Bun is supposed to be a drop in replacement for node and it can work like that for many apps currently as far as I know.
So it only comes with and will come with improvements.
At scale it could potentially save a lot of money.
Sounds like it will help with developer experience too so… I can’t tell why you hate it.
Personally I think deno and bun will find their space (which may overlap over a lot of space that node currently takes) and their existence is a net good.
Maybe the more copilot is used, the more code on github is ai garbage, ths more copilot trains on github, the worse it gets.
Probably quite a lot of other things too, but I haven’t used it so I don’t know if it has got worse.
Have you noticed issues that you think would arrise at scale, etc for an enterprise project?
I’m using it for a small/medium sized project and it’s great and has not got in the way once. Wondering how you feel, since I don’t have experience with much enterprise code.
sveltekit is beautiful (thanks for spreading the word)
I agree, but only up to a point. If you like to discover loads of music because you listen to tracks all day at work for example (which can make you get bored of tracks/albums quickly when you play them a hundred times in one day), its much harder to do so when you have to use a different service for recommendations & listening.
Not so much that I haven’t done that myself, but it is more time consuming.
So tl;dr its the discovery part thats a pain, at least for me.
(Speaking from experience)
Edit: i just clicked on the post and it covers discovery, ima have to read that later.
Email magic links are cool (personally hate when a website only allows this login because I don’t have my email available on every device, but that is unrelated sorta).
I probably wouldn’t go with a relatively new project that isn’t guaranteed to stick around long-term (big hassle to swap provider).
authelia and authentik both have a lot of eyes looking over the code so I’d also feel more confident going with them, even if I can’t get passwordless email login (don’t think they support it but not certain).
I think you will be fine as described.
If you want extra peace of mind with 2FA, you can use Authelia (https://www.authelia.com/integration/openid-connect/clients/peertube/) or a similar service that you can put infront of peertube to handle auth.
Bro said ‘no vpn’ a hundred times lol
Unfortunately no software exists that is fully perfect in this regard (any program could have multiple bugs just waiting to be found), but jellyfin being open source puts it in a better situation for finding vulnerabilities sooner.
It’s honestly just a matter of how much risk you are comfortable with for using jellyfin on the open internet.
(If i remember correctly:) The unauthenticated routes thing can only be used for streaming your content without a login (if you can guess the contents ids on your server I believe).
In my opinion, it’s not worth the hassle of using a vpn because I don’t think this risk is worth mitigating with one.
But everyone has their own personal risk assesment of course.
P.s. Easier than a VPN, at least for logging in other users, would be to use some type of proxy authentication like Authelia. I believe jellyfin has a plugin you can use. It can be complicated to setup, but it’s an option. I believe it should protect all routes exposed by jellyfin so that solves the unauthenticated streaming issue. (I still dont think this is necessary but more choice for the risk-adverse!).
do not use default ports 80/443.
In my opinion, you’d be fine using default ports. Guess there’s no harm in using other ports though, other than the pain of having the remember which port to use if you ever forget when adding a new device, etc.
Edit: I should add that im speaking of only ports 80/443 here. If you must expose ssh over the internet (probably shouldnt) for example, then yes, use a non-standard port (I use non standard ports for pretty much all apps except http/s).
It’s fun to try guessing what brand the ad is for (up to a point). I hate when they tease me as if the movie is about to start and then start playing more ads instead.
Movie trailers are good though. Have seen some that I’d never have watched without seeing a trailer there.
Sorry, I wasn’t clear. When I said “why do you care?”, I didn’t mean YOU specifically with OPs potential problem of losing users.
I meant why do people in general, who self-host software for friends/family, care if their friends/family stop using the software.
E.g. I have friends on Plex, but for whatever reason, I decide I want to move to Jellyfin. My friends stop streaming my media because they dont like jellyfin for whatever their own reasons may be. I personally wouldn’t care about losing them as “users”, because it’s not like they are paying customers. I let them access my instance for free, if they aren’t bothered enough to use it, then thats on them, not me to cater to their needs by keeping Plex around.
Hope that cleared up my meaning. I wasn’t attacking you for caring with your original response.
p.s. you are at risk by hosting Plex too, just in different ways. Plex still requires your server is open to the internet, right? Even if only Plex’s servers can access it, who’s to say Plex themselves don’t get hacked. Always a risk/reward type deal with hosting software, in my opinion, either are fine to expose.
Yes, you are right, but I think my point was missed.
Theres not much reward for hackers to hack private jellyfin hosts (unless there is some big exploit that gives remote code execution that im unaware of), sure the bots will scan and try exploits on open ports, but are they specifically targetting jellyfin?
There is always a risk, but in my opinion, the chances of being hacked through jellyfin are way too low to bother with over-bearing measures, like a required vpn connection.
Running jellyfin in a secure manner (without root, only access to your content, etc) reduces the risk of much harm too.
Hm I don’t remember posting the comment you are replying to, to the one I replied to.
You are right, but I still argue that keeping Jellyfin up to date is fine, there’s no serious bugs (afaik) that will compromise your whole server for instance, so these bots have nothing valuable to exploit here.
When I say don’t post your instance url I was talking about normal people finding it to try streaming from it without auth, I think I was replying to someone else and though this was the same thread.
I find it hard to believe that there are bots scanning for jellyfin exploits, since as far as I’m aware, the exploit is for viewing content without auth. 99% of bots are scanning for old instances of wordpress or other outdated software to exploit.
If my content on Jellyfin was illegitimate, the person scanning for my files would have to prove that before they can sue, no? I don’t think this makes sense for anyone to do.
p.s. I won’t argue that YOU should setup software that you dont want to, just that this particular reason not to may be a bit farfetched.
You may need to reevaluate your threat model.
I agree with you, it’s likely this vulnerability is only known because Jellyfin is open source… how many are hiding in Plex’s proprietary source code…
Anyways when has anyone ever been pwnd by this “exploit”, I have seriously never heard of anyone being “hacked” by one of them.
Definitely overblown as far as I am aware… don’t post your instance url all over the internet and you will likely be fine.
Using Plex (is fine, do whatever u want) and giving them your data instead doesn’t really help you (or at least sending your data through them).
you will absolutely lose a bunch of them
I always see this and I have to ask: why do you care?
They likely aren’t paid customers of yours, if they don’t follow your rules and the software you like to use, then they are free to use any other method of consuming media.
VPN
Have to agree with the other comment that asks why do you need to use a vpn. Fax
I have never heard that take before, but to each their own.
And if you prefer deno/bun, that’s great, I still think they are the future, hopefully they get closer to 100% node compatibility, I’m sure it just needs time (node spec is likely very huge by now).
Do you work with many different projects? What’s the failure rate of deno/bun not working out the box for you (I’m curious)?