the.com/sandboxing

letting code play in a locked room so it can't set the house on fire.

means running a program in an isolated environment where its access to the real system is deliberately restricted.

from named after the literal sandbox where kids dig, build, and destroy without wrecking the actual yard; computing borrowed the metaphor in the 1990s for isolating untrusted code.

for instance

chrome renderer processisolates each tab so a malicious site cant touch your os

ios app sandboxapps cant read each others data since iphone os 2

docker containersisolate processes using linux namespaces and cgroups since 2013

virustotal analysisdetonates suspicious files in a vm to watch what they do

the.com/
what’s happening now · the.com · generated