When you use a federated single-sign-on capability like this, your password is NEVER sent to the service provider (the one you're logging in to using you Yahoo/Facebook/Google/etc account). It is only sent to the authenticating service (the identity provider), who already has it, and then that provider generates a signed message in a specific format (OpenID, SAML, etc) that vouches for your identity to the other site. In this model, your password is actually exposed LESS than if you create an account at the site in question.

If the other site can handle proper authentication of the user, secure storage of credentials using a suitable hash algorithm and a good amount of salt, and generally follows all of the best practices associated with these functions, and can provided federated single-sign-on using a mature, tested, and generally accepted protocol like OpenID or OAuth, then you absolutely says that you can trust another site to provide your authentication function for you. Well, maybe you can, depending on your business model and risk tolerance. Whatever you decided, I *highly* doubt that you can securely and safely store your users' credential information in a more secure manner than Facebook can.

Really? You just used VMware? The predecessor for all of these? Well...OK then but please do not pretend to offer an informed opinion on VM software.

If the airplane's design allows you AS A REGULAR PASSENGER to do so, then yes.

This is why 4.3 will be made of wood. Sonic screwdrivers don't work on wood.

The Unix permissions model that is part of the Linux kernel within Android is used extensively and is central to application isolation within Android. It's just not used as you think it is. Each app runs under its own UID and each app has full permission to its own directories and resources (owner has full control) while no other apps have any permissions to those resources (by default, this can be changed by the app's developers and by you, assuming you have root-level access to your phone).

Which is exactly what Google interviews are like.

Plain simple Garak.

...always a matter of perspective. The iPod (and a lot of Apple's devices) offers a far superior interface and experience for the vast majority of users. If my mom buys an iPod and it breaks and she's upset, I will argue that the "right thing" for me to since, since I have the capabilities to fix it would be to do so. By doing so, I increase my mom's happiness, I get to undertake a fun little technical challenge, and both me and my mom are happy. If instead, I "guide" her to buying a user-serviceable device that she hates to use due to an inferior interface from her perspective, then she's lost money, doesn't have a device she likes, and she's mad at me. I cannot see how that would be the right thing to do.

It will slow down brute force **for a particular password**. That's the key. If you don't use salt, you can brute force all you want and, for each attempt, check to see if that result is there for ANY of the passwords. If you use salt, since you would be using different salt for each password (or...you should be!), then you need to brute force each password individually.

They do block these. OP does not know what he is talking about.

You cannot use a gift card to sign up for an Android Developer account. Google maintains the same billing information that Apple does and, yes, they do check and enforce this.

No offense intended, but if you think that having a lockscreen on a device is the only thing corporate information security cares about, then you have no idea what you're talking about.

Verizon is ... CDMA, CDMA2000 (3G), and LTE (4G). If you're using CDMA (2G data), then your phone most likely does not have a SIM. If you're using CDMA2000 (3G) and you have a US-only phone, then your phone does not have a SIM, but if you have a world-capable phone, it does (the Blackberry Storm, for example, used the internal CDMA2000 radio when in the US and then also had a GSM radio with a SIM for when it was out of the US). If you're using LTE (4G), then you do have a SIM as LTE is a technology that is derived from the GSM-line of technologies as opposed to the CDMA ones (and, yes, Verizon uses LTE).

Different languages compile down very differently. Indeed, different compilers compile the same source code differently (try comparing GCC output to Visual Studio output and you'll see some obvious differences in how the assembly/machine code is crafted). In this case, there were clear signs of an object-oriented approach (data and functions were located around each other in memory, which is not likely to happen in non-OO languages, etc).