insert java bad comments

nah java is amazing

Its just not for me

Im not comfortable with it

and I really don't want to spend the amount of time it'd take for me to be comfortable with it

I've already stagnated on the project long enough

I can take a look

does the oauth2 lib not give the code back in a query ?

Everything looks good other than those few questions.

One thing I will note though is this right here:

 query!("INSERT INTO sessions (user_id, session_id, expires_at)
            VALUES ($1, $2, $3)
            ON CONFLICT (user_id) DO UPDATE SET
            session_id = excluded.session_id,
            expires_at = excluded.expires_at", user_id, session_id, max_age.and_utc())
        .execute(&app.db)
        .await
        .unwrap();

You can store the user id in the session if you want, just note that when you refresh the access_tokens you have to generate a new session and grab the user id again.
Second, store a bool field as well expired that you can toggle true for when the access_token expires. Also I realize you have no way of actually knowing when to refresh the token as your cookie can be revoked (e.g when they logout).

I recommend in the session table store the access_token, refresh_token, expires_at, expired, session_id

then you can have an endpoint that grabs the user info using the access_token in the session table

example.com/api/auth/@me or smth idk

The reason I say to store a bool field for when the access_token expires (or the session expires either naturally or when they logout) is to track anyone abusing your api with expired session ids

Which you can then blacklist those people if you wanted (by ip)

ic so it gives it to you that way

Well, you set the cookies to expire when the access token does

ok let me model this out

1. Login via Discord, do the whole grab access token, save it to session store, store session id in cookie
2. Say they logout, well now you expire that session making it unusable and you revoke the tokens as well via discord.
3. Say they don't logout, the cookie expires naturally so when they next visit it they are no longer logged in, so you use the old refresh token to generate new access tokens

iirc thats how it would work

I haven't done oauth2 in a while as im currently struggling myself aha

Yea I was right

If they never logout themselves or they don't de-authorize the app in discord, you can just use the refresh token to get a new set of tokens, if this fails re-prompt them for authroization the normal way

Yes

well no

Sorry

There should be no logging in with valid sessions

It's either they are logged in or not

If the cookie exists all you do is display the content they should see if they have it

If the cookie doesn't exist that means its either
A. Expired naturally (refresh it if possible or re-authorize them)
B. They logged out themselves and now you need to re-authorize them

Note if they logout, you should be revoking the tokens

if they de-authroize the app in discord it will revoke them for you

https://discord.com/developers/docs/topics/oauth2#authorization-code-grant-token-revocation-example

if you are using rocket

use route guards

i want to set up a database to track how many times a user wins my game that i’ve created

is that a lot to do? i use better-sqlite3

no thats very easy

i'm looking but want to make sure I do it correctly

so I can create a database.js file

const Database = require('better-sqlite3');
const db = new Database('clickwar.db');

db.exec(`
    CREATE TABLE IF NOT EXISTS players (
        id TEXT PRIMARY KEY,
        games_played INTEGER DEFAULT 0,
        games_won INTEGER DEFAULT 0
    );
`);

module.exports = db;

with this in it

yes?

sure

create a profile command

have the db imported to both the game and the profile command

have it imported in my index.js

ye

idk what I'm doing wrong

i get this error

ooh wait

nvm i figured it out lol

im deleting all of this.

path needed to be ../db for profile and clickwar

and ./db for index

@scenic kelp have you ever used ASP.NET Core?

If so, is there a need to not use the controllers based api?

i've only done very basic things with it

mostly with minimal apis though i'm ngl

icic

I think ima give the controller based one a try

it seems like it will match well with what I need after doing more research

:D

@lyric mountain is it possible to sort postgres rows by how many lines in a text column match the lines in my input

you mean like the simularity func?

SELECT
  name
FROM
  tbl
ORDER BY
  similarity(name, 'joever') DESC

sorry if my tired brain misunderstood ya

Gotta check it when I'm home

yeah this is it, but do note this is not enabled by default

you need to enable module pg_trgm

I just installed it, is this saved on db restart

(CREATE EXTENSION pg_trgm;)

yes

do note, that depending on your data amount, it might be recommended to create a GIST index

as similarity is farly slow without it

Giving coins will depend on your database

@tender ermine i need help with some organization

how did you did table with HTML?

i know like <h1>Title</h1> makes the word Title becomes:

Title

You know you can copy anything on his page?

how?

Literally right click -> "Inspect Elements", you hover over the table, copy the code and then copy and add the css he used on his page

You can copy the entire top.gg page of some bot this way

can you explain what that is

it's an index type that comes with pg_trgm

it basically breaks the texts into trigrams to make it faster to fuzzy search, and other operations as well

there are 2 types, GIN and GIST

for most you'll use GIST, as GIN as a long index build time (but it's faster, so it's better for stuff like document indexing, where data wouldn't change as frequently)

hm, is it even worth anything on just 1400 rows

I made sure to create as little as possible

if you're going to use similarity, then yes

I for example have this ```pgsql
CREATE MATERIALIZED VIEW IF NOT EXISTS v_card_names AS
SELECT c.id
FROM card c
INNER JOIN anime a on a.id = c.anime_id
WHERE (a.visible OR c.rarity IN ('EVOGEAR', 'FIELD'))
AND c.rarity NOT IN ('ULTIMATE', 'NONE')
ORDER BY c.id;

CREATE INDEX IF NOT EXISTS wrd_trgm ON v_card_names USING gin (id gin_trgm_ops);

the actual table is about the same size as yours

but I do a lot of name lookup and fuzzy searching, so things can get slow if I dont have it indexed

since I cant modify the original table, I made a mat view which I refresh every hour (to pull changes)

I used gin here cuz this table isn't modified at all, only when I'm adding new cards which is done by me only anyway

I see

Im gonna try without an index first and compare

its gonna be pretty much the same speed no matter how many rows I select because it needs the similarity of every value if I dont have an index right

not exactly

similarity uses levenshtein distance for getting the value

which is basically "how many changes would you need to make A equal to B"

so it'll vary depending on how long the text is

i already showed you how

if something doesnt work, then you have to show logs and code, otherwise we cannot help you

Hello @quartz kindle

I got feedback from discord related to my CF ban

🙂

And it's very funny

hi guys, I'm using discord.py and I was wondering how would I stop my bot from responding to commands that don't exist, so for example if I type <prefix>hello (hello command does not exist), the bot would respond with "hello command not found" for every message that contains the prefix which is annoying

👀 what are you doing with /invite?

