Chris Johnson

Data security is the protection of your data throughout its lifecycle.

Let’s pretend you have a naughty image of yourself that you don’t want anybody else to see.

The most secure way of protecting that image is to have never taken that image in the first place. It is too late now.

If you put that image on a portable USB drive, then somebody can walk off with that USB drive. The protection on that image is only as good as the physical security of that device.

Dick, the kiddy diddler, who is in the special prison for the rest of his life, kept his kiddy porn on USB thumb drives. They were stored around his bed. Once the cops served their warrant, all of those USB drives were available to be examined.

They were examined. Dick was evil and stupid.

The next best way is to encrypt the image using a good encryption tool.

To put this in perspective, the old Unix crypt program implemented an improved version of the German Enigma machine. It was improved because it could encrypt/decrypt a 256 character alphabet rather than the original 27 characters.

Using the crypt breakers workbench, a novice can crack a document encrypted with the Unix crypt command in about 30 minutes.

At the time, crypt was the only “good” encryption available at the command line. The only other was a rot-13 style obfuscation tool.

In our modern times, we have access to real cryptography. Some of it superb. We will consider using AES-256, the American Encryption Standard. This is currently considered secure into the 2050s at current compute power increases.

AES-256 uses a 256-bit key. You are not going to remember a 256-bit number. That is a hex number 64 characters long. So you use something like PGP/GnuPG. PGP stands for Pretty Good Privacy.

In its simplest form, you provide a passphrase to the tool, and it converts that into a 256-bit number, which is used to encrypt the file. Now make sure you don’t forget the pass phrase and also that you delete (for real) the original image.

Now, if you want to view that image, why I don’t know, you have to reverse the process. You will again have the decrypted file on your disk while you examine the image. Don’t forget to remove it when you are done looking.

We can take this to a different level, by using the public key capabilities of PGP. In this process, you generate two large, nearly prime, numbers. These numbers, with some manipulation, are used to encrypt keys. These are manipulated into a Public Key and a Private Key. The public key can decrypt files encrypted with the private key. The private key can decrypt files encrypted with the public key.

The computer now uses a good random number generator to create a 256-bit key. That key is used to encrypt your plaintext file. The key is then encrypted with your “Public Key” and attached to the file.

Now you can decrypt the file using your “Private Key”.

This means that your private key is now the most valuable thing. So you encrypt that with a pass phrase.

Now you need to provide the pass phrase to the PGP program to enable it to decrypt your private key, which you can then use to decrypt or encrypt files. All great stuff.

I went a step further. My PGP key requires a security fob to decrypt. This means it requires something I know, a pass phrase, plus something I have, the security fob.

This means that there are two valuable items you have, the private key and your pass phrase. Let’s just say that those need both physical and mental protection. You need to make sure that nobody can see you type in your pass phrase, plus your pass phrase has to be something you can remember, plus it has to be long enough that your fingers can’t be read as you type it.

And, don’t ever type it on a wireless keyboard. You would have to trust that nobody is intercepting the transmission from the keyboard to the computer system.

In addition to that, most keyboards are electronically noisy. This means that the electrical interference that is given off by your keyboard can be read and used to guess at key sequences.

Finally, you need to make sure that nobody has installed a keylogger to capture every key you type. These can go inside your keyboard, or just plug into the end of your USB cable.

All of this is painful to do. And you need to go through the decryption phase every time you want to look at your secret document.

So we can use disk encryption.

The idea here is similar to PGP. You generate a large block of random bits. This will be your encryption/decryption key. This block of random bits is then encrypted with a pass phrase. When you mount your disk drive, you need to “unlock” the decryption key. Once that is done, the data on that disk is accessible in plain format.

You can tell your computer to forget the key and then none of the data is available. You can unmount the file system and the data is protected. You can turn off your computer and the data is now unavailable and protected.

Of course, they might have your pass phrase, in which case they will just use it to decrypt your key.

But there is a neat thing that you can do, you can wipe the decryption key. If this is done, then even with your pass phrase, there is nothing that can be done.

The government has strict requirements on how to erase magnetic media, disk drives, magnetic tapes, and the like. For magnetic tape, they use a machine that has a strong magnetic field. This field will scramble any data on the tape if used correctly.

This is not good enough for disk drives, though. The “short” version of erasing a magnetic disk is to write all zeros, then write all ones, then write random numbers. This will make it difficult to recover the data. The longer version, “Gutman”, requires 35 passes.

