honestly at this point I don't consider it worth continuing the discussion here, as it doesn't seem that you understand enough of what you're talking about, despite your claims of dealing with it for "years", yet you keep implying that i'm likely the one being wrong or even lying/misrepresenting things.
the second screenshot is from the same browser as the first, both are in firefox, using the tor browser variant in safest mode, which blocks even more than the average noscript installation in firefox. tor browser is a hardened variant of firefox esr. if it works in tor browser without loading js from third parties it'll very much do so in any other browser. the screenshot is from macos, which is probably why you're not used to it, but that's just what firefox on macos looks like. this is my standard firefox install:
besides, if lemmy was loading and executing javascript from other instances, this would be a massive security issue, which is yet another reason why your claim of loading js from other instances is ludicrous for someone who knows how these things work, at least when you keep insisting on it.
as i mentioned before, noscript is not an extension that is easy to use without some basic understanding of how websites work. if you've been having issues for years due to not understanding these things and how to deal with them properly that suggests that it'd probably be better for you to just switch to something like ublock origin with anti-tracking filter lists if you're not planning to spend some time learning how websites work and what the different types of blocked resources do.
i don't even see how you would be blocking images with noscript, as there doesn't even seem to be an option for it. unless of course you're confusing noscript with something like umatrix, which does allow blocking images by default as well, but it would also clearly show that there is media blocked and not scripts:
anyway, if you're truly interested in understanding these things and not just rant about them please do some research on the technology being used.
nothing about this is cherry-picking. it's simply how lemmy works. there are no remote js sources. lemmy-ui even sets security headers that prevent loading js from third party domains.
doesn't require allowing javascript of a million other servers?
half the images are broken because I’m expected to allow scripts on like 30+ sites to see most of the posts
software like noscript is not exactly beginner friendly. you're expected to understand the impact of your blocking and what you are blocking. the only domain you need to allow JS from on lemmy.world is lemmy.world. standard lemmy-ui does not load any js or css from third party sources, only the domain where lemmy-ui is served. your noscript configuration is blocking the actual images, not javascript that would be required to load images.
edit:
to expand on this, even in tor browser in safest mode, lemmy.world works totally fine when all you do is allow JS from lemmy.world on lemmy.world:
mod actions generally do federate correctly, at least on the latest lemmy versions. it's just reports that don't.
but in general, you will need an account on the community instance to get full federation abilities when you take potential instance bans and defederations into account. even when it's not a defederation, if a user is banned from your instance but not from the community instance their posts won't make it to you.
this doesn't really change anything for how remote users are displayed, it's a change to properly support hosting lemmy-ui on a different domain than the lemmy backend/api.
what are you referring to with mastodon short.domain handles?
they won't be sent by infosec.pub directly, but other instances may send activities referencing content from infosec.pub, which will lead lemmy.ml to pull it from the source as well.
this includes for example posts and comments in lemmy.world communities, because lemmy.world will announce those to lemmy.ml.
lemmy has an image proxy feature, but it doesn't seem to be enabled on lemm.ee currently. it also still has various issues where media may break, it should get better in future lemmy versions (probably only in 1.0, not in 0.19 versions).
some alt uis also have the option to proxy images if enabled by the person hosting it, e.g. tesseract.
there is an open instance available at https://tesseract.dubvee.org/, you can enable media proxying in the settings on the left.
as always with uis hosted by third parties, keep in mind that you need to trust the operator, as they could deliver code that steals your credentials. when possible, use uis hosted by your own instance operator, as they would have access to them anyway if they wanted.
I messaged @supakaity@lemmy.blahaj.zone on matrix about this a while back already, before it was published. this is easily backported to 0.19.8, most likely even with the custom blahaj patches. i'm not sure it was applied though, as i didn't hear back from her unfortunately.
slur filters are a commonly used method on lemmy to deal with certain types of spam.
there are lots of spammers posting links to blog spot subdomains all the time, i think there were at least two new ones just today.
unfortunately, the amount of malicious links (random spam posts) to blog spot significantly outranks the amount of legitimate links, which is likely why this was added to blahaj's slur filter.
to add to that, Lemmy currently does not handle site bans well if it's not a home instance ban, as instances don't keep track of which other instances have banned which users. this should get better with 1.0 though, as a PR to improve that was recently merged.
for now, there is a band-aid solution that federates community bans for all communities local to the instance the user got banned from, but that only includes communities that the user previously participated in, so they'll still be able to participate in the local copies of other communities from the instance they're banned from, it just won't fully federate out.
Then I generated sql statements to remove duplicate posts that had higher ids than the other posts theyre a duplicate of
i assume this was done after updating the other tables referencing this table, such as comments, votes, saved posts, as previously discussed on matrix?
while it may be omitted here for simplicity, it can be dangerous to not mention that for others that might find this in the future if they experience index corruptions on their own if they don't fix all references, as that would result in data loss.
You basically can't if your instance was set up before 0.19.4, as there won't be any association between users and uploads for older uploads. You also can't do this without breaking thumbnails everywhere unfortunately.
The latest Lemmy version has a fix where thumbnails now are actually stored at a reasonable resolution for thumbnails, but old thumbnails may be quite large, and this does not retroactively shrink older thumbnails.
It's possible to pull image aliases from the DB and ignore them when iterating over aliases within pict-rs, but you these will only be manual uploads, not automatic uploads like generated thumbnails. For posts by local users, deleting thumbnails will also end up breaking them for 0.19.5+ instances, as they should reuse the original thumbnail url.
is that sync? sync has some issues with local communities. I think it might get better if you subscribe to the community.
compare with the web version to rule out account related issues.