Install handbrake on CentOS8

Handbrake can be installed without having to install from source, simply for this tutorial to learn how.

Handbrake install instructions for centos8 show that you have to install from source as well as installing all development tools, but there is an easier way … install from rpmfusion.

RPMFusion provides software that the Fedora project or Redhat don’t want to.

Before you progress any further, you need to enable EPEL in CentOS8

According to the RPMFusion configuration guide at time of writing, you need to do the following in a console to add the required settings to CentOS8:

sudo dnf install --nogpgcheck https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo dnf install --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-8.noarch.rpm

Next, you need to install Handbrake GUI

sudo dnf install HandBrake-gui

This will then try to resolve all the dependencies using the new RPMFusion repositories and should prompt to download approx 20MB of packages:

Install  22 Packages

Total size: 20 M
Total download size: 20 M
Installed size: 63 M
Is this ok [y/N]: 

to run handbrake, type the following into a console:

ghb

Securing your devices using DNS

We have long wondered why some of the more harmful webpages are not blocked more easily using DNS, and we finally found a system that does it for us. Securing your devices using DNS may sound like an odd concept, but read on to find out more. You can now improve your Internet Security & Privacy In a Few Easy Steps

dns9.quad9.net is a great free service that blocks many bad things from talking to your computers and other devices. Alot of the viruses people get come from either webpages or email and use DNS to talk to their command and control (C&C) server(s). Quad9 provides Internet Security & Privacy
In a Few Easy Steps

dns9.quad9.net will allow you to block all harmful webpages and many other things without you even being aware of it.

If your unsure what DNS is, its the Domain Name System. in other words, its the domain name of the site (such as securetech.com.au) which resolves into an IP address of “208.113.162.199”. which one is easier to remember?

Remove preinstalled window 10 apps for all users using powershell

To remove the preinstalled windows 10 apps for all users using powershell, open powershell as Administrator, and paste the following.

#Be careful with the first line ... you may want to keep the windows store installed as alot of applications come through there now, rather than direct installs.
#Get-appxpackage -allusers windowsstore | install-appxpackage
Get-appxpackage -allusers xboxapp | remove-appxpackage
Get-appxpackage -allusers 3dbuilder | remove-appxpackage
Get-appxpackage -allusers zune | remove-appxpackage
Get-appxpackage -AllUsers camera | remove-appxpackage
Get-appxpackage -AllUsers solitaire | remove-appxpackage
Get-appxpackage -AllUsers bing | remove-appxpackage
Get-appxpackage -AllUsers getstarted | remove-appxpackage
Get-appxpackage -AllUsers photos | remove-appxpackage
Get-appxpackage -allusers alarms | remove-appxpackage
Get-appxpackage -allusers skype | remove-appxpackage
Get-appxpackage -allusers phone | remove-appxpackage
Get-appxpackage -allusers maps | remove-appxpackage
Get-appxpackage -allusers people | remove-appxpackage
Get-appxpackage -allusers messaging | remove-appxpackage
Get-appxpackage -allusers connectivity | remove-appxpackage
Get-appxpackage -allusers communication | remove-appxpackage
Get-appxpackage -allusers candy | remove-appxpackage
Get-appxpackage -AllUsers office | Remove-AppxPackage
Get-appxpackage -AllUsers twitter | Remove-AppxPackage

If you didn’t actually read the above before copying and pasting (as we may or may not have done), you will need to re-install the store if you want it (which is likely):

Get-AppXPackage WindowsStore -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

Powershell is an amazing thing that allows the reasonably knowledgeable person to do many functions easily which would normally require alot more time and or effort.

How to replace Dropbox OneDrive or sugarsync with syncthing

If your sick of paying for synchronization software that is overpriced or your running out of space using a free account, Syncthing is one answer, particularly if you have computers in multiple locations or have a good friend or family member that is happy to share some HDD space and internet bandwidth to allow you to do offsite automatic backups.

We recently discovered SyncThing and have been very impressed with it’s features, functionality and security. If you have not yet heard of SyncThing, then you don’t know what your missing out on. It has many awesome features, a few of which are listed below.

  • Syncthing is an amazing free software that allows you to share folders between networked devices, such as laptops and mobile phones.
  • Syncthing has clients for windows, mac and linux computers
  • Syncthing has clients for android and apple ios (ipad, iphone, ipod) although the later has limited support.
  • Sycthing is secure.
  • Syncthing can be setup to sync in a mesh or spoke.

Adding Remote Desktop (RDP) support to windows 10 home

Microsoft Windows 10 home is easily modified to add the Remote Desktop features. These feature are only normally available in the Professional version of win10 (pro).

You don’t need to pay for the professional version to have Remote Desktop services installed on your computer. Some smart people have worked out how install Remote Desktop Server on Win10 Home.