Sounds good, let’s do it on a test drive. Here is a 12 TB drive that is 75% full. The 75% doesn’t help us. We still need to erase every sector.

Our SATA 3, 6 Gbit I/O channel is not our bottleneck, it is the time to write the data. That is 210 Mbit/second. So more than five days, per pass.

If we have encrypted the drive, we only have to wipe a few sectors. That can be done in far less than a second.

But, it gets better. You can buy “secure” drives. These drives have the encryption built in. You send a magic command to the drive, and it wipes its key and makes the entire disk just random bits, nearly instantly.

This key on disk method is what Ceph uses, under the hood.

Of course, that is only part of the solution, the next part is on the wire encryption. This requires still more.

Conclusion

The biggest issue facing people who are trying to create secure environments is that they need to make sure that they have identified who the black hat is.

• Will they be able to physically access your equipment? Assume yes.
• Will they be able to tap into your network? Assume yes.
• Will they be able to physically compromise your keyboard? Maybe?
• Will they be able to take your stuff?
• Will they be able to force you to give your pass phrase?
• Will they be able to access your computer without a password?
• Will you be able to boot your network from total outage without having to visit each node?

You might have heard the phrase, “He’s forgotten more than you will ever know.” When dealing with somebody who is quietly competent, that is almost always the case.

I was there at the start of the Internet. I watched our campus get X.25 networking. Later, BITNET. I watched email get dumped into the UUCP queues and see magic happen as email dropped into a black hole and reappeared where it was supposed to. The magic of ARPANET, later to be The Internet.

I was part of the team that transitioned the Internet from routing tables (Host tables) into the Domain Name System. I watched as we moved from vampire taps on 10Base2 to RFC bayonet connectors. Having to explain over and over that you can’t plug the cable into your computer, you plug the cable into a T and terminate the T. The T then connects to your computer.

The magic of 10BaseT with low-cost hubs instead of expensive switches that “real” network switches cost.

Listening to the stories of Ethernet cards costing “only” 10K because they had bought so many of them.

Today I installed another new NIC into one of my nodes. This NIC cost me $33. The SFP+ module was another $15, call it $45. This gives me a MMF fiber connection, good for up to 300 meters at 10 Gigabit Per Second.

This makes three nodes connected at 10 Gbit. 1 Node at 2.5 Gbit. The rest are still at 1.0 Gbit. When I have finished upgrading the nodes, each will have a 10 Gbit NIC. They will have either MMF LC fiber connectors or 10 Gbit RJ45 copper connectors.

The only reason for the RJ45 copper is that I need to add some more SFP+ routers with extra ports.

What I Forgot

When we installed our for 100BaseT NIC’s, we did some testing to see what the throughput was and how it affected the host computer.

What we found was that the interrupt count went through the roof, bogging the computer down. At full speed, more than 75% of the CPU was dedicated to network traffic.

The cure for this was to increase the packet size. At the time, this was a big issue. Most networking devices only accepted 1500byte Ethernet Packets. If your input packet is larger than the MTU of the egress port, then the packet becomes fragmented. There are issues with IP fragments.

A newly introduced change in the specification allowed Jumbo packets. The normal size of a Jumbo packet is 9000 bytes.

Once we did the upgrade, everything got faster. We actually had network attached drives which were faster than the physically attached drives.

When setting up a VPN, you need to set the packet size going into the VPN to be smaller than the MTU of the physical network. The VPN will encapsulate packets before they are transmitted. This makes the packet larger. If you are sending a packet through the VPN with a size of 1500, and it is going on to a physical network with an MTU of 1500, every packet of 1500 bytes will be fragmented.

I have been slowly bringing up an OVN/Open vSwitch configuration. This allows a virtual machine or a container to move from host to host, maintaining the same IP address and routing path.

I’ve done a couple of live migrations now. The perceived downtime is less than 15 seconds. There were no dropped packets during the migration. Just amazing.

The OVN setup is complex because there are many options that need to be set up, and there are tools to do all of it for you. Unfortunately, the overhead of OpenStack and learning it is something I’m not ready to do. So I’m doing each step by hand.

When my virtual machines were on the same host as the egress bridge, everything worked. If the VM was on a different host within the OVN cluster, ICMP would work, but TCP would not.

Turns out that I had not set the MTU of my physical network correctly. I’ve been slowly updating the networking configuration on all of my nodes to use jumbo packets. As soon as I did that, my cross node networking traffic started working!

Happy, happy, joy, joy.

