#development

What's wrong with it?

Show a screenshot

I hope you aren't verbatim putting the < and >

Of the code

@narrow cloak send more code

wait a minute please

An hour later I am still stuck trying to install MySQLi on repl.it

called it
https://discordapp.com/channels/264445053596991498/272764566411149314/760525242668941382

why the <>

@narrow cloak what do you need help with?

especially on the client

Auger I saw that lol

i i want to remove that

i i want to remove that
@narrow cloak backspace exists....

@narrow cloak what do you need help with?
@earnest phoenix why it shows error

because you must use your variable names

@earnest phoenix why it shows error
@narrow cloak because you're trying to use javascript like a markup language with tags

<client> is an example
You replace it with your client variable name

Same with the other <stuff>

if i want to remove < > that for activity

if i want to remove < > that for activity
@narrow cloak do it. You have to

if i want to remove < > that for activity
@narrow cloak do you know how to press backspace

@narrow cloak and before you say it doesn't work, see https://discordapp.com/channels/264445053596991498/272764566411149314/760526319296970784

yes yes dont anger

you're the one here being spoonfed

now what to do

nice token leak

lmaoo

oof

@narrow cloak head to https://anidiots.guide, the long setup for correct setup

^ this. That link is pretty good for beginners

Deleting it won't fix. Gotta regen

why setactivity is having error

because you are doing it wrong

yeah

well you gotta regen it because I got it

what is the correct way

Im not gonna use it of course

because it is against tos

anyone know how to set the embeds color when a message includes a website link? like https://youtube.com is red

=m/ snipe [#development](/guild/264445053596991498/channel/272764566411149314/)

😩

what is the correct code for that

mta color?

@narrow cloak stop

@narrow cloak Read. The. Guide.

@narrow cloak head to https://anidiots.guide, the long setup for correct setup

READ IT

and regen your token

i want to read it from first 😩

and regen your token
@compact oriole why

mta color?
wdym?

@clever dust <meta name="og:theme" content="#hexcode">

because I have it

Thanks

nobody else should have it

so go regen it

as you posted a pick with it

Shouldn't it be regened already now because you posted it here

probably

as it got deleted

OMG i will regen

by Discord

Ah

well good

and everyone can have it with sniper bots

i changed

it was regenned

discord doesnt delete tokens

it doesn't?

is Discord dumm dumm

Let's test

I already tested

Whatever Affax is posting is 401 anyways

theres a bot in here that posts all tokens to github

which means you get insta dm'd by discord

Yo i'm looking for someone proficient in discord.py to work on a bot that I have been working on for a very long time. message me if you want to be apart of the project.

Whatever Affax is posting is 401 anyways
isnt 403 forbidden? not 401 or am I wrong?

401 is unauthorized

401: Unauthorized

but try to avoid leaking it in the future

especially clear as that

affax

what

you posted it here

twice

he regenned it

yep 403 is forbidden, 401 unauthorized

and you ask him to not leak it?

🤔

he sent a pic

with it in the pic

and affax posted it here twice

We got him to regen

and I deleted it?

@forest mirage

theres a bot in here that posts all tokens to github
which means you get insta dm'd by discord

It doesnt matter

yea

so that would trigger too

affax was just trying to do some good

calm the heck down smh

🙆‍♂️

https://luca.is-inside.me/fqEWWUhZ.png

I guess I was off by some though

Pretty sure you typed it wrong though

@compact oriole the F's look like E's

so

as he didn't get dmed

i regenerated if you wanna hack you f u k k e r s

We are a free blue team

yes

||Fuckers||
@narrow cloak blue team

Hello

anyone know how to set the embeds color when a message includes a website link? like https://youtube.com is red
@clever dust add a meta tag in the HTML head of type og:color and the content should be a valid CSS color
example:

<head>
    <meta type="og:color" content="white" />
</head>

@narrow cloak blue team
@faint prism what you saying

@faint prism what you saying
@narrow cloak https://en.wikipedia.org/wiki/Blue_team_(computer_security)

@clever dust add a meta tag in the HTML head of type og:color and the content should be a valid CSS color
example:

<head>
    <meta type="og:color" content="white" />
</head>

@earnest phoenix Thanks

i regenerated if you wanna hack you f u k k e r s
@narrow cloak if you call us fuckers we'll happily kick you out and/or never ever help you with anything again

we'll

we'll
@faint prism well he called all of us fuckers he didn't specify who

i dont tell you man i am telling the hackers

we r not hackers™

we are programmers (or most of us)

i am not telling any one or ia m not metioning

i am telling only hackers

moving on, lol

Did you replace your token in the script after regenning it?

yes man

@narrow cloak it is a better idea to store your token in a different file and get the token from it when needed. Atleast you won't accidentally leak your token when sending your code anywhere.

Plus most VPSs hide .env files from being viewable by anyone except the project owner(s) so you'll be 99% safe if you make your code public like me

Most VPSs proactively hide files?? Since when?

