Earlier today I took a certain amount of pleasure ripping into Jon Dowdell’s disingenuous Adobe on HTML5 post from last week. However, I happen to think that there are some useful points to be made about the relationship between Flash and HTML5, and how one affects the other.

It doesn’t look good for Flash. But Flash isn’t going to die.

Firstly, consider some background. Flash has been around for a very long time, providing a platform for games, vector graphics, animation and media playback. It offers massive market penetration, and of course there is only one Flash player, so it purports to offer a consistent experience across platforms.

However, Flash comes with a number of significant downsides. Firstly, that ‘consistent experience across platforms’ might also be written as ‘inconsistent experiences on every platform’. By taking most of its user interface conventions from Microsoft Windows, the experience of using Flash on a Mac is not the same as using any other app in OSX using native controls. Simple stuff like the behaviour of keyboard chords in text entry controls are different, the text selection colour doesn’t match the system selection; low level stuff.

Similarly, the Flash plug-in itself is cited by Google and Apple as being a massive cause of crashes in their browsers, crashes that the browser maker gets the blame for, but is really caused by Flash. In Google Chrome and in OSX Snow Leopard, plug-ins are sandboxed away from the main browser process. Mozilla lists Flash as the biggest causes of Firefox crashes on Linux.

To top it off, for all the claims of ‘Accessible Flash’ over the past year, Flash content is still only accessible on Windows; on Mac OSX, Flash has no integration with VoiceOver. Screen readers are only supported on Microsoft Windows through the MSAA API.

The iPhone shipped two years ago without Flash support. At the time, some said it was a ‘missing feature’. 24 months later, the iPhone seems to be doing just fine without Flash, and users seem very happy. Adobe have stopped making vapourous comments about having ‘Flash for iPhone’ waiting in the wings.

There are two distinct threads to a Flash vs. HTML 5 discussion. Those are ‘Features’ and ‘Philosophy’. Let’s tackle them separately.

Features

HTML 5 is gaining mind-share because of a handful of key new features that it offers: <video>, <audio> and <canvas>.

The first two are quite self-explanatory, they are new elements dedicated to providing video and audio media directly in the browser, and provides a DOM API for controlling the media from JavaScript. Note, the idea is that the media is played back directly by the browser, not through a plug-in like Quicktime or Windows Media Player (which is how video used to work, before Flash).

This affects Flash because over the past few years, perfectly timed with the rise in available bandwidth to stream audio and video, it provided a solution better than the Quicktime/Windows Media/RealPlayer mangle that came before it. Before, to embed video in pages you needed to provide multiple codecs, depend on bespoke media player UI appearing in your page (all of which was different sizes, and so would break your layout), and half the time your visitors had the wrong version of the plug-in anyway.

Flash stepped in with a solution: Support for more platforms than any one of the other bespoke players, and you could design your own playback UI around it, too.

Flash won video from under the feet of Apple, Microsoft and Real by building something that was better, and bypassing their squabbling over codecs.

But, it’s just a better, bespoke solution. It’s still vendor dependent. Flash provided the use-case for ‘embedding video with author-defined playback controls’. The purpose of standardisation is to take that feature and define it, such that anyone can implement it. From there, comes video and audio in HTML5.

Flash also provides vector drawing tools. It’s another useful use-case (graphing, interactive charts, etc.) Again, the standardisation process for HTML is about taking the use cases from real content on the web and defining it so many people can implement it. canvas (via. Apple) is the implementation for that.

Three major pieces of functionality. Putting them natively into the browser responds to the needs of web developers. That’s what the standard is for. Does this mean that HTML 5 ‘kills’ Flash because previously Flash-only functionality is now native? No. But it means that those major use cases no-longer require Flash. There’s plenty of other, less trivial functionality that Flash supports for which widespread demand does not exist. But of course really common features of web pages are going to be supported in Open Web technology.

Additionally, you may cite sifr — using custom typefaces — as a use-case for Flash. That falls outside of HTML5, but is covered by an increasingly well supported CSS3 feature, @font-face.

Philosophy

I’ve avoided linking Jon Dowdell here as a major source because although he titled his post ‘Adobe on HTML5’, his blog also states that his opinions do not represent his company. His post is representative of Adobe’s general philosophy toward the web, though.

As far as Adobe are concerned, Flash is part of the web. It’s not just an optional, bolt-on plug-in for proprietary content. To Adobe, Flash is as much a part of the web as JavaScript or CSS. They regard is as a legitimate part of the stack.

“the “HTML5” publicity helps marginalize those few who still argue that images, animation, audio/video and rich interactivity have no place on the web. Flash will be able to deliver on those heightened expectations, regardless of what each separate browser engine does.”

The second part of Adobe’s philosophy is that consistent support for functionality on the web is non-negotiable.