A good article explaining how to enable remote RDP access in Windows 10 Home edition, but sadly RDPWrap isn’t updated for the latest version of windows 10, So we decided to make it easier for people to find a working RDPWrap solution:

  1. Copy the files from the archive “RDPWrap-v1.6.2.zip” (or newer) to the “%ProgramFiles%\RDP Wrapper” directory.
  2. DO NOT use other location to install/extract the RDP Wrapper files, as it will not work,
    USE ONLY the “%ProgramFiles%\RDP Wrapper” directory (normally C:\Program Files (x86)\RDP Wrapper)
  3. Extract/Copy the files/folders from the archive “autoupdate.zip” to the “%ProgramFiles%\RDP Wrapper” directory
  4. To enable autorun of autoupdate.bat on system startup, run the following helper batch file as administrator: “%ProgramFiles%\RDP Wrapper\helper\autoupdate__enable_autorun_on_startup.bat”
  5. Set in your Antivirus/WindowsDefender an exclusion on the folder “%ProgramFiles%\RDP Wrapper” to prevent the deletion of RDP Wrapper files
  6. Now you can use the autoupdate batch file to install and update the RDP Wrapper. Please run the following autoupdate batch file as administrator: “%ProgramFiles%\RDP Wrapper\autoupdate.bat”

Encrypt SCPrompt communications using SecureVNC plugin

Encrypt SCPrompt communications using Ultravnc’s SecureVNC DSM plugin which uses AES-256 encryption for all communications between client and server

SecureVNC Plugin allows secure communications between UVNC viewer and server. The following steps show how-to Add SecureVNC plugin to secure SCPrompt.

As SCPrompt uses UVNC server at its core, its easy to modify SCPrompt to use SecureVNC Plugin which secures connections between ultravnc components using AES-256

By using an encryption module (DSM in UVNC world), you can be assured that only the person with a correctly configured SCPrompt server can connect to the viewer and only the viewer from the person who created the SCPrompt is able view remote computers using SCPrompt created by you.

  1. download scprompt Roll-your-own and unzip to a suitable location.
  2. download SecureVNC.dsm.
  3. place SecureVNC.dsm in the same folder as scprompt.exe
    (there are all conf files and others)
  4. Next step is to configure your ultravnc.ini.
    You can make it by your hands or just start winvnc.exe in the scprompt directory and configure it through the program properties.
    All changes made in program gui will be written to ultravnc.ini in the scprompt directory
  5. Enable SecureVNC.dsm plugin (by hands or through gui).
  6. Configure scprompt.ini through gui (provided by settings_manager.exe).
  7. “build” scprompt.
  8. run uvncviewer in listen mode, don’t forget to:
    1. copy SecureVNC.plugin to vncviewer’s directory
    2. make uvncviewer use SecureVNC.plugin.
  9. Enjoy the secure opensource goodness

That’s all.

Make PHP’s $_POST data more secure

PHP is a great programming language, but it is not a framework like many of the newer “languages” and as such its basic functions are not as secure as required in a modern web application. Trusting PHP’s $_POST is risky but we have functions that can help make PHP’s $_POST data more secure. This is done by using a few of PHPs functions to get and filter the variable data and provide it in a somewhat more secure manor.

Web application security, nowadays, is quite different to when PHP first started as “Personal Home Page” and you need to ensure that any “web application” published is as secure as possible. Using Posted data (via $_GET or $_POST) directly without filtering is not a good idea in almost any situation. There are a few exemptions where we think this is acceptable, and we cover this below.

So we are providing an alternative function to the $_POST variable, which returns the same data after we make PHP’s $_POST data more secure by filtering (sanitizing) it for naughty stuff. Explanations are below, but here is the function …

Function to make PHP’s $_POST data more secure

function Input_Post($par, $parType = '')
{
	if($parType == '')
	{
		$parType = gettype($par);
	}
	$return = '';
	switch ($parType) {
		case 'email':
			$return = filter_input(INPUT_POST, $par, FILTER_SANITIZE_EMAIL);
			break;
		case 'int':
			$return = filter_input(INPUT_POST, $par, FILTER_SANITIZE_NUMBER_INT);
			break;
		case 'float':
			$return = filter_input(INPUT_POST, $par, FILTER_SANITIZE_NUMBER_FLOAT);
			break;
		case 'double':
			$return = filter_input(INPUT_POST, $par, FILTER_SANITIZE_NUMBER_FLOAT);
			break;
		case 'url':
			$return = filter_input(INPUT_POST, $par, FILTER_SANITIZE_URL);
			break;
		default: // 'string'
			$return = filter_input(INPUT_POST, $par, FILTER_SANITIZE_STRING);
			break;
	}
	if($par != $return)
	{
		//Log error to SQL and ban if more than predefined amount of errors in predefined amount of time ...
	}
	return $return;
}

Explanation

The function name should be short and succinct. we think input_post() is about as good as we need it, but you may also like _post().

