#dev-contrib

quackstack#32

hm

quackstack#31

guess ill find it myself

quackstack#3

oh

right

its because it doesn't get all of them at once

Approve akarys pr, and you can get it here

lol

functionality should return either when akarys pr is merged or in about 30 minutes for quackstack

Yeah, it will be fixed by sir-lancebot#642

basically when it refreshes the repo list, 6 repos get left out

oh right I forgot it didn't get merged to main

Actually we also need https://github.com/python-discord/sir-lancebot/pull/665 to be fixed

one day

That's another blocker

one day i'll type docker-compose not compsoe

or alias it and dw about it 👀

Bash aliases

zsh

i would make an alias

Do I need to resolve the conflicts?

but then i have no incentive to fix my typing

ture that

idk if that was intentional but 10/10

If you could that'd be perfect

I can do it otherwise

Tpye like so much that your computer understands it. It worked for me.

@short snow ive checked out the code on your colors branch and the server error when saving the duck seems to have been reintroduced

uh is this a bug with .savatar

#sir-lancebot-playground message

there's a few random effects, one of which is to overlay some bats in the top right

since the bats are black, it's probably being hidden

haha that's hilarious

yeah I can do it

smh

lets add image color detection to see if the top is dark or bright 😄

That's overkill.

Just make the bats bigger.

Simple.

if i was serious I wouldn't have put the 😄

If anyone wants to put a white outline on this feel free

also ignore this, have pushed the fix for it myself

I'll add it to my PR for pfp modifiers

also i suck at git and realise how stupid i am lol

yeah understandable i heard

Cool, thanks!

@green oriole conflicts resolved

Sweet, thanks!

Wait I forgot to remove a comment

lol yes

Okaaaay, I think I have int e for Lancebot working, but I'm not well versed enough to test the features. @hardy gorge if you're around, do you wanna hop into my test server and see if I'm made the proper changes?

@green oriole I changed the comment btw

This invitation extends to others who are comfortable with our int e command and would like to test it but also don't want to break my test bot

I'm not around at the moment. I can test it tomorrow, though. In about 13 hours or so.

okie doke~ no rush

I can use this as int e practice anyway

What is int e?

internal eval

like eval but

runs the code directly in the bot, instead of snekbox

Oh I see.

Actual eval()?

!src internal

Ty!

line 218 there

I see it now. Ty

Ak's PR has now had 2 PRs into it 😂

Let's us do things like this:

That's cool!

what's that second role 👀

!remind 3H check out the poetry set-up and test it against pipenvs

Tomatoes

haha, one for something else I'm involved with that has a name I don't want shared publically

An old integration I forgot to remove really

So how could int e break the bot?

Since someone could run a command that directly takes down the bot or smth

Since int e isn't through snekbox

Someone could just like ```py
os.system("RM -rf bot")

?

It's locked to admins

I guessed as much

Internal eval accesses the bots internals directly, so you could theoretically nuke a server with it depending on the bots perms

So yes, an admin can technically mess with things

though the hosting server itself doesn't matter that much, the pod will just die and redeploy

bigger issue is messing with the discord server, or the environment secrets

Yeah someone could leak the tokens

Which would be bad, and illegal I think

Illegal in what way?

I'm not sure, I assumed it might be considered cybercrime

!src int e

it gets sub commands lel

yea

@thorny obsidian

Sigh

!remind 4d if the docs command still looks bad because discord changed markdown on mobile talk about making an issue.

is this before or after the rework?

Live

Whatever is live right now

so before

the rework is in a PR atm

it's still

in development

it fixes some issues

Note: they changed markdown in like the last few updates of discord

How did they change it?

Send a screen shot of the docs embed

ah, android

Used to have a blue title with visible ``

Now it has a `` title with no link

It's still clickable

Android is better

android is a clusterfuck

@mods targeted harassment towards Android users

Pls ban

(/s obviously)

!mute @gritty wind 12H good night

Huh the bot didn't even error

Wait

!unmute @gritty wind

I'm muted here, bye

Did @stable mountain even say anything

IDK, muted Scaleios I guess, I'm tried

tried lol

Smh

Oh I just realized it's impossible for some commands to become slash commands

At least with current api

Why?

Literally impossible

It's impossible to have a new line in an argument

Do you need one?

Snekbox

Oh, yeah, not for that.

I even tried at one point lol

I meam

It could be esoteric only

see: https://github.com/discord/discord-api-docs/issues/2381

limitation of the editor they use for slash commands UI, but might work with UI components so

we'll see

but this seems like a problem we can work around

but again, we'll wait for them to reach a more GA state

Alright, I think I'm ready to PR this

i know about that, I purposely waited for that, when the PR was opeend yours wasn't merged so I didn't keep it either, I was waiting for it to get merged and then do rebase into mine, will do that in sometime

ok cool!

yea it would have worked when merged anyway i'm just a bit of a moron with git sometimes

it should still work /shrug so no harm i guess

lol ok, I will leave it

the 10th time am getting this, konifer's commit and when someone merges the main into their fork's main

after lot of different stuff, this is the best i could get

Maybe round the time at the bottom to a few digits?

dunno, i like to be precise

Up to you I suppose

I uh thought @placid ermine was writing that.

he was

i was just messing up while reviewing his PR

Oh

Is there an issue for variable automatic slowmode?

