Can I make a livebook public?

jonericcook · March 16, 2022, 5:26pm

Hello,

I have an Elixir library that I’d like to create interactive documentation for. I saw livebook and thought it would be a perfect fit. I am curious if its possible to write said documentation and then be able to create a sharable version of it that can be accessed by anyone.

I launched livebook via fly.io and did a little test page and then shared it. I opened it up on my phone and it asked me to authenticate.

Is my thinking off base to think that a livebook could be something like https://readme.com/ but with inline elixir code evaluation?

Sebb · March 16, 2022, 5:37pm

If you don’t mind that I install my dogecoin miner on the server, do it.

jonericcook · March 16, 2022, 5:47pm

so is the whole point of livebook to be a private collaboration tool?

Sebb · March 16, 2022, 5:51pm

You have to trust all people using it.
Livebook in a sandbox would be cool, but there is no Elixir sandbox (that I know of).

jonericcook · March 16, 2022, 5:53pm

would something like a sandbox be possible so a public livebook could be a thing?

Sebb · March 16, 2022, 5:55pm

Please do not ping the core team, there are a lot of people here, that can answer this question.

jonericcook · March 16, 2022, 6:05pm

edited

BartOtten · March 16, 2022, 6:18pm

Afaik not. Not in a way that would make your Livebook secure. As code input is executed at the server, there is no way to prevent malicious code from running on it.

There are a few threads at this forum about sandboxing Elixir; there you’ll find explanations why it can’t be done (typing at mobile so hard to link)

Livebook seems to have its uses for sharing code snippets and working collaboratively on something, but be careful about opening it up to anyone as it exposes lots of security risks.

A Livebook notebook session is opening access to whatever server/computer the Livebook application is running on. When running in prod mode (highly recommended) anyone with a valid token authentication can use Elixir functions to inspect the filesystems, environment variables, run other programs, and create remote connections to other servers
source

LostKobrakai · March 16, 2022, 6:32pm

The sharing part of livebook are not the instances but the files. As others have mentioned sharing the runtime in a secure way is simply not feasable.

aiko · March 16, 2022, 6:40pm

The idea currently would be, that you create a liveview page and that people having access to a (their own) livebook server execute and play with it in there.

josefrichter · March 17, 2022, 6:37am

There was a discussion somewhere here about elixir running in browser. Maybe that could be a potential solution?

Edit: something like this JupyterLite: Jupyter ❤️ WebAssembly ❤️ Python | by Jeremy Tuloup | Jupyter Blog

aiko · March 17, 2022, 6:43am

From the readme

Decentralized: Livebook is open-source and you can run it anywhere. The “Run in Livebook” badges makes it easy to import any Livebook into your preferred Livebook instance.

natewallis · May 5, 2024, 8:31pm

@jonericcook Definitely a fair question - something I am also wondering as I take my first look at livebook. It is pretty cool, and I was hoping to use it to publicly document one of my personal projects. I thought it might be possible to “publish” a livebook so that there was no editing access available to the code cells and they could just be executed…

EDIT

Just thought about this more on my way morning trip to the supermarket and realised that I missed the point of livebook in this situation (thinking more about the decentralised comment above). Of course you can document your own project, the documentation can live with the repo rather than being published to a central location.

Having a published public view of course introduces access roles and other authentication.