Chris Johnson

I love the sound of this song. Here is the movie version:

And a very pure version:

There are two parts to access control, the first is authentication, the second is authorization.

Authentication is the process of proving you are who you claim to be.

There are three ways to prove you are who you say you are, something you know, something you have, or something about you.

When you hand your driver’s license to the police officer at a traffic stop, you are authenticating yourself. You are using two-factor authentication. The first part is that you have that particular physical license in your possession. The second is that the picture on the ID matches you.

After the officer matches you to the ID you provided, he then proceeds to authenticate the ID. Does it have all the security markings? Does the picture on the DL match the picture that his in-car computer provides to him? Does the description on the DL match the image on the card?

He will then determine if you are authorized to drive. He does this by checking with a trusted source that the ID that he holds is not suspended.

People Are Stupid

While you are brilliant, all those other people are stupid.

So consider this scenario. Somebody claims that they can read your palm and figure things out about you. Your favorite uncle on your mother’s side of the family is Bill Jones. You laugh and reply, you got that wrong, James Fillmore is my favorite uncle.

So, one of the more common security questions to recover a password is “What is your mother’s maiden name?” Do you think that the person who just guessed your favorite uncle incorrectly might do better at guessing your mother’s maiden name?

It was assumed that only you know that information. The fact is that the information is out there, it just takes a bit of digging.

The HR department at a client that I used to work for liked to announce people’s birthdays, to make them feel good.

She announced my birthday over the group chat. I went into her office and explained that she had just violated my privacy.

The next time you are at the doctor’s office, consider what they use to authenticate you. “What is your name and date of birth?”

I lie every time some website asks for my date of birth, unless it is required for official reasons.

Finally, people like to pick PINs and codes that they can remember. And they use things that match what they remember. What is a four-digit number that is easy for most people to remember? The year of their birth.

You do not want to know how many people use their year of birth for their ATM PIN.

In addition, it is easy to fool people into giving you their password. We call that phishing today. But it is the case that many people will read that their account has been compromised and rush to fix it. Often by clicking on the link in the provided e-mail.

A few years back, I was dealing with a creditor. They have a requirement to not give out information. A blind call asking me to authenticate myself to them. I refused. I made them give me the name of their company as well as their extension and employ number.

I then looked up the company on the web. Verified that the site had been in existence for multiple years. Verified with multiple sources what their main number was. Then called the main number and asked to be connected to the representative.

Did this properly authenticate her? Not really, but it did allow us to move forward until we had cross authenticated each other.

Biometrics

If you have watched NCIS, they have a magic gizmo on the outside of the secure room. To gain access, the cop looks into the retina scanner. The scanner verifies that pattern it scans with what is on record and, if you are authorized, unlocks the door.

Older shows and movies used palm scanners or fingerprint scanners. The number of movies in which the MacGuffin is the somebody taking a body part or a person to by-pass biometric scanners is in the 1000s, if not higher.

So let’s say that you are using a biometric to unlock your phone. Be it a face scan or a fingerprint scan.

The bad guys (or the cops) have you and your phone. While they cannot force you to give up your password, they can certainly hold the phone up to your face to unlock it. Or forcibly use your finger to unlock it.

Biometrics are not at the point where I would trust them. Certainly, not cheap biometric scanners.

It Doesn’t Look Good

We need to protect people from themselves. We can’t trust biometrics. That leaves “something they have”.

When you go to open unlock your car, you might use a key fob. Press the button and the car unlocks. That is something you have, and it is what is used to authenticate you. Your car knows that when you authenticate with your key fob, you are authorized to request that the doors be unlocked.

If you are old school, and still use a physical key to unlock your home, the lock in your door uses an inverse pattern to authenticate the key that you possess. It knows that anybody who has that key is authorized to unlock the door.

Since people might bypass the lock or make an unauthorized duplicate of your key, you might add two-factor authentication. Not only do they have to have something in their possession, they must all know the secret code for the alarm.

