Singlestore Helios Notebooks recently got an upgrade that improves their usability without sacrificing security.
Notebooks use a FQDN-based allowlist to determine whether or not to forward requests to external URLs and endpoints. The notebook will automatically block requests made to domains not in the allowlist — this functionality is described in our documentation.
Previously, if a user tried to execute a Python cell, which makes an external request to a domain that is not in the allowlist, the cell's execution would most likely get "stuck" (particularly, if the request didn't have a timeout or explicit error handling). The problem with this is that it would not be clear to the user why the cell's execution was not progressing. The user had no indication there was a blocked request, and they may not know what domain the request had tried to access.
From a usability standpoint, we knew that we could do better. So, we've updated the experience so that if a request is made to a domain that is not in the allowlist, we now show an alert at the top of the page. This allows the user to know that a request was blocked. From the user interface, the user can then optionally choose to add the missing domain into the allowlist.
.png?width=1120&disable=upscale&auto=webp)
We detect dropped requests by using Cilium Hubble. Hubble provides visibility into flow information on the network and application protocol level. With the use of its flow filters, Hubble allows us to see dropped outbound requests made from a Jupyter Notebook server.
While any Notebook cell is executing, we continuously query Hubble for any dropped requests. This allows us to expose the dropped requests in the form of alerts to the user. If the user chooses to add the missing domain to the notebook firewall, the cell will continue its execution and no longer be blocked on the dropped request. This provides a much better experience for our users.
If you want to try SingleStore Notebooks, sign up for a free trial of Singlestore Helios. After creating your account, you'll be able to create Jupyter Notebooks to run custom Python and SQL code, and collaborate with others.