“we really do need the ability to predictably deploy advanced capability across a range of device brands and browser brands”

This philosophy is wrong. One: Flash is not part of the web. The web is the Open Web and anything closed and proprietary is just riding on its back. I don’t mean that bespoke plug-ins are unwelcome or even ‘wrong’; they provide all sorts of useful functionality. I do mean that if you are a single-vendor creator of a proprietary, patent and license encumbered, undocumented, closed-source plug-in then you have no claim to be part of the infrastructure of the web. The infrastructure, from TCP/IP upwards, is open.

The consistent support aspect also flies in the face of techniques used with every part of the Open Web stack: Graceful degradation, progressive enhancement, and the fight against the misguided demand for pixel perfection are all battles that have been fought and won since Designing for Web Standards.

The web is about content. Everything above that is dressing (perhaps think of the web as fresh bread, perfectly coated in balsamic vinegar and olive oil). The fact that older browsers cannot render all the features of your page but can still provide the content to users is a feature. It’s the most important feature.

The Flash philosophy is opposite. Flash is about a complete experience (singular). It’s about every detail being precisely bevelled into place for every viewer. The consequence of this approach is that it resists the availability of content. The goal of perfect consistent rendering can only be achieved through a single version of this single vendor’s bespoke plug-in. If you need a feature of Flash 10, Flash 9 users must upgrade to see any of your content, not just the new feature.

The Flash approach is anti-content; anti-web. Adobe present the idea that Flash is a superior offering because the entire suite of features, in one big blob, is a compelling development offering. But the reason to write on the web in the first place is to make content available broadly.

In recent years, through multimedia, fonts and and vector drawing, we’ve seen more and more blocks of content moved into Flash, in the absence of a robust standards-based mechanism. HTML5 redresses that by supporting those use cases. HTML4 supports pictures. HTML5 supports moving pictures. HTML5 supports what people publish on the web.

Fuss

What is the fuss about? HTML5 doesn’t compete with Flash as a product, (you could never produce an implementable specification for so much functionality in one go). It just takes some specific, common use-cases for web content and supports them.

Yet, people on one side are crying for the absolute death of Flash, and clearly some from Adobe are on the defensive to outright dismiss the HTML5 effort.

Critics may be motivated by any number of those negative user-experiences this article opened with, but Flash won’t die. If HTML5 takes away one use-case that Flash fulfils, Adobe Flash will add new features that browsers don’t have. That’s what plug-ins have always done. Flash can and will iterate faster than browsers and can deploy wider all at once. That said, some of those existing use cases — namely video playback — are extremely lucrative for Adobe. Video took Flash from ‘optional’ to ‘essential’ for a certain slice of web content. The video sharing industry is dependent on Flash.

Adobe will lose their exclusive grip on that. But, what did they expect? That a massively profitable industry would tie themselves to a single vendor?

Flash offers only one advantage to video on the web, and I think this one will be genuinely interesting to see turned into a marketed feature. The HTML5 method of embedding video looks like this:

<video src='http://example.org/video/foo.mp4'></video>

There’s the URL to your video file, right there in the HTML source, downloaded in raw form. What can Adobe offer publishers? Two ‘features’ of software that run absolutely counter to the principals of the open web: DRM and obfuscation.

That could be interesting. The survival of Adobe Flash Video online will require them to take the closed, anti-content consequence of Flash’s model, and instead embrace it as a feature for media companies that fear distribution of their content.

Really, I think this whole issue is overblown. Maybe it’s all fuelled by scare-mongering from individuals Adobe, maybe it’s over-eager Open Web evangelists eager to see closed and proprietary scraped from the face of the web. In reality, it’s just the pragmatic, ongoing evolution of the web offering useful new functionality.

Social Web FooCamp was a full two weeks ago, and even now I’m not entirely sure the lessons of this meeting have entirely sunk in. Surrounded by some of the smartest people in the industry (and other influential oddballs), FooCamp provided a backdrop to see friends and rivals come together and share.

I was there for my work with microformats, and as someone who periodically pops up to suggest improving the user experience of OAuth.

People

MySpace, Facebook, Yahoo, Google, OAuth, Portable Contacts, Activity Streams, Open Social and OpenID. All under one roof. Everyone quite keen to move in positive directions. An exciting mix.

It was quite something to spend two days in these surroundings, participating in the conversations that determine what happens next. As is my nature though, perhaps the biggest value came through observation and listening. And to cut to the chase, herein lies my principal learning of Foocamp:

The Open Stack needs a Product

Foo had many, many sessions on the Open Stack; OpenID, OAuth, OpenSocial and Portable Contacts. Some of them concerned with user experience, some with data portability and distributed identity, some with the processes of open development itself. Every single one of those sessions at the very least mentioned Facebook. But more often, the sessions were outright dominated by Facebook Connect.

