Category Archives: Consumer Alert!

Five Depressing Developments on the OPM Data Compromise

1: How Did It Happen? Well, Why Did Your Car With The Top Down, Keys In, Parked in Da Hood Get Stolen?

The OPM Logo: an eagle being stretched on a rack, or maybe drawn and quartered.

The OPM Logo: an eagle being stretched on a rack, or maybe drawn and quartered.

First, here’s Charlie Martin on why it happened:

Someone, somewhere, decided that they didn’t want to spend the money: undoubtedly they had budget constraints.

So the sensitivity of the data wasn’t properly identified, passwords were used instead of a stronger scheme, the systems involved had “superuser” or “root” accounts that by definition have access to everything, and the users who had access to those root accounts were Chinese nationals in China, who — I think we can fairly say — didn’t meet the U.S. government’s standards for computer security.

Perhaps the biggest issue of all is that the government had centralized the collection of that data into a single web-based system, e-QIP, which means that all this data was collected in one place.

I would bet money that each of these decisions came down to someone saying: “Oh, that’s too hard,” “Hiring offshore workers is cheaper,” “That’s too inconvenient.”

At each of those steps, some security was lost because someone decided it was easier to relax the requirements than to get the more expensive and annoying solution. And while the inspector general was calling out the hazards, no one was willing to rock the boat.

It’s worth it to Read The Whole Thing™ — Charlie’s been around long enough to see a Death March software project or two — but the bottom line seems to be, because OPM secured it like the Last Guy Still Using AOL® secured his cute-kitten .jpg files.

2: Nobody Knows How Big The Numbers Are — Because Execs Are Lying

Second, there are some new numbers, and we’re expecting the release of even larger numbers Friday (too late for the evening news). We’ve seen the numbers build from 2.9 to 4 to 14 to 18 to 29 to 32 Million. It gets hazy fast. For instance:

  • OPM Director Katharine (“Fat, Incompetent and Stupid is so a way to go through life”) Archuleta, selected for that job by the usual process of Washington racial/ethnic/sex beancounting, insisted that the agency’s final number was 4.2 million. At the same hearing, an FBI officer, Acting Assistant Director for Cyber James Trainor, stood by the Bureau’s 18 million estimate, briefed earlier to Senators by FBI Director James Comey. Trainor, unlike Archuleta, showed his work: an OPM memo, exposing Archuleta as either an incomptent, a liar, or (the smart money says) an incompetent liar.
  • House Oversight Chairman Jason Chaffetz, R-Utah, brought up the 32 million number. However, that’s just the cleared personnel and applicants that OPM has mishandled data for; each person’s 150-page questionnaire or electronic equivalent also exposes the data of numerous other persons (references, employers and supervisors, family members, foreign friends) and, more alarmingly yet, the threads that form the skein of relationships of all those people have also been exposed to a hostile intelligence service.

Of course, their defense is, they’re not lying, they’re just so wrapped up in their own red tape they can’t generate diddly.

what OPM usually does

But the bottom line is this: if you have completed an SF 86 paper security questionnaire or the replacement Electronic Personnel Security Questionnaire (EPSQ) on e-QIP at any time since the early or mid-1980s, you had best assume your secrets are secrets no more.

OPM did not investigate all DOE clearances, so if you had a nuclear clearance but not a DOD one,  your information may be safe.

3: They Say They’re Not Lying Now; Forget Lie They Got Caught In Already

Third, the data was exposed as early as 2013 and the OPM senior executives cooperated, de facto, with the hostile intelligence service by minimizing and concealing the extent and seriousness of the breach then. CNN again (emphasis ours):

The roots of the recent OPM breach could be traced to an earlier 2013 OPM breach, investigators now believe. At the time, OPM officials minimized what was taken by hackers, who are believed to be the same responsible for the latest breach. But it turned out what was taken provided blueprints to the OPM network, valuable information for future intruders.

At Wednesday’s House Oversight hearing, Donna Seymour, the agency’s chief information officer, said that in the 2013 breach, hackers took “some manuals about our systems.”

Asked if those manuals were akin to blueprints of OPM’s computer systems, Seymour answered, “It would be fair to say that would give you enough information that you could learn about the platform, the infrastructure of our system, yes.”

Seymour called it a breach of security.

But that contrasts with earlier statements by OPM officials.

What do you think… are they lying now, or were they lying then? Does what we should do with them change based on the answer to this question? (What should we do with them? And should it involve tar, feathers, fire, a trebuchet, and easy assembly instructions?)

In a 2014 interview with WJLA-TV in Washington about the 2013 breach, Archuleta minimized the damage.

“I can tell you the most important piece: No personal identification information was compromised,” she said. “That’s the most important thing. That happened because of the good work and dedication of our employees.”

About the 2013 breach, Archuleta added: “Again, we did not have a breach in security. There was no information that was lost. We were confident as we worked through this that we would be able to protect the data.”

She’s right about one thing: this has happened because of the good work and dedication of her and her employees. Although we’re not sure what the adjective “good” is doing in there.

But it now looks like they didn’t just minimize the response. They deliberately misrepresented the scope and scale of the compromise, according to the Wall Street Journal (requisite Google Search if you’re paywalled out).

The Obama administration for more than a week avoided disclosing the severity of an intrusion into federal computers by defining it as two breaches but divulging just one, said people familiar with the matter.

But:

An OPM spokeswoman said the agency had been “completely consistent’’ in its accounting of the data breach.

Well, yeah, she and her agency have been completely consistent. They’ve consistently lied. Example? Here’s one from that same article:

A day after the public announcement, an OPM spokesman said there was “no evidence to suggest that information other than what is normally found in a personnel file has been exposed.’’ By that time, the FBI already knew—and told OPM—that security-clearance forms had been tapped, officials said.

You can tell when Archuleta and Co. lie. Their lips move.

4: Did You Hear The One About The Screwed-Up Response?

