Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

117 Rising Star


Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. A lot of searches fall prey to the 'donut hole' - the search close in doesn't happen or it's not done thoroughly. We informally refer to this donut hole as the "Area of Maximum Embarrassment", and for good reason. The area in close needs to be searched thoroughly, all the time, no matter what. Unless there is very solid evidence placing a subject well outside the donut hole, you have to allocate resources to the area. It's too bad, really, though in this case it would not have saved the subject most likely, it would have saved time and effort in the long run.
  2. Research. Years ago, the first internet search engines started providing easy access to vast quantities of data. Privacy implications aside, those same search engines (minus a few and plus a few) have increased the amount of data we can search, providing results in less than a second or two. But, not all the data is online, so libraries are incredibly useful as well. Books, many out of print, are very helpful, as are local historical societies. Sometimes, you just stumble upon one while out roaming the trails.
  3. Gun laws are mostly stupid. I see little value in them, aside from giving a DA more things to charge you with. And for what purpose? None that I can see. I think the idiots in VA should be dragged into the street, stripped, and doused liberally with tar and feathers. But, I'm pretty much past patience and past the bullshit the NRA keeps throwing at members (Stand and Fight? More like Stand with Thumb in Ass.)
  4. Is anyone using/carrying a set of traction boards for their 4x4? I've been looking at offerings, going back and forth on what I want to get, or whether I want to bite the pillow and have a local shop make me some out of 5000-series aluminum. In addition to using them as traction devices, I'd like something strong enough to double as a bridging device, i.e. for small gullies that are just a little too big to span with my tires, but which otherwise don't pose an issue. Interested to hear about experiences and recommendations.
  5. California's carry laws are quite byzantine these days, both for open carry and concealed carry. There are a few circumstances in which a permit is not required to carry a loaded & concealed firearm, but I won't delve into those. You are correct that California does not recognize permits from other states (no 'reciprocity'), and issuance is hit-and-miss, varying widely from county to county. In many of the more rural (but not all) counties, Sheriff's issue rather liberally. In the Bay Area and SoCal counties, Sheriff's are generally very stingy about issuing permits. However, there are exceptions to the more restrictive counties. I lived in the Bay Area for most of the last 46 years, and for the last 7 or 8 years, I had a valid CA CCW permit from my local Sheriff. No kickbacks, no funny business. I applied, I had good cause, and the permit was issued, and then renewed several times over. In fact, my CA CCW hasn't expired yet, but I won't be able to renew it, since I no longer live in CA and have no property there by which to claim any sort of residence. I briefly considered using my parent's house for that, but that would be illegal. Furthermore, if I feel the need to carry in CA (which I generally do, given where I go), then I just simply do. Laws, politics, and everyone else be damned. Of course, if anyone in the Bay Area wants to rent me a room for a nominal sum every month, I'd be happy to consider offers.
  6. Avenza Maps and TOPO! are my go-to apps. TOPO! for basic topographic maps and Avenza for any geo-enabled PDF maps I create. I usually make those in SARtopo, 'print' as a georeferenced PDF, save the file someplace and then import to Avenza. Avenza is a pay-for app (the free version is limited), but it's gaining popularity with SAR and it works well for the price. You can also use their store within the app to get additional maps (some free, some not). The offline version of SARtopo is nice if you don't mind the so-so documentation and steeper-than-usual learning curve for non-technical types. But that requires a laptop (it's all Java-based) out in the field. But it's not good for just downloading maps of "everything". Since it's designed to target fairly small search areas (maybe the equivalent of 3-4 7.5' quads), when you really load up on map tiles, it tends to bog down. I usually keep an app of some sort with local sunrise/sunset times handy, so I have an idea of when it will get dark and when I need to start back on foot (or accept that I'll be hiking at night). A stargazing app of some sort is fun, too. "What's that bright one up there, dad?" is a constant question. With a decent app, no more guessing! I also keep one of the ham radio repeater 'book' apps on my phone and make sure I update it regularly. 90% of the time I'm too far out to hit a machine, but it helps sometimes. Finally, I like to keep an app that will just display lat/lon and then with a tap, convert to UTM. UTM is handy for a lot of things, especially for working in smaller areas and mapping old townsites and such.
  7. That would actually be a fun collab to do with Bob, since we both take our daughters out to BFE.
  8. Funny thing is, I'd be happy to go back to a flip-phone(non-smart). In fact, I may do just that. I do appreciate the ability to communicate with family in a more convenient manner, but meh.
  9. That last paragraph is actually really interesting to me. "Cloud migration", still being the Great Hotness, imposes a 'shared responsbility' model for infosec. What I've seen thus far is "If we migrate to the cloud, we can wash our hands of all this security nonsense and get back to selling more widgets!" Of course I noticed a change in that blame-shifting strategy a while back. Look at the default settings now for S3 buckets. Compare that to a few years ago. AWS doesn't want the shitstorm, so if the customer makes the bucket insecure, then that's the customer's problem now. I suspect we will continue to see this sort of behavior over the long term. Also consider that while direct financial harm is usually minimal, but court-imposed damages (Equifax class action, anyone?) can be massive. Of course in a case like that, Joe Average gets nothing, and despite the reputational harm, you won't escape The Big 3 agencies any time soon. I haven't found a case yet where an defendant could impose liability on a vendor, specifically in the cloud/cyber arena, for a breach. I suspect the contractually limit the heck out of that, but I also suspect we may start to see shifts in how incidental and consequential damage awards are actually paid.
