Blog Archives - Page 32 of 32

Sep 24

R Consortium Infrastructure Steering Committee (ISC) elects Chair

By Blog

by Joseph Rickert

This week, the Infrastructure Steering Committee (ISC) of the R Consortium unanimously elected Hadley Wickham as its chair thereby also giving Hadley a seat on the R Consortium board of directors. Congratulations Hadley!!

This is a major step forward towards putting the R Consortium in business. Not only is the ISC the group that will decide on what projects the R Consortium will undertake, but it will also be responsible for actually getting the work done. (Look here for the charter of the ISC. )

The whole process of funding, soliciting, selecting and executing projects will work something like this: The board of directors under the leadership of its chair, Richard Pugh of Mango Solutions, will establish a budget for projects. The ISC will solicit proposals for new projects both from R Consortium member companies and from the R Community at large. With approval from the board, the ISC will decide which projects to fund. From there on, the ISC will assemble resources and manage the work. That’s the plan. The devil, of course, is in the details. There is much work to be done to put all of the necessary infrastructure in place, but Hadley’s election makes it possible for the ISC to begin bootstrapping the process.

So, while there is currently no formal proposal process in place, and the ISC and the R Consortium are not ready to begin the process of soliciting proposals from the public, it is not too early for the R Community to begin thinking about what work needs to be done. Now, is the time to begin thinking on a grand scale; well, at least on a scale that might be a bit more ambitious than creating a single R package.

What type of project might make the cut? I don’t want to set up any constraints here, or limit possibilities. But, just to pick one application area, it seems to me that that there were more than a few ideas kicked around in the HP Workshop on Distributed Computing in R held earlier this year that could be formulated into exciting and important projects. How about a unified interface for distributed computing in R?

If you have an idea for a project that you think would benefit the general R community but is more complicated than writing a simple package please start thinking about how you would write up your ideas, elaborating on the benefits to the R Community, technical feasibility, required resources etc. And, stayed tuned to R Consortium Announcements for information on when the proposal process will begin.

I’ll finish here by congratulating Hadley one more time, and state that I am very pleased to have the opportunity to work with him and the other members of the committee. I expect that with Hadley’s technical leadership, the guidance of the board of directors, and the participation of committed R users that the R Consortium will become an effective advocate and source of support for the R Community.

You can write to the ISC at: isc@r-consortium.org

Some facts about the R Consortium
Founded: June 19, 2015
Status: The R Consortium is organized as a Linux Foundation Collaborative Project
Member organizations: Alteryx, Google, Hewlett Packard, Oracle, Ketchum Trading, Mango Solutions, Microsoft, The R foundation, RStudio and Tibco
Board of Directors: David Smith (Microsoft), Hadley Wickham (RStudio), John Chambers (R Foundation), J.J. Allaire (RStudio), Louis Bajuk-Yorgan (Tibco) and Chair, Richard Pugh (Mango Solutions)
ISC Members: Hadley Wickham (RStudio), Joseph Rickert (Microsoft), Luke Tierney (R Foundation) and Stephen Kaluzny (Tibco)

Aug 17

Love0

Best Practices for Using R Securely

By Blog

The R Consortium was formed to serve the interests of the R user community, and to that end the members of the R Consortium would like to share some best practices for using R securely and safely. These recommendations are not unique to R: you should follow similar practices for any software you download from the Internet.

If you download R (or R packages) using an unencrypted Internet connection, there is a possibility that a malicious actor could modify the code in transit (or substitute their own file), if they have access to the connection linking you and the CRAN server delivering the code. (This is possible, for example, when you download R using an unsecured Wi-Fi network.) This could potentially give an attacker the same rights you have to execute code on your system.

To eliminate the possibility of such an attack, the R Consortium recommends all R users to always download R and R packages using an encrypted HTTPS connection from a secure server. This document describes steps you can take to configure your existing or new R installations to adhere to best practices for secure R use.

1. Always download R installers from a CRAN server using HTTPS

Every time you download R, make sure you are connected to the download site using a secure HTTPS connection. Check that the URL of the web page you are using to download R begins with “https://” (not “http://”) and that your browser reports the site to be secure. (Here are some ways you can check: http://info.ssl.com/article.aspx?id=10068.)

