KdenLive error: Unsupported audio codec: libmp3lame

I wanted to do some video editing on Ubuntu with some of the awesome open source tools out there. I thought I would give the video editing software, "KdenLive" and see how it performs.

Video editing was really easy and I was impressed with some of the powerful video editing utilities that come with KdenLive but for some reason when I wanted to render the project as a MP4 I got the following error:

Unsupported audio codec: libmp3lame 

That was very perplexing because I was sure I had all the right packages to render my project. It seemed like there was a configuration error with KdenLive. So after much googling I came across the following two simple steps to resolve this issue:

1) Browse to: /home/USERNAME/.kde/share/config
2) Delete the file called : kdenliverc

That is it. Fire up KdenLive and you can render away.

EDIT: This fix also fixes the following error:  Video codec libx264 is not supported 

What is it like to have a Linux Gnome3 Desktop?

I often get asked what it is like to have a Linux desktop instead of a Microsoft desktop. This quick video shows you what it is like to navigate around my Gnome3 desktop running on Ubuntu (12.04) Linux.

As you can see by the video, running a Linux Gnome 3 desktop is awesome! Download your copy of Ubuntu with the Gnome 3 desktop (called Ubuntu Gnome Remix)  here:  https://wiki.ubuntu.com/UbuntuGNOME/ReleaseNotes/12.10

South African Artoo Website gets hacked

Well it looks like the incompetence in our ANC run government is not just limited to the ruling NEC. Recently the government implemented the new Artoo system. This is a computerized system that South Africans use to register their cars and to pay their traffic fines through.

It seems that despite all the money thrown at it, competent security specialists were not hired and the Artoo website has being hacked by a Bangladeshi hacker. By the looks of things the hacker is also a young child.

The incompetence and lack of skilled professionals securing the Artoo website, means that its very easily possible that your private data is now in the hands of criminal gangs.

Anyone who visited the Artoo website (http://www.aarto.gov.za/) on the 24th of April 2013 was greeted by the following defacement:

When you visit the Artoo website you greeted with the image above and the following cute South Korean song playing.

While this is not the most sophisticated hack we have ever seen, it made a couple of us around the office grin.

How to make a redstone trap in Minecraft

This is a quick guide to teach you how to make a redstone trap in Minecraft. This will only make sense to people who enjoy Minecraft.

This trap is great for taking out greifers who are looking to steal your stuff.

Safe online banking advice

I decided to write this for my family but thought I would share it out to a broader audience  Recently my sister called me on my mobile to ask why some people claiming to be from Microsoft had phoned her about problems she had on her laptop.

Shocked at the phone call she did the right thing and gave me a call where I informed her it was a scam and they were trying to infect her computer more. I also learnt at the time that my dad had used her laptop to purchase flight tickets to France and that my dad had gotten a phone call from the banking warning him of attempted illegal transactions.

Luckily in this case the bank (and my sister) were on the ball and no one lost money. My family literally dodged a bullet that has cost many others their entire savings.

One thing that stuck to me in all of this was my sister saying, "but why do they not warn out about this?". She is right, there is often very limited information. So this article will hopefully tell you what is happening and how to protect yourself.

The Scam

The scams are pretty simple. Hackers (through various means I will go into more detail later) get hold of your banking login details. They have criminal cartels throughout the world and South Africa is no exception.

Once they have identified their victim and have harvested enough information about that victim (cellphone details, address, telephone number, ID and banking credentials)... they will have on of their local operatives phone a local cell phone company and by using a little social engineering and pretending to be you, they will get you sim swap done on your cellphone without you knowing.

They will then login to your bank account. Intercept all your OTP`s (one time passwords normally sent via SMS) because of the sim swap and transfer all your money into a temporary account. This temporary account is normally another victim who has being conned into providing them an account to use. It is then transferred out the country and you can basically kiss that money good bye.

The banks will always blame you and tell you is your fault. Your money is gone and there is almost no legal recourse available to you.

How do they get your banking details?

There are several popular ways to do this. First I need to tell you about the mindset of these hackers. These hackers are poor, 3rd world, mostly of Eastern European decent. They live in such poverty that the average bank account of the average middle class South African is a gold mine. They will dedicate a large part of their time totally to you if they feel they can score a paycheck off you.

