Nothing4You

deleted the database

this is generally something you should avoid doing with activitypub software, as there is no clearly defined way to deal with changed private keys and it is handled differently depending on the software. with lemmy it should more or less resolve itself after some time, as instances will refresh public keys from time to time. after a few days of being alive again and having activities federate out it that part should start working properly again.

Subscription Pending Issue

check if your instance is considered dead, it may take sending some activities (e.g. subscribing, posting, commenting) and a bit of waiting to get your instance considered reachable again. you can use https://phiresky.github.io/lemmy-federation-state/site to check the instance you’re expecting data from and look for where your instance is listed.

Old Content Persisting

as @[email protected] already mentioned, all you did was disappear. how would anyone know that your intention was to delete data?

while you can’t force other instances to respect your deletion requests, it would still be possible to ask them for it, but this is not an easy task once they’re no longer in your database. the most effective/efficient way to do this would probably to first get your overall federation fixed/not considered dead anymore, then delete the account using the same name, and never use the username again on the same domain in the future, as deletions are more pretty much irreversible and depending on the software on the other side may permanently block the username from being used, even if you change this in your database. another option could be creating posts/comments with matching ids in the database and then deleting them via api, but this is also rather fiddly and a lot easier to fuck things up with. i don’t recommend editing the db directly without good understanding of lemmy’s internals.

Old Replies Resurfacing

Lemmy uses numeric incremental ids for posts and comments, so when you started with a fresh database these ids are getting reused. this will break your posts and comments from properly federating to instances that have seen them with the same id before.

the easiest and lowest tech solution to deal with this would be to simply move to a different domain/subdomain for a proper new instance experience. alternatively you could consider adjusting the sequences in the database used for new post, comment and pm ids, to ensure that they are higher than any number your instance may have previously seen. as they are incremented not only by local content, but also by content retrieved via federation, these numbers will be significantly higher than the amount of content you had posted in the past, but it will be hit or miss whether they will overlap with ids that were for old local content.

based on counts from lemmy.ml and lemmy.world, it seems that a post sequence starting at 55m is likely safe to use, 20m for comments. pm ids are not publicly visible, but unless you sent or received many in the past, something like 1k or 10k are probably still safe bets. this is a db modification that you will need for sure if you want to minimize federation issues while using the same domain.

looking at your instance i’m not sure if this is what you mean by replies resurfacing, as i don’t see any replies by remote users on your comments, but what i described is otherwise going to cause issues randomly in the future if you happen to hit a previously locally used id on a new local post/comment.

i can see rust being a bit more challenging to support properly in an IDE and there still being various special cases not handled properly, and i’m glad that it’s free to use non-commercially, but with jetbrains rustrover i frequently see it calling out errors in code that happily compiles, autocomplete being semi-random in how it wants to complete today, which seems to have gotten worse with their recent AI pushes, and even a couple times the entire IDE locking up not too long ago, though i don’t remember whether the last part was in rustrover or one of their other IDEs. overall pycharm has been pretty stable for me, as long as you provide it with a pre-existing venv or let it create one for you, as the integration with the latest and greatest™ python package manager may not be there yet.

honestly at this point I don’t consider it worth continuing the discussion here, as it doesn’t seem that you understand enough of what you’re talking about, despite your claims of dealing with it for “years”, yet you keep implying that i’m likely the one being wrong or even lying/misrepresenting things.

the second screenshot is from the same browser as the first, both are in firefox, using the tor browser variant in safest mode, which blocks even more than the average noscript installation in firefox. tor browser is a hardened variant of firefox esr. if it works in tor browser without loading js from third parties it’ll very much do so in any other browser. the screenshot is from macos, which is probably why you’re not used to it, but that’s just what firefox on macos looks like. this is my standard firefox install:

besides, if lemmy was loading and executing javascript from other instances, this would be a massive security issue, which is yet another reason why your claim of loading js from other instances is ludicrous for someone who knows how these things work, at least when you keep insisting on it.

as i mentioned before, noscript is not an extension that is easy to use without some basic understanding of how websites work. if you’ve been having issues for years due to not understanding these things and how to deal with them properly that suggests that it’d probably be better for you to just switch to something like ublock origin with anti-tracking filter lists if you’re not planning to spend some time learning how websites work and what the different types of blocked resources do.

i don’t even see how you would be blocking images with noscript, as there doesn’t even seem to be an option for it. unless of course you’re confusing noscript with something like umatrix, which does allow blocking images by default as well, but it would also clearly show that there is media blocked and not scripts:

anyway, if you’re truly interested in understanding these things and not just rant about them please do some research on the technology being used.

nothing about this is cherry-picking. it’s simply how lemmy works. there are no remote js sources. lemmy-ui even sets security headers that prevent loading js from third party domains.

doesn’t require allowing javascript of a million other servers?

