Nitin J Mutkawoa, Author at The Blog of Nitin J Mutkawoa, AKA @TheTunnelix

Author Archives: Nitin J Mutkawoa

Adventuring with Pro photomakers of Charles Telfair Institute

10/18/2015 Nitin J Mutkawoa Add Comment

“The word ‘photo’ is derived from the Greek word ‘photos’. Adventuring in the world of photons is simply amazing” – Yush of EYELIGHT Studios (main wedding photographer}, a student of CTI and BCS, the chartered institute for IT. The photography world is so vast and profound that I could not prevent myself to blog about it. I was introduced to the different concepts in the world of photography by some students of Charles Telfair Institute. EYELIGHT studios are now emerging in the world of photography after the hard work of these guys from CTI who are evangelizing their talent and skills as ‘photopreneurs‘

Though as an amateur, I used to shoot pictures with my little Samsung phablet and various point and shoots, the guys of EYELIGHT Studios demonstrated to me there fascinating tools of photography today at Merville beach hotel. I used to see professional pictures but this time I was on the backstage with them. “Mastering the techniques and bringing new concepts forward is a must to excel in this world and we are working to show the world our competence and effectiveness” – Yas of EYELIGHT studios as the main studio photographer. “The managerial tasks, advertisements, and bookkeeping tasks is carried by me and I assured the good running of all projects” – Akshay of EYELIGHT studios also a student member of the British Computer Society and CTI

Their most used equipment to render their task easy are Nikons cameras D7200 D7100 D5300 and D5200. A phantom 4 drone is also available for events, hotel’s marketing aerial shots. Flash photos are performed using speed lights and triggers. combined with soft-boxes and reflectors.

They have accomplished several tasks using Adobe Photoshop, Lightroom, After Effects, Premier, Portrait professional, and other software.

Actions of the Pro Photo makers on the Backstage

Here is an idea of the final picture after the shoot without further post-processing.

_YAS1442 — Copyright 2015 – EyeLightStudios

You can also contact them for photography and videography events and services. Check them out through their Facebook page.

Update 03 Jan 2019: EyeLight Studio does not exist anymore. The photographer is now working for his own company. The Facebook page can be viewed at Yush Photo.

Uncategorized mauritius, Photography, VIdeography

Add and extend disk on Virtual Box through LVM

10/16/2015 Nitin J Mutkawoa Add Comment

You can easily add and extend disk on Virtual Box through some LVM manipulations. LVM (Logical Volume Partitioning) is a device mapper target that provides logical volume management for the Linux kernel. – Wikipedia. However, I have written a brief introduction about LVM on a previous post – Managing LVM with pvmove – Part 1.

Add and extend disk on Virtual Box through LVM 1

Prior the extension is made you need to assure yourself there that you already know the actual state of the machine’ s hard disk.

Those commands are helpful to perform your analysis before the operation is carried out.

>> fdisk -l

> pvdisplay >> vgdisplay >> lvdisplay
>> vgs >> lvs >> vgs
>> lsblk

Here is the state of the disk before the operation is carried out.

Now, you can get into your Oracle VM VirtualBox Manager to add the new disk.

The steps are :

Click on the ‘Settings’ option on the VirtualBox Manager after having selected your virtual machine which you intend to perform a disk extension. In my case, it’s the ‘centos6’ one.

Then, on the ‘Storage’ option, next to the “Controller: SATA” there is an icon to “add new hard disk”.

Once you have click on the “add new hard disk” it will prompt you to “cancel” “choose existing disk” and “create new disk”. Choose “create new disk”. Of course, you can also choose an existing disk, but here we are adding a completely new fresh disk.

Afterward, it will prompt a “create Virtual Hard Drive” box. Choose “VDI”. Click on next, then on “dynamically allocated”. Give a new name to your hard disk. In my case, I am adding a new 2GB hard disk. Click on create and you are done.

Boot your machine if you are on VirtualBox, then fire the lsblk command to see your new hard disk. See screenshot below. You can also check with the fdisk -l command as well as the dmesg log which is really helpful.

Once the disk is detected, start by converting the disk to the PV using the command pvcreate /dev/sdb. You will notice that if you launch again a pvs the new disk is now on the PV but no part of the PV is allocated to any VG. As you can see in the picture below here is the new sdb which now forms part of the PV

Now we will extend the actual VG called vg_labo. Use the command vgextend vg_labo /dev/sdb

Once this is completed, you can now choose which LV you will extend. I am choosing the LV called lv_root. Use the command lvextend -l +100%FREE /dev/vg_labo/lv_root

The disk is now extended. You can also verify with the command df -h. You can also check out the following article on how to perform a pvmove.

Tips:

- On Virtual Box, you cannot add a new disk if your machine is running compared to VMware. To be able to solve that issue, you will need to shut down the machine to be able to add the disk.

If ever after adding a new hard disk, you noticed that the disk is not being detected just stay cool, as you might need to troubleshoot between LUNs on VCenter. Use the following command:

ls /sys/class/scsi_host/ | while read host ; do echo “- – -” > /sys/class/scsi_host/$host/scan ; done

You can also use the script rescan–scsi–bus.sh after having to install the sg3_utils package to troubleshoot for LUN detection.

Linux System lvm, VirtualBox

A brief description of the fopen PHP vulnerability

10/15/2015 Nitin J Mutkawoa Add Comment

One of the PHP vulnerability that is still being found on many websites is the fopen function in PHP – CVE-2007-0448. You can secure your website by disabling includes when calling the fopen function.