Two-Factor Authentication

Two-Factor authentication is about providing you with something that only you possess. You need to be able to prove that you have control of that object and that the answer cannot be replayed.

Consider you are coming back from patrol. You reach the gate and the sentry calls out “thunder”. You are supposed to reply with “dance”. You have now authenticated and can proceed.

The bad guy now walks up. The sentry calls out “thunder”. The bad guy repeats what you said, “dance”. And the bad guy now walks through the gate.

This is a “replay” attack. Any time a bad guy can repeat back something that intercepted to gain authentication, you have a feeble authentication.

The first authenticator that I used was a chip on a card. It was the size of a credit card, you were expected to carry it with you. When you tried to log in, you were prompted for a number from the card. The card had a numeric keypad. You input your PIN. The card printed a number. That number was only good for a short time.

You entered that number as your password, and you were authenticated.

There were no magic radios. Bluetooth didn’t exist. Wi-Fi was still years in the future. And it worked even if you were 100s of miles away, logging in over a telnet session or a dial-up modem.

How?

Each card had a unique serial number and a very accurate clock. The time of day was combined with the serial number and your pin to create a number. The computer also knew the time, accurately. When you provided the number, it could run a magic algorithm and verify that the number came from the card with that serial number.

One of the keys to computer security is that we don’t store keys in a recoverable format. Instead, we store cryptographic hashes of your password. We apply the same hash to the password/pass phrase you provided us and then compare that to the stored hash. If they match, the password is correct. There is no known methods for going from the hash to the plaintext password.

That security card had some other features. It could be programmed to have a self-destruct PIN, or an alert PIN, or a self-destruct after too many PIN entries in a given amount of time.

When it self-destructed, it just changed an internal number, so the numbers generated would never again be correct. If the alert PIN was set up, using the generated number would inform the computer that the PIN was given under duress. The security policies would determine what happened next.

Today, we started to see simple two-factor authentication. “We sent a text to your phone, enter the number you received.” “We emailed the account on record, read and click on the link.”

These depend on you having control of your email account or your phone. And that nobody is capable of intercepting the SMS text.

A slightly more sophisticated method is a push alert to an app on your phone. This method requires radio communications with your phone app. The site requesting you to authenticate transmits a code to your phone app. Your phone app then gives you a code to give to the site. Thus, authenticating you.

There are other pieces of magic involved in these. It isn’t a simple number, there is a bunch of math/cryptology involved.

Another method is using your phone to replace the card described above.

I authenticate to my phone to prove I’m authorized to run the authenticator application. There is a 6-digit number I have to transcribe to the website within 10 seconds. After 10 seconds, a new number appears.

I’ve not looked into all the options available, it just works.

The cool thing about that authenticator, is that it works, even if all the radios in my phone are off.

Finally, there are security keys. This is what I prefer.

I need to put the key into the USB port. The key and the website exchange information. I press the button on the security key, and I’m authenticated.

Another version requires me to type a passphrase to unlock the key before it will authenticate to the remote site.

Conclusion

If you have an option, set up two-factor authentication. Be it an authenticator app on your phone or a Yubico security key. It will help protect you from stupids.

Data security is the protection of your data throughout its lifecycle.

Let’s pretend you have a naughty image of yourself that you don’t want anybody else to see.

The most secure way of protecting that image is to have never taken that image in the first place. It is too late now.

If you put that image on a portable USB drive, then somebody can walk off with that USB drive. The protection on that image is only as good as the physical security of that device.

Dick, the kiddy diddler, who is in the special prison for the rest of his life, kept his kiddy porn on USB thumb drives. They were stored around his bed. Once the cops served their warrant, all of those USB drives were available to be examined.

They were examined. Dick was evil and stupid.

The next best way is to encrypt the image using a good encryption tool.

