Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
ropsec: a package for easing operations securit...
Search
Ildikó Czeller
July 11, 2019
Programming
2
600
ropsec: a package for easing operations security for the R user
Ildikó Czeller
July 11, 2019
Tweet
Share
More Decks by Ildikó Czeller
See All by Ildikó Czeller
Making Email Campaigns More Effective: Send Time Optimization
czeildi
0
320
belgrade2018_satrday_oop_Ildi_Czeller.pdf
czeildi
0
87
The essentials to work with object-oriented systems in R
czeildi
0
97
Making email campaigns more effective: Send time optimization
czeildi
0
110
Other Decks in Programming
See All in Programming
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
380
なぜあの開発者はDevRelに伴走し続けるのか / Why Does That Developer Keep Running Alongside DevRel?
nrslib
3
410
CSC509 Lecture 04
javiergs
PRO
0
300
オープンソースソフトウェアへの解像度🔬
utam0k
15
2.9k
他言語経験者が Golangci-lint を最初のコーディングメンターにした話 / How Golangci-lint Became My First Coding Mentor: A Story from a Polyglot Programmer
uma31
0
160
iOSエンジニア向けの英語学習アプリを作る!
yukawashouhei
0
190
『毎日の移動』を支えるGoバックエンド内製開発
yutautsugi
2
250
All About Angular's New Signal Forms
manfredsteyer
PRO
0
160
Devvox Belgium - Agentic AI Patterns
kdubois
1
120
Devoxx BE - Local Development in the AI Era
kdubois
0
130
あなたとKaigi on Rails / Kaigi on Rails + You
shimoju
0
160
monorepo の Go テストをはやくした〜い!~最小の依存解決への道のり~ / faster-testing-of-monorepos
convto
2
500
Featured
See All Featured
What's in a price? How to price your products and services
michaelherold
246
12k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Building an army of robots
kneath
306
46k
Designing for Performance
lara
610
69k
Unsuck your backbone
ammeep
671
58k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
We Have a Design System, Now What?
morganepeng
53
7.8k
Build your cross-platform service in a week with App Engine
jlugia
232
18k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
Six Lessons from altMBA
skipperchong
29
4k
How to Ace a Technical Interview
jacobian
280
24k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
Transcript
{ropsec}: R OPerations SECurity unconf ‘18 project on GitHub
... but unnecessarily hard @czeildi Data Scientist @Emarsys security is
important ...
Are you who you say you are? verify authenticity of
commits @czeildi Data Scientist @Emarsys
without signing @czeildi Data Scientist @Emarsys
with signing @czeildi Data Scientist @Emarsys
• Person 1 as person 1: good commit • Person
2 as person 2: good commit • Person 3 as person 1: evil commit @czeildi Data Scientist @Emarsys
@czeildi Data Scientist @Emarsys GitHub / web of trust sign
with , GitHub verifies with
@czeildi Data Scientist @Emarsys GitHub / web of trust sign
with , GitHub verifies with
specific technology • OpenPGP: standard • gpg : low-level •
ropsec : end2end @czeildi Data Scientist @Emarsys
ropsec::sign_commits_with_key() Do you want to sign future commits with `9958986BA31B2E1E`?
This will set your user.email from
[email protected]
to
[email protected]
. 1: Yes 2: No reduce risk of mistake @czeildi Data Scientist @Emarsys
ropsec::store_public_key() Public GPG key is uploaded to GitHub. Unauthorized request.
Check your token. Uploaded key is unverified, emails do not match. Delete the key (https://github.com/settings/keys) and try again. communicate status @czeildi Data Scientist @Emarsys
• askYesNo, getPass::getPass • git2r::config • gpg::gpg_keygen testing global changes
@czeildi Data Scientist @Emarsys
#throws error if password prompt cancelled: stub(generate_key, "getPass::getPass", NULL) expect_error(
generate_key("John Doe", "
[email protected]
"), "GPG key generation cancelled by user" ) testing global changes @czeildi Data Scientist @Emarsys
ropsec::full_on_audit()$suggestions • Use SSH key of size at least 2048
• Install a PAM module for password strength testing like pam_cracklib audit your computer in detail @czeildi Data Scientist @Emarsys
{ropsec}: available on GitHub • sign your commits • audit
your computer