I suppose tunneling over Telegram isn't really more ridiculous than tunneling over DNS. Indeed, someone seems to have tried it: https://github.com/PiMaker/Teletun
I use a signal api on a daily basis for all my agentic chatting and notifications about energy prices and server downtime notification.
Setup was quick enough but it needs a real phone number once during setup which is kind of a hassle. still better than using telegram which has no encryption for the bot backend so the devs can read everything you write
WhatsApp does appear to have some "business" account/API type stuff which I assume is scriptable. But I don't believe it's got a free tier for personal use (although I haven't personally looked).
It is always preferable to use WhatsApp to contact a business than calling up.
Yes, but it's nowhere near the maturity of Telegram's Bot API.
And unlike Telegram, for a WhatsApp bot you need to apply with a bunch of paperwork. If you're an SMB, you got little chances of ever getting access. They'll tell you to go with their Technology Partners and make a chatbot with these other BigTech companies like Freshworks, etc.
Same. I used to use telegram for everything and then stopped after I realised it wasn’t really and to end encrypted. The bots were super useful. I used to have one I could ask different bus times for. Was so much better than the app the local bus company had made.
Not having a bot API is what stops me from moving to Signal. I have 10-ish telegram bots running for myself, I just use telegram as UI for a script running on backend, and results are easily shareable with my other telegram contacts. I have no clue why not having this is amazing in any way.
Why? Bots using the bot API can't send unsolicited messages to people. (Bots that control regular user accounts without using the API can of course do this, but Signal's not immune to that either.)
Clever idea! Although after reading it briefly I see a need for secrets storage.
I've made one Telegram bot hosted on VPS with Docker and cloud LLM. It also interacts with a few other outside services and all credentials are injected via env vars now.
Should I push them as `.env` file for Telegram serverless?
Pretty sure you can't do this, you'd need to instead move them into a lib/secrets.js file (which you'd then add to .gitignore).
It does seem kind of odd that they have so little support for developer amenities like secrets management, dependency management, cron tasks, TypeScript, etc, and didn't shape their API in a way that suggests that stuff's coming later. I don't think it'd be that hard to clone the parts of the Cloudflare Workers API that offer that stuff (workerd is even open source, and offers out of the box the V8-based tenant isolation that they need). Perhaps they don't want to support npm packages because this'd make people more likely to run into undocumented code-size limits?
The have a massive advertising business, and charge for premium accounts. Not sure what makes you doubt them when other platforms, like Signal, have zero business model and are just providing services "out of the goodness of their heart" (not suspicious at all).
Probably doesn't cost much at all to run some servers to spin up javascript functions, compared to their massive storage costs. It's at best a fraction of a percent of total costs.
Whether or not they (or discord for that matter) can sustain a profitable business in the long term is another question.
But will it stay free, once enough people invested in it?
Telegram engaged in a bit shady crypto stuff, and let scammer bots roam freely. Also there are perks, if someones troll/harass/spam and scam groups and enough people report them, they get temporary or permanently restricted - unless they pay money to Telegram. Then they are free to troll again.
It looks like they are making their own cloud, with such a little team?
Also we should be using Matrix but it doesn't have half of the features (no channels, no mini apps etc).
Also I wonder whether compiling JS to native code is worth the hassle or not. In browser, it would slow down page load, but here you need to compile only on deploy.
This is barely a cloud, since it only serves one particular purpose and everything runs in V8 isolates. Although they would need to ensure they're appropriately capping each tenant's compute and bandwidth; the article mostly doesn't get into that.
Fully AOT compilers for JavaScript are basically research projects rather than production-ready platforms, because the extensive dynamicity of JavaScript's semantics makes this a hard problem. (The most mature one I'm aware of is https://porffor.dev.) But even if that weren't the case, the thing Telegram is doing requires V8's low-overhead tenant isolation, so they're bound to V8's architectural choices. V8 does have APIs for code caching and startup snapshots; Telegram could be generating those at deploy time.
