#development

Yeah I mean I definitely played with the idea, but then threw it out. There's still the posibility of pre-defined roles that can eb assigned, but dynamically creating the roles aren't possible. They are defined at "compilation" time is ig the best way to describe it. You can't create them at runtime

have you thought of the possibility of adding more roles in the future?

There definitely will be as the app is more fleshed out.

idk if its just me but gemini sucks so bad

Right now only the developer role exists cause thats as far as my implementation ahs gone for now

in my experience the pro model is miles ahead of the best claude model for coding

I already have a hierarchy of positions in the platform planned out

cant disagree i did have much better luck with the pro models, but anything under and it gets confused quickly and just becomes meh at least from my experience

yeah it does have acute dementia

I've tried both claude pro and gemini pro, claude was honestly the better one for me

claude is OP

idk what crack theyre feeding that llm

no idea

but it has hella fuckin insights on even the most obscure libraries

💀

@pearl trail oh also, roles are secondary, they only exist for the permission system. I don't really check for roles in the backend anymore.

PBAC rather than RBAC now

oh wow, some complex thing there

i bet you knew them already!

I've been having a lot of fun with the backend

awesome! i am so happy to hear you having fun with the backend and not being burned out!

as you should be!

nah idk it. i still love rbac for now xD

might want to learn others

i love your sense of curiosity!

PBAC is actually rather easy to implement

especially since you already use RBAC

Just make resources with actions attached to them.

e.g

const statements = {
  organization: ['create', 'read', 'update', 'delete']
  listings: ['create', 'read', 'update', 'delete']
} // this is passed to my acHandler

const developer = acHandler.newRole({
  organization: ['create', 'read', 'update', 'delete']
  listings: ['create', 'read', 'update', 'delete']
})

const member = acHandler.newRole({
  organization: ['read'],
  listings: ['create', 'read', 'update', 'delete']
})

I do acHandler here cause I have one, but really anyway you can keep track of the new roles is fine.

Then in your backend api routes, just check for permissions. Look at the role(s) they have, and check for the permissions those roles are assigned

interesting!

Eh I did a rather poor explanation since I use a ac handler but the gist of it is

define resources and actions, then define what actions and resources those roles can perform

i see i see, thank you aaron!

Never heard of PBAC

Looking at the code, looks like ABAC

policy-based access control

I guess you can call it what you want

At it's core its just permissions to perform an action on a given resource

what about PNAG

can't use emojis in autocomplete?

pretty sure you can

but you pass as an emoji instead of sending the emoji like that

actually it can use custom emojis?

finally made an actual react app for the first time!! 😃

better late than never ig lul

i'm so happy that i finally understood what useeffect and usestate mean 😭

i feel like a newbie all over again

I made an actual rust project

for the first time

LETS GOOOOO

🚀

useEffect and useState are by far the most important hooks you'll ever use

very easy to understand em too

I chose to create a Discord bot in Rust because I found it easier to understand

useEffect is used quite a bit in the current temporary frontend for Mercatus

Gotta make sure you use them correctly and appropriately tho

Lots of people fail

yeah for sure

I've run into quite bit of times where i've used them "out of order"

https://react.dev/learn/you-might-not-need-an-effect

good read

This happens A LOT when you have nested function calls

that also make use of the hooks

how's this?

useToken is ```js
export default function useToken() {
const [token, setToken] = useState(() => localStorage.getItem('token'))

useEffect(() => {
const storageHandler = () => setToken(localStorage.getItem('token'))

window.addEventListener('storage', storageHandler)

return () => window.removeEventListener('storage', storageHandler)

}, [])

return token
}

function Form() {
  const [firstName, setFirstName] = useState('Taylor');
  const [lastName, setLastName] = useState('Swift');