Fourth, when the OPM went to notify even the initial 4.2 million victims they admit having, they botched it all over again, using a wildly insecure and unverified email system. (Hardly a surprise. Most key OPM systems were and are running with no or self-generated encryption and signing certificates). According to Navy Live (an official DOD site):

OPM began conducting notifications to affected individuals using email and/or USPS First Class mail on June 8, 2015. Recognizing the inherent security concerns in this methodology, with OPM and CSID support, DoD suspended notifications to employees on June 11, 2015, until an improved, more secure notification and response process is in place. Late June 15, 2015, OPM advised that email notification resumed. Email notifications should be complete by June 22, 2015. U.S. Postal mail notifications will take longer.

By the way, here’s what an email fraud alert for the crapola lowest-bidder “credit monitoring” service OPM bought no-bid from some crony and is force-feeding to victims looks like:

hacker_insurance_alert

Yeah, just like a Nigerian scam!

Are that company’s servers as secure as OPM’s (which is to say, not terribly?) Or do you just get hacked yourself if you’re dumb enough to click the Log In Now button in a shady-smelling email like this? Click that red button and you may just find out. (Not here of course. Here it is just a harmless picture. We think).

5: FLEOA’s Recommendation Doesn’t Work

Fifth, here is what is happening when federal Special Agents, intelligence agency staff and contractors, and other cleared personnel call up the credit bureaux about their records, they’re getting blown off. As one disillusioned Fed put it to us:

The credit companies have so many calls from government employees for fraud alerts that they want you to go online and do it. They do not want your call.

At first, the staff at Experian, TransUnion, etc., may have fielded the calls personally, but soon the party line was “Don’t waste time on Federal employees and contractors.” Those unfortunates should not expect personal service; after all, the credit resellers aren’t getting paid for helping victims of enemies foreign (hackers) and domestic (OPM brass). Instead, some outfit you never heard of got a huge no-bid contract to further surveil you. (Wonder if there’s a kickback to the OPM panjandrums).

“Hang up and order a credit report online.” Click.

Soon, the firms’ initial voicemail menus were changed to cut hack victims off before even getting to that point. When you dial in, before you get the voice menu, you’re told not to bother calling the telephone line, if you’re an OPM victim. They can’t stop you from getting your one statutory credit report per year, but they can make it as difficult as they like — and they do.

The Bottom Line

OPM, after doing just about everything they could do to give away the security data, now is finger-pointing, to the extent it’s doing anything. (Hey, you can’t interfere with the 10 AM-3 PM Federal workday with a two-hour lunch. That’s an entitlement for these drones). They haven’t even updated their own data breach information page since the 23rd — two full days ago.

Director Archuleta seems to think that these so-called “workers” are more useful to the taxpayers than the same number of empty chairs. Where’s the evidence for that proposition?

She also thinks that OPM has been a good steward of secret and sensitive information. On which planet, in which galaxy, does this remarkable condition obtain? Not, we submit, on ours.

She has decided, to the extent this idle bag of suet decides anything, that what the OPM really needs to recover from this Grand Slam of Beltway hackery is to hire another Beltway tusker, to be called a “Cybersecurity Advisor.”

Sounds like a job for Jamie Gorelick.

Advice for OPM Breach Victims

The following post has been transmitted by the Federal Law Enforcement Officers Association (think, the “special agents’ union” and you’re pretty close) to their members. It gives advice that is useful to anyone who’s been victimized by the allegedly-Chinese hack of the all-but-unsecured  computer networks of the Office of Personnel Mismanagement (OPM).

Their advice about (1) not relying on the lowest-bidder “credit monitoring” OPM contracted as damage control, and (2) taking measures on your own, is excellent across the board. If you are (or were) a government worker or cleared contractor, or even simply applied for a clearance, since approximately 1990, you may rest assured that the payroll patriots of OPM have distributed your name, date of birth, social security account number, and many other personal details (depending on level of clearance and depth of investigation) far and wide.

In response to OPM’s breach of our member’s Personal Identifying Information (PII) and release of other sensitive data, FLEOA prepared an informative bulletin to assist you and your family with taking proactive steps to prevent further abuse of your PII.
By now you should have received an email from OPM notifying you that your personal information may have been compromised. The email will come from opmcio@csid.com and it will contain information regarding credit monitoring and identity theft protection services. Ensure that the email you received from OPM is from CSID and not a phishing attempt. To do this, check the address on your email header and ensure it reads opmcio@csid.com. To be safe, launch a new window and then cut and paste opmcio@csid.com into your new web browser and follow the instructions. Don’t fall into the false sense of security that that credit monitoring will protect you. It’s a good service and certainly one you should take advantage of, but there are additional services and resources you should also consider deploying. So what else can you do to protect your identity?
First, contact one of the three credit reporting bureaus Transunion (www.transunion.com), Experian (www.experian.com) and Equifax (www.equifax.com) and report you are a victim of identity theft and request a FRAUD ALERT be placed on your record. Note: by law, you only need to contact one of the three. As soon as you place the fraud alert with one credit bureau, they have to notify the other two. Please keep in mind that a fraud alert is only valid for three (3) months and then you have to call them again and renew. A fraud alert works much the same way as credit monitoring – anytime someone queries your credit, either through a loan application or even checks your credit you are notified. There is no charge for this service.
Additionally, by law, you are entitled to receive one free credit report per year, per credit bureau. In effect, you can request 3 credit reports per year at no charge from each of the credit bureaus. FLEOA recommends that you request a new credit report every four (4) months for the next three to five years and then at least every six months for every year thereafter. If you notice an account that you or your spouse do not recognize, immediately notify the company that you are a victim of identity theft and you did not authorize the questionable account.
Another important step to consider is freezing your credit account. Unlike credit monitoring where you are simply notified of a credit query, a credit freeze will prevent anyone from using your SSN to obtain credit in your name. It also prevents anyone from reviewing your credit worthiness. The cost is $10 to freeze and another $10 to unfreeze. As with placing a fraud alert on your account, you only need to notify one of the three credit reporting bureaus. FLEOA recommends you to freeze your credit if you are not planning to purchase a car, a house or obtain credit cards in the next year or so. If you are planning on purchasing a car or house this year, you may want to consider waiting to freeze your credit until after you have completed your purchase.
Another option to consider is paying a fee for the credit bureaus to contact you via, text, email or phone anytime someone queries or uses your SSN to obtain credit. This provides instant real time feed back and allows you to respond immediately to any threat to your credit. Note: there is a fee for this service.
FLEOA also recommends you to set up a My SSA account through the Social Security Administration (http://www.ssa.gov/my account). By setting up a My SSA account, you can access your work history and yearly earnings and ensure that only the wages you earned are showing up under your SSN. This helps prevent anyone from filing SSA claims in your name and working under your SSN without you knowing about it.
For additional information on how to protect yourself and your family from identity theft, visit the Federal Trade Commission at www.ftc.gov/idtheft.
FLEOA | | fleoa@fleoa.org | www.fleoa.org
7945 MacArthur Blvd
Ste 201
Cabin John, MD 20818

This is a personal calamity for those involved and a national security and counterintelligence disaster, but you’ll be relieved to know that institutional Washington’s highest priorities are safe: that would be the 7% annual performance bonuses for the OPM Senior Executive Service members and other senior managers who presided over this cluster$&@%.

