#development

bro i wasnt trying to be "snooty"

whatever that means

it's safe way to do it

😭

client -> your api -> everything else

oh yeah

anything ur dashboard needs to do, ask your api

never connect to any other service that requires a token

yeah thats how i did it

most of it

most?

yea

😭

what's remaining?

well most of it is already changed but some features dont work yet and in the early days of this being in development i used the token inside of the website env so it pulled data from the bot itself

not from the api

imma go eat

ill be back in 30 mins

change everything to pass through ur api, only token that should ever be reachable to the client (browser) is the client's own session token

anything else shouldn't leave ur server

alr bet

wait its not bad that i have my api token in my frontend right

like the token to access my api?

that'd be the client session token

that one is fine, and unavoidable

wait have i interpreted client session token the wrong way?

sorry english isnt my first language so i might have mislearned it

the session token would be the token you use to identify and authorize the frontend when making requests to your api

oh i thought the client session was when the person was logged in

like

that session of being logged in?

yes

oh so it is right

they're supposed to be the same token

you use that login token to call the api

oh i have 2 different identifiers for those

u dont need a separate token for the api, it's actually better not to

oh

since if you ever need to ban or ratelimit someone from acessing your api, you'd ban/ratelimit the user's token

ohhhhhhh

now that ur saying that it does make sense

well, not exactly the raw token, since it'd change every once in a while, but the data inside it

unless you're using permanent tokens

hmm

makes sense to have them the same

You’ll never be able to run a completely free bot forever

how come?

If you plan on it being public, and if it somehow does take off

You’ll quickly find out why bots have premium features or paywalls on certain features

well i have my own server so hosting isnt an issue, i like developing so being bored wont pressure me into putting paywalls

and for the 80 cent domain ill always have spare 80 cents

and i dont know how to make it take off LMAO

i have NO marketing knowledge

Yeah well a kitchen sink bot likely wouldn’t, not that I’m trying to bust your balls or anything

But there’s hundreds of bots with a lot of features that don’t get used because the more mainstream bots exist

can only hope

Yeah good luck all the same

thanks

@lyric mountain

visualization of the maze I made using a recursive backtracking algorithm

function generate_floor_topology(playerId: number, floorNumber: number) {
    const mainRng = new Random(playerId + floorNumber);
    const downstairX = mainRng.NextInteger(0, 14);
    const downstairZ = mainRng.NextInteger(0, 14);
    let upstairX: number | undefined;
    let upstairZ: number | undefined;

    let startX = 0;
    let startZ = 0;

    if (floorNumber > 1) {
        const prevRng = new Random(playerId + (floorNumber - 1));
        upstairX = prevRng.NextInteger(0, 14);
        upstairZ = prevRng.NextInteger(0, 14);

        startX = upstairX;
        startZ = upstairZ;
    }

    const cells = new Map<string, MazeCell>();

    for (let x = 0; x < 15; x++) {
        for (let z = 0; z < 15; z++) {
            cells.set(`${x},${z}`, {
                x,
                z,
                passages: new Set(),
                visited: false,
                hasUpStair: x === upstairX && z === upstairZ,
                hasDownStair: x === downstairX && z === downstairZ,
            });
        }
    }

    const stack: MazeCell[] = [];
    const startCell = cells.get(`${startX},${startZ}`)!;
    startCell.visited = true;
    stack.push(startCell);

    while (stack.size() > 0) {
        const current = stack[stack.size() - 1];

        const north = cells.get(`${current.x},${current.z + 1}`);
        const south = cells.get(`${current.x},${current.z - 1}`);
        const east = cells.get(`${current.x + 1},${current.z}`);
        const west = cells.get(`${current.x - 1},${current.z}`);

        const unvisited: Array<{ cell: MazeCell; direction: Direction }> = [];

        if (north && !north.visited) {
            unvisited.push({ cell: north, direction: Direction.North });
        }
        if (south && !south.visited) {
            unvisited.push({ cell: south, direction: Direction.South });
        }
        if (east && !east.visited) {
            unvisited.push({ cell: east, direction: Direction.East });
        }
        if (west && !west.visited) {
            unvisited.push({ cell: west, direction: Direction.West });
        }

        if (unvisited.size() > 0) {
            const neighbor = unvisited[mainRng.NextInteger(0, unvisited.size() - 1)];

            current.passages.add(neighbor.direction);
            neighbor.cell.passages.add(opposite(neighbor.direction));

            neighbor.cell.visited = true;
            stack.push(neighbor.cell);
        } else {
            stack.pop();
        }
    }

    return {
        cells,
        stairPositions: {
            upX: upstairX,
            upZ: upstairZ,
            downX: downstairX,
            downZ: downstairZ,
        },
        startX,
        startZ,
        dimension: 15,
    };
}

It was actually rather simple too

Neato

Where's the entrance tho

Technically no entrance

You are spawned inside it

so there's no actual need for an entrance

ah

There's also no exit because one of those cells will become a staircase down/up

just haven't implemented that part yet

i know, but my paper tries to compare one model to another.

So i feel like that when i use different param configs, i introduce bias in my research

cuz then, is the model really better, or did i just use better parameters?

