Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ropsec: a package for easing operations securit...

Ildikó Czeller
July 11, 2019
Programming
2
530

ropsec: a package for easing operations security for the R user

Ildikó Czeller

July 11, 2019
Tweet

More Decks by Ildikó Czeller

See All by Ildikó Czeller
Making Email Campaigns More Effective: Send Time Optimization
czeildi
0
250
belgrade2018_satrday_oop_Ildi_Czeller.pdf
czeildi
0
53
The essentials to work with object-oriented systems in R
czeildi
0
67
Making email campaigns more effective: Send time optimization
czeildi
0
110

Other Decks in Programming

See All in Programming
Ethereum_.pdf
nekomatu
0
460
Tauriでネイティブアプリを作りたい
tsucchinoko
0
370
subpath importsで始めるモック生活
10tera
0
300
Jakarta EE meets AI
ivargrimstad
0
120
みんなでプロポーザルを書いてみた
yuriko1211
0
260
광고 소재 심사 과정에 AI를 도입하여 광고 서비스 생산성 향상시키기
kakao
PRO
0
170
3rd party scriptでもReactを使いたい! Preact + Reactのハイブリッド開発
righttouch
PRO
1
600
2024/11/8 関西Kaggler会 2024 #3 / Kaggle Kernel で Gemma 2 × vLLM を動かす。
kohecchi
5
910
Laravel や Symfony で手っ取り早く
OpenAPI のドキュメントを作成する
azuki
1
110
Arm移行タイムアタック
qnighy
0
300
Better Code Design in PHP
afilina
PRO
0
120
「今のプロジェクトいろいろ大変なんですよ、app/services とかもあって……」/After Kaigi on Rails 2024 LT Night
junk0612
5
2.1k

Featured

See All Featured
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
93
16k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
A better future with KSS
kneath
238
17k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
6.9k
Bash Introduction
62gerente
608
210k
Unsuck your backbone
ammeep
668
57k
YesSQL, Process and Tooling at Scale
rocio
169
14k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
Art, The Web, and Tiny UX
lynnandtonic
297
20k
10 Git Anti Patterns You Should be Aware of
lemiorhan
654
59k
Done Done
chrislema
181
16k

Transcript

  1. {ropsec}: R OPerations SECurity unconf ‘18 project on GitHub

  2. ... but unnecessarily hard @czeildi Data Scientist @Emarsys security is

    important ...

  3. Are you who you say you are? verify authenticity of

    commits @czeildi Data Scientist @Emarsys

  4. without signing @czeildi Data Scientist @Emarsys

  5. with signing @czeildi Data Scientist @Emarsys

  6. • Person 1 as person 1: good commit • Person

    2 as person 2: good commit • Person 3 as person 1: evil commit @czeildi Data Scientist @Emarsys

  7. @czeildi Data Scientist @Emarsys GitHub / web of trust sign

    with , GitHub verifies with

  8. @czeildi Data Scientist @Emarsys GitHub / web of trust sign

    with , GitHub verifies with

  9. specific technology • OpenPGP: standard • gpg : low-level •

    ropsec : end2end @czeildi Data Scientist @Emarsys

  10. ropsec::sign_commits_with_key() Do you want to sign future commits with `9958986BA31B2E1E`?

    This will set your user.email from [email protected] to [email protected]. 1: Yes 2: No reduce risk of mistake @czeildi Data Scientist @Emarsys

  11. ropsec::store_public_key() Public GPG key is uploaded to GitHub. Unauthorized request.

    Check your token. Uploaded key is unverified, emails do not match. Delete the key (https://github.com/settings/keys) and try again. communicate status @czeildi Data Scientist @Emarsys

  12. • askYesNo, getPass::getPass • git2r::config • gpg::gpg_keygen testing global changes

    @czeildi Data Scientist @Emarsys

  13. #throws error if password prompt cancelled: stub(generate_key, "getPass::getPass", NULL) expect_error(

    generate_key("John Doe", "[email protected]"), "GPG key generation cancelled by user" ) testing global changes @czeildi Data Scientist @Emarsys

  14. ropsec::full_on_audit()$suggestions • Use SSH key of size at least 2048

    • Install a PAM module for password strength testing like pam_cracklib audit your computer in detail @czeildi Data Scientist @Emarsys

  15. {ropsec}: available on GitHub • sign your commits • audit

    your computer