#dev-contrib

oh

I see

don't all embeds have colors?

well tags don't

Some of them are set to a black-ish color.

hmm why did that embed send twice

anyways yeah, some just use the default color

Somebody manually sent it.

its default (discord) then

I can only recall tags having it to be fair

I think all commands respond with color embeds though

Yeah those embeds have a transparent colour

For example, !help doesn't have a colour, but !rules does

Hmm we could add blurple color to help command

I think the best way would be to have a helper for it, so it’s all easy to change depending on the occasion. If we want to change the error color, for example, we just do it in the config for the helper. At the same time, we can have auto-set titles, like for errors with error titles

Yea, I think we should make constants.Colours describe actions/states rather than colours

eg constants.Colours.error is red

We could have both

Yeah i meant until we have the embed helper

For sure

Anything on this?

I'm @ work atm, so can't look into it too much

!remind 2h #dev-contrib message

Sure

So if no one has helped by then I'll give it a look

what is the context ?

Wikiguess game

Not sure

Maybe you can redact the answer

Redact like?

If you find part of the answer in the description you can replace it by [redacted]

Oh

will do

@green oriole what do u think of using add fields instead of separate embed for each snowflake?

We want to use a separate embed like we do for !role

It could be spamming tho

well it is restricted to staff that’s why

ig

Idea here, !whois bot. Let me explain in the virtual cycling world we use discord and have accounts/teams on zwiftpower. com We often what to find the Discord user on zwiftpower.com. I have built a whois bot. we do !zw whois set 123 and this links the user Discord to the zwiftpower profile.
Now the proposal for Python Discord.

• Add a whois bot that allows a user to link them to a whitelisted set of urls, github, twitter, gitlab, ... some place they might have a profile.
• Its optional and the user can update or clear this at any time.
• If a user does a WHOIS the URL is sent as a DM to them, do we want a notice sent to both users?
• rate limit?

How would this be different to the discord provided social links?

IE. if you look at my discord profile you can see my battlenet tag and my steam

let me look

you can add many different type of links there

spotify, github etc.

but I think the short answer is yes, because it would be specific to this guild.

I think that the Discord provided feature for this is fine, a good portion of our user base already use their profile to display these socials

I don't see social links

they are there

oh

on mine i have github and twitter and stufff

didn't recognize what those where

So then those are public in every guild?

yup

If you open Joe's you can see he has a lot more

Lol

lol

Back to my zwiftpower thing then applications.

is there a way to get or set this without viewing the user profile?

I guess that just needs to be a bot.

Bots cannot read or set user connections, no.

(without the user approving that access)

right

one of the things we need in the cycling teams is a way for the admins to get and set this.

Yeah, we don't really have the same need here, we leave that up to the users.

Thanks, it would be nice for all problems to be this easy.

The benefit of letting Discord handle it is that to connect a profile to Discord you must have it verified by Discord

so you can't just claim you are torvalds on GitHub and have that work

right

@vale ibex

@short snow You still need help with that?

Thank.

is this heading meant to be like this?

@cold moon You're an absolute superhero when it comes to implementing important features. Thanks!

pretty sure yes, those 3 roles are all same just different colour

oh huh. why are there three different patrons roles?

3 different tiers

Yup, those are the 3 different colors available to Patrons depending on which tier they select.

right 👍

I mentioned an issue about Seasonal Bot being mentioned on the website in #community-meta, is there something I should do about that?

I've updated the specific page you mentioned

Thank you!

Thanks for pointing it out 😄

Hey @gritty wind , anything on verification yet?

for unsplash?

nothing yet

Hmm, not like help but ways to make the question

am currently just using ak’s redact idea

@vocal wolf fedex assures me my parts will be here tomorrow

noice

What had happened?

gpu had continually shut down, with no way of recovery, this lead to a lot of lost work, to the point where i actually wasn't able to dev anymore

let me know if i messed something up!

this is my current logic for wiki guess game

well this is the only think i can possibly think of as of now

and fixes every bug i could possibly find

--

splitting on , ->
for Junction to match Junction, West Virginia

removing () and [] ->
for Call Me Lightning to match Call Me Lightning (song)

If it's still an issue, you could try to write a heuristic for detecting overly-complex titles.

If the random title is too complicated, then you can discard it and get a different random one.

like if it contains -+-*/[]{}()!@#$%^& then run again?

Also i have re-structured the trivia cog since it was huge and if i added wiki questions to it, it would be even huger

i will remove the pycache, was getting the __all__ through dir() hence it came there

trivia_quiz would now change to _cog

and the cog would be loaded in __init__

would love to get reviews on bot#1446

I'll take a look

Cool! thanks

So how do staff feel about this feature? The issue was put back into planning

It seems useful, but I wonder if it's necessary to support 10+ embeds, is it ever the case that someone sends more than 10 message links with their report?

senjan was ok with it, as far i know, and they suggested to post multiple webhooks in case of more than 10+ embeds

i don't think this can ever be a case tho

In terms of functionality and presentation this probably ought to be reviewed by people who use the channel

I can do a code review later

alright!

@vale ibex did u find any other method? For getting the question wiki guess? (I have opened a pr with my current method)

@clever wraith my pr still has few stuff to do

the wikiguess game

especially how it gets the wiki questioms

Alright! Just think it looks good so far

How are you getting them?

