How long can you safely store a loaded mag before the spring weakens and causes misfires?
The answer to that depends on the magazine manufacturer. Cheaper magazine manufacturers, especially ones with polymer feed lips, are more prone to failure. Not of the spring, but of the magazine itself. Scorpion had a well documented issue with that. It turns out that the factory Scorpion magazines would dry out when left in a dehumidified safe for long periods. That’s why the Scorpion PMAG is a better choice than the factory one.
The damage is done by compression and decompression of the spring. The more cycles that a spring goes through, the more it weakens it. I wouldn’t worry, however. It takes thousands of cycles to wear out a spring. Still, I think of magazines as consumable items, which is why I have so many of them.
Why the waste of space with the foam? Load the cans tight for maximum capacity I would think. Same stuff in one can; label the can and move on. If one can is to be an assortment, say so on the can and ID the contents so it is obvious to what each one is
That was actually what I was doing up until now. What I got was cans that either contained a bunch of different mags in the same can, or the can wasn’t full. Example. Let’s say that I have a bunch of Smith and Wesson magazines:
12 magazines for a Shield 9mm
8 magazines for a Shield 40S&W
6 magazines for a Shield Plus
30 magazines for an M&P9 9mm
12 magazines for an M&P9C 9mm compact
12 Magazines for an M&P40 .40S&W
That’s 80 magazines. They will likely fit into one caliber can, but they aren’t cross compatible. The worst part is that some will fit in the handgun, but not function. For example, an M&P9 magazine will fit in the M&P40, but you don’t want to attempt to fire it like that. So with this system, good luck finding the right magazine in a hurry.
Another reason for padding them is preventing damage. One of the biggest reasons for malfunctions in a quality handgun (that isn’t a 1911) is a damaged magazine. My carry guns are life saving equipment, as far as I am concerned. The number one quality that I need in a carry gun is reliability. I need to know that it will go ‘bang’ every time I squeeze the trigger. Since quality handgun magazines cost anywhere from $35 to $60 each, having 100 magazines is a significant investment. By padding my magazines, I am protecting them and my investment. I lower the chances of malfunction which will, at best cost me some range time and money replacing it, and at worst will cause a malfunction during a firefight.
That’s also why I number my magazines. I know which ones have malfunctions. Note that number 2 and 5 are both missing in this picture. It’s because they are currently loaded and ‘in use’ by one of my handguns.
It’s a simple numbering system. If it starts with a 9, it’s a magazine that will fit the S&W9. If it ends in a “c” it’s for the M&P9C. This makes sense in my mind, because the compact can accept the full sized mags (but not vice-versa). The magazine numbers that start with a ‘G’ are for the Glock 19. (That’s the only model of Glock that I have, thanks to Project Gaston)
A similar code works, with the M&PShield Plus mag numbers all starting with ‘P’, the 45 magazines starting with ’45’, etc. I have a spreadsheet* that I use to track magazines, ammo, firearms, and firearm spare parts.
*I also keep a list of spare parts on hand: springs, firing pins, sights, and other fiddly bits. That’s why I have so many M&Ps: common spares, and the best spare part is simply having a spare pistol. Not only that, but I also know how to detail strip and troubleshoot the M&P series very well, which simplifies repairs. The Glock is easy to do the same with, but I generally don’t like the way that the Glock fits my hand. I’m still learning all of the ins and outs of the AR system.
We talk about gear, we talk about kits. What about skills? When it all falls apart, what do you know how to do? I have a pretty good set of skills, and many of them will allow me to trade and participate in an EOTWAWKI society. I am certified or skilled as:
a nurse and paramedic
an electrician, having been trained to do so in the military
an electric motor repairman. I can rebuild, repair, rewind, and completely overhaul electric motors and generators. Again, military.
A master SCUBA diver
I can maintain and perform simple to moderate repairs on a variety of firearms.
I can do simple machine work.
I can do simple auto and machinery repair. (Things like power transmissions and gear boxes)
a HAM radio operator
I can do simple welding, brazing, and cutting, along with some metal work.