> Each invocation runs in a lightweight V8 isolate, close to Telegram's own systems, so calls to the Bot API and your database are quick and reliable.
Telegram’s servers are distributed worldwide. I understand that the calls to the Bot API may be quick because the serverless code would be propagated to the edge, but how does it handle an SQLite DB? Is that also replicated to guarantee quick access from anywhere?
Telegram's servers are far from "distributed worldwide": In fact, it currently has only 5 logical "data center"s, and while DC3 is still on, clues [0] seem to suggest DC3 doesn't actually carry user data at all now, and both DC2 and 4 are in Amsterdam, so essentially they just need to serve 3 locations.
Also, Telegram's protocol design only allows for connecting to user's home DC for any write interactions (except media, which in most cases still is home DC, or a "media DC" alongside the home DC). Bots are based on the same DC of the user, so almost all meaningful interactions will happen only on one DC for any specific bot.
My first guess would be replicaton isn't that critical, because a user would mostly interact with an instance that's nearby, and this instance has their data. But the page mentions:
> Games and Tools — including leaderboards, quizzes and more.
A leaderboard that's globally consistent, huh, that's not trivial.
Maybe they just propagate the SQL commands to all their servers...
"My first guess would be replicaton isn't that critical, because a user would mostly interact with an instance that's nearby, and this instance has their data. But the page mentions"
Apparently not
"Each account is associated with a DC upon registration and does not change with the user’s phone number or geographic location. Users cannot freely choose a DC—if connected to the wrong DC, the server returns an error message, requiring the client to connect to the correct DC associated with the account."
The post doesn't say anything about runtime resource limits, which I agree is a strange omission given the architecture they've chosen. I suppose someone could try building a bot that uses more and more resources, and see when it stops working.
There's a section about making HTTP requests (https://core.telegram.org/bots/serverless#http), which mentions "two constraints: * Response content is textual (binary payloads aren't supported). * The total response is capped at 32 MB. That cap covers the whole response — streaming with res.body lets you process a large body incrementally, but it does not raise the limit." Unclear whether the 32 MB limit is per outgoing request, or shared among all outgoing requests made by a single handler invocation. Also unclear what other limits apply. Non-HTTP protocols presumably are not available.
If you're talking about the lack of support for binary responses, I don't think this'd stop people from using Base64 to tunnel arbitrary payloads? Otherwise I'm not sure what the alternative would be to "passing the URL in cleartext" to an HTTP client.
I thought this was about P2P messaging (without servers, hence server "less"), but no, obviously "serverless" on HN has to mean "run code on someone else's servers"..
Lets you write a Telegram bot in JavaScript and have Telegram run the code for you on their own servers (with authentication and such handled automatically) instead of having to separately wrangle a cloud deployment.
This is off-topic, but I was kind of surprised to see this page written by Claude. I guess I shouldn't really be surprised, but I somehow didn't expect it.
It could be, it could also be that they wanted to produce it more cheaply, could be a few valid reasons. It just looks cheap to me, and I thought companies would want to show a better face.
Then again, like a sibling said, only LLMs will be reading this anyway.
I often see replies to AI-generated posts being pointed out here asking what makes it obvious. Is it that difficult to notice the indicators? Is it mostly undetected by English-as-a-second-language speakers, people inexperienced with generative AI, or is it something else?
"it doesn't silently go unnoticed", "would be silently inert", "instead of silently overwriting", "you can never silently overwrite"
The biggest tell for me is overuse of the term "silently". "quietly" is another one you often see from Claude in particular. Models love adverbs for whatever reason, whereas a human writer would use them in moderation for emphasis or prefer terms like "by accident".
In my experience, "silently overwrite" appeared regularly in technical writing long before LLMs were a thing, because it's a useful concept to be able to point at. "Silently go unnoticed" is kind of redundant, though.
Accidental things and silent things are very different. Accidental means you didn't mean to do it, silent means you don't know you've done it (or might not if you want to get picky, you could notice).
Have you ever “wired” anything to anything else when developing software? No, because software doesn’t involve wires, but LLMs are quite convinced that it does.
