I think the point about devs being customers is the most important part. LOTS of services, ie. novel databases, new routing methods, high availability, were not in demand until they existed, and are now standard. The average user doesn’t know what React is or care, but it makes all the difference to someone who can harness it.
You do not need to use React with UploadThing. UT supports most front-end and back-end adapters, and if it doesn’t, implementing support requires just a few lines of code. (Using my scuffy UT impl on my django server)
@@2lay Down to share more on your Python implementation? DM me wherever (Twitter and Discord are easiest) - you can use my email listed on the channel too Really want to make it easier for everyone to use
I once worked at a company with that same security mindset... Why bother if you have no users? They deployed some test service and coincidentally got hit by an attack. Somebody somehow found out about that service, got an RCE working and bulldozed everything they could have. That's the RCE I didn't notice because it wasn't a project I had access to, but the other? - Patched 2 0-click RCEs, a RegExp DoS and 3 different poorly secured DB endpoints - On the first week.
I love how people say UploadThing is made for Devs not Customers. Amm...I think devs ARE the customers with UploadThing lol. That's like saying, we should hate Cafes because they are made for people who want coffee, not customers.
i am not uploadthing user, but i can tell uploadthing is not only a "better upload button", it is a service trying to solve the fustration of handling upload, especially large files, it might not fit into my system but it still capable of solving a lot of problems
Upload thing makes file upload effortless for developers. The fact that it's 5x faster then before is not it's main selling point, it's an added bonus. + Customer notice more frequent updates, since it's so easy to use.
step one : Work in twitch Step two: create an audience on RUclips by saying you worked on Twitch. step three : sell a product to developers with skill issues
2:30 An upload service has to be secure not just because of what you put there, but also what you don't put there. If an attacker can replace your document with one containing a malicious macro, they can do far more damage than they could just by reading your grocery list.
One should never say, not even if they believe it to be true, that security should not be integrated on a release product. What that signals is "I don't care about the things my customers trust for me to hold". I doubt even Facebook and Google say it, and I'd say with a reasonable degree of cynicism that they are the first that will sell your data second one.
28:20 not 100% sure but I think cloudflare workers have already done this (they bill on cpu time not waiting time) idk it would apply to file uploads though
ye all those comments are dumb. the upload thing codebase is very good and handles async and concurrent code/pipelines etc with effect really well. i actually only discovered effect for availing of things like pipelines for streams and iterables recently. i used to use the "it" (iterable) library for similar usages before effect. But the upload codebase uses this library really well, their code is very good for handling async stuff fantastically, i literally just had a glance there. it deffo isn't a "useless product" lol
So many dumb takes from people who don't understand how thing works. _"Ahh!! why would you use this, when you can use XYZ thing instead"_ or just really dumb bad takes like; _"You don't need security, blah blah blah..."_
personally I just have an auto email setup to immediately send all user uploads straight to all the best dark web forums
That's what we in the industry call "free backups"
Remember rule number one of the Internet, however dumb you think people are going to be, you’re still not quite right.
Whatever happened to "don't like it, don't use it."
We are developers, its our nature to hate things we don't agree with and be vocal about it. Don't make me dropkick you.
We are developers, its our nature to hate things we don't agree with and be vocal about it. Don't make me dropkick you.
@@orionh5535 don't tell me what you don't want me to do. I'll ctrl + alt + delete you.
honestly why even have security ever? don't need it. Apple should fire all their security related employees
Apple has security personnel‽
„Principles and truths must be timeless“ is the stupidest thing I have heard this year, holy shit
I think the point about devs being customers is the most important part. LOTS of services, ie. novel databases, new routing methods, high availability, were not in demand until they existed, and are now standard. The average user doesn’t know what React is or care, but it makes all the difference to someone who can harness it.
No need for security? Right... Let me expose my admin dash on my SAAS for everyone :D
yes please! You know what: dropping DB credentials tomorrow!!!
@@lu2000luk .env to prod!
I mean, if you dont like a product, just dont use it. I think uploadthing isnt bad but since i dont use react or next i probably wont use it.
Totally fair! If your backend is not using JS/TS, we aren’t a great option (yet)
You do not need to use React with UploadThing. UT supports most front-end and back-end adapters, and if it doesn’t, implementing support requires just a few lines of code. (Using my scuffy UT impl on my django server)
@@2lay Down to share more on your Python implementation? DM me wherever (Twitter and Discord are easiest) - you can use my email listed on the channel too
Really want to make it easier for everyone to use
I once worked at a company with that same security mindset... Why bother if you have no users?
