via Dilbert
Dilbert 2016-09-06

“Run-Hide-Fight” is the current active shooter (I hate that term, and will use the more accurate “random mass murderer” from here on) response plan for civilians promoted by the Department of Homeland Security.

As you might expect from a federal government organization, fighting with a real weapon isn’t on DHS’s list of responses.

Unlike most colleges in the United States, Liberty University learned from the security failures of Virginia Tech, and instituted campus carry for faculty, staff, and students after that horrific massacre.

Unlike any other “Run-Hide-Fight” video in existence, this video from the Liberty University Police Department incorporates procedures that explain how the police want concealed carriers on campus to respond to a random mass murderer.

It’s an eye-opening video worth watching all the way through, and it’s encouraging that the LUPD has so thoroughly though the probability that if a random mass murderer does attack their school, that officers may encounter multiple concealed carriers before, during, and after engaging the random mass murderer. They have a plan and procedures to deal with armed people, and they won’t immediately start shooting at an armed person unless that person is acting as a threat.

I wish other law enforcement agencies (campus police or not) were as well trained.

It’s worth noting that as a private university, Liberty is free to make policy as they see fit, and they have clearly gone above and beyond what you can expect from most college and university law enforcement agencies.

The post Liberty University Takes “Run-Hide-Fight” To The Next Level appeared first on Bearing Arms.

via Bearing Arms
Liberty University Takes “Run-Hide-Fight” To The Next Level

via The Truth About Guns
Weekend Project: DIY Steel Target Hangers

via Dilbert
Dilbert 2016-09-04

via Gizmodo
Hauntingly Beautiful Drone Footage of a Boat Graveyard

The FBI released documents today about its investigation into presidential candidate Hillary Clinton’s use of a home email server during her time as Secretary of State. After the investigation, the Department of Justice decided not to file charges. Clinton was found to have not deleted sensitive emails, but the State Department called her actions "extremely careless."

The investigation focused on whether classified information was stored or transmitted to the unclassified server. It also looked at whether any top secret information was compromised by unauthorized individuals.

The investigation noted that 81 email chains containing information that ranged from "classified" to "top secret/special access program" level were found on the unauthorized email servers between 2009 and 2013. Of those correspondences, 68 still remain classified. During that time there were two systems used. Initially Clinton used an Apple server, but eventually migrated to BlackBerry. No big surprise there, Apple got out of the server game years ago.

Yet unlike the DNC, it looks like the private servers were not compromised by hackers according to the FBI. But the FBI noted that because it didn’t have an SSL certification from January 2009 until March 2009, it was vulnerable to attacks. It’s worth noting that the Clinton’s asked that the servers be encrypted but that the company managing the system, Platte River Networks never followed through because it said it would interfere with system administrators that were troubleshooting accounts.

During her time as Secretary of State, Clinton used a personal BlackBerry for her personal and official email because she didn’t want to carry two devices. She did tell the FBI she asked for a secure BlackBerry but doesn’t recall why she never received one. Also, while an email system admin says he remembers her using two phones during her time as Secretary of State, Clinton and others stated she only used a flip phone while in the senate.

When the FBI presented the classified correspondences found on her personal server to her, Clinton said she did not believe the emails contained classified information.

The documents also include information about failed spearphishing attempts and information about an interview with hacker, Guccifer who admitted he lied to FOX news about hacking into Clinton’s email account and the FBI’s interview with Clinton.