Depends on your background. If you're an EE dabbling in writing software, using the verb wire for connecting a couple of libraries together rather than "pipe" or "glue" seems entirely reasonable to me.
I can't quite tell you, it wasn't something specific, Claude's writing is just a specific sort of punchy. The "directly on X - no Y, no Z, no A" and the "this is the part you no longer have to do" just smell a lot like Claude. Also "removes that layer entirely", "they map cleanly onto each other", it's all just Claude.
It's how you see a painting and you know it's by Picasso, let's say, or you read an author and you know it's Hemingway. Everyone has their own unique style, and so does Claude. It's just that Claude is the most prolific writer in human history now.
Hit the nail on the head. I find it surprising people give a fuck any more. Who likes writing documentation? Us devs being horrible at and hating to write documentation was a standard trope before llms. They do a better job and dont complain.
I always wondered how telegram could afford being free. A chat is expensive to run, a chat with gigantic media quotas even more, and they don't have ads.
There is no way their premium pman cover their cost, espacially with their extensive bot API that multiplies their traffic tenfold.
Good lord. This reeks of LLM... why should I use your product when you can't be bothered to have a human write it? Why should I trust it to work correctly or have been decently tested, neither of which is a given when having an AI vibe-code it?
And why is it one huge single page of word salad instead of self-contained units?
Anyway, good to see someone post a fully self contained example demonstrating core concepts. At least one thing done right.
It's been a core feature of Telegram since almost the beginning, and one of the main reasons I end up using Telegram, not sure why you'd think this is a drawback. The spam sucks though, not sure how they haven't got a handle on it yet.
What are the quotas like execution time, storage etc?
On Telegram, storage is unlimited™
Thinking about using this to run my Plex server
I suppose tunneling over Telegram isn't really more ridiculous than tunneling over DNS. Indeed, someone seems to have tried it: https://github.com/PiMaker/Teletun
This is cool. I wish Signal had a bot API like telegram's.
Next best thing: https://signald.org/
I run my agent over Signal with this, the only difference with Telegram is you need to host this. Other than that, it's great.
I use a signal api on a daily basis for all my agentic chatting and notifications about energy prices and server downtime notification.
Setup was quick enough but it needs a real phone number once during setup which is kind of a hassle. still better than using telegram which has no encryption for the bot backend so the devs can read everything you write
I wish WhatsApp did... hopefully it goes the way of BBM and a more developer friendly platform becomes the norm among normies.
WhatsApp does appear to have some "business" account/API type stuff which I assume is scriptable. But I don't believe it's got a free tier for personal use (although I haven't personally looked).
It is always preferable to use WhatsApp to contact a business than calling up.
Yes, but it's nowhere near the maturity of Telegram's Bot API.
And unlike Telegram, for a WhatsApp bot you need to apply with a bunch of paperwork. If you're an SMB, you got little chances of ever getting access. They'll tell you to go with their Technology Partners and make a chatbot with these other BigTech companies like Freshworks, etc.
Hmmm no, Meta is making money from businesses using their API.
Same. I used to use telegram for everything and then stopped after I realised it wasn’t really and to end encrypted. The bots were super useful. I used to have one I could ask different bus times for. Was so much better than the app the local bus company had made.
Not having a bot API is one of the many things that makes Signal amazing
Not having a bot API is what stops me from moving to Signal. I have 10-ish telegram bots running for myself, I just use telegram as UI for a script running on backend, and results are easily shareable with my other telegram contacts. I have no clue why not having this is amazing in any way.
Why? Bots using the bot API can't send unsolicited messages to people. (Bots that control regular user accounts without using the API can of course do this, but Signal's not immune to that either.)
Bots are separate accounts, marked as bots and cannot message anyone first.
Guess you never even read the docs, less use it.
Clever idea! Although after reading it briefly I see a need for secrets storage.
I've made one Telegram bot hosted on VPS with Docker and cloud LLM. It also interacts with a few other outside services and all credentials are injected via env vars now.