  // 🔴 Avoid: redundant state and unnecessary Effect
  const [fullName, setFullName] = useState('');
  useEffect(() => {
    setFullName(firstName + ' ' + lastName);
  }, [firstName, lastName]);
  // ...
}
``` im sorry....but anyone who does this

You think you understand what they mean until you start getting dependency array rerender issues 😉

SHUT

this is for my homework

Wait until null runs into out of order issues

Ima be real I prolly dont need useEffect for half of what i do either

but then again

im not the frontend guy so idrc

I already did my homework when deciding to use @tanstack/query

Been very helpful in caching and relieving old data

what do you guys think of this? #development message

pls roast my newbie react skills 😃

it also keeps me happy at 5am

https://react.dev/learn/you-might-not-need-an-effect#initializing-the-application

that specific part

😭

kind of reminds me of the debounce method...withotu setting it back to false ofc

Honestly, idc how the app perfroms so long as it performs well enough to make a viable MVP

Fair

This is problematic

why

Probably shouldn’t use localStorage for a token unless it’s a temporary JWT access and you have a long-lived refresh token saved in an http only cookie

Also unrelated why axios over browser fetch

The code itself is fine though

I wonder what waffle and pancake would think if they saw my current code 💀

that's... in my lecturer note examples

Just due to user manipulation of local storage?

sdddsifdsfhsdf

Nah, it’s because JavaScript has access to it. Vulnerable to XSS

They will likely teach you the downsides of it later then...hopefully

if its a competent class

You won’t ever be able to prevent the end user of the token from seeing the actual token, but you can prevent attackers from accessing it via JavaScript

It’s convenient but technically insecure

😃

Tokens should probably be stored in an HttpOnly cookie

Im actually really curious now

Waffle, do you think you could review my code at some point

That way the only code that can access it would be the server it’s intended for

I'd like to know if my skills are any good or if i've gotten rusty

Sure

I think ur still a member of the mercatus org

nvm ur not

wait waffle have you seen my rust code

@radiant kraken generally the user auth flow is something like this

1. User initiates login request to server with credentials
2. Server verifies credentials
3. Server issues an HttpOnly cookie in the headers of the response containing the access token
4. Client app includes this cookie alongside every request that requires authentication
5. Server verifies identity of user by reading the authentication cookie in the incoming future requests

I glanced at the screen capture code earlier when you added me, but haven’t had the time to do an in-depth review

Isn't this still possible with cookies?

fairs! it's okay!

Not if they’re HttpOnly

I mean I found a website that stored cookies as user_session=userid

And I was able to edit it in browser and be any user

🧠

Cookies marked as HttpOnly are completely inaccessible to JavaScript, and it is the browser’s job to manage them

You can still access them as the end user

I once found a site that used jwt for auth, but didnt actually verify the jwt signatures..

You just can’t access them via any sort of javascript

OHHH

I was mixing up my attacks

https://tenor.com/dLsnycR7aCo.gif

XSS the site has injected scripts that run for every user

jesus

even better was that the jwt just stored the user email, and the admin email was publicly known

im so sorry for the hideous code guys

There’s a few different forms of XSS and they’re fairly rare now, but yeah that’s the general idea

please dont take it seriously, its just my homework

yeah okay I get it now

No no your code quality is fine, just letting you know the approach to use in prod 🙂

I just learned about jwt audience and issuer along with secret to make it more secure because now you need 3 things to crack it so that was nice thing to learn

but I only store user id in jwt

I just dont use jwt for sessions, and do the good old

session_id:session_token in the cookie approach

session_id is a random 16 char ascii string, session_token is a bcrypt hash

Yeah I was gonna say, JWT kind of overcomplicates things for simple auth

is there anything wrong with JWT besides over complication?

Not really

To work with it is very simple so I've always used it

no good way to revoke them

oh true

there is

just rotate the secret

sent u an inv to the org btw.

that will revoke all jwts then

or store a unique ID in the JWT

and invalidate it via the ID in redis

well my week project will be redoing my entire auth to have revokable tokens, and use http only cookies

true but ur getting closer to a standard session system

Generally speaking I prefer the refresh token & access token approach if you really need to use tokens

it's close but still more efficient

depends

I feel like this is a huge leap from what we were talking about

in all fairness a lot of places just rotate the session token with each deployment

if they're on a regular release cycle (like 1 release a month)

yeah, in my case I need to replicate sessions across the globe without them randomly expiring before their actual expiry and having the ability to revoke individual sessions

If you really want to not worry about auth, use ASP.NET Identity ;^)

jwt just doesnt make sense in such a case

The goat of web frameworks

I use better-auth for my stuff

It's actually been a godsend

If you want to REALLY not worry about auth, no encryption and public email password display!

I dont use any external auth framework for my stuff because im paranoid

You don't have to worry at all

I don't because I'm too lazy to learn

also true

I do because I trust the people who are smarter than me

Even if I could, I wouldn't bother still.

that's fair

The amount of effort to re-invent the wheel

Better to focus on more important aspects of your application.

There’s so many other high value targets that would be completely fucked if asp.net identity was insecure somehow

Wait but what if my application is all about reinventing the wheel 🙁

I really hate github projects that claim to be self-hostable and then require some saas auth stuff to use them

If I still used C# I'd use it too

I hate a self hostable GitHub project for like a bookmark manager and it requires 65 auth tokens

because they do nothing themselves

I’m biased because I’ve worked with it a lot but C# feels like they really perfected a solid model for REST API development with asp.net

They really struck gold

https://better-auth.com has been a big help for me

ahem forgot you need tlds

How does their identity system work?