Check out the code, i think u must have seen it when u reviewed

What do you mean by “Idk man, you didn't lint” @clever wraith ?

You awesome descipriotn

description*

Oh, I see

I was a joke, my code is linted 😄

Lmao

I know lmao I was playing into it

Code looks good lemme test it once

I just have to read I'm not at my computer 😢

I don’t think you should approve a PR without testing

https://github.com/atbaker/wikipedia-question-generator How about using something like for generating questions?

Hello there! Where should I ask for candidate to maintain a project? My two co-worker disappeared, and doing things alone is not the best choice out there. I also don't want to leave the community.. Any suggestion?

I like the idea, but it is no longer maintained

Hello @hybrid oriole, you should ask in off-topic, this channel is for Python Discord open source projects :)

My bad sorry

I could implement it on my own

rarely did machine learning so could be something new for me

No problem

That's an interesting proposal, but I'm not 100% sure if we want to have ML in our projects, I'll ask others

Yeah. Had the same question hence asked here

Hmm how should I typehint this variable?
https://github.com/python-discord/bot/blob/5a8cbaac5a91bfa83a4971961b87cf676b555f50/bot/exts/moderation/watchchannels/_watchchannel.py#L63

defaultdict[dict[..., ...]]

in 3.8 it's still Dict right?

Ah yeah

I'm not 100% sure if there is a typing equivalent for defaultdict

hmmm

maybe just Dict? lol

But that's basically a MutableMapping

I guess I can alias it

Or Dict, yeah

typing.DefaultDict is a thing

So there you go

o

tnx

@short snow what type of setup are we talking in terms of ML

https://github.com/atbaker/wikipedia-question-generator something related to this

Haven't done anything yet just was found this and thought of asking if it is ok to use

hmmm

I don't think bringing ML into a project such as lancebot is a great idea

So should I just keep what it is like now

while it's a cool idea it's significantly above the current entry bar + lancebot is aimed to run on minimal resources

yeah

[python-discord/sir-lancebot] Pull request opened: #618 Wikiguess Game

Uhh

Will mention the to do and tada

Is there any chance that the bot's http_session may get get closed and re-assigned? Basically I'm wondering whether it's guaranteed that the bot's login method will only run once, so that I can store a reference to the http session somewhere instead of looking it up on the bot instance every time

Looking at d.py source it doesn't look like login can run more than once, even in the case of a connection reset or similar

But the login docstring in our bot subclass says "Re-create the connector..." so I'm not sure whether that may be implying something related

Ah this explains why it says that, so it's unrelated https://github.com/kwzrd/pydis-bot/commit/a21f4e63680e55149c33ee0bdde938281a8eb020

AFAIK we don't roll out new Http sessions right now, maybe we might in the future for some reason, but I don't think so

Oh well I just realized that I cannot safely do what I wanted to anyway because the session is still None at init time

Yeeeppp

But if you schedule a task in a cog's init that will access the session and try to make a request, is there a guarantee that login will have completed by then? (by the time your task runs)

It seems that we connect to Redis before instantiating bot to avoid that kind of a scenario

I thiiink so

It would be nice if you could still check that the instance us here and throw a better exception than an NPE if not

If sir Lancebot throws an error do all core devs get an email?

I hope not

Since I just caused a few errors

if it's the same error then no

we get one email per error type

Oof

Threw an error on production

Tried to make it send a message over 2k characters.

#bot-commands message

I threw perhaps the same error on both

Whups

we didn't get an email

Do you mind writing an issue on the bot repo for this? 😄

!src

@patent pivot told me it was triggered 3 months ago....

👀

p sure we have a ssue

https://github.com/python-discord/bot/issues/1366

But do you have the issue for sir Lancebot?

opened from the sentry issue you triggered 😄

I threw the same thing on lance

hmmmm

which commmand

Well

Snake snakify

#sir-lancebot-playground message

Afaik I can check uwu as well if I get on a computer

Just noticed that some of the dates on the .zodiac command are seemingly off by one day (e.g. last day of Aries is counted as Taurus).

How would I go about making a PR to fix this? Looks like I just need to change https://github.com/python-discord/sir-lancebot/blob/1df233eb6e5061f0ed6127d158f9414e2b7749a3/bot/resources/valentines/zodiac_explanation.json but not sure what the correct process of doing this is.

The formal process is raise issue -> core dev approves it -> implement fix -> raise PR -> PR approved by core dev -> merge to main

Sometimes for smaller fixes the first 2 can be skipped

(If a core dev approves it here)

Will the linter scream at me if I try to use a string as a typehint?

Thanks 👍

A literal string yes, str no

hmmm

3.9 brings that

I don't want to import the actual class because that creates a circular import

https://realpython.com/python39-new-features/#annotated-type-hints

Forward refs are fine

maybe you can guard the import with if typing.TYPE_CHECKING?

if it's only used to annotate

I will now find out what that is, thanks 👍

@vale ibex would I do this as a bug report issue?

If so, for the known impacted platforms should I just say all?

you can open a bug report, yeah

yeah, the platforms part is more specific when it's an issue of formatting etc

but if it's a logic issue then it naturally affects everything

Think I've created that correctly lol

Hey, made a small pr fixing this here #sir-lancebot-playground message

would appreciate if someone would review

sir-lancebot#621

Can someone reply to this comment bot#1234 and bot#1154

?

