Mastodawn

one thing i really like about systemd is the unit sandboxing capabilities and how convenient it is

https://wiki.archlinux.org/title/Systemd/Sandboxing

heres an example from my tuwunel matrix systemd unit

[Unit]
Description=Tuwunel Matrix homeserver
#Requires=tuwunel.socket
Wants=network-online.target
After=network-online.target
Documentation=https://tuwunel.chat/

[Service]
User=tuwunel
Group=tuwunel
Type=notify
ReloadSignal=SIGUSR1
WatchdogSec=30

TTYPath=/dev/tty25
DeviceAllow=char-tty
StandardInput=tty-force
StandardOutput=tty
StandardError=journal+console
TTYReset=yes
# uncomment to allow buffer to be cleared every restart
TTYVTDisallocate=no

TTYColumns=120
TTYRows=40

Environment="TUWUNEL_CONFIG=/etc/tuwunel/tuwunel.toml"

ExecStart=/usr/sbin/tuwunel

ReadWritePaths=/var/lib/tuwunel /etc/tuwunel

AmbientCapabilities=
CapabilityBoundingSet=

ManagedOOMPreference=avoid

MemoryHigh=3G
MemoryMax=4G

DevicePolicy=closed
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
#ProcSubset=pid
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectProc=invisible
ProtectSystem=strict
PrivateDevices=yes
PrivateMounts=yes
PrivateTmp=yes
PrivateUsers=yes
PrivateIPC=yes
RemoveIPC=yes
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service @resources
SystemCallFilter=~@clock @debug @module @mount @reboot @swap @cpu-emulation @obsolete @timer @chown @setuid @privileged @keyring @ipc
SystemCallErrorNumber=EPERM
#StateDirectory=tuwunel

RuntimeDirectory=tuwunel
RuntimeDirectoryMode=0750

Restart=on-failure
RestartSec=5

TimeoutStopSec=2m
TimeoutStartSec=2m

StartLimitInterval=1m
StartLimitBurst=5

[Install]
WantedBy=multi-user.target
Alias=matrix-tuwunel.service

how can i replicate that kind of stuff with openrc?

systemd/Sandboxing - ArchWiki

Steam & Epic Games | Daily Apr 23

WOW, Control has landed on iPhone and iPad 📱

An unexpected App Store drop: the Ultimate edition with all DLC is live, and Apple Vision Pro appears among supported devices. Requires A17 Pro and iOS 26.1+, controls rebuilt for touch, gameplay and UI reworked, and ray tracing where hardware allows. Buying the iPhone version lets you play on iPad/Mac. Control originally launched in Aug 2017; Remedy is still working on the sequel.

#SteamAndEpic #Control #Pro #Ultimate #Requires #Vision

3i/Atlas Apr 15

The Digital Networks Act: a reform that requires strategic attention for satellite operators
https://atlas.whatip.xyz/post.php?slug=the-digital-networks-act-a-reform-that-requires-strategic-attention-for-satellite-operators
<p>Satellite operators seeking EU market access may face a fundamental shift in how spectrum is authorized
#satellite #operators #networks #requires

The Digital Networks Act: a reform that requires strategic attention for satellite operators

Satellite operators seeking EU market access may face a fundamental shift in how spectrum is authorized, how services are delivered across borders, and what operational obligations apply. The Digital ...

恐龍化石 Dino Fossil Mar 19

Windows users mostly dislike the command-line. This GUI utility is useful.

https://www.autohotkey.com/

```
#Requires AutoHotkey v2.0

#SingleInstance Force

MainGui := Gui("+AlwaysOnTop", "CSV to XLSX Converter")
MainGui.SetFont("s10", "Segoe UI")

MainGui.Add("Text",, "Input CSV File:")
EditFile := MainGui.Add("Edit", "w400 ReadOnly", "No file selected...")
MainGui.Add("Button", "x+10 w80", "Browse").OnEvent("Click", SelectFile)

MainGui.Add("Text", "xm", "Output Folder:")
EditDir := MainGui.Add("Edit", "w400 ReadOnly", "No folder selected...")
MainGui.Add("Button", "x+10 w80", "Browse").OnEvent("Click", SelectFolder)

MainGui.Add("Text", "xm h10", "") ; Spacer
BtnConvert := MainGui.Add("Button", "xm w100 h40 Default", "Convert Now")
BtnConvert.OnEvent("Click", RunConversion)

MainGui.Show()

SelectFile(*) {
Selected := FileSelect(3, , "Select your CSV file", "CSV Files (*.csv)")
if Selected
EditFile.Value := Selected
}

SelectFolder(*) {
Selected := DirSelect(, 3, "Select the destination folder")
if Selected
EditDir.Value := Selected
}

RunConversion(*) {
InputPath := EditFile.Value
OutputDir := EditDir.Value

if (InputPath = "No file selected..." || OutputDir = "No folder selected...") {
MsgBox("Please select both a file and a destination!", "Missing Info", "Icon!")
return
}

FullCommand := 'csv2xlsx.exe -o="' . OutputDir . '\output.xlsx" ' . InputPath

try {
RunWait(FullCommand)
MsgBox("Success! The file has been converted.", "Done", "Iconi")
} catch {
MsgBox("Error.", "Execution Failed", "Iconx")
}
}
```
#autohotkey #gui #coding

AutoHotkey

Free keyboard macro program. Supports hotkeys for keyboard, mouse, and joystick. Can expand abbreviations as you type them (AutoText).