I can perform simple electronic repairs
I am always looking at adding to my skillset. Be as widely skilled as you possibly can. Everything that you learn is something else that you know. You never know which skill it will be that saves you or your life.
I have a great set of tools, measuring equipment, and a pretty well equipped workshop.
I am planning on buying a MIG welder in the near future.
I have spares in stock for firearms like sights, springs, and other parts. Electrical parts, magnet wire, bearings, brushes, switches, light bulbs, and other parts.
Parts for the cars like brake pads, fuses, motor oil, and spark plugs.
Spare radios, antennas, and coaxial cable.
All of this puts me in a great place to be an asset to my neighbors and community. Don’t be a sponge, be a contributor. Be the person that others want on their team.
There are many people who say that they don’t trust some version of online business, whether it be passwords, password wallets, or some other version of encryption security. They claim that by keeping their passwords on paper, that this is a higher level of security than storing it on their computer. They are right, and they are wrong. The answer to this lies in the way that encryption works. I am greatly simplifying this, so it will be a bit easier to understand.
All digital encryption works using the same basic principles. Digital encryption is simply a very complex math problem where there is a formula that permits only one answer to a problem posed by the number that is put into it, the password. The output that results from the password being run through the algorithm is called the hash. There can only be one hash for each password. Password hashing is typical on the server side when the server operators don’t need to know the plaintext password, they just need to demonstrate that the user knows the plaintext.
A common hash function is Message-digest algorithm 5 (MD5), which takes a message of any length as input and converts it to an output of a fixed 128-bit hash value length to be used for authenticating the original message. Here are a few examples of what a hash looks like:
When you enter your password into a website, it is converted into a hash. If the hash matches the one that is on file, the website grants you access.
Small changes matter a lot – Take a look at examples 1 and 2. Just one digit has been shifted, from an “o” to a “0.” This is a very small change, and yet the second output is unrecognizable from the first.
The output length never changes – The input in example 3 is considerably longer than the other examples, yet it produces an output of the same length (32 characters). You could input an entire book into the md5() hash function and you would still get a 32-character string as the output.
Repeatable – An input will always give the same output when hashed using the same function. If this weren’t the case, they would just be generating a random output, which would be useless for passwords. (I included the same function in example 1 as example 4 just to see if you were paying attention.)
Knowing that hashes are the same length regardless of the password you choose, you might be tempted to pick a short, memorable password. In fact, you should do the opposite. The password you choose is critical for keeping your data secure. Why is that?
MD5 isn’t the only hashing algorithm. There are others, like the SHA-2 hash code family, one widely used today, with algorithms that are longer and harder to break. The names of SHA-2 algorithms are connected to length, so SHA-224 represents 224 bits in length. The same format works for SHA-256, SHA-384 and SHA-512. The more bits in the hash, the more complex and difficult it is to break, and the longer an input password that can be used.
If a website is hacked, cybercriminals don’t get access to your password. Instead, they just get access to the encrypted hash created by your password. It’s impossible to reverse a hash function, so trying millions of combinations to try and produce the same hash (a brute-force attack) is the way that hackers have been attacking passwords.
So that’s what they do. They breach a website because they want the hashes. Banks, Home Depot, Amazon, all of the breaches that you hear of where passwords are compromised, that’s what they are after. That’s what happened to LastPass, as well. They got the password wallets, which included the hashes for the master passwords.
Once a cybercriminal obtains password hashes from a website, the real process of password hacking begins. This process happens offline, on the cybercriminal’s computer. Cybercriminals put combinations of characters into a hashing function until a hash that matches yours is created.
Because the functions themselves are well known, password cybercriminals can easily calculate hashes for known words and other commonly chosen combinations. Then they scan for known hashes using commercially available cracking tools. These dictionaries go far beyond simple words. They include prefixes, suffixes, the practice of changing letters for numbers (e.g. 1 instead of l), and much more. This means weak passwords can be broken very quickly. Humans suck at random. That’s why human created passwords are garbage.
A long password is better, because it takes more to guess a long password than a short one. A random one is better, because this foils dictionary attacks. Not reusing passwords is a way to keep a hash found on one website from being matched with others.