I deleted my message since I found the answer.

Why sir lance bot doesn't use YAML configuration like @stable mountain ?

For storing constants?

yeah

You can open a issue about that probably

it would easier than doing int(os.env(...., ....)) for every thing

bot designed as a fun and beginner-friendly learning environment

I guess they didn't implement it because its' a beginner friendly project focused on simplicity/minimalism

sir-lancebot#618 is up for review 😄

Have we found out the problem why .ttt is blocking?

https://github.com/python-discord/meta/discussions/85#discussioncomment-460910
What about this

What’s the context behind this one?

I'm noticing that ctx.cog.games is never cleared except on restart, and it's looped over fully in several places, like here:

        if opponent is not None and not all(
            opponent not in (player.user for player in g.players) for g in ctx.cog.games if not g.over
        ):
``` which could get ugly if the number of games gets high

Calling .ttt actually runs this/similar logic three times

.ttt history

its back... we can merge my PR then

after review..

Add this to the help command: py await ctx.send(ctx.author.mention, embed=embed) ^^^^^^^^^^^^^^^^^^

instead of sending 2 different msgs

I discovered this only because of TizzySaurus so credits to him

Its was an efficient feature so I thought I'd suggest it here

The bot only sends one message instead of two

I don’t get it, where do you want to add this?

!help

When you do !help in a non-bot channel the bot will send two messages

One saying "here's the result" and one the actual result

They're suggestion merging the two messages into one

ye

Your PR can be merged before or after we fix ttt, but that’s not the reason it is held up

Also we didn’t fix ttt

Just that it comes back online after restarts

!source help

hmm I don’t think that’s possible, at least not easily, we are using a decorator to redirect to #bot-commands https://github.com/python-discord/bot/blob/master/bot/decorators.py#L65

alright

also, whats the asyncio.sleep for the help command?

Which line?

Idk but there's an inactivity timeout for the help command isn't it?

How long is it before the bot stops responding to any further reactions

Yep, on the paginator

but it doesn’t use asyncio.sleep

oh

how long tho?

It is asking d.py for a certain type of event, and provide a timeout paramater

I think it is either set to 2 or 5 minutes

oh I see

thanks

@sharp timber You have ticked both (I want to implement, anyone can implement) on sir-lancebot#622

I've been going through the source code of the .zodiac command - re sir-lancebot#620 - and I noticed that there's some oddities, like for the .zodiac date command, the zodiac logic for capricorn is done manually, but then the rest of the signs are done in the zodiac_date_verifier? Is there a reasoning as to manually doing one but doing the other 11 manually? https://github.com/python-discord/sir-lancebot/blob/master/bot/exts/valentines/valentine_zodiac.py#L101-L106

If I had to guess

it is done that way to avoid problems with the calculation between two years

Yeah I think it is

future = datetime.datetime(year=2021, month=1, day=10)
past = datetime.datetime(year=2020, month=12, day=15)
past.date() < datetime.datetime.now().date() < future.date()
> False

Hey, there's a problem with the .easteravatarify command

It's really slow

cc @vale ibex

Oop

.avatareasterify

.avatareasterify

It types for about a minute

yeah I think all the pfp ones are pretty slow

.help

it is blocking too it seems

The blocking part is what chris was looking into fixing

Do 8bitify by comparison

not sure if anything can be done for the speed 🤔

Fair

.8bitify

It's a bit faster

But less processing I guess

that is definitely a little faster, but probably just because its a different operation

yeah

True

I guess we could maybe spend time making micro tweaks to speed it up, but even if it takes a minute, I think that's fine for what it is

It's probably not worth it

The only problem would be the blocking then

Chris's PR should reduce it down pretty much
I will give it review tomorrow

Yeah I guess that makes sense tbf

I would've thought there's an easier way but yea that works

There probably is

you can compare timestamps

It won't reduce the cpu load by much

but it will make it non-blocking

it would, the number of uses would reduce

and not run too many process at one time

Yea, it's a big PR, but most of the code is previous code that already existed, just moved into different files

When someone does .<some_group>, it sends help for that group, right? So when it does that, it uses ctx.send_help. Since the bot.help_command is commands.DefaultHelpCommand, it uses the (not so pretty) default help command. So I was thinking, instead of doing

await ctx.send_help(ctx.command)

We should do something like

help_command = ctx.bot.get_command("help")
await help_command(ctx, ctx.command.name)

I mean what would be better would be if we just subclassed commands.HelpCommand.

Why're we shifting sir lancebot to use poetry instead of pipenv? (Not complaining, I've personally been a fan of poetry :P)

We might not, we're just discussing it internally and wanted to give it a try

Full deets in the description of https://github.com/python-discord/sir-lancebot/pull/623

Ooh nice

Had issues with pipenv on my computer, poetry has always worked like a charm

Does one offer anything that the other doesn't? I think I read somewhere that poetry is used for packages or something

Maybe that's because of it's publish option

pipenv has scripts which poetry doesn't have, or so I don't recall it having it

I used the thing mark found for that

so you can do poetry run task lint

https://pypi.org/project/taskipy/

nice

Can it avoid creating a venv?

uhhhh

ah

yea

poetry config settings.virtualenvs.create false

Preferably use the env var in docker and ci

ah

founnd it yeah

alright just testing locally, build takes a bit because ffmpeg deps

what are we using ffmpeg for?

uhhhh

some voice commands on lancebot iirc

hm

any idea which ones?

I didn't know we had voice commands lol

just a cursory search shows none, but I didn't look too hard

lol I forget

spooky sounds @gritty wind

@patent pivot what voice commands oooo

.spookysound

sadge

ah

.spookysound

that probably doesn't show up in the help menu

seems we got rid of it now

yeah

but never liike

changed deps at all

Has anyone ever cleaned deps lol

poetry should have a command for cleaning up some things, but lobbing parts off and seeing what breaks would be needed to clean everything up

if it's in our dep file it won't be cleared up

isn't ffmpeg pretty heavy?

does poetry have a post-install hook?

or any hooks for that matter

to do what

we can use it to remove hiredis

though that's more of a hypothetical

hmm

hiredis won't even install so

Hm, wdym?

It's a required dep

Ah I didn't mean install then remove

I meant not installing in the first place

ah

If by heavy you mean 8 minutes of downloading apt deps, yeah

lmao

Thanks for the merge