To put this in perspective, the old Unix crypt program implemented an improved version of the German Enigma machine. It was improved because it could encrypt/decrypt a 256 character alphabet rather than the original 27 characters.

Using the crypt breakers workbench, a novice can crack a document encrypted with the Unix crypt command in about 30 minutes.

At the time, crypt was the only “good” encryption available at the command line. The only other was a rot-13 style obfuscation tool.

In our modern times, we have access to real cryptography. Some of it superb. We will consider using AES-256, the American Encryption Standard. This is currently considered secure into the 2050s at current compute power increases.

AES-256 uses a 256-bit key. You are not going to remember a 256-bit number. That is a hex number 64 characters long. So you use something like PGP/GnuPG. PGP stands for Pretty Good Privacy.

In its simplest form, you provide a passphrase to the tool, and it converts that into a 256-bit number, which is used to encrypt the file. Now make sure you don’t forget the pass phrase and also that you delete (for real) the original image.

Now, if you want to view that image, why I don’t know, you have to reverse the process. You will again have the decrypted file on your disk while you examine the image. Don’t forget to remove it when you are done looking.

We can take this to a different level, by using the public key capabilities of PGP. In this process, you generate two large, nearly prime, numbers. These numbers, with some manipulation, are used to encrypt keys. These are manipulated into a Public Key and a Private Key. The public key can decrypt files encrypted with the private key. The private key can decrypt files encrypted with the public key.

The computer now uses a good random number generator to create a 256-bit key. That key is used to encrypt your plaintext file. The key is then encrypted with your “Public Key” and attached to the file.

Now you can decrypt the file using your “Private Key”.

This means that your private key is now the most valuable thing. So you encrypt that with a pass phrase.

Now you need to provide the pass phrase to the PGP program to enable it to decrypt your private key, which you can then use to decrypt or encrypt files. All great stuff.

I went a step further. My PGP key requires a security fob to decrypt. This means it requires something I know, a pass phrase, plus something I have, the security fob.

This means that there are two valuable items you have, the private key and your pass phrase. Let’s just say that those need both physical and mental protection. You need to make sure that nobody can see you type in your pass phrase, plus your pass phrase has to be something you can remember, plus it has to be long enough that your fingers can’t be read as you type it.

And, don’t ever type it on a wireless keyboard. You would have to trust that nobody is intercepting the transmission from the keyboard to the computer system.

In addition to that, most keyboards are electronically noisy. This means that the electrical interference that is given off by your keyboard can be read and used to guess at key sequences.

Finally, you need to make sure that nobody has installed a keylogger to capture every key you type. These can go inside your keyboard, or just plug into the end of your USB cable.

All of this is painful to do. And you need to go through the decryption phase every time you want to look at your secret document.

So we can use disk encryption.

The idea here is similar to PGP. You generate a large block of random bits. This will be your encryption/decryption key. This block of random bits is then encrypted with a pass phrase. When you mount your disk drive, you need to “unlock” the decryption key. Once that is done, the data on that disk is accessible in plain format.

You can tell your computer to forget the key and then none of the data is available. You can unmount the file system and the data is protected. You can turn off your computer and the data is now unavailable and protected.

Of course, they might have your pass phrase, in which case they will just use it to decrypt your key.

But there is a neat thing that you can do, you can wipe the decryption key. If this is done, then even with your pass phrase, there is nothing that can be done.

The government has strict requirements on how to erase magnetic media, disk drives, magnetic tapes, and the like. For magnetic tape, they use a machine that has a strong magnetic field. This field will scramble any data on the tape if used correctly.

This is not good enough for disk drives, though. The “short” version of erasing a magnetic disk is to write all zeros, then write all ones, then write random numbers. This will make it difficult to recover the data. The longer version, “Gutman”, requires 35 passes.

Sounds good, let’s do it on a test drive. Here is a 12 TB drive that is 75% full. The 75% doesn’t help us. We still need to erase every sector.