69% of people admit to sharing some passwords with others
71% of people admit to using common passwords like p@ssw0rd, their pets’ names, or children’s birthdays
72% of people admit to reusing the same password on 4 or more accounts
56% of people claim that they would not use passwords at all if they could
The average user has 25 online accounts but uses just 6.5 passwords to protect them
So why does all of this matter? If you write your passwords on a piece of paper and then burn the paper, no one will ever get the passwords, but the hackers don’t care. They want the hash so they can brute force your passwords. It doesn’t matter if YOU use electronic password storage, because any company that you do business with does, but in the form of hashes. Using a password notebook like this one keeps the password out of electronics, but that doesn’t secure the hash.
They are so fast, that number-only passwords are useless. Even if you choose a good combination of letters, numbers, and special characters, passwords of eleven characters or less will be brute forced before a company even notifies the public of the breach. A series of leaks over the past few years containing 100 million passwords have given hackers dictionaries of passwords from people in different walks of life. The ever-growing list of leaked passwords allows programmers to write rules that make cracking algorithms faster and more accurate; password attacks have become cut-and-paste exercises that even script kiddies can perform with ease.
That’s why I was so pissed at LastPass for not disclosing the breach for months. How long is your password, what does it consist of, and how would it fare if the black hats had the hash to play with for 3 or 4 months? What if the black hat uses more than one computer?
That’s why, for now, I recommend that you use a randomly generated password comprised of numerals, special characters, uppercase, and lowercase letters, and your password should be no fewer than 17 characters long. Do not use words, even with common misspellings. Dictionary attacks live on words like p@ssw0rD123.
Diceware has a flaw in that it is susceptible to dictionary attacks. There are only 7,776 words in the diceware word list. Using that list to generate 4 words results in 3.6 quadrillion possible word combinations. That’s a lot for a human to guess, but a trivial exercise for a computer making a few billion guesses per second. If no other randomness is inserted, a 4 word password generated by diceware would be cracked in less than 3 hours. There was a time when diceware was a good idea, but increases in computing technology have made it useless.
That same technology makes other schemes just as useless: fingerprints, facial recognition, and others. A strong, random password and a hardware key are currently the only secure methods for identifying valid, authorized users.
There are new hashing algorithms that complicate the process of cracking, like SHA512, Bcrypt, or PBKDF2. The complexity of the math involved limits the speed of those cracking computers to less than a 10,000 guesses per second, which greatly increases security. However, it costs money for a business to stay current with this kind of technology, and many companies just aren’t willing to spend the cash. That means it is up to YOU to keep your password long and complicated.
Don’t be complacent. There was a time when an 8 character password was nearly impervious to attack.
Earlier in the year, I was talking about using a password manager to secure your passwords. I have been using LastPass for the past 8 years. As I discussed previously, LastPass had a security breach last summer. That breach involved the exposure and loss of their customer database. This handed the black hats all of the encrypted data of their customers. It was simply a matter of time before the bad guys used password cracking tools to decrypt customer password files.
So I did the sensible thing and changed all of my passwords, beginning with the most sensitive ones: email passwords, passwords to financial websites, and on down the list to the least important. It took several weeks to change hundreds of unique passwords. I also changed the master password. The next step that I took was to add MFA by using Yubikey. All of my data is now secure, and anything they have is no longer relevant.
I don’t blame LastPass for the fact that they had a breach. Everyone is a target, and a company like LastPass is a bigger target than most. No, what made me upset was that the breach happened in August, but they didn’t disclose it until November. They denied that the bad guys had gotten encrypted password wallets at first, then finally admitted in December that the password wallets had been lost. So the bad guys had our vaults for months before LastPass bothered to tell anyone. Months to brute force passwords, time to steal, and time is all they need.
They still are slowly releasing information in dribs and drabs. It comes out that the database was stolen because one of their engineers was permitted to have access to the servers from his home computer. That computer was compromised, which allowed the hackers to access corporate information. Now, password vaults are all encrypted and no one but the user has access, but still. Who does this? Home access to sensitive information? There is also the fact that they hid this information for over 9 months. That’s just too shady for me.