That's my question, for what can be used /invite endpoint in order to spam so much

actually it's not invites?

you didn't save your file

oh wait, nvm

just dont send "command not found"

that's a bad thing to do anyway

so like modify the on_command_error event or modify the on_message?

Wherever you send "command not found"

In Discord's API, the /invite endpoint is used to manage and interact with server (guild) invitations. This endpoint is crucial for creating, retrieving, and deleting invite links to a server. Here’s a breakdown of its primary uses:

That's so strange...

More specifically https://discord.com/developers/docs/resources/invite#get-invite

Actually I have another person who develops this bot with me, I'll try to find that in code, Thank you for the help.

I know where i use this endpoint on my bot, but the website does not use the endpoint.

It's a bit strange tbh, cause the servers does not use same IP.

If you're using visual studio code
in the top middle of VSC
%command not found

% means search

Dont you need a token for that endpoint? 👀

I think i will just log each time when an endpoint is used

Ah thanks that was easy

Yes you need, but then the bot should get timeout, not the website. The only interaction that the website is doing with discord it's login

do you have an invite tracker or something?

I do, but that's something that bot collect.

most invite trackers require fetching invites on member join to figure out which invite was used

that does cost a lot of requests

But my question is why did the website got banned?

Based on what?

If you're using the same token, ratelimits apply to both.

the website was banned and not the bot? i thought the bot was banned

Unless its specifically the cloudflare request limit

No, the website was banned. And the website does not use endpoints.

yep

👀 how are you sending 10k requests per 10 minutes

if it doesnt use endpoints how do you know it was banned? which part of it broke?

the login part?

Yes, only login part.

do you do any fetching during login?

like right after you get the user auth, what do you do with it?

I'm allowed to share discord answers here? Cause they also confirmed we did not exceed more then 3 requests when the cloudflare hit us

Thats wild

wait so the ban was not due to invalid requests after all? did you hit some other hidden rule they have?

Unfortunately, if you are being Cloudflare banned and making only three requests in an hour, then there may be an issue with how your application is being hosted. Sadly, there is nothing we can do about Cloudflare bans.

discord has a lot of weird hidden rules they dont mention anywhere

ah well, yeah that happens when using shared hosting

since it shares ips with other customers, they can spam the api and you get thje ban as well

👀 shared hosting issues?
I've not seen that in awhile

Well, should not...cause we rent the entire IP only for us.

wasnt part of glitch/replit affected by it at some point?

I just think it was just an issue from their said..

its possible that specific ip comes from a blacklisted pool

Where the cloudflare did something wrong

sometimes they ban blocks of ips at once

sometimes they ban whole companies at once

happened to a host, hetzner iirc?

at some point the entire hetzner ecosystem was banned from connecting to discord voice servers

yeah

Oh

no idea if that was ever resolved

I've not tried tbh

Kinda strange, cause they should maybe notify webhost provider instead to ban everyone?

If your host has a discord, or a community I'd check them out

they do

but sometimes the hosts either dont respond or respond with automated messages

Cause in my mind i think the CF ban hit very hard for something that you can solve only by switching IP on your server.

A lot of people may be reporting the same issue

Hetzner abused discords abuse email and spammed it to wumpus hell and got banned completely from accessing Discord and its api etc

72h timeout

lmao, hetzner did? or people using hetzner?

hetzner did

lmao wtf

they had some sort of automated system

spamming discord with emails

At least now i have the confirmation that we did not spam them with 10k requests in 10 min 🙂

Due to a lack of communication and improper use of abuse systems by Hetzner, we'll shortly be blacklisting ALL of Hetzner's IP ranges to our voice servers. If you host a bot on Hetzner that requires voice (e.g. a music bot), it will stop working when this happens. Please reach out to Hetzner and encourage them to open a line of dialog with us to resolve these problems. Apologies to any interruptions this causes for you.

As an addendum to the above, we'll be blacklisting Hetzner IPs from our API at 16:00 PST (GMT -7). Please take measures to move any services or bots you host on Hetzner elsewhere before this time. Feel free to reference ticket number 2017091403020104

As an update to the above, Hetzner reached out to us this morning and opened a line of dialog. Since it's the weekend and we don't wanna ruin anyones fun I've lifted all of the API level blocks. Your bots will still not be able to connect to our voice servers until we fully resolve the issue on Hetzner during the normal work-week. Thanks.

Hetzner was not able to meet our requirements to be unblocked, so the voice block will likely remain indefinitly

At least they was fair with people who use discord

We block connections to hetzner due to their overzealous automated IDS system spamming our hosting providers with abuse e-mails. We have no plans to unblock them, as they have no plans to fix their broken system.

my bot is hosted on hetzner lmao

but i dont use voice so i dont care

But for example can a host provider reach a company to get their IP unbanned later?

It's not like you can control what people who buy a service do

you asked how to do it, i showed you how to do it, you said it didnt work, i asked to show code, you did not show, so i cannot help

most bans are temporary, to prevent spam/abuse

but yes, if its something that keeps happening, the companies have to talk to reach a solution

It sounds like hetzner is sending valid IDS emails, but wont correct the oversending of said emails.

I wonder why hetzner just doesnt add some exception? or discord blocks, or forwards the emails somewhere else.