Plus most VPSs hide .env files from being viewable by anyone except the project owner so you'll be 99% safe if you make your code public like me
@earnest phoenix ok thanks man

@clever dust add a meta tag in the HTML head of type og:color and the content should be a valid CSS color
example:

<head>
    <meta type="og:color" content="white" />
</head>

@earnest phoenix nope, didn't work

Most VPSs proactively hide files?? Since when?
@faint prism idk repl.it and firebase hide a fuckton of files iirc

@earnest phoenix nope, didn't work
@clever dust maybe the spelling if color is colour

alright, i'll try

i think @earnest phoenix is a best moderator

he isn't even a moderator by the looks of role

i think @earnest phoenix is a best moderator
@narrow cloak what the fuck no i don't wanna be mod in the most cancer server on earth

repl isn't a VPS. It'd argue it's more of a SaaS

he isn't even a moderator by the looks of role
@clever dust i have no roles

repl isn't a VPS. It'd argue it's more of a SaaS
@faint prism saas means mother-in-law in Hindi

Exactly

lol

@clever dust i have no roles
@earnest phoenix exactly, you only have @everyone role

@narrow cloak what the fuck no i don't wanna be mod in the most cancer server on earth
@earnest phoenix watch your language

@earnest phoenix watch your language
@narrow cloak imagine saying watch your language on an app that is meant for teenagers and teenagers swear like hell

@clever dust maybe the spelling if color is colour
@earnest phoenix nope, still doesn't work

smh

@earnest phoenix nope, still doesn't work
@clever dust can you send the code?

oh wait....

i have a typo, sorry, i will try again lol

aaaaaaaaaaaaaaaaaaaaaaaaaaaa

aaaaaaaaaaaaaaaaaaaaaaaaaaaa
@narrow cloak wow seems like you're having a hard time being underage and using discord
press this button:

ImPhinton What could you possibly be typing this long
Oh

So im trying to make a mod mail feature and it works well but whenever the bot sends the embed to the mod mail channel it sends back a blank embed to the user. Is there a way i can make sure the bot only sends the messages that mods send to the channel?

elif channel is not None: 
                myEmbed = discord.Embed(title="Mod Mail", description=f'{message.content}', timestamp=datetime.datetime.utcnow(), color=0xa50eb9)
                myEmbed.set_author(name=f'{message.author.name}#{message.author.discriminator}')
                myEmbed.set_thumbnail(url=f'{message.author.avatar_url}')
                await channel.send(embed=myEmbed) 
    if message.channel.category == category: 
        TheID = message.channel.name 
        reporter = guild.get_member(int(TheID)) 
        print(TheID) 
        if reporter is None: 
            print("Member not found.")
        else:   
            myEmbed = discord.Embed(title='Mod Mail', description=f'{message.content}', timestamp=datetime.datetime.utcnow(), color=0xa50eb9)
            myEmbed.set_thumbnail(url=f'{message.author.avatar_url}')
            myEmbed.set_footer(text=f'Message sent by: {message.author.name}')
            await reporter.send(embed=myEmbed)```

it was copy and paste lmao

ImPhinton What could you possibly be typing this long
@faint prism he types his whole question in detail like a good boy so we don't die from weirdass zero-context questions

i like people like him

@earnest cloak elif???

Um what website does everyone use to code?

else if in python

I mean if one person joins a voice channel which bot give roles? And when the person leaves it takes the roles back?

elif

Um what website does everyone use to code?
@onyx jungle there is no single website we use whatever we like

I just wanna know which one is best because my bot is very glitchy and buggy

I just wanna know which one is best because my bot is very glitchy and buggy
@onyx jungle I don't use a website

I just wanna know which one is best because my bot is very glitchy and buggy
@onyx jungle read pins of this channel first

bruh i swear if its that one line im going to feel so slow

I mean if one person joins a voice channel which bot give roles? And when the person leaves it takes the roles back?

Copy
Paste

Delete

Tell me please

I mean if one person joins a voice channel which bot give roles? And when the person leaves it takes the roles back?
@shrewd shore you can't just copy paste your question and call it a day also your question is making ZERO sense to us

Which bot does voicelinks?

Which bot does voicelinks?
@shrewd shore search it on our website https://top.gg/search or try making the bot yourself

@clever dust try searching for Open Graph meta tags it'll show up with a lot of results that'll teach you how meta data with types like og:thing work. Also double-check your spelling of color HTML was invented in America and British English spells color slightly but significantly differently.