A session on building a start-up on the Open Stack was turned into a discussion about Facebook’s product, and what developers wanted from it.

Note the emphasis on Facebook’s product. The way in which we classify the technology of the open, social web and compare it to Facebook Connect is massively flawed.

Get this clear: Facebook Connect, from inception through API through user experience, is a single, self-contained, beautifully packaged product for developers. And it’s awesome. Facebook has the combination of detailed, well maintained user data, a huge user-base and excellent user interface design for the Connect experience. It ticks every box.

Compare to ‘the Open Stack’. There is no product. These are technologies — wonderful technologies — with which you could build something with the functionality of Facebook Connect. But at time of writing, there is no mature offering. The branded products from Yahoo and Google are not as strong as Facebook; they’re less mature in every way. Problematically, though, the tools have a stronger brand than the implementations.

It’s this that causes the Facebook/Open Web comparison to fall down so quickly. The open technologies are right and true. Using the same open auth and identity protocols is a massive win for developers. But what are you actually implementing?

The open stack itself doesn’t contain any data, nor provide any service. It is just the mechanism to provide those services. You don’t solve anything by ‘integrating OAuth’. OAuth isn’t a service. The publicity has to shift to actual service providers, where the end users are involved. Because really, it’s touching those end users that drives developers, not beautiful snowflakes.

We’re all imagining a world where you can implement OpenID+OAuth+PoCo and seamlessly integrate with Google, Yahoo! and any other social network using the same code. But that doesn’t exist yet. Only the foundations of it exist. And without the data provision from actual products, there’s no implementation to focus the open stack discussion on.

Not broken

Whilst it all sounds a bit bleak, nothing here is broken. Facebook has a massive head-start in the marketplace. Yahoo, Google, MySpace et al are playing catch-up in terms of the APIs and the user experiences of their own sites. Is Yahoo! Updates as rich an experience as Facebook? Not yet, no. There’s work happening everywhere to compete, across all aspects of all services. As such, of course Facebook is the more compelling option this year; it’s obvious that’s the case.

Further, as evidenced by Facebook’s Open Stream API launch last week, their strategy has been formidably well planned. Over the past twelve months they’ve been hit with sticks by openness advocates for being locked away in their walled garden, but their priorities have been elsewhere. They’ve been building a rock solid foundation that, once in place (now), they can start to open up and offer good data from the start. They have the luxury of the market lead, and they can use that to release better, more complete services. That’s their reward for being first, and they’ve earned it.

So, the feeling I come out with is that we should stop thinking about Facebook in the context of open standards (except where they implement them, of course). It’s a broken comparison. It’s hard, because the competitors have everything in the air at once, but it’s down to them over the coming months to turn their adolescent, open-powered APIs into compelling products. The part OAuth plays in this is just to continue becoming as transparent to users as possible.

It’s not the job of OAuth and OpenID as part of this ‘Open Stack’ to take on Facebook in mindshare. The roles of these APIs (PoCo, Open Social and Activity Streams included) is to be expected and taken for granted in any new implementation. These are the bricks on which houses are built. But people don’t buy bricks, and so our eyes need to focus on the products of this work.

The other point to stress here is that whilst the open stack needs stronger implementations, they don’t have to be ‘NotFacebook Connect’. That’s only one use for these standards. The big Open Web offering could be somewhat different. Better, even.

Be excited. The struggle of Open standards vs. Facebook is a fallacy, they’re just efforts a little out of sync. This year, with maturing, big products powered by open technologies, we’ll see things built that extend beyond the achievements of Facebook’s walled garden age. MySpace, Google, Yahoo! et al are all moving together toward something quite special. Developers will be able to take on exciting new, provider agnostic apps with this technology. Just accept that the second generation of competitors need a little time and encouragement to build out.

Oh, and don’t be surprised to see Facebook active in all this, too. In the end, they’ll be as open as anyone else.

Microformats.org is an interesting beast to work for. An informally arranged organisation of volunteers, overseeing a broad array of subject areas and points of interaction. 2008 was my first full year of administrative involvement with the group, for what value of ‘administration’ there really is.

This post is on my personal blog because there is no official line of policy at microformats.org. What I write here is just personal intent and what we achieve in the next twelve months is down to shared passions and collaboration, not the will of one person.

There are shared priorities, of course. The past few months have seen a surge of work on the awkwardly named value excerption ; a mark-up pattern and parsing rule derived from hCard. Honestly, I didn’t know ‘excerption’ was a real word until I started leading the work on this. Thankfully, naming is not as important as a good spec.