@short snow I intend to action the rest of your comments too, just don't have time for the others rn

For example, #sir-lancebot-playground message . I think we should invoke the help command instead.

Alright not a problem

bot#1459 is out

Great work👏

@vale ibex congrats on getting mod!

What does auto review do?

Got it

this looks jnteresting

I can try to give it a code review once done. Does it need rhe site pr setup?

it does, yeah

Welp, that means i would

require a site setup and not use the docker builds

Big task!

you can use docker, it just requires some magic

I set up everything on my end by starting bot, site, and metricity on the same docker compose project

I meant using the docker compose of bot

since that takes it from ghrcio

And even need metricity,

youuu don't have to use metricity

but you will be limited in the data you can use

without manually populating the database

you can start up the bot without the site

Hmm, but u think your site pr makes it connect to metricity

docker-compose up --no-deps bot

yeah understood abiut that, thanks

Its given in the contributing guide on the site

wdym

You don't have to start up metricity, it will just tell you the user has no messages

Ah ok, got it!

Metricity even stores deleted msgs, so do you count them?

With joe's suggestion from ~20 minutes ago, not anymore

Ok cool

will role giving dates helpmin review, like contributor role given to them in this date, etc.

And we can make all the voice channels as one

Voice chat

I just realized I didn't limit the new commands to mods+

Oh lol

Dumb question: How do I fork the repo with Docker?

not sure what you're asking

Like in the auto review, you include msgs, top channel, date join, etc. We can include on which dates where they given whilemrole, like:

Roles:

1. Contributors given on {}.
2. Voice Verified given on {}

hmm

we don't actually have that info I think

probably, dpy doesn’t support it, any plans on storing it?

not that I know of

Worth doing tho.

We can include it in the !user also

I am getting the error

Traceback (most recent call last):
  File "bot.py", line 12, in <module>
    from bot import constants
  File "C:\Users\Osa\Documents\GitHub\sir-lancebot\bot\bot.py", line 12, in <module>
    from bot import constants
ImportError: cannot import name 'constants' from partially initialized module 'bot' (most likely due to a circular import) (C:\Users\Osa\Documents\GitHub\sir-lancebot\bot\bot.py)

When I try to start the bot.

What would be the use for that data? Don't think it's particularly important to keep track of

@floral venture how are you starting the bot? like the command you're typing into terminal

I am simply opening bot.py

so to run sir-lancebot I think you have to go do: python -m bot since it's running it as a module or something like that

make sure you're at the correct level to do so

I just tried that and it gave the same error but less long.

what level of the directory are you on when you run that command?

I am at C:\Users\Osa\Documents\GitHub\sir-lancebot\bot when I execute the command

can you back out to sir-lancebot and try it again?

Alright, I did that and after installing a few pips it threw a very long error that said Errno 11001

Can you screenshot that error? Also, can you check what fakeredis is set to ... somewhere amongst the config files?

Here is the screenshot, I could not seem to find the config files

yup, $10 that's a redis thing. Give me 5 seconds, let me grab where you need to set fake-redis to true

@floral venture In your .env file, do you have USE_FAKEREDIS = true?

I did not add that to the env no

Try adding that and that error shoooould go away

I added it and I get the same error

The env file is saved? Also can you change the line to: USE_FAKEREDIS=True

I was sure to save the .env when I made the change and I tried many different formats (The one you suggested being the first I tried.)

hurmmmm could you screenshot the .env file minute the bot token for me?

Here you are.

For the first one, can you change it to BOT_DEBUG=True?

Could it be the fact that I added CHANNEL_ANNOUNCEMENTS twice?

I tried that and same result btw

I would get rid of one and try it

I did that for both and got the same result

@floral venture well it's definitely a redis issue. This is from the latest pull of the lancebot?

I pulled it around an hour ago so probably

okay, let me pull the latest then

hmmmm, I just pulled it and with my .env file it works just fine.

@floral venture are you using pipenv or no?

I installed it yeah

@floral venture so you're doing pipenv install to setup the environment and then pipenv run python -m bot to get it running?

Should I just make an issue? It's been ignored twice lol

You're awesome Thank you so much for the help!

Alright I got ignored again I'll just open an issue

I don't really understand what you mean.

Why would you invoke a help command for a command that already works?

?

It uses the default command that looks not as good.

like this

.[http_status|status|httpstatus] 

Group containing dog and cat http status code commands.

Commands:
  cat Sends an embed with an image of a cat, portraying the status code.
  dog Sends an embed with an image of a dog, portraying the status code.

Type .help command for more info on a command.
You can also type .help category for more info on a category.

instead of this

see?

It might be a command that works, but it doesn't look too good.

Oh, that would be nice.

Ok, would that be a bug or a feature?

I'm thinking it would be a bug

Actually, I'll make it a feature

@sleek steppe you're not getting ignored, it's just I would need to really look into it and I don't quite have the time right now. Opening an issue is definitely the best way to go to get eyes on something

Alright, thanks!

What API is used for the .movies command?

IMDBv4 iirc

.source movies

Ok this is the source https://github.com/python-discord/sir-lancebot/blob/master/bot/exts/evergreen/movie.py#L55-L101

It uses the movie db

Hm, can I create an API key for free or does it cost a monthly subscription?

Pretty sure it's free

at least there's a free version of it

Ah alright, I can’t seem to find a link to the API website. Is it inside the code?

https://www.themoviedb.org/

This is in the code: https://api.themoviedb.org/3/

Here's the docs: https://developers.themoviedb.org/3

You can also do pipenv run start

buggg

the pfp is different and the author is different

(Sk9's pfp, and lemon is the author)

https://github.com/python-discord/sir-lancebot/blob/10b98e96714c03264ab0f0e168bd5e682e7b1315/bot/exts/halloween/spookyavatar.py#L39 it's using ctx.author for the image, instead of the user arg that is passed

yes

seems like a super small fix, whoever was working on making the image commands run in executors can add this in too

i will add a comment during the next review on it

@vocal wolf we should remove good first issue from https://github.com/python-discord/bot/issues/1427 and add deferred since there are problems in on_typing event of discord.py. Ig