Our SATA 3, 6 Gbit I/O channel is not our bottleneck, it is the time to write the data. That is 210 Mbit/second. So more than five days, per pass.

If we have encrypted the drive, we only have to wipe a few sectors. That can be done in far less than a second.

But, it gets better. You can buy “secure” drives. These drives have the encryption built in. You send a magic command to the drive, and it wipes its key and makes the entire disk just random bits, nearly instantly.

This key on disk method is what Ceph uses, under the hood.

Of course, that is only part of the solution, the next part is on the wire encryption. This requires still more.

Conclusion

The biggest issue facing people who are trying to create secure environments is that they need to make sure that they have identified who the black hat is.

• Will they be able to physically access your equipment? Assume yes.
• Will they be able to tap into your network? Assume yes.
• Will they be able to physically compromise your keyboard? Maybe?
• Will they be able to take your stuff?
• Will they be able to force you to give your pass phrase?
• Will they be able to access your computer without a password?
• Will you be able to boot your network from total outage without having to visit each node?

You might have heard the phrase, “He’s forgotten more than you will ever know.” When dealing with somebody who is quietly competent, that is almost always the case.

I was there at the start of the Internet. I watched our campus get X.25 networking. Later, BITNET. I watched email get dumped into the UUCP queues and see magic happen as email dropped into a black hole and reappeared where it was supposed to. The magic of ARPANET, later to be The Internet.

I was part of the team that transitioned the Internet from routing tables (Host tables) into the Domain Name System. I watched as we moved from vampire taps on 10Base2 to RFC bayonet connectors. Having to explain over and over that you can’t plug the cable into your computer, you plug the cable into a T and terminate the T. The T then connects to your computer.

The magic of 10BaseT with low-cost hubs instead of expensive switches that “real” network switches cost.

Listening to the stories of Ethernet cards costing “only” 10K because they had bought so many of them.

Today I installed another new NIC into one of my nodes. This NIC cost me $33. The SFP+ module was another $15, call it $45. This gives me a MMF fiber connection, good for up to 300 meters at 10 Gigabit Per Second.

This makes three nodes connected at 10 Gbit. 1 Node at 2.5 Gbit. The rest are still at 1.0 Gbit. When I have finished upgrading the nodes, each will have a 10 Gbit NIC. They will have either MMF LC fiber connectors or 10 Gbit RJ45 copper connectors.

The only reason for the RJ45 copper is that I need to add some more SFP+ routers with extra ports.

What I Forgot

When we installed our for 100BaseT NIC’s, we did some testing to see what the throughput was and how it affected the host computer.

What we found was that the interrupt count went through the roof, bogging the computer down. At full speed, more than 75% of the CPU was dedicated to network traffic.

The cure for this was to increase the packet size. At the time, this was a big issue. Most networking devices only accepted 1500byte Ethernet Packets. If your input packet is larger than the MTU of the egress port, then the packet becomes fragmented. There are issues with IP fragments.

A newly introduced change in the specification allowed Jumbo packets. The normal size of a Jumbo packet is 9000 bytes.

Once we did the upgrade, everything got faster. We actually had network attached drives which were faster than the physically attached drives.

When setting up a VPN, you need to set the packet size going into the VPN to be smaller than the MTU of the physical network. The VPN will encapsulate packets before they are transmitted. This makes the packet larger. If you are sending a packet through the VPN with a size of 1500, and it is going on to a physical network with an MTU of 1500, every packet of 1500 bytes will be fragmented.

I have been slowly bringing up an OVN/Open vSwitch configuration. This allows a virtual machine or a container to move from host to host, maintaining the same IP address and routing path.

I’ve done a couple of live migrations now. The perceived downtime is less than 15 seconds. There were no dropped packets during the migration. Just amazing.