We've touched on the idea internally, no issue specified though

timing it seems a good idea

i'm not so sure about the embed

would love a second opinion on this too

I don't think a time is useful to most users. It's just gonna be a distraction for readers.

The embed therefore loses purpose and just ends up unnecessarily bulking up the message

eh i like it - it's not that big, gives some insight into how long it took, and is an interesting technical detail, which is nice in a technical community imo

I wouldn't care if the stat was hidden but Discord doesn't provide us with a way to do that

I firmly believe that displaying the execution time is just bloat.

i mean by extension so is the whole latex rendering command. is it actually needed for the server? nah, but it's interesting and a cool feature, the time is the same - it's an interesting technical detail

That's such a stretch I'm not sure why you're even trying to make that argument.

its not?

The usefulness of rendering latex is far larger compared to the usefulness of seeing the rendering time

sir-lancebot is a bot that provides extra utilities that are not technically needed to operate the server, and by all means they're cool and make the community better, so why is another technical detail in a technical community bad?

Because this is an actually useful feature and not just a game or something for fun. So we should be mindful of readability rather than coming in with the mindset of throwing cool trinkets onto it.

but having a small string saying how long it took doesn't decrease readability

Maybe readability isn't the perfect term, but I disagree. like I said, it's just a distraction from the actual intent of the message being communicated by the person invoking the command.

i'd agree if this were some random non-technical server, but in a server full of technical people i just cant understand why a technical detail would be a bad thing

its another piece of interesting information which adds onto the command and just gives a little more insight into what it took

It's a distraction just like I said. It would be in any context, including a technical server. Exception being when you want to actually benchmark it for some reason.

i disagree but i see this is a pointless argument ¯_(ツ)_/¯

My thoughts:
– How much does that value fluctuate, it's probably either going to be very short or very long (examples I've seen are 0.2s-2s), and in the longer cases you probably know that because the command takes a bit to respond.
– We should definitely be caching the responses from latex if it is a task which takes multiple seconds, probably in a volatile cache that stores the last X queries. Generation time does not make sense in that context.
– If we do decide to include it we certainly need to trim down that floating point, 0.23289893932s and similar is just annoying, 2 decimal places maximum.

It's not even an interesting detail IMO because it's not like one would expect this to take a long time to render. It's more interesting when something does (or is perceived to) take a long time.

the pypi command was shrunk down. There's a bunch of avatar commands. There's a wa command too. Lotsa api wrappers that at a point lance has become an api client

so uh
do i add the embed/timing or nah?

If sir-lancebot#672 it might not be needed

alright then

Does anyone know how to get absolute URLs from response.redirect_chain in Django test client? Currently this is returning relative URL /path/to/page, but django_hosts reverse is returning full URL.

response.redirect_chain[-1] returns the relative url, on that you can just do request.build_absolute_uri(), to get the absolute url.

@thorny obsidian Is there a branch somewhere I can spin up and test?

I forked lancebot for it but I think I forgot to actually push my changes. I'll push as soon as I'm at my computer

@thorny obsidian nope what it does is create a file with the code inside and then with pty processes it runs the code interactivlly

How safe is this from untrusted user input? Our snekbox is very robust in terms of people trying to break it

didn't implement security against untrastud user input

but I can do it

should some logic be implemented on int eval to protect from forkbombs and etc?

So that's our cornerstone feature of snekbox. We can run untrusted user input. It's the most important part of the project so unless another implementation can do that it's not something we'll consider

Nah. Int e is admin only because of how powerful it is. If we need to guard it against admin input we have a larger problem

then when I implement security like snekbox ill come back

well i know about that, but you should always be on the safe side, what if someone finds a potential way of doing it?

Getting user input from stdout is not particularly hard even with current eval as you can patch it

Restricting the internal eval would really make it lose its purpose

tbf as my pin in #discord-bots says, even if you trust someone it doesnt mean they cant make unintentional mistakes - better safe than sorry

it is not that easy, I spent like hours trying to find a method

though given it's running on k8s any fork bomb or filesystem stuff wont affect much, and you'd have to be actively trying to do so to mess up server stuff like channels/whatever

so really i'd agree that validation is not super necessary here

Messing with the system is not that impactful compared to what you can do with the server itself

yeah that's what I meant to say

true, but again you have to be trying to mess up server stuff

There is no way to really mess it up considering that almost any programming issue will lead it to reach a resource limit and restart

at which point again you have bigger issues

I am fairly confident that it will recover itself from potential problems

If you are deleting the whole server because of a programming error there isn't much we can do to prevent it

we could prevent it from deleting resources

Well admins already used it to delete some stuff

And our mitigations to be safe for this revolve around how we deal with the admin role itself. I'm wary of trying to build in protections into snekbox if that'll prevent us from dealing with raids or investigating issues.