There is more testing to perform. This might also be a fix for the firewall glitch of a few weeks ago. Once I have a couple of more nodes on the OVN cluster, I can proceed with designing and testing a redundant network design, with failover.

It was a good day. Oh, I brought another 12 TB of disk online as well.

If you want to see a case take years and years, it goes something like this:

The plaintiffs file a suit and request a Temporary Restraining Order to enjoin the defendants while the court hears briefings and arguments for a Preliminary Injunction.

If the losing party wishes, they can appeal to the circuit court. This will be placed on the emergency docket. The emergency docket is sometimes called the “Shadow Docket”, if the court leans right because it sounds bad.

There is a three—judge administrative panel which examines these petitions on the emergency docket. They can grant a stay or grant an injunction lasting until the case is resolved at the circuit level. They can also decline to do anything, remanding the case back to the lower court.

If the administrative panel decides to accept the case, they will either grant a stay pending the outcome or leave the case in the same stance as the district court put it. They will then place the case on the schedule for a merits panel to hear the case.

Once the case is docketed for a merits panel, the parties start submitting briefs plus copies of everything filed in the lower court. Amicus briefings will also be filed.

Depending on the urgency the administrative panel placed on resolving the case, the case could be heard in a few months or much later. This is determined by putting the case on the fast track or the normal track.

Once it is in a track, a merits panel will be assigned to the case. They will set a schedule. This will state when they want briefings filed, responses filed, responses to responses filed, and when they want to hear arguments. If one of the parties wants, they can request extensions to the deadlines.

After the panel hears the arguments, they will deliberate. When they have come to an agreement, one of the judges on the winning side will write the court’s opinion. The other judge will write their dissenting opinion. This can take multiple months.

The Fourth Circuit had a situation where they heard the case and the two judges had written the opinion of the court, but the third judge was not willing to provide the dissenting opinion. Per custom, the final opinion was not issued until the dissenting opinion was ready.

This lasted so long that even the Ninth Circuit had heard a 2A case and given their opinion. As had the Seventh, Second, and First circuits had as well.

Once they were ready to release the opinion, the Fourth Circuit pulled the case from the merits panel and re-heard the case en banc.

So the case is now a year from when it was first filed.

After the en banc panel has issued their opinion, the loser can seek certiorari from the Supreme Court. They will not grant it because the case is too young. The case has been going for a year or more at this point, but it is still at the very first stage of the case.

Back at the district court level, the judge could put everything on hold pending the outcome of the appeal process. Or they might move forward with the case.

The next step in a court case is the request for a preliminary injunction. The TRO is designed to stop something while the court has time to evaluate the request for a preliminary injunction.

The purpose of a preliminary injunction is to put something on hold until the court has reached its final judgement.

The case has now spent many, many months in appeals, it is now back in the district court. The court issues its order regarding the preliminary injunction.

And the entire process starts all over again. The losers can appeal, the case then wallows in the quagmire that is the appeals process before the case starts its way through the district court again.

At the point where the case starts to move forward, the state is going to argue that the plaintiffs do not have standing, that the case should be dismissed for reasons. Depending on the state of the law that is being defended, the state might be attempting to delay the case or to move it more rapidly.

A strange thing happens when a law is enjoined, the state moves rapidly and the courts move rapidly to reach a stay or to have the injunction overturned. The same state, with the same players, can’t move at faster than a sloths’ pace when their law is there infringing on The People.

There are multiple paths forward for the court and parties. One is summary judgement. In a summary judgement, the court is asked to decide based on the base filings. This should be how most Second Amendment cases are decided.

Judge, the state is infringing on my right to bear arms. The court: State! Stop infringing! Done.

Both parties can request a summary judgement.

Another path forward is for the case to go to trial. In Second Amendment cases, these are most often bench trials. A bench trial is when the judge acts in place of a jury to make determinations of facts.

Most of the cases we are following are having full trials. The parties involved know that they are developing a facts base to support their appeal.

The bottom line is that these cases take a long time and far too much money.

That is why this case is an outstanding win for us.

They Gave Up!

That’s right. The case was kicked to a magistrate judge for mediation. On September 30th, the Mediator reported that the parties had reached an agreement and the case was settled.

This is a full win. There are still some restrictions on displaying firearms. It is still forbidden for guests to have firearms on CHA property. But this is a win.

The Heller opinion clearly stated that the right to keep and bear arms was an individual right. That was the holding.

To get to that decision, the Supreme Court did their standard analysis. First, is the plain text of the Constitution implicated by the proposed conduct? Second, what is this nation’s historical tradition of regulation in this area?

