Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
ropsec: a package for easing operations securit...
Search
Ildikó Czeller
July 11, 2019
Programming
2
610
ropsec: a package for easing operations security for the R user
Ildikó Czeller
July 11, 2019
Tweet
Share
More Decks by Ildikó Czeller
See All by Ildikó Czeller
Making Email Campaigns More Effective: Send Time Optimization
czeildi
0
320
belgrade2018_satrday_oop_Ildi_Czeller.pdf
czeildi
0
87
The essentials to work with object-oriented systems in R
czeildi
0
97
Making email campaigns more effective: Send time optimization
czeildi
0
110
Other Decks in Programming
See All in Programming
Devvox Belgium - Agentic AI Patterns
kdubois
1
130
Go Conference 2025: Goで体感するMultipath TCP ― Go 1.24 時代の MPTCP Listener を理解する
takehaya
9
1.7k
スキーマ駆動で、Zod OpenAPI Honoによる、API開発するために、Hono Takibiというライブラリを作っている
nakita628
0
220
When Dependencies Fail: Building Antifragile Applications in a Fragile World
selcukusta
0
110
技術的負債の正体を知って向き合う
irof
0
200
Go言語はstack overflowの夢を見るか?
logica0419
0
490
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
310
釣り地図SNSにおける有料機能の実装
nokonoko1203
0
190
大規模アプリのDIフレームワーク刷新戦略 ~過去最大規模の並行開発を止めずにアプリ全体に導入するまで~
mot_techtalk
1
470
bootcamp2025_バックエンド研修_WebAPIサーバ作成.pdf
geniee_inc
0
120
理論と実務のギャップを超える
eycjur
0
170
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
480
Featured
See All Featured
Build your cross-platform service in a week with App Engine
jlugia
232
18k
Keith and Marios Guide to Fast Websites
keithpitt
411
23k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4k
BBQ
matthewcrist
89
9.8k
Music & Morning Musume
bryan
46
6.8k
How to Ace a Technical Interview
jacobian
280
24k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
508
140k
GitHub's CSS Performance
jonrohan
1032
470k
Docker and Python
trallard
46
3.6k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.6k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.2k
Optimizing for Happiness
mojombo
379
70k
Transcript
{ropsec}: R OPerations SECurity unconf ‘18 project on GitHub
... but unnecessarily hard @czeildi Data Scientist @Emarsys security is
important ...
Are you who you say you are? verify authenticity of
commits @czeildi Data Scientist @Emarsys
without signing @czeildi Data Scientist @Emarsys
with signing @czeildi Data Scientist @Emarsys
• Person 1 as person 1: good commit • Person
2 as person 2: good commit • Person 3 as person 1: evil commit @czeildi Data Scientist @Emarsys
@czeildi Data Scientist @Emarsys GitHub / web of trust sign
with , GitHub verifies with
@czeildi Data Scientist @Emarsys GitHub / web of trust sign
with , GitHub verifies with
specific technology • OpenPGP: standard • gpg : low-level •
ropsec : end2end @czeildi Data Scientist @Emarsys
ropsec::sign_commits_with_key() Do you want to sign future commits with `9958986BA31B2E1E`?
This will set your user.email from
[email protected]
to
[email protected]
. 1: Yes 2: No reduce risk of mistake @czeildi Data Scientist @Emarsys
ropsec::store_public_key() Public GPG key is uploaded to GitHub. Unauthorized request.
Check your token. Uploaded key is unverified, emails do not match. Delete the key (https://github.com/settings/keys) and try again. communicate status @czeildi Data Scientist @Emarsys
• askYesNo, getPass::getPass • git2r::config • gpg::gpg_keygen testing global changes
@czeildi Data Scientist @Emarsys
#throws error if password prompt cancelled: stub(generate_key, "getPass::getPass", NULL) expect_error(
generate_key("John Doe", "
[email protected]
"), "GPG key generation cancelled by user" ) testing global changes @czeildi Data Scientist @Emarsys
ropsec::full_on_audit()$suggestions • Use SSH key of size at least 2048
• Install a PAM module for password strength testing like pam_cracklib audit your computer in detail @czeildi Data Scientist @Emarsys
{ropsec}: available on GitHub • sign your commits • audit
your computer