I am feeling lazy rn but does anyone know if there is a discord endpoint where bots can update their own profile pic

Modify current user endpoint afaik. You can even set it per server iirc

Actually, it's Modify current member if you want to set it per server

First one is the general one

the letters and numbers may make 0 sense but I promise there's a method to it

Basically any adjacent cells with the same number or letter is a clustered cell with a RoomType

I took a maze and turned it into a maze with actual rooms

:p

I want to update my iphone to 26.4. Could my google auth keys get lost? I read something about it in the past

I don’t habe any account, the keys are purely on my phone

google auth has cloud backup no?

ah

uh, wouldn't it be better if u grouped them all together?

wdym

I turned it off

like, instead of picking the M rooms all over the place, they'd all be nearby

making a larger "blob"

gonna use poe delve map as example

notice the background (ignore the yellow lines)

blue background means ice biome, notice how they're all grouped together

yeah, I mean the printing of the map was kinda weird, it was more of a proof of concept. I haven't rendered it fully yet. I can still tweak it some

if I wanted to farm that biome, at least it's all nearby

That's fair

My thinking was opposite of that though

I want scattered rooms

Plus these are based off types

export const enum RoomType {
    DeadEnd,
    Corridor,
    Corner,
    Junction,
    Hall,
    StairChamber,
}

iirc m was a hall

so there was likely multiple m cells

any that were near each other got grouped together into one cluster

oh

I never really thought of it as biomes

Would be interesting to introduce on later floors

My goal is for the dungeon to be infinite

the lower you go the harder it gets

Any suggestions

Wow that's pretty cool. U use canva for that?

@hazy heron

no, 100% of that is written code

I don't really like using these programs

I'm still having issues with antialiasing tho

Bravo, if I was there near u id give u a fist bump. My blackjack is text based 😆 If I have time ill try to make it look nicer

@lyric mountain Visual representation of the maze complete, it spawns a new room as you exit the previous one, though I think I might add a buffer that it will spawn a few rooms at a time so it doesn't constantly look like it's generating.

Ooooo

Ominous

But yea, try to generate until you hit a turn, and then +1

So u never get a non-generated hallway

Yeah

I am working on that

Right now I do generate an extra room

but if I leave that extra room it has to generate a new set of rooms

fixed that problem

I can cover up any other unpleasentness with animations and such. Like the door fading away or something which will block the momentary odd-ness of the room generating if its a long hallway

If ur going for terror vibes u can also use darkness to mask it

As in, barely able to see two rooms ahead

Yeah I plan on adding that soon™

rn there's a foggy atmosphere around the entire place

but rooms that haven't been "Mapped" (visited) yet will have an extra layer of fog in them

how this thing is done ? how buttons can be set inside embeds?

It's a container, not embed

https://docs.discord.com/developers/components/reference#container

thank you

finally got ticket transcripts to be able to be viewed in my website

thats really nice

just maintain the privacy thing (make sure tickets are not avaiable publicaly)

of course

they are tied to ur discord id

nobody else can view them

but

admins of server should be able to view it too

they can

everyone with manage channels

😌

add a public and private ticket thing that helps

also added

nice

u get a link in ur dms that u can share publicly

👍

or don’t

i mean

people won’t find it either way

does it require user login?

no. it’s public.

is there a toggle?

yea

u can set it to private or public

thats really convient

convenient*

absolutely

took me a while to get it to work

happens

i made that too

how many servers is ur bot in

600

nice

that’s a lot

how’d u do it

been working since 2y

oh well that explains it

yea

Hi

If you want to discuss it open a ticket on #staff-tickets

They don't check websites, they check what they entered on top.gg

bruh

i love how buying a work laptop using a reseller usually means when you get any issues with said laptop/hardware you can bypass the support system entirely and speak to the engineers directly

feels so weird emailing MSI employees directly about my laptop running like ass instead of going through a clueless support rep

Conference was fun, hopefully next year I can go as well 😀

i finally launched a mobile app guys!

I did it

Huhh

Made a little downloader tool :p

using tauri

was fun

Dayum

why tf is this a thing on cloudflare

if you suspect something is malware then... take it down?

Cloudflare can only take down stuff hosted by them afaik

they are proxying the site though, they can completely cripple the site by just not doing that though

the website owner would have to either use something else or directly serve the site

I read their report form or something like that and at it states that if someone use them as proxy only they will report it to the hosting provider of this website

They’re probably not legally obliged to do it themselves, so they don’t I guess

"Because Cloudflare does not have the ability to remove content from a website, it is our practice to forward abuse complaints to entities like the hosting provider and/or website owner to follow up. Please specify:"

yeah wouldnt surprise me, i find theyre quite complicit in regards to abuse

they wont take down a malicious cloudflare account, but if the cloudflare sales team contacts you demanding for you to pay 20k more a month bc the sales rep hasnt reached their monthly quota yet and you refuse to pay thats when accounts start being taken down lmao

xd

hey guys, so im about to add a feature that might make discord hate me.
Its mass adding roles to all discord server members. And i expect alot of servers that add my bot to proceed with this step.
So lets say a 20,000 member server adds the bot and proceeds with this and maybe a few other servers.
Will i get rate limited hard and what would be the best way going about this?

You should be ratelimited per server so 1 big server shouldn't affect other servers

As for the ratelimits themselves you simply have to respect to them. Yes, it will take a bit of time depending on the server size but those are the limitations you can't really bypass without breaking ToS I guess

okay

They are not legally cleared to do that

Only the hosting platform can

How can we track votes on top.gg in our server

Updated my video downloader to use yt-dlp and ffmpeg so it can work with virtually any website (providing yt-dlp supports it)

And now it's interesting

Is that any bot having an anti event scheduled and application commands integration , Automods rules update , bans but secure dose ??

Discord has a number of guild intent but secure is 26 Intents covered , but can't able to work over mass ban because Discord api can only trigger it can't stop in a middle any dev have fixed it ??

