2044: "Sandboxing Cycle"

This forum is for the individual discussion thread that goes with each new comic.

Moderators: Moderators General, Prelates, Magistrates

Hiferator
Posts: 82
Joined: Fri Feb 15, 2013 8:23 am UTC

2044: "Sandboxing Cycle"

Postby Hiferator » Mon Sep 10, 2018 8:28 am UTC

Image
Title text: All I want is a secure system where it's easy to do anything I want. Is that so much to ask?

Last time I had this problem, was when I wanted cups-PDF to post-process a "printed" file to send it to a server and run a print command there and appguard was preventing that. Never got that to work and now the use-case went away.

(Created with chridd's xkcd thread formatter.)

User avatar
rhomboidal
Posts: 791
Joined: Wed Jun 15, 2011 5:25 pm UTC
Contact:

Re: 2044: "Sandboxing Cycle"

Postby rhomboidal » Mon Sep 10, 2018 10:41 am UTC

Building sandcastles is fun, but so is flooding them.

Eianz
Posts: 5
Joined: Wed Sep 05, 2018 6:54 am UTC

Re: 2044: "Sandboxing Cycle"

Postby Eianz » Mon Sep 10, 2018 11:24 am UTC

Totally agreed with the Hiferator, It takes tiring amount of time and effort to reach perfection especially something secure with the ability to deliver results

Monster_user
Posts: 9
Joined: Mon Nov 29, 2010 2:35 am UTC

Re: 2044: "Sandboxing Cycle"

Postby Monster_user » Mon Sep 10, 2018 1:51 pm UTC

Is this where the "romance" part of the comic comes in to play?
xkcd "A webcomic of romance, sarcasm, math, and language."

User avatar
cellocgw
Posts: 1956
Joined: Sat Jun 21, 2008 7:40 pm UTC

Re: 2044: "Sandboxing Cycle"

Postby cellocgw » Mon Sep 10, 2018 2:36 pm UTC

Reminds me of the parable of the inventor with many pockets, who starts by selling his king an invention for a bulletproof wall. Next pocket, he sells the king a new gun to pierce that wall. Then he tries to sell an invention for a better wall, ... and the king pays him one gold piece for each pocket he has in his coat (except one which contains snuff), has him executed, and makes inventing a capital crime.
Dang me if I can't find a link on the web!
https://app.box.com/witthoftresume
Former OTTer
Vote cellocgw for President 2020. #ScienceintheWhiteHouse http://cellocgw.wordpress.com
"The Planck length is 3.81779e-33 picas." -- keithl
" Earth weighs almost exactly π milliJupiters" -- what-if #146, note 7

qvxb
Posts: 159
Joined: Mon Sep 19, 2016 10:20 pm UTC

Re: 2044: "Sandboxing Cycle"

Postby qvxb » Mon Sep 10, 2018 4:36 pm UTC

The sandboxing cycle requires an initiator and maintainer. This is known as the military-industrial complex.

User avatar
da Doctah
Posts: 929
Joined: Fri Feb 03, 2012 6:27 am UTC

Re: 2044: "Sandboxing Cycle"

Postby da Doctah » Mon Sep 10, 2018 5:26 pm UTC

The problem with sandboxing is a couple of times a week you have to clean out the cat poop.

SuicideJunkie
Posts: 345
Joined: Sun Feb 22, 2015 2:40 pm UTC

Re: 2044: "Sandboxing Cycle"

Postby SuicideJunkie » Mon Sep 10, 2018 5:49 pm UTC

da Doctah wrote:The problem with sandboxing is a couple of times a week you have to clean out the cat poop.
In many cases, you can configure your load balancer to automatically delete and replace the defecative clusters as they drop out of service.

User avatar
Sableagle
Ormurinn's Alt
Posts: 1935
Joined: Sat Jun 13, 2015 4:26 pm UTC
Location: The wrong side of the mirror
Contact:

Re: 2044: "Sandboxing Cycle"

Postby Sableagle » Mon Sep 10, 2018 6:16 pm UTC

da Doctah wrote:The problem ... is ... the cat poop.

qvxb wrote:This is known as the military-industrial complex.

:mrgreen:
Oh, Willie McBride, it was all done in vain.

User avatar
JohnTheWysard
Posts: 102
Joined: Sun Feb 10, 2008 2:38 am UTC

Re: 2044: "Sandboxing Cycle"

Postby JohnTheWysard » Mon Sep 10, 2018 8:56 pm UTC

It's not only a good metaphor for software development, of course. The image works just as well for the evolution of eukaryotic organelles, or for corporate expansions and mergers, or for social cliques.

And the bugs and unforeseen problems apply to all of them!