The whole goal of int e is that it isn't restricted

Accidentally messing with it sounds like it'd lead to a short downtime at worst to me. You can't restrict it whole without limiting its uses and if only some things are limited it can be (accidentally) worked around

I think we can safely assume that admins will only run evals they are 100% sure will work correctly

i know our staff is smart and has lot of verifications, but sometimes mistakes can happen, like it happened on coding den, and they got raided

even if you do try to restrict stuff, as @slow steppe and myself found out it's a futile act regardless, in combination with all the other points about it being admin only etc.

Coding den was a social engineering thing, limiting int e would not have prevented that

anyways, i have been awake for 26 hours and just did 32 miles of cycling so im gonna go to bed and die in peace

... How

i didn't say about their attack, i was pointing to mistakes

Well context is important

Do you think we should put restrictions in int e in case an admin account is compromised?

But I am wary of limiting int e because if we're trying to troubleshoot an issue and we build in protections that prevent us from properly troubleshooting... that defeats the purpose of int e and then we'll just remove the protections and continue on as normal

with 2FA as well, I think it'd be safe to assume that this won't happen right?

If we do have restrictions, admins should be able to bypass it

maybe it would ping admins, and then wait for an admin approval

or am i overestimating how good 2FA is

Again, the more impactful harm int e can do is that it can nuke the server. But we won't have a good way to prevent that without overengineering it to death

2FA won't protect against token grabbing

It will protect against known passwords though

oh right I didn't think of that

Waiting for a second admin to run an int e is a big blocker. Especially in the case where we're just checking info like who has what role.

Listing who has a role should be a command tbh

We use it for more complicated stuff like the find out who is just a mod. So we need to subtract out those who have admin roles, etc

We could have ways to select which roles to include and which ones to exclude

But that's out of scope for now I'd say

int e is used for more standard things than checking roles

can't think of anything smarter as of now

But that's just an example. There are other int e things we do where it's just querying information. I don't want to focus down on an example.

yeah I understand

ohh no not leaking my token again

I don’t think limiting int e is something we’d consider at all

The whole point is that it’s a direct eval in the bot instance

Would it be plausible to just find/replace the bot token in all int e outputs? That way it's not really restricted or anything but you can't just grab the token without at least a little bit of extra thought and playing around.

Honestly, if someone gets access to int e and they're a bad actor they don't need to try to find the bot token. They can run whatever code they want already.

If you get access to int e, you can already destroy the server without it

Admins can mass ban, mass delete, and do other mass destructive things

Does @stable mountain have admin?

I don’t think so

But if you have int e, you have access to an admin account

Specifically the admin role

for 1) what kutiekat just said, and 2) its not really possible. There are so many ways to get it, and even if u replace the token from the output str, there are many ways to get around that type of filter, ie returning set(self.bot.http.token) or returning self.bot.http.token.replace(onechar, anotherchar).

set would not be helpful though

I mean if someone really wanted the token they could do it like that and just copy paste each letter or whatever

set is unordered and doesn't have duplicates lol

Token[:-1]
Token[-1]

Put the two together, and you’ve got the token

I don’t think the token is that big of a concern though

If you already have the eval, what does the token grant you

Connect to all types of databases using python and then download the database? - Any help to get me started please ?

My goal is to do the following to reduce my day to day work labour-

Write a Python script that will take my Database type - Oracle, Mongo, MySQL, PostgreSQL, Microsoft SQL Server, SQLite, MongoDB, Redis, MariaDB, Firebase, Elasticsearch (any other type if there is any other type) My USERNAME and PASSWORD Then if I give a table name it will allow me to download the Database file - DB_file.parquet (etc.)

That's just my goal to download that DB. Please tell me how to start the process, I could use some ways to start the process for this. Please I request someone to help me out.

I'm new to programming, I'm a non-tech person trying to learn to code, only did some basic python PCEP certification.

Hey, this channel is for discussion about pythondiscord projects

If you need help, check out #❓｜how-to-get-help

Or #databases

internal eval, executing code live on the prod bot

If you have access to int e, you don't need the token.

Anyone who does is trusted.

So there's no real need to secure anything imo.

And probably already has the token

Hmm we don’t really

I mean I can probably ask Joe to give it to me

But I have no reason

Oh I thought it was a team application lol

All I'm saying is that there's no need for extra security in int e.

Besides role validation.

Maybe it is, but I’m not on the team lol

ah

It is a team app but only the owners are on the team

We access protect most of our passwords/secrets as need to know

Ah yeah that's true I guess.

So the @stable mountain role is above the admin role?

