The overall Forest Service budget has indeed been increasing, but it's nearly all going to wildfire fighting. I recently wrote about the state of forest road funding and went in depth on this here: https://ephemeral.cx/2024/09/losing-access-to-the-cascades
> Overall, in 1995 16% of the Forest Service budget was dedicated to wildfires. By 2015 it was 52% and by 2025 it’s projected to be upwards of 67%. Without large amounts of additional funding it is virtually guaranteed that the Forest Service’s budget will continue to be siphoned away by firefighting needs.
How relevant is that though? If eg lightning can do the same thing isnt it only a matter of time? Genuine question, im new to west coast and lightly thinking about it, arent our options ultimately either regular burns, cutting trees down, or a mix? I see the insane amounts of underbrush and it seems impossible to clear it all regularly in a cost effective way, to avoid then need to burn. But IDK, very curious.
There is a non-trivial crime factor in every crisis that provokes a large subset of society to flee.
If areas were having small semi-annual fires cleaning out the brush rather than these once per several decades monsters there wouldn't be the need for people to flee and there wouldn't be the same crime impact. And routinely dealing with small fires would make all the organizations involved better practiced when the big ones some around.
Those areas would be burning exactly the same as before, starting in 20 places at 4 AM in the most windy night of the year. The criminals just would bring a can of gasoline.
I actually quite like it when this happens from the candidate side of the table. I don't want to work anywhere that is so short term focused on "you need to have X years of experience with this exact language/framework or we won't even consider you." It saves us both a lot of time by realizing our values are clearly not aligned early on in the process.
This is how software freedom dies. If bs like this and that "web environment integrity" crap Google tried to push into Chrome last year isn't an obvious sign that Google is a monopoly and needs to be broken up then I don't know what is. It's a disgrace what Google has done to Android as a formerly open and developer friendly platform.
Plus Garmin devices use the Iridium network which has truly global coverage (as opposed to Globalstar which is only in select areas of the world) as well as other features useful for non-emergency backcountry travel. I won't be dropping my Garmin InReach any time soon.
Correct. Globalstar is a "bent pipe analog repeater" network. They have ground gateway stations that provide connectivity from their satellites to the public switched telephone network and internet. In order for your handheld to work, you need a satellite in view and that satellite must have a ground gateway station in view. Iridium doesn't have that latter requirement. I won't be getting rid of my InReach Mini anytime soon.
On the other hand, that "bent pipe" nature is what allowed Globalstar to support a (presumably) completely new type of protocol and modulation over existing, decades-old satellites!
Apple has also been adding new ground stations as part of their agreement with Globalstar, which has, among other things, added coverage to Hawaii. I'm pretty sure they have much larger plans for this than just emergency texting.
I do a lot of solo hiking and use a Garmin with InReach in case of emergency and to reassure my wife, it can also send my position every N minutes (I usually set it for 20 when on the trails in an area with limited or no cell phone coverage). I wouldn't mind if similar functionality becomes common on cell phones.
I know someone on our local SAR team that had mentioned they were having issues with folks using the Apple devices for SOS that resulted in long delays. This is for coastal British Columbia, so perhaps not a universal experience - but something to keep in mind.
Personally, I'd stick with the better known option, and like another commenter said - the battery life on the Garmins are pretty amazing, and it doesn't weight much.
And I rather depend on a PLB, whose signal can be picked up by an international network of receivers on 406MHz, and even transmits a homing beacon for first responders.
No subscription required either. You simply register the beacon with a government agency (in the US, its via the NOAA, and distress signals are handled by the coast guard or air force receivers)
> Bank apps not running on phones where security has been compromised seems entirely reasonable.
I have root access on my laptop and I log in to my bank's website just fine. Making apps not run on rooted phones is just perpetuating the cycle of forcing users to comply with the restrictions placed upon them by Apple and Google. Root access != less secure. It means control over the device you paid for and own.