@earnest cloak can you use hastebin please https://hastebin.com

yea my b

yea my b
@earnest cloak b stands for a lot of things choose one

bad

bad
@azure fable i thought butt for some reason what the fuck is wrong with me

Good to know where your head's at

:P

Good to know where your head's at
@azure fable i don't have a head i have a skull with no hair or skin or flesh or brain a head has all of that

||find da joke||

Impressive

Im lookin

searchin

computin

so far no progress in installing MySQLi on repl.it

how in the world do i use hastebin

been trying to figure this out for a minute now lmao

step 1: go to https://hastebin.com/

how in the world do i use hastebin
@earnest cloak copy paste the code there and click save then share the link

step 2 copy-paste code to there

step 3: ctrl + s

Uhm i doing uptime bot. Its approving top.gg?

step 4: flood chat with steps to use hastebin instead of just putting the steps on hastebin then sending the link here

I hope i not banned

Actually

hastebin appears to be broken

for me at least

@clever dust try searching for Open Graph meta tags it'll show up with a lot of results that'll teach you how meta data with types like og:thing work. Also double-check your spelling of color HTML was invented in America and British English spells color slightly but significantly differently.
@earnest phoenix alright, thanks

yea i think its broken rn

wont let me save it for some reason

@earnest cloak nice pp

@clever dust when did i even help you with anything i just sent you off to google btw don't use duckduckgo it sucks

@earnest phoenix

@earnest phoenix bro i doing uptime bot and this banned top .gg?

if you have the file in VCS can you just link it from there @earnest cloak

OMG REALLY?

how would i do that? sorry if i seem slow but i literally just started to learn to code like 2 days ago

Well, is your code on GitHub?

Um what website does everyone use to code?
@onyx jungle https://i.imgur.com/Spaey7S.gif

yea

I am doing 5st bot lol

ok, you can just open the file in the github repo

and then get the link from that page

from your url bar

example: https://github.com/John-Paul-R/ooz/blob/master/bun.cpp

https://github.com/ImPhinton/PhintonBot/blob/master/my_bot.py

@earnest phoenix define "uptime bot"

Oh, I think your repo is private

er

Literally just ask a moderator if X is allowed for a better response

actually

just paste the bit you want to share here https://gist.github.com/

and share that

don't know why I didn't recommend that at start

Hi, why is iframe not working on Chrome for my site?

https://google.it/search?q=how+to+use+hastebin for hastebin

@strange mango How in the world are we supposed to know

jeez

Hi, why is iframe not working on Chrome for my site?
@strange mango open chrome DevTools and see what the console error is

you have given us 0 information

why are you like this

Hi, why is iframe not working on Chrome for my site?
@strange mango send the code please we can't help without knowing what you're doing

https://gist.github.com/ImPhinton/5bf7723c778e5ad01687d6fee11b1bce

got it

remove embeds

:P

Tfw nobody even watches my gif to the end

(discord)

Tfw nobody even watches my gif to the end
@faint prism I did

but embeds make it look "edgy"

nono, that wasn't a suggestion for your code

for your message lol

@faint prism i did

this seems odd

veri gud indeed

Is mongodb the only database? Also what does db mean?

why the heck int the id?

No

db means database

@earnest cloak what is the error that occours w/ this code

you answered yourself

You can easily find an answer if you Google that question @leaden rover

ok

How many people here knew that precursor for databases was file cabinets

though if you just search for what is db you might find yourself seeing gifs of Dancing Belugas

I was tryna get onto #starboard xD

Is mongodb the only database? Also what does db mean? :ConfusedDog:
@leaden rover database are used to store information that can be accessed later by programs
why the hell will there NOT be multiple types of databased in the world like any other application the community has got a HELL TON of variety of stuff for everything including databases
my favourite is Firestore

PostgreSQL

tl;dr: No

lol

so im not getting any errors, it works great the only problem is when the bot sends the embed with the message he got from the user to the mod mail channel it will send a blank embed back to the user because its picking up the embed as a message. im trying to make the bot stop sending the blank embed and only send embeds with the message he gets from the user in the mod mail channel.

Ok, great explanation, will take a look

Hi

I'm just leaving this here

sh

its a discord bot The use case is a discord bot

begone

no it's a programming language

..

No, this is patrick!

https://discordgift.site

@clever dust Try looking at the source for this site it contains meta data for the link color. Goto view-source:https://discordgift.site in Chrome for the source code without getting redirected to YouTube

Hmmm bulkdelete requires MANAGE_MESSAGES perm, if i want to delete my own messages in bulk is there a better way than just spamming the api with possibly 100 delete requests?

Hmmm bulkdelete requires MANAGE_MESSAGES perm, if i want to delete my own messages in bulk is there a better way than just spamming the api with possibly 100 delete requests?
@opal plank fetch the last 100 messages in the channel, filter it so you only get your messages then run a .forEach loop on the collection to delete them

@earnest cloak can you just put a conditional in the second bit like you did before

if message.author != client.user: ## Doesn't make the bot respond to itself

so that the embed is not sent back to the user from the bot's message

is there a better way than just spamming the api with possibly 100 delete requests?
@earnest phoenix