They mean that admins are the only ones that have int e access, so anyone who can use int e already has admin perms

admin can't ban as fast as @stable mountain tho 👀

I mean if something like that happens I'd guess that the admin in question would self bot

nope

Is that for the sake of security or just cause?

it's just the way we've got things set up

Okie

We are continuously improving security, a lot of our devops and moderation tooling works under a zero-trust architecture (https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/) and as I mentioned our credentials are shared on a need-to-know basis with admins and preferably use RBAC as well, so it's not unforeseeable that in future we'll look into securing features like internal eval, but I think the aforementioned solutions here are not useful from the proactive front.

However, I would not mind seeing this feature implemented anyway as a reactive measure, not as a security measure but more as an incident prevention measure. If an admin runs a snippet somewhere that accidentally returns an object which reveals the token then that token could easily be compromised. We don't need to try counter bypasses through things like character replacement or base64 encoding, just the most simple case. I think that a filter so simple is worth implementing.

I agree.

Extra security features are pointless, but checking whether someone else might get something they shouldn't is smart.

@fervent sage can't say a bug, but yeah this needs to fixed

Just have a max_concurrency check

that would max_concurrency spam then ig

true

Won't it only send once though?

lemme test

Just

If the command is itself, don't do it

It Shouldn't be able to time itself

mhm

looks like max_concurrency needs a error handler

nope it won't spam, it will just send it once

i will comment on the pr quick

Or is just zith

Xith*

But, that would prevent two people from running the command at the same time.

No mortal being can surpass @stable mountain's muting speed

Nope, it takes a bucket.

Wdym

oof

https://discordpy.readthedocs.io/en/latest/ext/commands/api.html#discord.discord.ext.commands.BucketType

yeah that ^

wait

!docs discord.discord.ext.commands.BucketType

Wtf

that's stupid lol

WHAT THE FUCK

I mean it makes sense but at the same time like

why

No it doesn't make sense

!d discord.ext.commands.Bot

??

That's the bot

Why is the bucket type in a sub thingy shit stuff

Nevermind, that makes no sense

Yeah

I gtg

VACCINE

have fun

let's keep things chill, please

@patent pivot while you're here, any idea why this is a thing?

I thought it'd make sense, but now I'm just confused

as in likeeee

why it's discord.discord?

ye

hmmm

probably just some weird logic on how we fetch the relevant inventory to scout from

Isn't that part of the class docstring?

I can't load the docs I'm on mobile haha

Yeah but BucketType links to discord.discord.ext.ect when others ink to discord.ext.ect

https://github.com/python-discord/bot/pull/1414 needs more reviews

https://github.com/python-discord/bot/pull/1446 same here

Only staff should review that one, right?

Since it's Sentry?

If not, then it looks good to me.

It doesn't have anything to do with sentry

Okie

@tawdry vapor for this PR, is there anything else I should look into besides what we've already gone over (status codes)?

I don't think

I just didn't get around to testing it after you fixed the config issue

alright

ty

They used the normal class directive instead of autoclass that everything else uses on the page and it stuck on the module name to the front when building the html for the id. It's a bit more prominent in the pyside docs where everything looks like PySide6.QtCore.PySide6.QtCore.QObject

huh

https://github.com/Rapptz/discord.py/commit/296bd069c106edfe848ae851bb207fe22784c4da i think this was the hotfix after I asked in their server

also, do we need this converter anymore? https://github.com/python-discord/bot/blob/0cdcaf3e44eac0d64a3ad0c8eda82171a3b4f42b/bot/converters.py#L492 the UserConverter already fetches the user if it wasn't found in cache(since v1.6)

Feels somewhat hacky as it could've just been setting the current module to the actual module and only specifying the class name, but then I'm also not completely sure how the autoclass ignores the module name before the class names as I'm not that familiar with sphinx

dawn and toxic have you guys tested the pr and then approved?

ig yes, i wouldn't fire up docker

so you have test it?

mhm. It worked fine for me.

@tough imp since you reviewed before, I'd like your opinion on the current state.

I'll take a look once I get out of my post-food coma

but I probably cannot test; I dont have help channels set up in my guild

rip

Ik that @short snow has help channels set up

Yep

oh come on! flake8 passed locally

Happens all the time 😔

bruh

the pre-commit hook isn't catching this either

It's the same error too

Also this is interesting

I get this error for help channels

https://paste.pythondiscord.com/ipehepayej.sql, I think I have the wrong version of arrow

because I don't get that error in the shell

Wrong versions of packages?

smh

Sir-Lancebot#673

i-

sir-lancebot#673

ok.

We need that better regEx lol.

for this, i see a hardcoded url to a pydis site but shouldn't it be an internal url?

that same line of code on @stable mountain is https://github.com/python-discord/bot/blob/0cdcaf3e44eac0d64a3ad0c8eda82171a3b4f42b/bot/utils/services.py#L24

god damn fucking finally.

@gritty wind @green oriole As an FYI, with a blank install of Sir Lancebot with the usual pipenv sync --dev and with the precommit hook my flake8 was passing locally but failing github actions. No idea what was going on.

Local stuff goes brrr sometimes.

