[R] Question about R software and output

Richard O'Keefe r@oknz @end|ng |rom gm@||@com
Wed Oct 4 01:45:36 CEST 2023

R is open source software, available from CRAN servers, but also
packaged for various Linux distributions.  On this machine,
running Ubuntu, R was installed using the 'apt' package manager.

R is a complete programming language with built-in support for
reading and writing over the network.  Packages -- whether on CRAN
or elsewhere -- extend R with code written in a mixture of Fortran,
C, C++, and R.  Base R behaves itself, but a package loaded from
some random GitHub site could do anything.

Data processed by R need not have been anywhere near Excel or any
kind of spreadsheet.  I don't even *have* Excel on any of the machines
I run R on.  Most of the data I process is not in .csv or .xslx format.
R is able to read data in many formats as described in the
R Data Import/Export
manual, which is fairly brief.  If there is a data exchange format
with a significant community, chances are there's an R package that
can read and/or write it.  Indeed, it is even possible to extract
information from PDFs in R using the pdftools package.

It sounds as though your primary concern is data protection, and
there's good news and bad news.  The good news is that if you stick
with R and with packages from a trusted repository, you're safe.
The bad news is that a programming language that can do anything
can do ANYTHING, and you are not safe from a malicious programmer
in your own organisation sending data anywhere she wants to.
% R
> system("some possibly dangerous command goes here")
Of course, this doesn't let anyone do something they couldn't already
do *without* R.

And this gets us to the real bad news.  I think you are trying
to achieve security by a method that cannot work.  You're trying to
limit yourself to safe software.  But you ALSO need to plug ALL the
USB ports, ALL the Thunderbolt ports, snip the wires to the Wifi and
Bluetooth modules, &c &c.  If a system is capable enough to install
R (or anything else), it is insecure *without* R.  You have to limit
the internet connections that can possibly be established by ANY
program, and that means several levels of firewalls.  It also means
no "work from home".

On Wed, 4 Oct 2023 at 03:18, Ferguson Charity (CEMINFERGUSON) <
Charity.Eminferguson using gstt.nhs.uk> wrote:

> To whom it may concern,
> My understanding is that the R software is downloaded from a CRAN network
> and data is imported into it using Microsoft Excel for example. Could I
> please just double check whether any data or results from the output is
> held on external servers or is it just held on local files on the computer?
> Many thanks,
> Charity
> *************************************************************************************
> The information contained in this message and or attachments is intended
> only for the
> person or entity to which it is addressed and may contain confidential
> and/or
> privileged material. Unless otherwise specified, the opinions expressed
> herein do not
> necessarily represent those of Guy's and St Thomas' NHS Foundation Trust or
> any of its subsidiaries. The information contained in this e-mail may be
> subject to
> public disclosure under the Freedom of Information Act 2000. Unless the
> information
> is legally exempt from disclosure, the confidentiality of this e-mail and
> any replies
> cannot be guaranteed.
> Any review, retransmission,dissemination or other use of, or taking of any
> action in
> reliance upon, this information by persons or entities other than the
> intended
> recipient is prohibited. If you received this in error, please contact the
> sender
> and delete the material from any system and destroy any copies.
> We make every effort to keep our network free from viruses. However, it is
> your
> responsibility to ensure that this e-mail and any attachments are free of
> viruses as
> we can take no responsibility for any computer virus which might be
> transferred by
> way of this e-mail.
> *************************************************************************************
>         [[alternative HTML version deleted]]
> ______________________________________________
> R-help using r-project.org mailing list -- To UNSUBSCRIBE and more, see
> https://stat.ethz.ch/mailman/listinfo/r-help
> PLEASE do read the posting guide
> http://www.R-project.org/posting-guide.html
> and provide commented, minimal, self-contained, reproducible code.

	[[alternative HTML version deleted]]

More information about the R-help mailing list