Source: FBI

via Engadget
Read the FBI’s Clinton Investigation documents for yourself

The FBI released 58-pages documents on Friday detailing its investigation into Hillary Clinton’s use of a private email server while she was secretary of state, and a summary of her interview with agents, providing the most thorough look yet at the probe that has dogged the campaign of the Democratic presidential nominee. CNN reports: Clinton repeatedly told the FBI she lacked recollection of key events. She said she "could not recall any briefing or training by State related to the retention of federal records or handling classified information," according to the FBI’s notes of their July 2 interview with Clinton. Fallout from Clinton’s use of a private email server continues to dog the Democratic presidential nominee’s campaign, as her lead over her Republican counterpart Donald Trump has been cut in half since her post convention bounce last month, according to CNN’s Poll of Polls released Thursday. Trump and other Republicans have stepped up their attacks connecting the emails to questions over whether Clinton gave preferential treatment to donors to her family’s foundation. The bureau is making the information public in response to numerous Freedom of Information Act requests, including from CNN. "Today the FBI is releasing a summary of former Secretary of State Hillary Clinton’s July 2, 2016 interview with the FBI concerning allegations that classified information was improperly stored or transmitted on a personal e-mail server she used during her tenure," the agency said in a statement. "We also are releasing a factual summary of the FBI’s investigation into this matter."

Read more of this story at Slashdot.

via Slashdot
FBI Releases Hillary Clinton Email Report

If you thought the spirit of small shop entrepreneurs was drying up across America, you are way wrong. At a recent gun show I watched as a two person team hustled their wares from three tables along a busy aisle of gun and knife buyers. They were making holsters right on site.

The team of Erin Herrington and John Allen work for their outfit they call Tac My Girl, LLC in Mississippi. With one table full of Kydex holster blanks and the other tables set up as a molding station, these guys can produce holsters for just about any pistol on the market. And this is done while the customer stands and waits for the finished product.

On display are over a hundred holster blanks offering a variety of color graphics from the American flag, camouflage patterns, the Punisher face, political remarks, symbols of many descriptions, trademark logos, snake scales, and much more. Also available are holster blanks in universal black and many solid colors for multiple applications including concealed carry, law enforcement, hunting, security or just personal preferences.

On the table also are mold guns of nearly every model available today. All the consumer has to do is identify their own personal gun, pick out a color or graphic holster blank and the team molds the holster right on the spot. The mold gun model is inserted into the blank, which is put into the heated molding “oven” press. The Kydex plastic blank then forms around the exact shape of the pistol mold.

The holster technician then uses a hot blow gun to customize the pistol mold to the holster for a proper fit. This allows enough friction to hold the gun in the holster firmly, but also permits a quick release with appropriate withdrawal pressure.

Once the molding is complete, the technician then attaches the holster carry accessory of choice which includes a traditional belt slide, an IWB clip, or a spring steel clip to simply slip the holster over the pants belt. Special belt slide leather “wings” can be added to the sides of the holster if the customer wants a wider belt slide set up, popular for bigger pistols.

Prices on site range from $35 to $50 depending on the blank. Plain black is on the least expensive end to a full color graphic on the higher side. The cool part is that the buyer gets their custom molded holster right at the show, ready to carry and go. You can contact these guys at tacmygirl@gmail.com.

The post Small Shop Entrepreneur Molds Gun Show Holsters appeared first on AllOutdoor.com.

via All Outdoor
Small Shop Entrepreneur Molds Gun Show Holsters

Since PHP 7.0 has been released there’s more attention on scalar types. Keeping types for data from within your application is relatively simple. But when talking to external systems, like a database things aren’t always as one eventually might initially expect.

For MySQL the type we see — in the first approximation — is defined by the network protocol. The MySQL network protocol by default converts all data into strings. So if we fetch an integer from the database and use PHP 7’s typing feature we get an error:

<?php
declare(strict_types=1);

function getInteger() : int {
  $mysqli = new mysqli(...);
  return $mysqli->query("SELECT 1")->fetch_row()[0];
}

var_dump(getInteger());
?>

Fatal error: Uncaught TypeError: Return value of getInteger() must be of the type integer, string returned in t.php:6

Of course the solution is easy: Either we cast ourselves or we disable the strict mode and PHP will cast for us.

Now let’s take a look at another case. Assume we have an application where we fetch an integer ID from the database. We know MySQL will send us a string and we treat the ID as opaque data anyways so we have the type check for a string. Now we refactor the code slightly and make use of prepared statements. What will the result be?