Those Who Forget the Past, AR-15 Edition

A couple of days ago we followed a link from The Gun Feed to the Michigan-based gun blog 248 Shooters.com. (We’re guessing 248 is an MI area code? The way the Workshop Eating Plane® will have “603” in its N Number?). Anyway, the article was a short and to the point gear review of an extended or enhanced mag release that is made by a company called ArmaSpec.

ArmaSpec mag release

Armaspec calls it the “Tactical Combat Button,” and says (right there on the package!) that it gives you “faster magazine changes.” It’s reminiscent of popular extended or enhanced mag catches that have become common on sidearms, like the Vickers Tactical catch we have in our Glock 17. (We’ve got the slide release, too. Larry is a hero to those of us with small hands).

Apart from the name, which gnaws at us in its jejune buzzwordiness (not “tactical” again! And “combat?” Whose?), it illustrates the problem of living in Baby Duck World, where All Things Are Ever New™. This button may be useful for someone running very stylized match stages, but it probably isn’t.

Here are our problems with the TCB, conceptually:

  1. First, there’s nothing wrong with the standard mag catch;
  2. Unlike the standard mag catch, this is very prone to unintended mag release;
  3. Unlike the standard mag catch, this cannot be installed, removed or adjusted without tools;
  4. In fact, it needs a peculiar tool which the rubber-meets-the-road system operator may not have on his person;
  5. It gives up most if not all the adjustability of the standard catch;
  6. It introduces additional points of failure into a proven subsystem;
  7. It is vulnerable to the screws backing out and requires Loctite to work at all.

Note that we haven’t tried this part ourselves, we’re just cueing off 248Shooters’ review.

The History of the AR-15 / M16 Mag Catch

The M16 magazine catch started as the AR-15 one, which, of course, began as the AR-10 magazine catch, as shown here. (The first shot is Serial #38, auctioned by James D. Julia some time past; the others are from an Portuguese AR-10 on an H&H Semi receiver). We have not tested the interchangeability of these catches, but we suspect that the AR-10 and -15 catches are the same length on the X Axis (front to rear) but the AR-10 catch is longer on the Y Axis (left to right).

Julia AR-10 #38 serial ar-10_porto_right_side_receiver_rotated H&H AR-10 02

The AR-10 magazine catch was not created in a vacuum. It itself was an improvement of the catch used in the seminal German MP44 assault rifle (We use “MP44″ somewhat expansively here; the magazine catch appears to us to be the same in all related versions of the German assault rifle, back to the MKb 42 (H)). The direction of the release changed, and it was moved closer to the pistol grip, so that it could be released with the index finger of the right hand, instead of using the left hand as was done with the MP44. The next photos are of a Japanese non-firing replica of the MP44 (they were the clearest photos handy on the net). The mag release is the conical, ribbed button at the rear of the mgazine well.

MP44-trigger

This next picture shows a weakness of the MP44 system, which the AR system improved materially. As you can see, the catch, button and shaft are joined semipermanently by staking or riveting. That means it’s not field-repairable, let alone, -adjustable, at the -10 or -20 (operator or organizational repair, i.e. unit armorer) echelons. Again, this is a replica, but a very nice one.

MP44-trigger2

By making the AR-10 design a one-piece shaft and catch, where the shaft threaded into a tapped blind hole in the mag-release button, Stoner made it possible for the magazine catch to be disassembled for repair, replacement or adjustment without tools. All you need is a cartridge to overextend the mag release so that the catch clears the magwell, and then it can be screwed in or out. On any AR, a mag catch that’s too “grippy” can be fixed by backing off a couple half turns, and one that’s kind of loose can be tightened up the same way. This adjustment can clear up a lot of “mystery” failures to feed in AR systems.

The magazine catch can’t unscrew itself without being overextended until it’s clear of the magwell, because the magwell holds the catch in place and prevents it from rotating. But as ingenious as the AR-10 magazine catch was, there were still two improvements to come.

The first was to exchange the blind hole of the AR-10 magazine release for a through hole. This made the magazine catch button much easier to manufacture and increased the usable range of adjustment for the magazine catch, with no downsides at all. From this alteration somewhere around 1960, the parts of the standard AR magazine catch are fundamentally unaltered until today. (One change is that the ribbing on the catch is circular, whilst in the early sixties it was straight and horizontal, but this is a cosmetic change driven by production convenience and not material to the function of the catch.

The 17 prototypes made all had a magazine catch that worked much like it has on all the milios of aRs since then. Here is Prototype 004, from the Reed Knight collection:

AR-15 Proto000004

The initial catch was not guarded at all.

Here it is on the Colt Model 601, the first production AR-15 model, of which approximately 14,500 were manufactured, mostly for military testing (project AGILE, SF/SEAL evaluation in Vietnam, etc.). This catch is identical to those seen on surviving prototypes.

601-Right-601x438

One of the complaints from these early tests was that the exposed magazine release would occasionally lead to an uncommanded ejection of the mag while moving in thick brush.

The Model 602 (which is labeled “Model 02″ on the left magwell) was purchased in about 19,000 units, primarily for Air Force base defense and plane/weapons guard purposes. It has the same arrangement of slabside receiver and mag release button. It was with full rate production of the M16 (USAF rifle,  Colt model 604) and XM16E1 (US Army rifle, Colt model 603) that another change to the receiver made it possible to guard or “fence” the magazine release.

