Add and extend disk on Virtual Box through LVM

You can easily add and extend disk on Virtual Box through some LVM manipulations. LVM (Logical Volume Partitioning) is a device mapper target that provides logical volume management for the linux kernel. – Wikipedia. However, i have written a brief introduction about LVM on a previous post – Managing LVM with pvmove – Part 1.

Prior the extension is made you need to assure yourself there that you already  know the actual state of the machine’ s hard disk.

Those commands are helpful to perform your analysis before the operation is carried out.

>> fdisk -l

> pvdisplay >> vgdisplay >> lvdisplay

>> vgs >> lvs >> vgs

>> lsblk

 

Here is the state of the disk before the operation is carried out.

centos6

Now, you can get into your Oracle VM VirtualBox Manager to add the new disk.

The steps are :

  • Click on the ‘Settings’ option on the VirtualBox Manager after having selected your virtual machine which you intend to perform a disk extension. In my case its the ‘centos6’ one.
  • Then, on the ‘Storage’ option, next to the “Controller:SATA” there is an icon to “add new hard disk”.

Screenshot from 2015-10-16 07:25:41

  • Once you have click on the “add new hard disk” it will prompt you to “cancel” “choose existing disk” and “create new disk”. Choose “create new disk”. Of course, you can also choose an existing disk, but here we are adding a completely new fresh disk.
  • Afterwards, it will prompt a “create Virtual Hard Drive” box. Choose “VDI”. Click on next, then on “dynamically allocated”. Give a new name to your hard disk. In my case i am adding a new 2GB hard disk. Click on create and you are done.
  • Boot your machine if you are on VirtualBox, then fire the lsblk command to see your new hard disk. See screenshot below. You can also check with the fdisk -l command as well as the dmesg log which is really helpful.

centos6

  • Once the disk is detected, start by converting the disk to the PV using the command pvcreate /dev/sdb. You will notice that if you launch again a pvs the new disk is now on the PV but no part of the PV is allocated to any VG. As you can see on the picture below here is the new sdb which now forms part of the PV
  • Now we will extend the actual VG called vg_labo. Use the command vgextend vg_labo /dev/sdb

Screenshot from 2015-10-16 08:26:27

  • Once this is completed, you can now choose which LV you will extend. I am choosing the LV called lv_root. Use the command lvextend -l +100%FREE /dev/vg_labo/lv_root

Screenshot from 2015-10-16 08:34:42

The disk is now extended. You can also verify with the command df -h. You can also check out the following article on how to perform a pvmove.

Tips:

  • On Virtual Box, you cannot add a new disk if your machine is running compared to VMware. To be able to solve that issue, you will need to shutdown the machine to be able to add the disk.
  • If ever after adding a new hard disk, you noticed that the disk is not being detected just stay cool, as you might need to troubleshoot between LUNs on VCenter. Use the following command:

ls /sys/class/scsi_host/ | while read host ; do echo “- – -” > /sys/class/scsi_host/$host/scan ; done

  • You can also use the script rescanscsibus.sh after having install the sg3_utils package to troubleshoot for LUN detection.

A brief description of the fopen PHP vulnerability

One of the PHP vulnerability that is still being found on many websites is the fopen function in PHP – CVE-2007-0448. You can secure your website by disabling includes when calling the fopen function.

According to cvedetails.com “PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI”

Its usually  not recommended to enable the fopen function in the php.ini, however, some developers include it in the code itself for a specific task. Lets see how this is exploited:

Lets say we have a page called vulnerability.php containing these code

<?php
$vulnerable = $_GET['vulnerable'];
include($vulnerable);
?>

So, $vulnerable = $_GET[‘vulnerable’]; means to put the ‘vulnerable’ GET property in the variable $vulnerable; i.e GET property that is in the URL. An example is http://mysite.com/page.php?vulnerable=yes&howmuch=Very.

By including the value of the variable ($vulnerable), you allowing an attacker to inject code. Someone for instance can try this on his browser

http://www.mywebsite.com/fopen.php?vulnerable=../../../index.php

This will enable the attacker to get into subdirectories and start exploring the whole directory. However, if you are running PHPFPM for a particular instance, only that particular instance is impacted as PHPFPM allows you to isolate each running instances within the server.


Internet Speed – How far is your ISP truthful ?

Have you ever notice that your ISP (Internet Service Provider) advertise you Internet package in a very tricky way? One of the best way to manipulate you is with the use of technical term such as Bytes and bits. To be more brief its the term Kilobits per seconds (kbps).

However, if you would be browsing the Internet or downloading some files, you would notice that your browser is indicating the speed at Kilobytes per second (kB/s)

To be more clear, your ISP sells Internet service in terms of kilobits per seconds (kbps) whilst your browser indicates you kilobytes per seconds (kBp/s). The trap is the word b – bits and B – Bytes.

lets say you have applied  for a 512 kbps.

