Self Control

BUGS

Mon Sep 13 19:59:44 UTC 2010 -- If you got the code between last night and now, get it again unless you already had been using SelfControl. A little bug crept in where the default configuration file ~/.selfcontrol would not be created on the first run. If you had used SelfControl before, you already have one so it got upgraded like it should. So this would only effect first time users. A workaround if you're so inclined, create a ~/.selfcontrol file with the contents:

---
allow: 1
hosts: []
timeout: 1
And it will work without re-downloading/installing.

Mon Sep 13 22:40:51 UTC 2010 -- me a dummy. Another little new user issue. Typo of 'dev/null' for '/dev/null' caused initial iptables chain creation to fail. Also realized that syslog level is 'err' not 'error', which just goes to show that I hadn't actually had an error condition before.

BTW, SelfControl does log to '/var/log/messages' it just usually doesn't say much. Best debug if you have problems is to run from a Terminal so you get barfage. :)

Since there may be some, might as well get this out of the way. Email bug reports, comments, requests, etc. to 'zengargoyle' at the wonderful 'gmail.com'.

News

SelfControl for Linux 0.9 released!

Latest should be NEWS.txt in the trunk.

The name of the package has changed! It is now 'selfcontrol' instead of 'libselfcontrol-perl'. (I figured out enough of debian package management to use the tools directly vs. using the Perl module helper.) It should do the right thing when installed, i.e. remove the old libselfcontrol-perl package if it was installed.

A 1.0 version should come soon, no improvements are planned for the next release, just documentation changes.

SelfControl -- The Linux port

This came about after a post to Ask MetaFilter requesting a Ubuntu version of the Mac OS X program 'SelfControl' by Steve Lambert.

The Ask MetaFilter Thread
The SelfControl page of Steve Lambert
The source for the Mac OS X version

From what I gathered from a quick look at the source and comments, the purpose of the program is to block access to certain web sites (Blacklist) for a period of time with no easy way to unblock access. (SPOILER: It's always possible to get around something if you try hard enough, but we can make it not easy.)

THIS IS RELEASE 0.9

This version for Linux systems uses the Perl language (should be installed on any modern distribution), some Perl modules (YAML, Gtk2) which may be installed via the Comprehensive Perl Archive Network (CPAN) or may be available as installable packages via your distributions standard package management utilities. For example on Ubuntu (and Debian most likely) they are libgtk2-perl and libyaml-perl and can be installed with the Synaptic Package Manager, or with the apt-get command line tool.

Also required but probably installed on most distributions are the IPTables firewall modules and tools (iptables) and the 'at' scheduling command.

IIRC on my Ubuntu I just had to install the YAML Perl module, everything else was already available. YMMV.

Installation

Choose one.

Download the selfcontrol-0.9.tar.gz Perl module and install it.

Or, download the selfcontrol_0.9-1_all.deb Debian package and install it with 'dpkg'.

  $ wget http://svn.jklmnop.net/projects/SelfControl/selfcontrol_0.9-1_all.deb
  $ sudo dpkg --install selfcontrol_0.9-1_all.deb

The latest code can be found in the Subversion repository trunk.

Warning! The trunk is usually under heavy changes.

Watch the News for details.

Usage

Run the SelfControl program. Either by using Alt-F2 or adding an Application Launcher to your Panel, or from the command line.

See the Diagnostics section below before you try to run the program the first time if you wish to check things out.

When run, you will see a window with:

Also, new in this release. Menus!

Active Blocks

If you do nothing, Active Blocks will show you a sortable list of sites thay may currently be blocked. It goes through a list of blocks and keeps the longest acting block found. For example: you block example.com for 15 minutes, and then re-block it for 25 minutes. The list will show example.com as being blocked until 25 minutes (not showing both blocks). Here's the problem, even 30 minutes later it will still show example.com and the time it should have been unblocked.

This is because the program can not really check on the status of blocks without root access (you would have to type your password.) The current workaround should you wish to use it is Magic.

Magic

Edit your '/etc/sudoers' file as root (eg. gksudo gedit /etc/sudoers) and add a line like this to the end:

yourusername  ALL = NOPASSWD: /usr/bin/atq
This lets you run the 'atq' program as root to query the 'at' jobs that do the unblocking. Then edit your '.selfcontrol' file in your home directory and change the 'can_queue: 0' line to 'can_queue: 1'. Now SelfControl will only show actually active blocks in the 'Active Blocks' window.

If you wish, you can instead change '/etc/sudoers' like this:

yourusername  ALL = NOPASSWD: /usr/bin/atq, /usr/bin/SelfControl
Which will let you not have to type your password even when Starting a set of blocks. I do this myself, and would have the installation process do it automatically but I don't like messing with peoples system security, sorry.

Diagnostics

Before you start, you may want to check out your current firewall setup to make sure you have it installed and working. Open a terminal and use 'iptables --list' to make sure things look like this:

  $ gksudo iptables --list
  Chain INPUT (policy ACCEPT)
  target     prot opt source               destination         

  Chain FORWARD (policy ACCEPT)
  target     prot opt source               destination         

  Chain OUTPUT (policy ACCEPT)
  target     prot opt source               destination         

If they don't, this program may not work for you. Let me know what you see and I'll try and add functionality to handle it. You might see something different if you already have firewalls installed and operating.

Once you run the program once, you should see something like this:

  $ gksudo iptables --list
  Chain INPUT (policy ACCEPT)
  target     prot opt source               destination         

  Chain FORWARD (policy ACCEPT)
  target     prot opt source               destination         

  Chain OUTPUT (policy ACCEPT)
  target     prot opt source               destination         
  SelfControl  all  --  anywhere             anywhere            

  Chain SelfControl (1 references)
  target     prot opt source               destination         
  DROP       all  --  anywhere             www.example.com     

Note the SelfControl references.

Then try this:

$ gksudo atq
 64 Fri Jul 30 21:02:00 2010 a root

You should see a date in the future when your blocks will be unblocked.

As of the 0.02 version, the /etc/hosts file is also modified. Lines like:

127.0.0.2 www.example.com # SelfControl - DO NOT EDIT!

will be added to the end, and removed via an 'at' job just like the iptables rules.

DON'T READ THIS

Should things go horrible wrong... see: DONT_README