The two most common forms are getting the banking details are through phishing and java drive-by.

Phishing emails most of you are familiar. It is that email claiming to be from your bank that says something or other has happened and you need to login to confirm or update your details. Or they may look like they come from SARS or another respected institution. This is an example of one of the scammers emails:

A payment of R4,067.14 has been made into your account from SARS eFilingIn other to process and confirm this payment,Please click here
Note: This email was sent from a secure server,please SIGNON to email us as mails sent to this address cannot be answered.

What happens when you click on the link (link removed for safety reasons) is that it takes you to a fake bank or SARS website that looks like the real deal. People input their login details and that information is sent directly to criminal cartels.

The next most common form of attack is the Java drive-by. In most cases there is very little you can do to protect yourself from these attacks. While keeping the most up to date version of Java running on your PC, and having a really powerful antivirus can help to some regards. It is almost impossible to fully protect your system from these type of attacks.

Basically all the hacker needs to do is get you to visit a website. That is it. The second you visit the website a java payload is installed on your computer (you do not need to interact with the payload for it to install, just visiting the website is enough). Once the payload is installed the hacker has full control over your computer and what they normally do is install a keylogger to record all your usernames and passwords for everything.

The scary thing about these type of attacks is that even visiting trusted websites only is not good enough. Hackers often target trusted websites that have weak security to upload their Java attacks onto it. So you the unsuspecting victim comes along to a website that is normally safe and bam. You are infected.

As long as you run Microsoft Windows there is basically little you can do to stop these type of hacks. It is one of the reasons Google banned Microsoft Windows from its network.

My bank has One Time Passwords. I am safe!

No you are not. Criminal cartels around the world are working closely together. A hacker will simply apply for a sim swap and steal your number to be able to accept the One Time Passwords. There is no cellular network that is safe from this. Just recently a lady lost almost R160 000 to such a scam:

The scourge of SIM swap fraud in South Africa is continuing unabated, with an MTN subscriber complaining that scammers stole R159,000 out of four of her ABSA accounts.
Small business owner Susan De Klerk recently said that she purchased an iPhone 5, and the requirement for a nano SIM meant that a SIM swap was needed.

According to De Klerk, she visited an MTN outlet at the “Mall @ Reds” shopping centre for her SIM swap, and the process was completed without incident. However, her new SIM stopped working after around three weeks.

She discovered shortly afterwards that fraudsters had stolen R159,000 from four of her ABSA accounts, and transferred the money to an account at Capitec bank.

Source

.

What can I do protect myself?

So far the best protected banks are Nedbank and Capitec. They use those little authentication electronic keys instead of One Time Passwords.  I assume the other banks are going to go down this road shortly as more and more of their clients have their life savings stolen from them.

If you can afford it. Rather buy a dedicated Linux computer to do your online banking on. Linux uses its own version of Java that is more secure and seldom targeted by hackers. Linux desktops offer the most resilient protection against Java attacks.

If you can not afford a dedicated Linux desktop or just could not be bothered. There are a few things you can do to reduce the chances of your Windows desktop being compromised.

• Make sure your antivirus is ALWAYS up to date. 
• Make sure your operating system is ALWAYS up to date.
• Run a spyware remove (Malware-Bytes) regularly. 
• Make sure Java is at its latest version
• Make sure Flash it as its latest version
• Try not visit dodgy websites
• Never run cracked software on your computer (over 80% of it is infected with a payload)
• Do NOT do your banking or even use Internet Explorer. Yes, it is that bad. Stay with Chrome or Firefox.
• Do not trust the default Microsoft antivirus.

Please note that even if you follow all my advice your Windows desktop will almost never ever be fully secure. I would recommend that you migrate to a Linux desktop as soon as you are able to. I hope you find this article a little useful. Ignore it at your own risk.

Some recommended tools for Windows users:

• Avast AntiVirus. My personal preference. I personally think it is the best of the free solutions and for those of you lucky enough to own an Android phone, Avast has a great free security solution. 
• Malwayre-Bytes. As their tag line states. An antivirus by itself is not good enough. You should do deep scans for spyware at least once a month. 