@short snow you should discuss that within the issue so we don't lose this to time

i will comment.

ty

done.

was finding the context

hence took time

@cold island I had left two comments on your review on Enhance Incidents msg, did you check them out?

Thanks! I will check them soon

How do you get the emojis when running locally?

Are you referring to emojis like the trashcan?

Yep

For local testing, I'd recommend just replacing it with something else. For example, the trash emoji can be replaced with ❌

How do you replace it?

Are you on sir-lancebot or python?

sir-lancebot

In that case you really don't need to.

If you still want to

It's line 154 in the constants file

The trashcan should need to be replaced

just make sure to not accidentally commit your changes

The program runs fine without it

This one https://github.com/python-discord/sir-lancebot/blob/10b98e96714c03264ab0f0e168bd5e682e7b1315/bot/constants.py#L171 (line 171 in constants.py)

it will produce an error when you paginate or something

but it won't stop

Yeah I guess so

I think we should use 🗑️ instead? This is default emoji

@celest charm snekbox is made to run stuff from untrusted sources

I’d consider a user provided regex and input as untrusted

It would make sense to put a memory and resource limit on it

Also as for regex101.com, I mean, there is repl.it to execute code, but yet we have !eval

Keeping some stuff inside Discord is useful

repl.it is slow to set up

That’s my two cents on it

regex101 is instant

The only harmful side-effect of regular expressions is taking too much time. (given that their size is limited to 2000)

They can't do networking or launch missiles

They are memory based regex dos attacks, aren’t they?

no

time-based

Hmm okay

We can run it into another thread and kill it after a few seconds if that’s the real issue

In another process, maybe.

Because otherwise it would block

if the problem with snekbox that the formatting isn't great, we already do parsing for snkebox results

I just don't see the need to invoke snekbox. It's like using SpaceX to get to the grocery store

if the grocery store was on the moon, that would make sense

likewise

(must.... resist.... otn... a....)

What if there is a black hole between you and the shop

snekbox is for running arbitrary code

regex isn't arbitrary code

It is an arbitrary input though

I still think we're taking user input

and running it through an evaluation process on our end

lol, we're taking user input in every command

and running it through an evaluation process

which just seems safer in an isolated environment

should we run every command in snekbox?

that's not the same for every command and you know it

I mean, between converting a string to an int and executing regex there is a world

Regex is dangerous

it isn’t advised to execute regex from an unstruted source

While casting to an int is fine

I honestly don't see the pushback against snekbox

is there some reason that we shouldn't use snekbox

We don't run arbitrary code because it can produce arbitrary side-effects, like talking to the network.

Regex isn't "arbitrarily dangerous". It can simply take much time, which is mitigated:

1. By running it in a separate process;
2. By using the regex library

The same reason we don't convert strings to integers via snekbox.

^

So why don’t we do that

If you want, I can reopen my PR

and we'll discuss there

but I don't think I'll be able to work on it, I'm busy with other things

Sure

We have all the time in the world

Well, maybe not all of it

But still

again

I still don't understand why we can't use snekbox

this isn't as dangerous as running user code

but also not as safe as an int cast

Safety isn't measured on a spectrum. There are very specific things that can go wrong.

In case of regex, the only side-effect is taking too much time. Do you disagree?

I don't know, I'm not a regex expert

So? What's the cost related with evaluating random user input in snekbox

At some point our resources will be gone though

We can’t execute a regex for 10 minutes, we simply can’t handle that

That can be circumvented with the regex library

well, I already said how to prevent it

but still, the opportunity for doing something malicious seems greater than the cost of running in snekbox

that cost still being a mystery to me

I really don’t get where is the issue then

I guess snekbox has some overhead when transmitting over the network and preparing the process

But that’s nothing compared to running a somewhat complicated regex

The solution with snekbox will:

1. take more time to execute;
2. be more complex (because we'll have to construct Python source code for snekbox to be executed and interpret snekbox's results correctly);
3. take more computational power on snekbox side;
4. be harder to fix bugs in and to change (because you'll have to setup snekbox to run the command)

Doesn’t take any additional computational power

Snekbox will have to set up and tear down the Python interpreter

but yes, not too much

1. The time taken for snekbox is not noticeable, go ahead and try the eval command
2. I don't think that's really true, it's slightly more complex, but nothing crazy
3. Like starting it up?
4. That seems like a good trade of for ease of mind to me

I mean just look at the eval command

that has people trying to break it

all the damn time

I'm not saying it will make the command unusable. I'm just saying that that's the cost.

I don't think that's a cost

Taking arbitrary input and executing it seems like a no-brainer for snekbox imo

Resoirces wise, that’s a cost I’m fine with

It is worth the investment

!e print("this is instantaneous")

@gritty wind :white_check_mark: Your eval job has completed with return code 0.

this is instantaneous

It's not arbitrary code, for christ sake

Arbitrary data?

I also already said that every command takes arbitrary data.
Arbitrary code is dangerous because it can do harmful side-effects, like networking.

.>

Ok here are my final thoughts on this

Regex is input that we put through more dangerous evaluation that something like an int cast. There is no real cost imo associated with snekbox evaluation. Peace of mind can sometimes come at the cost of minor redundancies.

Okay, you can write the command if you want

"Interpreting untrusted arbitrary user input as an integer is unsafe. We don't know what happens if a user finds some special input that explodes the computer. So we'll do it in snekbox."

Excuse me for the tone.

My point is that if there's some bug in re/regex that causes some behaviour other than timeout, it's a bug, similar to a bug in the integer parsing.

Was the regex library timeout proven to be unreliable?

No.

Well, not sure why it has be rejected then

I'm not gonna keep arguing this. I don't think you're wrong

But I also think I'm not wrong

but its a bug. We can plan something might happen, but if it does, we may not know it happened. If regex were to break snekbox, then there's bigger problems, such as snekbox having a glaring security issue that needs to be fixed.
I think I'm following, correct me if I'm off here