99.99% sure it's a no

also forEach(), cringe

ill try that

fuck, i guess i'll just add a stupid cooldown to it

Hmmm bulkdelete requires MANAGE_MESSAGES perm, if i want to delete my own messages in bulk is there a better way than just spamming the api with possibly 100 delete requests?
@opal plank no it doesnt. If you get an array of all the bots messages and use bulk delete it just deletes them normally

it only requires manage messages if youre bulk deleting other users

this is odd, there might be some weird ones passing thru though

cuz i am filtering

dunno how though

https://discordgift.site

@clever dust Try looking at the source for this site it contains meta data for the link color. Goto view-source:https://discordgift.site in Chrome for the source code without getting redirected to YouTube
@earnest phoenix Thanks, i just figured it out using ```html

<meta name="theme-color" content="hexcolor">```

@opal plank whats me

hmmm

wtf

it's not an OpenGraph thing

https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta/name/theme-color

baka

wait we use name instead of type when doing meta shit

*runs a quick botum eval to send a GET request to discordgift.site then JSON stringify it and send it in the channel*

*botum offline*

I use```html
<meta property="og:thing" content="Content">

property

@azure fable thanks that worked out for me

Awesome, happy to hear it

hmm if i'm looking for a developer to collab with

where could i ask for that

How do I develop

where could i ask for that
@fiery canyon anywhere outside here

LOL

@delicate zephyr are you 100% sure about the bulkDelete() ?

yes

cuz im looking rn at the botmessages with the debugger

every single one is mine

https://pastebin.pl/view/5acedfa9 opinion?

You've send me a js file

and said "whadooyathink" ?

do you want to to comment on code style? Is there an error?

Do you want me to recommend comments and documentions?

efficiency improvements?

What do you need?

@earnest phoenix

i need tips

sent him nude

@opal plank Have you confirmed that your bot is able to delete a single one of its messages

well, im lost then, cuz all of the messages are mine, none are 14 days > and i dont have manage_messages

(without bulk delete)

yes

though it should

that doesnt need permissions

xD

if you, from the debugger, inspect the variable botMessages, can you confirm that only messages sent by the bot are in there?

https://ptb.discordapp.com/channels/264445053596991498/272764566411149314/760545141881569340

yo

?

you are asking a question that i answered before

oh ic

definetly all of them are mine

Hm, then I am unsure

precisely why i asked Luke if he was certain of bulkDelete

Hello, I am having problems while extending discord structures. So basically TS Compiler is complaining about that the field doesn't exists on type of 'Message' (yeah i'm extending Message). I have made interface for it, but I would like to somehow replace the interface to my local interface of discord.js's Message file without needing import extendedMessage from "../../../../../interfaces/Message/IExtendedMessage";?

bruh

just import the interface and redeclare the module

so basically make extended typings for d.js?

make an interfeace of your own first to be attached on Message

then redeclare the module discord-js with the new interface

then import the interface on your index/other files

same name interfaces merge

so if you looking to add stuff on Message its as simple as making an interface called Message

when both on the same file they'll merge

could you guys rate it?

@ancient nova not the place

isn't development to share you work?

looks clean

meh whatever

not gonna sweat over that

ty

so basically this will work: ts import { Message } from "discord.js"; import Message from "../../../../interfaces/Message/IExtendedMessage";?

Maybe capitalize the P in Please when you say "please check out..."

idk, thats all I've got lol

@azure fable thanks

@delicate zephyr

oh noes

so basically this will work: ts import { Message } from "discord.js"; import Message from "../../../../interfaces/Message/IExtendedMessage";?
or does declare module "discord.js"; shortern this, to import { Message } from "discord.js"; when i add the extended message there? I use djs's extending btw: Discord.Structures.extend("Message", M => {});.

bruh for the love of god dont do that

basic coding tip

dont touch other people's lib

put your interfaces out of there

so i only need interfaces?

@opal plank they probably changed it then

i dont think it ever allowed it

the only one i see below is deprecated

so i only need interfaces?
also, I need to include both of the interfaces explicitly? There's no way that import { Message } from "discord.js"; imports both?

again

you need 2 interfaces named Messages

once you import them both, it merges

in only one file?

or do i need to import both in any file i use message?

(and sorry for being dumb, has been using TS for like 3-4 days)

for a second I thought this was some js voodoo I was unfamiliar with

then realized this is ts

i got Client declared in interfaces.ts

once they both get pulled in, they merge

so: ts declare module "discord.js" { interface Message { customField: string; } }will work, if i understood right?

and then import the interface in file i use them

i am confused how coding works

Jesus christ

this is TS, if u use JS ignore it.

k

lol

@restive furnace yeah

alright

https://hasteb.in/sijulice.js

help=

?