I didn’t want to change from LastPass, but this is the last straw. They just are not trustworthy. This isn’t the time to be cute and try to spin this from a PR perspective. This is a much bigger deal than just bad publicity. People’s information that YOU are supposed to safeguard is at stake. I no longer recommend LastPass as a viable password vault application.
Your master password in a password wallet is the one that is used to encrypt the digital vault that stores your passwords. It may be your PGP passphrase, if you are old school enough to be using that software. Whatever your reason, a strong password is important. My master password is not actually a word. I use pass phrases. Let me explain: Suppose that I pick a mashup of the opening to the Gettysburg address and a nursery rhyme:
Four score and seven years ago, our fathers brought forth on this continent a new nation, Mary had a little lamb, its fleece was white as snow
The master password is made by mashing it into numbers, letters, and symbols. Words that are numbers become numbers, that are symbols become symbols, the remaining words, I just use the first letter, like this:
4 s & 7 y a, o f b f o t c a n n, M h a l l, i f w w a s
Now take out the spaces, and your new master password is: “4s&7ya,ofbfotcann,Mhallifwwas” It’s easy to remember, nearly impossible to guess, and at 29 characters is very difficult to brute force. This password is also guaranteed not to be on a list of common passwords that many black hats use to guess passwords. A long, difficult to crack master password buys you time to make the data it is protecting obsolete. That’s what I did. All of my master passwords are AT LEAST 25 characters long.
The black hats are large in number, and stealing personal data is the new currency. Make yourself as difficult a target as possible.
So there is some discussion about FMRS vs. HAM vs. GMRS vs. CB. Each one has its advantages and disadvantages. CB is high frequency (HF), FRS and GMRS are Ultra High Frequency (UHF), while MURS is Very High Frequency (VHF). HAM can be all three. Let’s take a look:
No License Required
CB Radio: Citizen’s Band, 11 meter band (~27 mHz)
CB doesn’t require a license, nor is it very regulated. CB’s biggest advantage is also its biggest disadvantage: So many people have them that it’s easy to use them to contact people not in your group, but its also a disadvantage because so many people are both listening and talking over you. Just tune to channel 6 some time and listen to the yahoos talking over everyone with their illegal high powered sets. There are people there that are transmitting with thousands of watts of power. Another big disadvantage is that there are only 40 channels. Sure, you can try tricks like SSB, but if you are going to do all of that, there are better formats than CB. Police are known to routinely monitor CB radio, especially near major highways. I’m not much of a fan of CB. That may be a plus or a minus, depending on whether or not you want to talk to them. Radios run anywhere from $50 on up.
FRS: The Family Radio Service, 462-467 mHz
FRS is a channelized FM radio service that allows families to talk to each other. There are 22 channels dedicated to this service, with channels 8-14 (467 mHz) restricted to 500 milliwatts, and the rest (462 mHz) permitted up to 2 watts. All 22 channels are shared with the GMRS. No license is needed, but like CB, you are limited to certain channels, so traffic may become an issue. They can use tone coded squelch to cut down on congestion, but remember that people not using it can still hear everything you say. The radios must use permanently attached antennas, and this is done because the antennas themselves are designed to limit the range of the radios. Expect the range on these to be somewhere around three quarters of a mile in realistic conditions. Repeaters, phone patches, and the like are prohibited by law on FRS. Radios cost anywhere from $20 on up.
MURS: Multi Use Radio Service
MURS is a UHF service that uses 5 channels in the 151 and 154 mHz band. Up to 2 watts is permitted. No license is required, and there is very little traffic on these channels, but there are a wide variety of radio products that use MURS frequencies. MURS devices include wireless base station intercoms, handheld two-way radios, wireless dog training collars, wireless public address units, customer service callboxes, and wireless remote switches. That may or may not mean interference.
GMRS: General Mobile Radio Service
This service uses the same channels as FRS, plus an additional 8 channels, for a total of 30. Using these does require a license, but the only real requirement to get one is to be 18 years old, register, and pay a fee of $35. The license is good for 10 years. One license is good for your entire family. Anyone not in the family must get their own license. Transmissions must periodically include the station’s license callsign. If you are using a repeater, the repeater can be used to do that automatically. With the GMRS, you get the 8 extra channels, the ability to use repeaters, and better antennas. This means handheld units get a range of about 2 miles, vehicles about 5, and using a repeater with an antenna on top of your house can get you 20 miles or more of range. Those 8 extra channels are allowed up to 50 watts. Radios are about the same cost as FRS, $20 on up.