Firstly, divide your speed by 8 and multiply by 1024 to convert from kilobits per second to bytes per second; i.e 512 x 1024/8 = 65,536 bytes per second

Then convert from bytes/s to kilobytes/s

65,535 bytes = 65,535/1000 kB/s = 65.5 kB/s 

So, in brief Internet speed is what are advertised to you and what you pay for! On the other hand, what your browser download speed is What you should get!

512 kbps = 65.5 kB/s

1 Mbps = 122.1 kB/s 

2 Mbps = 244.2 kB/s

10 Mbps = 1220.1 kB/s

Now, make as if you are going to download a 700 Megabytes file. What will happen is that your browser will make an estimation of the Downtime. However, you can monitor your downloads with several tools available on the Internet. Lets say, you have a 1Mbps Internet connection from your ISP which means that your speed will be 65.5KB/s.
 
Calculate the Download time as follows

700 x 1024 = 716800 kilobytes (convert from 700 megabytes to kilobytes)

Therefore, if

65.5 kilobytes downloads in 1 sec (i.e 65.5kB = 1 s) then,

716800 kilobytes will download in 716800/65.5 = 5870.6 seconds

5870.597870598 / 60 = 97 minutes

Assume we have still have to subscribe to a 1 mb. The trick is that when you buy an internet connection. Your ISP does not inform you or commit themselves to what is required! and evade the fact by using the famous word “up to”!! What i am referring is that your pay the internet connection up to “xxx kbps”
 

This is called CIR – committed information rate. According to wikipedia, CIR is “Committed information rate or CIR in a Frame relay network is the average bandwidth for a virtual circuit guaranteed by an ISP to work under normal conditions.”

Therefore the CIR is the minimum speed provided by your ISP. Does ISPs provide that CIR? Is this mentioned in the Law?. My understanding is that, one cannot complain until that CIR is mentioned in the contract!!.
 

Another issue is something called PEO (Protocol Encapsulation Overhead). When you’re buying, say an ADSL link of 2 Mbps, your line is syncing with your ISP at 2 Mbps over ATM or any other backbone technology. (PPOA. PPOE). Now, the catch is that the Point to Point Protocol over ATM (PPOA), needs to be encapsulated over the ATM media. There is an overhead to do so, meaning you are not effectively getting 2 Mbps Internet Protocol connectivity.

 

The British Computer Society Facebook group

Its been almost more than one year that i have created a group on Facebook for students and prospective BCS HEQ students to join hands together for more advanced and constructive debates helping everyone to go through the BCS HEQ exams. Already reaching more than 450 members, the group is usually more active during exams period though there are many members encouraging and helping each one and other.

What is BCS ? The British Computer Society (BCS) champions the global IT profession and the interests of individuals engaged in that profession for the benefit of all. Several interesting activities have been carried out by the BCS in terms of setting up standards and frameworks.

As a student member of the BCS, i have access to the online library powered by Safari Books Online. Several facilities such as an email forwarder service as well the BCS online Magazine called ITNOW which are really interesting for students and IT professionals.

On the Facebook group, we  focused on the aim to share notes between students. However, other professionals and students are also welcome to share their knowledge about IT. To give a straight and forward message to fake or illegal learning centers, the group will not accept people advertising their learning centers. The official website of BCS have already a list of registered centres

If you are from Mauritius the link to the official BCS MAURITIUS SECTION WEBSITE is bcsmru.bcs.org 

If you are an IT enthusiast do not delay to join on the Facebook group.


Create a server with NodeJS – LUGM Meetups

A meet up was carried out today by Yog Lokhesh Ujhoodha today at 12:30 hrs at the University of Mauritius under the banner of the Linux User Group of Mauritius. The event with title “How to make a smart server with NodeJs” was announced on Lugm Facebook group as well as on the LUGM mailing list. As a passionate freelance developer he shared his experience of using NodeJs for critical production environment.

He started by giving a straight forward explanation to the audience the difference between a web server and a runtime environment in the context of NodeJs. 

11225431_986950471346011_4262715214018075299_n
Yog in action during the presentation

As you can see on the YouTube video the he laid emphasis on the following   topics:

1. A problem statement

2. Web server architectures

3. Building an event-driven web server with NodeJS

4. Distributed load with NodeJs

5. Useful tools and Real life Benchmarks

 

We ended with some technical questions. Several questions were shoot up by our hangout viewers. You can view the video and ask any questions for more clarifications. About 15-20 persons attended the meetup.

You can also reach Yog through his website at http://shaanxoryog.hackers.mu

Another article coming up on http://www.hacklog.mu