Like for example if i buy a phone number today and use to register a discord account and phone number was blacklisted they should remove the number from blacklist or so?

there are hosting providers who get blacklisted from a lot of things because their users did illegal stuff like ddos/torrent/etc

It's just an example

then the hosting provider needs to clear their name

Same for IP's

talk to people, fix their shit, etc

Discord can indeed ban the ips of something indefinitely

they have every right as a service to do so

👀 my IP ban lists for my sites is getting long.

But I also ban for pretty much any sign of abuse

if you abuse a service dont expect to stay on that service simple as that

But then if you ban an IP, you switch to another one

Since hetzner does not want to take measures to fix it its their own fault

then the next person who buy the IP after you will get a blacklisted IP

or so

the problem is many services are shared among multiple users, so one person abusing can affect a lot of innocent people

Indeed it sucks

Exactly

Thats the nature of buying an IP tbh.

But discord has to do what it can to protect the mass majority

Like in my case i have the entire IP on my server only for me

Its not their fault hetzner abused their apis, they themselves tried reaching out

Hetzner didn't want to fix their shit

so they got what came to em

it happens a lot, if your ip is blacklisted from something that you need, you have to contact your host and ask for a different ip

I dont think there are many IPv4 IPs that are not banned from at least one service somewhere.

oh im sure the amount that are banned outweighs what isn't

just ban 0.0.0.0

easy fix

I'm sure it gets really weird in countries that IPs rotate daily for consumers.

like?

I'm sure people get banned from sites all the time.

IE, you might just randomly get an IP thats banned from cloudflare, or google, or whatever.

It's also more possible in country like India/China

Especially with IPv4

What even is the issue at this point, how is this related to Jimmi

💀

Is his IP banned?

Possibly their host was banned, or a whole block was banned.

Was related to my CF timout aka cloudflare ban

If its still going on

Then at this point it is almost certain your host's ip is banned

possibly their entire pool of ips (who knows)

It's over since yesterday, but discord provided a nice answer

Of course they don't know why, cause they confirmed 3 requests in an hour when that happend

thats why these sort of bans are always temporary

imagine perma banning an ip that is going to get rotated through a bunch of people and services

I will check, but i'm not sure how did the IP Website got rated instead the bot 🙂

I love my permanent bans

😉

Do you check them usually?

I never check once they're banned.

I just use cloudflare to IP ban

Ah, i don't use cloudflare

I'm glad cause at least they checked the reason why it happend, cause when i check on internet they usually don't check. They just said to wait

server.register(import("@fastify/rate-limit"), {
  max: 10,
  ban: 4,
  continueExceeding: true,
  timeWindow: "30 seconds",
  allowList: ["159.203.105.187", "127.0.0.1"],
});

I also ban for ratelimit abuse automatically, but its not permanent yet.

(dont mind the IP, its public knowledge)

unban speedy

smh

-appeal

:^)

The thing is, i did a lot of features when the bot was very small and there was no change to get rate limited in 10 servers, now we have 1700+ servers and not using shards

quick question, have you experienced any sort of memory leaks using fastify?

I can check for a memory leak real quick, but I have a server that was up for 3 months and it still was using almost no memory.

i made a rest api for a client and decided to give fastify a try

but for some reason memory usage goes from 50mb to 400mb in 2 weeks

i dont see what else could be causing it

im gonna try doing a heap dump i guess

Mines been up for almost 20 days, 2.2% of memory(4gb available)

bun or nodejs?

node 22.1 i think

ah ok

I just know bun leaks memory on the default http lib

when chunking data

22.2 actually

ye i never tried bun in production

260mb in 3 days

@_@

How many requests? 👀

no idea, there's literally zero analytics on this thing

lmao

logs disabled?

ye

ah. theres your problem. Fastify has decent logs

could give them a try

gonna gtry a heap dump now

why does node need 3x its own memory usage to generate a heap dump

it's taking a dump

Oh so that's why I remember so much at certain times

does it need a toilet maybe ?

indeed

why is downloading via sftp so slow

Because its slow ftps

;p

lmao

you got me there

well played

1.15s for searching 1400 rows @lyric mountain

try with gin index now

CREATE INDEX idx_gin_value ON "minecraftServerConfigValues" USING GIN (to_tsvector('english', value)); ?

(I dont know what im doing)

welcome to the club!!!!

ye nvm its not fastify

i found the culprit

Well that's good

USING gin (id gin_trgm_ops);

where id is whatever column u want to index

shoutout to crowdin for...

nothing

same speed lol

people do this to get their names in the "contributors" list of a repo

and then they can brag about it, add it to their cvs, etc

its stupid

fun thing

it didnt even add to the commit

the merge commit from the pr didnt even show the changes made in the pr

lmao

did the author get listed in the contributors tho?

i'm the author

ah lmao

crowdin just uses my acc or smthn

is typescript technically considered a language or is it just a 'dialect' of js

superset

but I think its a lang

just because of the immense type system

of course it is its own language

its a superset of js, but its still considered a language of its own just because of the sheer extendability it adds to js

Well

If a session exists, that means the cookie is still valid right?

your protected endpoints should be checking for this cookie

If it doesn't exist that means they are no longer "logged in"

If they logged out naturally aka the cookie expired, attempt to refresh the tokens, if that doesn't work then re-auth them.

If they logged out on their own, then re-auth them

What no, use route guards

You are using rocket right?

https://rocket.rs/guide/v0.5/requests/#request-guards

Use that

yup!