Can I call a politician stupid? The congress might create a bill that makes it illegal to make ad hominem attacks on politicians. The president could sign that bill into law. I could then be arrested for violating that law.

That doesn’t mean that the law is constitutional. Regardless of what the congress might have said while contemplating the bill, claiming that “hate speech isn’t free speech”. The law must be evaluated in light of those two questions, is the plain text implicated and what is the history of regulation regarding speech.

Looking at the constitution, before the Bill of Rights, there is nothing in the enumerated powers granted to the State that authorizes them to limit speech. Thus, the law is unconstitutional. The state would argue that “promote the general welfare” authorizes them to make the law.

We can go a step further, we can look at the amendments.

Here we have a more clearly defined restriction on the authority of the state, Congress shall make no law … abridging the freedom of speech, or of the press. The conduct at hand, making speech, implicates the plain text of the First Amendment. It then becomes the state’s burden to prove a historical tradition of regulating speech.

The state cannot find historical regulations restricting speech because it is mean; therefore, the law is unconstitutional.

The Supreme Court used the same methodology when deciding Heller. They first looked to see if the plain text was implicated. That required them to analyze the language of the Second Amendment.

Knowing the games that the circuit courts had been playing, they defined almost all the words. They used dictionaries from the time. They used dictionaries from multiple sources. Plus, they compared the words as used at the time.

This was part of dicta. Some inferior courts understand dicta and follow the guidance of the Supreme Court. Others do their best to twist the words. Often the inferior courts are more interested in what the Supreme Court didn’t say than in what they did say. Frequently, the inferior courts will say something like, “The Supreme Court didn’t say that 2+2=4, they said that 2+3=5. Since they didn’t tell us what 2+2 equals, we will just have to do our best.” Then proceed to hide a divide by zero to get an answer that says that 2+2=3.1415, getting pi in the face later when their opinion is vacated.

After establishing that the plain text covered the proposed conduct, the Supreme Court moves to the next stage, looking at this nation’s historical tradition of firearms regulation. In that historical analysis, they found that there were no laws that were analogous to a weapon ban, unless the weapon was both dangerous and unusual.

The Case at Hand

Barnett v. Raoul is a challenge to the PICA passed in Illinois. The People originally sought a preliminary injunction. They got it from Judge McGlynn. The state then appealed to the Seventh Circuit court. There, the administrative panel consolidated the case with other challenges to PICA. They stayed the preliminary injunction, allowing the law to stay in effect. They denied the requests for a preliminary injunction from the other parties and put the case to the merits panel.

This was not unexpected. The Admin panel had both Judge Easterbrook and Judge Woods on it. Both are statist and have often ruled against The People. Judge Easterbrook is most famous for having been overturned in McDonald v. Chicago.

Amazingly, the Merits panel had the same three judge panel as the original administrative panel. The circuit court heard the case quickly. They were under scrutiny by the Supreme Court.

The Supreme Court had denied cert in a different case, with Justice Thomas writing that if the case was delayed for the plaintiffs (good guys) to petition for rite of cert. again.

Having heard the case, the merits panel sat on their opinion. The Second and Fourth were sitting on their opinions as well. Most of the Second Amendment cases were locked in, waiting for the Circuit Courts to issue an opinion.

The Seventh Circuit was the first to issue their opinion. First, they found that they were not guilty of the two-step shuffle. That they had always been faithfully applying text and history. Because they were using text and history before Bruen, their earlier work was still good case law.

That case law found that the plaintiffs had not proved that “assault weapons” were arms under the plain text of the Second Amendment.

They remanded the cases back to continue the process.

Judge McGlynn did not allow any delay tactics. His case was argued on September 16th, 17th, 18th and 19th of 2024.

It is now time for the Court to analyze the briefings and testimony to determine the facts of the case and to reach conclusions of law.

Both parties will submit their proposed findings of fact and conclusions of law. This is what they want the court to find/agree with.

On October 21st, the state of Illinois submitted their brief. There are 3585 pages, 58 exhibits, 2 attachments and an appendix.

Some facts are just that facts. They are easy to verify and check the veracity of. Others are opinions stated as facts.

The state says that PICA was enacted after July 4th. This is true and a fact. They identify that particular July 4th as the 4th of July when an asshole shot and killed 7 people.

It is not relevant to the Constitution that the shooting took place. Nor that the bill was enacted before or after that date. But it is a fact.

