pure AJAX audio formats now a reality

The best hack I’ve seen since Brad Neuberg did AMASS in 2005: Arek Korbik implements Vorbis in Flash, with no dedicated Vorbis support provided by Adobe as part of Flash. It’s a god-level piece of hacking.

What Arek’s hack means is that new sound formats can now be implemented in pure AJAX and deployed with browser-borne technology. This breaks the logjam at MP3, where new audio formats could never reach wide deployment because the only one that Microsoft, Apple, and Adobe could agree on was MP3. The result of the logjam was that innovation related to audio file formats was over in about 1998.

That innovation can now start up again. We can expect growth of patent-free codecs like Vorbis and FLAC. I’ll bet there will be a JSON-based audio format based on Vorbis. And in the long term, freaky Big Daddy Roth audio files with chromed metadata, embedded blenders, etc.

Upate: I’m getting a little pushback from people who feel that (1) there’s nothing new here because it has been possible to do Vorbis using Java applets for a while and (2) this method doesn’t support video.

Java is not a viable option. Most people don’t have Java installed, and the people who do have it installed won’t tolerate the slow and ugly startup. About the need for video, let’s not get ahead of ourselves. One thing at a time.

a hack for passwordless login

It would be cool to be able to log in to a web site using just your email, without even a password. It would work just the same way that password recovery does now, except that you wouldn’t ever type in your password.

You go to the web site the first time. They ask you to create an account using an email address. You enter it. They send you a URL to log in for the first time. You go to your email and click on the URL. That page gives you a long-lived cookie, so you don’t have to log in again for as long as possible. A couple years would be fine.

From that point on you go through the password recovery process any time you’re in a position where you would need to log in again. Let’s say you go to the web site from a new computer where you don’t have the cookie. It needs you to log in. In the login form you enter your email address without first going through the “lost your password?” link. You then go to your email to get the link they sent you, and then you click on it.

This is only different from always just recovering your password in that the login dialog is optimized to make the password recovery process shorter. For example, the login dialog might have an extra button added which sent the URL to your email account.

This wouldn’t be any less secure than current processes, since your password security is never stronger than your email account anyway. It would actually be more secure, since you wouldn’t have a guessable or stealable password introducing an additional point of vulnerability.

I am thinking about this because Facebook constantly makes me log in, and I don’t care about it enough to memorize that password.