Basically, value-excerption in hCard got implemented in parsers globally, so we’re trying spec it more fully to reflect that. It’s a pattern for structuring data values, so in the process we can extend it do something to offer solutions to some long standing accessibility and localisation complaints. The work is sporadic; two weeks here, a month off there. That’s just how it happens. Being absent from Yahoo! this last month has helped me pull it together into a massive public test effort.

My other big task in 2008 was redesigning the microformats wiki, bringing it into line with the look and feel of microformats.org, adapting Dan Cederholm’s still-lovely design. It’s a piece of work I’m proud of, and besides being able to junk vast quantities of MediaWiki’s questionable and bloated default mark-up, it of allowed me to put microformats into the wiki mark-up itself: Each page is now an hAtom entry, with an hCalendar event for the last-modification date of the page.

This Year

I don’t care to dissect last year too heavily. It’s this year I’m excited about. There’s work coming to completion, there’s ongoing work that’s nearly ready to break cover, ongoing infrastructure improvements brewing and a desire to see a big step up in microformats toolkits for developers.

1. First up, I want to see the value-excerption work seen out within the next couple of months. Testing is going really well right now; it’s an effort beyond the scale of anything else we’ve done before. Knowing the accessibility and localisation issues we’re trying to overcome, it’s vital that we get it right. We can’t afford to push something that doesn’t solve the problems and complaints of authors as well as we can. I’m taking suggestions for a beer or red wine magnificent enough to open when we call this one ‘done’.

2. Secondly, we’ve built up a number of issues and enhancement requests against the core microformats — hCard and hCalendar. They’re stable, useful and are helping to change the web, but iterating stably is an important step to take as the community and formats mature. Just as HTML5 is not versioned like a piece of software, there won’t be an ‘hCard 2’. This is the web and we won’t be breaking existing pages or forking our specifications; that’s absurd. We will evolve. I would like a period of active editing and hope to see hCard and hCalendar ’Second Edition’ published this year.

3. Recipe and Audio formats. Two new drafts in 2008. Bearing in mind that many popular and quite stable formats like hReview and hAtom are actually still in draft, that’s a very significant step — it takes a lot of research and brainstorming to put together a good draft spec. These subjects have much stronger, stable momentum than some previous microformat proposals have had, so I’m confident they’ll move smoothly. Structured publishing of music and food is highly Relevant To My Interests. I worked with publishing some of the hAudio draft in my previous music round up. I think it’s getting there.

4. I’ve spend some off-time brainstorming on a new effort myself; ‘embed’. No dedicated wiki page yet as I’m still compiling the initial data to get it rolling. There’s nearly enough to push it though; a few more sites to grab examples from to get people thinking. It’s deriving some concepts from the oEmbed format Pownce supported, allowing sites to describe their ‘embed codes’ for reuse around the web. I want to be able to reuse linked content in an activity stream, and deriving embeds from mark-up rather than writing drivers for every site on the net. It would make reblogging the embedded content more graceful, too. More robust use cases coming soon.

5. Microformats have issues, feature requests, bug reports, tasks to do. At present we track them on the wiki along with the specification documents themselves. Personally I find it a nightmare. Tracking and triaging issues through versioned documents in various structures is harder and less transparent than I’d like, so fixing it would be nice. The wiki update last year has the facility to hook spec ‘issues’ links up to other systems, and I’m spending some time experimenting. Community feedback needed here, plus considerations to be made regarding self-hosting something like Trac or offloading to an external tool. It could happen quite quickly, since I don’t think there are many sane arguments defending the wiki method; it doesn’t scale.

6. Wiki rewrites. I’m good at writing. I’m too verbose for sure, but I communicate well. I’ve taken great pleasure in applying this to more recent microformats output and I like to think I do a pretty good job of improving the experience of interacting with microformats documentation. Many pages on the wiki aren’t as well written. I don’t mean to criticise other authors, I refer more to the way in which over time important pages like the process and how to play page have been edited and added to so many times that at this point, I fear they’ve become impenetrable to a new visitor, and if they can’t follow the rules and I want to see effort go into reworking those pages to be higher quality documents, more approachable and easier to reference when they need to be enforced.

7. Support transformation efforts. In 2008, I’ve noted a couple of repeat proposals and desires for using microformat specifications in other contexts than HTML. Being in HTML is part of what makes something a microformat, so we’ve had instances of proposed forking. Versions of hAudio exist republished for use in RDFa, there’s an entire page on the microformats wiki called jCard — putting hCard into JSON for interchange. Per-specification duplication is, in my view, wrong. Duplicating specifications leads to fragmentation, confusion, incompatibilities. If people have use cases for transforming a microformat into RDF, or JSON, or anything at all, the core spec needs be the same. What we need documented are consistant rules for transforming HTML into any of those other languages. ‘Transforming microformats into JSON’ could be a single wiki reference page for all current and future microformats, explaining how to convert different microformat patterns into JSON. Not a ‘jCard’ and a ‘jCalendar’ and ‘jAtom’, with an ‘rRecipe’ for RDF and xResume for raw XML. Just one set of rules to handle the transformations that are useful. Within that, defining the parsed object structures of the microformats goes most of the way to serialising into another language, and that’s a job for parser authors to settle on the best way to turn microformats into objects consistently.