The state also wants the court to agree that the shooter used an AR-15 rifle and a 30 round magazine to kill 7 and would 48 people that July. Again, a fact but not relevant. The state then repeats that PICA was enacted after July 4th.

A more important date was the date when Bruen issued.

Here is an example of an opinion, dressed up like a fact.

Is the AR-15 a semiautomatic version of a firearm specifically designed for the military? Yes and no.

The AR-10 was a select fire weapon that Armalite designed for military sales. The AR-15 was a redesign, also for the military, using the lighter 5.56×45 cartridge. The original AR-15 was field tested in Vietnam, as the AR-15. The design was adopted and standardized as the M-16.

A new product was developed by Colt for the civilian market. It used the same name, AR-15. The differences were to make it capable of semi-automatic fire only. The simplest modification was the removal of the select fire control group and not drilling the hole for the auto-sear.

The early AR-15 SP1s out of Colt were M-16s without an auto-sear and with the hole for the auto-sear missing.

What is the state’s goal?

The state wants the district court to find that the weapons and magazines banned by PICA are not arms, as defined by the Seventh Circuit court.

To accomplish this, they need to have the court find that AR-15s and the ilk are really modifications of the M-16/M-4 platform.

The real trick in this that it is the plaintiff’s burden to prove that something is an arm protected by the plain text. The state does not carry that burden.

This is the difference between presumed innocent and presumed guilty.

Regardless of anything that happens in Judge McGlynn’s court, PICA will stay in effect for the foreseeable future.

It is likely that Judge McGlynn will issue his opinion with a short administrative stay to allow the state to appeal.

The Seventh Circuit administrative panel will issue a stay pending the merit panel issuing their opinion.

If the merit panel finds for the plaintiffs, the state will seek a rehearing en bloc. This will take time.

If the merit panel finds for the state, I hope the plaintiffs file a petition for certiorari with the Supreme Court.

It is likely that the Seventh Circuit will actually hold the case until the Snope case is decided by the Supreme Court.

Regardless, cases are starting to move again.

I’ve been listening to the Andrew Sisters for years. Their voices are wonderful. In all of those years, I had never actually seen them in film.

Last night, this song showed up in my play list. I was thinking about it, how our culture has changed. “Give me some skin” would get me in trouble today.

In my time, Harlem has always been a dangerous and scary place. There was a time when it was a cultural up end place to go.

Regardless, watching the sisters sing and dance makes me smile.

And another:

Trolling at its finest.

If there is one word that truly does not describe Kamala, it is “authentic.”

Everywhere she goes, it feels fake. Everything she says, feels fake. There is nothing authentic about her.

While people made fun of her for saying she owns a Glock and that ends her description of the type of firearm she owns, I didn’t find that off-putting.

I own a SIG. Lord help me if I know what model it is. I look when I need to. I have a Glock. Which model? I don’t know.

They are just tools. The Winchester Model 94s? Well, they are more history than tools. And yes, they have taken deer and raccoons. The Henry has taken a raccoon. The Rossi R95 has taken raccoons and possums.

It depends on the person just how detail they get with their firearms.

Regardless, I don’t think Kamala is part of “gun culture”. Not first, second, nor 100th generation gun culture.

While my accent changes, depending on whom I am talking to, that is mostly because I’ve had a southern accent in the past, and Michigan, and Wisconsin, and ugh, California. When I’m talking to somebody with those accents, I will slip back into it.

I was talking to a woman from Kentucky the other day and my southern came out.

Ally reported she had a thick accent. I found it pretty tame and lovely to listen to.

Regardless, Kamala is not authentic. If she told me that water was wet, I would want a second opinion and would test myself.

Trump is Trump. This election season, I find myself liking the man. “I don’t think he knows what he is saying” is a great line.

He has been more controlled in his messaging. Attacking their policies and capabilities rather than the person.

On Sunday, Trump kept his word and showed up for work. At a McDonald’s.

They started him on the Fryer, but at some point he moved to the drive—through window. My guess is that it took a bit of work for the Secret Service to figure out how to allow people to get that close to Trump in a vehicle “safely”.

It looks like he had a blast. And the people seemed to enjoy it as well.

And at this point, Trump has more documented time working at McDonald’s than Kamala has presented.

I am reminded of the image showing a US soldier on a hillside with civilians hiding behind him. The caption reads, “The difference is that we ourselves between them and the enemy, they put them between themselves and their enemies.”

It was, and is, such a powerful message of the differences between the animals and the civilized nations.

