Side project: booklet printing in Ubuntu made easy

Booklets consist of sheets of paper folded a couple times to form a book-like version of a document. For example, you could create an A5 booklet by printing a document on A4 paper, 2 sheets per page, with the sheets arranged in such a way that the resulting pages of A4 paper can be folded in half to form an A5 booklet.

I prefer booklet printing of documents over plain duplex printing because it wastes a lot less paper, and results in a more comfortable size to carry around said printed documents.

Unfortunately, Ubuntu doesn't have a booklet printing option unlike MacOSX (so I've been told). This means that printing documents as booklets involves saving the document and running it through a couple of commandline tools before sending it to the printer. Because these steps are too elaborate, I knew my natural laziness would kick in and I'd stop printing booklets if there was no automated solution.

I decided to create a CUPS backend to print booklets. Once installed, the booklet printer that uses this backend is available to any program that uses CUPS for printing. On Ubuntu, that means every program :) When the booklet backend receives the PDF document, it converts it into booklet form and forwards it to any printer you want.

The backend script requires a couple tools that need to be installed first:

apt-get install impose+ psutils
The code for the backend then, is very simple:

if [ $# -eq 0 ]; then
echo "direct booklet \"Unknown\" \"Print a document in booklet form\""
exit 0


cat $6 | fixtd -tumble | psbook | /usr/bin/pstops "2:[email protected](21cm,0)[email protected](21cm,14.85cm)" | lpr -T "$title" -U "$user" -P "$out"

exit 0

To use this backend on Ubuntu, download the code into /usr/lib/cups/backend/booklet and set it executable. Then, goto http://localhost:631 and login to your CUPS interface. Create a new printer of the booklet type. Next, type in the booklet printer URI: booklet:/MyPrinter (mind the single slash) will install a booklet printer that forwards the processed document to the "MyPrinter" printer. Make sure it's a duplex printer. Give the printer a name (e.g. "booklet") and indicate that it is a Generic Postscript Printer. Finally, set some default options. In my case, I want A4 paper and duplex along the long edge (standard).

The printer should now be installed and ready for use
Read full post

Side project: generating clickmaps as meta-data for screenshots

A long time ago, my mom persuaded me into playing Farmville so she could have more Farmville neighbors and gain some reward from that. Since Farmville was pretty repetitive, I created an automated Farmville player in a VM that would play the game 24/7, much to the dissatisfaction of my mother and other people, because the autoplayer blasted away their puny highscores in less than a week.

For a paper I submitted not long ago, there was also the need for this kind of automation. After submission, I realized that my automation could be improved if I could somehow determine which locations on screen were hotspots for an application with regard to clicking. For example, a menu bar obviously has special meaning to any application, and so does a textfield. On the other hand, the title bar or plain blank space does not react to clicks at all.

The main idea behind this "clickmap" discovery, is to observe the shape of the mousepointer as it moves along the screen. The X11 protocol defines a set of standard shapes that should be implemented by any pointer "theme", collectively called the "X11 cursor font" (XCursorFont). Each mouse pointer (cursor) shape is then a glyph from that font. Each of those shapes is represented by a unique color in the output "clickmap" image.

There are some problems with this setup: the current shape of the mouse pointer is determined by the top-most application over which the mousepointer hovers. That means that the application is responsible for changing the mouse pointer shape and if the application is slow, there is a delay between the time the cursor is positioned and the time the cursor shape is updated. Another problem is that for each pixel on the screen, a X11 protocol message must be sent to position the cursor, and then another message to query the cursor shape, followed by receiving a message containing the cursor shape ID. All of this makes that imaging the clickmap is very slow...

A final problem is that the X11 protocol itself does not provide a way to query the current cursor shape. Luckily, there is an extension to the X11 protocol, called the Xfixes extension, which allows the retrieval of the current mouse pointer shape (for applications that take screenshots, or remote desktop software).

All in all, creating a "clickmap" of the current screen is not very practical because it is very slow. If the clickable hotspots on screen change (e.g. animated menus or whatever) while the clickmap is being imaged, the output image is trash.

Nevertheless, I present you with the code in case you want to play around with it, as well as a screenshot from a portion of my screen with its accompanying clickmap (both sized 1024x768). Successive pixels were queried with a delay of 50 microseconds. The entire imaging took 3m43s...