What is the issue?

problem=return message.reply("An error occured!");

if (!message.member.haspremission("MANAGE_MESSAGES"))

haspremission

ohnoes

lol

hasPermission

you mean .hasPermission

hasPremission is better ;p

lol

return is false why

ParseInt(args[0]) should be parseInt(args[0])

@earnest phoenix you should use an ide...

or at least learn how to use one

as most of these issues are shown as errors in an ide

or it will tell you what you can use (generally)

ok

every programming language is case-sensitive if you haven't noticed

yo

are you using d.js v12 or v11

v11

it's deprecated

go update it

yea

hmm

ok

use the newer one :P

most people have forgotten how to use v11 anyway

v11 is so bad compared to v12

plus the number 12 is composite while 11 is prime, making 11 more inferior

people complain so much about updates and breaking changes, but now everyone is used to v12 and shits on v11

yea

also, v12 forces you to make better code

with "forced" caching

tim would disagree with that ;p

you can get privilaged perms but most bots will have to use caches

tim and his insane lib saved my bot

hes talking about being forced to differentiate between cache and api

which i agree

Ah

The amount of aggressive caching that exists on djs is just insane, 669MB ram used for 266k members cached

xD

yea...

I wished you could choose what you cache

like I have no use for caches

I mean intents exist

But not much use

thats what my lib does

Tim did you add the new features of 12.3.1 to discord.js-light?

like my trivia bot that is a gameshow only uses a reaction collector

yes

What if you wanted to do a heavy task
But god said
JavaScript heap out of memory

laughs in 128Gb ram

i think the other server has 256 iirc

can I disable caching in discordjs?

Damn well i might just get a NASA computer

every programming language is case-sensitive if you haven't noticed
@sonic lodge php would like a word with you

SQL joined the chat

php is not a real lang

😅

i wonder if you can code with postgres

it has functions, might be able to do some tricky stuff

code a bot with postgres

Coding in postgres

Just make a new programming language called boatgres

wait no, code a bot with the ethereum blockchain

Best programming language ever

PostBotumSQL

wait no, code a bot with the ethereum blockchain
@compact oriole Weak, code a bot with a minecraft command block

Why :c

(

what is that edit?

ehmmmmm

Did you know windows comes shipped with built in tools so you dont have to humiliate yourself by positing poor quality pics?

^

@compact oriole its possible to disable caches in discord.js, but you need to heavily modify it. i made a lib that does that for you

well, the thing is that I have to use another lib that uses discordjs

kurasuta

it is sharding for ts

Tim saves boats on discord

BUT

I'll definitely use your lib when I make my own infrastructure

and I can use any lib

(as I do sharding myself)

Everybody gangsta until tim makes a lib that can be used on every programming language

isnt technically binary a universal programming language?

better? 😂

It's but not according to readable ones through, every programming language gets compiled to machine code as binary but you can't do
String string = "bruh";
In JavaScript as it's in java

Glitch

@earnest phoenix

@earnest phoenix (

is easier then visual studio

xDDD

is easier then visual studio
@earnest phoenix

who even uses visual studio for js?

vscode is where it is

making memes in sharex is some high iq plays

me xD

?

You don't open arrow functions with a parentheses

( => {

ahaaaa

ups

thx

its some high iq plays

( undefined => {} )

Is discord.js just not fit for large bots

because christ - why do they cache everything

cof cof

tim

because its general purpose

cof cof

i like caching

you sacrifice efficiency and speed to support all possible use cases

i thought it was the other way around

you sacrifice practicality when there's no memory cap

caching means you dont have to wait for api responses

so ti should be faster, no?

@opal plank at the cost of memory - which it'll run itself into the ground when it runs out of

im aware

hence why the host i use has 128gb

there are a lot of features that are simply impossible to make without caching

like checking permissions

speaking of which i need to make a similar thing for twitch

its gonna bea pain

thinking about cloning discord's bit permission for that

That's the best way to store binary permissions

thats what i assumed

no ability to disable this caching is a huge pitfall of the lib

juswt get 256Gb of ram bruh

might go to rust

pff

Caching everything consumes lesser time on doing something but takes memory

Not caching everything takes more time than usual because you have to fetch whatever you need which returns a promise and takes time to resolve, but takes low amount of memory

Efficiency is the matter here

it is a huge pitfall indeed

@earnest phoenix I'm aware - my bot holds no state and that's optimal

first discord, second twitch

its really not that bad tbh

256gb seems like overkill for a bot that uses 400mb

http://i.michaelwflaherty.com/u/alGdxBz6Ly.png

thats cuz i disabled caching on my twitch bot

256gb seems like overkill for a bot that uses 400mb
@cinder patio The more the better

caching legit 80% of every single user on twitch is quite a hefty and expensive task

Cached Users 0
=>
Ram Mb 379

this is a random question

256 gb is like 600 times more than what the bot uses...

why do bot owners incorporate eval commands into their bots

because they're stupid

@opal plank what is that ?

theres 5k channels stored along with some more stuff

@cobalt spruce my bot's dashboard

that's odd

eval can be used for getting basic and complex info.

Eval commands aren't even bad

It can be used for testing

@opal plank how u got it like that ?

i don't see any reason to put eval into a command real talk

it's up for debate though

it's a security issue if public

@cobalt spruce i made it

id like to hear why people use it

whats your think to ui

@opal plank isnt a web ?

