KB in this context stands for KiloBuck

This is the only thing he DIDN'T want to last longer than him. Don't be cruel.

Cool, that's great, and I don't think you should stop doing that, but you aren't really the case the story is talking about. Although you could be, if the security firm you hire fails to catch all of the vulnerabilities and some white hat somewhere reports something to you. Then it'd be better if you could have some assurance that they were trustworthy.

I don't think we disagree on any specific points so far. I'm not trying to replace security audits, just to encourage people who do the right thing without being paid to do so.

Determining who to trust is the goal of the system I described, because the only real trust is reciprocal trust. Researchers trust an authority with full record of their activities, and thereby earn the trust of the people they're ostensibly trying to help.

Today this would be done by the owner of the system choosing a security firm to audit their system, but we know that doesn't happen because it's expensive and people are lazy. Still, it needs to be done, so today's researchers just do it without getting permission, which results in vulnerabilities exposed (good), but sometimes also results in lawsuits (bad).

In my proposal, the law defines the terms of that initial agreement, which lets researchers find security flaws without having to get the system's owners' permission.

Identifying the good guys is a question of trust, so you can imagine why lawmakers are hesitant to throw trust around willy-nilly. Building a system that shows how that trust is reciprocated and enforced would be a good start.

Seems like there could be a law that tries to differentiate "Research Hacking" by setting requirements to qualify as a researcher. They must provide full transparency to prove they have no malicious intent. They inform law enforcement authorities of their activities before and after the exercise and constantly upload logs of their actions and any data transactions they execute. Maybe on a virtual "research sandbox" machine that deletes itself at the end of the session as an added layer of protection. Then if the vulnerability gets out before it's been reported, maybe that researcher (or people with access to their machine) is a good place to start the investigation, so there's incentive to report vulnerabilities quickly. Overly simplistic, probably not quite workable as-stated, but you get the idea.

/agree about publishing, but not about impracticality. It's not like the police are going to go to everyone's house after a breakup and take their photos away, and those photos will probably exist in the hard drives and minds of millions of people who never make a big deal about it. But it also means that if your ex is holding what amounts to blackmail photos over you, you now have a legal recourse.

Before, if you told the police that you accidentally dated a psycho and now they're showing naked photos of you to everyone in town, they'd say "your ex owns those photos, so maybe you should have kept all your naked pictures to yourself." Which is great if you have a time machine, but not if you're looking to stop someone from being an asshole today. With this, if you make a request, they have legal grounds to take away the photos.

And sure it's probably going to be abused by some people (and that scene from Forgetting Sarah Marshall won't make sense anymore), but before we had people abusing their possession of naked photos. So, which is worse?

If kiwis are related to the much bigger elephant birds, that might explain why they lay such ridiculously big eggs - they've shrunk but their eggs haven't caught up yet.

I started out with "just insurance" then realized that I wanted people to know how traffic laws work whether or not they were driving. Eventually that increased in requirements until I settled on drivers' license plus autonomous vehicles license.

With luck the former would be good basic knowledge and the latter would be focused on how the autonomous vehicles work, in an effort to prevent road rage directed at your own car.

Please don't make water into a fuel. I need water for other things.

Why are we talking as though the options are "tell the truth and ream them" and "lie through your teeth to be nice"? Didn't we learn constructive criticism back when we were junior whatevers at our first job?

The only benefit to you in an exit interview is data you can glean from them, and any satisfaction from acting out will burn you in the long run. So get outside yourself and attempt to join forces with the person interviewing you so you both can avoid having to do this in the future. You'll have time for complaining about the bad times when you're with your buddies at the bar.

The ideal exit interview gets to the heart of the problem without pointing fingers. It is impartial, it gets information as often as it gets, and it helps you grow as a person:

It's not "my boss was the worst asshole in the world," it's "I couldn't find a way to improve my work relationship with my manager. Maybe it was a personality clash, but I had taken these steps [insert steps], and felt that my attempts were rebuffed. Can you think of ways I might have done better?"

It's not "you guys are so great I'm so sad and you'll do great," it's "I know we didn't really get along, please be honest, what do you think most damaged our work relationship? [hear answer] Oh, good points, I thought it was also this [insert problems]"

And if you're being polite and constructive and they're they opposite, then ask to cut it short and move on with your life.

Galaxy Zoo could possibly benefit from this tech. Or oncologists who stare at MRI images looking for tumors.

50% of the population didn't want to report their religion because they are secretly Sith.

I picked Sirius. Soon I will have all of "the hottest cheat codes."

The mouseover problem isn't a flash-on-touchscreen problem, it's a touchscreen problem. Anyone who's used a touchscreen with fat fingers knows that touchscreens are flawed - they all suffer from a lack of focus awareness. But putting a cursor on the screen that you drag around with your finger is a step backward, not forward.

The cursor exists for two reasons: to give the computer an idea of what your eye is focused on, and give you an idea of what the computer thinks you're focused on. On a touchscreen, the machine has no information until you actually mash your finger in the general vicinity of several potential inputs - forcing it to do heuristic gymnastics to figure out which one you really meant. And if it gets it wrong, you are angry, because it didn't warn you that you were clicking the wrong thing.

The iphone keyboard tries to fix this in a sad and lonely way: it makes the button you're "clicking" bigger, as you're clicking on it. This slows typing to a crawl, but combined with auto-complete and auto-suggest it's a reasonable facsimile of an effective input method. But since there's no auto-complete when you're navigating a website (except googling the specific page, maybe), that's not going to solve the "flash problem".

On the bright side this will all be resolved just as soon as eye-tracking is solved. Whatever you're looking at will be "your focus" - dropping a focus indicator whenever you're looking at a clickable object (existing mouseover highlights would work fine). Then you tap it with your finger (because blinking is too hard to control and saying "click" makes you sound ridiculous) and presto: the computer knows where you're looking and you know where the computer thinks you're looking, and you've finally replicated the functionality of a 40-year-old technology, but on a touchscreen.

Maybe they should add a "mining bot" entity to the game world, then. Since players seem to find it too boring to do themselves.