Honza Javorek Oct 13, 2025

Dependabot umí i tohle? To je cool. https://github.com/honzajavorek/p3news/pull/17/files

#dependabot #uv #buildsystem #requires #python

Update uv-build requirement from <0.9.0,>=0.8.11 to >=0.8.11,<0.10.0 in the python group by dependabot[bot] · Pull Request #17 · honzajavorek/p3news

Updates the requirements on uv-build to permit the latest version. Updates uv-build to 0.9.2 Release notes Sourced from uv-build's releases. 0.9.2 Release Notes Released on 2025-10-10. Python...

GitHub

ABDELAZIZ Aug 14, 2025

The Supreme Court requires Mississippi Social Media Law to check the truth for children star-news.press/wp

,The Supreme Court requires Mississippi Social Media Law to check the truth for children star-news.press/wp, 2025-08-14 18:42:00 Lawrence Hurley #Supreme #Court #requires #Mississippi #Social #Media #Law #check #truth #children

https://star-news.press/supreme-court-allows-mississippi-social-media-law-requiring-age-verifi-rcna221592/?utm_source=mastodon&utm_medium=jetpack_social

The Supreme Court Requires Mississippi Social Media Law To Check The Truth For Children Star-news.press/wp

WASHINGTON — The Supreme Court on Thursday declined to block a new Mississippi law that imposes age verification and parental consent restrictions on social media platforms

star-news.press

ABDELAZIZ Aug 14, 2025

Air Canada requires binding arbitration as a loom shut down immediately star-news.press/wp

,Air Canada requires binding arbitration as a loom shut down immediately star-news.press/wp, 2025-08-14 12:41:00 Sean Previl #Air #Canada #requires #binding #arbitration #loom #shut #immediately

https://star-news.press/air-canada-strike-binding-arbitration-request-minister-cupe/?utm_source=mastodon&utm_medium=jetpack_social

Air Canada Requires Binding Arbitration As A Loom Shut Down Immediately Star-news.press/wp

Jobs Minister Patty Hajdu said she received a request from Air Canada to refer both parties to binding arbitration and has asked the union to respond to the airline's request.

star-news.press

ABDELAZIZ Aug 11, 2025

Ukrainian Zelenskyy requires Russian oil purchases to limit the conversation with modes star-news.press/wp

,Ukrainian Zelenskyy requires Russian oil purchases to limit the conversation with modes star-news.press/wp, 2025-08-11 15:46:00 #Ukrainian #Zelenskyy #requires #Russian #oil #purchases #limit #conversation #modes

https://star-news.press/zelenskyy-calls-for-limiting-purchase-of-russian-oil-in-conversation-with-modi-11754923696753-html/?utm_source=mastodon&utm_medium=jetpack_social

Ukrainian Zelenskyy Requires Russian Oil Purchases To Limit The Conversation With Modes Star-news.press/wp

US President Donald Trump has imposed 25% tariffs on India for buying Russian energy, taking the total duty to 50%. The additional levy is aimed at cuting Russia's oil revenues and forcing it into a ceasefire. The new rate will come into effect on 27 August.

star-news.press

John Griogair Bell Jan 7, 2025

“instead of simply appreciating the forces that produce the World, Dark Deleuze intervenes in them to destroy it. At one time, such an intervention would have been called the Death of God, or more recently, the Death of Man. What is called for today is the Death of this World, and to do so requires cultivating a hatred for it.”

https://library.hrmtc.com/2025/01/07/instead-of-simply-appreciating-the-forces-that-produce-the-world-dark-deleuze-intervenes-in-them-to-destroy-it-at-one-time-such-an-intervention-would-have-been-called-the-death-of-god-or-more-re/

#AndrewCulp #appreciating #atOneTime #book #calledFor #CriticalTheory #cultivating #dark #DarkDeleuze #death #DeathOfGod #DeathOfMan #Deleuze #destroy #essays #FilmAndMedia #forces #GillesDeluze19251995CriticismAndInterpretationLanguage #hatred #insteadOf #intervenes #intervention #MovieVideoHistoryCriticism #MovieHistoryCriticismPerformingArts #NegativityPhilosophy_ #philosophy #PhilosophyCriticism #produce #quote #requires #simply #TheoryAndPhilosophy #today #WellBeing #Wellbeing #world

"instead of simply appreciating the forces that produce the World, Dark Deleuze intervenes in them to destroy it. At one time, such an intervention would have been called the Death of God, or more recently, the Death of Man. What is called for today is the Death of this World, and to do so requires cultivating a hatred for it." - The Hermetic Library Blog

instead of simply appreciating the forces that produce the World, Dark Deleuze intervenes in them to destroy it. At one time, such an intervention would have been called the Death of God, or more recently, the Death of Man. What is called for today is the Death of this World, and to do so requires […]

The Hermetic Library Blog

Show thread

ax6761 Dec 28, 2024

... To #MSWindows11 [Copilot] key do nothing at all via #AutoHotkey, in "neuter-copilot.ahk" file ...

#Requires AutoHotkey v2.0

InstallKeybdHook

; Does not disable [Copilot] key.
;#C::Return

; Scancode does not work.
;SC0x000100003100::Return

; Works: Does nothing.
#<+F23::Return

; Send [Ctrl]? Does not work: "Ctrl+R" does not reload the Firefox tab.
;#<+F23::^