The OVN setup is complex because there are many options that need to be set up, and there are tools to do all of it for you. Unfortunately, the overhead of OpenStack and learning it is something I’m not ready to do. So I’m doing each step by hand.

When my virtual machines were on the same host as the egress bridge, everything worked. If the VM was on a different host within the OVN cluster, ICMP would work, but TCP would not.

Turns out that I had not set the MTU of my physical network correctly. I’ve been slowly updating the networking configuration on all of my nodes to use jumbo packets. As soon as I did that, my cross node networking traffic started working!

Happy, happy, joy, joy.

There is more testing to perform. This might also be a fix for the firewall glitch of a few weeks ago. Once I have a couple of more nodes on the OVN cluster, I can proceed with designing and testing a redundant network design, with failover.

It was a good day. Oh, I brought another 12 TB of disk online as well.

If you want to see a case take years and years, it goes something like this:

The plaintiffs file a suit and request a Temporary Restraining Order to enjoin the defendants while the court hears briefings and arguments for a Preliminary Injunction.

If the losing party wishes, they can appeal to the circuit court. This will be placed on the emergency docket. The emergency docket is sometimes called the “Shadow Docket”, if the court leans right because it sounds bad.

There is a three—judge administrative panel which examines these petitions on the emergency docket. They can grant a stay or grant an injunction lasting until the case is resolved at the circuit level. They can also decline to do anything, remanding the case back to the lower court.

If the administrative panel decides to accept the case, they will either grant a stay pending the outcome or leave the case in the same stance as the district court put it. They will then place the case on the schedule for a merits panel to hear the case.

Once the case is docketed for a merits panel, the parties start submitting briefs plus copies of everything filed in the lower court. Amicus briefings will also be filed.

Depending on the urgency the administrative panel placed on resolving the case, the case could be heard in a few months or much later. This is determined by putting the case on the fast track or the normal track.

Once it is in a track, a merits panel will be assigned to the case. They will set a schedule. This will state when they want briefings filed, responses filed, responses to responses filed, and when they want to hear arguments. If one of the parties wants, they can request extensions to the deadlines.

After the panel hears the arguments, they will deliberate. When they have come to an agreement, one of the judges on the winning side will write the court’s opinion. The other judge will write their dissenting opinion. This can take multiple months.

The Fourth Circuit had a situation where they heard the case and the two judges had written the opinion of the court, but the third judge was not willing to provide the dissenting opinion. Per custom, the final opinion was not issued until the dissenting opinion was ready.

This lasted so long that even the Ninth Circuit had heard a 2A case and given their opinion. As had the Seventh, Second, and First circuits had as well.

Once they were ready to release the opinion, the Fourth Circuit pulled the case from the merits panel and re-heard the case en banc.

So the case is now a year from when it was first filed.

After the en banc panel has issued their opinion, the loser can seek certiorari from the Supreme Court. They will not grant it because the case is too young. The case has been going for a year or more at this point, but it is still at the very first stage of the case.

Back at the district court level, the judge could put everything on hold pending the outcome of the appeal process. Or they might move forward with the case.

The next step in a court case is the request for a preliminary injunction. The TRO is designed to stop something while the court has time to evaluate the request for a preliminary injunction.

The purpose of a preliminary injunction is to put something on hold until the court has reached its final judgement.

The case has now spent many, many months in appeals, it is now back in the district court. The court issues its order regarding the preliminary injunction.

And the entire process starts all over again. The losers can appeal, the case then wallows in the quagmire that is the appeals process before the case starts its way through the district court again.

At the point where the case starts to move forward, the state is going to argue that the plaintiffs do not have standing, that the case should be dismissed for reasons. Depending on the state of the law that is being defended, the state might be attempting to delay the case or to move it more rapidly.

A strange thing happens when a law is enjoined, the state moves rapidly and the courts move rapidly to reach a stay or to have the injunction overturned. The same state, with the same players, can’t move at faster than a sloths’ pace when their law is there infringing on The People.