Let's test out a poetry install though

Is poetry nice?

no idea, but I heard it's faster thank pip locking

*pipenv locking

That sounds like the yarn vs npm situation.

npm is older so more accepted, while yarn is better in performance.

Very

oh wait i should put this as a comment on the pr by @thorny obsidian

huh?

Oof, too tired to install 3.9. Poetry testing will be another night

you have a hard link to the website when it probably should go off of a config

which is exactly what @stable mountain does

Do you have a link or file w/line number?

yep! linked above, follow the reply chain

not sure I'm following this

this? https://github.com/python-discord/bot/blob/0cdcaf3e44eac0d64a3ad0c8eda82171a3b4f42b/bot/utils/services.py#L24

yes

That's python's though?

that's not hardcoded

yes that's my point

okay so

context is above

pls read

I get the argument about hardcoding invites

I don't get this at all

So you replied to my PR but you don't provide any additional context. I don't know what you're specifically talking about

ohhhh i didn't give the line number

I don't get the argument here

I think they're saying that instead of having the url hardcoded, it should be referenced from a config. (I don't really agree)

the paste service is:
a) always publicly available
b) always going to be on pythondiscord.com (we're always going to have that domain)
c) very very easy to change and not volatile enough that it warrants the addition of a new environment variable

what is it? I am so lost

so no, this should not be hardcoded

paste site domain

one sec I'll get you the actual lines

https://github.com/python-discord/sir-lancebot/pull/673/files#diff-e18d2dcfdc67985ffeeaf22633de1a1df116025a157b43b3be3acb6d969ec396R83-R95

https://github.com/janine9vn/sir-lancebot/blob/341908df150b6129055c970c7d2a8d36d76a4bfe/bot/exts/internal_eval/_internal_eval.py#L87

yes, and the reason for it to be like @stable mountain as in both from config

So... I should put it in config?

nope

it's fine as is

for these reasons

then why does @stable mountain do it

because python has a config system

Okay cool. I generally trust Seb's implementation of int e and tried to keep it intact as much as possible.

oh and sir-lance doesn't

just because Python does something doesn't mean we have to do it on lancebot

yes, sir lancebot works entirely off environment variables for now

and even if we did, this is such a minuscule item in a PR which is never going to be important for the reasons above

we aren't deploying an application which has to be future proofed, if we need to change things we can just sed on the source and update very easily, it's not something that needs configuration

okay turns out I wasn't too tired to try out poetry wheeeeeeee

lol

it's p good

^

what's the poetry command to actually start the bot?

lancebot?

we don't use poetry on lancebot yet

You have a draft PR for it, no?

ah yeah,

the draft PR is poetry run task start iirc

eeeey there we go thanks

I was trying poetry run start and poetry run task but not all of it together

Is pretty nice

(bump on sir-lancebot#668)

imagine contributing pr 666

@sleek steppe do you ever just want to cry

ono

i just removed 'valid' from it

lol

valid isnt important enough for me to care about changing stuff around it to accommodate its existance

spot the missing . aAAaaAAAaa

Github app is not being informative, what else is needed to approve the PR?

reviews

Core dev or anyone?

lol

will have a review now

uhhh

approve mine and i'll approve yours

let's see

yeah it's core dev

wait nvm

yeah chris approved

so just any staff

forgot chris is core dev now

Cool, I'll see if I can review it in the morning if no one else has yet

im gonna dedicate the next 15 minutes to breaking the .timed command i made

@fervent sage shouldn't you use constants.Client.prefix instead of doing .help

or maybe just ctx.prefix

already fixed but not committed

trying to break it first

ah

review left on sir-lancebot#668

lol

looks like ive fallen back into conventional commits (which is a good thing, but consistency lol)

True

so uh for the latex thing
it takes at worst 10 seconds on my laptop for the weirdest of weird expressions, for normal expressions it rarely takes over a second, and almost always remains <2-3 seconds

also, i have never cached anything in files

how does that work
like
it's not like i just dump a dict in a txt file

I'm not even entirely sure why there's a github app

I use the mobile browser for all of my github needs because the mobile app is missing so many features.

I'd been meaning to ask you about this haha why'd you stop in the first place?

github app is nice

it'd just be calculating a hash of the query (probably with hashlib) and then writing that as like _latex_cache/{hash}.png

oh

then before you generate one the next time you hash the query again and check if it exists under _latex_cache and if so send that, else generate, save and repeat

that's simpler than i thought

i think

your call, if it's consistently the same time it's fine, and we're using an executor so should be good

Only if it had find in page 😔

I feel like a cache wouldn't be too useful though as usually latex expressions would probably be pretty unique. Sure, definitely help out a bit but not sure if it's worth it tbh

I'm inclined to agree but I don't mind if someone wants to implement it just cause they can

consistency with most other commits in pydis so it looked odd

from now on im just going full conventional commits because they're nice and i do them by default

How? You can't even copy a link to a specific line.