I honestly think all three are good solutions, maybe there is one better than the other, but in the end they all work

If we account for such bugs, we should account for a bug in integer parsing as well.

I'm not trying to account for bugs in the std library

that's not what I'm arguing

I'm not saying you are

what I'm saying is that regex is a language that can be exploited, at least easier than something like an integer conversion

couldn't a regex command just be wrap a submission with some regex code and run it? Easy~~

If the cost of evaluating in snekbox is low

and the benefit is that it's less likely to mess up a critical thing in the server's infrastructure

Then I think its an ok tradeoff

that being said

I understand you wanting to keep things simple

and rely on existing tools

I just think the fear is not rational. You haven't provided any justification to believe that there is a risk of something other than time consumption in regular expressions.

well, other than that it's a more complex language than integers

If the timeout was proven to be unreliable, it will slow down our whole infra and make the bot OOM

We could just use re and wrap it in standard timeout prevention from stdlib

but why not use snekbox?

It's not about past exploits/current limitations exclusively

As a more complex language

<#dev-contrib message>

it is more likely for exploits to be found in it

then for something relatively simpler like type casts

alright, let's just stop this

If so many people are worried about potential exploits, alright, let's make it call snekbox.

I am okay with killing a thread after a certain amount of time

that should be safe enough

or process

Same. (can't really kill a thread, so a process)

Quick question. I'm working on improving the pagination (and the trash can) experience by deleting reactions that aren't from the OP, so how would I be able to test this code? Because as far as I know, @stable mountain is customized for this server specifically.

we have a guide on setting up the bot, and a server template to help you get it done

So you may need to take some time to set things up

you can find the guide

https://pythondiscord.com/pages/contributing/bot/

here

Thanks you!

sir-lancebot#624 🙂

Can someone review this issue?

Is there a more updated server template? I can see the one in the website for setting up the bot testing, but that doesn't have all the channels.

The template shouldn’t require any new channels

But it also doesn’t have all the channels

You just need the ones listed in the guide

Oh ok.

I was looking more at the config.yml file, so I guess I confused myself.

@gritty wind poke https://github.com/python-discord/bot/issues/1457#issuecomment-792985956

Oh

I can assign you?

We can remove the field name as well in the shortened version

I'll add that now

Can anyone look at sir-lancebot#624 ?

yes.

I can do this PR

smh

snekbox, pipenv has a glitch

How long does it usually take for someone to respond to an issue lol?

Depends on the problem/question/bug at hand, and the activity of contributes. Given certain circumstances, a response could occur anywhere from a couple minutes to a couple days.

Which issue are you referring to?

this one ^

It's not a big one

@sleek steppe approved. You can begin working on it whenever. Just a confirmation: You're intending to make .games send the first embed when help is needed?

Well, not only .games, I have a list. It's .snakes, .space, .emoji, .minesweeper, .movies, .status, .extensions (and its subcommands), and .bemyvalentine

Right

All of them use ctx.send_help

Sounds good to me

I'm also ready to PR now 🙂

You have the changes ready?

Well, not yet but I've pushed

huh

yeah go ahead with the PR lol

But next time I suggest waiting for an issue to be approved before working on it

Users have gone ahead in the past to make a PR and get rejected because their changes were not discussed

Sorry I guess I was a little impatient

np

yeah it's not a problem, it might just turn out to be a waste of time on your end if it ends up rejected

👀

help

I'm trying to run a snekbox, but having trouble with docker-compose

👀

That's probably redis

@fallen patrol try setting fakeredis to true in the env file

WAIT SNEKBOX USES REDIS?

why???

#dev-contrib message or FAKEREDIS=True in the .env

I don't think it does

but snekbox doesn't make http requests I don't think? Does it?

What's the rest of that error

👀

hm

I didn't make a .env

brb time to check how .env files work 😰

okay so

as I continue to find an issue i continue to fix the issue

docker was not running as a service

currently is building the image

snekbox doesn't use redis. That environment variable would do nothing.

ye

hm

what kind of request does snekbot what

!src e

That's the source for the command, not for the server.

no i know

the server is running now

I have to make the client part side to test it

…where does the bot make the requests

It's all in that file

which file

The one linked to you by the command above

ah

data = {"input": code}

and json equals that

👏

got a snekbox running now

bot#1452 needs review.

sir-lancebot#625 needs review 👀

!remind 5h ^^^ and chris’ move pfp commands

👀 why was snake snakify updated to use an embed?

@short snow

!remind 1s wait I can use this here?

@fallen patrol

Oh okay

Also, boop.

Of someone had answer

!remind 30M

Failed argument

nvm, am free now. Will review them

I'm quite new to docker, does the docker image for snekbox host the API on the local host? How would I use the API from a python program from the same local host?

https://github.com/python-discord/snekbox#running-snekbox

@cold island i have a question, is this the way, we use multiple line strings in bot or just your method:

review = f"They were nominated **{nomination_times}** before"
review += f", but their nomination was called off **{rejection_times}**."

I mean the way you use += to add strings

This isn't a multiple line string, I still want everything to be written in the same line, it was just too long to be written as such in the code. I could in retrospect do:

review = (
  f"They were nominated **{nomination_times}** before"
  f", but their nomination was called off **{rejection_times}**."
)

I think

I just went with the style that was already in the cog

Yeah, i meant why don't didn't u use () and used += instead

oh ok, might wanna change it?

Yeah that might be a good idea

should i add it is as a comment on my review or you will just do it

Either is fine

You can add a comment if you want credit for the change lol

my pr is gonna come like tomorrow, so your choice

lol, no need 😄

also the spelling of maxiumum in _cog is wrong

it should be maximum

but you haven't change that part, so i can't comment there

....... lol

https://github.com/python-discord/bot/pull/1452 one more approval/review is needed.

https://github.com/python-discord/bot/pull/1014#discussion_r531249324 is this right?

What do you mean?

like, all the arguments need to be on separate line

and

Well, yes

def func(
  a,b,c
):
``` is bad