I don't think the root permission ban is for the website. In most cases it's about how your phone + the bank's app has become the new hardware token / key generator. Before smartphones I could log on to the bank's website but any transaction will have to be authenticated using a hardware token (presumed secure). That's moved into an app now.
...and you're probably less safe as a result. In the 90s and early 2000s, running as root (admin) was the Windows default for home computers, and that's why we had such a malware and spyware problem then. It wasn't until UAC limited user and app permissions on purpose and Windows Defender became standard that it began to get better.
Root access for you means you have control, sure. But it often does mean you're less safe too, depending on your OS's security model and what other apps can run as you. That's why limited sudo and other "root ish, but only in small doses" models were made. And that's assuming you know what you're doing.
For Jane Grandma, root of any sort means power she'll never need and a footgun to lose her life savings with. It's a good thing mobile phones protect ordinary users from themselves. Most people don't need root access any more than they need the ability to reprogram the ECU on their car.
Besides, on a rooted phone, I thought there were already ways to fool an app into thinking it's not rooted...? Or did they change that?
This was also a major concern around the construction of the Golden Gate bridge; that during a time of war an enemy could have destroyed it to trap a large portion of the Navy's Pacific Fleet in the bay.
https://pirep.io - a collaborative database of all airports in the US & Canada and their local amenities for general aviation pilots. There's a bunch of local knowledge scattered about for recreational pilots, most of it unpublished. Pirep aims to make that more accessible so it in turn gets more people out flying.
> right in front of ultra short timeouts everywhere
> If only I could meet the people who make these decisions in person...
For what it's worth, I was once forced to implement a half hour auto-logout on a website that could hardly be considered as containing sensitive data because an external pentest firm flagged the lack of a short timeout as an issue. The only way we could show clients a passing pentest was to comply with all of the findings. We all knew it was stupid but management gave us no choice but to implement it.
Sometimes they will just be excessive because nobody applies any kind of critical thinking and/or because they favour looking like they find a lot over any kind of precision. I once had a site where they insisted on disabling ping responses for the website, citing it as a serious security concern. Because surely nobody would otherwise know that the very public website was there.
I replied with listing a number of websites of security focused organisations whose websites responded to ping, including assorted security services, military, and the pentesting company's own website.
(I didn't object to them querying what actually responded to the ICMP requests - none of them made it past the firewall, which is what replied and revealed nothing of our internal infra - I objected to them ignoring that answer and still insisting it revealed things it demonstrably didn't, and that lack of understanding was consistent through their report)
Yes, but with the problem that the pentester had been hired by our client and our client was a multibillion budget quasi-governmental organisation (transit authority) that was not inclined to listen because that'd involve mid-level managers sticking their necks out when they didn't need to and didn't know who was right.
So we did the British thing and went for a lot of passive-aggressive "oh, but how come it's ok for the CIA and your own website?" etc. to force them on the defensive and demonstrate that a lot of what they did was basically ticking pointless boxes.
We did manage to carve out some willingness in the client organisation to ignore bits and pieces as we clearly increased our credibility relative to the pen testers, but it was a massive pain.
Hah..you just reminded of me of something I implemented at my old company. We had a similarly short timeout, so I put in a 'heartbeat' that would refresh the timeout if you move your mouse or do anything.
That might work if your company hired the pen testers, it's a lot less likely to work if they were hired by a client. In the latter case, the overhead of all the required explanation and smoothing of ruffled feathers for the client likely costs a lot more than implementing the stupid timeout in the first place.
Pen testers are often very resistant to pushback. They get it a lot, and usually on things that are real concerns.
> Overall, in 1995 16% of the Forest Service budget was dedicated to wildfires. By 2015 it was 52% and by 2025 it’s projected to be upwards of 67%. Without large amounts of additional funding it is virtually guaranteed that the Forest Service’s budget will continue to be siphoned away by firefighting needs.