Note: android

for what I need to use it for it works well

stuff like deploy approvals, issues & discussions and GitHub Enterprise it's good

how about clearing the cache

when should that happen

latex renders wont change, cache clearing doesnt matter, if it happens it happens

in production it will automatically happen on restart, there is a use for clearing to prevent the disk from filling (unlikely but ¯_(ツ)_/¯). I guess in that situation we say "store maximum 100 files and delete based on oldest used time"

aight, so i don't have to worry about it, right?

my take is:
in production which is the only place it will be long running since its specific to pydis it's gonna get cleared on restarts
not in production it will be ran rarely ever or at most infrequently, so size likely is of no concern

I don't foresee it cropping up. It'd be nice to have the logic in place eventually but I'd be happy to work with that if an issue is opened and it's fairly low priority

nice

done

_latex_cache is supposed to be at this level right

from django.views.generic import RedirectView


class CustomRedirectView(RedirectView):
    """Extended RedirectView for manual route args."""

    @classmethod
    def as_view(cls, *args, **initkwargs):
        """Overwrites original as_view to add static args."""
        cls.static_args = args
        return super().as_view(**initkwargs)

    def get_redirect_url(self, *args, **kwargs):
        """Extends default behaviour to use static args."""
        args = args + self.static_args
        return super().get_redirect_url(*args, **kwargs)

Why does routes to what I don't pass static args have static args of other routes?

Hmmmm I see your fix commit, those empty lines definitely need to be there. Could you give me the output of pipenv run pip freeze on your install when you have a second?

uhh, do we really need latex cache? It is pretty fast already, and mostly the latex equations are different

I also think cache is not necessary, because chance that between redeploys command get executed twice with same input is really small

Are we really gonna render the same latex command many time in a row? I don't really think so, sounds like something that should be solved with a rate limit

i don't really like the idea of rate limiting it tbh
if the command is being used chances are that it's being used as part of a longer conversation where other people might also use the command to follow up

Caching sounds a bit over engineered for a feature that we don't know how often it's going to be used and how. If it's going to be used in the middle of conversation then a modest rate limit should be barely felt. So let's start with that and then consider adjustments when we have usage statistics

I will also argue that a minimal rate limit is necessary even with caching.

I also think we should rate limit resource intensive tasks

Although we have automatic mutes

Max ratelimit what is reasonable is 5s, not more

agree

My reasoning for cache is to prevent DoS attacks, but it people are in consensus otherwise then that's fine

We could put a user cooldown+guild cool down on it

No, if user start spamming with it, @stable mountain catch this user

Still would leave us open to a ddos with multiple users

But we have that when worse with the pfp stuff anyway

Sir Lancebot is not so important service, and we have resource limits in k8s

We shouldn't rely on that, but I guess so yes

We could put a max concurrency on it

Then we have the choice to queue or cancel

Shouldn't it be in the same class as the other image-based commands?

Chris iirc you were working on queuing those

Image stuff isn't in the same cog until my pr is merged

Yea I've got them in executors but not in the same concurrency bucket with this pr

yeah I think that's fine. Whichever gets merged first we can adjust the other

Max concurrency doesn't work with groups out of the box

So need to implement a custom bucket

That should prevent any possible DoS attacks

or well

mitigate what they affect

Is there some sort of cooldown for that custom bucket?

It doesn't exist yet, so there could be

I'm just thinking

I was planning to implement it similar to max concurrency

So it would queue up the commands

what if you get 100 invocations for image stuff. Each of those is blocking

And there would be a max le gth of the queue

I've got them in threads now, so they're not completely blocking

I see

Sir-lancebot#597

... Case sensitive regex

lol

sir-lancebot#597

should also probably look for word boundaries

Yea, it's in akarys's pr

So soon ™️

I think if we add max concurrency, then this should be at least 4-5

Bump

btw did the absolute url thing work last time?

Yes

Ah lol, I'm disqualified from review bot since I've got a commit on your PR @green oriole

haha

So is Vco 😛

Interesting

Oh lol

That's likely because I had requested changes

and since approved

Well at least my commits aren't all red anymore

hah

well while there are a few devs here :P
could i get some reviews on sir-lancebot#672

on a side note im so proud that i didnt make flake8 lint unhappy even once

How much is it worth 👀

Impressive

Possibly the single most important PR to date sir-lancebot#675 /s

Hurm, how do I check if the logging is correct

correct in what way?

I might be missing context, but what do you mean

I agree

I don't know how to set up so I can check if the log.trace is working

Ahh, put BOT_DEBUG=true in your .env

aaa i forget i have to git add all over again after changes

git commit -a -m "..."

i am not used to that and i am not going to change old habits
||/s||

😔

It would be showed in your terminal when you would run the command

Chris helped me get the logging.trace, which is what I was trying to check.

lol

have i triggered a trend on our repos

lol

Yes, you have

well its merged

added max_concurrency and stuff to sir-lancebot#668

@thorny obsidian could show how the logs look for this comment, https://github.com/python-discord/sir-lancebot/pull/673#discussion_r611207482

Did you not test it yourself to see how they looked? I assumed you did

Should we be type hinting to bot.Bot instead of commands.Bot?