half the images are broken because I’m expected to allow scripts on like 30+ sites to see most of the posts

software like noscript is not exactly beginner friendly. you’re expected to understand the impact of your blocking and what you are blocking. the only domain you need to allow JS from on lemmy.world is lemmy.world. standard lemmy-ui does not load any js or css from third party sources, only the domain where lemmy-ui is served. your noscript configuration is blocking the actual images, not javascript that would be required to load images.

edit:

to expand on this, even in tor browser in safest mode, lemmy.world works totally fine when all you do is allow JS from lemmy.world on lemmy.world:

0.4.1 is pretty old, but the link you provided leads to a manifest.toml that seems to indicate 0.5.17.

pict-rs introduced temp file cleanup in 0.5.10, but that might not have cleaned up old media if you only recently upgraded.

from a short look at the repo i didn’t see where /lemmy/magick/ is defined, so i’m not sure if that is indeed the pict-rs temp folder.

not sure about the yunohost setup, but this sounds a bit like you may be running an old pict-rs version that had a bug that lead to temporary files not being cleaned up. especially newer versions will clean up the temp folders on startup even if some old stuff was left behind previously. which version of pict-rs are you running?

seems like just nobody thought of closing it before, it was already implemented.

this is most likely the case, pict-rs headers allow caching basically forever and don’t include revalidation. i’ll bring this up with the pict-rs dev about changing the default or adding a config option for this.

something like s-maxage should do the job, though it’d probably be up to the instance operator to decide on a sane value for that, as it will always be a tradeoff.

ideally, lemmy would have a mechanism for cache purging, but i suspect that this might be something that people will have to implement themselves using the 1.0 plugin system at some point, as it’s probably not going to become core functionality to support e.g. cloudflare cache purging.

edit: it seems that the 1 year cache is already an override by aussie.zone - pict-rs only sets a 7 day max-age, which is passed on by lemmy as can be seen e.g. on lemmy.ml, which isn’t behind cloudflare, or on progamming.dev, which is behind cloudflare but doesn’t seem to be overriding it.

the unban itself federates, but on community bans the user gets unsubscribed from the communities, which deletes the associated subscription in the db.

skimming over the code it seems to be only happening in case of community bans (including the ones derived from instance bans on 0.19), but it should also remove your local subscription on your own instance. as long as that federates it should still be picked up by lemmy-federate eventually, as your local instance should also have removed that when receiving the community ban.

it might be debatable whether subscriptions should get removed with community bans for public communities, but overall the code logic seems to be there. i haven’t tested this end to end yet.

instance bans currently generally don’t federate and won’t show in the modlog of your home instance, but recent lemmy versions are automatically issuing community bans for all communities on that instance that you participated in, which allows you to at least see this in some cases indirectly.

1.0 will federate instance bans, but i haven’t looked at the implementation in detail yet and i’m not sure if this is already implemented to be shown in the modlog.

I didn’t mean only showing Anubis to unauthenticated users; this was in response to OP mentioning to add this before posting or commenting, which would be the opposite of removing it for authenticated users.

slrpnk.net has some first hand experience for this, as @[email protected] already deployed anubis in front of lemmy-ui.

it wouldn’t be that complicated to add it to lemmy-ansible if people are interested in having the option.

i don’t see the argument for having this before user interaction though; the main goal of this is to fight malicious crawlers. for authenticated users, solutions like this are completely unnecessary as these can simply and much more efficiently be addressed through rate limits without putting users on low end hardware at a disadvantage and contributing to global warming.

it’s literally explained in the post that it uses admin credentials

it should cover all federated actions.

any instance admin can decide to ban you on their instance or remove your content on their instance, but unless it’s a local community or they’re mod of the community these actions won’t federate and will only apply to that specific instance.

the most useful one to look at is generally the one on the user’s home instance, as that should list all actions that federated.

instance bans currently generally don’t federate and won’t show in the modlog of your home instance, but recent lemmy versions are automatically issuing community bans for all communities on that instance that you participated in.

they won’t be sent by infosec.pub directly, but other instances may send activities referencing content from infosec.pub, which will lead lemmy.ml to pull it from the source as well.

this includes for example posts and comments in lemmy.world communities, because lemmy.world will announce those to lemmy.ml.

to add to that, Lemmy currently does not handle site bans well if it’s not a home instance ban, as instances don’t keep track of which other instances have banned which users. this should get better with 1.0 though, as a PR to improve that was recently merged.

for now, there is a band-aid solution that federates community bans for all communities local to the instance the user got banned from, but that only includes communities that the user previously participated in, so they’ll still be able to participate in the local copies of other communities from the instance they’re banned from, it just won’t fully federate out.

it’s also the case for deletions without account deletions, but iirc there is some delay before it gets rewritten in the db to allow the user to undelete it for a bit of time.

there seems to be a codeberg mirror but it’s not updated continously: https://codeberg.org/LemmyNet

instances get added automatically once they reach a threshold of monthly active users. iirc it’s >6 mau, you could check the code to confirm.