<?php
declare(strict_types=1);

function getId() : string {
  $mysqli = new mysqli(...);
  $stmt = $mysqli->prepare("SELECT 1");
  $stmt->execute();
  return $stmt->get_result()->fetch_row()[0];
}

var_dump(getId());
?>

Fatal error: Uncaught TypeError: Return value of getId() must be of the type string, integer returned in t.php:8

Wait! – What’s up there!? — Didn’t I just say that the MySQL protocol will always send a string, thus we retrieve a string in PHP!? – Yes I did and that’s true for "direct queries." It’s not true for results from prepared statements. With prepared statements the MySQL protocol uses a binary encoding of the data and therefore mysqlnd and mysqli will try to find the matching PHP type. This isn’t always possible, especially if we’re going into the range of big values. So let’s query for PHP_INT_MAX and PHP_INT_MAX+1 and look at the types:

<?php
$mysqli = new mysqli(...);
$stmt = $mysqli->prepare("SELECT 9223372036854775807, 9223372036854775808");
$stmt->execute();
var_dump($stmt->get_result()->fetch_row());
?>

array(2) {
  [0]=>
  int(9223372036854775807)
  [1]=>
  string(19) "9223372036854775808"
}

Here 9223372036854775807 is the largest value a PHP integer can represent and thus is an integer. 9223372036854775808 however is to large and can’t fit in a signed 64bit integer thus it is converted in a string, as this keeps all information and can be handled at least to some degree.

Similar things happens to other types which can’t be properly represented in PHP:

<?php
$mysqli = new mysqli(...);
$stmt = $mysqli->prepare("SELECT 1.23");
$stmt->execute();
var_dump($stmt->get_result()->fetch_row());
?>

array(2) {
  [0]=>
  string(4) "1.23"
}

Yay – yet another wtf! So what is going on this time? — Well, a literal in SQL is treated as DECIMAL. A DECIMAL field is supposed to be precise. If this were to be converted into a PHP float aka. double we probably would loose the precision, thus treating it as string again makes sure we’re not loosing information. If we had a FLOAT or DOUBLE field this could safely be represented as float in PHP:

<?php
$mysqli = new mysqli(...);
$stmt = $mysqli->prepare("SELECT RAND()");
$stmt->execute();
var_dump($stmt->get_result()->fetch_row());
?>

array(2) {
  [0]=>
  float(0.16519711461402206)
}

So to summarize:

• For a direct query the MySQL server sends strings, PHP returns all data as string
• For prepared statements MySQL sends data in binary form and PHP will use a corresponding type
• If the value could only be represented with a potential data loss in PHP it is converted to a string by PHP, even with prepared statements

Now we might expect the same when using PDO. Let’s check:

<?php
$pdo = new PDO("mysql:host=localhost", "...", "...");
$stmt = $pdo->prepare("SELECT 9223372036854775808, RAND()");
$stmt->execute();
var_dump($stmt->fetch(PDO::FETCH_NUM));
?>

array(2) {
  [0]=>
  string(1) "1"
  [1]=>
  string(18) "0.3217373297752229"
}

This example uses prepared statements, but returns strings!? The reason is that PDO by default doesn’t use prepared statements on the network layer but an emulation within PHP. This means PHP will replace potential placeholders and then runs a direct query. As mentioned above with a direct query the MySQL server will send strings, thus PHP will represent all data as string. However we can easily ask PDO to disable the emulation:

<?php
$pdo = new PDO("mysql:host=localhost", "...", "...");
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$stmt = $pdo->prepare("SELECT 1, RAND()");
$stmt->execute();
var_dump($stmt->fetch(PDO::FETCH_NUM));
?>

array(2) {
  [0]=>
  int(1)
  [1]=>
  float(0.24252333421495)
}

This leaves the question whether you should disable the emulation in order to get the correct types. Doing this has some impact on performance characteristics: With native prepared statements there will be a client-server round-trip during the prepare and another round-trip for the execute. With emulation only during the execute. The native prepared statements also require some server resources to store the handle. However if a single statement is executed multiple times there might be some savings. Also the type representation means that different type conversions happen and a different amount of data is transfered. For most cases this shouldn’t have notable impact, but in the end only a benchmark will tell.

Hope this helps to give a better understanding, or more confusion

PlanetMySQL Voting: Vote UP / Vote DOWN
via Planet MySQL
Types in PHP and MySQL