All of the above is a reasonable ask, I think. It’s ongoing progress in an evolutionary approach in development of standards and infrastructure. My big wish for the year is perhaps a bigger step.

The next level: API Kits

Consider existing services: Google Contacts, Yahoo! Address Book. Standalone data providers, whose APIs offer high level methods to access the contacts held within.

A popular use case for hCard and XFN is contribution to the distributed social ecosystem. Data about people and social relationships is published all across the web, but consuming it is prohibitively hard for most developers.

Whereas someone developing for the YAB or Google data stores can download wrappers around the high-level methods those APIs offer, consuming microformats remains at the parsing level. There’s no Person::getFriends('http://ben-ward.co.uk')-like method returning an array of vcard objects. If we’re serious about evangelising consumption of hcard in social networks. We need high level, task centic toolkits, not just raw parsers.

A higher level means providing solutions to common problems and use-cases, rather than a solution to ‘microformats’. A ‘Distributed Contacts API’ that follows XFN links between hCards, handles crawling pages and/or interaction with the Google Social Graph API. Ultimately, you make one call to a high level function and it just happens. I want to see microformat-based tools that boom!.

I think XFN and hCard offer the two most appealing toolkits: Distributed user profiles (‘Distributed Profile API’) to the profiles information described with hCard, linked with rel='me' and the aforementioned ‘Distributed Contacts API’ for obtaining the profiles of other people you link to as friends.

I’m thinking that methods like these are needed to make it trivial for social applications to start consuming microformats more ambitiously:

Person::getProfile('http://ben-ward.co.uk', callback)

Get all profile info for the person at ben-ward.co.uk, and fire the provided callback function when completed (you need callbacks for all of this since it’s both asynchronous handle and crawling the web is going to take a little time).

Person::getConnections(
    'http://ben-ward.co.uk',
    [ 'friend', 'acquaintance' ],
    callback );

Return the profiles of all the people connected to the person at ben-ward.co.uk connected with XFN ‘friend’ or ‘acquaintance’ relationships.

Methods like these make it simple for developers to start using the huge wealth of published microformatted data to enhance and power their social applications. Right now, getting to those methods is a lot of labour. We need to build it once, and we need to do it in the open. I would love to be in a position this year that we can evangelise microformat consumption with as much strength as we do microformat publishing. OAuth and OpenID has a lot of evangelic traction because libraries exist to implement it in many languages; ‘You should use OAuth, here’s some code you can use!’ is rather more convincing than ‘You should consume microformats! Err…’.

We can’t legitimately push sites to consume hCard with an effort barrier so high. If a stable API kit exists that a developer can just drop in to their codebase — like the wrappers for OAuth — then we can make a strong case to see the open web realise a little more of its potential. I’ve written about the dream of a distributed, microformatted web before at Digital Web. I want to see if become real, rather than just ‘possible’.

You can see this sort of thing in practice already on a tiny but beautiful scale. If you have an OpenID, and an hCard at that same URL, go sign up on User Voice. You’ll auth using OpenID, and when you bounce back to complete your profile, User Voice already knows your name and email address. That information comes not from attribute exchange through OpenID (which the Yahoo OpenID provider doesn’t support), but through reading the hCard from my URL. I wondered for a moment what was going on. And then I just smiled. It’s the future, now. I want to see that user experience available at low cost to every developer.

So, there’s my forward looking. I see the above as pretty concrete ideas. Of course, there’s far too much to lead myself. So, who knows. I hope that others in the community will feel inspired and that we’ll see this kind of work happen. Just as much, I hope to see the visions of others. This community is diverse. I think I’m one of the most passionate about the actual core of the community (perhaps more so than any particular microformat itself), but there wealth of thoughts and ideas amongst all our membership. If you’re one of those, I invite you to write up your vision for the year.

Microformats are a huge deal. Where do we go next? More formats? Reinforcing what we’ve got? Appealing to new groups of publishers and developers that haven’t heard of us yet?

If there’s enough posts along these lines I’ll link them all together on the microformats.org blog.

Another new year, another late review of the year’s music. 2008 has felt like a bit of a bad year for me to track. Not because the experiences or quality of music has been bad, just because like much else, I’ve been especially distracted by bigger changes.