There are multiple paths forward for the court and parties. One is summary judgement. In a summary judgement, the court is asked to decide based on the base filings. This should be how most Second Amendment cases are decided.

Judge, the state is infringing on my right to bear arms. The court: State! Stop infringing! Done.

Both parties can request a summary judgement.

Another path forward is for the case to go to trial. In Second Amendment cases, these are most often bench trials. A bench trial is when the judge acts in place of a jury to make determinations of facts.

Most of the cases we are following are having full trials. The parties involved know that they are developing a facts base to support their appeal.

The bottom line is that these cases take a long time and far too much money.

That is why this case is an outstanding win for us.

They Gave Up!

That’s right. The case was kicked to a magistrate judge for mediation. On September 30th, the Mediator reported that the parties had reached an agreement and the case was settled.

This is a full win. There are still some restrictions on displaying firearms. It is still forbidden for guests to have firearms on CHA property. But this is a win.

The Heller opinion clearly stated that the right to keep and bear arms was an individual right. That was the holding.

To get to that decision, the Supreme Court did their standard analysis. First, is the plain text of the Constitution implicated by the proposed conduct? Second, what is this nation’s historical tradition of regulation in this area?

Can I call a politician stupid? The congress might create a bill that makes it illegal to make ad hominem attacks on politicians. The president could sign that bill into law. I could then be arrested for violating that law.

That doesn’t mean that the law is constitutional. Regardless of what the congress might have said while contemplating the bill, claiming that “hate speech isn’t free speech”. The law must be evaluated in light of those two questions, is the plain text implicated and what is the history of regulation regarding speech.

Looking at the constitution, before the Bill of Rights, there is nothing in the enumerated powers granted to the State that authorizes them to limit speech. Thus, the law is unconstitutional. The state would argue that “promote the general welfare” authorizes them to make the law.

We can go a step further, we can look at the amendments.

Here we have a more clearly defined restriction on the authority of the state, Congress shall make no law … abridging the freedom of speech, or of the press. The conduct at hand, making speech, implicates the plain text of the First Amendment. It then becomes the state’s burden to prove a historical tradition of regulating speech.

The state cannot find historical regulations restricting speech because it is mean; therefore, the law is unconstitutional.

The Supreme Court used the same methodology when deciding Heller. They first looked to see if the plain text was implicated. That required them to analyze the language of the Second Amendment.

Knowing the games that the circuit courts had been playing, they defined almost all the words. They used dictionaries from the time. They used dictionaries from multiple sources. Plus, they compared the words as used at the time.

This was part of dicta. Some inferior courts understand dicta and follow the guidance of the Supreme Court. Others do their best to twist the words. Often the inferior courts are more interested in what the Supreme Court didn’t say than in what they did say. Frequently, the inferior courts will say something like, “The Supreme Court didn’t say that 2+2=4, they said that 2+3=5. Since they didn’t tell us what 2+2 equals, we will just have to do our best.” Then proceed to hide a divide by zero to get an answer that says that 2+2=3.1415, getting pi in the face later when their opinion is vacated.

After establishing that the plain text covered the proposed conduct, the Supreme Court moves to the next stage, looking at this nation’s historical tradition of firearms regulation. In that historical analysis, they found that there were no laws that were analogous to a weapon ban, unless the weapon was both dangerous and unusual.

The Case at Hand

Barnett v. Raoul is a challenge to the PICA passed in Illinois. The People originally sought a preliminary injunction. They got it from Judge McGlynn. The state then appealed to the Seventh Circuit court. There, the administrative panel consolidated the case with other challenges to PICA. They stayed the preliminary injunction, allowing the law to stay in effect. They denied the requests for a preliminary injunction from the other parties and put the case to the merits panel.

This was not unexpected. The Admin panel had both Judge Easterbrook and Judge Woods on it. Both are statist and have often ruled against The People. Judge Easterbrook is most famous for having been overturned in McDonald v. Chicago.

