Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ropsec: a package for easing operations securit...

Ildikó Czeller
July 11, 2019
Programming
2
550

ropsec: a package for easing operations security for the R user

Ildikó Czeller

July 11, 2019
Tweet

More Decks by Ildikó Czeller

See All by Ildikó Czeller
Making Email Campaigns More Effective: Send Time Optimization
czeildi
0
270
belgrade2018_satrday_oop_Ildi_Czeller.pdf
czeildi
0
61
The essentials to work with object-oriented systems in R
czeildi
0
75
Making email campaigns more effective: Send time optimization
czeildi
0
110

Other Decks in Programming

See All in Programming
テストコード書いてみませんか?
onopon
2
340
オニオンアーキテクチャを使って、 Unityと.NETでコードを共有する
soi013
0
370
Итераторы в Go 1.23: зачем они нужны, как использовать, и насколько они быстрые?
lamodatech
0
1.4k
ゼロからの、レトロゲームエンジンの作り方
tokujiros
3
1k
[JAWS-UG横浜 #80] うわっ…今年のServerless アップデート、少なすぎ…?
maroon1st
0
100
ドメインイベント増えすぎ問題
h0r15h0
2
560
PHPUnitしか使ってこなかった 一般PHPerがPestに乗り換えた実録
mashirou1234
0
420
20241217 競争力強化とビジネス価値創出への挑戦:モノタロウのシステムモダナイズ、開発組織の進化と今後の展望
monotaro
PRO
0
280
AppRouterを用いた大規模サービス開発におけるディレクトリ構成の変遷と問題点

eiganken
1
440
Fibonacci Function Gallery - Part 2
philipschwarz
PRO
0
210
BEエンジニアがFEの業務をできるようになるまでにやったこと
yoshida_ryushin
0
200
shadcn/uiを使ってReactでの開発を加速させよう!
lef237
0
300

Featured

See All Featured
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
7
570
The Language of Interfaces
destraynor
155
24k
Site-Speed That Sticks
csswizardry
2
270
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Optimizing for Happiness
mojombo
376
70k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
160
15k
Thoughts on Productivity
jonyablonski
68
4.4k
Producing Creativity
orderedlist
PRO
343
39k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
1.2k
Visualization
eitanlees
146
15k
Six Lessons from altMBA
skipperchong
27
3.6k

Transcript

  1. {ropsec}: R OPerations SECurity unconf ‘18 project on GitHub

  2. ... but unnecessarily hard @czeildi Data Scientist @Emarsys security is

    important ...

  3. Are you who you say you are? verify authenticity of

    commits @czeildi Data Scientist @Emarsys

  4. without signing @czeildi Data Scientist @Emarsys

  5. with signing @czeildi Data Scientist @Emarsys

  6. • Person 1 as person 1: good commit • Person

    2 as person 2: good commit • Person 3 as person 1: evil commit @czeildi Data Scientist @Emarsys

  7. @czeildi Data Scientist @Emarsys GitHub / web of trust sign

    with , GitHub verifies with

  8. @czeildi Data Scientist @Emarsys GitHub / web of trust sign

    with , GitHub verifies with

  9. specific technology • OpenPGP: standard • gpg : low-level •

    ropsec : end2end @czeildi Data Scientist @Emarsys

  10. ropsec::sign_commits_with_key() Do you want to sign future commits with `9958986BA31B2E1E`?

    This will set your user.email from [email protected] to [email protected]. 1: Yes 2: No reduce risk of mistake @czeildi Data Scientist @Emarsys

  11. ropsec::store_public_key() Public GPG key is uploaded to GitHub. Unauthorized request.

    Check your token. Uploaded key is unverified, emails do not match. Delete the key (https://github.com/settings/keys) and try again. communicate status @czeildi Data Scientist @Emarsys

  12. • askYesNo, getPass::getPass • git2r::config • gpg::gpg_keygen testing global changes

    @czeildi Data Scientist @Emarsys

  13. #throws error if password prompt cancelled: stub(generate_key, "getPass::getPass", NULL) expect_error(

    generate_key("John Doe", "[email protected]"), "GPG key generation cancelled by user" ) testing global changes @czeildi Data Scientist @Emarsys

  14. ropsec::full_on_audit()$suggestions • Use SSH key of size at least 2048

    • Install a PAM module for password strength testing like pam_cracklib audit your computer in detail @czeildi Data Scientist @Emarsys

  15. {ropsec}: available on GitHub • sign your commits • audit

    your computer