According to cvedetails.com “PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI”

A brief description of the fopen PHP vulnerability 2

It’s usually not recommended to enable the fopen function in the php.ini, however, some developers include it in the code itself for a specific task. Let’s see how this is exploited:

Let’s say we have a page called vulnerability.php containing these code

<?php

$vulnerable = $_GET['vulnerable'];

include($vulnerable);

?>

So, $vulnerable = $_GET[‘vulnerable’]; means to put the ‘vulnerable’ GET property in the variable $vulnerable; i.e GET property that is in the URL. An example is http://mysite.com/page.php?vulnerable=yes&howmuch=Very.

By including the value of the variable ($vulnerable), you allowing an attacker to inject code. Someone, for instance, can try this on his browser

http://www.mywebsite.com/fopen.php?vulnerable=../../../index.php

This will enable the attacker to get into subdirectories and start exploring the whole directory. However, if you are running PHP-FPM for a particular instance, only that particular instance is impacted as PHP-FPM allows you to isolate each running instances within the server.

Scripts and codes, Security CVE, PHP, security

Internet Speed – How far is your ISP truthful ?

10/13/2015 Nitin J Mutkawoa Add Comment

Have you ever notice that your ISP (Internet Service Provider) advertise you Internet package in a very tricky way? One of the best ways to manipulate you is with the use of the technical term such as Bytes and bits. To be briefer its the term Kilobits per seconds (kbps).

However, if you would be browsing the Internet or downloading some files, you would notice that your browser is indicating the speed at Kilobytes per second (kB/s)

Internet Speed - How far is your ISP truthful ? 3

To be more clear, your ISP sells Internet service in terms of kilobits per seconds (kbps) whilst your browser indicates you kilobytes per seconds (kBp/s). The trap is the word b – bits and B – Bytes.

let us say you have applied for a 512 kbps.

Firstly, divide your speed by 8 and multiply by 1024 to convert from kilobits per second to bytes per second; i.e 512 x 1024/8 = 65,536 bytes per second

Then convert from bytes/s to kilobytes/s

65,535 bytes = 65,535/1000 kB/s = 65.5 kB/s

So, in brief, Internet speed is what is advertised to you and what you pay for! On the other hand, what your browser download speed is What you should get!

512 kbps = 65.5 kB/s

1 Mbps = 122.1 kB/s

2 Mbps = 244.2 kB/s

10 Mbps = 1220.1 kB/s

Now, make as if you are going to download a 700 Megabytes file. What will happen is that your browser will make an estimation of the Downtime. However, you can monitor your downloads with several tools available on the Internet. Let’s say you have a 1Mbps Internet connection from your ISP which means that your speed will be 65.5KB/s.

Calculate the Download time as follows

700 x 1024 = 716800 kilobytes (convert from 700 megabytes to kilobytes)

Therefore, if

65.5 kilobytes downloads in 1 sec (i.e 65.5kB = 1 s) then,

716800 kilobytes will download in 716800/65.5 = 5870.6 seconds

5870.597870598 / 60 = 97 minutes

Assume we have still had to subscribe to a 1 Mb. The trick is that when you buy an internet connection. Your ISP does not inform you or commit themselves to what is required! and evade the fact by using the famous word “up to”!! What I am referring is that you pay the internet connection up to “xxx kbps”

This is called CIR – committed information rate. According to Wikipedia, CIR is “Committed information rate or CIR in a Frame Relay network is the average bandwidth for a virtual circuit guaranteed by an ISP to work under normal conditions.”

Therefore the CIR is the minimum speed provided by your ISP. Does ISPs provide that CIR? Is this mentioned in the Law? My understanding is that one cannot complain until that CIR is mentioned in the contract!!.

Another issue is something called PEO (Protocol Encapsulation Overhead). When you’re buying, say an ADSL link of 2 Mbps, your line is syncing with your ISP at 2 Mbps over ATM or any other backbone technology. (PPOA. PPOE). Now, the catch is that the Point to Point Protocol over ATM (PPOA), needs to be encapsulated over the ATM media. There is an overhead to do so, meaning you are not effectively getting 2 Mbps Internet Protocol connectivity.

Networking Internet

The British Computer Society Facebook group

10/11/2015 Nitin J Mutkawoa Add Comment

Its been almost more than one year that I have created a group on Facebook for students and prospective BCS HEQ students to join hands together for more advanced and constructive debates helping everyone to go through the BCS HEQ exams. Already reaching more than 450 members, the group is usually more active during exams period though there are many members encouraging and helping each one and other.

What is BCS? The British Computer Society (BCS) champions the global IT profession and the interests of individuals engaged in that profession for the benefit of all. Several interesting activities have been carried out by the BCS in terms of setting up standards and frameworks.

The British Computer Society Facebook group 4

As a student member of the BCS, I have access to the online library powered by Safari Books Online. Several facilities such as an email forwarder service as well the BCS online Magazine called ITNOW which are really interesting for students and IT professionals.

On the Facebook group, we focused on the aim to share notes between students. However, other professionals and students are also welcome to share their knowledge about IT. To give a straight and forward message to fake or illegal learning centers, the group will not accept people advertising their learning centers. The official website of BCS has already a list of registered centers.

If you are from Mauritius the link to the official BCS MAURITIUS SECTION WEBSITE is bcsmru.bcs.org

If you are an IT enthusiast do not delay to join on the Facebook group.

Uncategorized BCS