Yes, that's exactly what I want on my phone. I can use whatever I want on my desktop. On my phone, I want a reduced email client.

But that would have resulted in a strange number of bits of addressing, and actually made everything much more complicated, so they skipped it. It really had to be a multiple of 32 bits, and obviously, they went big.

I thought MS-DOS didn't get folders until 2.0, and Mac OS didn't get folders until HFS in System 2.1.

They keep boning the interface for maps, someone could seriously make a buck just skinning it and giving easy access to the offline caching feature and so on. And googles, why for you no have keywords? I just wind up going to the web interface for image searches. So there's an extra step.

Inbox is pretty nice, I guess. I didn't get the impression that there was much competition in that space. Am I wrong?

Yes.

I haven't worked there for years and years, and I didn't even work for IBM proper; I worked for Tivoli, which hadn't yet been fully subsumed into the IBM culture. I did, however, have access to the 9 net, and there really is a whole little world in there. It's part of how IBM keeps people on the reservation.

Yes and no. Yes, they're going to convert your license, so the original license will be invalidated. No, you will still be able to install Windows 7. What you won't be able to do is legally re-validate it. But seriously, if you use an activation tool to go back to Windows 7, you think Microsoft will knock on your door and sue you?

converting to a windows 10 license destroys your windows 7 license.

Sure, you can just ignore the activation prompts, or use one of the deprotection tools, but it's still an annoyance if you want to go back.

The only correlation between intelligence and Slashdot UIDs is not having one.

No, they have a failure rate over 90% at 12 months, actually.

Then how would a reset work? Or do all subscribers to your service additionally need to subscribe to mobile phone service on a supported carrier?

My concern is how to keep someone between your server and the subscriber's MUA from compromising "possession", or how to establish "possession" the first time.

I just use a PRNG. If I need it as a GUID, I request 120 random bits and format them as a type 4 UUID. Is that good enough?

Or to put it shorter: "Passwords and password reset codes go in separate fields."

I've implemented a similar system that keeps the hashed password and the one-time-use code in separate fields of the user table. I just wondered if there was any good way to protect the "login ticket" (the mail containing the one-time-use code) from interception in the 24 hours between when it is sent and the expiration time that we store.

This use of a one-time, soon-expiring autogenerated password is common in flows that include the step "To reset your password, confirm your e-mail address" or "To opt in to e-mail notifications, confirm your e-mail address". Is there an alternative, other than to either A. mail all customers a second factor of authentication used to reset a password, or B. require all customers to subscribe to mobile phone service with unlimited texting to receive resets through SMS?

How do you encrypt this unique verification URL on its way to the subscriber to your service?

I'm sorry; I misread this as "security theater questions". See "The Curse of the Secret Question" by Bruce Schneier and "Wish-It-Was Two Factor" by Alex Papadimoulis.

A lot of time, the answers to security theater questions are things that would be in a user's Facebook timeline, such as the name of the middle school that the user attended.