/what makes it so good

It’s pretty much plug-and-play

And fully extendable/customizable

It abstracts a lot of the garbage of auth away from you, and supports role-based auth straight out of the box

C# is a really extendible language in general isnt it

Yeah, they designed it to be flexible

Ooh

I had to add a permission system into my application but role based off that bat? Sounds amazing

finally some progress on the engine

I think I'm finally starting to understand wgpu/graphics programming better now

@radiant kraken thoughts?

my code is lowkey ass ngl

AWESOMEEEE

you are truly amazing!

I'm working on materials next

Although the materials won't really matter until I have lighting anyways

good luckk!!

real 3d blender models working now

@frosty salmon what lang do you use on your bot?

python

shit idk python as much

im more interested in the domain concept

i bought a domain, except im not really sure what to do with it pertaining this

i am using FastAPI in code, bought the domain off cloudflare

You're talking about the webhook stuff?

yh

currently i have the code to capture the webhook responses

but no connection

It's probably because your API has to be publicly accessible to top.gg, using localhost won't work

Ngrok or cloudflare tunnels are the next easiest route

Ngrok isn't great tho

Not ideal long term

I personally use cloudflare tunnels

Technically if you want to test locally, you can point top.gg to your domain, then have your domain's DNS point to your home IP, then port forward your API on your home network to the port that the DNS points to

But that's a lot of work, and you have to remember to disable the port forward and stuff after you're done testing. You're better off with cf tunnels

I used to do that before CF and yeah it's not fun, not pleasant or anything like that

Plus having your IP exposed isn't the best

Yup. Anyone can do a simple traceroute command and see your home IP. Not like it's crazy sensitive info, just probably not the best to have exposed

yh i plan to use a tunnel

issue is, im not planning on maintaining a local host

i have a buddy that has a rasberrypi, i plan to import it there, idk how that would work tho

You can still tunnel from an rpi

is there no way to generalize this process so i dont have to?

There is a utility called cloudflared on ubuntu/linux distros that allows you to have a systemd service running for cf tunnels

If you didn't want to use tunnels then you'd have to set up your DNS to point to your buddy's IP, which again, not optimal

Either that or you can use a "real" cloud hosting provider, that way you don't have to use a tunnel, since it's no longer your home network

so either which way I need cloudflare?

Pretty much, if you plan on self-hosting

If you use a proper cloud provider like AWS, DigitalOcean, etc., then you wouldn't need cloudflare tunnels

local hosting is just for testing, i cant rely on local, i plan to tranfer it after all the testing, so i just wanted to kinda set everything up so it's a smooth transfer

If you're hosting it on a buddy's raspberry pi you have the same issue as if you were hosting it locally, that's what I'm saying

There will be some level of manual setup involved no matter what once you switch from a development environment to a production environment

ic

I use ssh tunnel instead to forward my localhost server stuff to pc using bitvise

You could automate some of the process with a CI/CD pipeline, but from the stage you're at, that sounds like way more work than it's worth

yh, it's not smth big, very small project

well, i have the domain, i think i do have cloudflare installed, i'd have to double check, and i've integrated code to accept it calls to the webhook, so i just need to create a tunnel and link it right?

Pretty much, yup

haven't worked with the Discord API in a while ik the Embed system was updated and just wanna know if embeds are still locked down to one attachment

Gallery component allows more I believe

@solemn latch @harsh nova scam ^

How to fit every tech buzz word into 1 message

i mean it gets the investors going

.b 1449406693309153412 posting scam messages in #development

Banned nana3virtue

gonna take a guess and say im setting the name wrong?

is this for an embed?

If your doing that you need id: and then name:

The id =/ name

Components V2 on Select menu

I see, never used it so nvm

  "type": 3,
  "custom_id": "dept_select",
  "options": [
    {
      "label": "Hartford Police Department",
      "value": "HPD",
      "emoji": {
        "id": "1460317232448934123",
        "name": "hpd"
      }
    }
  ]
}```

Im using discohook to reference the format but it doesn't say anything for custom emojis

Custom emoji within v2 require a name and an id

So name: then id:

Thanks. I'll test this in a bit

No problem:)

that worked thank you!

No problem 😁

is there a proper way to cache/store interactions or embeds so that they stay working after the bot restarts?

What kind of interactions?

for example my bot sends embeds to a certain channel for user appeals but on one of my older bots that did this the embeds buttons stopped working and kept crashing the bot because the bot kept restarting

unknown interaction was the error i think

i really havent worked on discord bots in a year or so

You can listen directly to the interaction_create event

oh hmm

i'll try this in a bit and i'll see how it works

Afaik it's somewhat different in python tho? I'm not sure

idk im working in js

persistent views

What

idk if they exist in js

they exist in py

Ive never heard of this in my life

the only way to persistently store something between program runs is by using persistent storage of some sort, e.g. a file system or a database (database preferred in this scenario)

I was gonna do databases but I don't know how to properly save it

I’m assuming you can save the interaction ID, then fetch it on a restart

Haven’t worked with discord stuff in a while though, but I’m assuming that’s what everyone does

I could experiment with it

unless ur python

we use custom ids and buttons and such just reconnect with the custom id

What I said is true regardless of the language

"Reconnecting" with the custom id is the same as storing something persistently

state mangement is always state mangement

I think you're a fan of Python

I am in fact a python user

I use js too though

No way the .py in your name makes you a python user shockers

Almost like I did it on purpose 🤣

hahaha i should do that toooo

Somebody asked me the other day what I code in though...

forehead smack

Should have said english

would have been a good joke

use std::ops::Deref;

type BBox<'a> = Box<dyn Deref<Target = Box<dyn Deref<Target = Box<u8>> + 'a>> + 'a>;