@tall talon use components v2 { buttons Builder , Container builder} those are not embeds

i did learn it it was hard to learn but i did manage to create those

nice man

do you have any suggestion?

can u see my security systems

yeah discord lately add some intresting new futures

no its about cv2 man

yeah i did see the gif

no see that antinuke systems

this one

now i see

its nice one

mine have less Security options

0 bypass man

mine is

🔛 Anti Channel Create
🔛 Anti Channel Delete
🔛 Anti Channel Update
🔛 Anti Role Create
🔛 Anti Role Delete
🔛 Anti Role Update
🔛 Anti Ban
🔛 Anti Kick
mine have those with anti link and anti spam

i have challenged 100 + nukerss

yep quite good

nice

mine is not a security but

but i add it for fun

but secure is proven anti nuke

thats my bot

yep it is

tq man

once i get verifed i will launch for global

Verify is so easy dude

all the nukers will cry

my bot is verify and its only in 6 guilds

no i am tellinng about top.gg man

yeah maybe XD

me too

my bot is verifyed by discord and its only in 6 guild

mine is in 54 srvs and 17 k users

man

nice

tq

in wanted to test dm me for server inv man

great

i was one of the owners of https://top.gg/bot/651095740390834176

but they tricked me and they did take my account too

nice man

and im bot developer of https://top.gg/bot/1068868597398650971 too

this can be easily bypassed man

but secure cnt

ik after i left they did a rewrite of the code intirelt by JAVA

and it created weaknesses

yep

@tall talon

i cant send u link

check dm

ok

LOL

bro lying for zero reason

Yea sure

Also advertising here is against rules, fyi

We was chatting

Reading things

Man

@deft wolf

bro i have proof

and the the other 2 owner of the bot Safa and Sina was my friend

and thats for the other bot

k

Hi it is not very relate but I want to ask. How I can accept Github commit safety from my Discord bot developer team. Like they can put malicious code into this.

pull requests, code reviews, don't trust code from people you don't trust?

yeah you solve that with pull requests, dont allow direct pushes to your master branch, only through pull requests you can approve

Least suspicious file sent on discord channel

😶

Suspicious

How to have time to read of file and find any small malicious code that can be random in it, in everytime. I mean how medium organization like me can do that. Big company they have their tool to track line by line.

It's a BIN file which concerts to a PNG
This is the image
Port = portfolio

@ivory siren Sus file / likely crypto scam bio

Are you not using GitHub?

yes but if the big update I need to read every new files. It will cost like many time to read but if someway I can't detect small part of malicious

Well that’s your responsibility to review things like that

sometime I ask how big organisation can review million lines of code (which can't do all by tool)

They don’t really, big prs are very hard to review

You shouldn’t do PRs that are too big because they get impossible to review

I should have code something in github action tools to support and pray for github auto detect develop by day right?

@knotty night

taken care of

hey the novnc console of datalix, why doesn't it allow copy and pasting?

My password is like 64 bytes i can't login by typing it all llmao

Better to ask them I guess

Do you know Sina?

The onwer of Security Bot

i got banned from their server

for a silly reason tho

xd

they ahd an outtage i said there was a fire cuz i saw people sayin that

so yeah that was my reason

tried to appeal a year later but they said no again

Yea, sound very silly but florian wasn't in the mood I guess

I asked there, let's wait for any response

thank you brother

i appreciate you

Reason is not provided but looks like florian did it on purpose I think

unfortunately. Means that i just can't work till i am home again

thanks for helping 🙂

Yeah he was my friend

Yeah enable codeql

yup I was ad for the bot in the vietnam and he give me premium until late 2025

tsgo is peak

Why do i feel like this group of people are just having fake convos to promote their bot lmao

ok

How do yall check for unused dependencies?

I use depcheck but it never finished for me, even while waiting hours so pretty sure its caugt up in cyclic dependencies

just manually search each one

anything in here that might require attention, question for the experienced cf users

attention for what

optimization

unnecessary analytics

depending on ur app ur cache rate is low

otherwise nothing useful in that

"Analytics & logs" has more useful analytics

its cuz my api is serving uncacheable contnet

which is cached but on the backend itself

but no need for cf to do anything about it

using cloudflare in the first place might require your attention

Why? Cloudflare is peak

mhm

sure

its really good that cloudflare offers all of this for free but on the other hand they are such a sleazy company

they are the only reason im not bankrupt yet 🙏

94% cache rate

would be cool if fastly offered a free tier too

i wonder if you can technically host your entire website using cloudflare by making all of its pages cachable and relying on cloudflare to serve the content with occasional polls from cloudflare to your backend to update the content

ma'am, that is called cloudflare pages

^

aka Workers now that pages is deprecated

are they free?

what a steal

why are we still hosting in 2026

because meh rust support duh

and if you want to use their technology, it's open source

https://github.com/cloudflare/workerd

and uh back when my site was 100% worker based, I had some good amount of downtimes because of how bad D1 was (and maybe still is)

wasnt even a ton of load, just bad system at the time where ur d1 db would be on one host that could go down

expanding on this, cloudflare does offer a feature for when your site goes down to use the internet archive to continue serving it

Hello, I need some SERIOUS help with Mongodb, can someone please help me out?

Please anyone who's an expert, I just can't access my data at all, my pc restarted after a crash and since then I can't even connect to my cluster/connection that was on my laptop

i just keep getting this error

I've tried talking to chatgpt for hours to come up with solutions

nothing is working

please ping me if anyone can help me out

are you hosting mongodb on atlas or on your own machine?

@ivory siren aha

Best place to sell a ticketbot lmao

selling it to a bunch of developers 🥀

Bro needs to learn marketing techniques

Advertising in Tim's cave smh

Banned by william

own machine, but i think it got corrupted and I can't recover it somehow

its not working no matter what i tried with help of someone and chatgpt

i dont know what to do

does anyone know how can I extract data directly from wired tiger files

wtf is rustfmt doing

i got locked out from mysql

turns out i can bypass auth using a single command?

how is that any secure.