Amazingly, the Merits panel had the same three judge panel as the original administrative panel. The circuit court heard the case quickly. They were under scrutiny by the Supreme Court.

The Supreme Court had denied cert in a different case, with Justice Thomas writing that if the case was delayed for the plaintiffs (good guys) to petition for rite of cert. again.

Having heard the case, the merits panel sat on their opinion. The Second and Fourth were sitting on their opinions as well. Most of the Second Amendment cases were locked in, waiting for the Circuit Courts to issue an opinion.

The Seventh Circuit was the first to issue their opinion. First, they found that they were not guilty of the two-step shuffle. That they had always been faithfully applying text and history. Because they were using text and history before Bruen, their earlier work was still good case law.

That case law found that the plaintiffs had not proved that “assault weapons” were arms under the plain text of the Second Amendment.

They remanded the cases back to continue the process.

Judge McGlynn did not allow any delay tactics. His case was argued on September 16th, 17th, 18th and 19th of 2024.

It is now time for the Court to analyze the briefings and testimony to determine the facts of the case and to reach conclusions of law.

Both parties will submit their proposed findings of fact and conclusions of law. This is what they want the court to find/agree with.

On October 21st, the state of Illinois submitted their brief. There are 3585 pages, 58 exhibits, 2 attachments and an appendix.

Some facts are just that facts. They are easy to verify and check the veracity of. Others are opinions stated as facts.

The state says that PICA was enacted after July 4th. This is true and a fact. They identify that particular July 4th as the 4th of July when an asshole shot and killed 7 people.

It is not relevant to the Constitution that the shooting took place. Nor that the bill was enacted before or after that date. But it is a fact.

The state also wants the court to agree that the shooter used an AR-15 rifle and a 30 round magazine to kill 7 and would 48 people that July. Again, a fact but not relevant. The state then repeats that PICA was enacted after July 4th.

A more important date was the date when Bruen issued.

Here is an example of an opinion, dressed up like a fact.

Is the AR-15 a semiautomatic version of a firearm specifically designed for the military? Yes and no.

The AR-10 was a select fire weapon that Armalite designed for military sales. The AR-15 was a redesign, also for the military, using the lighter 5.56×45 cartridge. The original AR-15 was field tested in Vietnam, as the AR-15. The design was adopted and standardized as the M-16.

A new product was developed by Colt for the civilian market. It used the same name, AR-15. The differences were to make it capable of semi-automatic fire only. The simplest modification was the removal of the select fire control group and not drilling the hole for the auto-sear.

The early AR-15 SP1s out of Colt were M-16s without an auto-sear and with the hole for the auto-sear missing.

What is the state’s goal?

The state wants the district court to find that the weapons and magazines banned by PICA are not arms, as defined by the Seventh Circuit court.

To accomplish this, they need to have the court find that AR-15s and the ilk are really modifications of the M-16/M-4 platform.

The real trick in this that it is the plaintiff’s burden to prove that something is an arm protected by the plain text. The state does not carry that burden.

This is the difference between presumed innocent and presumed guilty.

Regardless of anything that happens in Judge McGlynn’s court, PICA will stay in effect for the foreseeable future.

It is likely that Judge McGlynn will issue his opinion with a short administrative stay to allow the state to appeal.

The Seventh Circuit administrative panel will issue a stay pending the merit panel issuing their opinion.

If the merit panel finds for the plaintiffs, the state will seek a rehearing en bloc. This will take time.

If the merit panel finds for the state, I hope the plaintiffs file a petition for certiorari with the Supreme Court.

It is likely that the Seventh Circuit will actually hold the case until the Snope case is decided by the Supreme Court.

Regardless, cases are starting to move again.

I’ve been listening to the Andrew Sisters for years. Their voices are wonderful. In all of those years, I had never actually seen them in film.