fn main() {
    let bbox: BBox = Box::new(Box::new(
        Box::new(Box::new(Box::new(9u8))) as Box<dyn Deref<Target = Box<u8>>>
    ));

    println!("Hello, world! {}", *****bbox);
}

That would have been 🤣. I was just appalled they asked since its in my name. But then again I code in like 5 or 6 languages so

i'm not really a fan of Box<T> and seeing this makes me wanna 🤢

I am the boxer

🥊

Just made some stuff up in my mind i could save each button on an interactionID i.e: customId: button:${interactionId}

it could work might not idk

HOLY SHIT IT WORKED

...

what

https://crates.io/crates/ouroboros

very interesting

owoh

whoops

owobowos

this is so cursed

its so useful

i know

this was my usecase that required it

    fn read_file(
        &self,
        path: &(dyn AsRef<Path> + Send + Sync),
        _range: Option<ByteRange>,
    ) -> Result<FileRead, anyhow::Error> {
        let mut archive = self.archive.clone();
        let size = archive.better_by_path(path.as_ref())?.size();

        #[ouroboros::self_referencing]
        pub struct ZipFileReader {
            archive: zip::ZipArchive<MultiReader>,

            #[borrows(mut archive)]
            #[covariant]
            entry: zip::read::ZipFile<'this, MultiReader>,
        }

        impl std::io::Read for ZipFileReader {
            fn read(&mut self, buf: &mut [u8]) -> std::io::Result<usize> {
                self.with_entry_mut(|entry| entry.read(buf))
            }
        }

        Ok(FileRead {
            size,
            total_size: size,
            reader_range: None,
            reader: Box::new(ZipFileReader::try_new(archive, |archive| {
                archive.better_by_path(path.as_ref())
            })?),
        })
    }

interesting

Rust developers vs recursive structures challenge

true

(must avoid pointers at all costs)

((Box<T> must be treated as a sin))

i am guilty of that second one

😔

Me too

Box is awesome

me when i hear dynamic, overhead, runtime 🤢

sadly this isnt something Box can fix

unless I fork the zip library

let boxybox = Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(Box::new(67))))))))))))))))))))))))))))))))))))))))))))))))));

me when I hear 0 cost abstraction

this is how i think python operates

my box is better

not incredibly inaccurate

this is the best box

tho the 67 makes urs come very close

my box could be 2000 references and youd never know

pub struct Box<T> {
    inner: Box<T>
}

ohno

Never thought id see people argue about a box

the box has feelings too

Rust box fans vs C++ smart pointer enjoyers (they are the same thing)

me when Arc enters the room

Box<Vec<Arc<Rc<Cell<UnsafeCell<RefCell<T>>>>>>>

Arc ❤️

can't live without you

noone asks about his brother Rc

forgotten

lost media

i've never found a usecase for Rc

though after 5 years I finally found a usecase for Cell

I use it in my lang parser

same with RefCell

Rc<RefCell<T>>

yes

that is how I use it

so far it's very rare for me to need those types

i had to use Cell as a last resort

Rc<RefCell<T>> isn’t the best idea unless you know what you’re doing

I used it a fair amount in my mini JVM

Probably just meant I was doing things wrong

But rc is just super cheap to clone so it’s nice

what about Pin? have you guys used Pin?

for futures yes

(Box<Pin<T>> for futures dont count)

but I usually require Unpin so doesnt matter

then no

also its Pin<Box<T>> no?

right

havent used those in so long

i ditched using tokio in my multithreaded app

no clue what you would use them for besides making future traits happy

making things non-async actually made it way easier for me

same

https://crates.io/crates/pnet

amazing crate

67 67 67 67

Bro's coding F1 simulator

lmfao

HUZZAH!!

oh my days finding cursed hang issues is such a relieve

i need to query a great mind from the wonderful top.gg community
does anyone know if using components v2 would (help) resolve stale users properly?
my thought would be yes since it (can be) parsed as an actual mention...but not 100% sure
example of what i mean attached in screenshot

Short answer: Yes

Long answer, Yes, with a caveat

This only works if you actually use the resolved users from the interaction. If your code still parses the raw string <@ID> manually, switching to v2 alone won’t magically fix stale mentions.

You also need to handle cases where the user might have left the server - v2 still gives you the ID, but the User object might be partial.

interesting! appreciate the answer 🫶

If you are a music bot maker, please never detect when other bots are in the channel and advertise

what ?

Looks like rythm is advertising itself with a mention when you join a voice channel

Yea that's a bit scummy

I made one that doesn't connect to the voice channel when another bot is present

https://tenor.com/view/shoebill-bird-rain-beautiful-gif-18429868

isnt that against discord terms??

though they do let you turn it off it looks like with a button on the embed

of course, on by default

My understanding is it’s not

i dont get why cloudflare doesnt discourage the "flexible" tls option, its basically a copout in terms of security and gives a false sense of security

full is the best here since you can maintain your own selfsigned cert and not have to worry about third party CAs, still very secure

yeah i do full but with valid certs on my side so im not vendor locked in an emergency but can still use some um, invalid certs

my question is, why is Off an option

tbh theres still some uses to no tls such as supporting very old devices (those sites still exist) or.. you just dont want tls and your site doesnt serve anything private

but for 99% of use cases yeah you should use it

I use full strict because I’m lazy

Yeah ig but is there even a reason to using cloudflare otherwise? I guess for the DNS but your domain provider's built in DNS would function just as well

I mean if you do Full Strict and use cloudflares CA it's even better

tfw you get banned by your own fail2ban and wonder why the fk your website isnt loading

Truly magical

ong tim new pfp

Your pfp looks like you are being held at gunpoint to make that face

I'm a bet analyst. I'm into betting and gambling click the link on profile to get access

@solemn latch !

can you analyze whether or not doing ur mom is a good bet

https://tenor.com/view/he-made-a-statement-statement-dog-gang-praised-gif-14847923944265501688

wassup

nothing much, hbu? doing the project?

yuhhh

Got a decent bit done

Even some minor frontend stuff

been using @tanstack/query a good bit, and it's been very pleasent

Settings page

wahh you always got something very interesting to use

so you use it for forms too?

nah

