Use GitHub Vulnerability Alerts to Keep Users of Your R Packages Safe

Despite their now inherent evil status, GitHub has some tools other repository aggregators do not. One such tool is the free vulnerability alert service which will scan repositories for outdated+vulnerable dependencies. Now, “R” is nowhere near a first-class citizen in the internet writ large, including software development tooling (e.g. the Travis-CI and GitLab continuous integration… Continue reading →

GDPR Unintended Consequences Part 1 — Increasing WordPress Blog Exposure

I pen this mini-tome on “GDPR Enforcement Day”. The spirit of GDPR is great, but it’s just going to be another Potempkin Village in most organizations much like PCI or SOX. For now, the only thing GDPR has done is made GDPR consulting companies rich, increased the use of javascript on web sites so they… Continue reading →

RIPE 76 Selected Talks

RIPE 76 is going on this week and — as usual — there are scads of great talks. The selected ones below are just my (slightly) thinner slice at what may have broader appeal outside pure networking circles. Do not read anything more into the order than the end-number of the “Main URL” since this… Continue reading →

Does Congress Really Care About Your Privacy?

I apologize up-front for using bad words in this post. Said bad words include “Facebook”, “Mark Zuckerberg” and many referrals to entities within the U.S. Government. Given the topic, it cannot be helped. I’ve also left the R tag on this despite only showing some ggplot2 plots and Markdown tables. See the end of the… Continue reading →

2018 IEEE Security & Privacy (Filtered) Paper Dump

The 2018 IEEE Security & Privacy Conference is in May but they’ve posted their full proceedings and it’s better to grab them early than to wait for it to become part of a paid journal offering. There are alot of papers. Not all match my interests but (fortunately?) many did and I’ve filtered down a… Continue reading →

Pym.js Library Vulnerability in widgetframe Package

What’s Up? The NPR Visuals Team created and maintains a javascript library that makes it super easy to embed iframes on web pages and have said documents still be responsive. The widgetframe R htmlwidget uses pym.js to bring this (much needed) functionality into widgets and (eventually) shiny apps. NPR reported a critical vulnerability in this… Continue reading →

“Black”/”Cyber” Tips (a.k.a. How the hrbrgrinch ruined Christmas shopping)

NOTE: This is mainly for those of us in the Colonies, but some tips apply globally. Black Friday / Cyber Monday / Cyber November / Holiday 💲hopping is upon us. You’re going to buy stuff. You’re going to use digital transactions to do so. Here are some tips in a semi-coherent order: Sign up for… Continue reading →

Armchair Quarterbacking Systemic Organization and Industry Failures

insert(post, “{ ‘standard_disclaimer’ : ‘My opinion, not my employer\’s’ }”) This is a post about the fictional company FredCo. If the context or details presented by the post seem familiar, it’s purely coincidental. This is, again, a fictional story. Let’s say FredCo had a pretty big breach that (fictionally) garnered media, Twitterverse, tech-world and Government-level… Continue reading →

rud.is

"In God we trust. All others must bring data"

Post Category → Cybersecurity