Last night, this song showed up in my play list. I was thinking about it, how our culture has changed. “Give me some skin” would get me in trouble today.

In my time, Harlem has always been a dangerous and scary place. There was a time when it was a cultural up end place to go.

Regardless, watching the sisters sing and dance makes me smile.

And another:

Trolling at its finest.

If there is one word that truly does not describe Kamala, it is “authentic.”

Everywhere she goes, it feels fake. Everything she says, feels fake. There is nothing authentic about her.

While people made fun of her for saying she owns a Glock and that ends her description of the type of firearm she owns, I didn’t find that off-putting.

I own a SIG. Lord help me if I know what model it is. I look when I need to. I have a Glock. Which model? I don’t know.

They are just tools. The Winchester Model 94s? Well, they are more history than tools. And yes, they have taken deer and raccoons. The Henry has taken a raccoon. The Rossi R95 has taken raccoons and possums.

It depends on the person just how detail they get with their firearms.

Regardless, I don’t think Kamala is part of “gun culture”. Not first, second, nor 100th generation gun culture.

While my accent changes, depending on whom I am talking to, that is mostly because I’ve had a southern accent in the past, and Michigan, and Wisconsin, and ugh, California. When I’m talking to somebody with those accents, I will slip back into it.

I was talking to a woman from Kentucky the other day and my southern came out.

Ally reported she had a thick accent. I found it pretty tame and lovely to listen to.

Regardless, Kamala is not authentic. If she told me that water was wet, I would want a second opinion and would test myself.

Trump is Trump. This election season, I find myself liking the man. “I don’t think he knows what he is saying” is a great line.

He has been more controlled in his messaging. Attacking their policies and capabilities rather than the person.

On Sunday, Trump kept his word and showed up for work. At a McDonald’s.

They started him on the Fryer, but at some point he moved to the drive—through window. My guess is that it took a bit of work for the Secret Service to figure out how to allow people to get that close to Trump in a vehicle “safely”.

It looks like he had a blast. And the people seemed to enjoy it as well.

And at this point, Trump has more documented time working at McDonald’s than Kamala has presented.

I am reminded of the image showing a US soldier on a hillside with civilians hiding behind him. The caption reads, “The difference is that we ourselves between them and the enemy, they put them between themselves and their enemies.”

It was, and is, such a powerful message of the differences between the animals and the civilized nations.

One of the more disgusting things I’ve seen out of Gaza was a video of Hamas placing the shattered body of a child into a bomb crater, to be found with a great deal of anguish on the faces of the actors.

The child was already dead. His skull was hanging open. It was disgusting.

I support Israel. I hope they root out every last terrorist bastard and send them to get their 72 raisins.

The suspicion of an attack on Route 4 is growing: a fatally wounded person at one scene and a moderately wounded person at a second scene Amit Segal on Telegram, Google AI translation

Five injured Amit Segal

One of them died of his wounds Amit Segal

Ben Gvir: The person who killed the terrorists was a citizen who received a weapon thanks to my reform. Amit Segal

The title on the web page is now “Israeli Civilians Are Taking Up Arms”.

The article is another anti-gun screed by the normal people, decrying the number of deaths “caused” by guns.

One of the things that Ben-Gvir’s new regulations have accomplished is that Israeli citizens are no longer disarmed after a self-defense shooting.

While we in the US have backup guns for our backup guns, many people that own firearms in foreign countries consider themselves to be lucky to have just one. … the practice of requiring citizens involved in an attack to hand over their personal weapons for extended examination and investigation.Missing citations for QJSUMI46

It seems like they are starting to come around to “it is a good idea for people to be armed”.

To put this in some sort of perspective, Israel is smaller in area than New Hampshire. It is a little longer north-south and about the same east-west. There isn’t a place in New Hampshire that you can’t reach from the border within an hour of driving.

The enemies of Israel surround it. There is no place more than an hour from the border with hostiles.