Should I push them as `.env` file for Telegram serverless?
Pretty sure you can't do this, you'd need to instead move them into a lib/secrets.js file (which you'd then add to .gitignore).
It does seem kind of odd that they have so little support for developer amenities like secrets management, dependency management, cron tasks, TypeScript, etc, and didn't shape their API in a way that suggests that stuff's coming later. I don't think it'd be that hard to clone the parts of the Cloudflare Workers API that offer that stuff (workerd is even open source, and offers out of the box the V8-based tenant isolation that they need). Perhaps they don't want to support npm packages because this'd make people more likely to run into undocumented code-size limits?
Providing a SQLite db out of the box is a nice touch. I wonder if they're capping it's size in any way.
I don't see anything about pricing.
There isn't anything about pricing yet because it's in closed beta.
Source: https://t.me/devs/199669
The lack of a clear business model does make me hesitate in building anything substantial on it.
Supposedly Telegram has been profitable since 2024 but there's crypto stuff mixed in there so it's hard to know how stable that is.
The have a massive advertising business, and charge for premium accounts. Not sure what makes you doubt them when other platforms, like Signal, have zero business model and are just providing services "out of the goodness of their heart" (not suspicious at all).
I want to understand the business model behind this specific feature.
Probably doesn't cost much at all to run some servers to spin up javascript functions, compared to their massive storage costs. It's at best a fraction of a percent of total costs.
Whether or not they (or discord for that matter) can sustain a profitable business in the long term is another question.
I'm also curious about this.
free so far.
sounds free to me
But will it stay free, once enough people invested in it?
Telegram engaged in a bit shady crypto stuff, and let scammer bots roam freely. Also there are perks, if someones troll/harass/spam and scam groups and enough people report them, they get temporary or permanently restricted - unless they pay money to Telegram. Then they are free to troll again.
With the popularity of Hermes, OpenClaw, etc, BotFather is quite a linchpin in the AI ecosystem.
Just use Cloudflare Workers. Incredibly fast, super cheap and stable and very mature.
It looks like they are making their own cloud, with such a little team?
Also we should be using Matrix but it doesn't have half of the features (no channels, no mini apps etc).
Also I wonder whether compiling JS to native code is worth the hassle or not. In browser, it would slow down page load, but here you need to compile only on deploy.
This is barely a cloud, since it only serves one particular purpose and everything runs in V8 isolates. Although they would need to ensure they're appropriately capping each tenant's compute and bandwidth; the article mostly doesn't get into that.
Fully AOT compilers for JavaScript are basically research projects rather than production-ready platforms, because the extensive dynamicity of JavaScript's semantics makes this a hard problem. (The most mature one I'm aware of is https://porffor.dev.) But even if that weren't the case, the thing Telegram is doing requires V8's low-overhead tenant isolation, so they're bound to V8's architectural choices. V8 does have APIs for code caching and startup snapshots; Telegram could be generating those at deploy time.
Emphasis mine:
> Each invocation runs in a lightweight V8 isolate, close to Telegram's own systems, so calls to the Bot API and your database are quick and reliable.
Telegram’s servers are distributed worldwide. I understand that the calls to the Bot API may be quick because the serverless code would be propagated to the edge, but how does it handle an SQLite DB? Is that also replicated to guarantee quick access from anywhere?
Telegram's servers are far from "distributed worldwide": In fact, it currently has only 5 logical "data center"s, and while DC3 is still on, clues [0] seem to suggest DC3 doesn't actually carry user data at all now, and both DC2 and 4 are in Amsterdam, so essentially they just need to serve 3 locations.
Also, Telegram's protocol design only allows for connecting to user's home DC for any write interactions (except media, which in most cases still is home DC, or a "media DC" alongside the home DC). Bots are based on the same DC of the user, so almost all meaningful interactions will happen only on one DC for any specific bot.
[0]: https://dev.moe/en/3025
My first guess would be replicaton isn't that critical, because a user would mostly interact with an instance that's nearby, and this instance has their data. But the page mentions:
> Games and Tools — including leaderboards, quizzes and more.
