[IPython-dev] how to prevent spam, ddos, etc. from IPython notebooks

Mon Mar 16 13:46:20 EDT 2015

On Mon, Mar 16, 2015 at 11:32 AM, William Stein <wstein at gmail.com> wrote:

>
>
> On Monday, March 16, 2015, MinRK <benjaminrk at gmail.com> wrote:
>
>>
>>
>> On Mon, Mar 16, 2015 at 10:58 AM, William Stein <wstein at gmail.com> wrote:
>>
>>>
>>>
>>> On Monday, March 16, 2015, MinRK <benjaminrk at gmail.com> wrote:
>>>
>>>> tmpnb (try.jupyter.org) takes a similar, if more restrictive, approach
>>>> to SageMathCloud. User containers simply have no network access. We should
>>>> probably adopt a strict whitelist of services like William has done.
>>>>
>>>>
>>> Do people complain?
>>>
>>
>> I think we've had a question or two, but not much that I'm aware of.
>> Unlike SMC, try.jupyter is really for doing quick demos of the notebook
>> itself, not a hosted place to do actual work, which I think results in a
>> big difference in expectations of what should be possible or allowed. The
>> network lockdown emphasizes that, as does the ephemeral nature of the
>> containers.
>>
>
>
> I just looked around the try.jupyter site (on a tablet) and couldn't even
> find an email or feedback link. So that might slightly reduce the amount of
> feedback you get.
>

That's certainly one way to curtail feedback. We should put a link to the
mailing list somewhere discoverable (currently it's only on jupyter.org,
nowhere on try that I know of).

-MinRK

>
>> -MinRK
>>
>>
>>>
>>>
>>>> -MinRK
>>>>
>>>> On Mon, Mar 16, 2015 at 8:14 AM, William Stein <wstein at gmail.com>
>>>> wrote:
>>>>
>>>>> On Mon, Mar 16, 2015 at 6:55 AM, Robert Alexander
>>>>> <roalexan at microsoft.com> wrote:
>>>>> > Do people have any advice/experience on how to prevent spam, ddos,
>>>>> etc. from
>>>>> > users' IPython notebooks? Since arbitrary Python code is what IPython
>>>>> > notebook is all about (see:
>>>>> > http://ipython.org/ipython-doc/dev/notebook/security.html), this
>>>>> might be
>>>>> > difficult to achieve.
>>>>>
>>>>> For SageMathCloud (https://cloud.sagemath.com), which hosts IPython
>>>>> notebook servers, by default I use a firewall to disable most outside
>>>>> network access by default.  Uses can write to me to explain what they
>>>>> are doing and request network access.
>>>>>
>>>>> Last year I was having fairly regular problems with people using
>>>>> SageMathCloud to launch hacking attacks against targets, which
>>>>> resulted in complaints from those targets.   I also had problems with
>>>>> people downloading content, e.g., from MathSciNet, which violated
>>>>> their terms of usage (this was an unintentional mistake by a grad
>>>>> student).    Basically, SageMathCloud would regularly get flagged by
>>>>> University of Washington Netops.  Once I setup a firewall with a small
>>>>> *whitelist* (including, e.g., github), I haven't had one single
>>>>> problem like this.
>>>>>
>>>>>  -- William
>>>>>
>>>>> >
>>>>> >
>>>>> > _______________________________________________
>>>>> > IPython-dev mailing list
>>>>> > IPython-dev at scipy.org
>>>>> > http://mail.scipy.org/mailman/listinfo/ipython-dev
>>>>> >
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> William (http://wstein.org)
>>>>> _______________________________________________
>>>>> IPython-dev mailing list
>>>>> IPython-dev at scipy.org
>>>>> http://mail.scipy.org/mailman/listinfo/ipython-dev
>>>>>
>>>>
>>>>
>>>
>>> --
>>> William (http://wstein.org)
>>>
>>> _______________________________________________
>>> IPython-dev mailing list
>>> IPython-dev at scipy.org
>>> http://mail.scipy.org/mailman/listinfo/ipython-dev
>>>
>>>
>>
>
> --
> William (http://wstein.org)
>
> _______________________________________________
> IPython-dev mailing list
> IPython-dev at scipy.org
> http://mail.scipy.org/mailman/listinfo/ipython-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20150316/5e6009da/attachment.html>