Nope, just tested the PR, mine where some short comments, so didn’t, if it would have been some core code change then I would have done it

i went through two or three other cogs, all of 'em use commands.Bot

yeah the log trace doesn't clarify things with the = syntax

not that it makes much of a difference anyway

it might with log.trace(f"Updating locals {self._locals} with {locals_}") but it's a trace log and points to the logger so it should have enough

They are not the same everywhere yes, but I would go with bot.Bot personally as it is more "accurate", someone could probably open a quick PR to change all of them, if this gets approved

Doesn’t f strings print them out as self._locals=......

Yes, but I don't think that's clearer than keeping it like it is currently or what I proposed above

Yeah yours would be clearer

And should we just remove python syntax from here, https://github.com/python-discord/sir-lancebot/pull/673#discussion_r611208428, since output is just plain text it is not python code to have py syntax

uhhhh

i'm tempted to say we leave it, we do sometimes feed out a python object

Ok, i don’t think paste to hastebin would be used anywhere else, but should it be a utils function

we'll do what we did with Python, we keep it in a cog until we need it elsewhere and then we promote it to a utility

Impressive

yes

on python it is py

I replied to wrong message

@green oriole

https://github.com/python-discord/sir-lancebot/pull/673/files/341908df150b6129055c970c7d2a8d36d76a4bfe#r611188093

Mhm?

Wait

using the escape method means that all other markdown characters will be backslashed

That.. doesn't make much sense

What if you just escape the backslahes?

\\

in codeblocks, all characters are rendered

Err not the backslahes, the backticks

\`\`\`

Hmmmm

Is there no way to do that

nope

the <hacky> solution i use in my bot is a zero width space around ``

\```

That sucks so bad

Maybe a zero width could work

hm

joe

for the most part nothing really happens if a user manages to break out

does @stable mountain prevent it?

prevent what

don't think so

We had an issue a few days ago that showed how to circumvent it

no, the response just looks really bad if you're trying to copy it

Well the problem is just that it looks bad

!int e ```py
print("`" * 3)

In [2]: print("`" * 3)

yeah

i just

Right, but you probably wouldn't do that by accident

what i did for my bot

you're probably trying to break out

is if it escapes it just uploads as a file instead

and in that case, that's sort of on you

which is what !e does

does it?

!e ```py
print("`" * 3)

@patent pivot :white_check_mark: Your eval job has completed with return code 0.

Code block escape attempt detected; will not output result

Full output: https://paste.pythondiscord.com/ovabatiboz.txt?noredirect

ah yeah

It is for int e though

you could just do that for int e

if it tries to escape just paste it

because that way you get the full response for the one case when you need it

¯_(ツ)_/¯

I don't mind it as much on int e. int e is an internal feature that only admins can use anyway.

For the raw command we just replaced ` with `\u200b

note: if y'all don't care i brought this up because @green oriole commented

https://github.com/python-discord/sir-lancebot/pull/673/files/341908df150b6129055c970c7d2a8d36d76a4bfe#r611188093

This feels like a different case because

it is something you can do accidentally

how do you enter a zero-space width accidentally

Got rid of the comment

oh wait

It was indeed wrong, thank you

I don't like inserting zero-width spaces, because I often copy things from internal eval for a next evaluation

i have a comment on that same line of code anyhow

If the bot were to insert zero-width spaces, that would become tedious

should have a \n before the last three ```

I could still copy my own output, but it's something pushed far to the top

yeah

the thing about it is

if you don't have that character there in that case, you aren't copying the full output

when it escapes is the only case it would be there

I feel like the number of times we are actually trying to do something with triple backticks are very limited

I don't think it's ever really come up with internal eval

im of the camp that if the output contains ``` just upload to pastebin

For internal eval?

The screenshot akarys has there is not a result from the int e command. It was my copying and pasting code from int e.

yeah

it uploads if its too long already

so it'd just be a small check to do so

i replaced it with a different thing because you made me notice something else

I don't think I like uploading output too often for internal eval

We're typically scripting over a longer session of internal evals

Having the output in the browser gets in the way of that flow

So, unless something is really breaking otherwise, I'd prefer to keep output in the client

do remember, it would only upload if ``` is in the output, and if it did send directly to discord, then it would not be copyable output

But you'd still have the output directly in the client and your own message to copy from

but

you wouldn't

in the rare case that you want ``` it would escape the codeblock

I can still click edit on my message and copy my input, right?

yeah, but you wouldn't easily be able to copy the output

And I still have the output right here in the client

but it would look like the above image

I don't see a lot of things wrong with that

I have all the output I need right there

having used internal eval hundreds of times now I don't see a situation where triple backticks have ever been returned

basically, the only thing this affects is if you output ``` then any markdown in the message will be absorbed by markdown and you won't be able to copy it really

a very edge case

Yes, and I don't care that in such edge cases the output is less than copyable

I do care about keeping the output in the client as much as possible

you could also convert it to upload as files rather than to the pastebin which would then auto embed on pc