There's literally no reason not to have an eval command as long as it's protected

this is good?

there's better ways to test - though

it's a security issue if public
@late plank Why make it public in the first place

wdym isnt a web?

@earnest phoenix because people are stupid

@opal plank is a web dashboard

yes, its a dashboard

Uwu

when we look at languages like go/rust you can't native eval without jumping through a lot of unsafe hoops that break the fundamentals of the language

Flazepe isn't stupid, he has a public eval, try to break it, it's Impossible

also i noticed some people have shell execution their bots?

what is the reason for this

@cobalt spruce

unless you can escape the VM

@valid frigate just to play around with - maybe testing code, but in general that's very bad and just don't

Executive commands through the bot for the shell without going to the terminal

that just sounds incredibly dangerous

you cant even pull stuff from the terminal

you can

what about images 🤔

rule of the thumb: if you dont know what you are doing, dont do it

native c++ bindins

not eval/exec

For example i have a exec command and my vps can't execute any bash commands unless i restart my bot so that's a +1

hi bros

this menu good?

my bot pretty much exclusively works through images, I use eval to test these images.

Exec commands aren't dangerous unless you have sudo

oh god

it is - any time you're allowing arbitrary code execution or system calls from user input, it's opening yourself up to vulnerability. Certainly to be avoided at all costs

weirdchamp

like real talk

🤔

actually

i wanna see how much ram i can devour

lemme re-enable user caching on twitch

brb in 30

Doesnt a lot of websites have public logins for staff?

yes

Way riskier than an eval no?

no

why not 🤔

Of course not

what do you mean by public login

as in, anyone can attempt a login

what

what

how are those even similar

Attempting a login != allowing anyone to execute anything

Brain.exe has stopped working

eval's are behind checks

dude

cmon man

ie
if(message.author.id === "myid")

🤔

i feel mad troll energy

which one is riskier

🤔

yours

why

typical username/password authentication is secure

how does a user fake their id to mine

Logins are different, how's logins risky in the first place

that's why it's used by every fucking site on the planet that requires login

guessing logins, you cant fake an id

can you?

because you're assuming discord ids are unique, and you're assuming discord is sending you their right id

IDs are unique

they're supposed to be

if you put an id check in yes, it becomes equally secure as a login

you would have to get my id, which couldnt happen

however

you can't compare the two

they are two different concepts

because ids have a timestamp

youd have to know that 3+ years ago id become someone who makes bots

IDs are constructed from a timestamp

yea

why are you comparing traditional logins to eval security

they are unique (because of the other part)

your saying its unsecure

dude

it's just as secure as discord's uid system - is that secure?

https://discordapp.com/channels/264445053596991498/272764566411149314/760561292372344842

sure, it also ends up depending on a login

no, it does not

????

if someone guessed my password, they would have my id

and get into the eval

@solemn latch that's another avenue of vulnerability unreated to discord uids

oh please tell

Logins are completely different, it takes your info and authenticates you to the redirect URI or whatever, evals are nothing related to this

precisely

comparing them is like comparing oranges to apples

I was saying if you can login to my account you have the id

LOL

listen to what im saying, not what you think im saying

That can't happen

why not?

Users are different

we have strayed far from the main point my guys

They precisely can't have your id

if you login to my account you cant use an eval on my bot tied to my id?

intresting

@solemn latch you can

okay then whats being said here

if somebody logged in to your account i think thats the last thing you would worry about

agreed

but thats not what my point was

just trollin

You went from Website logins to discord logins

Honestly - discord bot verifier staff should decline anyone with eval

this is out of their control

Incorrect

they only verify by what you say

not by the content of your code

it's certainly in their control, they just may or may not do that

or claim idk they hold you to your words

I still want to hear how you can fake discord user ids :/

people are dumb, your fault if someone breaks out of a sandbox or steals data

^ +1

anyway yeah

i guess it comes down to choice

Discord staff actually wouldn't care what commands you have, it's your bot your responsibility

if you want to include eval/exec it's there for you to use

^ knew a guy who didnt have a password on their database

lol

if it means you can steal data - it's a privacy issue

people are dumb, your fault if someone breaks out of a sandbox or steals data
i know one bot, and i broke out from the sandbox and crashed the bot for testing purposes how safe it was. and the answer was: it's far away from safe.

people can tell you not to use it but in the end your choice

Try to break flazepe's eval command, that's the real talk

someone broke out of a sandbox on a mod's bot in DAPI and deleted all channels

fun

^ that's the kind of shit that can be avoided if people just don't fuck with this shit

or literally just lock eval to yourself

What

L

hey guys

Security of an eval command even if it's public depends on how it was made

@earnest phoenix parading one person's example of what he claims to be "impenetrable" is just dangerous

and irresponsible

to the large majority of the people reading this chat

Well why not do the same

Security of an eval command even if it's public depends on how it was made
@earnest phoenix flazepe literally has an unusable public eval called aeon code the real one is locked to him

