Thursday, May 28, 2009

Blocking facebook (but not pidgin-facebookchat) with iptables

I wanted to be able to have an iptable rule to block me from using the internet (as part of a script I wrote to keep my nose to the grindstone) with a few exceptions. One was irc chats, as they're useful and don't really take up much time. The second is facebook chats. My script limits me to a certain amount of time with full internet access, and I found it annoying to constantly turn it on and off to see if my girlfriend was home from work yet.

Using the pidgin facebook plugin, I'm able to chat on facebook without the browser, but since the plugin uses http anyway, it will still be blocked. The trick that I'm using is that the User agent used by the facebook plugin is Opera, whereas I use firefox. So, I changed my iptables rule to match the user agent as well as the destination port.

iptables -A OUTPUT --protocol tcp --dport 80
-m string --string "User-Agent: Mozilla" --algo=kmp

This rule will block me from going to facebook when I've turned off access to the internet, but still allow me to chat.

Wednesday, May 27, 2009

Dynamic screen setup of switchable graphics in Linux using Fluxbox

First post, I'll keep it easy :)

The T400 has switchable graphics, so I can set to use the integrated Intel card or the discrete ATI card in the BIOS. Unfortunately, the wiring is such that only by using the ATI card can I recognize both the VGA and DVI outputs on the docking station, so if I want to go dual-screen I need to make sure to switch over to ATI.

Using the idea that I saw on a site by Ariel Vardi (with the idea attributed to John Lathouwers), I added a few lines in my ~/.fluxbox/startup file to use the correct xrandr command for dual-screen (I don't deal with the xorg.conf file itself, which is how John did it).

Fluxbox also makes it very simple to set up how windows should appear through the ~/.fluxbox/apps file. Here you can match windows to use certain specifications, such as their dimensions, if they're stickied, minimized/maximized, workspace, etc. Fluxbox has support for multi-head displays, so there's even an option for what head to display it on.

Now, typically, my setup looks like this: I have firefox maximized and stickied on the right monitor, with key bindings for 11 different workspaces. Typically, each workspace just has one window on it, so switching between applications is really a matter of switching between workspaces. So, my ~/.fluxbox/apps file looks like this for firefox:

[app] (name=Navigator) (class=Firefox) (role=browser)
[Head]> {2}
[Position]> (UPPERLEFT)>{241 27}
[Sticky]> {yes}
[Maximized]> {yes}

The important parts here is that it's on the second head, and stickied. Unfortunately, this does not work when I'm not at home. My laptop no longer has two screens, so I typically just use one of my workspaces for firefox. The apps entry would look like this:

[app] (name=Navigator) (class=Firefox) (role=browser)
[Head]> {1}
[Position]> (UPPERLEFT)>{241 27}
[Maximized]> {yes}
[Workspace]> {4}

Note that it is not longer stickied, but instead put in a defined workspace. Now, how to make sure that the correct entry is used?

For this, I created a new directory in ~/.fluxbox called "templates"...

`-- apps
`-- base
`-- one_head
`-- two_heads

Here, I have three files that use the "app" format. "base" will contain all the entries that I use whether I'm on one head or two, and the other two will contain the entries specific for one or two heads.

Now at fluxbox startup, I make sure to concatenate base with the the correct head-specific script, and store the results as the true ~/.fluxbox/apps file. Of course, this means that any changes done on the fly that are written to the apps file are overwritten, but I don't typically use that feature often.

This process takes place in the startup file, using the same check as the xrandr script. The final results are below:

VIDEO=`/usr/bin/lspci | grep -c ATI`

if [ "$VIDEO" = 1 ]; then
xrandr --output LVDS --off --output VGA-0 --mode 0x69 --crtc 0 --output DVI-0 --mode 0x4f --crtc 1 --right-of VGA-0
xrandr --output LVDS --auto

cat $T_DIR"apps/base" $T_DIR"apps/"$FILE > $DIR"apps"