37 votes

xkcd 2044: Sandboxing Cycle

11 comments

  1. dblohm7
    Link
    This has been making the rounds in browser dev circles today. As somebody who is on the team who works on the Firefox sandbox, this is all too true!

    This has been making the rounds in browser dev circles today.

    As somebody who is on the team who works on the Firefox sandbox, this is all too true!

    10 votes
  2. [10]
    clerical_terrors
    Link
    I'm a bad dev and I don't know which technologies allow those seperare parts to communicate between each other easily...

    I'm a bad dev and I don't know which technologies allow those seperare parts to communicate between each other easily...

    1 vote
    1. [3]
      hackergal
      Link Parent
      As an aspiring computer science major, this is why my level of nervousness increases proportional to the level of abstraction whatever programming language I learn is on. My university is starting...

      As an aspiring computer science major, this is why my level of nervousness increases proportional to the level of abstraction whatever programming language I learn is on. My university is starting us off with Java but I've also been teaching myself C on the side so I can know how all this shit talks to each other.

      4 votes
      1. [2]
        vakieh
        Link Parent
        Lol, with a side of woah. First up, assuming you go to a decent uni, slow down and go for depth rather than breadth. It is riDONKulously easy to learn bad habits in C, where things work but are...

        Lol, with a side of woah.

        First up, assuming you go to a decent uni, slow down and go for depth rather than breadth. It is riDONKulously easy to learn bad habits in C, where things work but are still wrong. If your uni is decent, they have a thoroughly mapped out pathway to take you from 'this is a tool' style black box programming, before they dive you down to the nitty gritty (then hopefully back up to the organisation integration). There are exceptionally good pedagogical reasons why unis went from teaching first-contact compsci in C, or even assembler to working with higher-abstraction languages.

        I would strongly recommend learning the crap out of what you are doing while you're under the instruction of someone who knows what they're doing, and leave the C for second year.

        Of course, if you go to a crap uni (most uni students do, statistically speaking) you should instead incorporate MIT's Open Courseware programming units. And still leave the C for second year.

        7 votes
        1. Emerald_Knight
          Link Parent
          In general it's better to work with easier examples to fully cement the subject before moving into more abstract, complicated representations. Working with strings in Python is easy, whereas...

          In general it's better to work with easier examples to fully cement the subject before moving into more abstract, complicated representations. Working with strings in Python is easy, whereas working with them in C is more complicated.

          By focusing on developing problem solving processes first and gaining familiarity with fundamental programming constructs, you make introductions to more complicated processes like pointers and memory management easier to deal with, because when you screw things up in C that you normally get right in Python or Java, you can more easily isolate the cause to the lower-level details while having confidence in your higher-level solution.

          In other words, it's easier to learn to juggle five bowling pins at a time if you start out getting good at juggling two.

          Unfortunately a lot of people either don't realize this or don't like to admit it, and instead resort to language elitism. And, as a side note, it's always the complied language elitists who seem to have the worst ego problems. Extensive exposure to interpreted languages hopefully reduces this to some extent ;)

          2 votes
    2. [6]
      nathan
      Link Parent
      I think most of that stuff occurs at an OS level, so if you’re not into OS development it’s not surprising that nothing is coming to mind.

      I think most of that stuff occurs at an OS level, so if you’re not into OS development it’s not surprising that nothing is coming to mind.

      1 vote
      1. [5]
        clerical_terrors
        Link Parent
        Isn't it super useful for web apps as well to be able to communicate between each other?

        Isn't it super useful for web apps as well to be able to communicate between each other?

        2 votes
        1. [4]
          nathan
          Link Parent
          Right but those usually aren’t sandboxed between each other, since they don’t usually reside on the same host and communicate over http.

          Right but those usually aren’t sandboxed between each other, since they don’t usually reside on the same host and communicate over http.

          1 vote
          1. [3]
            clerical_terrors
            Link Parent
            I mean if you can't afford to have seperate hosts for your webapp then isn't docker a great way to keep them seperated? I thought that was kind of the point?

            I mean if you can't afford to have seperate hosts for your webapp then isn't docker a great way to keep them seperated? I thought that was kind of the point?

            2 votes
            1. [2]
              nathan
              Link Parent
              Docker is more for isolation and less security sanboxing. A sandbox as I usually think of it is something that prevents your application from accessing other parts of the system it’s running on....

              Docker is more for isolation and less security sanboxing. A sandbox as I usually think of it is something that prevents your application from accessing other parts of the system it’s running on. Like your browser has a sandbox so that it can execute untrusted JavaScript without having to worry that the JavaScript is going to read all your personal files without your permission. Docker (containers in general) aren’t really about sandboxing as much as they are about isolating your applications so that they don’t step on eahothers toes. That way each image can be configured in isolation, but they can all run on the same host. There is some sandboxing there, but that’s not really the point of the tool IMO, but again I’m a developer and not a sysadmin, so I have a developers perspective on it instead of a sysadmins perspective.

              3 votes
              1. clerical_terrors
                Link Parent
                OOOH, I've been thinking of it wrong all this time then. Thanks for the explanation :D

                OOOH, I've been thinking of it wrong all this time then. Thanks for the explanation :D

                2 votes
  3. Removed by admin: 3 comments by 2 users
    Link