A leaderboard that's globally consistent, huh, that's not trivial.
Maybe they just propagate the SQL commands to all their servers...
"My first guess would be replicaton isn't that critical, because a user would mostly interact with an instance that's nearby, and this instance has their data. But the page mentions"
Apparently not
"Each account is associated with a DC upon registration and does not change with the user’s phone number or geographic location. Users cannot freely choose a DC—if connected to the wrong DC, the server returns an error message, requiring the client to connect to the correct DC associated with the account."
according to this source: https://dev.moe/en/3025
Also on the frontpage now:
https://news.ycombinator.com/item?id=48920475
I think there is no replication and each bot runs on a certain server.
I guess the v8 isolate is heavily restricted and sandboxed and can't be used to access the local filesystem
The title made me realized that there is less and less use of the "serverless".
Which was one of the most non-sensical word to say "You don't maintain the server".
A few questions and if someone knows please help:
1) storage limits? 2) can access the internet? If so: bandwidth limits?
Thanks!
The post doesn't say anything about runtime resource limits, which I agree is a strange omission given the architecture they've chosen. I suppose someone could try building a bot that uses more and more resources, and see when it stops working.
There's a section about making HTTP requests (https://core.telegram.org/bots/serverless#http), which mentions "two constraints: * Response content is textual (binary payloads aren't supported). * The total response is capped at 32 MB. That cap covers the whole response — streaming with res.body lets you process a large body incrementally, but it does not raise the limit." Unclear whether the 32 MB limit is per outgoing request, or shared among all outgoing requests made by a single handler invocation. Also unclear what other limits apply. Non-HTTP protocols presumably are not available.
This means the code must pass the URL in cleartext so that Telegram can detect those who try to use bots for scraping and proxies.
If you're talking about the lack of support for binary responses, I don't think this'd stop people from using Base64 to tunnel arbitrary payloads? Otherwise I'm not sure what the alternative would be to "passing the URL in cleartext" to an HTTP client.
No I meant you must use an API that accepts URL and cannot create SSL sockets and hide communication from Telegram.
We're never getting away from Javascript, are we
I thought this was about P2P messaging (without servers, hence server "less"), but no, obviously "serverless" on HN has to mean "run code on someone else's servers"..
It's not the terminology I'd have picked if I'd been asked, but at this point it's clearly established and we might as well use it.
I did not understand this. What does this do exactly?
Lets you write a Telegram bot in JavaScript and have Telegram run the code for you on their own servers (with authentication and such handled automatically) instead of having to separately wrangle a cloud deployment.
Dude.. how do I even enable that serverless toggle? It's not even there. I have updated my app just now.
"In @BotFather, open your bot → Serverless and turn it on" .... nop... that setting isn't even there.
This is off-topic, but I was kind of surprised to see this page written by Claude. I guess I shouldn't really be surprised, but I somehow didn't expect it.
Could it be because the author is not very confident in their English skills so they asked an LLM to translate text to a proper English?
It could be, it could also be that they wanted to produce it more cheaply, could be a few valid reasons. It just looks cheap to me, and I thought companies would want to show a better face.
Then again, like a sibling said, only LLMs will be reading this anyway.
But to write the text, LLM needs some source, where does it come from? You need to write something anyway.
Out of curiosity - how did you figure this out? I cannot find any hints about that. Was it the language used?
language, structure. look how much negation there is. the construction "no A, no B, no, C" is used several times.
or another example, the following sentence:
"handlers/ is flat — no subdirectories"
who writes like this? you'd just write "handlers/ is a flat folder" or similar.
I often see replies to AI-generated posts being pointed out here asking what makes it obvious. Is it that difficult to notice the indicators? Is it mostly undetected by English-as-a-second-language speakers, people inexperienced with generative AI, or is it something else?
