samizdat: 3dp Defense SuperPAC

brought to you by d33pthought

about

what is this

• 3d printed firearm & firearm accessory models - for now nearly all from deterrence dispensed public pages
• verification signatures for models
• literature related to 3dp defense

why is this

• organization: it's hard for even long-standing community members to find content given patchwork disparate sources for related files
• security: reduce community attack surface by signing files
• redundancy: more sources makes it harder to censor content
• replicability: git infrastructure makes it easy to clone & modify in organized fashion
• forkability: if you want to modify/adapt you can have it your way
• git architecture well-balances advantages of centralization (replicability) & decentralization (forkability)
• freshness: fosscad is fantastic but is not frequently updated & contains stale models that make the repo much larger
• this doesn't exist yet

but but but

• "but this isn't needed!" - then don't use it
• "but simple hashes are as good as PGP ring signatures!" - no, they're absolutely not

models

pistol frames by manufacturer pattern

• glock
  • G17 F17 Free Folk Measure Up by d33pthought - FMDA DIY-rails frame revision [trailer]
  • G17 by FMDA [trailer] [fosscad]
    • DIY rails: [spee.ch]
    • P80 rails: [spee.ch]
  • G19 by FMDA:
    • DIY rails: [spee.ch]
    • P80 rails: [spee.ch]
  • G26 by FMDA:
    • DIY rails [spee.ch]
    • P80 rails [spee.ch]
  • G43 SS80 by FMDA [spee.ch]
• ruger by FMDA:
  • SR9 [spee.ch]
  • SR9C [spee.ch]
• S&W by FMDA:
  • SD9 [spee.ch]
  • SD9 - glock mags [spee.ch]
  • M&P Shield [spee.ch]
• EAA by FMDA:
  • EAA Witness 9mm [spee.ch]
  • EAA SAR K2P 9mm [spee.ch]
• diamondback by FMDA:
  • DB380 [spee.ch]
• hi-point by CTRLPew:
  • Lo Point [trailer] [spee.ch]

rifle / subgun receivers

• Tec9B Ghetto Blaster by FMDA [trailer] [spee.ch]
• Vz61 Skorpion by FMDA fosscad]
  • standard FCG [spee.ch]
  • AR15 FCG [spee.ch]
• AR15 .22lr Lower by FMDA [spee.ch]
• Plastikov by Ivan [trailer] [spee.ch zip]

hybrid/custom builds

• PolyPlinker by Point9cmBenis [spee.ch]

magazines

• AR15 30 round by Ivan & FMDA [spee.ch]
• Glock 17 round Menendez Mag by Ivan [spee.ch]
• Glock 33 round Extendez Mag by Ivan [trailer] [spee.ch]
• Glock +2 Extension by WindowsTheOS [spee.ch]
• AR15 Mag Extension by FMDA [spee.ch]

other

• Brass Catcher by Ivan [spee.ch]
• M&P Shield Holster by RedYankee [spee.ch]
• DDA3V4 Pistol Brace by Aeonicentity [spee.ch]
• “Moms Demand Full Auto” Swift Link by FMDA [spee.ch]
• suppressor baffels by KadeCAD [trailer]
• milling jigs by CTRLPew:
  • AR9 80%
  • AR15 80%
• ECM barrels by Ivan

verification

PGP ain't perfect, but it's useful. It can be used to increase confidence you are working with valid model files that haven't been tampered with. The details of installation/use will vary depending on computer platform (duckduckgo is your friend). Examples below are those that work in a modern linux environment.

• detached model signatures are included in this repo with a file hierarchy mirroring the repo files. also included are sigs for the zips that are listed on Ivan's pages
• public pgp keys:
  • d33pthought:
    • github key: 6B2062CCB178107C9FC3CA3209978FA36F146505
    • github signing subkey: 10DBC5509AF9E4DE58A7937C21A5E4B5F4209362
    • keybase: 85C2CE700955C042689F32CFC8597C06BED287DA
  • ctrlpew: 7E661D686F0CDA8B
    • downloaded via keybase in early Jan 2020 - no additional verification performed
    • (ctrlpew is only det_disp admin with listed public pgp key)

Overview:

• start with file to verify, a signature that corresponds that file, and the public key used to create the signature
• use the verified signature to check if the file is valid

Steps:

• obtain public key of signer
  • e.g. obtain d33pthought's public key from github repo, keybase, and another trusted individual and notice that it's the same from all sources. in this repo it is contained within the public_keys directory
• import the public key:
  • gpg --import PUBLIC_KEY
  • this adds the public key to your local public key ring (a collection of public keys)
• check that it's imported and note the key's keyid:
  • gpg --list-keys --with-subkey-fingerprint
• check the file against the signature
  • gpg --verify SIGNATURE_FILE FILE_TO_VERIFY
  • e.g. for f17 stl from this repo's root directory: gpg --verify 01_verification/detached_model_signatures/02_pistols/f17_d33p_ffmu/models/f17_d33p_ffmu.stl.asc 02_pistols/f17_d33p_ffmu/models/f17_d33p_ffmu.stl
  • similar to verifying the signature, in the output should be:
    • using key - with the appropriate keyid
    • "Good signature"

When is this useful? If you obtain the file, signature, and key from the same source then this is pointless because all three could have been tampered with. If you obtain the public key from a trusted source then this procedure provides a degree of confidence that the file has not been tampered with.

literature

• included selections from the Mises Institute
• external:
  • Unintended Consequences by John Ross

links

• groups
  • deterrence dispsensed
    • keybase
    • ready to print projects on Ivan's page
  • fosscad
    • maduce git repo
    • main site: simple & fancy
    • IRC via hexchat
    • keybase
• media
  • the signal - ghost boi
• community links
  • spooky rails
  • blaster at your side
  • ctrlpew
  • guns 'n bitcoin