One of the more disgusting things I’ve seen out of Gaza was a video of Hamas placing the shattered body of a child into a bomb crater, to be found with a great deal of anguish on the faces of the actors.

The child was already dead. His skull was hanging open. It was disgusting.

I support Israel. I hope they root out every last terrorist bastard and send them to get their 72 raisins.

The suspicion of an attack on Route 4 is growing: a fatally wounded person at one scene and a moderately wounded person at a second scene Amit Segal on Telegram, Google AI translation

Five injured Amit Segal

One of them died of his wounds Amit Segal

Ben Gvir: The person who killed the terrorists was a citizen who received a weapon thanks to my reform. Amit Segal

The title on the web page is now “Israeli Civilians Are Taking Up Arms”.

The article is another anti-gun screed by the normal people, decrying the number of deaths “caused” by guns.

One of the things that Ben-Gvir’s new regulations have accomplished is that Israeli citizens are no longer disarmed after a self-defense shooting.

While we in the US have backup guns for our backup guns, many people that own firearms in foreign countries consider themselves to be lucky to have just one. … the practice of requiring citizens involved in an attack to hand over their personal weapons for extended examination and investigation.Missing citations for QJSUMI46

It seems like they are starting to come around to “it is a good idea for people to be armed”.

To put this in some sort of perspective, Israel is smaller in area than New Hampshire. It is a little longer north-south and about the same east-west. There isn’t a place in New Hampshire that you can’t reach from the border within an hour of driving.

The enemies of Israel surround it. There is no place more than an hour from the border with hostiles.

I started my computer career with the command line, or as it is known today, the CLI.

Almost everything I do is done via CLI.

I’ve had clients that had hosts in China, Ukraine, and London. They all look the same to me because they are just another window next to the other windows on my desktop.

When programming, my hands seldom leave the keyboard. I don’t need to use the mouse to program. It is mostly done with control key sequences.

When I need to configure something, I use a text editor and edit the configuration file. If the configuration file is JSON, I use JSON CLI tools to manipulate the file. Everything is done via the command line.

Even this post is done from “the command line.” I am typing raw HTML into a simple text editor. So an aside is written as:

<div class="aside">This is the aside</div>


Which renders as

The editor also has a visual editor. What we call a “What You See Is What You Get” or WYSIWYG.

In the WYSIWYG, you type, and it is formatted close to what it will look like when presented in a web browser.

You have likely used a word processor like Microsoft Word, Apple’s old Mac Write, or the modern LibreOffice. If you’ve used Google Docs, you have used the online version of LibreOffice.

The idea is that you can look at what you type in these WYSIWYG editors and that is what it will look like when printed.

We have another term for Graphical User Interfaces, WYSIAYG, or What You See Is All You Get.

What do I mean by that? Well, if you have a GUI that performs configuration options, then only the options that are implemented in the GUI are available to you through the GUI.

The new level 3 managed switch has a web GUI. It is rather nice. You can see the status of each port. There are pleasant drop-downs to give you choices.

One of the issues I needed to deal with was to get DHCP running on it, rather than the old DHCP server.

After fumble fingering my way through the interface, I had a working configuration.

The other day, I wanted to set up network booting. I am installing Linux on so many machines, both virtual and bare-metal, that I wanted a simple method to use. Network booting seemed like the answer.

This requires setting the “next-server” and “bootfile” options in the DHCP configuration file.

There is NO place in the web GUI to do so. It is available through the CLI. Undocumented, of course.

WYSIAYG. I muddled through, I got it working. I can now do a network install anytime I want. And I can provide multiple options.

Which leads me to the root cause of this rant.

They are now building CLI tools that require CLI tools to configure them. And the CLI tools that do the configuration are not well documented because you should use the CLI management tool!

I needed to install incus on a system to configure a working OVN network! I am so frustrated right now that I could scream.

On desktops, the right side panel has a new item, navigation links. The first link is to the M4A1 design documents. These are the blueprints for the M4A1. As far as I can tell, they are a complete package.

These do not include tooling or how to documents, they are just the blueprints.

These prints are to pretty modern standards, but easy enough to read.

One fun thing I noticed was that they will often call out positions based on changing datum. A common datum is to consider the center of the front takedown pin to be 0,0. They do seem to use that as a starting point, but the trigger, selector and auto-seer holes are relative to the hammer pin hole.

This is because the relationship between those holes is critical, while their placement relative to the take-down bin is not.

For those on small screens, where the right-hand column is missing, scroll to the bottom of the page, you will find the link there.

M4A1 Design Documents