[Feature] Change default host to 127.0.0.1 instead of 0.0.0.0 / Remove installation auto start instance without notice

[Bedrovelsen]

1. The Unsloth studio docs say ...

Privacy first + Secure

Unsloth Studio can be used 100% offline and locally on your computer. Its token-based authentication, including encrypted password and JWT access / refresh flows keeps your data secure.

... yet the install script/developer install steps/documentation all use 0.0.0.0 as the default host which allows a much larger network attack surface than required for localhost offline use.

2. The install via curl piped to bash method also states no where up front that it starts a non local host bound facing instance at end of installation with no choice for the user to proceed or not with such execution prior and shows the final message with the machines external facing internet ip address as the link to open.

Solution:

• Changing the default host address to be 127.0.0.1 instead of 0.0.0.0 across install / script defaults and documentation on repo / website

• Not auto starting an Unsloth studio instance as part of the install steps without confirmation or notice prior in install instructions or prompt at end of install before auto starting it.

[rolandtannous]

A big chunk of users use unsloth on VM cloud and servers. They need it to be accessible externally.
The docs are guidelines , they're not instructions. 0.0.0.0 is also a known convention term that means accessible externally.
you can also specify the host yourself.
Just unsloth studio -H 127.0.0.1 -p 8000 for local access only.
That's not an issue.
A local user can start it locally. A user running it on Cloud VMs can keep it on default.

I agree on the not auto starting part though.

[thebigdalt]

A big chunk of users use unsloth on VM cloud and servers. They need it to be accessible externally. The docs are guidelines , they're not instructions. 0.0.0.0 is also a known convention term that means accessible externally. you can also specify the host yourself. Just unsloth studio -H 127.0.0.1 -p 8000 for local access only.

I'd agree except that the installation script creates application/desktop shortcuts (e.g., Unsloth Studio.app in the Applications folder on macOS, Unsloth Studio.desktop file on Linux) that starts a bash script that has 0.0.0.0 hardcoded in without a configuration option as neither an environment variable nor an option in ~/.local/share/unsloth/studio.conf. That script also specifically has the following comment at the top:

# Unsloth Studio Launcher
# Auto-generated by install.sh -- do not edit manually

Those desktop/application shortcuts are only useful for local use.

A local user can start it locally. A user running it on Cloud VMs can keep it on default.

The opposite could also be said if localhost was the default, especially since privacy and security are considered: "A user running it on Cloud VMs can start it listening on 0.0.0.0. A local user can keep it on default."

[cook-jr]

agree on both the auto-start behavior and the host example in various documentation. at the very least the 127.0.0.1 start command should be mentioned in docs alongside the 0.0.0.0 if it remains as the default. not everyone who will try unsloth studio is aware of common network conventions.

it also will likely confuse some people and/or lead to bad practice in that 0.0.0.0 start gives the external network ip under "From another device on your network / to share:"

[cphlipot]

Was this issue closed by mistake? i noticed #4864 has not been merged yet.

[Bedrovelsen]

Was this issue closed by mistake? i noticed #4864 has not been merged yet.

I have been with less time to revisit this properly with better PR but did not mean to close the issue at the time so my mistake.