The change was the substitution of a captive pivot pin, retained in the lower receiver by a spring-loaded detent running in a groove, much like the rear pin, called the “takedown pin,” had always been. A boss needed to be added to the lower receiver, to provide a race for this pin’s detent and spring to run in. Since the forging dies needed to be modified anyway, it was relatively trivial to extend the boss and make it a “fence” riding above the magazine release.  (This is the center receiver in the three-image picture below). Now, bumping into a stand of bamboo didn’t mean a lost mag any more.

Except, reports from the field indicated that it still did. As a result, the users — mostly the Army, based on Vietnam experience — asked that the rifle be modified, again. The request was brought to the Rifle Technical Committee on 13 Jan 66. It was feasible to change Drawing No. 62300 for the M16 and XM16E1 common lower receiver forging, as the running change log of Product Improvement Modifications records, “To respond to Army request to provide protective boss around the area of the magazine.” The Army contracting office approved the change on 16 May 66, and sometime relatively soon after that date the forging dies were modified to incorporate the “protective boss” which has since come to be known in the collector community as the “full fence.” A comparison of the three different receivers, showing the different forged outer right magwell side, is below, based on thumbnails at the Retro Black Rifle site (which also provided some of the other photos, although the AR-10 photos are from Julia Auctions and from the WeaponsMan.com collection).

Left: prototype through Model 602. Center: Pre-March-66 603/604 (XM16E1/M16). Right: post-3/66 603/604 (XM16E1, from 68 M16A1/M16)

Left: prototype through Model 602. Center: Pre-March-66 603/604 (XM16E1/M16). Right: post-3/66 603/604 (XM16E1, from 68 M16A1/M16)

All the earlier forgings were used by Colt; those that were machined already seem to have been used until they ran out on military 603/604s, some were retained for toolroom prototypes and other factory uses, and slabsided, early model forgings with different machining (for a pivot screw instead of a pin) continued to be used on civilian-market semi-auto SP1 rifles for over 20 years.

The fenced mag release solved the problem. It is very rare (a freak occurrence, in fact) to have some stick or branch (or interaction with other gear or aircraft structure, etc.), drop your mag. And yet, there’s no difficulty reaching the mag release with your right index finger and dropping the mag free for a rapid reload. (At least, if you’re right-handed. Yeah, the ergonomics are significantly worse for a southpaw).

Why All this Ancient History Matters w/r/t this Rifle Accessory

The saga of the growing “fence” or boss on the receiver’s magazine well is the story of successive responses to a real problem, inadvertent and uncommanded actuation of the magazine release. You might say the military found that a protected switch was a “tactical” and “combat” necessary, and their users were actually, not Walter Mitty, tactical, and really, not in a practical-shooting-competition stage sense, in actual combat. And they decided a protruding magazine release was a A Bad Thing®. Enough, indeed, of A Bad Thing® that they spent the money not once, but twice, to redo the lower receiving forging to insulate the user against the consequences of a protruding button.

And here’s what the Tactical Combat (gag me!) Button looks like, installed, close-up (this nicely-done image is from 248Shooters’ review, we don’t know if they took it or it’s a factory shot):

ArmaSpec MR close-up

As they do note, it’s a well-made small unit, but by installing it, we not only have resurrected the inadvertent mag-drop failure mode, the one that was supposed to be laid to rest in March of ’66, but we’ve also introduced a new failure mode, in that foreign matter can potentially get stuck between the large pad of the TCB and the side of the receiver. In fact, the receiver boss/fence could actually help entrap a vine, stick or other junk right where it keeps you from pressing the mag release down.

This is apart from two of the cons noted by the 248Shooters reviewer, that the screws need to be Loctited, and that, “Like most extended mag releases it does fall pray [sic] to having a bit of wobble.” Against that, we dragged M16 series rifles through Arctic and Alpine conditions in places like Canada, Norway, all over northern New England, and some of the 20k peaks of the Andes, and the factory release is readily manipulated with gloves and even with mittens.

One reason we harp on this design history is that you have to know why the designers designed features into the platform before you go redesigning them, lest you bring back failure modes that engineers thought they banished fifty years ago.

Just like when you hot-rod a car, you may change characteristics that were designed into it for a reason, you need to think before you hot-rod a rifle. If you’ve ever had to drive an undercooled, over-cammed, 12:1 compression race car in traffic, with a did-you-do-your-squats-today clutch and square-cut gears, you know what we’re talking about.

Note

This sort of post is the kind of technical information we most like providing. But the US Department of State has moved to require prior restraint — Censorship, with extremely expensive licensing subject to arbitrary terms — on firearms technical information, in a wild grab to stretch the International Trafficking in Arms Regulations far enough to snuff out freedom of speech. (We’ll have more to say about that soon, including suggestions for how you can help, but from now on until this monstrous and deviant interpretation of the law is put down like a rabid coyote, every technical post will incorporate a note on this subject).

How Many SIG Pistols are in This Picture?

Care to guess?

p320-kit-2

The answer is one. What you’re looking at is the first two-size, two-caliber conversion kit we’ve seen for the SIG P320 striker-fired pistol. (The earlier P250 is a similar modular concept, but in a traditional SIG hammer-fired model). This kind of package has been announced by SIG, but this is the first one we’ve noticed for sale. The giveaway in the picture is the absence of a trigger in the black pistol.

That’s because the actual serial-numbered receiver, and therefore the firearm is the fire-control module. Interchangeable backstrap not enough for you? How about a whole interchangeable pistol?

p320-kit-3

In this particular case, the black pistol is a full size 9mm pistol and the .357 SIG is a compact. Numerous other combinations are possible with additional parts.

One benefit of this combination is that it makes it possible and practical to practice with relatively inexpensive 9mm ammunition, saving the expensive .357 warshots for limited confidence/function shooting and daily carry while maintaining a single array of muscle memory on grip, sight picture and trigger pull.

At $800 the set, it saves you some money over a pair of SIGs or even a pair of lower-priced Glocks, if you or our agency want the .357 SIG round as a carry round.

Personally, we’re content with the venerable 9 x 19, but enjoy the creativity and the technology of the thing. This would likely be a very hot seller, if SIG can overcome their reputational struggles with quality control.

