Increasing Inotify Watches Limit

After upgrading to PyCharm 2017.2 the notice came that inotify value was too low and the IDE would fallback to recursive directory scanning. For now the following commands increase the inotify limit to 512k of files.

$ cat <<EOF | sudo tee /etc/sysctl.d/idea.conf
fs.inotify.max_user_watches = 524288
EOF
$ sudo sysctl -p --system
...
* Applying /etc/sysctl.d/idea.conf ...
fs.inotify.max_user_watches = 524288
...

It is still interesting why PhpStorm wasn’t complaining while the Symfony projects are much larger.

Emoji in URLs are probably a bad idea…

On the dns-operations mailing list there were already discussions about parties who bought domains like ♀.com (xn--e5h.com), but the following is also an interesting development.


When will we find pages with “special” Web Open Fonts and that become active when you press Ctrl-Shift?

Using explicit SSH authentication methods

For many SSH is a magic sauce to get access to a server and to transfer files between servers. But when things go wrong this magic sauce becomes a problem. Let start with one an example when things go wrong and how to debug it. First we start to add to option -v to our command to connect to another server to get some basic debug information about the SSH handshake and getting to the point the user has to authenticate.

$ ssh -v user@host.example.org
...
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: password
user@host.example.org's password:

Just before the SSH-client prompts for the users password two interesting debug lines are shown. The first line is about the authentication methods we can use and next line shows the our client selected method password as we don’t have any methods configured in our SSH-client like publickey. So we manually disable publickey authentication and set the preferred authentication methods to keyboard-interactive.

$ ssh -v -o PreferredAuthentications=keyboard-interactive -o PubkeyAuthentication=no user@host.example.org
...
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

We now get a permission denied as our client doesn’t has a matching set of authentication methods. Over a decade ago some commercial SSH-servers would require keyboard-interactive as authentication method as the client must than ask the user to type in the password instead of getting it from a password file as was allowed with the password authentication method. Al lot of SSH-clients start to ignore this convention, but some enterprise environments still depend on this convention. If we add password to the list of preferred authentication method we see the password prompt is offered again.

$ ssh -o PreferredAuthentications=keyboard-interactive,password -o PubkeyAuthentication=no user@host.example.org
user@host.example.org's password:

This method can also be used to temporarily disable public key authentication without changing any SSH configuration to test of the account is still working correctly or the password of the target account is still working.

Massive file update with sed

Recently I generated kickstart files for a virtual environment where people could experiment and virtual machines could be rebuild quickly. Sadly enough a typo slipped into the generated files that would make the anaconda installer stop. Every kickstart file could be corrected by hand off course, but one sed command could also correct the typo in all files in one go.

$ sed -i 's/namesever/nameserver/' *.ks

The Unix toolkit is full of handy tools and options like this and it pays to get to know your environment. Specially when it is your work environment and you’re familiar with the Unix philosophy.

Security Weekly: The State Of Healthcare Security

Security Weekly episode 479 has an interesting section about the State of Healthcare Security.


The most interesting question is how we as an sector are going to convince people to by new equipment every 3 to 5 years or how we can make something that will last at least 20 to 30 years.