Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
ropsec: a package for easing operations security for the R user
Search
Ildikó Czeller
July 11, 2019
Programming
2
470
ropsec: a package for easing operations security for the R user
Ildikó Czeller
July 11, 2019
Tweet
Share
More Decks by Ildikó Czeller
See All by Ildikó Czeller
Making Email Campaigns More Effective: Send Time Optimization
czeildi
0
230
belgrade2018_satrday_oop_Ildi_Czeller.pdf
czeildi
0
51
The essentials to work with object-oriented systems in R
czeildi
0
60
Making email campaigns more effective: Send time optimization
czeildi
0
110
Other Decks in Programming
See All in Programming
Folding Cheat Sheet #7
philipschwarz
PRO
0
150
CSC307 Lecture 12
javiergs
PRO
0
220
みんなのオブザーバビリティプラットフォームを作ってるんだがパフォーマンスがやばい #mackerelio #srenext
ne_sachirou
0
380
CSC307 Lecture 13
javiergs
PRO
0
150
最古の関数型言語「Lisp」ことはじめ / lisp_in_kamiyama
uhooi
1
190
How to use Macrobenchmark
veronikapj
0
160
【Go言語】golangci-lintの使い方
tomo1227
0
280
Javaの現状2024夏 / Java current status 2024 summer
kishida
4
1.4k
CSC307 Lecture 14
javiergs
PRO
0
220
Ruby メモリ管理 プログラミング
megmogmog1965
0
130
DMMプラットフォームにおけるTiDBの導入から運用まで
pospome
7
3k
GraphQL はいいぞ! ~Laravel で学ぶ GraphQL 入門~
azuki
1
160
Featured
See All Featured
Fashionably flexible responsive web design (full day workshop)
malarkey
399
65k
Design by the Numbers
sachag
277
18k
Principles of Awesome APIs and How to Build Them.
keavy
124
16k
A Modern Web Designer's Workflow
chriscoyier
689
190k
The Cult of Friendly URLs
andyhume
75
5.9k
Done Done
chrislema
179
15k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
189
16k
Documentation Writing (for coders)
carmenintech
63
4.2k
Docker and Python
trallard
37
2.9k
Building Flexible Design Systems
yeseniaperezcruz
323
37k
Designing for humans not robots
tammielis
247
25k
Clear Off the Table
cherdarchuk
89
320k
Transcript
{ropsec}: R OPerations SECurity unconf ‘18 project on GitHub
... but unnecessarily hard @czeildi Data Scientist @Emarsys security is
important ...
Are you who you say you are? verify authenticity of
commits @czeildi Data Scientist @Emarsys
without signing @czeildi Data Scientist @Emarsys
with signing @czeildi Data Scientist @Emarsys
• Person 1 as person 1: good commit • Person
2 as person 2: good commit • Person 3 as person 1: evil commit @czeildi Data Scientist @Emarsys
@czeildi Data Scientist @Emarsys GitHub / web of trust sign
with , GitHub verifies with
@czeildi Data Scientist @Emarsys GitHub / web of trust sign
with , GitHub verifies with
specific technology • OpenPGP: standard • gpg : low-level •
ropsec : end2end @czeildi Data Scientist @Emarsys
ropsec::sign_commits_with_key() Do you want to sign future commits with `9958986BA31B2E1E`?
This will set your user.email from
[email protected]
to
[email protected]
. 1: Yes 2: No reduce risk of mistake @czeildi Data Scientist @Emarsys
ropsec::store_public_key() Public GPG key is uploaded to GitHub. Unauthorized request.
Check your token. Uploaded key is unverified, emails do not match. Delete the key (https://github.com/settings/keys) and try again. communicate status @czeildi Data Scientist @Emarsys
• askYesNo, getPass::getPass • git2r::config • gpg::gpg_keygen testing global changes
@czeildi Data Scientist @Emarsys
#throws error if password prompt cancelled: stub(generate_key, "getPass::getPass", NULL) expect_error(
generate_key("John Doe", "
[email protected]
"), "GPG key generation cancelled by user" ) testing global changes @czeildi Data Scientist @Emarsys
ropsec::full_on_audit()$suggestions • Use SSH key of size at least 2048
• Install a PAM module for password strength testing like pam_cracklib audit your computer in detail @czeildi Data Scientist @Emarsys
{ropsec}: available on GitHub • sign your commits • audit
your computer