I use it for any data that needs to be displayed/used consistently on the frontend

It handles caching, stales, and mutations

It's also reactive so any data that is mutated can be re-fetched ahead of time OR when it stales it refetches anyways

oh, so just like swr but more advanced yeah?

Yeah it’s similar

i see, what’s your approach for forms? i’ve been using zod so far and quite a pain to implement on react

I don’t currently validate forms

Wasn’t a top of the priority thing considering I handle validation server side anyways, it’s just not "reactive" rn

But I would definitely use tanstack for forms as well just for simplicity sakes

ahh i see xD

lmao

Hey! I wonder if anyone can help me. My server uses the Arcane levelling system and I'd like a bot that auto assigns the roles that correlate to levels - however unsure which ones provide that service. If anyone has any answers, please ping!

arcane does have that feature.? https://docs.arcane.bot/plugins/leveling/setup/role-rewards

im not sure, i dont use it

yes it does

besides, the only bot that can give level roles is the one managing the level

Oh!! I didn't know 😭

Sorry!

hai takiyoo!!!

how was your exams? did you do well?

When you start separating normal users, from say staff, how would you guys differentiate them code wise? Me I would say use a isStaff field on the database table that is a true/false value but I am not 100% certain that will be concise enough without any vaugeness. Mainly because someone could be a student at a campus, but also be staff for the marketplace.

depends how much wiggle room you want to leave to expand this later on. if you only need to differentiate staff and non staff, yeah a single bool field works. if you want to introduce roles, i.e. admin, mod, default I would go for bitflags.

I have no idea what you're working on but it sounds like bitflags are in your lane, since you can mix and match those. a user can simultaneously be "staff" and a student, or staff and a teacher. or just a student/teacher without a staff flag. all stored in a single field

just be careful not to introduce any illegal states

i.e. teacher and student at the same time

Bitwise flags

Just because you won't have a table with x columns if you add roles or other stuff

hey guys, how do i check whether a user has a tag?

using djs v14

i don't think its possible, is it?

It's part of the user object afaik

i log the user boject but can't find it

i am still on djs v14 though

primary_guild or something like this

yeah i know, been logging myseld but didn't work.

Are you logging the raw object

Also what's the version you are using

discordjs v14 doesn't parse the primary_guild into the user class

It was added in 14.22.0

Oh did they finally add it

sweet

@solemn latch

?

https://github.com/discordjs/discord.js/releases/tag/14.22.0

I'm not advertising, I'm just offering features.

We don't care

Go somewhere else

okey sorry

i am likely on an older version

I LOVE FINITE STATE AUTOMATA 😍🫶

@clever tundra do you know about bot hosting . net and wispbyte ?

my cookies work around for my music bot is not working anymore

its giving me me this error "[https @ 0x5e97c0e60300] HTTP error 403 Forbidden"

Free hosting, cookies, music bot, work arround. Why everything here sounds pretty fishy

i host my bots on my own laptop, better than the free hostings i used to had cuz they kept going out randomly

how do you host on ur laptob

do you mean u just dont close it ?

yeah spare laptop

i did the same in the beginning

but vps is much better than anything else

• you got static public ip (mostly), 99.9% SLA, guaranteed bandwidth

What's the easiest way to track the source of a bot invite? For example so that I can see what % of my bot's invites come from top.gg or another bot list? is it just to put &redirect_uri=... to my own website at the end of the invite link?

i see

i run linux on it + i also changed a bit of the settings so i can keep the laptop on with the lid closed

oh fr can you tell me how cause thatd be pretty dope

you just get ur bot code, run it on ur pc and yeah u just leave it

that's kinda if

hm

install any linux server distro -> enable ssh -> locate the ip -> leave that somewhere and you access it from anywhere via ssh

i dont use linux server, i prefer the gui more also ssh is complicated for me i use teamviewer cuz its just more convinient for me, prob may be just me im not a big fan of the terminal

We built our own Home lab server it’s technically running on Lennox pterodactyl panel

damn, i wanna build one too one day just my parents wont let me lol

Yeah, but I can get really expensive we’re probably paying about 3K to build the whole system

Including Internet

I just got trust issues with hosting providers

It’s surprising how expensive it gets

damn

i mean it depends on how many servers u got

how many u got?

1

but that’s including all the hardware

1? damn that much just for 1

But that’s including API and custom

yeah that'll be way too complicated

lol

what bots have u worked on?

id like to see

There’s a lot of stuff you need to learn. The API is very complicated. The one that we’ve got.

I only work on the one discord bot now but I’ve had many in the past at this point, I’ve lost track

well yeah whats the current one u work on?

It’s cold Helios

give me a invite link in dms

to the bot

Most of my other bots weren’t very popular than this one

Just say the least

And yes, it’s a really good idea to have the voting thing

what is SLA?

I have never heard that before either

It's probably some kind of indicator that guarantees the quality of service

yeah basically that, service level agreement

I hosted everything myself

interesting! how is it measured and why is that the case?

they decide the SLA, not us. e.g:

• https://us.ovhcloud.com/legal/sla/public-cloud/
• https://aws.amazon.com/compute/sla/

noted noted, thank you so much! ❤️

I don’t trust housing providers any more. I never have.

The last time I went with the hosting provider, they delivered my shit even though I paid for it couldn’t even get my data back

ah yes, dont forget 321 backup rule

I trust Florian more than I trust myself

™

I hosted myself at home

It’s so much easier and you don’t have to stress about it

i am very protective of all my data
raid 1 4tb on all boot disks, raid 6 on all bigger arrays, and all data gets encrypted and sent to hetzner storage boxes every night

yeah that's great if you can get a fast internet provider

my issue is that providers here are expensive it's just worth more to rent multiple vpses

My butt doesn’t do music so I’m all good

It only does commands

no wonder your butt doesnt do music

Where with Telstra and they are okay we’ve had no issues with them

xD

We’ve had issues with our code