HAM radio: VHF, UHF, and HF
HAM radio does require a license, but it allows you a great deal of flexibility. The license isn’t too difficult. The easiest one to get is the technician license, and that requires a small fee and a relatively easy test on basic electronics. With that license, you are good to go on HF, VHF, and UHF. Since there are no channels, you literally have thousands of possible choices. This means that the frequencies will be largely unused and not congested.
Here is what I have done: The only choice from the above list that I don’t have is MURS, but I can program the Baofeng to transmit there, if I have to. In my shack, I have radios that cover GMRS, FRS, and CB, as well as HAM. I like to be as flexible as possible. There is a small antenna farm in my attic.
Each of the above has its own advantages and disadvantages. The disadvantage to a channelized system is that users will be compressed into a limited number of channels. They all have one major disadvantage: they are unencrypted. That means working out code phrases that aren’t obviously code phrases: “John has a long mustache. The chair is against the wall.” Asking someone how Frank is doing could mean something that is known only to the two of you.
The advantage to a non-licensed system is that your friends and neighbors can communicate with you without the need for them to have a license.
Different frequencies and power levels allow you to play physics to your advantage. VHF is easily refracted by vegetation but doesn’t penetrate buildings or rocks very well. UHF penetrates buildings better. A VHF transmission in the woods at low power is unlikely to be intercepted. UHF at low power is great for a block or two in the city, and beyond that is unlikely to be intercepted as well.
If I were to have just one, HAM is the way to go. After that, my second choice would be GMRS.
With things appearing to deteriorate on a constant basis, I think that it is a good idea for this blog to be a bit more proactive in not just commentary, but in tidbits that people can use. After all, that is why I store and distribute training manuals with the link that the top of the site. With that in mind, I want to put more information out there.
Let’s do communications for this post. It is difficult to fight and resist oppression if you cannot communicate. You also don’t want the secret police rolling you up too easily. When the DOJ was conspiring to overthrow Trump, they were well aware of the NSA’s capabilities, yet they chose to communicate with each other through HAM radios to coordinate this effort, even though such use was in violation of Federal law.
The National Security Agency (NSA) picks up and records almost all electronic communications, thereby effectively wiretapping telephone conversations, email, and practically everything else we send out electronically. What the NSA doesn’t get, their partners in social media and at Google do.
The wife of a Deputy Director of the DOJ was coordinating this attempted coup, and would be well aware of the NSA’s capabilities. There are many technical reasons why spying on HAM radio would be a nearly impossible task. Just by using the frequencies and methods permitted to a person with a Technician license, there are thousands of available channels. Toss in the various modes like Digital, SSB, USB, AM, FM, CW, etc., and then consider that the higher frequencies are short range and would require hundreds of listening stations in every state, and it becomes a very difficult proposition to monitor HAM radio.
A HAM radio running low power on VHF or UHF would be audible for less than a mile or two, making interception a difficult process, at best. A high quality handheld radio that is capable of both the VHF and UHF bands can be bought for about $20. I bought a few of these to loan out to people in an emergency. You can get a nicer one for $70, and that is the one I use. I still own a nicer, far more expensive Yaesu that cost me almost $400, but I have found that the Baofeng works just as well at a fraction of the cost.
I am currently reading “The Guerrilla’s Guide To The Baofeng Radio” and I think it is a great book, full of both technical and practical tips to using this radio. It’s well worth the $23 it cost me. There are other ways to communicate, and we will talk about them later.
Now, the disclaimer: I don’t advertise, and receive nothing for my reviews or articles. I have no relationship with any products, companies, or vendors that I review here, other than being a customer. If I ever *DO* have a financial interest, I will disclose it. Otherwise, I pay what you would pay. No discounts or other incentives here. I only post these things because I think that my readers would be interested.