I can show you an example

one sec

https://hatebin.com/izdypmqgem

its my goto bin (when it works)

yea

Ive been using hatebin since 2019

@civic scroll @sharp geyser @quartz kindle I cooked

also yeah 37mb gif

YOU CERTAINLY DID SIR

cuz DISCORD CANT SUPPORT BETTER ANIMATION FORMATS

it'll load, eventually

lol

looks good tho

couldn't figure out a way to autoplay it, nor to fix the 359 -> 0 issue

ig that's as far as I can go with pure css

now to embed it into topgg

and crash peoples browsers /j

hm, I wonder, just so I dont need to put that wholefuckinhtml I could put it into an iframe

the file is committed on my repo anyway

why not just embed it

an iframe looks ugly

cant, topgg doesn't allow embed

also iframes can be styled

if u never set background color for body it'll be transparent

you cant just put the html in the desc?

im sure itll be fine

if only the test button was working

just do what every bot dev does

edit 100x until its perfect

Thats not what they do

they just push whatever broken mess they have to prod

same diff

aight neato, the roulette works, just need to ajust it to fit properly

                                                   ^

TypeError: command.data.toJSON is not a function
    at Object.<anonymous> (D:\Invite Manager\deploy-commands.js:20:31)
    at Module._compile (node:internal/modules/cjs/loader:1434:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1518:10)
    at Module.load (node:internal/modules/cjs/loader:1249:32)
    at Module._load (node:internal/modules/cjs/loader:1065:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:158:12)
    at node:internal/main/run_main_module:30:49```

Some reason i am getting this error that i have never had a problem with

awesome

one of your commands is not a valid commandBuilder

for example this:

your code requires ALL your commands to have that

if one of them doesnt have it, it will error

It works now

How do i make this all members and not just online

const totalUsers = interaction.client.users.cache.size;

For rn i am in my own support server and i got 4 real members but only 2 on and it says 2 on but it should say 4

client.users.cache is the bot's cache, it stores users who have had some contact with your bot (e.g. used a command) or you have previously fetched them yourself

If you want to have access to every user, you would have to put them in your cache first, e.g. by fetching all members of each server, which is not a very good idea

Why?

Slower?

Very much because fetching larger servers with thousands of users takes time

You can also just wait until the cache fills up automatically

How?

By people just using it?

"Automatically" is the key word because it depends on what intents your bot has enabled in its code. They are responsible for the events your bot receives and the cache that is filled. For example, if your bot receives the memberGuildAdd event (someone has joined the server), it will automatically be added to the bot's cache afaik

i dont have that intent should i add it if i want what i am doing

If you don't need it then no, this is just an example of when a user is added to the cache

So if i add that intent what would i put my code unde

the same or change this

const totalUsers = interaction.client.users.cache.size;

You must also keep in mind that a large cache affects the RAM usage of your bot. If you have limited resources, I wouldn't go crazy with it if I were you

rn it is at 45mb

idk if that is good or bad

it did fit nicely

chose not to downcale it else the text would be unreadable

If it is on one server, it is not surprising, but when there are hundreds of thousands or millions of users in memory, this value may increase significantly. Not only users are involved, but also messages that are stored in the cache

I am also using sqlite and sequelize and trying how all that ties into a bump bot

True

i guess i'll keep it

the cache fills automatically when the bot "sees" people

ie, person sends a message in a server where the bot is (requires guild messages intent)

person uses bot command

person changes status (requires presences intent)

etc

also, once your bot gets past 100 servers and becomes verified, your bot will require a special approval to use some intents like presences and members

which are required to fetch all members

and there is no guarantee that discord will give it to you

Oh. So should I have that intent or not

Just trying to figure out what I should do for my bump bot and my /bot-info command

Depends

if you have a true reason to get them, you'll get

else they'll deny

Ohhhhhh

Discord approves what intents you can use and not?

there is only 3 intents that require approval, because they have privacy concerns

guild members, guild presences and message content

Oh alright

its those 3 you have to enable in your discdord application

Oh alr

worth to note, it's better not to enable them unless u really need

once your bot reaches 75 servers, they will ask you to verify your identity

👍

and during verification you will have to tell them if you need those three intents ands why

and they will decide if you can keep them or not

Alright

I didn't know that

but until 100 guilds and until you verify, you are free to use them

I probably won't just to make it not confusing later on

ye, its pretty bad when you design a bot around those features only to have discord deny them

so its better to avoid those three intents if you can

Lol yeah I just got the basic ones because that's what my friend said i need to make a bump bot

Alright ty for letting me know

what even is a bump bot?

basically a spam bot

lmao

ah

you spam your guild invite to all other guilds as long as you also receive spam invites from other guilds

basically j4j

Kind of, so basically, it's a bot that you set up with your server ad, and it's a kind of promotion. You do /bump, which will then send your ad to a channel where all the ads go. If someone likes your server, they can click "join" on your bot, and that's basically what it is. I would make other things, but I don't know how to code, so yeah.

what tim said then

idk if either discord or topgg will accept it tho

There is tons of bump bots

That is on top.gg and discord

There is a couple that is over 1k and some over 10k

I felt like it was a starting project so I started there because I don't know what to make or where to start

I don't know if the type of such ads matters, but I personally reported two such Polish bots and both were banned because they advertised stores selling stolen nitro or game accounts

6. Do not target users with advertisements or marketing. Messaging to Discord users from any Application or developer team should be relevant to the function of the Application and may not contain material unrelated to an Application’s function or information.
   No idea if his bot falls under this

but if so then yes its not allowed

Very possible, also a very strange idea for your first bot

Also

like to note

22. Do not engage in activities that fraudulently generate a profit at the expense of others. This includes facilitating, providing instructions for, and participating in fraud. We do not allow coordinated efforts to defraud businesses, price gouging, forgery, money laundering, counterfeit goods, or tools that facilitate illegal behavior. (See our Deceptive Practices Policy Explainer for more.)
    Who the fuck is money laundering on discord

💀

Fifteen-year-olds who think it's cool

Little do we know there is a server full of teens just laundering money through discord subscriptions

script kiddies sending virus to someone's IP (it's 127.0.0.1):

real good

hey i just sent you an email with an .exe attachment, can you run that for me real quick?

its a new game im working on

bet!