There’s nothing to do with the provider

There’s actually nothing wrong with our music part. It’s a source code and second of all it’s because of the new version of no JS that is breaking our system. For that music part.

nono i'm joking for the "butt" 😭

Oh okay

You’re all good

🙏

I wish we could get it to work, but there’s so many issues with it

Funny enough, we did roll it back to an older version of it, but it worked for five minutes and then broke

And then two months later than my friend bought broke as well, so it’s not just me that the affected with it

sounds pretty hard to do hahaha 😅 do you do it on your personal projects? if so, how did you achieve it?

Me and my friend had the same problem at the exact same time so I’m not the only one 😂

Any only way to fix it is to move it to Java. I confuse to do.

Mainly my projects just for fun and to enjoy it and to keep my brain busy

Because of my disability, it’s kinda hard for me to get out to places and do things so this is the only way that I can keep my brain busy

eh not that hard, i just backup only the databases on my vps to cf r2 automatically using cron. tho that’s actually 211 xD but it’s enough already for my case

interesting interesting!

yeah doing projects is a fun time killer :D

hahaha it's fun until you get burned out

when i get burned out my project's progress slows down by a lot

I’ve got my way

I’ve got my waist that I don’t get burnt out

i have like 4 projects right now

Only got one, which is good for me

So, I don’t really get burnt out

@pearl trail oh btw #development message

oo, so far been easy ;D

sounds awesome! you are so smart!

what was the subject(s)?

Hm

Hi, i'm new here. I have just created a Bot, is it a channel where i can request for feedbacks on it?

https://github.com/FractalFir/rustc_codegen_clr

interesting

funny AI slop

kool

when i saw your pfp i thought you were luke for a sec

im lukev2

i was like "since when was luke experienced"

lmao

the roast

damn

When can us peasants upgrade to experienced even?

you can notify a staff member for it

@pearl trail 100% deserves it

0x7d8 too

you people here are scary

10/10

pancake!!!

Also love the new pfp tim

how's your math engine??

it works okay ish, I haven't been able to test it for it's actual application yet because I'm figuring out gradle

It was just made to make math In programming easier to read and understand for robotics

awesome!!

What have you been working on? How is school going?

school is going well, i finally understood a chapter on discrete mathematics!! doing homeworks right now, because i have three of them due this week 😭

i am currently maintaining one of my projects, i've been reconsidering the ideas i've come up for my biggest planned projects

i wanna prioritize novelty

but it's really hard to find fresh ideas for a platform unless you're willing to go super niche

Real

Booo homework but yay understanding homework

i've been looking up like-minded reddit threads and a lot of them seem to be "we don't need another [...] platform"

and i agree the oversaturation of platforms can be very overwhelming

but it's so demotivating

🙁

nah far from experienced

yeah more like beyond experienced

but jokes aside you seriously deserve it!

you're super active here and you know pretty much everything about the web 🤭

java needs to start being scared with my type name lengths https://flare.rjns.dev/68yE7/flameshot-sgmo37.png

too short

true

Missing AbstractBaseClassFactoryProviderImpl

im in identation hell https://flare.rjns.dev/68yE7/flameshot-8mycs6.png

so much identation that rustfmt is refusing to format the idented code

hey im looking for a graphic designer to my project if you into the topic please contact with me via dm

No thanks

hate these

contract stuff

but god they piss me off at work

we have SLAs between departments

hr dep has 1% sla per year

hm

what is the difference in them ?

i downloaded the youtube-plugin-1.16.0.jar but my lavalink cannot detect it

I hope you understand that streaming music from YouTube breaks YouTube's ToS, which also breaks Discord's ToS

does it ?

then how is these bots doing it

95% they do it by breaking the ToS, the rest uses other platform i can’t tell

wym you cant tell ?

Trade secrets. Music was/is a super competitive area and with youtube being the big no no haram, it left a void to be filled and some people have found good replacements

Needless to say, if you use youtube and make that public, you are inviting trouble

try finding some radio stations. There are some real good ones I've found just by looking and listening

what do i do then

can you tell me some

explore https://radio.net and use network tools to see if you can get a link that reliably redirects to or is the raw url of the radio station. I think the ones I've added havent changes their links ever

I'm also a personal fan of https://frisky.fm

You also can't go wrong with https://listen.moe

so how exactly can i use it

That's for you to figure out. If you can't, then you probably shouldn't be making a music bot or a music feature. Music is a pretty hard thing to maintain at scale.

I speak from experience

yeah well ik that 😅

hey guys, does npm install scan the package that i am installing for malicious code patterns etc?

I am basically trying to do a bachelor thesis about making the install a bit more safe.
Npm as a package manager let me install one big scammy fucking package whilst on bun it flagged it before install.

no i dont believe so, its very basic

any malicious packages have to be actioned by the npm team

although it sounds like bun is just using somewhat basic heuristics to detect this, which means you could also probably evade it relatively easily

i see awesome!

That would form a good basis for my bachelor thesis then

@pearl trail just curious, have you used Doppler?

just came across it in my uni's cybersecurity chapter, thought it looked cool

oh nope, don't even know what is that yet

I have

Its really nice but useless if you dont use ip restrictions (aka their paid developer plan)

SecretOps platform

lets dev teams distribute secrets safely across their members without needing to publish tokens to the project's git repository

Well, useless is a huge word. But it injects env variables on runtime.

so you dont need to keep env variables or secrets stored locally.

mhm

i used it in prod with ip restrictions.

Even if someone gets ahold of my doppler cli token, they can’t get the variables unless they are in my list of ip ranges

niceee!!

sup

https://pubs.opengroup.org/onlinepubs/9799919799/functions/posix_fadvise.html

ive (tried) using it before on linux with a database im working on but found it doesnt have any significant impact

