Page 1 of 1

2044: "Sandboxing Cycle"

Posted: Mon Sep 10, 2018 8:28 am UTC
by Hiferator
Image
Title text: All I want is a secure system where it's easy to do anything I want. Is that so much to ask?

Last time I had this problem, was when I wanted cups-PDF to post-process a "printed" file to send it to a server and run a print command there and appguard was preventing that. Never got that to work and now the use-case went away.

(Created with chridd's xkcd thread formatter.)

Re: 2044: "Sandboxing Cycle"

Posted: Mon Sep 10, 2018 10:41 am UTC
by rhomboidal
Building sandcastles is fun, but so is flooding them.

Re: 2044: "Sandboxing Cycle"

Posted: Mon Sep 10, 2018 11:24 am UTC
by Eianz
Totally agreed with the Hiferator, It takes tiring amount of time and effort to reach perfection especially something secure with the ability to deliver results

Re: 2044: "Sandboxing Cycle"

Posted: Mon Sep 10, 2018 1:51 pm UTC
by Monster_user
Is this where the "romance" part of the comic comes in to play?
xkcd "A webcomic of romance, sarcasm, math, and language."

Re: 2044: "Sandboxing Cycle"

Posted: Mon Sep 10, 2018 2:36 pm UTC
by cellocgw
Reminds me of the parable of the inventor with many pockets, who starts by selling his king an invention for a bulletproof wall. Next pocket, he sells the king a new gun to pierce that wall. Then he tries to sell an invention for a better wall, ... and the king pays him one gold piece for each pocket he has in his coat (except one which contains snuff), has him executed, and makes inventing a capital crime.
Dang me if I can't find a link on the web!

Re: 2044: "Sandboxing Cycle"

Posted: Mon Sep 10, 2018 4:36 pm UTC
by qvxb
The sandboxing cycle requires an initiator and maintainer. This is known as the military-industrial complex.

Re: 2044: "Sandboxing Cycle"

Posted: Mon Sep 10, 2018 5:26 pm UTC
by da Doctah
The problem with sandboxing is a couple of times a week you have to clean out the cat poop.

Re: 2044: "Sandboxing Cycle"

Posted: Mon Sep 10, 2018 5:49 pm UTC
by SuicideJunkie
da Doctah wrote:The problem with sandboxing is a couple of times a week you have to clean out the cat poop.
In many cases, you can configure your load balancer to automatically delete and replace the defecative clusters as they drop out of service.

Re: 2044: "Sandboxing Cycle"

Posted: Mon Sep 10, 2018 6:16 pm UTC
by Sableagle
da Doctah wrote:The problem ... is ... the cat poop.

qvxb wrote:This is known as the military-industrial complex.

:mrgreen:

Re: 2044: "Sandboxing Cycle"

Posted: Mon Sep 10, 2018 8:56 pm UTC
by JohnTheWysard
It's not only a good metaphor for software development, of course. The image works just as well for the evolution of eukaryotic organelles, or for corporate expansions and mergers, or for social cliques.

And the bugs and unforeseen problems apply to all of them!

Re: 2044: "Sandboxing Cycle"

Posted: Mon Sep 10, 2018 9:40 pm UTC
by Moon-Possum
So the ::ng-deep cominator argument continues at pace with those who see only security vs accessibility missing the conceptual responsibilities for the dogma.

Re: 2044: "Sandboxing Cycle"

Posted: Tue Sep 11, 2018 12:14 am UTC
by Mikeski
Monster_user wrote:Is this where the "romance" part of the comic comes in to play?
xkcd "A webcomic of romance, sarcasm, math, and language."

Nope, this one is sarcasm.

Which arrow represents the sarcasm depends on where in the design cycle you work.

Re: 2044: "Sandboxing Cycle"

Posted: Tue Sep 11, 2018 5:59 am UTC
by Paulmichael
Heh, today's title text has an almost identical ending as today's SMBC: http://www.smbc-comics.com/comic/the-problem

Re: 2044: "Sandboxing Cycle"

Posted: Tue Sep 11, 2018 10:43 am UTC
by x7eggert
SuicideJunkie wrote:
da Doctah wrote:The problem with sandboxing is a couple of times a week you have to clean out the cat poop.
In many cases, you can configure your load balancer to automatically delete and replace the defecative clusters as they drop out of service.

The out-of-service clusters are those that do not drop through the sieve.

Re: 2044: "Sandboxing Cycle"

Posted: Tue Sep 11, 2018 11:16 am UTC
by Soupspoon
Data Security, I have always maintained, is both stopping those who should not have it¹ from having it and making sure that those who should have it are not deprived of it. It's amazing how many people forget that, being in the "three factor login" camp and forgetting about possible loss of the vital smartcard(/arguably more vital fingerprints/iris/voice-pattern) or just plain forget a password/passphrase/PIN; or they're in the other camp and "Have backups! Loads of backups! Everywhere!".

Which sort of analogues to this comic, if you flesh out my own philosophy marginally.

(And it also reminds me how I'm a lot less studious about avoiding various pitfalls in my personal arrangements than I'm likely to be pontificating towards others about their own handling methods.)

¹ Or them…? ;)

Re: 2044: "Sandboxing Cycle"

Posted: Tue Sep 11, 2018 11:38 am UTC
by orthogon
Soupspoon wrote:Data Security, I have always maintained, is both stopping those who should not have it from having it and making sure that those who should have it are not deprived of it.

In practice, more often than not, it's the exact opposite: make access difficult or impossible for those who should have access, whilst imposing no significant obstacle to those who shouldn't. (It's even more true for security measures in meatspace).

