Editing 2166: Stack

{{comic
| number    = 2166
| date      = June 21, 2019
| title     = Stack
| image     = stack.png
| titletext = Gotta feel kind of bad for nation-state hackers who spend years implanting and cultivating some hardware exploit, only to discover the entire target database is already exposed to anyone with a web browser.
}}

==Explanation==

In software engineering, a {{w|Solution stack|tech stack}} is the set of technology platforms and tools that a company or app uses. A common tech stack is {{w|LAMP (software bundle)|LAMP}}, composed of a {{w|Linux}} {{w|Operating system|operating system}}, an {{w|Apache HTTP Server|Apache}} {{w|Web server}}, a {{w|MySQL}} {{w|database}}, and the {{w|PHP}} programming language.

In this instance, all of the layers represent systems which have been subverted or compromised ("hacked") by various entities, instead of various software technologies. The stack resembles an OSI network architecture, with an eighth layer added representing the user itself.

'''Compromised by a customer:''' The user experience, above the OSI layers. Compromised by users doing something wrong or ill-advised.

'''Compromised by a former employee:''' In the OSI model, this would be the application layer. The application may include a hidden spyware in its codebase. Recent examples of compromise: Desjardins Group

'''Compromised by a current employee:''' This is the presentation layer. See above. Probably, that was compromised by a mistake of a current unexperienced employee.

'''Compromised by Bitcoin miners:''' This is the session layer, where SSL historically resided. Cryptographic exploits may cause compromise of whole communication. Examples of compromise: Dozens of bitcoin mining viruses.

'''Compromised by unknown hackers:''' This is the transport layer. IP and port spoofing is a possible compromise.

'''Compromised by our own government:''' This is the network layer. It refers to communication intercepts by governments. Examples of compromise: Cisco (for US citizens)

'''Compromised by a foreign government:''' This is the data link layer. This layer may be compromised by malrouting packets. Examples of compromise: Huawei (for non-Chinese citizens)

'''Massive undiscovered hardware vulnerability:''' This is the physical layer. An undiscovered hardware vulnerability may cause compromises further up in the stack. Examples of compromises: 
{{w|Intel Management Engine}}, {{w|Meltdown (security vulnerability)|Meltdown}}, {{w|Row hammer}}

In the title text, Randall expresses sympathy for a situation where someone spends a significant length of time on something that then becomes completely unnecessary.  In this case, it's the state-sponsored hackers who develop an exploit of some hardware component, which then becomes completely useless because the target database on that hardware is totally open anyway to anyone with a web browser (which is essentially everyone).  While he's not suggesting he agrees with their hacking, he has some sympathy for their wasted effort.

==Transcript==
:[Single-panel with a label at the top and 8 box layers stacked vertically, with in and out arrows at the top representing normal data flow and an arrow out of each box to the left or right representing exploit data flow]
:The Modern Tech Stack
:*Compromised by a customer (arrow to the right)
:*Compromised by a former employee (arrow to the left)
:*Compromised by a current employee (arrow to the right)
:*Compromised by bitcoin miners (arrow to the right)
:*Compromised by unknown hackers (arrow to the left)
:*Compromised by our own government (arrow to the right)
:*Compromised by a foreign government (arrow to the left)
:*Massive undiscovered hardware vulnerability (arrow to the right)

==Trivia==
Comic [[1636: XKCD Stack]] also has a hypothetical technology stack, with farcical layers.

{{comic discussion}}

[[Category:Computers]]
[[Category:Programming]]