> Either way, you want to generally avoid C-c for copy in terminals because it's already bound to the all important "send sigterm signal to foreground process". This is on a long list of ancient cruft that exists in terminal emulators and shells.
stty intr ^X
Then ctrl-c will no longer bother you, and your muscle memory will quickly adapt as X is very close to C
> This may work if you only stick with very popular makes/models, since they would have a higher chance of being 'noticed' for doing something wrong
Security is in the spotlight, not in the shadows
Prefer tools that everyone else uses, unless you have a very compelling reason not to (windows: too many 0 days, complexity, and surface of attack ; wifi: too easy to start a rogue network)
Because when these popular tools get hacked, you will know it. I keep an eye on rogue firmware. I have not seen a real world threat yet, but I do expect spear fishing attacks for people involved in crypto (fortunately, not for us just writing software)
Employees can be a threat, yes. Ideally, the ports to connect data should be non standard - or just glued shut. Or have no employee!
The problem with stuxnet was that non dedicated thumbdrive brought in the worm. Also their equipment was networked. Bad idea. If data must be exchanged, use unidirectional links. Good old serial ports, with only TX or RX wired (Edit: I do not think centrifuges need a full ethernet stack. Depending on high level abstractions like TCP/IP for simple operations comes at a cost)
My model is not perfect safety, but if it take something the scale of stuxnet to attack, I feel safe enough.
I laughed when the recent spectre and meltdown exploits were revealed, because the good old airgap model meant I did not have to care.
The problem of optical drives is the size limit and the time to make them.
They can contain malicious code just as well as a thumbdrive. The concern with USB is the firmware, and the thumbdrive pretending to be a HID device or having an extra partition with malicious code.
Purchasing many similar drives of a well known brand in a random supermarket is a reasonable alternative.
Just keep them for 1 year before using them, in case an exploit becomes popular - but this is extremely paranoid.
The only valid safety model is airgapped computers, stripped of any networking equipment, fed data only using dedicated thumbdrives coming from another computer running a different OS
stty intr ^X
Then ctrl-c will no longer bother you, and your muscle memory will quickly adapt as X is very close to C