Re: 2044: "Sandboxing Cycle"

Posted: Tue Sep 11, 2018 12:05 pm UTC
by Soupspoon
Aye, I've seen that. Though I remember that one of the last SOPs I edited in one job involved the procedure on what to do when people with high access were departing the company, and I made sure it would be as difficult as possible for me to cause a problem upon leaving, from the moment that was confirmed.

(Wouldn't have prevented malice-aforethought prior to that clinch-point, but if I had been thoughting malice-afore then I could have just not written such a strict rewrite of the document, so I left happy/smug/inconvenienced enough!)

Re: 2044: "Sandboxing Cycle"

Posted: Tue Sep 11, 2018 2:42 pm UTC
by E_H
Title text: All I want is a secure system where it's easy to do anything I want. Is that so much to ask?[/quote]


DWIM [Do What I Mean] 1. adj. Able to guess, sometimes even correctly, what result was intended when provided with bogus input. Often suggested in jest as a desired feature for a complex program. A related term, more often seen as a verb, is DTRT (Do The Right Thing). 2. n. The INTERLISP function that attempts to accomplish this feat by correcting many of the more common errors. See HAIRY. - jargon.txt / MIT c. 1988


Warren Teitelman originally wrote DWIM to fix his typos and spelling errors, so it was somewhat idiosyncratic to his style, and would often make hash of anyone else's typos if they were stylistically different. Some victims of DWIM thus claimed that the acronym stood for `Damn Warren's Infernal Machine!'.

In one notorious incident, Warren added a DWIM feature to the command interpreter used at Xerox PARC. One day another hacker there typed `delete *$' to free up some disk space. (The editor there named backup files by appending `$' to the original file name, so he was trying to delete any backup files left over from old editing sessions.) It happened that there weren't any editor backup files, so DWIM helpfully reported `*$ not found, assuming you meant 'delete *'.' It then started to delete all the files on the disk! The hacker managed to stop it with a Vulcan nerve pinch after only a half dozen or so files were lost. The disgruntled victim later said he had been sorely tempted to go to Warren's office, tie Warren down in his chair in front of his workstation, and then type `delete *$' twice.

DWIM is often suggested in jest as a desired feature for a complex program; it is also occasionally described as the single instruction the ideal computer would have. Back when proofs of program correctness were in vogue, there were also jokes about `DWIMC' (Do What I Mean, Correctly). A related term, more often seen as a verb, is DTRT (Do The Right Thing); see {RightThing} . -Eric S. Raymond, The New Hacker's Dictionary(1991)


The best computer interface is a graduate student, as professors well know. But real security? There's probably an impossibility proof out there.

Re: 2044: "Sandboxing Cycle"

Posted: Tue Sep 11, 2018 5:55 pm UTC
by rmsgrey
E_H wrote:
Title text: All I want is a secure system where it's easy to do anything I want. Is that so much to ask?[/quote]


DWIM [Do What I Mean] 1. adj. Able to guess, sometimes even correctly, what result was intended when provided with bogus input. Often suggested in jest as a desired feature for a complex program. A related term, more often seen as a verb, is DTRT (Do The Right Thing). 2. n. The INTERLISP function that attempts to accomplish this feat by correcting many of the more common errors. See HAIRY. - jargon.txt / MIT c. 1988


Warren Teitelman originally wrote DWIM to fix his typos and spelling errors, so it was somewhat idiosyncratic to his style, and would often make hash of anyone else's typos if they were stylistically different. Some victims of DWIM thus claimed that the acronym stood for `Damn Warren's Infernal Machine!'.

In one notorious incident, Warren added a DWIM feature to the command interpreter used at Xerox PARC. One day another hacker there typed `delete *$' to free up some disk space. (The editor there named backup files by appending `$' to the original file name, so he was trying to delete any backup files left over from old editing sessions.) It happened that there weren't any editor backup files, so DWIM helpfully reported `*$ not found, assuming you meant 'delete *'.' It then started to delete all the files on the disk! The hacker managed to stop it with a Vulcan nerve pinch after only a half dozen or so files were lost. The disgruntled victim later said he had been sorely tempted to go to Warren's office, tie Warren down in his chair in front of his workstation, and then type `delete *$' twice.

DWIM is often suggested in jest as a desired feature for a complex program; it is also occasionally described as the single instruction the ideal computer would have. Back when proofs of program correctness were in vogue, there were also jokes about `DWIMC' (Do What I Mean, Correctly). A related term, more often seen as a verb, is DTRT (Do The Right Thing); see {RightThing} . -Eric S. Raymond, The New Hacker's Dictionary(1991)


The best computer interface is a graduate student, as professors well know. But real security? There's probably an impossibility proof out there.


Yeah, the DWIM should include a "but double-check if it seems surprising or expensive" - the "Are you quite sure you want the troops to launch a frontal assault on the heavily fortified position without stopping to pick up weapons first, sir?" approach to following orders...

Re: 2044: "Sandboxing Cycle"

Posted: Tue Sep 11, 2018 5:55 pm UTC
by SuicideJunkie
The best non-destructive way to secure a computer is to power it off. And that doesn't help against those with physical access.
If you want to fully secure a system theoretically, you need to drop the entire thing into a black hole. And we won't really know if that is secure until the quantum mechanics / relativity interactions are settled.

Re: 2044: "Sandboxing Cycle"

Posted: Tue Sep 11, 2018 9:11 pm UTC
by Soupspoon
The inward bandwidth will sky-rocket! (Better make it an asynchronous connection and forget all about sending ACKs, though.)