiagovtristao
https://github.com/tiagovtristao/clipmir-desktop
======
bumholio
Clipboard contents is a very sensitive data stream. People copy and paste all
sorts of passwords, credit card data, command lines, confidential text etc. I
once found the domain password of a coworker in the clipboard, simply because
we were sharing a VNC session; so when I pasted the text data I immediately
recognized it as a password. If this can happen accidentally, I think logging
this data stream on the long run is equivalent to full compromise and can
spread malware or worse in the internal network.

An easy active attack I could envision is to listen on the remote clipboard
for something that looks like a long Unix or Windows command line, which the
remote user lifted from a tutorial or some such. Malware would immediately
trigger a sync event to modify the remote clipboard and insert a loader for
itself, obfuscated somewhere within that command line. So from the time you
copy to the time you paste and press enter, the machine is rooted, unless you
carefully review that command line before execution.

~~~
nodesocket
Agree, the clipboard contains a treasure trove of sensitive information.

------
anfilt
Sounds like a security issue waiting to happening.

~~~
TeMPOraL
Every interesting thing you can do with computers is a security issue waiting
to happen. The only secure computer is one that's disconnected from Internet,
turned off, encased in concrete and buried in an abandoned mine, which is then
flooded and sealed with more concrete.

Point being, while this particular implementation needs a lot more work, the
concept itself is sound.

------
RaleyField
How does you application prevent MitM attacks?

~~~
asmosoinio
Does not look like it even tries:

"The features missing to make it to a secure and stable version are:" ... "The
JSON RPC server should be serving HTTPS instead HTTP."

~~~
gruez
great, so it's an app that broadcasts your clipboard contents to all bad guys
on your network.

------
ronreiter
Nice. This is the best example I give for why Macs are great. Because they
think about these things. This is a built in functionality in the Apple
ecosystem.

~~~
pbhjpbhj
FWIW this is in KDE (via kdeconnect) too; I have it turned off. The only use
case I personally have is copying passwords. In what way do you use it?

~~~
krick
The difference is, speaking of Apple it's iPhone/iPad + Mac, which is super-
useful, I don't even know how can you ask for a use-case, since everything is
a use-case: copy anything from your phone to a computer, be it a text, an url,
phone number, quote from a book/article you were reading. And speaking of KDE,
it's just one KDE PC + another KDE PC, which is basically useless, since it's
a rare person nowadays to be walking around with a KDE PC in his pocket.

So, yeah, I kinda hate Apple (I like my stuff configurable), but I wonder more
and more how long is it until I drop other devices/OS', and buy an iPhone +
MacBook.

~~~
andmarios
No difference, it's KDE + android. Not only it has bidirectional clipboard
syncing (so copy a 2FA token from the mobile to the PC) but also other nice
features. Like if your phone is ringing, your PC will pause automatically
YouTube or play music / spotify tabs on chrome. You can control PC media (e.g.
again play music on chrome) from your phone, sync notifications uni or
bidirectional, share/browse files, use the phone as a trackpad or keyboard for
the PC, answer messages from the PC, etc.

~~~
krick
Wow, that was a stupid mistake on my part. I don't know why I was convinced it
doesn't work with Android. It is indeed really awesome.

------
krisgenre
These things keep coming now and then on HN. I built one myself[1] long time
back and this makes me wonder if there is actually a market for clipboard
mirroring.

[1]
[https://github.com/krishnaraj/oneclipboard](https://github.com/krishnaraj/oneclipboard)

~~~
nudiustertian
Pushbullet seems to be doing alright

------
xmmrm
See also:
[https://github.com/jedisct1/piknik](https://github.com/jedisct1/piknik)

------
batrat
Thank you. It's useful when I have multiple virtual machines open in my PC and
something this simple is really nice.

------
anotheryou
anything lightweight that pastes only on demand via a shortcut? i don't feel
good about syncing everything

------
coinmonks
Wana write a blog post about the this?

------
Jyaif
Encryption should be part of the MVP.

------
philliphaydon
Did this need to be an electron app??

~~~
LeoPanthera
It says right on the github page:

"Electron could be switched by native APIs since it's overkill for such a
small program."

Perhaps read before snarking.

~~~
philliphaydon
I wasn't 'snarking' I asked a question, for what it's worth I was reading this
on my Phone and didn't read the entire thing because it took too long to load
for me.