They deployed some test service and coincidentally got hit by an attack. Somebody somehow found out about that service, got an RCE working and bulldozed everything they could have. That's the RCE I didn't notice because it wasn't a project I had access to, but the other? - Patched 2 0-click RCEs, a RegExp DoS and 3 different poorly secured DB endpoints - On the first week.
I love how people say UploadThing is made for Devs not Customers.
Amm...I think devs ARE the customers with UploadThing lol.
That's like saying, we should hate Cafes because they are made for people who want coffee, not customers.
Honestly ethics around security just came up in a meeting and this speaks straight to me right now.
Theo is asking his own Chat GPT now in xD (Twitch Chat)
UploadThing: Now with no security and slower speeds to satisfy the haters!
We've been pushing for "security by design" for so long now. How long before it gets through the thick skulls of some people...
19:52 theo: Im like the anti edge compute guy
Old Theo's comment on screen: Not against edge compute
No hater btw, just thought it was funny
i am not uploadthing user, but i can tell uploadthing is not only a "better upload button", it is a service trying to solve the fustration of handling upload, especially large files, it might not fit into my system but it still capable of solving a lot of problems
Upload thing makes file upload effortless for developers. The fact that it's 5x faster then before is not it's main selling point, it's an added bonus.
+ Customer notice more frequent updates, since it's so easy to use.
Ask Andrew Tate if he needs security
andrew tate didn't even put in the work to make his shitty subscription platform (it's stolen code), he won't understand
"You dont need security" is what youre gonna say until you have a security breach and a lawsuit on your ass
step one : Work in twitch
Step two: create an audience on RUclips by saying you worked on Twitch.
step three : sell a product to developers with skill issues
the camera feed looks like ungraded log footage 😅
Wow this video is actually 2 months old?
I bet most of those that criticized you never watched the videos
2:30 An upload service has to be secure not just because of what you put there, but also what you don't put there. If an attacker can replace your document with one containing a malicious macro, they can do far more damage than they could just by reading your grocery list.
One should never say, not even if they believe it to be true, that security should not be integrated on a release product. What that signals is "I don't care about the things my customers trust for me to hold".
I doubt even Facebook and Google say it, and I'd say with a reasonable degree of cynicism that they are the first that will sell your data second one.
4:24 200Mbps is insanely slow lmao? i'd consider that insanely fast
Well, considering majority of people alive can barely get 50Mb/s wired, yeah...
he said it's slow for 2gbps seconds later
@@kamiien887 i'd still consider it insanely fast, given i get about 40 Mbps
The numbers don't really matter on this discussion. What matters is the relationship between the numbers you get versus the numbers you pay for.
when even JS developer advocate to implement security for the app even when you currently don't have any users then you know that we are cooked.
i'm a high schooler and using uploadthing for a school project :)
Just move the database into the edge too (eg cloudflare durable objects) or move it all the way onto the device (local-first)
lol, ping's roasts are awesome.
I’m still just mad that you think we can’t read the s3 docs
Hate is a problem with our discourse, especially on RUclips and Twitter.
We are better than this. Let us continue to be nice to each other.
28:20 not 100% sure but I think cloudflare workers have already done this (they bill on cpu time not waiting time) idk it would apply to file uploads though
30:48 Look mom, i am in Theo´s video
Ignored all the actual criticism and just cherry picked the jokes and dumb takes. I shouldn't have expected any more
40min yap sesh. great for listening. didnt learn much in this vid. 5/10
ye all those comments are dumb. the upload thing codebase is very good and handles async and concurrent code/pipelines etc with effect really well. i actually only discovered effect for availing of things like pipelines for streams and iterables recently. i used to use the "it" (iterable) library for similar usages before effect. But the upload codebase uses this library really well, their code is very good for handling async stuff fantastically, i literally just had a glance there. it deffo isn't a "useless product" lol
“That’s how we got fined and lost the compliance certificates!”
there's no dark mode on the free version??
is javascript the only language used these days?
where is the Theo Wojak meme?
we need servers on argentina.
😅who whould join a platform with zero security lol
ah yes, zero security
29:55 shout out to de arrow
0:02 that's a hell of an opening 😅
is it possible for uploadthing to have features like github raw files?
So many dumb takes from people who don't understand how thing works. _"Ahh!! why would you use this, when you can use XYZ thing instead"_ or just really dumb bad takes like; _"You don't need security, blah blah blah..."_