I mean, this is a feature that we use internally

I don't really see the need to solve this one edge case for an admin-only command that, in all honestly, won't be used a lot on lancebot

I think that unless one of us (admins) really wants it differently, I don't think we should solve such edge cases

why is this so huge

okay yea makes sense

Bump

unless that file was recently updated that was not in there recently

source: I opened all of the links and added them to a playlist

it was recently updated

git blame says someone called Neil Shah added razer vids to the google category :P

ah I might have approved that lol

All the links are sorted under google, so it's easy to see why someone would add that accidentally

especially since it was towards the bottom

well, sir-lancebot#676 should fix it

https://github.com/python-discord/sir-lancebot/pull/642

Needs one more review

….and all of a sudden the apparent logic of the entire command is exposed

        random_youtuber = random.choice(self.youtubers)
        category = self.yt_vids[random_youtuber]
        random_vid = random.choice(category)

why don't we have the json pre-commit anymore

first it chooses from one of the youtubers, then it chooses on the videos

would've been useful here

@gritty wind (since you're already here) I'm confused, doesn't this actually have enough to merge? Two staff members approved.

this means that razer will have a 50% chance to be the video

i have a commit in there so im disqualified

It's because we have commits on the branch

chris and vco commited

yeah, what they said

gosh diggity darnit

wait staff approvals are enough for merges? not core-devs?

alright scal time 4 you to review

2 staff or 1 core dev iirc

It's and iirc

nah core dev is mandatory

at least 2 staff, at least one of which is core dev

ah right

1 core dev and 2 staff to be exact

right makes sense

but all core devs are staff so

lol

1 core dev and 1 non-core dev staff is what it works out to

alright who's going to review that one before the meeting

contributors can also provide the second review

if anyone

are contribs the people with the role here or those who have at least one commit on the repo

the role

why is this such a big diff lol

I have to manually add them to the policy

shouldn't it have just removed the check

It's a rewrite too 😅

And some other PR's for the issue cog

alright, I won't do this justice in 20 minutes

https://github.com/python-discord/bot/pull/1414 this also needs reviewing/testing

oh that's finally ready? 👀

ye

I'll turn my bot on

very nice

🤔

timed execution woo, thanks chris

@gritty wind if you want to test it, my bot is up on the test server

thank, I'll look at it soon™️

how much has it changed since v1

the pipenv to poetry PR also has a "hacktoberfest accepted" label on it for some reason

It's because staff are trolls

😀

because poetry is one big hack that's only supposed to appear during halloween

(disclaimer: I like poetry)

oh lmao

me too, poetry is nice

poetry is the best

if there's one feature from poetry i love more than anything else

it's how simple it is to publish packages

poetry has some quirks and is fairly opinionated

I haven't experienced it myself (yet), but I've heard that it doesn't deal well with being run in very protected environments, with custom certificates and a lot of network rules

bump sir-lancebot#668

bump bot#1471

i'll take a look over this now

is that new update in #❓｜how-to-get-help when it deploys @vocal wolf ?

yes

yes

and I'm waiting for it to connect

staring at #dev-log

wait will it send a new message every channel or every update

I do that all the time lol

connected

waiting for #❓｜how-to-get-help to send a message

nice

it worketh

why

its not in the same order as they physically are

because that would be very painful to do

Yay

sorted(channels, key=lambda c: c.position)

would it?

yes.

how painful?

So painful that I decided to use a set

no?

roles not related to this at all

https://paste.pythondiscord.com/uvujugiwoy.py

lol

At the same time I wasn't sure at the time of writing the PR that having it sorted would be necessary

if anyone wants to write a PR to have it sorted, go ahead

I don't think it's necessary

I'd prefer attrgetter, rather than lambda but that would work

operator.attrgetter right? I could make a PR for it if you want

Sounds good, just make sure to add context in the PR body, so people who didn't see this convo kbow what's going on 😄

Why does the order matter though?

Just curious.

It doesn't really, its just polish

….

what happens in the rare case that there is no channels?

available=', '.join(c.mention for c in self.available_help_channels) or None

rare

heh

that being said i havent been pinged for that in like a week now which is nice

seems like

'None' would better

why?

Yea, haven't hit the limit since Monday

Currently available help channel(s):
vs
Currently available help channel(s): None

its 42 now

since monday ig

we hit the limit basically right after we raised it

I don't remember what day it was

the 5th

which was monday lol

works nicely

Why are you seeing @stable mountain without a pfp?

they are self hosting it

notice the role color

Pretty sure it'll just say None

it was earlier than the 5th

Yeah saw now, thanks :)

afaict the variable is nothing

Darn the line is 123 chars long 😔

31st March

and we have hit the limit since

The change happened 12 days ago