> To make matters worse for Drupal security records, the vulnerability is being actively exploited hours after the patch was released by the Drupal core team.
This is true for Drupal 7, but not for Drupal 8. Nothing in wild has surfaced regarding SA-CORE-2018-004 for D8 yet.
I started looking at trying to write an implementation of the protocol documented here: https://ssbc.github.io/scuttlebutt-protocol-guide/. I was surprised just how little information exists on the handshake and message exchange protocols. The reference implementations of both seem quite immature.
Was there no existing protocol for sending P2P messages between clients this could have been built on top of?
Why did you decide to use a custom video player and not an established service like YouTube or Vimeo? I think a lot of people forget how much time these services spend optimising their video players and delivery. Plus, these services are another avenue of content discovery.
Can't see any reasons against using one of these services.
This is true for Drupal 7, but not for Drupal 8. Nothing in wild has surfaced regarding SA-CORE-2018-004 for D8 yet.