Moon-Possum
Posts: 1
Joined: Mon Sep 10, 2018 9:36 pm UTC

Re: 2044: "Sandboxing Cycle"

Postby Moon-Possum » Mon Sep 10, 2018 9:40 pm UTC

So the ::ng-deep cominator argument continues at pace with those who see only security vs accessibility missing the conceptual responsibilities for the dogma.
Last edited by Moon-Possum on Tue Sep 11, 2018 3:03 am UTC, edited 1 time in total.

Mikeski
Posts: 1044
Joined: Sun Jan 13, 2008 7:24 am UTC
Location: Minnesota, USA

Re: 2044: "Sandboxing Cycle"

Postby Mikeski » Tue Sep 11, 2018 12:14 am UTC

Monster_user wrote:Is this where the "romance" part of the comic comes in to play?
xkcd "A webcomic of romance, sarcasm, math, and language."

Nope, this one is sarcasm.

Which arrow represents the sarcasm depends on where in the design cycle you work.

Paulmichael
Posts: 39
Joined: Wed Jul 29, 2009 7:06 am UTC

Re: 2044: "Sandboxing Cycle"

Postby Paulmichael » Tue Sep 11, 2018 5:59 am UTC

Heh, today's title text has an almost identical ending as today's SMBC: http://www.smbc-comics.com/comic/the-problem

x7eggert
Posts: 97
Joined: Tue May 13, 2014 6:55 pm UTC

Re: 2044: "Sandboxing Cycle"

Postby x7eggert » Tue Sep 11, 2018 10:43 am UTC

SuicideJunkie wrote:
da Doctah wrote:The problem with sandboxing is a couple of times a week you have to clean out the cat poop.
In many cases, you can configure your load balancer to automatically delete and replace the defecative clusters as they drop out of service.

The out-of-service clusters are those that do not drop through the sieve.

User avatar
Soupspoon
You have done something you shouldn't. Or are about to.
Posts: 3726
Joined: Thu Jan 28, 2016 7:00 pm UTC
Location: 53-1

Re: 2044: "Sandboxing Cycle"

Postby Soupspoon » Tue Sep 11, 2018 11:16 am UTC

Data Security, I have always maintained, is both stopping those who should not have it¹ from having it and making sure that those who should have it are not deprived of it. It's amazing how many people forget that, being in the "three factor login" camp and forgetting about possible loss of the vital smartcard(/arguably more vital fingerprints/iris/voice-pattern) or just plain forget a password/passphrase/PIN; or they're in the other camp and "Have backups! Loads of backups! Everywhere!".

Which sort of analogues to this comic, if you flesh out my own philosophy marginally.

(And it also reminds me how I'm a lot less studious about avoiding various pitfalls in my personal arrangements than I'm likely to be pontificating towards others about their own handling methods.)

¹ Or them…? ;)

User avatar
orthogon
Posts: 3006
Joined: Thu May 17, 2012 7:52 am UTC
Location: The Airy 1830 ellipsoid

Re: 2044: "Sandboxing Cycle"

Postby orthogon » Tue Sep 11, 2018 11:38 am UTC

Soupspoon wrote:Data Security, I have always maintained, is both stopping those who should not have it from having it and making sure that those who should have it are not deprived of it.

In practice, more often than not, it's the exact opposite: make access difficult or impossible for those who should have access, whilst imposing no significant obstacle to those who shouldn't. (It's even more true for security measures in meatspace).
xtifr wrote:... and orthogon merely sounds undecided.

User avatar
Soupspoon
You have done something you shouldn't. Or are about to.
Posts: 3726
Joined: Thu Jan 28, 2016 7:00 pm UTC
Location: 53-1

Re: 2044: "Sandboxing Cycle"

Postby Soupspoon » Tue Sep 11, 2018 12:05 pm UTC

Aye, I've seen that. Though I remember that one of the last SOPs I edited in one job involved the procedure on what to do when people with high access were departing the company, and I made sure it would be as difficult as possible for me to cause a problem upon leaving, from the moment that was confirmed.

(Wouldn't have prevented malice-aforethought prior to that clinch-point, but if I had been thoughting malice-afore then I could have just not written such a strict rewrite of the document, so I left happy/smug/inconvenienced enough!)

E_H
Posts: 29
Joined: Fri May 06, 2011 9:16 pm UTC

Re: 2044: "Sandboxing Cycle"

Postby E_H » Tue Sep 11, 2018 2:42 pm UTC

Title text: All I want is a secure system where it's easy to do anything I want. Is that so much to ask?[/quote]


DWIM [Do What I Mean] 1. adj. Able to guess, sometimes even correctly, what result was intended when provided with bogus input. Often suggested in jest as a desired feature for a complex program. A related term, more often seen as a verb, is DTRT (Do The Right Thing). 2. n. The INTERLISP function that attempts to accomplish this feat by correcting many of the more common errors. See HAIRY. - jargon.txt / MIT c. 1988


Warren Teitelman originally wrote DWIM to fix his typos and spelling errors, so it was somewhat idiosyncratic to his style, and would often make hash of anyone else's typos if they were stylistically different. Some victims of DWIM thus claimed that the acronym stood for `Damn Warren's Infernal Machine!'.

