47 comments

[ 4.2 ms ] story [ 98.8 ms ] thread
This looks great! If you want a bit more privacy, you can use https://pastery.net, the snippets can be configured to expire in a few minutes and expired snippets are deleted from the database.
Symmetric encryption would be good too.
It uses TLS over Gitlab's REST API and registers all snippets as private -- I figured this would probably be enough for a first cut.
As it supports self-hosted Gitlab I'd guess that using that is even more privacy friendly than to send it to some pastebin website and trust that operation.
This is actually the main use-case for this. At work we have machines in different environments, but they all can see the self-hosted gitlab (although not each other). This just makes it easier to get bits of config or scripts from one environment to another with not too much pain.
I do like the auto expire feature idea. (h/t StavrosK, pastery.net) I skimmed your glsnip project and didn't spot that feature.

I get that your team self hosts gitlab. Very clever. Nicely done.

Pretty much every place I've ever worked has struggled with secure, ad hoc, short-lived file transfers, both large and tiny. (eg Someone in marketing needs a data dump that's too large to sneak thru as an attachment via corporate email.)

"virtual sneaker net"

Often, we give up and just pass around a thumb drive. Ridiculous.

I don't think Gitlab does auto expiring of snippets, but I was thinking of adding `glsnip purge` to wipe the "clipboard" -- I may yet add it.

I also toyed with making some kind of a `clipit` style clipboard stack with pushing and popping and listing items on the clipboard and all that... I may add that too if there is interest...

Copy paste across all my apple devices is perhaps the most underrated killer feature of the apple ecosystem. I just wish there was a way to extend that to my Linux desktop.
If you are determined enough, you could probably recreate it. I am not too fond of committing my copied items to gitlab (even though it’s a private repo).

The beauty of apples continuity feature is that the sync happens locally over Bluetooth/WiFi and secured by the Apple ID. Nothing is sent to a remote server, and each entry has a TTL.

How do you do that - copy and paste across Apple devices, I mean?
it happens over bluetooth/wifi; on devices that are signed in with the same iCloud account.

it's automatic.

You just use ordinary copy on one device and then ordinary paste on the other.

https://support.apple.com/guide/mac-help/copy-and-paste-betw...

“To use Universal Clipboard, your devices must meet Continuity system requirements. They must also have Wi-Fi, Bluetooth, and Handoff turned on in System Preferences (on your Mac) and in Settings (on your iOS and iPadOS devices). You must be signed in with the same Apple ID on all your devices”

System requirements more or less means “hardware is new enough” (https://support.apple.com/en-us/HT204689; I think the technical reason is that it requires a specific Bluetooth version and macOS/iOS version)

Apple doesn’t say it, but I think the devices also must be on the same WiFi network and within Bluetooth range of each other.

Edit: as a consequence, if you lend your iPad to somebody for a few minutes while working on stuff you don’t want them to know about, log out of your Apple account. Without it, they can paste whatever happens to be on your clipboard.

Conversely, if you borrow someone else’s phone, don’t copy any secrets to the clipboard, even if you later replace that by something innocuous.

Completely agree. It works with media as well as text and it’s fantastic. It’s my favourite Apple feature.
I was going to mention that.

I have 2 macs for work. One for my employer, and one sent by the company I am contracted to work for.

Contract-mac is hugely locked down, requires all traffic to go through the VPN, and only allows non-VPN connections to the VPN.

Work-mac is fairly ordinary, not locked down except for anti-virus.

To get Magnet and a couple of other Apple store apps on the contract-mac, I signed in to the Apple store. Immediately, copy and paste started working across both macs. I'm not sure of the mechanism by which the clipboard was being "shared", but it felt like I'd get chewed out by contract-mac's security folks if I continued using it.

It's convenient, for sure, but could very easily be against security policy in larger enterprises.

Presumably logging into your personal account would be what’s against their policy. They should have set up an account for that computer to use. It’s also surprising that they didn’t ship it to you in a usable state.
Windows also supports copy/paste between devices, including Android phones (only some Samsung models so far).
But that's not end to end encrypted, like Apple.
It’s a killer feature until it stops working inexplicably, and the only solution is to wipe each device without restoring from a backup because Apple has no other solution to problems with iOS devices.

Source: Apple support to me when it stopped working

Untrue, you can also buy another device. This was also a solution posed to me by Apple.
Hah, you're absolutely right. I've had Apple support suggest buying new devices to me, including buying and returning after a short period where they're unable to do an advance RMA (what I like to informally call AppleCare++)
I use screen sharing on my primary mac to log into two other macs, and copy/paste works between them without the need for logging into and apple id. Also drag and drop.
Every time I evaluate moving to Linux, it's features like this (and others like easier tethering, unlock with watch, ping my phone from any of my Apple devices, etc) that cause me to stick around in the Apple world. Some of it I can recreate via available software or implement easily myself, but it seems like too much effort to achieve parity.
It would be really cool if you could always run the program in the background on both computers (systemd) and actually share clipboard content directly (as opposed to typing in cli). I might build that today if I find time.
You don't need to, just write a bash script and add it to PATH.

