One of my plans includes video streaming to so I might have some questions about your exp. with red5. But I am not sure when I will get to work on that.

The idea is to allow the user to stream whatever live stream they want (webcam, mobile, from a P2P TV…) in a way that it can be viewed by almost everybody without the need to download anything.

We are using Flash, Red5 and some backend magic.

If you need more info or are interested in helping send me a Twitter DM @tomazstolfa.

If you did projection on the wall before then I guess I have a little to hold against you. I can update the main post if you wish.

Yes, with red5, haxeVideo.. a lot of stuff is possible now. What is Balumbo?

http://ces.psychorealm.org/blog/?p=36
(dated - January 17th, 2008)

and

http://balumbo.wordpress.com/2007/11/06/pot-first-live-event-on-balumbo/
(dated - 6 November 2007)

There are many thinkers out there and most of them get similar ideas sooner or later

while the idea is not extremely new and was considered in the past (http://ces.psychorealm.org/blog/?p=36 for example), I appreciate your efforts and welcome your help .

Perhaps we will consider actually implementing it in the near future, now that we’ve been made aware of the demand. Your help would certainly be appreciated . Technologies sure have risen up to the challenge as of late (red5, XMPP, …)

It’s been done in Kiberpipa in the early beginnings (where an irc channel was projected) if I’m not mistaken.

Whoever you wrote to, I would advise you to address your email to info@ next time, since more people read it .

I would consider using it only in cases like I described in the blog post: “They have to have an option to login at any later date and modify their info but this will not be like everyday or even every month thing”

In this case, having to remeber a password that you use only every 2 months is also a negative point to me.

I implemented this and it works and I will use it at this portal I am making right now. But I will see, if it doesn’t show it’s worth using I will go to a classical system. I am not a fanatic you know, just trying out new operators

2. link has a 16 character random key (far longer than usual passwords if you want to brute-force find them). The key holds no data and is random and there is not (theoretic at least) way to crack a random key, so I think no worries here.

3. This is the same as “Forgot password” (enter email and submit) at websites with usual usr/pwd authentication where your password gets reset to some random string and mailed to the email that you gave. If someone else enters your email you get a new password/link to your email. Not the best feature but used at a lot of classic auth systems too.

4. You can always store the link to your desktop or to bookmarks or in extreme case print it on paper. Mail is just the delivery mechanism.

1. I will answer 1. at last because I think that yes this is worse to a degree than at classic auth systems.

At classic systems if you forget a password AND loose the access to the email you signed up (for example domain expired) you are f*cked a little. Because you can’t do “Forgot my password” any more.

Here you a f*cked a little if you loose access to the email already (and don’t have the link stored anywhere else) which is probably more likely to happen than above situation.

This made me avare that I have to do another form “Change your email” form must be here (as it must be in classical system) and I will add it. This is worse in my case but it’s not a deal-breaker for me.

And it’s not a security concern (in view that unauthorized person will gain access to you data) but contrary makes it extra secure then as NOBODY (even you) won’t get to your data then

—

Thanks for debating flaws of this with me, you are welcome to think out more or bounce my responses.

1. So the only connection between app and me is my e-mail? What if I change e-mail? I gues all data is lost then.

2. Link generation… Based on what algorithm? Easy to crack?

3. What if I request a new link for someone else? Then his connection is lost I gues…

4. What if I don’t have access to a registered e-mail at the momment? No way to login then? This is a serious disadvantage.

This are just a few things that come to my mind atm., but would probably get many more…

If you think someone got to your link you can “get me a new key”, just like you can can change the password if you think someone got to it in classic auth.

The only weak spot is that you get link/key with an email and you will probably have it stored somewhere versus that password can be stored in your head only.

But the truth is that you get username/password on email at a lot of webapps too, and even if you don’t most people probably use “Save my password” functionality of their browsers for most of webapps which result in a same consequence (paswords can be seen by anyone with access to their browser, like if you made a bookmark to the admin app with key in it.).

But I agree, because it’s not made with an option to have password stored only in your head it’s not something I would use at any app where foreign access to the users area would have more critical consequences. But in reality I think it’s not even a slice less secure than any of webapps that I use and have choosen “Remember my password” in the browser or have password stored in some email that I got from them.