I love games

I just created a ticket conversation saver. What yall think 🗣️

Just forgot to reserve the message array lol It's upside down.

ima be real

looks cool

i saw that

ahaha i was joking

I will turn your AI into a terabyte bomb

Though I do recommend not using a doc file

not everyone has that

now make it look like a discord chat instead of using plaintext

You should make a web ui for it

It's a public share link, you can view it w/o an account

why not just use a cdn to a txt file

Guys i just created this for fun 😭 , i don't want to publish it

you saying this is the highest compliment I could get

Oh as for a cool demo project yeah absolutely

i was bored

Just wanted to get familiar with the googleapis library

But I was gonna say google drive will charge you a fuck ton for storage if you intended on having this distributed

(iirc)

and holy shit the documentation is deadass shit

welcome to big corp

the docs for their apis are terrible

yeah exactly

Its amazing anyone can navigate them

I am not even lying their docs were missing like everything important

#[get("/logout/discord")]
fn discord_logout(cookies: &CookieJar<'_>) -> Redirect {
    cookies.remove_private("session_id");

    Redirect::to("/")
}

not yet!

this is wrong

You aren't conforming to oauth2 standards (if that matters for you) which it should if you are distributing this

you need to revoke the tokens

Anytime they logout themselves you need to revoke them

I had another question,
I am currently inspecting a big 8tb webcrawl of data, and parted it into smaller batches.
A quick word occurence later, and i now have batches of all links that have their topic in the cryptocurrency range. Suppose, for each link i would do another word occurence to get the top 5 most used words, how much scalable is it? Like from the 8tb crawl i maybe end up with tens to hundreds gb of site data. I need to make sure that the quota remains under the 250gb to equally distribute it over the cluster but so far no good.

I was thinking about hashing the links to smaller bit values, but that introduces collissions, and well makes my precise analysis guess work. Any suggestions?

oh god

😭

val whs = warcs
  .map { wr => wr._2 }
  .filter(_.isValid()) 
  .filter(_.getRecord().getHeader().getHeaderValue("WARC-Type") == "response")
  .map { wr =>
    val warcRecord = wr.getRecord()
    val httpBody = if (warcRecord.isHttp()) {
      warcRecord.getHttpStringBody()
    } else {
      ""
    }
    (warcRecord.getHeader().getDate(), warcRecord.getHeader().getUrl(), httpBody)
  }```
pretty sure i can maybe drop a bit of the body? Like ads/footers?

Is there maybe a certain distinct property all ad injections tend to have?

Looks good to me

Im sure there is, as ad blockers have to block ads somehow

What would be the best way to handle oauth2 with google & microsoft? The only thing I really need from them is the email associated from the account of the user logging in as well as their name, as idk what other information I could possibly need. Someone suggested SSO, but idk how that would work or if I even need to.

@lyric mountain have you ever worked with SAML SSO?

Never heard of it

that was the highlight of my IT career

Please

help

😭

I do not understand anything

I get that

1. User Requests to my server
2. My server makes a request to the respective company's IDP
3. IDP checks if there is already a session, if not have them re-auth, if there is send token back
4. I verify the token is correct based on what the server sends back as well
5. IDFK

At least thats what I took from my research

Problem is, idfk how to handle this with two providers let alone one

String

you can also use a string slice tho

if sqlx allows it

its almost better to use a string slice

since typically values you are selecting are readonly you won't modify em

I mean sure

but i'd give it a definitive lifetime

'static is something to avoid from my understanding if at all possible

yea it should be

yes

a varchar in postgres is just a set size string

https://www.reddit.com/r/rust/comments/uwl8do/comment/i9sjrq2/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button btw

really good explanation on lifetimes

worth the read

Should I use a Dictionary or a List?

I am asking because I am working on implementing microsoft oauth2 sso and one of the requirements is to send a nonce value along with the authorize request that you would then verify against the one sent by the return request. I need to keep track of these values and be able to look them up as needed. If I use a dictionary I would need some kind of key/value (idk what the key would be if not the nonce value so idk if a Dictionary is needed), whereas a List I can just store the nonce values and look them up as needed (tho idk if this is smart either)

Actually I think ima just use a List

Why not use owned String types here

String is 9/10 times way easier to deal with than &'a str in a struct

There are many use cases for a string slice but usually I stick to owned strings unless I have a reason not to

🤭

I kind of told them to

I mean you can use it but I just don’t see why in this case

from my understanding of string slice its better to use them 9/10 times if you don't need to modify the value

If the user struct owns the string there’s no real need

my bad thundxr

References as members of a struct in most cases are reserved for when you need the data but you don’t own the memory

i see

string RandomString(int length, string allowedChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789") {
    if (length < 0) throw new ArgumentOutOfRangeException("length", "length cannot be less than zero.");
    if (string.IsNullOrEmpty(allowedChars)) throw new ArgumentException("allowedChars may not be empty.");

    const int byteSize = 0x100;
    var allowedCharSet = new HashSet<char>(allowedChars).ToArray();
    if (byteSize < allowedCharSet.Length) throw new ArgumentException(String.Format("allowedChars may contain no more than {0} characters.", byteSize));

    // Guid.NewGuid and System.Random are not particularly random. By using a
    // cryptographically-secure random number generator, the caller is always
    // protected, regardless of use.
    using (var rng = System.Security.Cryptography.RandomNumberGenerator.Create()) {
        var result = new StringBuilder();
        var buf = new byte[128];
        while (result.Length < length) {
            rng.GetBytes(buf);
            for (var i = 0; i < buf.Length && result.Length < length; ++i) {
                // Divide the byte into allowedCharSet-sized groups. If the
                // random value falls into the last group and the last group is
                // too small to choose from the entire allowedCharSet, ignore
                // the value in order to avoid biasing the result.
                var outOfRangeStart = byteSize - (byteSize % allowedCharSet.Length);
                if (outOfRangeStart <= buf[i]) continue;
                result.Append(allowedCharSet[buf[i] % allowedCharSet.Length]);
            }
        }
        return result.ToString();
    }
}``` wtf is this answer to generating random strings on stackoverflow

