diff --git a/crates/app/src/public/css/utility.css b/crates/app/src/public/css/utility.css
index 3b0e005..b95227b 100644
--- a/crates/app/src/public/css/utility.css
+++ b/crates/app/src/public/css/utility.css
@@ -36,7 +36,7 @@
 }
 
 .justify-start {
-    justify-content: flex-start;
+    justify-content: flex-start !important;
 }
 
 .items-center {
diff --git a/crates/app/src/public/html/timelines/following.lisp b/crates/app/src/public/html/timelines/following.lisp
index fd31252..642ab63 100644
--- a/crates/app/src/public/html/timelines/following.lisp
+++ b/crates/app/src/public/html/timelines/following.lisp
@@ -5,7 +5,7 @@
 (text "{% endblock %} {% block body %} {{ macros::nav() }}")
 (main
     ("class" "flex flex-col gap-2")
-    (text "{{ macros::timelines_nav(selected=\"following\", posts=\"/following\", questions=\"/following/questions\") }} }}")
+    (text "{{ macros::timelines_nav(selected=\"following\", posts=\"/following\", questions=\"/following/questions\") }}")
     (div
         ("class" "card w-full flex flex-col gap-2")
         (text "{% for post in list %} {% if post[2].read_access == \"Everybody\" -%} {% if post[0].context.repost and post[0].context.repost.reposting -%} {{ components::repost(repost=post[3], post=post[0], owner=post[1], secondary=true, community=post[2], show_community=true) }} {% else %} {{ components::post(post=post[0], owner=post[1], question=post[4], secondary=true, community=post[2], poll=post[5]) }} {%- endif %} {%- endif %} {% endfor %}  {{ components::pagination(page=page, items=list|length) }}")))
diff --git a/crates/app/src/routes/api/v1/auth/profile.rs b/crates/app/src/routes/api/v1/auth/profile.rs
index 67ee0dd..91e3908 100644
--- a/crates/app/src/routes/api/v1/auth/profile.rs
+++ b/crates/app/src/routes/api/v1/auth/profile.rs
@@ -152,9 +152,11 @@ pub async fn append_associations_request(
 
     // check existing associations to remove associations to deleted users
     // the user should take care of cleaning their ui themselves
+    let mut removed_count: usize = 0;
     for (idx, id) in user.associated.clone().iter().enumerate() {
         if data.get_user_by_id(id.to_owned()).await.is_err() {
-            user.associated.remove(idx);
+            user.associated.remove(idx - removed_count);
+            removed_count += 1; // we need offset each index by this amount to account for removals
         }
     }
 
@@ -501,8 +503,7 @@ pub async fn subscription_handler(
         None => return Err("Socket refused"),
     };
 
-    if user.id.to_string() != user_id {
-        // TODO: maybe allow moderators to connect anyway
+    if user.id.to_string() != user_id && !user.permissions.check(FinePermission::MANAGE_USERS) {
         return Err("Socket refused (auth)");
     }