You can bypass it by using sudo, and using sudo means you are an administrator of the system and require authentication. So, without it, you can't do it, which makes it secure.

still introduces a single point of failure

i did a full system hardening. Took me 2 days and some change, 96 on lynis

https://giphy.com/gifs/marchmadness-basketball-college-ncaa-tournament-Omwf30luQm9Ge1xnfh

are you sure its corrupt? i assume you aleady checked the mongodb logs and see some kind of error related to loading the data?

it usually is recoverable but it depends on the tools available and what the issue is

when corruption happens its usually only a small part of the data thats had a booboo, but 99% (or even 100%) is still intact

chloe like if they compromise your root password they can get into the database.

it would be sick if there was like an additional database layer, sort of a containerized database

you have bigger issues if you have the root password

i mean if they have root access you are cooked anyways lmao

yeah facts

I mean i did move everything to my non-root user and actually disabled root login as a whole.

yes thats true but its not really an issue, if someone has your root password and direct access to your instance with the ability to switch user accounts/elevate then thats your security defeated, the database is just an afterthought in that matter
but, the difference is mysql requires you to have root privileges to reset the password/gain access, so you could setup much stronger protections against getting root access than simply entering a password
plus if someone has root access even if mysql didnt provide a way to reset a password/query it with sudo you could still easily modify the database/reset passwords anyways
if thats a concern then you'd have to run your database instance on another machine or on the cloud, but even then someone can compromise that 😓

on my instance for service accounts i mitigate this by disabling su and sudo (i.e. risky binaries that have the root bit set) so even if you knew the password you wouldnt be able to elevate out of it unless you find another exploit

how to change server count plish

have to love getting a heart from your soulless CTO on a PR

is this a recession indicator

only if i overthink

Are you uploading you bot stats to topgg

i need to upload but how to change

Once you upload it the stats, it should change automatically

i uploaded but not chaing

Are you using the correct package and have correct params

Ow wow that is sick! For my service account i enabled sudo just because i disabled root.

But my password is 48 bytes i don’t think they can leverage that

no idk how to even do

Furthermore, @frosty gale , i require 2fa each time sudo is used.

It may be ovekill but i don’t mind the extra step as i rarely use sudo

Lmfaoooo

Been there done that

I work at a small company so it’s the CEO & VP enslaving me for some stupid feature then hitting me with a “awesome!” when I say it’s done at scrum

guys can someone help me with a discord bot or no

am trying to make one but he lit doesnt even wanna speak

he only joins the server and then he is muted

show code

due to dicord voice all bot bots self muted

once u added any encoders , or any music libs then it will play music but that time it will auto defend

Hey question about posting stats to Top.gg
Are the stats verified in any way? What would stop me from making my bot say it's in 5 million servers?

your bot invite displays an estimation

that can be cross-checked

But it's not automatic, is it? It relies on reports

The world is full of snitches

Idk if you want to risk being banned from top.gg just to display bigger server count

It doesn't affect positioning anyways because votes matter the most

It's just theoritical. My bot can be cross-checked with Discord's Discovery thing, and I can't fake those numbers.

s'good that the server count is only indicative tho

i set my bot to 10 million servers and no one knows

https://giphy.com/gifs/troll-face-trollge-UY3tY8CCGuRnHH6H69

Thank goodness it's just us in this chat and no one is going to report it

God bless Tim's Cave

it's basically the shopping cart dilemma

nothing will happen if you take it back to its place, nothing will (likely) happen if you leave it in the parking lot

Is bot development still as active as it was back then in around 2021-2022?

And it's feels good to see KuuHaKu and NyNu every time I visit this server yearly here

no clue why kuuhaku still isnt experienced but ye hes been here for a looong time

👉👈

also kuuhaku the cursed 100 line sql query you helped me write like a year ago is still in prod and going strong

nice, still using mat views for caching?

we may be talking about a diff one

I had to migrate all the stats stuff to clickhouse because it was getting ridiculous

5min+ for a single query

https://github.com/mcjars/www/blob/main/backend/src/routes/api/v2/build.rs#L314 is the one I mean

im scared to touch it now even though u did reduce it by alot

ah the cte one

Jjk redeem botisalive

@unkempt ocean ??

ah, it's just a bot command used in the wrong server

Kuu can you help with extracting data flow graphs from js

😭 💀 💀

@woven elk this is how i did mine...is there a better way? probably, but i'm no css expert

a[href*="vote"].button .flex.gap-2::before,
a[href*="vote"] .flex.gap-2::before {
  content: '';
  display: inline-block;
  width: 25px;
  height: 25px;
  background-image: url('https://cdn.discordapp.com/emojis/1432781728136560833.webp?size=256&quality=lossless');
  background-size: contain;
  background-repeat: no-repeat;
  background-position: center;
  margin-right: 0px;
  flex-shrink: 0;
}

Thank you for that

sure

but he doesn't accept to be extend (in what I know)

Anyone knows V2 components in .js

what exactly do you need help with?

bills

Oh god

https://x.com/feross/status/2038807290422370479

https://socket.dev/blog/axios-npm-package-compromised

they get yeeted fast enough

one more reason to pin your dependencies by hash or version

Hii

Why it's always crypto scams

Because it’s really easy to pull off and how do you catch them

Unless it’s changed within the past few years wallets are anonymous for the most part

They're not anonymous and never were

They're pseudonymous

Oh well yeah

Close enough

fucks sake not another one

thats why its a good strat to not update packages to latest immediately

doesnt completely solve the problem but helps mitigate it by others battling it out :)

until u forget to lock and a npm i fucks you

because we still default ^ in 2026

dam quick deletion

I love that I asked about crypto scams and someone sent me a private message saying I look like someone who’s active in the crypto "business"

still wild to me how active and profitable crypto scams still seem to be in 2026

even nigerian prince scams are still profitable

oh, didnt see ur msg sry

It just means that the internet has reached a standstill

I'm wondering how to buy bitcoin but I'm just not sure of how the blockchain works, or how the Ethereum plasma maintains the integrity of the crypto mining, I would love for someone to tell me how to setup my wallet and fill it with bitcoin using something like coinbase

did i use enough buzzwords to get a scam dm

you forgot nfts

NFTs are still a thing?

