Think about what could be made if, instead of burning all of this money for a Pyrrhic victory against each other, Google and Apple spent all of that money on development. That would be nice. That would be neighborly.

Apple, Google: Listen to Mr. Rogers's ghost. Why won't you be each other's neighbors?

Really? Last numbers I saw put the iPhone ahead of Android. Anyone have numbers on this?

Does it still break integration with VirtualBox?

I would have thought that Virgin would be less vulnerable to penetration.

If I'm multitasking, it usually means that one of the activities I am doing is extremely inane. I'd like to see a comparison of how well people focus when they multitask, when the task is extremely inane and for a long period of time. Say, eight hours.

Did I wander onto 4chan? This is trolls, trolling trolls!

I was thinking about this originally in January of 2011, and I think I remember finding people mentioning XHR but not finding anything beyond scant mentions. No good "what is this and how do I do" documentation. I was originally thinking a DH key exchange, but that requires you to store it each session, which means each session is vulnerable to MitM, or to use HTML5 things that were not widespread two years ago.

Oh, derp. I don't know what I was thinking, then.

I love how it was upmodded as insightful, but it's really just dumb humor.

The server can't decrypt the page for you. That would eliminate the entire point of encrypting the page in the first place. The server encrypts the page and gives it to you, then your browser decrypts it using this interface specified by the W3C. Are you actually dumb, or is that just a hobby?

Chrome will probably put in an update which contains this when nobody's looking. Firefox will update two weeks after Chrome. And IE will take another two years, and their interface for it will be completely broken. Opera will have already had it implemented a month before everybody else, but nobody cares because nobody uses Opera.

No it doesn't. It's just for crypto between server and client.

It was because NearlyFreeSpeech doesn't support HTTPS, and I wanted to implement some sort of encryption. So, I figured that my server could encrypt pagelets and send them, and then the client could use a previously-established key to decrypt the pagelets, attaching them to the DOM structure in a logical way. The problem is, since JavaScript explicitly disallows XSS, I couldn't figure out a way to contact a separate key authority server. This meant that however I did it, I'd be (more) vulnerable to a man-in-the-middle attack.

Looking this over, it looks like this specification doesn't solve that issue. I know that key authorities can be compromised, but it's better to require two points of failure rather than one.

I mean, remember when Oracle acquired Java from Sun? That was awesome, right? I mean, I'm sure that Dice is buying Slashdot and SourceForge out of the goodness of their hearts, rather than trying to turn them into profit-making machines. Right?

...right guys?