On paper, it’s been pretty good. I attended South by Southwest Music for the first time, spent most of the year living in East London with a music junkie Last.FM-ite and spending great times socialising with David Emery of Beggars Group, so music exposure may have been greater and more eclectic than any previous year. I come out of it not entirely convinced, and my mostly unordered pick of the records I enjoyed the most almost seem predictable written down. Regardless, onward.

Albums

A brilliant, full album is still my favourite way to consume music. Despite listing more to Last.FM and Hype Machine this year than last, despite iTunes adding a really good ‘Genius’ playlist generator feature and despite dropping portable capacity down to 8GB by trading my iPod for an iPhone, I still adore the experience and coherence of a good album.

Antidotes by Foals is my favourite record of the year. It’s just great. I appreciate some early adopters were a little put off by the absence of Mathletics, and the unexpected introduction of a brass section, but the songcraft just clicks everywhere for me. The tunes are great, the riffs get you moving, the switches in pace and style midway through songs is just perfect. Two Steps, Twice is my standout favourite track. It builds up, slowly, pacing perfect and eventually explodes in a synthed up crescendo of energy and tune. It’s just the best thing I’ve heard all year. That said, the preceding Heavy Water, whilst initially a bit of a weaker song, pulls of a great dance explosion at the end as well. It’s a song that just transforms in ways you don’t expect. Whilst Battles brought math-rock out of the shadows earlier, Oxford’s Foals have made something that’s probably more accessible, but no less classy.

Elsewhere, Fleet Foxes maintained the Americana revival apace, with gorgeous earthy, folky songs. Lightspeed Champion’s ‘Falling Off The Lavender Bridge’ record (with Emmy the Great backing) is full of wonderful folk-pop songs, Cut Copy’s ‘In Ghost Colours’ makes wonderful late night music with its combination of lively dance, atmospheric keyboards and sprinkling of “Oh, it’s a bit like New Order, isn’t it?”; underlining why playing full length records won’t go away. Plus Gruff Rhys and Boom Bip formed Neon Neon, rushed back in time to salvage the electronic bits of the 80’s and won it all with ‘Stainless Style’.

Elbow’s evolution continues to astound. I love this band dearly, every record they’ve ever released has touched me in some way and every one has glorious moments that I’ll go back and play forever. I don’t know if any one song on ‘The Seldom Seen Kid’ is better than anything they’ve done previous, but the record as a whole is somehow a more coherent, more complete offering than what came before. It’s inevitably more mature; less of a departure in sound from ‘Leaders of the Free World’ than it could have been, but over a handful of listens, from start to finish it draws you in. Richard Hawley provides vocals on ‘The Fix’, and dominates the song. It’s a wonderful stand out moment, though you wonder if it displaces Guy Garvey’s own distinctive vocal too much. Until it rolls into ’Some Riot’, a piece of music of beauty and delicacy and suddenly Garvey’s voice is in its element and you… just… float. Perhaps ‘Some Riot’ is the one song that’s better than anything else they’ve done.

I still regret not saying ‘Hello’ to Guy at London Euston railway station a few years ago, though I still don’t know what I’d say to him now. After my drunken blathering to Moby at SXSW, maybe it’s best I stay away from respectable musicians.

Finally, my dabbling in the physical world of vinyl is growing. I bought a gorgeous Pro-Ject Debut III (in red). A beautifully squared off slap of wood, with minimal controls and, as best I can tell, great sound. I don’t care how near the snob/hipster line I stray, the warm, full sound is awesome and appreciable even on my aged student hi-fi separates. On that, I must mention something completely out of time; The Beta Band. Their first, self titled album which for some reason I own only on vinyl. It’s just great. It’s exactly where pop music rightfully ends up in the late 1990s; assuming the same progression and daring evolution of the preceding forty years. They were unique, The Beta Band, and they are missed.

Songs

Maybe it’s because I pour all my energy into album reviews, but when I get down to individual songs I feel more inclined toward spewing out a quickfire list than anything more substantial. I can’t find much fault with that, so, the songs that made me happy in 2008:

‘The Hill, The View, and the Lights’ by Cajun Dance Party, ‘Two Steps, Twice’ by Foals, ‘Midnight Surprise’ and ‘Dry Lips’ by Lightspeed Champion, ‘Battle Royale’ by Does It Offend You, Yeah?, ‘Your Protector’ by Fleet Foxes, ‘Ghosts’ by Ladytron, ‘Belfast’ by Neon Neon, ‘Lights Out For Darker Skies’ by British Sea Power, ‘Kriss Kross’ by Guillemots from their otherwise disappointing ‘Red’ album, ‘Salute Your Solution’ from Raconteurs ‘Consolers of the Lonely’, ‘Hot Cakes’ by El Ten Eleven — and his cover of ‘Paranoid Android’ is stellar too.

