IAm_A_Complete_Idiot

No, rust is stricter because you need to think a lot more about whether weird edge cases in your unsafe code can potentially cause UB. For ex. If your data structure relies on the Ord interface (which gives you comparison operators and total ordering), and someone implements Ord wrong, you aren't allowed to commit UB still. In C++ land I'd venture to guess most any developer won't care - that's a bug with your code and not the data structure.

It's also more strict because rusts referencing rules are a lot harder then C's, since they're all effectively restrict by default, and just turning a pointer into a reference for a little bit to call a function means that you have to abide by those restrictions now without the help of the compiler.

Yeah. There's reasoning for why they do it on their docs, but the reasoning iirc is kanidm is a security critical resource, and it aims to not even allow any kind of insecure configuration. Even on the local network. All traffic to and from kanidm should be encrypted with TLS. I think they let you use self signed certs though?

Kanidm wants to directly have access to the letsencrypt cert. It refuses to even serve over HTTP, or put any traffic over it since that could allow potentially bad configurations. It has a really stringent policy surrounding how opinionated it is about security.

Instances aren't banning other instances for federation with communities they dislike. Instances ban other instances for hosting content they dislike. The benefit of starting an instance is you choose who to federate with.

Rust does this too. In practice you just bump the lock file in rust and rebuild. It can be a bit rebuild heavy, but it's not too bad with a proper cache.

Because I associate an OS with more then just an environment. It often has several running apps for instance, often a GUI or shell (which many containers don't have), are concerned about some form of hardware (virtual or physical), and just... Do more.

Containers by contrast are just a view into your filesystem, and some isolation from the rest of the environment through concepts like cgroups. All the integrations with the container host are a lot simpler (and accurate) to think of as just simply removing layers of isolation, rather then thinking of it like its own VM or OS. Capabilities just fit the model a lot better.

I agree the line is iffy since many OS's leave out a few things of the above, like RTOS's for MCUs, but I just don't think it's worth thinking of a container like its own OS considering how different it is from a "normal" Linux based OS or VM.

I think the more intuitive model (to me) is instead of thinking of it as a lightweight virtual machine, or a neatly packaged up OS, is to instead think of it as a process shipped with an environment. That environment includes things like files and other executables (like apt), but in of itself doesn't constitute an OS. It doesn't have its own filesystems, drivers, or anything like that. By default it doesn't run an init system like systemd either, nor does it run any other applications other than the process you execute in the environment.

Here on which instance? That's the nice part about Lemmy, those rules are set per instance.

I was here! :D