Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ropsec: a package for easing operations securit...

Avatar for Ildikó Czeller Ildikó Czeller
July 11, 2019
Programming
2
600

ropsec: a package for easing operations security for the R user

Avatar for Ildikó Czeller

Ildikó Czeller

July 11, 2019
Tweet

More Decks by Ildikó Czeller

See All by Ildikó Czeller
Making Email Campaigns More Effective: Send Time Optimization
Avatar for Ildikó Czeller czeildi
0
320
belgrade2018_satrday_oop_Ildi_Czeller.pdf
Avatar for Ildikó Czeller czeildi
0
87
The essentials to work with object-oriented systems in R
Avatar for Ildikó Czeller czeildi
0
97
Making email campaigns more effective: Send time optimization
Avatar for Ildikó Czeller czeildi
0
110

Other Decks in Programming

See All in Programming
The Past, Present, and Future of Enterprise Java
Avatar for ivargrimstad ivargrimstad
0
380
なぜあの開発者はDevRelに伴走し続けるのか / Why Does That Developer Keep Running Alongside DevRel?
Avatar for nrs nrslib
3
410
CSC509 Lecture 04
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
0
300
オープンソースソフトウェアへの解像度🔬
Avatar for うたもく utam0k
15
2.9k
他言語経験者が Golangci-lint を最初のコーディングメンターにした話 / How Golangci-lint Became My First Coding Mentor: A Story from a Polyglot Programmer
Avatar for uMa uma31
0
160
iOSエンジニア向けの英語学習アプリを作る!
Avatar for yukawashouhei yukawashouhei
0
190
『毎日の移動』を支えるGoバックエンド内製開発
Avatar for yutautsugi yutautsugi
2
250
All About Angular's New Signal Forms
Avatar for Manfred Steyer manfredsteyer
PRO
0
160
Devvox Belgium - Agentic AI Patterns
Avatar for Kevin Dubois kdubois
1
120
Devoxx BE - Local Development in the AI Era
Avatar for Kevin Dubois kdubois
0
130
あなたとKaigi on Rails / Kaigi on Rails + You
Avatar for Hiroshi Shimoju shimoju
0
160
monorepo の Go テストをはやくした〜い!~最小の依存解決への道のり~ / faster-testing-of-monorepos
Avatar for convto convto
2
500

Featured

See All Featured
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
246
12k
ReactJS: Keep Simple. Everything can be a component!
Avatar for Pedro Nauck pedronauck
667
120k
Building an army of robots
Avatar for Kyle Neath kneath
306
46k
Designing for Performance
Avatar for Lara Hogan lara
610
69k
Unsuck your backbone
Avatar for Amy Palamountain ammeep
671
58k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
791
250k
We Have a Design System, Now What?
Avatar for Morgane Peng morganepeng
53
7.8k
Build your cross-platform service in a week with App Engine
Avatar for Jose L jlugia
232
18k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
333
22k
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
29
4k
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
280
24k
Stop Working from a Prison Cell
Avatar for Chris Michel hatefulcrawdad
271
21k

Transcript

  1. {ropsec}: R OPerations SECurity unconf ‘18 project on GitHub

  2. ... but unnecessarily hard @czeildi Data Scientist @Emarsys security is

    important ...

  3. Are you who you say you are? verify authenticity of

    commits @czeildi Data Scientist @Emarsys

  4. without signing @czeildi Data Scientist @Emarsys

  5. with signing @czeildi Data Scientist @Emarsys

  6. • Person 1 as person 1: good commit • Person

    2 as person 2: good commit • Person 3 as person 1: evil commit @czeildi Data Scientist @Emarsys

  7. @czeildi Data Scientist @Emarsys GitHub / web of trust sign

    with , GitHub verifies with

  8. @czeildi Data Scientist @Emarsys GitHub / web of trust sign

    with , GitHub verifies with

  9. specific technology • OpenPGP: standard • gpg : low-level •

    ropsec : end2end @czeildi Data Scientist @Emarsys

  10. ropsec::sign_commits_with_key() Do you want to sign future commits with `9958986BA31B2E1E`?

    This will set your user.email from [email protected] to [email protected]. 1: Yes 2: No reduce risk of mistake @czeildi Data Scientist @Emarsys

  11. ropsec::store_public_key() Public GPG key is uploaded to GitHub. Unauthorized request.

    Check your token. Uploaded key is unverified, emails do not match. Delete the key (https://github.com/settings/keys) and try again. communicate status @czeildi Data Scientist @Emarsys

  12. • askYesNo, getPass::getPass • git2r::config • gpg::gpg_keygen testing global changes

    @czeildi Data Scientist @Emarsys

  13. #throws error if password prompt cancelled: stub(generate_key, "getPass::getPass", NULL) expect_error(

    generate_key("John Doe", "[email protected]"), "GPG key generation cancelled by user" ) testing global changes @czeildi Data Scientist @Emarsys

  14. ropsec::full_on_audit()$suggestions • Use SSH key of size at least 2048

    • Install a PAM module for password strength testing like pam_cracklib audit your computer in detail @czeildi Data Scientist @Emarsys

  15. {ropsec}: available on GitHub • sign your commits • audit

    your computer