Sure.. but before your friends get a new FB/G+ request, they'll get a whole bunch of spam written as recommendations/requests from you. I get annoyed when my friends spam me. I consider it pretty rude for them not to protect their account as it leaks anything I set as private and exposes me to spam I don't want to see. So I try to encourage my friends to be smart when it comes to things like FB as it's only a useful tool so long as we keep up the signal-to-noise ratio and some minimum amount of security/privacy.

I think the point was we don't remember everything we've signed up for. I may have used a weak password on what was essentially a throw-away account at the time. But all the same, it might be under my name. So now I'd love to clean up all the accounts I created as a kid.. I'll just never remember them all.

The main purpose of changing your password is to get back into a secure state. So if your password does get stolen, it isn't a lifetime pass. I can't count the number of people who only discover that they had a stalker ex reading through their email and facebook for years. It's not just corporate data I care about.. a lot of people will sign into their services on random phones/computers to send a quick message or kill some time. Sooner or later, they'll sit down on a machine that'll send their creds to a spam network. While google and such do as good a job as you can expect to detect and return accounts, from a good practices point of view, telling people to change their password from time to time is pretty good advice.

Er, one mix-up in my last post there. I meant that they can have a $10 minimum for credit transactions. Sorry, what I said there was completely wrong :)

The new financial reform bill makes it legal to charge up to a $10 fee for any method of payment. They can also do cash/check discounts. Basically, it ensures this is legal such that retailers can set fees/discounts to ensure they aren't losing money on certain low-value transactions. Also, by now being able to set fees for one brand of card differently from another, it fosters some competition. So we might see higher fees on visa/mastercard than debit for example.

The recent financial reform bill explicitly made it legal to charge different fees on different methods. For example, having different fees for visa and american express cards. The financial reform bill overrules whatever you find in the guidelines produced by the credit card companies. That said, I believe your source is dated prior to the new law coming into effect.

But how many years did google get cheaper prices because they had no legitimate competitor? That's a monopoly at work.

Well, if you choose to use chrome rather than firefox, google doesn't have to spend money setting your default search provider. So that's more profit. There are also other benefits to their platform control. Doesn't AdBlock Plus for Chrome contain a checkbox in the installer to exclude google ads from being blocked? When you own the platform, you can control the extension developers. As new forms of advertising are developed, say inside google chrome apps, they are in a position to decide on a case-by-case basis what they allow to be blocked. Also, they gather so much extra data with the type-ahead URLs and such. There are many reasons why google would want to kill firefox and keep the code to themselves.

It's for devices with hardware security to enforce a ~5 attempt max and self-destruct the encryption keys. So any phone/tablet pretty much fits the bill. It's not intended for traditional desktop machines. Here's my current background image: http://i.imgur.com/eJqQF.jpg. I'm pretty sure I can spot more than 6 points of interest.

Directional gestures like drawing lines and circles are a lot harder to figure out based on the smudges. You still only get max 5 attempts before the device self-destructs the decryption keys to its data. So even if you can see the exact smudges from the login perfectly, you're still unlikely to guess right with both order and direction.

Those are two different problems. Typically a brute force attack would be carried out against the password hash. So you get access to the hard disk and you want to figure out some guy's domain credentials. That's the 8+ digit password that's slow to brute force. The comparison here is against 4 to 6 digit pins you find on most tablets, eg ipad. The hardware holds the encryption keys and only allows a few attempts before permanently destroying the decryption key. That effectively erases the device. So in cases such as phones and tablets where you have trusted hardware, you only need to worry about 5 attempts. If you're dealing with an older-style system where the password hash can be easily retrieved from the hardware to brute-force externally, you need a much larger set of password combinations.

The math used for comparison typically assumes that there are 10 points of interest in an image. Obviously there's a range depending on the image but most have at least 10. Just don't use Japan's flag as your image and you should be okay. Since lines are directional, when you say 6 likely candidates for lines, that works out to three points of interest: A->B, A->C, B->A, B->C, C->A, C->B. So that really isn't true at all.

The meaty bit at the end of their math is this: "Assuming the average image has 10 points of interest, and a gesture sequence length of 3, there are 8 million possible combinations, making the prospect of guessing the correct sequence within 5 tries fairly remote."

The table at the bottom is good to look through.
http://blogs.msdn.com/b/b8/archive/2011/12/16/signing-in-with-a-picture-password.aspx

Bottom line, for 3 gestures on a typical image, 8 million > [10,000 to 1,000,000] (possibilities for a 4 to 6-digit pin, the valid comparison for this)

That's why many of the gestures are directional. Compared to a pin, it's much better. And a 4-6 digit pin on a phone/ipad/etc is definitely the main comparison here.

The point isn't that js is taking over and creating larger downloads. Actually, relative to static HTML, dynamically built pages reduce the overall bandwidth consumption when smartly designed/optimized. The point is that relative to other technologies, js is growing rapidly. In particular, the other major scripting engine, flash, isn't showing growth. Everyone expects the quality (file size) of the images to increase over time. So the fact that images continue to increase in size at a rate proportional to consumer bandwidth isn't particularly interesting.

You'll need the same amount of data from your SQL server regardless of if the markup is generated by PHP/whatever on the server or by javascript on the client. This particular choice should have no impact on DB perf. Note that even for an ajax application, you can most certainly 'pre-fetch' the data for the initial page and send that down to the client. An ajax-style page does not have to make an actual http request to get that first bit of data. Either way, the main html page should have the same data regardless of if the markup is generated on the server or client.