And people that commit and use the lockfile yet still use npm i instead of npm ci

^ is fine-ish if you at least make use of your lockfile

https://github.com/chatgptprojects/claude-code/blob/642c7f944bbe5f7e57c05d756ab7fa7c9c5035cc/src/utils/userPromptKeywords.ts#L8

dmca countdown started

true

I'm too clueless for the AI stuff

https://github.com/chatgptprojects/claude-code/blob/9800e588397787f32bae8c4e9e62cc86462e81b8/src/utils/undercover.ts#L39

lol

I fixed ir

I did data flow analysis using babel to extract the paths

Its fragile and has some loops but works

Hello

ehh panic

axios got fucked

Yesterday iirc

yeah

how do i check if i am a victim lmao

for anyone wondering:
https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan#indicators-of-compromise

good luck hope yall aint fucked.

☝️

i am so lucky that i was asleep around 1 am yesterday

compromise happened around 3-6 am (amsterdam time)

i immediatelly removed ^ everywhere, but so lucky i had a lock.json

next step:
removing nay package i don't use or can replace easily lmao.

i swear hackers are on the run lately, everything's getting hacked.

🤣🤣🤣🤣 everyone with node.js has a RAT on there pc/server. Including me 💀

I hope at least using ci

People keep on using npm i with the lockfile and ^

pnpm install --frozen-lockfile ❤️

Nah i didn’t run any updates around that time tho

Also checked for which update o had. I had axios 1.14.0

The hack was 1.14.1

Also i checked for the compromise indicators such as any outbound connections, /tmp/ folder, none came back as positive

I was lucky asf

I mean the hack happened around 3 am i was asleep anyways

IBM mentioned 🔥

But that doesnt prevent transitive dependency upgrades no?

It does, since it uses the lockfile

So you install the state of the lockfile

If you have pipelines running that use ^ and npm ci, you'd still get the state of the lockfile

And dependency updates should happen in their own PRs either way, so have a cleaner track of them

Hm, I was pretty sure I saw a different behaviour in a transitive dependency which itself used ~ or ^. I could be wrong tho

Should also be used as a whole using CI/CD pipelines so that you don't get issues

Its good that i started using Rust

These npm packages are very unstable lately

i wouldnt call rust crates much better

rusts crate ecosystem is very similar in nature and philosophy to npm IMO albeit suited to fit the language

Where is "your mom" on this scale?

I was expecting the same thing

It looks like it might have pulled the universe down under the frame tho

True

do yall fw the website

That's actually great but a couple parts may be hard to read

One message removed from a suspended account.

One message removed from a suspended account.

Hello everyone

https://tenor.com/view/hey-fr-stuart-long-mark-wahlberg-father-stu-hello-gif-25066833

I love this

thx

Nice but i did make it better

ya urs is awesome

i aspire to be as awesomeness

I did make it even better 😏

Fucking lit

I love it

i might have to try and replicate a little 😏

Wow djs got sick

idk if i could tho lmao

Still on v14 or is a diff version out

🤣 my bot is not security but it have those only for my server

For its own support server

ooooh

still awesome

Its easy

I will help if you need

Yeah

bro it took me so long to even minorly figure out the components reference thingy

They could do better but its enaugh

thank u i will ask if i need

For me it took 4 YouTube videos and 2 hours of practice

i bet we watched the same videos

But still they could do better

They could add more style builder

Yea

implementing AI to manage discord servers 🙂

im excited to see what else they make

woooah

Im application developer i work on Flutter they could use more of flutter design it will be awesome

if you wanna see it i can show it off, just shoot me a dm

Nice you did give me an idya

maybe thats rlly cool

did you just do that through the gpt api? or was it some other

openrouter

Since Claude client code is out i could learn from it and make a discord bot that can do everything from a server from how cloude could from terminal

o

I may start learning from now on

mine already does

Ik but i mean something more awesome something that i have in mind

everyone here has such good ideas

i love this

im happy i discovered this channel

Its a great communtiy that we can learn from

yesh

you can test it for free if you grab my bot at https://antidote.bot/invite

10 uses

Your bot is a great bot

or unlimited if you buy premium

thank you 🙂

But it can be better

it can always be better

Ill give you some idya in dm

me when ads

thats quite literally what this platform is for, but he just seemed interested in it so

ooo okay

You got a point XD

i was asking how it worked so its fine lol

if u lemme enter ur server i can give u some more credits

how and where do i go to find testers for my bot?

Your bot's support server is the best place

we work with a b2b service thats had an outage recently and they sent an email to all customers about it but they didnt send it as a bcc or individual email to each person so theyve leaked the email of all of their major customers to everyone on that list 🤦‍♂️

rookie mistake

just saw they sent another update email and this time they bcc'd everyone in so they realised their fuck up lmao

is it bad that I still have barely any clue what these email terms even mean

tbh bcc is a bit niche

bcc is like cc or to field and the recipinent in the bcc list gets the email, but no one else sees that they were sent the email in the headers

ah

a more common use of it is a bit sinister bc its when managers bcc in HR when firing you after they invite you to a vague sounding call

how do i get the project Creater tag?

You mean the role? You need to have an approved bot or server on top.gg

i do?