  10. The problem is that infosec moves *fast*. Attack vectors constantly change, emerge, and dissipate. The 'attack surface' (think 'exposure') is not the same for any two entities, and while there is Venn-like overlap within sectors and groups of individuals, individualized assessments take you deep down the rabbit hole. Then you get into more specialized areas, be it NIST 800-53/171 compliance for DoD/DoE contractors, FedRAMP for what I like to call the 'We Ain't F*cking Around Here' crowd, to PCI-DSS, and my favorite-of-favorites, HIPAA (talk about a clusterf---). The biggest problem with infosec is that about 20 years ago, they (the suits) got tired of the *Real* hackers getting all the fame and glory, and in many cases, high paying jobs (relative to 20-25 years ago, mind you). So they went full gatekeeper on everything, SANS emerged as the big player in the education and certification space, and the CISSP certification pretty much nullified meaningful contributions from anyone not 'in the club'. This is effectively the same thing that happened in this country with the practice of law about 100-120 years ago. A law license doesn't mean you're good at what you do, it just means you passed a test (and not even a universal, national test, at that). My problem with infosec/cybersecurity people is that 99% of then are 'OK', but not 'experts' in a damn thing. Just as an example, a couple of years ago asked an employer's CISO, "Why don't we have any CAA records in our forward zones on the public DNS servers?" The blank stare and stammering were amazing. After explaining CAA records and why they mattered and if I could get the needed info to publish them, the answer was "Let me think about that."** Seriously? Do you think twice about locking the door when you leave the house? Do you think twice about not leaving the car door unlocked when you go to the store? Again, seriously? ** - a CAA (Type 257 record) is one that all certificate-issuing authorities are supposed to check to make sure the requesting/CSR-generating party, actually allows that authority to issue wildcard or host-specific TLS certificates, eg the thing that gives you the 'lock' icon in your browser bar (HTTPs). It's trivial to spoof an identity and obtain a certificate, and CAA is supposed to reduce/eliminate that attack vector. Alone it's imperfect, but when combined with DNSSEC and TSIG, it adds an amazing level of resilience and trust to a simple little TLS certificate, overall. Then we get into the legal aspects of cybersecurity. Granted, most in the field aren't lawyers, and that's fine. About 10% of those working in the field will integrate counsel into the IRT or even the general security team, especially for compliance issues. The other 90%? "I'm SUPER-CERTIFIED, I CAN DO IT ALL!" Yeah. No, you can't. You can't understand basic Federal Claims Act caselaw, let alone the caselaw behind things like DFARS and ITAR. But that's OK, keep deluding yourself. Infosec is in its infancy right now, contrary to popular sentiment. When it matures (literally, when the bulk of those in the industry grow up, sack up, and become professionals), I'll take it more seriously. Until then, I'll seek out the few competent CISO/ISO folks that do exist, and gladly work with them. Otherwise, talk to a pro about risk mitigation - preferably in a profession that's been dealing with risk mitigation for the last 400 years or so. << mic drop >>
  11. One important thing to note is the "conditional right" of the public to cross unpatented mining claims. The public cannot interfere with exploration or mining activities. The public may also be excluded for legitimate safety reasons (open holes, heavy equipment operating, blasting activities, etc.). The latter is usually done with fences, which usually require some regulatory approval or come about through some regulatory requirement (BLM, USFS, MSHA, state mining oversight agencies). You are correct that county records are, generally at least, the best resource for determining the status of property. Since almost everywhere in the US collects property taxes at the county level (some cities do, as well), the counties have an interest in maintaining highly accurate ownership and transfer records. There are rare cases where ownership disputes drag on for decades (or longer), as is the case with at least a portion of Ione, NV. I haven't looked at those records lately, but I recall seeing some conflicting information between the county and Federal records. But even basic research will bring that to light, and then it will give you reason to be on notice that something isn't quite right, requiring further investigation. In NV, probably the more confusing issue is water rights. There isn't an 'unowned' spring, seep, or well out there that I've been able to find. Then you really get into some arcane legal concepts (beneficial use, domestic use, senior vs junior rights) and the need to really dig into both current and sometimes historic records.
  12. 69. Always 69. I'm still asking, and failing, to get my business cards changed to 'Nerd Knob Tuner / Fisherman'.
  13. I work with computers. I work with the law. I work with law enforcement. That was probably too much as it is. What would I like to do? Be so damn filthy rich that every morning I could ask myself, "What do you want to be/do/see today?" and then just go do it. In my opinion, life is too short to self-limit any more than absolutely necessary. Today I would rather be exploring some mines way over in eastern NV. Tomorrow I might feel like designing a piece of rescue gear. The day after I may just want to read an old dusty copy of a law book. This weekend I may want to go on a hike and look at critters. I detest (though accept) that I have to have a job and make money. I'd much rather share my curiosity with others and explore the world.
  14. The huge 'pit' to the N/NW is the old Minnesota Hill Mine. Originally worked in the early 1900's as a copper mine, later worked for iron ore (lots of nice chloropal and magnetite out there). I'm guessing those other two sites are the mine and mill for an old copper operation, since that area is known for it's copper deposits (still). About a 90 minute drive for me, but no time this weekend. Maybe next weekend if the weather holds. It's also in the vicinity of Ann Mason Pass, which allegedly has some low-grade turquoise deposits in the road cuts. I haven't ventured there, yet, but it's on my list.
  • Create New...

Important Information