Read full post

Best wishes for 2012!

Wow, do I suck at blogging Read full post

VPS Comparison

In the past, I've used hosting provided by the university for a couple of my projects. With the closure of ACL however, that option is getting more difficult.

In addition, The hosting solution used by OverTheWire is a dedicated server, on which we run our own virtualization platform. The resources on that server are getting exhausted.

So I'm faced with a couple of solutions, the most realistic being to either get another dedicated server or get a bunch of virtual private servers. Since a dedicated server is too expensive to buy at once (I don't have 10 projects ligned up to fill a single dedicated server at once), I decided to go for VPS.

There are a lot of VPS providers out there, and a lot of virtualization platforms. For the OverTheWire projects, I prefer Xen since that allows to run a custom kernel. For other projects, I don't really care that much, but it seems OpenVZ is a standard container-based solution.

So, I set out to find the optimal hosting for my projects. I extracted the list of VPS providers that were listed on LowEndBox and went over them one by one. Most VPS providers have more than one offer and I decided to look at the most common configuration to make it easier to compare.

This is the list of requirements:

  • as close to 512MB of dedicated (as opposed to burstable) RAM as possible

  • Xen VPS is preferred over OpenVZ over any other platform

  • Unmanaged is preferred, we like to do thing ourselves

  • PayPal payment is preferred

  • Should allow setting reverse DNS

  • Should have some out-of-band console

The list contains 287 entries of which 57 providers were down/out of business/no longer support VPS.

I thought it would be an interesting excersise, with results that would be interesting to a lot of people. So I made it a community effort by putting up a google spreadsheet where people could help fill in the details.

The result of the survey can be found here:

Although a lot of fields are not filled in, like whether a VPS accepts PayPal, does rDNS or has a console (VPS providers should be more clear about this type of thing on their website), it is clear that there is a wide variety of solutions. Especially in price.

Xen OpenVZ OtherUnknown
Amount 85 81 1054
Cheapest 6 $ 1.66 $ 5.211 $(vServer)5 $
Most expensive 120 $ 60.125 $ 49.95 $ (HyperV)63.46 $
Read full post

ValueGuard: Protection of native applications against data-only buffer overflows

I graduated for the second time last year, getting me the grade of "Master in Engineering Science - Computer Science" and the title of engineer (ir.). My master thesis was in the area of computer security, specifically lowlevel security. The goal was to create a countermeasure to defend native applications (written in C) from data-only (or non-control-data) buffer overflows.

The text of my master thesis can be found here: steven.van.acker-2010-06-16.hyperref.pdf.
I also made a live-CD based on Ubuntu 10.04 that can be found here: livecd.iso

The reason I could not blog about this untill now, is because my promotor wanted to keep it quiet last year, and because the work also got published at ICISS 2010. The countermeasure was rewritten a bit, taking into account the lessons learned from the benchmarks in my thesis. The result is ValueGuard.


Code injection attacks that target the control-data of an application have been prevalent amongst exploit writers for over 20 years. Today however, these attacks are getting increasingly harder for attackers to successfully exploit due to numerous countermeasures that are deployed by modern operating systems. We believe that this fact will drive exploit writers away from classic control-data attacks and towards data-only attacks. In data-only attacks, the attacker changes key data structures that are used by the program’s logic and thus forces the control flow into existing parts of the program that would be otherwise unreachable, e.g. overflowing into a boolean variable that states whether the current user is an administrator or not and setting it to “true” thereby gaining access to the administrative functions of the program.
In this paper we present ValueGuard, a canary-based defense mechanism to protect applications against data-only buffer overflow attacks. ValueGuard inserts canary values in front of all variables and verifies their integrity whenever these variables are used. In this way, if a buffer overflow has occurred that changed the contents of a variable, ValueGuard will detect it since the variable’s canary will have also been changed. The countermeasure itself can be used either as a testing tool for applications before their final deployment or it can be applied selectively to legacy or high-risk parts of programs that we want to protect at run-time, without incurring extra time-penalties to the rest of the applications.

Link to the ValueGuard paper: valueguard.pdf
Link to the same paper from Springer:
Link to the LIRIAS database at the university: Read full post