4 Weird Airplane Tools We Use Every Day

Here are some tools we use on the airplane project in lieu of the usual tools for that purpose. We’ll probably elaborate on that at the Van’s Air Force Forum, where people building these planes hang out, but we thought that these are odd enough and in most cases versatile enough that gunsmiths, sport shooters, and even home handymen will find them useful.

We’ve listed them in order of coolness — the degree to which they delighted and surprised us.

Black and Decker Gyro Screwdriver

black and decker gyroThe Gyro is not your usual electric screwdriver. For one thing, it has a now-considered-anemic 4 watts, so if you’re driving wood screws into heart of oak, this is not your tool. But for another, it has a unique user interface in the crowded screwdriver market. There’s no on-off or directional switches.

No switches, —–es!? How the heck does it work?

It works by a flick of your wrist. Righty-tighty? Flick your wrist clockwise. Lefty-loosey? Counterclockwise. (Anticlockwise, you Brits). How cool is that?

Not cool enough. Because it works on a proportional flick of your wrist. Want it to turn fast, flick hard and fast. Slower? You got it, slower and gentler. The whole thing is apparently controlled by the solid-state micro-accelerometers that are now getting embedded in phones and every other gadget.

Screwdriver, hell, this is the tool you want for driving deburring tools. Like this single-flute deburring tool or this long-shafted one from Cleaveland Aircraft Tool. It’s so natural to control the Gyro by wrist motion, and when you have to deburr thousands of #30 holes again after redrilling them to real #30 size — thank you, Hertel, not — your thumbs will thank you. The use of the driver feels weird at first but you quickly master it and have control you don’t have with a conventional power driver.

Best yet, in our deburring use it runs for weeks on a single battery charge.

The Black & Decker page also includes a comment from a guy who’s as delighted with his Gyro as we are, and he’s a reloader, using his for case trimming and chamfering and all that good stuff.

We really liked this tool so much that the Blogbrother hied himself to Lowe’s where we bought it, for, if we remember right, $18 and change, looking to get another. He texted back from the store:

Clearance priced for $15 [bleep]

Texted him back; why’s such a great tool on clearance? The clerk tells him that they did not sell; people thought they were a weird idea, and nobody wants a 4w screwdriver any more. We hope that B&D keeps pressing this technology into the market. Buy it, you will love it. We’re going to buy another just to keep in the package in case one of ours gives up the ghost.

Clecall Cleco Pliers

clecall pliersIf you don’t ever make anything from sheet metal, you will probably never see a cleco, a small, removable fastener that sits in rivet or bolt holes, temporarily holding things together. If you make an airplane, you will handle dozens or hundreds of them thousands of times. (They also come in handy on other stuff. We just used riveted aluminum to make a replacement part for a wastebasket top latch, and we used clecos to hold the parts together while we drilled holes through two parts).  The pinlike Clecos are attached and removed by a small plier that has not changed since Lindbergh’s day. Until the Clecall was released recently.

We saw this advertised in Kitplanes magazine — a wishbook for plane builders, like we are now, and wannabees, like we’ve been for the past 30 years or so  — and thought, it can’t be as great as what they claim for it, can it? They say:

– Faster to use. Easier to Activate
– 70% lighter than normal cleco pliers at 4.3 oz!
– Vertical profile installs clecos in tight areas with ease!
– CNC machined and anodized in the USA for strength!
– Reduce fatigue and wrist pain

Boo, hiss: the old Cleco pliers. On the plus side, they're only six bucks.

Boo, hiss: the old Cleco pliers. On the plus side, they’re only six bucks. On the minus side, you can get a Clecall now, so it would be six wasted bucks..

And all that seemed over the top. But there are times when we’re working side by side and each of us could use a Cleco pliers, so we ordered this instead of the 1920-whatever version. Turns out, every one of those claims is true. We love this so much that we never use the old one any more. Instead of both of us Clecoing, we’re back to one guy waiting for the pliers again.

Fortunately, the company just introduced a new version, made of forged steel, with some other improvements. We love the alloy one, but we have to try the new one too.

And just to add a dose of awesome sauce, the guy who invented it built an airplane assembled like ours (a Zenith, designed by Chris Heintz) and prototyped the tool by 3D printing. We wanna meet this guy and tell him how much we love his pliers. Not in a gay way or anything. NTTAWWT.

Buy it at Cleaveland Aircraft Tool  (they only have the alloy version so far, but try them on the phone).

But ’em at Aircraft Spruce & Specialty (they are showing both versions).

Graco-Croix CX-9 Sprayer

This is somebody else's, off of eBay. It's the same model, but ours is nasty with overspray.

This is somebody else’s, off of eBay. It’s the same model, but ours is nasty with overspray. We’ve gotta get a welder cart or something for hauling it. 

When we were looking at how to wash, edge, prime and paint parts we initially concluded we needed a compressor. This led to fits of depression, because a compressor good enough to drive a spray gun isn’t something you buy at Lowe’s or Home Depot. It’s an expensive purchase and a loud bastard to boot. Sure, we could use a lot of other air tools with a compressor like that, but most air tools, including the pneumatic version of the cleco tool, and pneumatic rivet tools, can be used with a less strong compressor.

Cruising Craigslist for bargains, we found this sprayer. Checking it out, it seemed like a turbine sprayer was the answer to all our paint problems. Could that really be true?

So far, we’re very pleased with it. A local painters’ supply can get us parts, not that we’ve needed much; we needed a gasket, but made one of neoprene. We’re still running it with the contractor (coarse) spray gun innards, not the automotive (finer) ones. And the filter is old, but it’s user-cleanable.

It’s very environmentally friendly, “spraying” a cone of air around its paint. It’s quiet; we can converse in normal tones while spraying, unless we have to raise our voices: “What did you just spray me for, you featherbrained imbecile?” And it seems to be very economical with etcher, primer, and paint, which is good news because that stuff is X-pensive with a capital X these days.

We improvised a dust booth from one of those folding canopies you buy at big-box stores, and hang the parts from the canopy frame and a couple of cross clotheslines using hooks bent from old clothes hangers. (So we’re actually using hangers to build something that will go in a hangar).