Special mentions go to ‘Talking Backwards’ by Fanfarlo, a band I desperately need to acquire more music of. ‘Talking Backwards’ is one of my favourite pop songs of the whole year. And whilst most of the songs here are linked to Last.FM in some way, you should absolutely follow this one and play the whole song. It’s sublime.

And then, there’s Florence and the Machine.

No album, unsigned until rather recently. I am somewhat obsessed with Florence Welch. But I’m shameless about it. Her two 7” singles this year — ‘Kiss with a Fist’ and ‘Dog Days Are Over’ have just been sublime. Pop music with great tunes, great refrain, darkly humorous lyrics. I could ask nothing more than to have it performed live in my living room. Unless that’s getting creepy, in which case I’ll reluctantly step away. Her performance at SXSW was awesome and had me following her powerful, bluesy voice ever since. Er, more gushing about her follows below. Again with the emphasis on listening to these. Or show up at a party in my apartment and I’ll inevitably play them to you ad nauseam.

For everything else this year, I’ll lazily be referring you to my Last.FM loved tracks and Hype Machine obsessions lists.

Live

Live music was quite special this year. I attended South by Southwest in March, staying on past the usual interactive geek-up and through a gruelling second week of intense music. It was an awesome exercise in discovering bands I’d only heard the name of at that point — Lightspeed Champion, MGMT, Los Campesinos! and so forth. The only accidental discovery was Florence and the Machine, who was stunningly good and did quite curious things to my heart rate with her voice alone.

Later came The Great Escape in Brighton, which bills itself as a British version of SXSW, but by offering rather fewer shows per night, they don’t handle the quantity of attendees so well. There’s hope if they can scale up venues faster than they scale attendees. Saw some good shows, although Lightspeed Champion almost undid all the good from SXSW in one dreadful performance.

The Ting Tings were actually a lot of fun live at SXSW (and again at The Great Escape), but the album kinda slumped off my radar after a few weeks. In still can’t quite believe that after recording the weak, wheezing falsetto on title track ‘We Started Nothing’ someone was actually paid to say ‘Yeah, that’s great!’. I think my subsequent disenchantment was what David intended to refer to as inevitable… although all I heard was him hurling expletives at me for listening to Ting Tings in the first place. I’m sure I’ve got his sentiment nailed down now, though.

I did a good number of shows at Somerset House again. It’s a frankly very expensive way to see less shows than a music festival, but the venue is magnificent illuminated and it was right near the Yahoo! office.

It would be remiss not to mention the biggest event of my live music year. I managed to clock up seeing Radiohead three times; two nights in London’s Victoria Park (all of five minutes walk from my then home), and once more in Golden Gate Park in San Francisco. I missed out on the surprise show at Rough Trade on Brick Lane; oh well. The second night in London stands out as my favourite, but with a repertoire as good as theirs is difficult to fault on any night. The variation night to night keeps it fresh and the experience as the sun sets is just stellar. I’m still to experience anything as mind blowing as tens of thousands of people singing the coda to Karma Police. For a minute there we lost ourselves.

As mentioned earlier, I’ve spent most of the year since South by Southwest absolutely fixated by Florence Welch to a degree bordering on social unacceptability. Even without my mild obsession, Florence and the Machine’s records are catchy, her voice is magnificent, her lyrics darkly comic and together with songs of pure pop brilliance, she offers something beyond any of the more famous London soloists. Like Steve Lamaq, I really can’t figure out what to expect nor what I want from 2009 in terms of broader trends and scenes, but an album from Florence is on the cards, so that’s one thing at least.

I’m looking forward to see what San Francisco offers up in 2009.

Delegated authentication and authorisation technologies are one of the biggest developments of last year. Whilst still immature, technologies like OpenID and OAuth have their feet down as being integral pieces in the interaction between web services.

OpenID and OAuth are the open, standards based and interoperable editions of this technology, but Yahoo’s deprecated BBAuth and FlickrAuth and others all came before. Also at the tail-end of last year came Facebook Connect, a system whereby websites can piggyback on Facebook profiles for building applications.

For example, take Fire Eagle. It’s a service that stores your location on your behalf, for use by other applications on the web. It uses OAuth to control access to that location; no application can see your location by default. When you visit a site needing your location, it asks Fire Eagle for that information.

Instead providing your Yahoo! username and password to this third party site (which would grant access to your entire Yahoo! account), you are taken to a special page on the Fire Eagle site, click a button to grant specific location permission and then jump back to the original site, which now holds a token to access to your location.

OAuth Best Practices · Fire Eagle. Image by Ben Ward & Sam Tripodi

This process means that the site you shared your location with can’t access anything apart from your location (it can’t log into your Yahoo! IM account, for example, or send emails through Yahoo mail). Furthermore, you can log in to Fire Eagle and remove that application any time; you don’t need to change your password to do so.

