That's nothing- run `curl <a href="https://xmppwocky.net/curlme.txt" rel="nofollow">https://xmppwocky.net/curlme.txt</a>` on, say, OS X Terminal.app (and a lot of Linux terminal emulators, too) and your terminal window will do things like steal focus, maximize and minimize repeatedly, move around the screen...<p>(don't do this on a terminal you care about! on some older versions of OS X, this would hard-lock the entire UI (for all apps, requiring a reboot or something!), but these days it's sufficient to force-quit Terminal)<p>There's some wacky stuff out there: <a href="https://www.xfree86.org/current/ctlseqs.html" rel="nofollow">https://www.xfree86.org/current/ctlseqs.html</a>
> If you less this txt file, your terminal plays a sound<p>Actually, no it does not. My less displays the bell characters as ^G instead of showing them as raw.<p>Whether you hear the bell, or simply see ^G, depends upon how you have less configured. I leave mine configured to use the caret notation for control characters (which for my version of less, is also the default).
I’ve always been curious if mangling stdout or stderr can trigger bad actions, when cat-ing a binary file I occasionally see control characters on my prompt, could I get it to somehow type ‘rm -rf /‘?
A good reminder to practice good opsec to be weary of packages that instruct you to `curl <url> | bash`. You never know what you're running.