ok thanks

127.0.0.1:8060/eval

Ah okay

And btw, is there any precautions I should take?

¯_(ツ)_/¯

is there a grammarly plugin for pycharm prof?

Doesn't pycharm already check grammer automatically?

There’s the JB plugin...uhhh...

Grazzle?

@short snow what do you think would be a good attribute name for the help command? Since help_command is already taken up.

I personally think the current solution is fine

We may run into issues of the cog is reloaded

Yep or if it's unloaded entirely.

Which hopefully doesn't happen

I don't mind have it error out of it is unloaded honestly

Maybe I should check if help_command is None and if it is use ctx.send_help

Or does it not matter

I guess we can have a utility function doing that

self.custom_help_command maybe

anything is fine

for me

hence i gave a approve

!remind 20m review chris's pfp executors PR (sir-lancebot#597)

oh great

!remind 20 minutes review chris's pfp executors PR (sir-lancebot#597)

Welp, try your best not pollute these channels

yup

how do I review again?

Out of curiosity

Is there any talk to update snekbox to a different framework

You look at the files changed tab

ok

You can talk to mark or seb about that most probably

Like removing falcon?

What is falcon?

ASGI framework? 😓

They are talking about nsjail most probably

Oh, no, the api framework

We are using falcon for the API framework

Cause I was going to mess around with ns_jail and possibly use it for my own stuff.

*snekbox

**with licensed credit

:D

I don't understand what you are asking

And since I intend to rewrite the framework to a different one, FastAPI, if it was already in the works I'd either wait or help.