Then ask for it on #support and some mode will give it to you

ty mate

Hey, does anyone in here use WAZUH as siem?

Do you guys know how long discord usually takes to answer intent requests

Anywhere from 3 days to a few weeks from my experience

Okay.

The few weeks was during Christmas tho so not that accurate

I was trying to get server member intent
Idk if they will accept it tho

I need it for the setup of the bot where u can chose to give everyone in the server a certain role

That's probs one of the easier intents to get soo

Oh ok

I've noticed my site is quite slow for the US users. Should i start hosting in different states?

Currently it;s running on a dedicated hetzner server

but then i have to worry for the db read/write as well

https://tenor.com/view/spongebob-spongebob-squarepants-think-thinking-hmm-gif-11570469479394618754

I do it using read replicas currently.

primary is eu-01 with the main pg db
theres also eu-02 which has a read replica pointing to eu-01, writes go to eu-01
these 2 servers share a redis sentinel cluster for ratelimits

for us I have
us-east-01 with a read replica, writes go to eu-01
us-east-02 with a read replica, writes go to eu-01
these 2 servers share a redis sentinel cluster for ratelimits

for sg i have
sg-01 with a read replica, writes go to eu-01
no sentinel cluster because only one node.

whether you can do it like this heavily depends on your app though, mine is essentially 99.5% reads, 0.5% writes, and 99% of those 0.5% can be done in the background

usually for something global youd not use a multi-primary setup (like yugabytedb) cross regions due to immense latency, instead you could have multiple, completely seperate db clusters

so data is first checked against the local cluster, then against other regions

/if you use uuids, you can embed cluster info into the uuid to auto route

hmmm i do have alot of writting

then before you get a phd in this, make sure you are making as little db calls as possible in endpoints

if you do 8 queries per request, thats not gonna help

if you do 1 massive query, that will help

its kinda important like the app is simple. one of my main features is verification

something important is that sometimes its faster to have the api endpoints only in one region and the rest of the assets everywhere

compared the hosting the api everywhere

because one api roundtrip is cheaper than many db roundtrips

and for assets, well there location is key

i mean i use cf for the rest of the site

that doesn't bother me

hey!

Is scrolling in iframes blocked in topgg?

ah nvm, seems only blocked in preview

distributed apps, fun

Not doing any of that aws stuff tho. Wanna do it myself

🙂

what 0x7d8 said for databases, in terms of the app itself best way is to make your app container friendly and deploy them on 2 servers then manage with kubernetes or whatever

So for now in europe my page fully loads in around 400-500ms
But in the us its like 1.5s+

youll need a load balancer too probably that also selects the best region but yeah im sure you already have an idea in mind

Everyone ignoring me🙂

Im mostly concerned for like the db

Since it is write heavy what im doing

This isn’t general

well, you likely have an architectural issue

if something takes 1.5s vs 500ms

because ping is ~100ms-~200ms from us to eu

Full page load

try makijng your assets available globally first

https://one-tap.cc i tested on

https://tools.pingdom.com

and keeping api in one region

They are

If u mean by a cdn

tbh also if youre smart about caching and batching queries you could delay having to implement database replicas alltogether without a noticeable speed delay for visitors across multiple regions

realistically even on write heavy loads a replica is a good idea

it serves as a backup too in case you wipe your main cluster (def didnt happen to me twice)

Lol

you mean the cloudflare auto cache?

or something like cf workers/pages

Yes

wouldnt rely on that very much

Okay

unless you properly do cache headers

So i might need a worker

or cf pages which i heard were being deprecated even though half my websites run on it so ty cf

i think they just merged it tho

My actual website is only 50kb the dashboard is on the heavy side but still not that crazy

Im using solidjs for the dashboard

What i wanna cache hard is the verification page where 99% of the users will be going to anyway

if you use any modern bundler, the js assets emitted will contain unique/random identifiers so they can be cached by path

which is perfect because you dont need to worry about expiry

the index.html will point to the unique ids and thats the only thing thatd be served slower

Im gonna look into it tonight and document a before n after

Will drop it here just so u guys can critique something

Anyone else hosting with Railway? I’m still small scale enough to use their free tier but I’m wondering about folks experience with them at higher usage.

So i managed to fix the caching of my website using cloudflare.
Its 1h cache per node and dropped the speed from 1.5s to 900ms in the US
In europe it went from 400ms to 240
I just made some cache rules sine i had nothing set up properly.

That full page load not just endpoints

I guess its pretty decent for now until i feel like getting read replicas etc

I really think its a overkill for the size of the project atm

agreed, theyre additional complexity that you really want to be avoiding until you have no other option

but nice'

:)

I wouldn’t stick with free host providers for the long run

The free tier is mostly a marketing stunt

But i haven’t used railway so i can’t really talk about that

My point is they are usually overpriced

I had to email Spectrum last night. It had my website blocked

It still is im awaiting a response. But i have a feeling its because of the .cc tld

cc is like xyz, the heaven TLD of scams

yeah

i have unblocked it so far from a bunch of ISP's

Working on finding unused dependencies

Is there any tool that is able to find those? Or ahould i ask ai to help lol. My codebase is way too large for manual search

Will take me a few days

How don't you know which dependencies are you using?