I know

ive audited that and turns out it really is sandboxed

require/etc doesnt resolve

not sure if it times out if an eval takes too long

It's based on a API

His evaluation command responses are returned from an api he made

@earnest phoenix if he's executing the eval somewhere else - that's literally nothing to do with what we're talking about

That's why it takes long enough for the responses to be made

Open evals are just playing with fire. You can lock them, but it's still remote code execution

@earnest phoenix if he's executing the eval somewhere else - that's literally nothing to do with what we're talking about
@late plank It's what we're talking about, eval is eval, it just depends on how you make it, not like every eval command of every bot is equal

Find open eval, starts bitcoin miner

So security here is just independent and impossible to say if it's actually risky in the first place or not

^ omg my point

finally :p

xss

@earnest phoenix rce = risk, period.

Another approach of securing public eval commands. without running the code in a sandbox is using a parser like acorn, check if the code contains keywords/variable names that are considered dangerous (require, import, eval, prototype, Function, constructor, etc...). I am not saying it's optimal but it is a way.

@earnest phoenix rce = risk, period.
@late plank tf is rce

there's no such thing as perfect security - I promise you

at this point sandboxed eval just becomes a calculator

I just hope no one here learns the hard way

which is okay, its about minimizing risk while still having useful things.

there's no such thing as perfect security - I promise you
@late plank That's what I'm trying to say, you can't make perfect security but as long as you make it look like it's impossible to breach it's security it's fine

for many bot devs eval is useful

Just lock to owner

my main bot has eval(command isnt even there) disabled, my development bot has it enabled.

I found what works for me

Even an eval that's running on a vm is possible to break, just you need to find the way

Everything is breakable

If i had my eval like that it would be on a separate vps tbh, but thats not needed probably.

Kill the vps server

then get charged for property damage

kek

I don't think anything harmful can be done if you disallow the usage of require, any way of executing code (eval, Function), the constructor and prototype properties, and also while loops. And maybe set a timeout, if the code doesn't execute in X milliseconds, stop the execution.

The point here is to either make eval completely locked to yourself and be careful on use or make an exact copy of your bot and name it test, test your things and if successful merge changes with the main

But there's no point in saying you shouldn't have an eval command because it's risky, it's your responsibility of using it because you're the bot owner, the person who made the bot and the eval and knows how it exactly works and functions

that's not even true

Or wrap around some security checks on it, and explain how it's not true

the person who made the bot and the eval and knows how it exactly works and functions

I'd guess that 95% of people here have no clue how eval actually works

feels bad man

Everything is breakable, including eval securities, including checking discord userids, including your discord user account.

The end point here is that, eval is risk. If that risk is worth it for you then sure, but it's not worth it for me and the security of my machine.

I just hope when someone joins here asking for help and you see an eval command, you recommend that they just don't.

Otherwise you are perpetuating unnecessary danger

Bruh, i mean how the command is made, the structure of it, if you have no checks whatsoever, don't do anything risky, nobody knows how exactly eval works because it can run anything that you don't even know

open source

well then again not everyones bot is open source

Quick question, what hosting provider would you recommend for hosting multiple Discord bots? I don't need anything big, but I need to be able to cancel easily, without any payments after.

ovh probably

galaxygate

cost wise galaxy gate or ovh

there's also witherhosting

oxide i hear is good

for the price

I paid like $2.99 USD for a 1core 2gb from ovh for a few years before I needed to upgrade

Everything is breakable, including eval securities, including checking discord userids, including your discord user account.

The end point here is that, eval is risk. If that risk is worth it for you then sure, but it's not worth it for me and the security of my machine.

I just hope when someone joins here asking for help and you see an eval command, you recommend that they just don't.
@late plank Eval is risk if used incorrectly, if you have no knowledge whatsoever and just copy others code then don't make one, only a person with no knowledge would evaluate something like this

client.guilds.cache.forEach(g => g.leave())``` but the thing is, "it's the owner's responsibility"

thats the best eval

@earnest phoenix you blame the owner, I'd blame you for recommending it to someone who doesn't know

@late plank @solemn latch @valid frigate Damn, I forgot about GalaxyGate and OVH, thank you for the help!

❤️

I'm not recommending it, how am i recommending it the first place, i said if you have no knowledge of it don't make one

the rare triple tag

shoot my eval command isnt even named eval, its just a string of random chars, checks if its me, and if its in a specific channel in a specific guild no one has access to.

even if someone could fake all three ID's they would have to guess the eval command name, and figure out what those id's are

Big Brain

AND its not even running on my main bot

if wearing three jackets in summer had a virtual form it would look like your eval command

LOL

its way over done

using eval command in the first place

fattest troll ever

I wonder what the other solution is

not using it

:D

:^)

😦

it speeds up dev time

Oh how about i go make my entire bot on a online code editor and let it run shit that i can't see so i can't test anything because of "risk"

are you upset

Big claps

yes

im crying irl

big meanie

I use eval in C#

no but really, is there another method that I can eval but not in command form that is more secure 🤔

