Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ropsec: a package for easing operations securit...

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Ildikó Czeller Ildikó Czeller
July 11, 2019
Programming
650
2

ropsec: a package for easing operations security for the R user

Avatar for Ildikó Czeller

Ildikó Czeller

July 11, 2019

More Decks by Ildikó Czeller

See All by Ildikó Czeller
Making Email Campaigns More Effective: Send Time Optimization
Avatar for Ildikó Czeller czeildi
0
350
belgrade2018_satrday_oop_Ildi_Czeller.pdf
Avatar for Ildikó Czeller czeildi
0
110
The essentials to work with object-oriented systems in R
Avatar for Ildikó Czeller czeildi
0
120
Making email campaigns more effective: Send time optimization
Avatar for Ildikó Czeller czeildi
0
110

Other Decks in Programming

See All in Programming
The Past, Present, and Future of Enterprise Java
Avatar for ivargrimstad ivargrimstad
0
430
1人1案件のプロダクトエンジニア時代に、"プロセス監督"としてチャレンジしたこと
Avatar for のんちゃん non0113
0
120
PHPでローカル環境用のSSL/TLS証明書を発行することはできるのか? #phpconkagawa
Avatar for akase244 akase244
0
370
How We Practice Exploratory Testing in Iterative Development( #scrumniigata ) / 反復開発の中で、探索的テストをどう実施しているか
Avatar for teyamagu teyamagu
PRO
3
930
Stage 3 Decorators でできること / できないこと / TSKaigi 2026
Avatar for Susisu susisu
0
140
権限チェックの一貫性を型で守る TypeScript による多層防御
Avatar for aster-mnch (kitagawa) mnch
2
190
今さら聞けないCancellationToken
Avatar for tkym htkym
0
110
[BalkanRuby 2026] Drop your app/services!
Avatar for Vladimir Dementyev palkan
3
580
サーバーレスで作る、動画データ管理基盤
Avatar for Keigo Ibaraki oyasumipants
0
230
Structured Concurrency, Scoped Values and Joiners in the JDK 25 26 27
Avatar for José josepaumard
1
150
リセットCSSを1行消したらアクセシビリティが向上した話
Avatar for pvcresin pvcresin
4
520
Are We Really Coding 10× Faster with AI?
Avatar for Koichi Yoshida kohzas
0
200

Featured

See All Featured
Public Speaking Without Barfing On Your Shoes - THAT 2023
Avatar for David Neal reverentgeek
1
390
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
187
22k
It's Worth the Effort
Avatar for 3n 3n
188
29k
Impact Scores and Hybrid Strategies: The future of link building
Avatar for Tamara Novitovic tamaranovitovic
0
280
The Director’s Chair: Orchestrating AI for Truly Effective Learning
Avatar for Mike Taylor tmiket
1
170
A brief & incomplete history of 
UX Design for the World Wide Web: 1989–2019
Avatar for Jason CranfordTeague jct
2
370
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
Avatar for Akash Hashmi akashhashmi
0
340
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1370
210k
The Limits of Empathy - UXLibs8
Avatar for Cassini Nazir cassininazir
1
330
Neural Spatial Audio Processing for Sound Field Analysis and Control
Avatar for NII S. Koyama's Lab skoyamalab
0
300
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
77
5.3k
世界の人気アプリ100個を分析して見えたペイウォール設計の心得
Avatar for Akihiro Kokubo akihiro_kokubo
PRO
70
39k

Transcript

  1. {ropsec}: R OPerations SECurity unconf ‘18 project on GitHub

  2. ... but unnecessarily hard @czeildi Data Scientist @Emarsys security is

    important ...

  3. Are you who you say you are? verify authenticity of

    commits @czeildi Data Scientist @Emarsys

  4. without signing @czeildi Data Scientist @Emarsys

  5. with signing @czeildi Data Scientist @Emarsys

  6. • Person 1 as person 1: good commit • Person

    2 as person 2: good commit • Person 3 as person 1: evil commit @czeildi Data Scientist @Emarsys

  7. @czeildi Data Scientist @Emarsys GitHub / web of trust sign

    with , GitHub verifies with

  8. @czeildi Data Scientist @Emarsys GitHub / web of trust sign

    with , GitHub verifies with

  9. specific technology • OpenPGP: standard • gpg : low-level •

    ropsec : end2end @czeildi Data Scientist @Emarsys

  10. ropsec::sign_commits_with_key() Do you want to sign future commits with `9958986BA31B2E1E`?

    This will set your user.email from [email protected] to [email protected]. 1: Yes 2: No reduce risk of mistake @czeildi Data Scientist @Emarsys

  11. ropsec::store_public_key() Public GPG key is uploaded to GitHub. Unauthorized request.

    Check your token. Uploaded key is unverified, emails do not match. Delete the key (https://github.com/settings/keys) and try again. communicate status @czeildi Data Scientist @Emarsys

  12. • askYesNo, getPass::getPass • git2r::config • gpg::gpg_keygen testing global changes

    @czeildi Data Scientist @Emarsys

  13. #throws error if password prompt cancelled: stub(generate_key, "getPass::getPass", NULL) expect_error(

    generate_key("John Doe", "[email protected]"), "GPG key generation cancelled by user" ) testing global changes @czeildi Data Scientist @Emarsys

  14. ropsec::full_on_audit()$suggestions • Use SSH key of size at least 2048

    • Install a PAM module for password strength testing like pam_cracklib audit your computer in detail @czeildi Data Scientist @Emarsys

  15. {ropsec}: available on GitHub • sign your commits • audit

    your computer