the kernel is usually pretty good at predicting access patterns

plus you also pay a syscall cost by providing that hint

I guess it does affect readahead though https://elixir.bootlin.com/linux/v6.18.5/source/mm/readahead.c#L558

which saves some disk io

good on slow storage

but isnt it only once per fd?

its not only for the fd but also segments within that fd, for example you can hint to the kernel that youll need a certain address range of an fd soon so it can start to perform readahead on it (POSIX_FADV_WILLNEED)
although as i mentioned i really havent seen any noticeable improvements when hinting the access pattern to the kernel before reading (POSIX_FADV_SEQUENTIAL / POSIX_FADV_RANDOM), but then again last time i tested it it was on an m.2 ssd so even if the kernel mispredicts it probably wont slow things down much, so ti could very well be good on hard drives

ah I see, interesting

theres also madvise for memory mapped ranges which can be useful if you want to avoid a page fault on access by hinting to the kernel you may need an area within that mapping soon
although its very tricky to take advantage of it because the kernel also predicts readahead on memory mappings (quite well too) and i found any hints you try give it it just slows things down because of that extra logic and syscall

kernels on machines with lots of memory available also very aggressively cache files and memory mappings (if you read a file/range earlier, chances are its probably still cached an hour later if the kernel hasnt purged it) so hints like these become sort of obsolete (except maybe in the beginning to hint the fd access pattern), so you prob dont see it used often

yeah makes sense

i wish io_uring were more supported

insecure 🔥 but blazingy efficient 🔥

but mmaps are also very cool, havent really had a good use for them yet though

io_uring is absolutely awesome and i wanna use it soon for my database project because i think it will bring massive speedups

back in my day you had to spin up another thread for async IO 🧓

was thinking of writing my own rust reactor for async file io with uring that you can put next to tokio (but idk if I want to invest in this)

I am aware of the giant cpu and speed savings

would also maybe get cursed with buffers, since the kernel needs to "own" them if you want it to be safe

which means I either preallocate a slab in the kernel (with drop guarded fake vecs) or I require an owned vec that I give back after reading

wonder if youd still get most of the performance even when implementing the default tokio AsyncRead trait + a kernel buffer slab

but then obv copying from slab to buffer ref

"hey so we're allowing you to search music through spotify search queries, but we're deeeefinitely playing them through spotify"

unless you're keeping an own database of music, everything is youtube or soundcloud afaik

If i pay someone can they make me a good looking top.gg page like the ticket king for my bot

Probably(?) but I haven't seen anyone active on this channel doing it

Just use/learn html/css instead like a dev should 🙂

tbh nowadays you can just get an llm to write you a decent looking page if you have no experience

it will look like an llm wrote it but at least it will be stylish

made this in less than 10s

Could definitely use it to make a top.gg page and tbh there's no shame in it

Web dev is one of the only things i'd ever say its okay to use AI for

It's good for getting a starting point

ofc I would always recommend learning what css variables do, and what html does as well so you can build off it

nexusbot?

mockdata

The servers where my bot is located show 0.

https://developer.mozilla.org/en-US/docs/Web/API/File_System_API

i mock your data

I mock ur mom

i mock your dad and fork your mom

Woah now buddy

Too far

reporting you to the brazilian police

lmfaop

i'll hit you up to "get start" after you get unbanned

@harsh nova wasn't this the course you were lookin for to make it rich

Some minor progress on statcord, I plan to improve the bot from here onwards, with snippets taken from the site

There's no mock data being used here, it's all real

I stole the sidebar from sahdcnUI

this is cool

gonna be good competition bro, smashing it 👏

out of curiosity is there a reason you went with smoothed graphs

Honestly, rechart ( the chart gen lib I'm using) hasn't been configured much, everything is pretty bone stock 😭

The heatmap is fully custom though proud of that

@low marten how are you storing your data out of curiosity

Postgres, for legal reasons message content isn't collected or stored

yea fair

Using anything specific or just raw postgres?

Raw timescale bucketed into hours, I had someone peer review the database structure for me haha

I'm sure it could be improved

we're doing something similar atm

timescale is amazing tbf

love how fast it is

do you use compression or anything

or are you just storing raw data with nothing else

for context:
we use timescale and have collectively almost 3 billion rows in timescale so

Raw for now, all this is pretty new. I have around 10-20 million rows last time I checked

Make sense, looks good tho

Thanks, I'll take a look at the non-smooth charts later on for sure

Especially for the area-charts

nice

Hey all – I built a privacy-focused Quote of the Day bot and I’m looking for a few people to break it 🔨

I've tested it myself, but nothing beats real users finding things I missed. It’s free, doesn't need admin perms, and you can kick it immediately after testing if you want.

PM me if interested!

joins to advertise
account 2 days old

@harsh nova o/

I wouldnt say mod required but it's a bit weird

doesnt seem genuine tbh

most people would just ask and post their bot link

not ask for a dm

anyways, how you doing builder

Yea no clue what their goal is

Doing pretty good just been taking a coding break and watching some stuff like anime and a interesting series on bbc silverpoint

ah fair

ive been watching blue bloods

https://en.wikipedia.org/wiki/Silverpoint_(TV_series)

Wait

im sorry

CBBC

god I havent heard that channel name in ages

@solemn latch

dam, I got over a 50% performance gain when copying a 6gb folder by using rustix::fs::copy_file_range in 32kb chunks instead of manually reading then writing in 32kb chunks

is it within the same machine?

yes

why not just make a symlink?

cuz I need an actual copy

ngl I preferred the previous website home UI, the dashboard is better tho
also why do you keep changing the branding

i'm experimenting until i find something i want to settle on, that's easy to expand upon

i don't see this one changing for a while

the only thing i would change is removing this

?

bruh i accidentally attatched 2

