Nothing4You

honestly at this point I don’t consider it worth continuing the discussion here, as it doesn’t seem that you understand enough of what you’re talking about, despite your claims of dealing with it for “years”, yet you keep implying that i’m likely the one being wrong or even lying/misrepresenting things.

the second screenshot is from the same browser as the first, both are in firefox, using the tor browser variant in safest mode, which blocks even more than the average noscript installation in firefox. tor browser is a hardened variant of firefox esr. if it works in tor browser without loading js from third parties it’ll very much do so in any other browser. the screenshot is from macos, which is probably why you’re not used to it, but that’s just what firefox on macos looks like. this is my standard firefox install:

besides, if lemmy was loading and executing javascript from other instances, this would be a massive security issue, which is yet another reason why your claim of loading js from other instances is ludicrous for someone who knows how these things work, at least when you keep insisting on it.

as i mentioned before, noscript is not an extension that is easy to use without some basic understanding of how websites work. if you’ve been having issues for years due to not understanding these things and how to deal with them properly that suggests that it’d probably be better for you to just switch to something like ublock origin with anti-tracking filter lists if you’re not planning to spend some time learning how websites work and what the different types of blocked resources do.

i don’t even see how you would be blocking images with noscript, as there doesn’t even seem to be an option for it. unless of course you’re confusing noscript with something like umatrix, which does allow blocking images by default as well, but it would also clearly show that there is media blocked and not scripts:

anyway, if you’re truly interested in understanding these things and not just rant about them please do some research on the technology being used.

nothing about this is cherry-picking. it’s simply how lemmy works. there are no remote js sources. lemmy-ui even sets security headers that prevent loading js from third party domains.

doesn’t require allowing javascript of a million other servers?

half the images are broken because I’m expected to allow scripts on like 30+ sites to see most of the posts

software like noscript is not exactly beginner friendly. you’re expected to understand the impact of your blocking and what you are blocking. the only domain you need to allow JS from on lemmy.world is lemmy.world. standard lemmy-ui does not load any js or css from third party sources, only the domain where lemmy-ui is served. your noscript configuration is blocking the actual images, not javascript that would be required to load images.

edit:

to expand on this, even in tor browser in safest mode, lemmy.world works totally fine when all you do is allow JS from lemmy.world on lemmy.world:

0.4.1 is pretty old, but the link you provided leads to a manifest.toml that seems to indicate 0.5.17.

pict-rs introduced temp file cleanup in 0.5.10, but that might not have cleaned up old media if you only recently upgraded.

from a short look at the repo i didn’t see where /lemmy/magick/ is defined, so i’m not sure if that is indeed the pict-rs temp folder.

modlog view is a bit broken currently and doesn’t make much sense if you don’t know how it works.

the modlog view currently merges the different types of modlog entries in a single view, but the pagination doesn’t make much sense that way.

for example, removing a comment is an action that happens quite frequently, but removing a community does not. the modlog shows e.g. up to 20 actions per modlog entry type, so you may see comment removals for the last few hours, but community removals could be for the past year. then when you hit next page, you’ll see the next page for each type, but the times make even less sense now. you’ll see entries 20-40 for comments, but also 20-40 for communities.

the timeline will be consistent when you filter for specific entry types.

you can simply check your profile and modlog on the instance in question. it’ll show that you got banned from that instance 8 days ago. since you didn’t participate in any community on that instance there were no community bans federated out. instance bans currently don’t federate, only community bans for communities on the instance you got banned from, if you have previously participated in them.

not sure about the yunohost setup, but this sounds a bit like you may be running an old pict-rs version that had a bug that lead to temporary files not being cleaned up. especially newer versions will clean up the temp folders on startup even if some old stuff was left behind previously. which version of pict-rs are you running?

seems like just nobody thought of closing it before, it was already implemented.

this is most likely the case, pict-rs headers allow caching basically forever and don’t include revalidation. i’ll bring this up with the pict-rs dev about changing the default or adding a config option for this.

something like s-maxage should do the job, though it’d probably be up to the instance operator to decide on a sane value for that, as it will always be a tradeoff.

ideally, lemmy would have a mechanism for cache purging, but i suspect that this might be something that people will have to implement themselves using the 1.0 plugin system at some point, as it’s probably not going to become core functionality to support e.g. cloudflare cache purging.

edit: it seems that the 1 year cache is already an override by aussie.zone - pict-rs only sets a 7 day max-age, which is passed on by lemmy as can be seen e.g. on lemmy.ml, which isn’t behind cloudflare, or on progamming.dev, which is behind cloudflare but doesn’t seem to be overriding it.

eingeschränkt.

wenn du in Lemmy eine instanz blockierst werden erst mal nur communities von der instanz ausgeblendet, aber die nuzter der instanzen wirst du weiterhin in anderen communities antreffen. ein paar apps haben das meine ich clientseitig umgesetzt um auch nutzer von den geblockten instanzen auszublenden, aber das ist dann nur in den entsprechenden apps so.

grafana.lem.rocks isn’t operated by lemmy.world.

as I was traveling for the past couple days I didn’t get to fix earlier, but everything should be working again now.

mod actions generally do federate correctly, at least on the latest lemmy versions. it’s just reports that don’t.

but in general, you will need an account on the community instance to get full federation abilities when you take potential instance bans and defederations into account. even when it’s not a defederation, if a user is banned from your instance but not from the community instance their posts won’t make it to you.

this doesn’t really change anything for how remote users are displayed, it’s a change to properly support hosting lemmy-ui on a different domain than the lemmy backend/api.

what are you referring to with mastodon short.domain handles?

the unban itself federates, but on community bans the user gets unsubscribed from the communities, which deletes the associated subscription in the db.

skimming over the code it seems to be only happening in case of community bans (including the ones derived from instance bans on 0.19), but it should also remove your local subscription on your own instance. as long as that federates it should still be picked up by lemmy-federate eventually, as your local instance should also have removed that when receiving the community ban.

it might be debatable whether subscriptions should get removed with community bans for public communities, but overall the code logic seems to be there. i haven’t tested this end to end yet.

instance bans currently generally don’t federate and won’t show in the modlog of your home instance, but recent lemmy versions are automatically issuing community bans for all communities on that instance that you participated in, which allows you to at least see this in some cases indirectly.

1.0 will federate instance bans, but i haven’t looked at the implementation in detail yet and i’m not sure if this is already implemented to be shown in the modlog.

I didn’t mean only showing Anubis to unauthenticated users; this was in response to OP mentioning to add this before posting or commenting, which would be the opposite of removing it for authenticated users.

slrpnk.net has some first hand experience for this, as @[email protected] already deployed anubis in front of lemmy-ui.

it wouldn’t be that complicated to add it to lemmy-ansible if people are interested in having the option.

i don’t see the argument for having this before user interaction though; the main goal of this is to fight malicious crawlers. for authenticated users, solutions like this are completely unnecessary as these can simply and much more efficiently be addressed through rate limits without putting users on low end hardware at a disadvantage and contributing to global warming.

it’s literally explained in the post that it uses admin credentials

looks like the federation issues were just related to feddit.nl sending to lemmy.world, did you figure out what caused this?

the lemmy backend was supposed to mark posts in NSFW communities as NSFW automatically going forward, which is why the UI option in standard lemmy-ui was removed to mark a post as NSFW if the community is NSFW.

unfortunately while the UI change made it to 0.19, the backend change didn’t, so currently people posting in NSFW communities from 0.19.11 lemmy-ui will not have a choice to mark their posts NSFW.

see https://github.com/LemmyNet/lemmy-ui/issues/3114