Our success with the CX-9 turbine sprayer is an illustration of something we’ve long believed, a used professionals’ tool is generally a better buy than a new hobbyists’ tool.

Rockwell Tools BladeRunner

Rockwell BladerunnerBut this one? A hobbyist’s tool, from conception to delivery. Nonetheless, it’s an oddball tool we do use. The BladeRunner is a small saw that we use in lieu of a band saw. Fundamentally, it’s the guts of a jigsaw mounted, fixed, inverted in a lightweight plastic table. There’s an upper level guide that incorporates rollers to keep the blade on track, and has a socket to which you can attach a shop vac for a clean work space.

Compared to a bandsaw, it gives up a great deal of versatility and power, but it’s small and lightweight. The big plus is that blades are readily changeable. It uses any t-shank jigsaw blade. We use a saw mostly for cutting wood for jigs and fixtures, and secondarily for separating parts supplied joined together, so the ability to change from a wood blade to a metal blade in seconds, and the ability to dial speed up and down with a thumb wheel, are wonderful. (Changing speeds on the average bandsaw takes a lot longer and requires monkeying with pulleys and math. Changing blades is a pain in the neck).

Saw cuts are usually rough cuts with a poor surface finish, so we tend to put a lot of finish work in when we cut aluminum parts with this saw. It would not work on steel parts, so it’s not a good gunsmithing tool. It’s great for most of the things we do, though; for example, Van’s tends to supply a group of brackets or components of a built-up hinge as a long strip of angle that’s only partly cut to shape. It’s left for the kit builder to separate the four or six parts from one another.  With care, it’s possible to make these cuts close enough that the edge can be cleaned up with just a red Scotchbrite pad.

(The Rockwell blade marked “aluminum,” by the way, sucks at cutting aluminum. Use the one marked “metal.” Don’t even think about using it on steel. The saw has a speed dial on it, though, so maybe it could be made to work. But the bandsaw is supported at both ends, and only goes one way, and that rigidity and consistency can’t be matched in a plastic-framed tool that grips a reciprocating blade at one end).

The current version, the BladeRunner X2, is even smaller, lighter, and less expensive than the older one we have. (The illustration we used is the old model). Someday we’ll find the right price on a used variable-speed metal-cutting bandsaw, and then this guy will be retired to just do the woodwork. But right now, he’s a member of the plane-making family.

More on the Pennsylvania Registry-not-Registry

pennsylvania_state_reg_formIn comments to our last on the Pennsylvania State Police’s gun-registry-that-is-not-a-registry-because-it’s-so-fulla-holes, we were challenged by a Keystone State resident who doesn’t recall filling out the PSP form. Here’s what we’ve learned.

At one time, they just had the dealers send 4473 copies, but some time relatively recently (~10 years ago), their lawyers had them discontinue that, and generate their own form, PSP SP4-113 (+ variable numbers).

The PSP deliberately does not put this form on the intertubes. That is because their registration bureaucracy, the Firearms Records Unit, came up with a complex numbering system, where each form is uniquely numbered to the FFL that sold the gun (or handled the transfer, for a pistol between private parties). There is also a state ID number which is used not just to ID dealers but also for private transfers done by any county Sheriffs who offer this service. PSP explains:

FORMS SUPPLIED BY PA STATE POLICE – ONLY AVAILABLE UPON REQUEST:

Application/Record of Sale Form (SP4-113)

This form will be provided by the Pennsylvania State Police and all requests for this form must be submitted in writing. You can fax your requests to (717) 772-4249 or mail requests to Firearm Records Unit, Pennsylvania State Police, 1800 Elmerton Avenue, Harrisburg, PA 17110. Note the pre-printed numbers on this form are assigned to your dealership. Therefore, you can not loan copies to other dealers or duplicate this form. Please allow several weeks for the processing of your order. This form is not available online.

They do make a graphic instructional version available [.pdf], of which we’ve made an illustration here (it embiggens). You can see from this illustrative sample that the form was originally drafted to be used with short and long guns, but now it is required only for handguns.

While a single 4473 can cover multiple guns (our personal record is six), this state form must be done all over again for each gun in a multiple buy — even though they’re all on a single federal form. For each firearm sold or transferred, the dealer collects a $3 surcharge and a $2 Instant Check Fee, which are aggregated and remitted monthly to the State Police.

The copies our Fed friend found in a violent career criminal’s closet, in the boxes with the guns, were copies of this form — PSP SP4-113.

When the other copy gets to the Firearms Record Unit, it’s supposed to be entered in the database, but LEOs think it’s far from a certainty that this will happen, soon, or at all. That’s how you wind up with felons with over-the-counter guns in Pennsylvania —

Meanwhile, some jurisdictions are busting even licensed carriers if their guns don’t show up in this registry-that-isn’t. These cases may not stand up in court, but they’re a way to hassle gun owners — one of new Commissioner Marcus Brown’s major goals for the State Police.

How We Did at RIA vs. Blue Book

In April, we bought two lots adding up to four firearms from Rock Island Auction’s online auction. One was a Walther Model 8 pistol, and the other was a collection of three Eastern European pistols: an East German Makarov, a Czech Vz52 service pistol and a Czech Vz50 pistol.

Walther Model 8 RIA

The guns arrived and were in such good condition that our friendly FFL was surprised — pleasantly — when he unpacked them to check the SNs. After a single instant NICS check, we had them at home, and they’re still sitting out, waiting for Kid to have a break from school and from a round of doctor’s appointments. (He’s gonna live but he’s going through a tough time, and that’s all we’re gonna say about that). These four firearms were in four different European calibers: respectively, 6.35mm (.25 ACP), 9x18mm, 7.62x25mm, and 7.62x17SR, aka .32 ACP.

And on our trip to the Biddeford Gun Show, we relieved George the Book Guy of a few of his volumes, including a new Blue Book (ours being old, and this a new edition). Now, we have had a nagging feeling that we overpaid for the auction guns, especially with the stiff Buyer’s Premium typical of traditional auction houses. We were still happy with our purchases, because we always wanted one of each of these, although we’d rather have non-import-marked ones. But the question remained: how did we do?