Maybe they mean which ones are safe to uninstall? I’m new to Node for example so I left all the plugins from the initial setup, but my bot probably doesn’t need everything in that folder.

npx depcheck

"ai will replace 95% of software developers"
meanwhile ai:

google still has some work to do

wildlands 🔥

Packages i dont use

Simple, checking the package i am using and i can somewhat remember where it is used at cuz i have coded it all myself

Due to supply chain attacks rising i want to remove most packages

and just code it myself

in 99% of cases those small packages won't be the targets

but still always a good idea to clean up

Yeah facts, still want to make my attack vector a bit smaller

I mean i am using node-fetch while fetch is native.

http-proxy-agent while i am pretty sure fetch has built in proxy support

Physics simulator, gonna be a bit harder though.
Fuse-js and string similarity for fuzzy matching… honestly will rewrite it all

am i the only one speaking to cursor like an abusive partner in a relationship

have people finally started fighting dependency bloat? lmao

nope I do it to all my AI agents mainly when im writing a book or smth

or trying to get it to solve a puzzle but it hallucinates shit

Finally yeah

Took me a beating from axios

Sadly i have to keep a handful such as scure base and solana

I am using codex now, honestly i like it. Problem tho is that it executed commands in my terminal w/o consent 😭

you are the only one

is this a privacy breach

and should i remove a specific category or the whole command

Looks normal for me

It shows a number of how many servers the bot is in

Tho it doesn't show the server itself

Still don't wanna risk it over privacy breach

Hi

I need help I got banned from a sever

!mod

Then it's fine

I hope so

https://status.sdriver1.dev

created a small status website for the server I made

This ain’t the place for this I’m sure 🤓

They left anyways

im using sqlite for db is it bad ????

Huh?

in reason they mentioned aiosqlite.db

does using it get you banned

I'm pretty sure that's a username of a banned user

who uses that for a username omg

had me terrified

cause i used it

i think my bots turn is coming soon to be reviewed

possibly tonight or tomorrow

are there any basic things i need to check i think i did almost everything

added a privacy policy, doubled checked every command and hosted it on railway

I was locked out of my vps.

I used chroot, and mounted disk in the sys rescue terminal.
Is it normal that it says that the ssh key fingerprint has changed after rebooting, or should I assume a MITM is taking place?

ty gemini

gemini has such heavy safeguards it makes it so difficult to use

i cancelled my google one subscription bc of it

i love it for language related stuff and things where i need giant contexts

because claude has immense dementia for me

my report on switching from String to CompactString for most strings on MCJars:
very minimal to no changes in memory fragmentation

tbh for me the concern isnt really memory fragmentation but rather the overhead of unnecessary allocations for small strings

fragmentation is prob very much workload specific

yeah I'll keep it for that reason

my main fragmentation issues come from 40kb vecs out of redis

is the gemini app really this censored? 🥀

yeah

its awful at times

have you considered using gemini on their ai studio platform instead?

its still not available in germany

I am outsourcing my gemini test api keys to someone in spain

first response is gemini-3-flash; second is deepseek-v3.2

@ivory siren

Wild

I would reconsider giving that much info to the public

Not that it is bad. But people with malicious intent might use it to see how good their attacks are doing

Unless you don’t disclose the server ip, domain.

I might be a bit paranoid tho

can i talk about my submission here and confirm if everything is okay

The server IP/domain isn't disclosed except to a select few of people and besides that, the server is set to SSH only and to one key only

I mean yes the chances of attack are real but I am working on adding some protections

why do you have a youtube and instagram SVG

oh nvm im a dumbass, the page didnt load fully

it's from my original website, svg were just easier as I already had them

you havent uploaded on youtube in 2 months

Ik lol, I just have all the socials down there

https://blog.rice.is/post/doom-over-dns/

How disappointing it is to see a new message on #development only to go there and find that there’s no new message at all (it was just a scam that’s been deleted)

@knotty night

hey guys, does anyone know a way to decode values such as _0xdg0sk etc

@knotty night

lol

150+ hours in roblox

That's crazy

yay my bot finally got approved

does william know?

Or was this ping not meant for me lmao

there was a scam below you

You missed it

The best $20 I've ever spent

interesting read

reminds of the project where youtube videos are used as storage

@knotty night hello?

hey

My bot is currently running on 15 servers, but top.gg shows it as only 2 servers, and this issue persists.

Can you help me?

You need to manually post the server count
https://docs.top.gg/docs/API/v0/bot#post-stats

okay gemini 🤞

can i ask for votes on my bot and i also vote back

nuh uh

Vote for vote is crazy

holy ai gen

nah that was the look i was going for 😭

kina

like

Looks too generic imo. Just like every "discord bot website template" on github + the name is too long and limits you to just discord bots but there are more bots out there than just Discord one + you could sell more than just bot codes

idk how to explain it

The name is also confusing because it sounds like a discord bot builder, not a marketplace

ty, i will change the name it was just a thought cuz buildmeadiscordbot.com didn't exist yet so thats were i came up with the name

every ai website looks the same

One more website that has the exact same look as other website these days

LLM generated websites use templates, that template is everywhere

If you want something special/unique, remake the whole website

It screams LLM/template generation and uncreative

i agree.

that was the idea to build it like an llm made it

No one wants their website to look ai generated

It will just scare off people

thats why its still in the beta test. but ur right i realize how much hate it gets now.

Not hate but you aim to gather the developers to sell their non ai generated discord bot code. I don't think people who don't use AI to code will send their code on a ai looking website

People who don't use AI and can spot it with the naked eye will most likely avoid such websites like the plague

yeah. ty ima take it down and re code the whole website.

I'm genuinely curious how difficult it would be to create a functional website using only AI

surprisingly its very simple and effective

but i found it often struggles with edge cases which creep their way into the final build

the company i work in has made their new website only using V0

that said for serious projects you still need at least a little bit of knowhow otherwise you'll quickly fall behind using just AI

yeah it's pretty good and works quite well but it does struggle heavily with some things, and fails to get specific things right

for me personally using it to add extra things onto existing features where it can copy the same patterns it works amazingly

What’s v0 ?