I just need to generate a unique nonce to send microsoft when authorizing 😭

unique string = probably use GUIDs

I could sure

it just needs to be used to verify requests between microsoft

making sure there is no mischievous things happening

Im almost done I think with my first attempt at using microsoft oauth2

    [HttpGet("microsoft")]
    public RedirectResult MicrosoftAuth()
    {

        IDictionary<string, string> variables = DotEnv.Read();

        Guid nonce = new();

        Nonces.Add(nonce.ToString());

        return Redirect($@"{variables["MICROSOFT_LOGIN"]}?client_id={variables["MICROSOFT_ID"]}
        &response_type=id_token
        &redirect_uri={variables["MICROSOFT_REDIRECT"]}
        &response_mode=form_post
        &scope=openid%20profile%20email
        &state={new Guid()}&nonce={nonce}");
    }
```how does this look?

my callback url will handle verifying the nonce and such

wait what

A value generated and sent by your app in its request for an ID token. The same nonce value is included in the ID token returned to your app by the Microsoft identity platform. To mitigate token replay attacks, your app should verify the nonce value in the ID token is the same value it sent when requesting the token. The value is typically a unique, random string.
Right I should verify
But on the success response it literally tells me it only gives me state back

😭

Like whats the point

I swear microsoft is so confusing

Should I be keeping track of the nonce or the state

nonce === state

right

but microsoft has it sent two different places

return Redirect($@"{variables["MICROSOFT_LOGIN"]}?client_id={variables["MICROSOFT_ID"]}
        &response_type=id_token
        &redirect_uri={variables["MICROSOFT_REDIRECT"]}
        &response_mode=form_post
        &scope=openid%20profile%20email
        &state={new Guid()}&nonce={nonce}");

there is a state and a nonce query param

huh weird

yea

and while ik that is a minimal viable example

I don't want to go around fucking about and the nonce isn't returned

cause as it stands rn I keep track of the nonce not the state

I just as you can see send a guid as the state

same with nonce but I save the nonce in a list

    List<string> Nonces = new();

    [HttpGet("microsoft")]
    public RedirectResult MicrosoftAuth()
    {

        IDictionary<string, string> variables = DotEnv.Read();

        Guid nonce = new();

        Nonces.Add(nonce.ToString());

        return Redirect($@"{variables["MICROSOFT_LOGIN"]}?client_id={variables["MICROSOFT_ID"]}
        &response_type=id_token
        &redirect_uri={variables["MICROSOFT_REDIRECT"]}
        &response_mode=form_post
        &scope=openid%20profile%20email
        &state={new Guid()}&nonce={nonce}");
    }

what endpoint is that?

microsoft's authorize endpoint

https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc#send-the-sign-in-request

the nonce is returned inside the id token

its part of the jwt payload

OOOO

the state is used for identifying what the user was doing before the login, ie to redirect them to the right place after login, etc

so wait

oh ok

so I don't need to verify the state?

nope

interesting

state its like a callback

ic

so I dont need to even supply it

if you need to know where the user came from, or what they were doing before

I don't really I dont think

yeah should be optional

after authorizing it will take them to a callback url that will verify the nonce and such

if it succeeds then it redirects them to the protected home page or whatever

so wait

yeah the state could be to identify which page they should be redirected to for example

will the jwt be signed by the nonce?

did you figure this out yet btw

realistically it should be a dictionary or a set

i dont think so

if you care about lookup

the nonce is part of the payload

https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference

Dictionary wouldn't work for me

I would need a K and a V

I don't have anything to uniquely identify the user yet

then use a set if you only need the key

HashSet?

yeah

Whats the difference between that and a List?

They both only store values

O(1) vs O(n) lookup

no idea what that means tbh

constant vs linear

one get bigger when more one is always same

icic

so a HashSet is more performant in read calls

yes

technically speaking it's more performant as it grows

when you call List.Contains it's just a linear search

Set.Contains uses the same idea as a dictionary which is hashing

ic

so it hashes the key inside .Contains and compares it against the hashes in the Set?

basically

i can pull out my python dictionary implementation rq

likely a hashtable no?

is comparing hashses faster than just looking for it?

it doesnt really require comparisons, it goes straight to its bucket

oh yeah i misunderstood you

it only compares in case of collisions

basically the rough idea behind a hash table

Not sure what you mean

is you get the hash of an item

and place that item into one of several 'buckets'

    /// <summary>
    /// Checks if this hashset contains the item
    /// </summary>
    /// <param name="item">item to check for containment</param>
    /// <returns>true if item contained; false if not</returns>
    public bool Contains(T item) {
        if (m_buckets != null) {
            int hashCode = InternalGetHashCode(item);
            // see note at "HashSet" level describing why "- 1" appears in for loop
            for (int i = m_buckets[hashCode % m_buckets.Length] - 1; i >= 0; i = m_slots[i].next) {
                if (m_slots[i].hashCode == hashCode && m_comparer.Equals(m_slots[i].value, item)) {
                    return true;
                }
            }
        }
        // either m_buckets is null or wasn't found
        return false;
    }

hash tables use a table of a fixed size, for example, lets say you have a table of 32 items, even if its empty, its size is 32

then you take one item, hash it, and modulo the hash by 32

and you get the index in the table

Thats interesting

so any given item will be assigned an exact index in the table

based in its hash

thats how hash tables are fast af

So its not always just add it to the end?

nope, its distributed based on hashes and modulos

interesting

thats neat

you can't just add it to the end because you have a list of buckets

the thing about hash tables is

I roughly understand it now

the size of the table needs to be fixed

and once you grow past a certain number of items

first you start getting collisions, two items that resolve to the same index

