Re: [Debconf-discuss] US laptop ban and DebConf

2017-03-25 Thread Russ Allbery 
martin f krafft  writes:

> … at least not while we're flying in airplanes where toys with bluetooth
> are taken off children (just happened…). Since the aircraft can be
> disturbed with Bluetooth, I think we have a slew of other issues anyway,
> so it's hard to see the tree in all that forest.

Note that the second sentence doesn't really follow from the first.  The
idea that this stuff interferes with airplane navigation equipment is
mostly nonsense.  (I only say mostly because there have been some
*remarkable* security flaws in airplane software.)

Unfortunately, air transportation safety in the last thirty years or so
has entered some bizarre zero-fact zone where the public statements from
the people responsible for safety protocols are completely unbelievable
nonsense, like the idea that a cell phone might interfere with airplane
navigation, or like the idea that 95% of the stuff confiscated at
checkpoints has anything whatsoever to do with aircraft safety.

In some cases, these policies may be hiding real security threat models.
I suspect there are more legitimate threat models underlying this crap
than we're giving them credit for.  But because nearly all of the public
statements are such total absurdity, and because at least in the US the
screeners are so maniphestly incompetent given even their own internal
testing, they've burned their credibility so completely that it almost
doesn't matter any more.  We're in this weird state where actual
legitimate policy may or may not be buried under a layer of unjustified
ass-covering, but all one can actually see is the ass-covering and
blame-shifting.

Airline safety has been a completely bipartisan failure in the United
States.  The last three administrations have been equally bad, regardless
of political affiliation.  The FAA and the TSA just pile new rule on top
of new rule with no defensible public justification other than furious
flag-waving and vicious attacks on anyone who questions them.  It's sad;
the TSA was never any better than marginal, but I used to have real
respect for the FAA as a fact-based, thoughtful, methodical investigative
body grounded in real science.

-- 
Russ Allbery (r...@debian.org)   
___
Debconf-discuss mailing list
Debconf-discuss@lists.debconf.org
http://lists.debconf.org/mailman/listinfo/debconf-discuss

Re: [Debconf-discuss] US laptop ban and DebConf

2017-03-25 Thread martin f krafft 
also sprach Russ Allbery  [2017-03-25 19:36 +0100]:
> It's very difficult to figure out the threat model under which
> moving electronics, containing lithium-ion batteries no less, from
> the passenger cabin to the cargo hold makes the plane safer.  And
> of course no one who knows is saying anything at all useful.

Shouldn't be impossible to have the laptop running and providing
a Wifi network to which I then connect from the passenger level.
Then I can basically do anything I want anyway. In short: if this
were a threat, laptops would need to be banned from all baggage. But
I don't see this threat.

… at least not while we're flying in airplanes where toys with
bluetooth are taken off children (just happened…). Since the
aircraft can be disturbed with Bluetooth, I think we have a slew of
other issues anyway, so it's hard to see the tree in all that
forest.

-- 
 .''`.   martin f. krafft  @martinkrafft
: :'  :  DebConf orga team
`. `'`
  `-  DebConf17 Montreal, CA: https://wiki.debconf.org/wiki/DebConf17
  DebConf18 Hsinchu, Taiwan: https://wiki.debconf.org/wiki/DebConf18


digital_signature_gpg.asc
Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
___
Debconf-discuss mailing list
Debconf-discuss@lists.debconf.org
http://lists.debconf.org/mailman/listinfo/debconf-discuss

Re: [Debconf-discuss] US laptop ban and DebConf

2017-03-25 Thread Russ Allbery 
martin f krafft  writes:

> Here's an alternative thought about this laptop ban:

> http://m.nzherald.co.nz/world/news/article.cfm?c_id=2=11823052

> Basically it says this is retaliation against Gulf airlines, because
> apparently, US airlines are exempt from the laptop ban. If that's the
> case — I did not verify — then an obvious solution (which may not be the
> cheapest again) is to fly on US carriers.

No US carriers fly to the affected airports, which is why US carriers
aren't affected.  The UK appears to also be going along with and
instituting the same ban, with a slightly different selection of airports,
so whatever is going on here, it doesn't seem to be a purely US thing.

That said, I concur with the advice to just avoid flying through the US
right now when that isn't your destination.  It's probably not worth the
uncertainty and risk.

FWIW, it's being met with a great deal of dubiousness; the travel expert
the local news radio station interviewed this morning actually came right
out and said the ban was bullshit that does nothing to improve airline
safety, which is remarkable -- usually the experts are more measured in
their disapproval of stuff like this.  It's very difficult to figure out
the threat model under which moving electronics, containing lithium-ion
batteries no less, from the passenger cabin to the cargo hold makes the
plane safer.  And of course no one who knows is saying anything at all
useful.

-- 
Russ Allbery (r...@debian.org)   
___
Debconf-discuss mailing list
Debconf-discuss@lists.debconf.org
http://lists.debconf.org/mailman/listinfo/debconf-discuss

Re: [Debconf-discuss] US laptop ban and DebConf

2017-03-25 Thread martin f krafft 
Here's an alternative thought about this laptop ban:

http://m.nzherald.co.nz/world/news/article.cfm?c_id=2=11823052

Basically it says this is retaliation against Gulf airlines, because
apparently, US airlines are exempt from the laptop ban. If that's
the case — I did not verify — then an obvious solution (which may
not be the cheapest again) is to fly on US carriers.

Or — as said before — invest some extra money and avoid US airports
anyway, which I personally choose to do just for the sake of
dignity.

-- 
 .''`.   martin f. krafft  @martinkrafft
: :'  :  DebConf orga team
`. `'`
  `-  DebConf17 Montreal, CA: https://wiki.debconf.org/wiki/DebConf17
  DebConf18 Hsinchu, Taiwan: https://wiki.debconf.org/wiki/DebConf18


digital_signature_gpg.asc
Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
___
Debconf-discuss mailing list
Debconf-discuss@lists.debconf.org
http://lists.debconf.org/mailman/listinfo/debconf-discuss

Re: [Debconf-discuss] Canadian Pollito

2017-03-25 Thread Philipp Kern 
On 03/23/2017 11:40 PM, Jerome Charaoui wrote:
> Pollito not understand why Chromium Content Security Policy squawking,
> so suggest Firefox or wget to download.

It seems surprisingly hard to find a rationale for this quickly, but I
suppose that's because these two HTTP response headers are conflicting:

Content-Security-Policy: default-src 'none'
Content-Disposition: inline; filename="canadian_pollito.pdf"

The CSP seems to disallow inline content (but refers to styles and
scripts, not embedded files; but maybe that's actually the same thing)
by overwriting all pre-existing defaults with deny.

Kind regards
Philipp Kern
___
Debconf-discuss mailing list
Debconf-discuss@lists.debconf.org
http://lists.debconf.org/mailman/listinfo/debconf-discuss