The Walther Model 8 is important as the last all-new numbered model before the revolutionary PP. (The Model 9 was a rehash of the Model 1). Some PP features are already evident in this single-action, internal-hammer pocket pistol which was made from 1920 to 1943. We’re not very good at grading according to the percentages used by the Blue Book, but if it’s 95% (the image is our actual Model 8), the then Walther is worth what we paid — before the Buyer’s Premium. So yeah, we overpaid a little for this little jewel.

We paid, in effect, $400 for each of the three Eastern European guns. How did we do?

On the minty Makarov, near-100% condition, we were shocked to see the Blue Book valued it at only $250-295. The CZ 52 and CZ 70 are worth even less…we took a bath of $100-250 per gun on these. No wonder we won the lot!

And no wonder Rock Island keeps calling us to bid in the next auction. “We got a live one here, Ethel!”

Will we do it again? Yeah. There’s a certain amount of “what the hell” in plugging three holes in your Warsaw Pact collection with a single bid. (We still need a Skorpion SBR, a CZ 82, CZ 83, PM 64 and a few other odds and ends). We also think that the Blue Book is lagging a bit on these prices, as some of the supply of new imports seems to have dried up during the Great Obama Gun Sale-a-Thon Years. We’ll probably upgrade the guns to non-import-marked ones gradually, one at a time, over the next decade or so (the Blue Book says that draws a 30% premium — seems higher in our experience). And we’ll shoot the living daylights out of ’em.

Is Colt Toast?

colt_logo_mWe’re hearing rumblings about something we’ve discussed before: the parlous financial state of the privately held, and hedge-fund-looted, firearms manufacturer, Colt.

Colt’s hedgies (several generations of them, currently Sciens Capital) have taken it through multiple unnecessary reorganizations, each time stripping as much cash out of the company as possible, pocketing as much as they can get away with, and leaving it saddled with unsustainable debt. The company has hundreds of millions in debt that it has no reasonable chance of repaying. Now, faced with inability to pay a $10.9 million interest payment owed this month, the company’s managers seek to stave off default with hedge-fund chutzpah: offering investors the “opportunity” to take a 70% haircut on $250M of their bonds, or, alternatively, the company will bang out bankrupt — in a prepackaged bankruptcy modeled on that of the Government Motors rip-off and using the same obscure section of the bankruptcy code. Like the Chrysler and GM  bankruptcies, this plan will preserve the equity of favored creditors — the hedge fund managers — while ruining, or at least haircutting, disfavored creditors — like the bond holders.

The Colt Official Police, the cop gun of most of the 20th Century (along with its Smith & Wesson competitor). But Colt can't count on half the market any more.

The Colt Official Police, the cop gun of most of the 20th Century (along with its Smith & Wesson competitor). This one’s a little pimped-out for a cop. But Colt can’t count on half the market any more.

Colt bonds have had a very high effective rate, reflecting their high risk, for a long time. In 2012, two or three fits of borrowing ago, it was already 19%, deep in “junk bond” territory. (The $250M they’re trying to replace is 8.75% due in two years, but it’s trading at a deep discount. The new bonds are nominally 10% due in 2023 — as if managers can keep kicking the can down the road another eight years — and they will also trade at a deep discount, if they’re ever issued).

So it’s not as if bondholders didn’t know that theirs was a speculative gamble. But now, Colt is saying, essentially, “give us 2/3 of your investment, or we’ll take it all.” But their move, described in a press release that was slipped onto the Colt site last month, is extremely risky: if they can’t get the bondholders to accept the 70-30 haircut or the prepackaged bankruptcy (“prepack”), bondholders can and probably will sue, plunging the 1858-vintage company into Chapter 11 bankruptcy or even Chapter 7 liquidation.

They’re gambling that the bondholders’ fear of being left holding a bag containing much less than 30% of the company’s capitalization, divided among the holders of $330 or so million in secured and unsecured debt, will be stronger than their indignation at being 70% expropriated so the managers and hedges can be made whole.

Colt All American 2000. Like many flops (Edsel? Anthony dollar? R51?) it's ugly as a mud wallow. The polymer frame version is uglier yet.

Colt All American 2000. Like many flops (Edsel? Anthony dollar? R51?) it’s ugly as a mud wallow. The polymer frame version is uglier yet.

All the borrowing has not been reinvested in products, where Colt lags the market, or production efficiency. While Colt has a proud heritage and many desirable models, they capitalize on the advantages poorly, and, because of management-induced chaos and labor-induced uncompetitive costs, they saw markets they created, like the enormous 1911 pistol and AR-15 rifle, slip away from them.

A couple of years ago, when they thought they could always find a greater fool to flip the junk debt to, the company’s managers bamboozled the State of Florida  and Osceola County into putting up hundreds of thousands in benefits to draw a plant to Kissimmee, Florida, but never took possession of the plant. Colt’s now shaking the county down for another $150k to get the deadbeat firm out of the plant it never installed a single machine in, or hired a single Florida worker for.

UPDATE

Moody’s rates the restructuring proposals credit negative, but doesn’t change Colt’s already low, low, low ratings:

Colt Defense’s Caa3 corporate family rating (CFR) and Caa3-PD probability of default rating (PDR), with a negative ratings outlook remains unchanged. However, on execution of the restructuring transaction, we would consider either the exchange offer or prepackaged plan of bankruptcy, if the company pursues that option, as a default per Moody’s definitions.

Standard & Poors last changed its ratings for Colt in February, downgrading from CCC/Developing/– to CCC-/Negative/–). S&P Capital IQ/LCD’s Restructuring Watchlist welcomed Colt as long ago as September, 2014.