I rather think the surprise is a result of technical users wildly overestimating how obvious these markers are to people.
https://en.wikipedia.org/wiki/Wikipedia:Signs_of_AI_writing
"it doesn't silently go unnoticed", "would be silently inert", "instead of silently overwriting", "you can never silently overwrite"
The biggest tell for me is overuse of the term "silently". "quietly" is another one you often see from Claude in particular. Models love adverbs for whatever reason, whereas a human writer would use them in moderation for emphasis or prefer terms like "by accident".
In my experience, "silently overwrite" appeared regularly in technical writing long before LLMs were a thing, because it's a useful concept to be able to point at. "Silently go unnoticed" is kind of redundant, though.
Accidental things and silent things are very different. Accidental means you didn't mean to do it, silent means you don't know you've done it (or might not if you want to get picky, you could notice).
Have you ever “wired” anything to anything else when developing software? No, because software doesn’t involve wires, but LLMs are quite convinced that it does.
Depends on your background. If you're an EE dabbling in writing software, using the verb wire for connecting a couple of libraries together rather than "pipe" or "glue" seems entirely reasonable to me.
Sure, even @Autowired
Confirmed AI: https://www.pangram.com/history/2c717a3e-a9c6-4595-96a0-1aa8...
Possibly the excessive use of em dashes. Just a guess.
This is so obvious
The most AI generated MD in existence. It's also th excessive use of bold, only AI can make bold hard to read.
Reply to the parent, not me. I understand this.
I can't quite tell you, it wasn't something specific, Claude's writing is just a specific sort of punchy. The "directly on X - no Y, no Z, no A" and the "this is the part you no longer have to do" just smell a lot like Claude. Also "removes that layer entirely", "they map cleanly onto each other", it's all just Claude.
It's how you see a painting and you know it's by Picasso, let's say, or you read an author and you know it's Hemingway. Everyone has their own unique style, and so does Claude. It's just that Claude is the most prolific writer in human history now.
I finds it surprising you find it surprising.
Is this the best use of a human, to write a long, detailed manual for a feature? Which most likely will be read by another LLM?
Hit the nail on the head. I find it surprising people give a fuck any more. Who likes writing documentation? Us devs being horrible at and hating to write documentation was a standard trope before llms. They do a better job and dont complain.
when i can start?????
I hope to start using this telegram service after the football match.
I always wondered how telegram could afford being free. A chat is expensive to run, a chat with gigantic media quotas even more, and they don't have ads.
There is no way their premium pman cover their cost, espacially with their extensive bot API that multiplies their traffic tenfold.
And now they add free hosting of bots on top?
How the hell are they doing that?
Apparently advertisement and premium membership.
Good lord. This reeks of LLM... why should I use your product when you can't be bothered to have a human write it? Why should I trust it to work correctly or have been decently tested, neither of which is a given when having an AI vibe-code it?
And why is it one huge single page of word salad instead of self-contained units?
Anyway, good to see someone post a fully self contained example demonstrating core concepts. At least one thing done right.
Sounds like it's free, so, why the hate? May as well have zero docs. I don't think they're trying to convince you of anything.
If they can't be bothered to write it , why should I be bothered to read it?
> Sounds like it's free, so, why the hate?
I see undisclosed usage of AI as a theft of my time.
telegram is full of bots and spam.
before it was a better WhatsApp alternative. now either WhatsApp or Signal.
> telegram is full of bots
It's been a core feature of Telegram since almost the beginning, and one of the main reasons I end up using Telegram, not sure why you'd think this is a drawback. The spam sucks though, not sure how they haven't got a handle on it yet.
If you don’t join spammy groups you won’t get spam
Fair, I am a part of a bunch of groups I no longer care about that the spam might originate from. Thanks :)
those bots are different to these ones, for these you have to start the interaction. bots is the most useful feature of telegram
They should start charging for it. Like not a lot, maybe just a coffee a month. That should keep the bots away.
I use Telegram only for groups with people I know. I've got zero issues with boths.
Are you using public channels? (are those even a thing with Telegram?)
> are those even a thing with Telegram?
It is the thing with Telegram