then the more collisions you get, the slower the table becomes

so the table needs to be resized

thats where hash tables suffer a bit in write performance

I see

most of the time though write speeds don't matter much right?

Its more about its readability

depends on your workload

yeah, hashtables are made for reading fast

I mean

I don't have any need to hold onto the nonces after they are verified

so I was planning on removing em from the set after the request is verified

although technically both sets and lists should be O(1) amortized to add/append

sets are also much better for remove

yeah

O(1) vs O(n) for removal

lists always add to the end, so adding is instant

but finding and removing requires scanning the entire list

and then moving everything over

ye

sets dont have that problem

there is a really good video on hash tables, let me find it

honestly good project some time is write a simple dictionary or set implementation

Also wait, going based off this should I make my callback route post and the response should be in the body right?

my python implementation was about 140 lines of code

Right so I just realized again

I can't even test my implementation

i cant find the video i rememeber

but its basically like this

https://www.teach-ict.com/2016/images/diagrams/hashtable_filling.gif

icic

@wheat mesa ima need you with helping me out to see if my stuff works

so even if you have a hashtable with a billion items, inserting, checking and deleting will always be instant

frankly having to use modulo for every lookup is inefficient, we should just use int32.MaxValue buckets

oh dear god it'd actually be double that wouldn't it

every operation requires re-running both the hash function and the modulo, but those two are still much faster than having to search through and compare values

i think a modulo op is a bit more efficient than storing 4 billion buckets

a bit

:^)

well idfk what to do rn

tables usually start small, then grow as needed, you cant really start off with a 4 billion item table without reserving 4+ gb of ram

I cant continue further until I verify the response is actually successful

but to do that I need waffle

since he has a student email

tbh hash tables are so cool, i really like them

ofc you do tim

anything thats fast you like

Hash tables are awesome

optimization king

They can be slow sometimes though

then theres all the different collision resolution methods like separate chaining, open addressing, robin hood hashing

robin hood hashing?

yeah

wtf are these names that people come up with

i've implemented robin hood hash table in js before

its amazing

ofc you have

When will you be available to help me test my current progress?

lowkey I’ve been hella busy

Totally not getting married tomorrow

Wait what

you're getting married?!?!!?

Mayhaps

Wtf bro

😭

What the hell did I miss

there is this bug when I click next page button in Ratings & Reviews section it just bugs out and shows nothing

make sure you don't have an adblocker/vpn enabled (sometimes these mess with functionality of the site)

ohh maybe its brave browser

(I am super excited and happy I am just bad at expressing this over discord)

fyi turned it off but samething happens

congrats ig

Ty

Bro, congrats man.

Honestly wasn't expecting it so soon

I swear it was just yesterday when we both were in high school

Me neither but I’m super glad the way things played out

u guys irl friends?

nah

but we've been friends for a few years now

ohh kkk

Yea man, i've watched how your relationship with her has played out from what you've told me, and you guys are perfect for each other

Just don't become a dad too soon /j

absolutely not

kids are nasty

💀

I should know because I’m a teacher rn

lol

have u ever watched HIMYM?

Well, congrats man, and just reach out to me whenever you are available!

Never heard of it

fs

How I Met Your Mother btw

I mean How I Met Your Mother

ye

Oh

Heard of it never watched it

Pretty sure that was popular when I was younger

indeed

very popular

hmm so far all the things u said matches to a character there

I think marshel

ye

im a TBBT and HIMYM fan

No idea what TBBT is

oh the big bang theory

The Big Bang Theory

yea

yea never watched either

dont care for em

ohh its fire tho

hmm

Never watched it

My parents did though lmao

TBBT or HIMYM?

I’ve seen clips and I feel like the vibe is somewhat ruined by the forced laugh track over every single joke

Big bang theory

fun fact those laughs was not edited there was a live audience watching

Laugh track was on brand for the time it was released but for modern standards I just can’t stand it

its real not a laugh track edited in x2

Most of them were “live audiences” iirc, but I’m certain that they were choreographed

no tbh

And it still ruins the experience tbh

I can stand it in like 80s sitcoms but big bang theory feels like an odd choice to put that in

i mean I like it just laughing along

we all have different opinion's

To be fair I don’t watch a lot of comedy shows

Schitt’s Creek was great

CANADA #1

mm never watched it or heard it

real

CANADA #2

Maybe it’s because I didn’t have cable TV growing up but I didn’t really get into a lot of those types of shows

I had cable and still didnt get into shows like that

me too but recently my doctor said watch some comendy to release stress

and I got hooked to TBBT and HIMYM

I find myself watching a lot of shark tank and cheesy romance reality shows like “married at first sight” because the people on them are so delusional that it’s funny

lol

taking CC to shark tank /j

(And because my mom/fiance like watching them too)

then I recommend you HIMYM if u like "married at first sight" thingss

Eh how I met your mother isn’t a reality show

ohhh

It’s only funny because it’s hard to believe that the people on the show aren’t characters, they are really like that irl

yea ig

My favorite show of all time is hands down Better Call Saul though

10/10

I've watched shark tank here and there but I just stopped idk why

Funny, dramatic, and had beautiful cinematography

what about

mmm

https://tenor.com/jNw07V5CeBd.gif

WALTER

:D

Breaking bad goes on my #2

I didn't watch it all the way through but I plan on it soon™️

btw we in #development

I am back into my anime phase

no its general-3

Yeah but nobody is here so it’s fine

oke

mods are offline so we gucci

Honestly I’m excited to move in with my fiancé because I can force her to watch breaking bad and better call Saul finally

hopefully

oooohhh I never got a chance to try anime

She hasn’t even seen one episode