In one notorious incident, Warren added a DWIM feature to the command interpreter used at Xerox PARC. One day another hacker there typed `delete *$' to free up some disk space. (The editor there named backup files by appending `$' to the original file name, so he was trying to delete any backup files left over from old editing sessions.) It happened that there weren't any editor backup files, so DWIM helpfully reported `*$ not found, assuming you meant 'delete *'.' It then started to delete all the files on the disk! The hacker managed to stop it with a Vulcan nerve pinch after only a half dozen or so files were lost. The disgruntled victim later said he had been sorely tempted to go to Warren's office, tie Warren down in his chair in front of his workstation, and then type `delete *$' twice.

DWIM is often suggested in jest as a desired feature for a complex program; it is also occasionally described as the single instruction the ideal computer would have. Back when proofs of program correctness were in vogue, there were also jokes about `DWIMC' (Do What I Mean, Correctly). A related term, more often seen as a verb, is DTRT (Do The Right Thing); see {RightThing} . -Eric S. Raymond, The New Hacker's Dictionary(1991)


The best computer interface is a graduate student, as professors well know. But real security? There's probably an impossibility proof out there.

rmsgrey
Posts: 3481
Joined: Wed Nov 16, 2011 6:35 pm UTC

Re: 2044: "Sandboxing Cycle"

Postby rmsgrey » Tue Sep 11, 2018 5:55 pm UTC

E_H wrote:
Title text: All I want is a secure system where it's easy to do anything I want. Is that so much to ask?[/quote]


DWIM [Do What I Mean] 1. adj. Able to guess, sometimes even correctly, what result was intended when provided with bogus input. Often suggested in jest as a desired feature for a complex program. A related term, more often seen as a verb, is DTRT (Do The Right Thing). 2. n. The INTERLISP function that attempts to accomplish this feat by correcting many of the more common errors. See HAIRY. - jargon.txt / MIT c. 1988


Warren Teitelman originally wrote DWIM to fix his typos and spelling errors, so it was somewhat idiosyncratic to his style, and would often make hash of anyone else's typos if they were stylistically different. Some victims of DWIM thus claimed that the acronym stood for `Damn Warren's Infernal Machine!'.

In one notorious incident, Warren added a DWIM feature to the command interpreter used at Xerox PARC. One day another hacker there typed `delete *$' to free up some disk space. (The editor there named backup files by appending `$' to the original file name, so he was trying to delete any backup files left over from old editing sessions.) It happened that there weren't any editor backup files, so DWIM helpfully reported `*$ not found, assuming you meant 'delete *'.' It then started to delete all the files on the disk! The hacker managed to stop it with a Vulcan nerve pinch after only a half dozen or so files were lost. The disgruntled victim later said he had been sorely tempted to go to Warren's office, tie Warren down in his chair in front of his workstation, and then type `delete *$' twice.

DWIM is often suggested in jest as a desired feature for a complex program; it is also occasionally described as the single instruction the ideal computer would have. Back when proofs of program correctness were in vogue, there were also jokes about `DWIMC' (Do What I Mean, Correctly). A related term, more often seen as a verb, is DTRT (Do The Right Thing); see {RightThing} . -Eric S. Raymond, The New Hacker's Dictionary(1991)


The best computer interface is a graduate student, as professors well know. But real security? There's probably an impossibility proof out there.


Yeah, the DWIM should include a "but double-check if it seems surprising or expensive" - the "Are you quite sure you want the troops to launch a frontal assault on the heavily fortified position without stopping to pick up weapons first, sir?" approach to following orders...

SuicideJunkie
Posts: 345
Joined: Sun Feb 22, 2015 2:40 pm UTC

Re: 2044: "Sandboxing Cycle"

Postby SuicideJunkie » Tue Sep 11, 2018 5:55 pm UTC

The best non-destructive way to secure a computer is to power it off. And that doesn't help against those with physical access.
If you want to fully secure a system theoretically, you need to drop the entire thing into a black hole. And we won't really know if that is secure until the quantum mechanics / relativity interactions are settled.

User avatar
Soupspoon
You have done something you shouldn't. Or are about to.
Posts: 3726
Joined: Thu Jan 28, 2016 7:00 pm UTC
Location: 53-1

Re: 2044: "Sandboxing Cycle"

Postby Soupspoon » Tue Sep 11, 2018 9:11 pm UTC

The inward bandwidth will sky-rocket! (Better make it an asynchronous connection and forget all about sending ACKs, though.)


Return to “Individual XKCD Comic Threads”

Who is online

Users browsing this forum: Exabot [Bot] and 33 guests