If you are downloading R from CRAN, the following CRAN mirrors support HTTPS and we recommend using one of them:

CRAN master (Austria): https://cran.r-project.org/
RStudio (USA): https://cran.rstudio.com/
Revolution Analytics (USA): https://cran.revolutionanalytics.com/
China (Beijing) : https://mirrors.tuna.tsinghua.edu.cn/CRAN/
China (Hefei) : https://mirrors.ustc.edu.cn/CRAN/
Columbia (Cali) : https://www.icesi.edu.co/CRAN/
France: https://mirror.ibcp.fr/pub/CRAN/
Russia: https://cran.gis-lab.info/
Switzerland: https://stat.ethz.ch/CRAN/
UK (Bristol): https://www.stats.bris.ac.uk/R/
UK (EMBL-EBI): https://mirrors.ebi.ac.uk/CRAN/
USA (Berkeley): https://cran.cnr.Berkeley.edu/
USA (KS): https://rweb.quant.ku.edu/cran/
USA (MI): https://cran.mtu.edu/
USA (TN): https://mirrors.nics.utk.edu/cran/
USA (WA): https://cran.fhcrc.org/

The above list is complete as of August 12, 2015. Check the list of CRAN Mirrors for other HTTPS mirrors added since then.

2. Check the MD5 checksums of R before you begin the installation.

When you download R, the same webpage should also provide the “md5 checksum” for the installation. (It will be a long string of letters and digits. Here’s an example — but remember, it will be different for every version of R: 9578948a99ee6b74ff10b71b0891b94c.) After you download the file to install R, you should generate another md5 checksum for the file you downloaded, and make sure it matches the checksum provided on the download site. (Here are instructions for doing so on Windows, Linux, and Mac OS X). If the checksums do not match, do not install R using that file.

3. Configure R for secure file downloads

When downloading files over the Internet (including R packages), R must be configured such that a secure, HTTPS-enabled web server may be used. To configure R appropriately, add code to your .Rprofile or Rprofile.site file. The instructions vary depending on the version of R and operating system you use. Note that this is the default configuration for R 3.2.2, so you do not need to take any action for R 3.2.2 or any later version of R.

R 3.2.0 and R 3.2.1

Windows:

options(download.file.method = “wininet”)

OS X and Linux:

options(download.file.method = “libcurl”)

R 3.1 and earlier

Windows:

utils::setInternet2(TRUE)

options(download.file.method = “internal”)

OS X:

options(download.file.method = “curl”)

Linux:

options(download.file.method = “wget”)

4. Always download CRAN packages from a secure mirror

The same cautions apply to R packages. Always make sure you are using a CRAN mirror that supports HTTPS, such as one from the list given in point 1 above.

To configure R to automatically use a secure mirror, add the following code to your .Rprofile or Rprofile.site file, using the mirror of your choice (beginning with “https://”) in the first line.

securemirror <- “https://cran.r-project.org/”

local({

r <- getOption(“repos”);

r[“CRAN”] <- securemirror

options(repos=r)

})

Note that you do not need to check md5 sums for packages: R automatically checks md5 checksums before it installs any package.

Summary

With these simple steps, you can eliminate one vector of attack for a malicious actor who can intercept your communications. The R Consortium recommends all R users follow this practice.

Aug 13

Love0

The R Consortium Begins its Mission

By Blog

Since the announcement of the R Consortium on June 30, the members of the Consortium have begun the mission of supporting the R project and the vast community of R users around the world. The first task was to appoint members of the Board of the R Consortium, and to that end we are pleased to announce the following board members:

JJ Allaire, RStudio

Louis Bajuk-Yorgan, Tibco

John Chambers, R Foundation

Richard Pugh, Mango Solutions

David Smith, Microsoft
We are also pleased to announce that Richard Pugh has been elected as President of the R Consortium board.

The next step is to form the Infrastructure Steering Committee, which will then select and oversee the various projects undertaken by the R Consortium on behalf of its members and the R Community. The R Consortium Board welcomes suggestions from the R Community of suitable projects pursue. We will publish a formal process for proposals soon, but in the meantime we welcome suggestions from anyone to info@r-consortium.org.