Download Makulu Linux

Primary HTTP Mirror 1: DOWNLOAD

Backup HTTP mirror 2: Download

There is a new kid on the Linux block and its looks like it could be a pretty good distribution for newer members to the Linux Ecosystem.  Above is the link to the HTTP for makululinux.iso.

Below is the description from their website:

MakuluLinux ( Pronounced "Ma-Cool-Loo" )

Makululinux incorporates multiple desktop environments into a single operating system running on 3.5.x Kernel, provides a Sleek, Smooth and Stable user experience that is able to run on virtually any computer from old to new, from netbooks to notebooks, desktops to server stations.

Offering a Variety of Desktop Environments ( Cinnamon, KDE, Mate, Unity ) allows a user to easily switch between desktops, allowing the user to have 4 desktop Environments at his finger tips, Tired of one desktop, simply switch to another...
Makulu provides software and codec's pre installed on the OS, to provide an out of the box experience for the end user and his day to day tasks.

Steam is pre installed on Makulu, you can simply log into steam and start playing your favorite game titles.

Wine is pre installed on Makulu, installing windows software has never been easier, simply double click your installer or exe files and they will operate in linux much the same way they do in windows. 

The browser of choice on Makulu is Opera, the fastest and most configurable browser on the planet, It is configured with Adblock to block adverts on any website as well as flash videos, Web Caching to allow a user to not just browse with speed but also conserve bandwidth at the same time, Flareget offers multi-threaded downloads and catches links from inside Opera.

Makululinux utilizes a stable 3.5.x Generic PAE enabled kernel. This means that Makululinux will detect ALL of the system memory and put it to use, there is no need to worry if you have more than 4GB system ram.

We hope you Enjoy our very First release of MakuluLinux and that it lives up to expectations, please feel free to give us feedback so we may only get better with each release. 

Download MakululinuxTorrent - Magnet URL

Headless Debian Bitcoin CPU mining

So I have decided to give this bitcoin mining an attempt. I am a server admin and I have access to many servers (that I am paying for) that often have CPU`s just sitting around doing nothing. So I decided to take that spare CPU time and turn it into bitcoins.

I should point out that CPU mining is pretty pathetic when compared to GPU mining, but sometimes when spare CPU`s are all you have... you may as well use them.

Most of the servers I have are either Ubuntu or Debian so you should be able to use this guide for either of those two operating systems.

The idea of this post is to setup a headless bitcoin cpu miner on bored, underutilized servers.

First things first, lets install all the requirements (Ubuntu users, do not forget the sudo command):

apt-get install libcurl4-openssl-dev automake git

 Once that is installed go to your favorite place to do your installs from. In my case its /root and type the following to download cpuminer using Git:

git clone https://github.com/jgarzik/cpuminer

Once CPUminer is downloaded you can cd (move) into the directory it creates

cd /root/cpuminer

Once in the directory you type the following command:

./autogen.sh

And the you can configure and compile cpuminer with the following commands:

./configure
make
make install

Now you are pretty much done. All you need to is run it with the right credentials. To get your credentials go sign up at a pooled mining site like this one:

http://mining.bitcoin.cz/

You will be given a worker username and password during the sign up process (this is different from your site login information you supply when you register).


To run CPUminer with your credentials, the command will look something like this:

minerd --url http://api.bitcoin.cz:8332 --userpass coolname.worker1:pass34534

I have highlighted in a different color the username and password you need to change. You will need to change these to the details given to you by Bitcoin.cz


If everything went successfully you should see something like this:

[2013-04-09 10:07:43] Binding thread 0 to cpu 0
[2013-04-09 10:07:43] Long-polling activated for http://api.bitcoin.cz:8403
[2013-04-09 10:07:44] Binding thread 1 to cpu 1
[2013-04-09 10:07:45] Binding thread 2 to cpu 2
[2013-04-09 10:07:46] Binding thread 3 to cpu 3
[2013-04-09 10:07:47] 4 miner threads started, using SHA256 'c' algorithm.
[2013-04-09 10:08:01] thread 0: 16777215 hashes, 942.40 khash/sec
[2013-04-09 10:08:02] thread 1: 16777215 hashes, 942.32 khash/sec
[2013-04-09 10:08:03] thread 2: 16777215 hashes, 942.88 khash/sec
[2013-04-09 10:08:04] thread 3: 16777215 hashes, 942.05 khash/sec

That is that. Everything should be running fine. You should run this in the screen command so you can detach and reattach at will.

