Assumptions Matter More Than Dependencies

There’s been alot of talk about “dependencies” in the R universe of late. This is not really a post about that but more of a “really, don’t do this” if you decide you want to poke the dependency bear by trying to build a deeply flawed model off of CRAN package metadata. CRAN packages undergo… Continue reading →

Handling & Sharing PCAPs Like a Boss with PacketTotal

The fine folks over at @PacketTotal bequeathed an API token on me so I cranked out an R package for it to enable more dynamic investigations work (RStudio makes for an amazing incident responder investigations console given that you can script in multiple languages, code in C[++], and write documentation all at the same time… Continue reading →

Collecting Content Security Policy Violation Reports in S3 (‘Effortlessly’/’Freely’)

In the previous post I tried to explain what Content Security Policies (CSPs) are and how to work with them in R. In case you didn’t RTFPost the TLDR is that CSPs give you control over what can be loaded along with your web content and can optionally be configured to generate a violation report… Continue reading →

Wrangling Content Security Policies in R

(header image via MDN Web Docs) The past two posts have used R to look at the safety/security (just assume those terms are in scare quotes from now on in every post) of web-y thing-ys. We’ll continue that theme with this post where we focus on a [sadly unused] HTTP server header: Content Security Policy… Continue reading →

Head’s Up! Roll Your Own HTTP Headers Investigations with the ‘hdrs’ Package

I blathered alot about HTTP headers in the last post. In the event you wanted to dig deeper I threw together a small package that will let you grab HTTP headers from a given URL and take a look at them. The README has examples for most things but we’ll go through a bit of… Continue reading →

IP, User Agent, and Referrer Tracking Disabled on cinc.rud.is and git.rud.is

Not flagging this with an “R” tag since I don’t want to spam R-bloggers but I mentioned here that I’d be disabling logging on https://cinc.rud.is and https://git.rud.is and I wanted to follow up on that with an addendum that I’ve opted to disable user/system tracking in the access logs of both those sites vs just… Continue reading →

CRAN Mirror “Security”

In the “Changes on CRAN” section of the latest version of the The R Journal (Vol. 10/2, December 2018) had this short blurb entitled “CRAN mirror security”: Currently, there are 100 official CRAN mirrors, 68 of which provide both secure downloads via ‘https’ and use secure mirroring from the CRAN master (via rsync through ssh… Continue reading →

htmlunitjars Updated to 2.34.0

The in-dev htmlunit package for javascript-“enabled” web-scraping without the need for Selenium, Splash or headless Chrome relies on the HtmlUnit library and said library just released version 2.34.0 with a wide array of changes that should make it possible to scrape more gnarly javascript-“enabled” sites. The Chrome emulation is now also on-par with Chrome 72… Continue reading →

rud.is

"In God we trust. All others must bring data"

Author Archives →