Hackers' Pub

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`

Hailey @hailey@hails.org

12/24/2025, 3:16:59 AM

Public

another good reason to Just Use Systemd instead of containers is all the hardening knobs that are readily available. You can block entire slices of the filesystem that your service shouldn't access. You can block all network access except what your program needs. You can block whole entire categories of syscalls and kernel features your program shouldn't use.

It is literally just a few lines of config to do all that and it might just save you from getting popped and running a cryptominer or worse next time a dependency you didn't know about of some random app you've deployed has some disastrous RCE

Hailey @hailey@hails.org

12/24/2025, 3:30:56 AM

Public

If you want to know more, here's some good places to start in the systemd docs:

General hardening: https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#Sandboxing

Network filtering: https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Network%20Accounting%20and%20Control

+ honourable mention for SHH, a tool I haven't used but looks interesting, which can automatically generate hardening settings for you by observing what your service actually does at runtime: https://github.com/desbma/shh

systemd.exec

www.freedesktop.org

If you have a fediverse account, you can quote this note from your own instance. Search https://hails.org/users/hailey/statuses/115772427915685171 on your instance and quote it. (Note that quoting is not supported in Mastodon.)