2044: Sandboxing Cycle
Title text: All I want is a secure system where it's easy to do anything I want. Is that so much to ask?
A sandbox or sandpit is a playground where children can play safe without interfering the world outside. By this meaning the term was adopted by others like the sand table in military uses, or as a Wikipedia Sandbox, a playground for inexperienced editors to test their additions, and in computer security (sandbox) which Randall probably references at this comic.
Software is getting more and more complex, and in an effort to reduce programming work and security vulnerabilities, large applications are composed of multiple programs. Getting these mostly self-contained programs to work with each other can be tricky, since requirements can vary a lot between different applications, requiring a rather general interface or API for communication. The more open such interfaces are, the higher the risk of unintended side effects, like vulnerabilities and overly permissive data access which could be exploited by hackers.
At the top left panel it could be a software collection whose parts are not yet fully connected to each other; the parts of the system which are as yet unconnected are shown in red, symbolizing a problem. A simple example is a typical office suite used for documents, presentations, spreadsheets, charts, databases, and more. In the early days those separate applications weren't much connected together, copy and paste was one of the most important features; which suggests the applications haven't yet been fully developed. But software is never been fully developed as it can be seen further.
The next panel uses some "new technology" (in green, representing a solution) to interconnect those parts not only internal but also to the world outside at the internet. In the simple office suite example this means a document can now use a spreadsheet directly by using just a simple connection to another file. If that spreadsheet is changed the document uses this new content without any need of copying it manually.
But this leads to the third panel, with undesired connections shown in red. The undesired connections mean that problems in specific applications may spread to other applications because nobody can oversee everything in a large environment. It even may destroy the original document in the office suite example or allow malicious users to exploit security holes.
The fourth panel shows (in green, representing a solution) a method applied to this problem known as sandboxing. This is a security mechanism for separating running programs without risking harm to others. This can tighten up sloppy security. A direct consequence of restricted communication is that the programs now again can't connect easily to each other, resulting in a situation very similar like in the first panel and restarting the "sandboxing cycle."
The point made by this comic is that it is often difficult to easily use a system without lowering security in that system; a dilemma that can be found both in the office suite example above or the social media example below.
The dilemma is again stated in the title text: Randall wants both ease of use and high security. In practice, a tradeoff has to be made.
- [The comic consists of four panels arranged in a circle around the center. Black arrows connecting them clockwise in an infinite loop. All panels show the same 14 tiny circles and three different rings embedding some of the circles while other circles are outside. A few circles and rings are connected by lines but there is no connection between them all.]
- [The panel at top left shows this configuration but with a few circles in red.]
- "I wish these parts could communicate more easily."
- [Clockwise the next panel on the right shows new lines in green connecting nearly all remaining also now green circles and the lower most circle has a dashed green line to the outside.]
- "Ohh, this new technology makes it easy to create arbitrary connections, integrating everything!"
- [At the third panel to the bottom right all green parts are now in black and even more connections are established. Parts of these and some others are now highlighted in red.]
- "Uh-oh, there are so many connections it's creating bugs and security holes!"
- [At the fourth panel to the bottom left all red parts are now in black, showing a complex structure. Four green rings separate the structure with only green connections between them and to the outside.]
- "Ohh, this new technology makes it easy to enclose arbitrary things in secure sandboxes!"
- [The arrow above the fourth panel connects it to the first and the circle continues from the beginning.]
- While this comic is applicable to a wide number of digital security issues, it may be about social media in particular.
- Originally, there were only a few social media websites (AOL, for example), which were not connected to one another but were so large and all-encompassing that they could be considered highly-connected systems. Once the internet became more popular and more powerful, lots of smaller websites popped up for individual topics -- forums, web apps, etc. Eventually there were so many places users had to log in that Google and Facebook began to offer services to use a single log-in for all websites that opted-in to supporting that service. Recently, with increasing consumer concerns about privacy and security, some users have begun to deliberately sever the connections between websites, to make it harder for any one company to gain a monopoly on their data. This may not last long, though, as users realized just how inconvenient it is to manage so many logins.
- This desire to accommodate both privacy and ease use of use can lead to confusing and paradoxical actions or outlooks, like Randall's struggle with his social media accounts in the comic immediately following this one, or Zach Wienersmith's complaints in the SMBC comic released the same day as this one.
add a comment! ⋅ add a topic (use sparingly)! ⋅ refresh comments!