Yeah, I was completely serious when I said just don't

im just a hobbiest, so i dont know the ins and outs of dev tools

what do you find yourself testing on it mostly?

quick testing of new functions

!eval 1+1

rather than restarting the bot 30 times as a clumsily code, i use it to quickly test that code

There's literally no way to test things on other stuff than a eval command on your main bot, it's like here i go put stuff on my other commands that are not eval and restart bot to see what they do

Unless here you go remake the native eval function

You should use a separate token/bot for testing

that's a given

i do

cool

Yeah - you can just test those new functions in the code itself

That's literally what i said at the very beginning

but the startup time is quite long

i use the same token lol

Even tim has a eval command

Can't argue with that

psh tim lives on the edge

used a json db too

yup

lmao

@solemn latch what impacts your startup time the most

bruh what

isnt for() dynamic?

is it a few seconds bad, or a few minutes bad

W o t? @opal plank

10-20 seconds

let variable
for(let a of variable) variable ++
somehow variable is retaining its non changed value

wtf

but thats 10-20 seconds of testing time

every few minutes

yeah, completely understandable, what's eating that time

?

loading assets

my bot renders images for games

The most time the start up can take is loading the dependencies you have installed

it saves significant time command wise loading them at startup

Uninstall most and see it go down

it would, but then the commands would take over a minute to run

Idk but i have 15 dependencies installed, takes only 7 seconds to start up

@solemn latch How many dependencies you have installed

its not dependancies

Edwin, what's variable? I don't think you can for...of loop numbers...

its assets 🤔

Assets?

https://cdn.discordapp.com/attachments/723921738462789682/760569922962718792/fight.gif

images

maybe over 1000 unique images

I mean, it doesn't render them at the startup does it

no

make the numbers unsigned so they can't go into negatives

its just easier to do it this way

i want it negative

oh?

well

makes sense

its to indicate how much you hit

What do you use to render those

gifencoder2

i was so proud :p

I didn't know gifencoder2 existed, i thought there was only one

the first one is super slow

How much time it took to render them anyway

rendering time on one was over 30 seconds

its 3-4 seconds on a ryzen something

3900x

single thread obvs

There we go , im caching users again

how bad is it

lets see how much ram this bad boy consumes

on djs?

me?

yeah

nah, my own cache

oh

nice

node in general has a large memory footprint with objects

it's insane

but yet again it makes sense

objects are just fancy dictionaries in js

it still starting up

should take a few minutes till it joins all the streams it had

2 minutes and 8k oof

23k in 4 minutes

cant wait to see how much ram its gonna use up in 3 or 4 hours

nice everyone tag

kek

at least they didn't atmods

because im internet famous

||Not really #development ||

nah, it was "dm for help" but people kept dming me for random things

didnt know what to put it as

Hey , I actually make a random duck picture command and it doesn't work. Can you help me ?

const get = require('node-fetch')
const Discord = require('discord.js');
module.exports.run = async (bot, message, args, client) => {
const {body} = await get("https://random-d.uk/api/v2/random")
await message.channel.send({
  embed: {
    title: ":duck: Honk",
    url: 'https://twitter.com/duckoftheday',
    color: 6192321,
    image: {
      url: body[0].url,
    },
    footer: {
      icon_url: message.author.avatarURL,
      text: 'Request by ' + message.author.tag
    }
  }
});
}

@earnest phoenix where did you define get?

at the top

the 1st line

oh I'm blind, I thought that said fetch

l0l

@earnest phoenix where did you define get?
@sudden geyser on the first line

Calling and awaiting get would return a response, not the actual contents of the response body

What must I do to my code works ?

See this example: js fetch('https://github.com/') .then(res => res.text()) .then(body => console.log(body));

Why a github link ?

an example

shoulda used example.com

;p

@earnest phoenix what does this mean
@earnest phoenix Cocaine 5x less addictive than sugar and 30x less lethal. I think the question it is quickly answered

Oh okay

http://example.com/dev/freenitro/nitroKeyGen2020Septemberworking.png.info.exe

It's an example. In your case, you'd want to convert the response to JSOn, which could look like this: await get("https://random-d.uk/api/v2/random").then((res) => res.json())

This would get the body of the HTTP response as JSON

example.com/feedme

oh look, free nitro

oh shit that actually is a page

any endpoint you visit on example.com returns that same page

ik but im amazed it actually exists

ah

what are the odd os me randomly guessing a nitro keygen on example.com with completely random odds?

"Internet Assigned Numbers Authority" owns it 🤔
https://whois.domaintools.com/example.com

My terminal show me that

: - o

MOOOAR

100k per 15 minutes it seems

pleb numbers

Meanwhile Erwin takes over the internet Twitch

i'd say a mil in an hour or two

dont worry guys, just webscaling

you can see the twitch ratelimiting my ass up in that top right graph

still waiting for the library dev to patch their internal ratelimiter