This isn't open source, it's CS 101.

If the machines are on the same network I usually just do this on the receiving machine:

    nc -l 1234 | pbcopy
And on the sending machine

    pbpaste | nc receiving-machine.local 1234
(where "receiving-machine.local" is the hostname or IP address of the machine you want to copy data to)

nc (netcat) is installed on macOS by default, so this works everywhere without any configuration. It's unencrypted, but on my private LAN I don't worry about people snooping.

Ha! I do the exact same thing. It’s also cross platform as well so great to hop between *nixes and say a Mac.

Another trick to send a whole directory to a local machine with no SSH access in either direction is to pipe a tarball into base64, then transport the base64 data as text (via nc or clipboard). On the destination it’s just a “base64 -d” to restore it.

(comment deleted)
Useful in CTF too ;-)
Doing tricks like this over a wireguard network adds to the magic; you get easy nat traversing, encrypted sharing with no intermediary servers.
Very nice. I find myself using slack as by paste buffer by slacking messages to/from my self. This actually turns out to be useful for transferring large files between machines as well -- especially when one of them is behind a corporate firewall.
Don't do this. Slack has/will get hacked and you will either rotate your keys or not.

I hope I don't use your services.

He never said he was transferring keys or secrets though?

I also use slack as a pastebuffer, but mostly just for links to documentation or articles.

Not doing this for anything that has security information...
You can delete the message afterwards (you can't do this automatically AFAIK). In Git, the secret will live on forever.
This depends on Gitlab, but the author still can't bring themselves to host it on Gitlab? I love Gitlab, but that's not promising...
Odd you say that - I love Gitlab too! Most of my stuff is on Gitlab.com with syncs back to Github.com. This time I thought I'd try out Github Actions, hence the Github-first drop. I'll set up a Gitlab.com sync in a bit.
Nice. I still get 2 Cmd+F on Github though. One dotfile, other one being

  $ go get github.com/bradwood/glsnip
I suppose

  $ go get gitlab.com/bradwood/glsnip
would work fine? Seemed to work here.
I had the same thought.

I love Git Lab and strongly believe it should be the default home if open source. It seems wrong to me that a proprietary product (GitHub) is where open source lives.

That said, I also just GitHub because discoverability for a new project is terrible on GitLab because of the network effect. Even contributions, where people are more motivated to find and contribute, will drop 10x by moving to Git Lab. It sucks, but we have a hard chicken and egg problem here and I don't know how we fix it.

It almost seems easier to convince Microsoft to open source GitHub than to convince millions of people to migrate in unison.

On Linux (where pbcopy and pbpaste apparently don't exist), I've been using a bash function `cb` (to copy clipboard) and `cbf` (to copy a file to a clipboard) for years. If you install xclip on your system and add this to your .bashrc you can get it too: https://gist.github.com/FreedomBen/8d4d0a89fd39c8b5a5c4d5dcf...

Luckily I added a link to where I got it, because I had long forgotten. Thanks Nathan! Nathan's blog post is excellent and should be read: https://madebynathan.com/2011/10/04/a-nicer-way-to-use-xclip...

It's rather straightforward to create .bashrc aliases on Linux to transform xclip or xsel into pbcopy and pbpaste [0]:

  alias pbcopy='xclip -selection clipboard'
  alias pbpaste='xclip -selection clipboard -o'
[0] https://superuser.com/a/288333/72342
You can do that with keybase. If you have the kbfs mounted just do `echo test >> /Volumes/keybase/private/<username>/clipboard.txt` and on the receiving machine you can see the text arriving with `tail -f /Volumes/keybase/private/<username>/clipboard.txt`

And it's e2e ecrypted by default! You can use this to make a DIY encrypted chat app in a few lines. Just write to the respective folder which is implicitly there by default i.e `echo "Hello world" >> /keybase/private/alice,bob/chat.txt` and the files is automatically encrypted with alice and bob's keys

This forum is quickly losing relevancy for me. Bullshit articles about thing that can be accomplished with 2 lines of bash make the front page now?

Just rebrand yourself as 20year-olds-read-hn-instead-of-the-docs.com and save my rss feed from the noise.

You could also use PastePals, a copy/paste buffer-based social network @gklitt and I made for the Stupid Shit Hackathon: www.pastepals.club/