Issue 2024-W19 Highlights
Our take on the important conversations spurred by the recent R deserialization CVE, how simulations may save you from cracking open that probability textbook, and recapping the exciting 2024 Shiny Conference.<br />Episode Links<br /><ul><li>This week's curator: Colin Fay - <a href="https://fosstodon.org/@colinfay" target="_blank">@[email protected]</a> & [@<em>ColinFay]](</em><a href="https://twitter.com/ColinFay)" target="_blank"><em>https://twitter.com/</em>ColinFay)</a> (X/Twitter)</li><li><a href="https://aitap.github.io/2024/05/02/unserialize.html" target="_blank">Everything you never wanted to know about the R vulnerability</a>, but shouldn't be afraid to ask</li><li><a href="https://www.andrewheiss.com/blog/2024/05/03/birthday-spans-simulation-sans-math/" target="_blank">Calculating birthday probabilities with R instead of math</a></li><li><a href="https://www.appsilon.com/post/shinyconf-2024-recap" target="_blank">Highlights from ShinyConf 2024</a></li><li>Entire issue available at <a href="https://rweekly.org/2024-W19.html" target="_blank">rweekly.org/2024-W19</a></li></ul>Supplement Resources<br /><ul><li>R-bitrary Code Execution: Vulnerability in R’s Deserialization <a href="https://hiddenlayer.com/research/r-bitrary-code-execution/" target="_blank">https://hiddenlayer.com/research/r-bitrary-code-execution/</a></li><li>CVE-2024-27322 Should Never Have Been Assigned And R Data Files Are Still Super Risky Even In R 4.4.0 <a href="https://rud.is/b/2024/05/03/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0/" target="_blank">https://rud.is/b/2024/05/03/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0/</a></li><li>Safety Radar for RDA Files <a href="https://github.com/hrbrmstr/rdaradar" target="_blank">https://github.com/hrbrmstr/rdaradar</a></li><li>R's new exploit: how it works & other ways you're vulnerable (Josiah Parry) <a href="https://www.youtube.com/watch?v=WGvXEi4nG5k" target="_blank">https://www.youtube.com/watch?v=WGvXEi4nG5k</a></li><li>Bogus CVE follow-ups <a href="https://daniel.haxx.se/blog/2023/09/05/bogus-cve-follow-ups/" target="_blank">https://daniel.haxx.se/blog/2023/09/05/bogus-cve-follow-ups/</a></li><li>Data serialisation in R <a href="https://blog.djnavarro.net/posts/2021-11-15_serialisation-with-rds/" target="_blank">https://blog.djnavarro.net/posts/2021-11-15_serialisation-with-rds/</a></li><li>Tapyr <a href="https://connect.appsilon.com/tapyr-docs/" target="_blank">https://connect.appsilon.com/tapyr-docs/</a></li><li>Podcast Index Database Dashboard (built with R and Quarto) <a href="https://rpodcast.github.io/pod-db-dash/" target="_blank">https://rpodcast.github.io/pod-db-dash/</a></li><li>Eric will be a guest on the Podcasting 2.0 show this Friday! (10-May-2024 1:30 PM EDT) <a href="https://podcastindex.org/podcast/920666" target="_blank">https://podcastindex.org/podcast/920666</a> </li></ul>Supporting the show<br /><ul><li>Use the contact page at <a href="https://rweekly.fireside.fm/contact" target="_blank">https://rweekly.fireside.fm/contact</a> to send us your feedback</li><li><a href="https://podcastindex.org/podcast/1062040" target="_blank">R-Weekly Highlights on the Podcastindex.org</a> - You can send a boost into the show directly in the Podcast Index. First, top-up with <a href="https://getalby.com/" target="_blank">Alby</a>, and then head over to the R-Weekly Highlights podcast entry on the index.</li><li>A new way to think about value: <a href="https://value4value.info" target="_blank">https://value4value.info</a> </li><li>Get in touch with us on social media<br /> <ul><li>Eric Nantz: <a href="https://podcastindex.social/@rpodcast" target="_blank">@[email protected]</a> (Mastodon) and <a href="https://twitter.com/theRcast" target="_blank">@theRcast</a> (X/Twitter)</li></ul></li><li> <ul><li>Mike Thomas: <a href="https://fosstodon.org/@mike_thomas" target="_blank">@mike<em>[email protected]</em></a><em> (Mastodon) and </em><a href="https://twitter.com/mike_ketchbrook" target="_blank"><em>@mike</em>ketchbrook</a> (X/Twitter) </li></ul></li></ul>Music credits powered by <a href="https://ocremix.org/" target="_blank">OCRemix</a><br /><ul><li>Green Glade Groove - Donkey Kong Country 2: Diddy's Kong Quest - TSori, dpMusicman, etc - <a href="https://ocremix.org/remix/OCR04437" target="_blank">https://ocremix.org/remix/OCR04437</a></li><li>Salut Voisin! - Final Fantasy IV - colorado weeks, Aeroprism - <a href="https://ocremix.org/remix/OCR04553" target="_blank">https://ocremix.org/remix/OCR04553</a></li></ul>