We also need two parameters ($par & $parType) in some situations, to check for email addresses for example.

Next we need to make the second parameter $parType optional and check the type of the first variable (using gettype()). This is important to ensure we are providing the correct type of sanitizing and filtering of the input data so we do not filter any important data out and filter any harmful data.

Now comes the critical part, sanitizing any data based on the type and storing that in $return variable.

Using a switch (or case) is more efficient than if/elseif when dealing with many options and it just looks better.

Last test is if the return data $return is different to input data $par (eg, if we did any filtering / sanitizing), then we can call a logging function to ensure this is logged for auditing / banning users (we run functions that log to an SQL table and check how many failures in X days for this session footprint), but this is beyond the scope of this post.

Then, return the filtered data $return.

Implementation

Using STG’s Input_Post() function is as simple as replacing occurrences of:
$_POST[‘variable’]
with
Input_Post(‘variable’)

Exceptions

As stated above, there are exceptions to when you can use $_POST variables directly. We only use submitted data directly when testing, such as if it equals a value:

if($_POST['me'] == 'you') 
{
echo 'you';
}
elseif($_POST['me'] == 'me')
{
echo 'me';
}
else
{
echo 'you and me';
}

Unless you make PHP’s $_POST data more secure, you should NEVER EVER trust any $_GET or $_POST variable as trusting PHP’s $_GET is risky and using it directly should be avoided. We rather using submitted data to make decisions from.

Make PHP’s $_GET data more secure

PHP is a great programming language, but it is not a framework like many of the newer “languages” and as such its basic functions are not as secure as required in a modern web application. Trusting PHP’s $_GET is risky but we have functions that can help make PHP’s $_GET data more secure. This is done by using a few of PHPs functions to get and filter the variable data and provide it in a somewhat more secure manor.

Web application security, nowadays, is quite different to when PHP first started as “Personal Home Page” and you need to ensure that any “web application” published is as secure as possible. Using Posted data (via $_GET or $_POST) directly without filtering is not a good idea in almost any situation. There are a few exemptions where we think this is acceptable, and we cover this below.

So we are providing an alternative function to the $_GET variable, which returns the same data after we make PHP’s $_GET data more secure by filtering (sanitizing) it for naughty stuff. Explanations are below, but here is the function …

Function to make PHP’s $_GET data more secure

function Input_Get($par, $parType = '')
{
	if($parType == '')
	{
		$parType = gettype($par);
	}
	$return = '';
	switch ($parType) {
		case 'email':
			$return = filter_input(INPUT_GET, $par, FILTER_SANITIZE_EMAIL);
			break;
		case 'int':
			$return = filter_input(INPUT_GET, $par, FILTER_SANITIZE_NUMBER_INT);
			break;
		case 'float':
			$return = filter_input(INPUT_GET, $par, FILTER_SANITIZE_NUMBER_FLOAT);
			break;
		case 'double':
			$return = filter_input(INPUT_GET, $par, FILTER_SANITIZE_NUMBER_FLOAT);
			break;
		case 'url':
			$return = filter_input(INPUT_GET, $par, FILTER_SANITIZE_URL);
			break;
		default: // 'string'
			$return = filter_input(INPUT_GET, $par, FILTER_SANITIZE_STRING);
			break;
	}
 	if($par != $return)
	{
		//Log error to SQL and ban if more than predefined amount of errors in predefined amount of time ...
	}
	return $return;
}

Explanation

The function name should be short and succinct. we think input_get() is about as good as we need it, but you may also like _get().

We also need two parameters ($par & $parType) in some situations, to check for email addresses for example.

Next we need to make the second parameter $parType optional and check the type of the first variable (using gettype()). This is important to ensure we are providing the correct type of sanitizing and filtering of the input data so we do not filter any important data out and filter any harmful data.

Now comes the critical part, sanitizing any data based on the type and storing that in $return variable.

Using a switch (or case) is more efficient than if/elseif when dealing with many options and it just looks better.

Last test is if the return data $return is different to input data $par (eg, if we did any filtering / sanitizing), then we can call a logging function to ensure this is logged for auditing / banning users (we run functions that log to an SQL table and check how many failures in X days for this session footprint), but this is beyond the scope of this post.

Then, return the filtered data $return.

Implementation

Using STG’s Input_Get() function is as simple as replacing occurrences of:
$_GET[‘variable’]
with
Input_Get(‘variable’)

Exceptions

As stated above, there are exceptions to when you can use $_GET variables directly. We only use submitted data directly when testing, such as if it equals a value:

if($_GET['me'] == 'you') 
{
echo 'you';
}
elseif($_GET['me'] == 'me')
{
echo 'me';
}
else
{
echo 'you and me';
}

Unless you make PHP’s $_GET data more secure, you should NEVER EVER trust any $_GET or $_POST variable as trusting PHP’s $_GET is risky and using it directly should be avoided. We rather using submitted data to make decisions from.