For more information on Colt’s financial state:

ITEM 27 APR 15: “Colt teeters on edge of bankrupcty” a somewhat inflamed analysis by Rich Duprey on The Motley Fool. He also has Colt entering the market for 1911s in 2010, off by a century, with the R1 (a Remington product. Colt of course entered the market for 1911s in 1911 and has never left it).

http://www.fool.com/investing/general/2015/04/27/colt-teeters-on-the-edge-of-bankruptcy-how-this-gu.aspx

ITEM 17 APR 15: The New York Times’s Steven J. Lubbin tries to analyze the bond haircut/prepack offer, and concludes it’s “one of the strangest… ever.” His analysis is a lot less breathless and overheated than Duprey’s.

http://www.nytimes.com/2015/04/18/business/dealbook/gun-maker-colts-curious-exchange-offer.html?emc=edit_dlbkam_20150420&nl=business&nlid=57544040&_r=1

ITEM 15 APR 15: Restoring one’s faith in reporters who actually watch their lanes and do their jobs, the Wall Street Journal’s Stephanie Gleason analyzes the offer, the very day Colt issued it.

http://www.wsj.com/articles/gun-maker-colt-launches-exchange-offer-1429107521

If you’re paywalled out, this Google link should get you in:

https://www.google.com/search?&q=Gun+Maker+Colt+Launches+Exchange+Offer

ITEM 15 APR 15: Colt’s official bond-exchange offer and bankruptcy threat (they call it “reorganization,” but it’s bankruptcy):

http://www.colt.com/ColtintheMedia/PressReleases/tabid/252/articleType/ArticleView/articleId/125/Colt-Defense-LLC-Launches-Restructuring-Transaction.aspx

ITEM (periodically updated): Colt’s Press Release archive:

http://www.colt.com/ColtintheMedia/PressReleases.aspx

ITEM 12 FEB 15: Colt Secures Another Loan, but May Still Miss Bond Payment

http://www.guns.com/2015/02/12/colt-secures-another-loan-but-may-still-miss-bond-payment/

ITEM 15 DEC 14: National Defense (NDIA magazine)’s Guest Commentary:Firearms Maker Colt a Cautionary Tale for Defense Contractors.

http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=1699

ITEM 29 MAY 14: Bloomberg flunky Paul Barrett navigates the hedge-fund guys’ financial maklertum with the assistance of a cast of anti-gun characters, including fellow astroturf anti Richard Feldman and his bogus “Independent Firearms Owners Association.”

http://www.bloomberg.com/bw/articles/2014-05-29/colts-curse-gunmakers-owners-have-led-it-to-crisis-after-crisis

ITEM 26 DEC 12: Colt’s 19% Junk Bonds (by an extremely anti-gun writer)

http://seekingalpha.com/article/1082171-colt-defense-19-percent-yield-junk-bonds

The Gun Feed notches 2 Years

One of our former Weapons Websites of the Week has had a 2-year blogiversary, which we learned through Lee Williams. Lee wrote:

The Gun Feed is celebrating its two-year anniversary, in a market where making it to two years is not an easy task. It’s a major accomplishment.

Kudos to all involved.

Screenshot 2015-05-04 06.57.01

Here’s their press release:

For immediate release:

The Gun Feed Marks its Two Year Anniversary
May 2015 marks the two year anniversary of the launch of the firearm news website called The Gun Feed.

The Gun Feed is a 24/7 news website (Its like Drudge Report, but for guns) that is proudly devoted to the online firearms community. The site showcases the latest firearms news headlines from around the web and is updated many times throughout the day, everyday.

via Congrats: The Gun Feed marks its two year anniversary – The Gun Writer.

We find The Gun Feed and the similar The Gun Wire extremely useful. Not that we’d ever be flailing for blog ideas — Heaven forfend (what we run out of is time to write about the ideas, actually). But if we were, we’d go to those websites and root around for a while. Just like we have some go-to places for .mil and SOF news, we have some favorites for gun news, and “Feed” and “Wire” are both indispensible; and right now the staff of “Wire” are taking a spring break, so The Gun Feed is the only game in town. You might say there’s never been a greater aggregator in the swamp.

Congrats to the staff at The Gun Feed for two years of dedicated service to the firearms community.

Winchester SXP Shotgun Recall

We don’t have one of these things, but if we did would be concerned:

Fortunately, Winchester has a recall program for the affected shotguns. They are the SXP or “Super-X Pump” shotgun. If you do have an SXP, check to see if it’s one of the problem guns. If so, check it. First, is it a 12 Gauge with a 3½” chamber? If not, you’re OK (well, your shotgun is, anyway. Only you can vouch for your general okay-ness). If you have a 12 Ga. 3½” SXP, and it’s one of these submodels, you need to get your serial number out and call Winchester.

  1. SXP Waterfowl Hunter, 26″ or 28″ barrel;
  2. SXP Black Shadow, 26″ or 28″ barrel;
  3. SXP Turkey Hunter, 24″ barrel;
  4. SXP Long Beard, 24″ barrel.

If you have one of the affected guns, call Winchester at 800-945-5372 and they’ll take it from there. (Alternately, you can email to SXP@winchesterguns.com). First, they’ll check the serial number against a list they have (they know when they began fixing this on the production line… if you gun is really new, it might not have any problems, or if it dates from before the manufacturing problem began). Assuming Murphy is still your co-pilot and you have an affected firearm, they’ll walk you through how to return your shotgun for inspection and, if necessary, repair. We suggest that you retain the paperwork involved for the convenience of the next owner. (Although he should always be able to call Winchester and confirm that their records show that the fix has been applied to this particular serial number).

Details of the Winchester recall in a .pdf on the official site:

http://www.winchesterguns.com/support/files/images/wfa/2015-All/2015-Recall-Info/SXP_Recall-Notice_2.pdf

The guy in the video (whose name we don’t know) makes an excellent point: this is why we observe gun safety rules and control muzzle direction at all, repeat all times. If this fellow had shot his kid or hunting partner, our first instinct might have been to say, “Yeah, right, sure he had the safety on, and yeah, he didn’t have his booger hook on the bang switch. Riiiight.” But as you can see from the video, this particular firearm could and did discharge with the shotgun on Safe and no finger anywhere near the trigger. Even six sigma quality control lets a non-zero number of defective products through, and even Remington and Winchester, who make millions and millions of safe guns, have shipped a few lemons. Like this one.

The difference is, a lemon Chevy is a problem for its owner (usually a low-budget car-rental firm). A lemon firearm is a matter of

We doubt our readers are big upland and waterfowl hunters, that’s its own thing, but even if you don’t have one of these firearms, the safety message is universal.

Hat tip, Lee Williams. Spread the word to anybody who’s bought a shotgun lately, and make sure the owner of your local gun store knows about it. These shotguns were intended to kill ducks and turkeys for the table, not unwitting hunters.