the circled bit

ah alright

it's only there for design symmetry

i think its mentioned a lot in that box so isnt really needed

i see 7 'messages'

hmmm this is diffucult, i'm not sure which one i prefer

I prefer hard point but I'm biased

i like mine smooth

For messages I say neither

Use steps instead of peaks, you can't have 0.62 messages so the interpolation is bogus

there's no decimals in the y axis, it's all whole numbers, i'm not sure how it'd ever end up at '0.62' messages like you state, i'm also only working with what rechart provides, i suck at custom chart gen

actually, correction, since i merged the VC and message charts, there is now decimals, however quite clearly, as you can see on an empty server, with minimal data, it does rest correctly, within whole number boundaries

i made the horizontal axis grid lines visible to aid this in some cases too

although at higher message counts, this isn't helpful so the tooltip becomes the main informer

The ramp up/down represent decimals

Ofc not many people will notice, but it's just a way to make graphs cleaner

yeah but if you used your eyes and looked at the x axis, you could mark each individual point of data, i do see where you're coming from though

i suppose i could make the x axis lines visible too

Rechart does support steps btw, in case u wanna try and see

oh damn?

could you point me towards them?

i've scoured their docs i mustve missed it

Gotta find it again, brb

Been a while since I used it

https://recharts.github.io/en-US/api/Curve/#type

Set it to step

There are also stepbefore and stepafter, before might feel better in ur case

ah, function wise, yes, but it sacrifices in terms of looks

it may be wise to let users choice

mildly annoyed how hard it is to properly setup timescale aggregates

better yet, put it as a customization option :D

you planning to show a max of 30 days?

Yeah, I was going to implement a paid tier to extend it to a year, but I'd like to keep statcord 100% free, so for now, 30 days

ah cool

No use profiting of something someone could easily create themselves imo

I mean

it already exists

so

its just dominated by statbot

for now

Yeah dude 700k servers

I'm never beating that haha

we're gonna try

🤣

😂😭

casually setting up all the aggregates rn

can confirm its a pain in the ass

Oh I'm glad I got my backend done first, until I fixed it recently, it was like glitter on a pig

Oh I handle all of the devops / dbadmin

so

I actually haven't stopped collecting data since the backends first launch, so that's (technically) 100% uptime 🙈

That has to hurt the eyes

I feel like I'd be straining trying to find specific items

we're using a custom implementation which should lead to almost impossibility of losing data

cause to update the analytics we dont even need to restart the gateway

Yeah I don't have any fail-safes in place currently, if the bot is online, data is being collected, if not, it isn't . There's no backup mainly because I haven't figured it out yet... I procrastinate quite a bit

I did intend to implement some sort of real-time or near-real time solution to the dashboard, but I thought it'd be overkill

its not as easy and you'll have a ballache of a time doing it

we had to modify something just to get the functionality we want

out tech stack is long :^)

Oh you have quite the project roster in your bio

Amazing

tis fun

God, I tried to learn rust and gave up on the first day

Dare I say it's over glazed but that may be bias

Holy stack though

Yea

with all this we have practically no way to lose data easily

unless discord has an outage ofc

using grafana as a testing ground for data analysing

I've only ever experienced one discord API outage, so this gives you quite the backing

Oh wow this is neat

and thats just the beta bot atm

What's the max timescale you plan on showing?

all time

and custom timeframes

Damnnn

we do with bots already

If you have a bot on top.gg it'll be on our site tbf

Only reason mine is limited to 30 days, is I was unsure how optimized my DB setup was, so I didn't want to risk it, and blow on the first day

I think over time I'll loosen it up

Ah, mine actually is on top.gg

whats the name

statcord itself haha

https://topstats.gg/discord/bots/1259933558097580033 yup

How often does top.gg update the server count? It's in 60-70 servers currently

you have to post it yourself

Ohh crap

Yeah I had no idea

Now you do 😄

The UI is amazing

Those tooltips you use too

some of the data goes back to 2019

Multiple years Jesus

How much storage does that use

200GB with compression

around 2.8 Billion rows and counting atm

This may be possible for me, if I locally host postgres, I have a spare 5tb server I just don't use

decompressed our database is almost 800GB

I feel like it'd be difficult to plot data points for data that vast

Jesus Christ

yea we downsample heavily

idk how to edit the top.gg page

One thing I have to say about drizzle is its god-aweful error reporting

PS D:\Dev\mercatus> pnpm --filter=server run drizzle:migrate          

> server@0.0.1 drizzle:migrate D:\Dev\mercatus\apps\server
> drizzle-kit migrate

No config path provided, using default 'drizzle.config.ts'
Reading config file 'D:\Dev\mercatus\apps\server\drizzle.config.ts'
Using 'pg' driver for database querying
[⣽] applying migrations... Error  Failed query: 
ALTER TABLE "sellers" ADD CONSTRAINT "sellers_user_id_user_id_fkey" FOREIGN KEY ("user_id") REFERENCES "user"("id");
params:
D:\Dev\mercatus\apps\server:
 ERR_PNPM_RECURSIVE_RUN_FIRST_FAIL  server@0.0.1 drizzle:migrate: `drizzle-kit migrate`
Exit status 1

No shit the query failed I can already tell that by the fact it's erroring out

what exactly is the reason it failed though

no way they now got solution for dementia people like me

wdym dementia people like u?

this is basically a mini version of copilot recall

tbh i really want recall i hope microsoft still brings it to x86 for pcs that arent "ai ready" (despite me having an rtx 3080)

oh that's a thing?

@pearl trail hey, which javascript bundler do you recommend best?

essentially i have two .js files, let's say a.js and b.js.

a.js imports functions exported by b.js, but i want to bundle them as one .js file that can be imported in html/vanilla js. i want for the resulting bundled .js file to be only a.js' exports. i'm also looking for bundlers that can apply tree-shaking

from looking it up on google, it appears i have four choices: there's rollup, esbuild, vite, and webpack

sorry i never touched webpack directly 😔 🙏 i left js for everything but websites, so i don't know which bundler is best. i only know webpack because cra uses it

maybe ask sensei Tim

you're my sensei too 😤

what's cra?

create react app?