If you found this useful, please click on one of the sponsor or advertising links on this page!

Does Wikileaks-Forum.com spam spyware?

UPDATE: Please note. I have since left WLF due to conflicting management styles. However, saying that, the following information is still technically accurate and was a rather bizarre event in the time that I ran WLF.

I was recently told about what looks like an obvious troll account on Twitter. The troll calls itself, "Stjärna Frånfälle", claims to be some type of Wikileaks supporting independent journalist.

A little research shows its Twitter account was created in October of 2012 and a website was setup in November of the same year. I don't know many real journalists who only joined Twitter a couple of months ago, so I assume this account is a sock-puppet and/or troll account.

Anyways the reason this Twitter account was brought to my attention is because it recently spammed the following tweet:

Stjärna Frånfälle ‏@StjarnaFranfall
WARNING: Pseudo #WikiLeaks site: http://www.wikileaks-forum.com  Attempts to INFECT visitors with SPYWARE. DO NOT ENTER. #Assange #FreeBrad #Manning

I can safely say that that is a ludicrous and completely false tweet. I run the server infrastructure at wikileaks-forum.com and I know that the system is secure. We run a very secure version of Linux with always updated forum software. We are not on shared hosting. We have several encrypted VPS`s in different locations around the world behind a Cloudflare proxy. Our systems have web application firewalls and advanced DDOS protection. We have strong protection against Layer 5 and Layer 7 attacks.

Heck, even one of our VPS`s are located in the same datacenter as Wikileaks in Pionen. A Datacenter in a nuclear bunker... Really... the only thing I can do to make it more secure is to hire Bruce Willis in a helicopter or something.

Like many other supporters who support the Wikileaks cause we have often come under various forms of attack and have quickly adapted and hardened our systems to protect the website. I have checked over our systems and can see no indications that anything on wikileaks-forums.com has been compromised.

However, dont take my word for it. Go ask 34 of the top Anti-Virus vendors their opinion:

https://www.virustotal.com/url/9cae704946741791760a2bd60af5f4dc7f9ce3cfe2dee8b6544c5a0722dddb1f/analysis/

As you can see we have no spyware on our website. Stjärna Frånfälle was lying. I take site security and safety seriously. I want to ensure that our users are protected and their data is secure.

Any user that is reported for trying to spam spyware/malware links on Wikileaks-forum.com would instantly be banned.

If anyone does see anything that looks suspicious, we really hope they would contact one of the admins (there is someone online almost all the time) to have it investigated.

UPDATE: The troll account @StjarnaFranfall now claims that we moved the Spyware just before we scanned to make it look like we were virus free. Luckily another security vendor scanned our website shortly before the sockpuppet tweeted the lie.

http://sitecheck.sucuri.net/results/wikileaks-forum.com

Apparently now there is "picture evidence" that the site had spyware on it.

Couple of things about that screenshot. Super blurry. Like them UFO and Yeti pictures. Another thing. Why blank out the date? Why blank out the applications running? Its almost like the sockpuppet is running two instances of Chrome there. One going to a site with a payload and one browsing Wikileaks-forum.com. 

This just kinda leaves me thinking. What type of sick human being would want to incriminate WLF like that? Whats the point? The bottom of the Internet will forever confuse me. 

UPDATE: It appears the IP of the person called "StjarnaFranfall", originated from an area in the UK known as Whitehall. This is the area Julian Assange is currently holled up in. Make of that information what you want. It does leave a horrible taste in my mouth.

Update: Wikilaks.org caught serving malware. http://www.theregister.co.uk/2014/12/23/wikileaks_pdf_viewer_vuln/

How to install wkhtmltopdf on CentOS 6.3

I was recently upgrading a server and I came across a problem that does not seem well documented on the internet. I have a CentOS 64bit Server running the latest version of WHM/cpanel. A client needed wkhtmltopdf installed for one of his websites so I thought I would show you how to install it on CentOS.