It’s the future, it’s user empowering, and it’s going to be great. Eventually.

The user experience of this OAuth process — and OpenID alike — has been criticised a bit. Users don’t expect to be moved between different websites, but they are familiar with entering their passwords all over the place. The short ranty version of this article would go like this: If you stop whining and just get on with implementing the OAuth flow, users will get used to it and will be just fine. It’s is usable as-is, so shut up already. But this is the long, constructive version, so:

The user experience of OAuth and OpenID is immature, and can still be massively improved and smoothed out with concerted design effort.

Which brings me to Facebook Connect. Connect is a product as well as a proprietary technology. It’s a packaged and complete offering from Facebook, and as such, comes with a far more complete and polished user experience than the technology-focused, open standards have so far achieved. Polished and mind bogglingly stupid, in places, but, y’know.

Facebook Connect, whilst proprietary and product-specific and therefore irrelevant in the grand scheme of things, has UX that can be applied to OAuth and OpenID flows. If service providers support this, I think user experience gets much better, quickly.

How does Facebook Connect work?

The most common use case for Facebook Connect appears to be commenting on blogs, such as on Gawker sites. Rather than enter your details standalone, or uniquely register with a site, you log into Facebook, and Gawker uses those details instead.

So, you click the shiny ‘Facebook Connect’ button in the comments form, and an overlay appears:

This is the crux of the learning for OAuth. Rather than redirect to Facebook, this granting of permission happens right in the page in an embedded control.

It’s not quite as simple as this, mind. It’s ok that this action occurs in an overlay only because the user is already logged in to Facebook. No exchange of credentials takes place: The overlay is an iframe serving a page from Facebook’s server, so my current login cookie is used and there’s no need for Facebook to ask for my password. A malicious site would gain nothing by spoofing this dialog.

Since writing this article, Facebook have improved the behaviour of Connect. Now, if you are signed in you see an overlay as before, but if not signed in Connect opens a new window, where all usual browser functionality is available. This a huge improvement and fixes the complaints that follow.

Unfortunately, Facebook Connect then screws up. The whole point of delegated auth is that we stop users entering their passwords into third party sites. It has to stop. That means both actually entering their details into third parties, but also interface that gives the impression of giving your password to a third party. When you are not currently logged into Facebook, you instead see this dialog:

Millions of Facebook users, openly encouraged to enter their password into any site that asks. This is wrong. If the user is not already logged into the service, you should be redirected in a more traditional bounce between pages. That way browser-level phishing tools kick in, the URL in the address bar can be manually inspected by the user and, critically, the user is conscious of logging into a different service.

Facebook ranting aside, the first half of their Connect overlay UI would be very useful to enhance the user experience of OAuth and OpenID.

Here’s a hypothetical Fire Eagle app built into Last.FM.

In the current implementation of OAuth, clicking ‘Get Fire Eagle Location’ would redirect you to the Fire Eagle website, and then you’d redirect back again after clicking ‘Confirm’.

Instead, OAuth apps should do this by default:

No redirect, lighter weight UI and more responsive feedback. This, I think, is something that OAuth APIs should support out of box along with their other language wrappers; provide drop-in support.

Now, this behaviour applies for logged in users only. If you’re not logged in to Fire Eagle for any reason, you should still be moved to the separate site as before. We need to stay strict on keeping users spatially aware of where they are entering their passwords, otherwise the whole effort is undermined.

Overlaid OpenID

With one example down, here’s a mock of how Open ID could benefit from the same integrated flow, this time working with Dopplr, since they already support Open ID:

If not logged in to Yahoo, you get a prompt and just as before, are guided to step through the regular, separate-site process to sign in:

Clicking ‘Sign in to Yahoo!’ would take the user to Yahoo’s standalone page.

How to make this happen?

For this to happen, services need to provide support for it; it can’t be done just at the client side. The dialog-sized interfaces for authorising applications or logging into sites need to provided, and they need to support the ‘break out to enter passwords’ flow. But, sites like Fire Eagle already provide a mobile-scale version of the auth page, so further variants are not a major hindrance.

It also needs a JavaScript component to handle the UI side. With a bit of luck, this only needs to be done once and shared between projects.

The core technology behind OAuth and OpenID is pretty robust. Both have major adopters like Yahoo and Google. OpenID has a bit of a bit of a way to go before users need it, perhaps, but regardless, it’s well into the same phase where user experience needs to be a concerted effort, and the status quo needs to be challenged.

Everything in this post is just a small step from what we already have, it’s just smoothing out the edges. Maybe that’s enough, but I suspect there’s a long way to go and a wealth of other ideas out there.