lmao

better fix that

yikes

Also, you're making me realize how sad my life is

gimmie a min bot got high usage again

Bro's got a fiance and all I got is me myself and I

same

I got lucky

true :C

1 min pls

I met her almost 10 years ago so I got a head start

you met her that young?

damn

We were barely 10 yeah

Didn’t start dating until we were 16 but still

back

how old are u now?

bro been rizzer her up since 10

LMAOOOOOO

I just turned 19 yesterday

JUST???

Bro I forgot im older than you

😭

happy late birthday

Ty

tf you're younger than me

Yeah I’m young I get it :c

Happy late bday btw, forgor to say it yesterday

it's so over fr why the fuck are people my age getting married 😭

Tysm

I got lucky, the circumstances are very unique

I thought the same now

nah berry and one of my irl friends too 😭😭

Aren't you like 21?

Yeah but Berry also had a full time job straight out of high school

i'm 19 my bro

So like

19??

Did you just turn 19???

true nyc privilege

no

Oh ok phew

Im turning 20 in Nov

haha

oct 😎

Ok

brooooo same what day?

My birthday is now officially a national holiday as of this year

1 month older, but you're still less mature

🙄

hard disagree 👎

really?

Yeah

Juneteenth

Wait

oh ok

Sorry forgot Juneteenth was a thing

It also sometimes falls on Father’s Day like once every 5 years or something

icic

Well, ig what I can do with the api is setup Entity Framework Core

Should be pretty easy

changing site themes and colors is ok right?

Yea, shouldn't be too hard

but now I gotta come up with new table structures

you’d love doing a database class lol

The amount of times you’ve restructured it you’ve got to be an expert now

wym

Well the prior tables were originally taking into account creating accounts yourself

but now that im using SSO through microsoft I gotta come up with a new way

I mean I can roughly do it the same structure

as I think microsoft gives you an ID for the profile and I can use that to link my records together but idk

GUIDs are going to be your best friend

alright, well good night to ya

its late so ima head to bed

bye gn

Before four hours, my server suddenly rebooted itself.
I wonder why my server rebooted
I'm using ubuntu 20.04 LTS, i checked crash logs but empty.
so I think it was not a crash
Only thing i suspecting is System restart required appeared to ssh console when logging in
can ubuntu reboot itself for any updates link kernel?

yes

it could also be your server provider doing it

uuh the server is at my house

anyway so ill check update logs

thxs

you deserve it

New Discord system user ID for updates: 1232523165893132288

@keen gulch

@keen gulch

i randomly got a dm from it earlier with no message

{
  id: '1232523165893132288',
  username: 'discordupdates',
  avatar: 'b69b54acdb19b6e418cebad354d7e17f',
  discriminator: '0000',
  public_flags: 0,
  flags: 0,
  bot: true,
  system: true,
  banner: 'e9c6a0d39b1f319d36a2c1c11d2a2966',
  accent_color: null,
  global_name: 'Discord Updates',
  avatar_decoration_data: {
    asset: 'a_8c17e799bfeffa797042569a1ebcafc0',
    sku_id: '1245087850177888356'
  },
  banner_color: null,
  clan: null
}

Its discrim is 0000 when all converted users have a discrim of just 0

Discord being shitcord as usual

nah thats standard

same as their other internal accounts

its treated as a webhook, which has 0000

Except it isn't a webhook since that's from the GET /users/:id endpoint

i love how they gave it an av deco

rate my battery life

Has your battery turned into the forbidden pillow

yikes

it has nitro as well

:D

yup

it changed to 5 hours at 78%

rlly doubt that though

12% in ~14m

so rlly more like ~2h of battery life

on a surface pro 5 ouch

Consider the following solution for your laptop

err I guess I should have said craptop

Honestly laptops that only offer like 1-3hrs of battery life have little to no reason to exist. Always staying plugged in is literally what a desktop is for. It's E-waste at that point using laptop grade hardware for that kind of machine

it's still portable

it can run vsc

compile rust within reasonable time

  - Local:        http://localhost:8888

 ✓ Starting...
 ✓ Ready in 2.4s
 ○ Compiling / ...
 ✓ Compiled / in 7.8s (1948 modules)```
7.8 is not that bad for a laptop

I guess you could strictly say portable, but if I have a device I'm carrying around, I don't want to have to worry about when I have to plug it in next. My airpods max is a champ compared to my airpods pro

my macbook pro lasts like 3h on battery

but thats because I program on it pretty heavily

and use discod

which is a battery hog

Day (I've lost count on how long I've been asking) of wanting Discord to not use Electron

Same with VSC

yea

vsc and discord eat up most of my battery

Recently switched to a new browser called Arc where they're porting over Swift to Windows which is huge. Not using SwiftUI, still backed by WinUI, but it can be faster and use less memory than Firefox in my own testing

real

is there a good alternative to the normal discord app yet

with battery optimization in mind

no

all those modded clients still have to use discord

i refuse to use it

its the only browser that cant be used without an account

wtf is that shit

i have never used accounts on any other browser ever, not gonna start now lol

i had access and i don't think it's good for any non-regular users

with non-regular i mean developers etc

tab management with 50 tabs is already impossible but with arc you have to dream about it

mf

and pnpm eslint . does work..........

LETS GOOOOO

I fit the fucking links from a 8tb crawl into 250gb tops 🗣️

its over , war is over

https://tenor.com/view/butwhy-why-gif-27438167

a user of my site just reported that on opera gx the page is blank, refresh & ctrl f5 doesn't do anything

i looked with a fresh installation of gx

loaded the page (first load)

network tab: 304, unmodified

tf?

see network tab

non-chromium is weird half the time

github actions is super cool but cant they like get quantum computers or some shit because i dont want to wait 10 minutes for my jobs to finish /j

god damnit ikea
cant even get title case right smh

analysis

I am doing research about crypto coin risks and risk aversion

darn ws

not sure why they label DoS incidents as high severity though

medium if anything, id reserve high severity for things like potential data leakage/RCE

actually mostly because its so easy to perform

people are gonna be having a field day doing this to random node websites since most use ws

👀

yeah shows up on npm too