Same, I also think it depends on what ai u use.

https://v0.app/

How good, is it?

i mean its basically the industry standard nowadays for building web-only apps with maybe a simple backend without any technical knowledge so pretty good

damn that is really expensive

very easy to reach 1m input tokens alone

Holy 30$ is Lwk crazy

the water bills cant be this high bruh

@knotty night ^ lol

Holy happy wife on discord

msg needs deleting though

bro responsible moderator 'unknown' in logs 😭

Tbf i have been using codex from chatgpt and its pretty good

8$ a month for unlimitrd file uploads, access to codex.

eventhough the coding is worse compared to claude it ain’t horrible. So if you just check what its doing you’re good

I see people racking ip 2k$ bills on ai usage and i am deadass trying to figire out how

I only use codex for boring tasks but a whole app? Hell nah

Maybe that’s why, they got 2k bills bc they try to build for apps

I did some bounty hunts for free

I saw exposed databases, api keys, bro it was funny aag

Asf

One question btw, does a login to a google account in safari give them access to my data or somehow?

Its my work google but try to seperate them. I used private mode in safari

Im broke because of AI... I made a dual AI system with openai chatgpt 5.1 and gemini 3.1 pro

My app works really well but I might have to get two jobs just to handle the AI, while my app is in 22 servers, my app is in 2 servers with over 100k members and its actually killing my wallets.

Or how about you limit the usage?

yea no, unless u selfhost AIs u wont break even

there are wayyy too many users to be able to have such a feature open to everyone

it just doesnt scale well

Im saying I spend multiple hundreds of dollars for my AI's to work??? What are you tryna say?

That you'll spend even more the more servers your bot get added to

Eventually becoming unsustainable

But why run it if it’s losing a bunch of money? I understand if it’s a passion project and you can afford to run it, but hundreds a month for just LLM usage alone would drive me crazy even if I had a high paying job to support it

Also might be worth considering if you actually need those nicer-tier models instead of using the cheaper ones like Gemini 3.1 flash, they’re still quite well-suited to natural language tasks

I require server admins to use their own api key for model usage on their server, whether it be Google or OpenRouter. Obviously, this approach is a bit less accessible and isn't free, but the model usage costs are offloaded in the servers my own API keys aren't submitted to

base 5.1? there are cheaper options

i wonder how gpt 5 nano performs tbh its incredbily cheap

not actually bad for the cost

probably more than good enough for conversations

takes a long time to reason though

wtf is that o1-pro pricing

lmao didnt notice that

apparently o1-pro reasons much more so technically its better per answer for what its optimized to do, but probably not for most things

probably just an inefficient model though which is why theyre charging so much

Im aware but im still growing my bot and have limiters now to stop 1 user for pushing the Ai to its limit

Its about 200 to 300 a year though

So ig thata fine

I’m too lazy to even pay $15/month for a host lol, I’m cheap af

Save money, buy a good vps, run a local LLM

I was billed $4.28 aud last month running my bot's vps

might not be the play for big models lol

Gonna run you like $20k to run models bigger than 12b params

I haven't actually done the numbers but im pretty sure this is vastly more expensive for any half decent model

yeah this is also a bad idea just use flash 2.5 or whatever its so much cheaper

:error: An error occurred: Command 'image' raised an exception: HTTPException: 400 Bad Request (error code: 50035): Invalid Form Body
In content: Must be 2000 or fewer in length.

:> 🥲

While its much cheaper the reason I use 3.1 and 5.1 there the only models that manage well with my channel read and message read api thats i have built. The app can reply to messages up to 30 days ago from any channel and make a conversation or manage it such as if u tell it to delete it, the app will delete that message.

Its not like I love spending money but I use what works and manages well.

That's simply means that the response sent by the application was over the character limit in which is 2k.

Find a way to cut it and send whats necessary then try again.

are you just throwing an entire conversation into a giant context window?

3.1 flash also has a 1M context window

Cheaper as well

Its not what is has but its ability go check what each model offers then you understand

not quite sure I understand what 3.1 Pro does that 3.1 Flash can’t in terms of natural language

Each api had different features and has either stronger or weaker abilities to read and write along with the analysis is all different

Also not entirely sure what your use case is either though

Pro allows me to use image analysis and go past 7 days up to 30 days of last read

Not sure what that last part means

I’m like 99% certain that 3.1 flash also has vision/image modalities

Its by how far its api can read data

It does, but still not reliable without the longer read.

Though its late, I have to go

Gn

are you referring to short-term memory? like the number of messages from the users and the bot being sent to the model?

you can easily keep costs reasonable if youre smart about it

summaries are almost a must have when maintaining any long-term context

also the least capable models which are much cheaper arent bad whatsoever, theyre probably good enough for what youre trying to do which i assume conversation and some basic engineering stuff

No

@knotty night ads?

I love my poor english

please dont send anything like that @fickle valve

i finally found a fix with Claude Sonnet 4.6 🥲

it was a base64 image link

:(

Sorry, I didn't meant to be mean

I did this for a project where we threw in the full chat history and had it summarize and it was still barely even a penny for a few thousand messages or something

flash is so cheap

i am trying to install canvas

but why the fuck is it saying:
Cannot find module '../build/Release/canvas.node'

i have rebuilt my packages, built from binary, everything

nothing works

are you using sharp? i had a similar weird issue and turns out they conflict

got this random email, not going through with it but wanted to share, thoughts?

idek how this would work, eventually your employer would find out unless you literally dont have meetings

https://any.run/cybersecurity-blog/lazarus-group-it-workers-investigation/

i knew there was something more sinister behind it

that blog post was also presented at a conference i went to like 3 weeks ago, the video recording should be available in a few days/weeks

lol yeah massive scam