You can download wkhtmltopdf from this website: http://code.google.com/p/wkhtmltopdf/downloads/list

The first time I tried to install this I went with the latest version. At the time of writing this it was wkhtmltoimage-0.11.0_rc1 Linux Static Binary (amd64). However all I got when I tried to write a pdf was:

QPixmap: Cannot create a QPixmap when no GUI is being used
QPixmap: Cannot create a QPixmap when no GUI is being used
QPixmap: Cannot create a QPixmap when no GUI is being used
QPixmap: Cannot create a QPixmap when no GUI is being used
Segmentation fault

This turned out to be because it was not a stable release so do not make the same mistake I made and download the latest release candidate. Rather download the stable version. At the time of writing this, the latest version is 0.99.

http://wkhtmltopdf.googlecode.com/files/wkhtmltopdf-0.9.9-static-amd64.tar.bz2

The following commands should get wkhtmltopdf working on cPanel server:

# wget http://wkhtmltopdf.googlecode.com/files/wkhtmltopdf-0.9.9-static-amd64.tar.bz2
# tar xvjf wkhtmltopdf-0.9.9-static-amd64.tar.bz2
# mv wkhtmltopdf-amd64 /usr/bin/wkhtmltopdf
#chmod 777 /usr/bin/wkhtmltopdf

To test wkhtmltopdf run the following command:

# whktmltopdf http://www.google.com google.pdf

You should see a file in your directory called google.pdf. 

Hope this helped you save time. 

Tips and tricks for getting Windows 8 Pro for up to 70% cheaper

Well Windows 8 is here to both popular and negative reviews. I know many people will have difficulty adapting to the changes in the Windows 8, but since I use multiple operating systems I am pretty comfortable  with learning new systems. Windows 8 was way easier to adapt to from Windows 7 than Unity was to from Gnome.

This post is going to be about how to currently (and most of these offers will be for a limited time only) purchase Windows 8 for as cheap as possible.

The first cost saving advice I can offer you is to get the Windows 8 Pro upgrade. Do not be concerned if you want to do a full format and reload of the operating system. The upgrade version allows you to create a bootable USB flash disk or a bootable DVD that allows you to format and load from scratch.

The one requirement the Windows 8 Pro upgrade has is that you have to have a legal copy of a previous version of Windows from Windows XP (SP3) upwards. For most of us this will not be a problem.

However, it is only recently become affordable for more than just the top 10% of income earners. So I know more than just a few of you have illegal copies of previous versions of Microsoft Windows. Well download a legal copy of the trial version of Microsoft Windows 7 here:

http://technet.microsoft.com/en-us/evalcenter/cc442495

Install it for free and then you will be able to buy your copy of Windows 8 Pro cheaper without having to have previously purchased a license. In my case I had been testing the Windows 8 Consumer Preview for several months and was able to purchase the upgrade with that free key I got from Microsoft.

Once you are ready to purchase the Windows 8 Pro upgrade you can click on this link and purchased this limited time offer from Microsoft to purchase Windows 8 Pro for R299:

http://windows.microsoft.com/en-ZA/windows/buy

Groupon will be selling it on a special price for R600 and Incredible Connection will be selling it for around R700.

For those of you that have bought a new PC with Windows 7 between 2 June 2012 and 31 January 2013 can also register for Microsoft’s special upgrade offer for $14.99. To get this amazing cheap offer go to this Microsoft website:

http://windowsupgradeoffer.com/

Currently there is a trick that more tech savvy users can do to cash in on this offer $15 without owning a legal copy of Windows 7 Pro from that time period. Please see this forum post on MyBroadBand on how to purchase Windows 8 Pro for the lowest price:

http://mybroadband.co.za/vb/showthread.php/477194-Windows-8-Pro-upgrade-for-R299-now-available-online!?p=9198752&viewfull=1#post9198752

One more special I think you should know about is the limited time offer for the Windows Media Center application. Currently it is offered for free here:

http://windows.microsoft.com/en-US/windows-8/feature-packs

Microsoft will soon be charging for this application so get it while its free.