Comments (13)
Ohh, I thought you suggested jedi
as password.
from gpu-jupyter.
also jedi
is also not perfect (I had to downgrade yesterday to get tab-completion working in ipython ... it was crashing the session with every tabulation), will let you know if I have any issues with tabnine
.
from gpu-jupyter.
confirmed. looked through my logs. brute force attempt eventually cracked the default password in under 30 hours. my fault for leaving the port open / password unchanged.
attackers set up cryptomining on the system. I found the payload. Looks like it ran for about two days before I caught it.
But anyway, this issue is about that package not working. Frankly, I don't trust a package that downloads its binary on startup, though that package in particular looks like it has a community, I am skeptical of the practice of pulling a file to site-packages on start up, so I'm glad it got a permissions denied error.
from gpu-jupyter.
Okay, interesting. I suggest we install tabnine
(for auto-completion) via pip (pip install jupyter-tabnine
) and change the default password. I admit, asdf
was not intelligent, as it is short and used so often!
gpu-jupyter
or gupyter
would be better (at least if there is no web-scraper that extracts the password from the README). What do you think?
from gpu-jupyter.
what's wrong with the default jedi
? I don't know if I need "deep learning" in my autocompletion
from gpu-jupyter.
Okay, do you think asdf
was cracked because it is frequent? The number of characters would be the same.
As far as I know, some autocompletion algorithms use a recurrent network that estimates the propability of the next chars or valid variables/functions. I've also got used to that ;)
from gpu-jupyter.
Regarding jedi
, there could be a webscraper that realizes that many Jupyter instances have that default password.
Maybe gpu-jedi
would be better. What do you think?
from gpu-jupyter.
I've prepared a commit to solve the issues discussed here. Just let me know what password you prefer!
from gpu-jupyter.
@ChristophSchranz I do think asdf
was too frequent. a phrase is much more secure. maybe something less guessable like gupyter_notebook
?
and I don't follow re: jedi
. What do you mean?
from gpu-jupyter.
(also to be clear, my main security flaw was opening the port to the internet instead of using a VPN... a stronger password would have been a second line of defense but ultimately the blame is on me for leaving the gate wide open and inviting intruders)
from gpu-jupyter.
@mathematicalmichael It happens easily that we forget about the first line of defense, therefore there should be a password that offers some defence ;)
from gpu-jupyter.
Hi,
I've changed the default password to gpu-jupyter
(easy to remember and long enough) in af575a9
I've also solved an issua with tabnine, such that it is installed for a user in cd12d58.
Are you okay with those changes?
from gpu-jupyter.
yup. thanks!
checked the commit, glad to see they fixed the bug.
from gpu-jupyter.
Related Issues (20)
- cuda 11.7 version release request HOT 1
- provide token if no password is specified
- nvcc issue HOT 3
- Files are displayed empty after restart of the container HOT 1
- no 'latest' tag on docker hub HOT 1
- image build fails on Debian 11 when trying follow instructions to build for nvidia/cuda:12.1.0-base-ubuntu20.04 HOT 3
- Error when running your current image with host drivers cuda 12.1 : "Could not load dynamic library 'libnvinfer.so.7'" HOT 3
- jupyternbextension-not found HOT 9
- PyTorch 2 needs CUDA 11.7+ HOT 5
- How to add new packages into the image ? HOT 2
- Unable to change conda environment in kernel HOT 4
- Update CUDA to 11.8 HOT 17
- CUDA version incompatibility HOT 10
- TensorFlow throws missing libdevice errors
- Update to Jupyterlab 4.0.10 HOT 6
- Static Token HOT 1
- torch gpu problem HOT 3
- Upgrade to latest versions (e.g. CUDA 12.3) HOT 3
- Suggest way to use latest pytorch (2.2.2) HOT 4
- Container not accessible from the network with Podman instead of Docker HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gpu-jupyter.