Alright, I don't think we plan to change it

It works fairly well right now, and we only have one route

Cause I know a different point is planned to be rewritten

Yeah

I think that's the dB api to be rewritten in FastAPI

Ah yeah, we are going to separate it from the Django website and rewrite it in FastAPI

Ye

sir-lancebot#605 needs review 😄

So this is what I made for sir-lancebot issue#613. I hope this is okay. I'll then modify it according to the contributor guidelines if needed. Just wanted a staff member to kinda like review it...

https://paste.pythondiscord.com/zozekigasi.py

sir-lancebot#613

@left flume nice, maybe add uhh the ability to play against other players?

well thats something that i cant do...

but if im given some time, ill try adding it

!d discord.ext.commands.Bot.wait_for

but maybe it would have to do that in the dms or something.

Whre do you think I can put it?

thanks

why would it need to be in dms tho?

So they can't see each other's choices.

bot.utils.extensions I'd say

Would invoke_help_command(ctx, *commands) suffice?

oh, I see

I think so

why does this happen why I try to login to github

@sleek steppe issues with github apparently

oh right

Uh oh

Ok, it seems to be working now.

Isn't that for the extensions command?

Well, that's an utility to retrieve an extension I guess

Is checking if exts.evergreen.help is in extensions fine?

@tough imp Sorry, I'm having a bit of trouble understanding your comment here about the available_help_channels attribute. It does make sense that if an admin moves a channel it would get desynced, but what do you mean by "the d.py representation"?

https://github.com/python-discord/bot/pull/1414#discussion_r589386847

Also, I do think we should keep the dynamic_message attribute as we need to access it when checking if the ID can be edited at all when a channel is moved.

Okay let me explain ~ btw you definitely don't need to address that comment, it was just thoughts that I had when looking over the code

I've resolved everything else besides this so far, I think the feature is nearing completion.

how does the bot know when to unmute/unban someone? I know they store the timestamp in a db, but how will the bot know the timestamp is over?

So we're keeping a set of available help channels, but so does d.py, we use their representation when the set is empty:

self.available_help_channels = set(
  c for c in self.available_category.channels if not _channel.is_excluded_channel(c)
)

So what I was thinking is, could we always use self.available_category.channels and not keep our own? Because that category should remain up-to-date even when the bot itself doesn't move the channel. If you don't keep your own state, you lose the burden of maintaining it, and you don't risk desync in case someone other than the bot moves the channel

But I think the problem with looking at self.available_category.channels is that it may not be up-to-date yet - I'm hypothesising a little bit, but I believe that when you send a channel move request to the API, even if you await it, it doesn't mean that we've received the "channel move" event back from Discord, so the self.available_category.channels may be lagging behind

I belive on start-up the bot pulls the infractions from the database and schedules the un-do event as an async task

i see. thanks :))

That's an oversimplification, but in general I believe that's how it works

yeah my instinctive approach is to keep a local cache of the db and check it every second for any timestamps that match the current one, but I figured that is too resource intensive and also it's prone to error (e.g. accidentally skipped a second) - so that's a bad idea

but thanks for explaining anyway :)

There is a scheduler abstraction that the bot uses to handle this

But I'm not familiar with it

The skipping a second problem can be solved by checking if a timestamp is current or in the past

but the tasks system seems much simpler

and less resource intensive (imagine checking a database every single second)

The reason I create this set is to not include the how-to-get-help channel in the test server, and the #🔴｜cooldown｜🔴 channel next to the available help channels (if that's not not included already).

If you can live with a little imprecision, you could just query every e.g. 5 minutes, and un-do all infractions that are in the past

But having the set in general isn't the best idea, yeah

that's a compromize, i guess.

You could probably do the check in the database, so that you're not pulling the whole table every time, just select expired infractions

Imprecise but simple

Your solution is fine

i'm assuming SQL is better in this case (since the format is fixed, and it's much easier and efficient to just add a row)

actually, saying that, SQL is designed for a lot of queries so i don't see this being too big of a different tbf

I have another wild idea that I haven't put much thought into - could we utilize a channel change listener? That should receive all events, not only those triggered by the bot

And check if a help channel was moved ~ if so, update the message

But yeah, feel free to keep what you have

Yes, when I say database I usually just assume something SQL-based

Unless your infraction table is gargantuan it should be a simple select that gets processed very quickly

this server has a tendency towards nosql from what i could see; but I'm not experienced with any nosql except json so I'll prefer sql whenever possible

We have a ton of sql, especially for @stable mountain, but I doubt you'll be dealing with enough data for it to matter

so do what you feel comfortable with

thanks

we can keep the current implementation for now, then make a large change with a PR once we discover how to rework the desync. The current PR is now ready for re-review.

@tough imp Thank you for showing me de wey that self.bot.http methods are a thing, because I didn't know they existed.

I think so, I'm not 100% sure

Yea they are super convenient for when you only have IDs

ye

I dont think a Message.edit really does much apart from passing its own ID and the channel ID to the HTTP method anyway

Aren't they only a thing on a custom implementation

Or is bot.http standard on dpy

http is a part of discord.Client and that's how it makes requests I think. https://github.com/Rapptz/discord.py/blob/master/discord/http.py

the HttpClient class specifically: https://github.com/Rapptz/discord.py/blob/master/discord/http.py#L93

O

Grazle*

Why don't we have black code formatter in our linter?

If you want, you can try configuring black for your setup

That being said

I’m fairly against it, because we try to be as open and accommodating to as many styles as possible

While maintaining a workable code base

sir-lancebot#625 needs review. (finally got flake8 to be happy lol)

will have a look