Dreams from 20150627

Last night I had a dream

  1. I was home in North Dakota, and I was driving through a bad twister storm wherein there were dozens of tornadoes crisscrossing the landscape, each spiraling black from the ash of the trees burnt by the lightning within each funnel; and
  2. I had a boyfriend who respected me, and our relationship was based on love and respect as well as we just had this great ability to dialogue together.

:slow longing siiigh and not for the burning trees in case that wasn’t clear:

Dreams from 20150627

I was giving some lectures in Germany about the death penalty. It was fascinating because one of the scholars stood up after the presentation and said, ‘Well you know it’s deeply troubling to hear what you’re talking about.’ He said, ‘We don’t have the death penalty in Germany. And of course, we can never have the death penalty in Germany.’ And the room got very quiet, and this woman said, ‘There’s no way, with our history, we could ever engage in the systematic killing of human beings. It would be unconscionable for us to, in an intentional and deliberate way, set about executing people.’ And I thought about that. What would it feel like to be living in a world where the nation state of Germany was executing people, especially if they were disproportionately Jewish? I couldn’t bear it. It would be unconscionable.
And yet, in this country, in the states of the Old South, we execute people – where you’re 11 times more likely to get the death penalty if the victim is white than if the victim is black, 22 times more likely to get it if the defendant is black and the victim is white – in the very states where there are buried in the ground the bodies of people who were lynched. And yet, there is this disconnect.

Bryan Stevenson, TED talk: “We need to talk about injustice” (via tumblr)

I was terrified when I moved to Connecticut in 2010 and learned the death penalty is still practiced here (despite being repealed in 2012, the eleven persons on death row were not pardoned and still stand for execution, for barbaric reasons I cannot fathom). North Dakota effectively abolished the practice a century ago (it remained for treason until 1973, but never exercised, because what does treason even mean).

I’m horrified this is even a point of discussion in civilized society.

EDIT: How is it that 31/50 US states still have the death penalty on the books. What’s wrong with this country?? (don’t answer that: I know it’s a lot)


Networking on Android

The company I work for recently implemented Duo Security for our variant of two-factor authentication. Two-factor auth is a great idea and helps limit account access to only individuals who possess a token, usually in the form of a physical device (specifically, a phone). Duo isn’t compatible with other TOTP/HOTP software clients, unfortunately (I’d prefer to just use the Google Authenticator app for all accounts), so I need to have the second application installed on my phone in order to log in at work—even though I will only use Duo’s TOTP functionality (ideally as much of my computing experience as possible should be able to operate independently of a functional network connection).

The latest Duo Mobile changelog includes the following line (version 3.9.0):

Duo Mobile now ensures your device is up to date using Android Security Provider and Google Play Services APIs.

What does that mean? Is the app performing background rootkit operations to accomplish this? Notably, I’m paranoid about Android security because (1) the OS is notoriously hard to patch in anything resembling a timely fashion; (2) Verizon software bundling includes rootkits and pointless apps and other nefarious goodies; and (3) Verizon broke the upgrade from KitKat to Lollipop, such that because the phone’s disk is encrypted, the upgrade fails and reboots in a disturbing loop, which is 100% not acceptable. In other words:

  • my phone can’t install security patches; and
  • there aren’t really any meaningful security patches to install even if I could.

I consider my smartphone to be the weakest point in my cybersecurity experience, so I purposefully limit what goes on it.

Regardless, I can’t not install the Duo update. However, I can install a firewall to at least monitor what it’s doing on the network. For this, I chose AFWall+ (note: requires root), which is basically iptables for Android.

Great! Now I can monitor and block outbound traffic.

Question: Why is the kernel trying to connect to AWS’s West Coast infrastructure every few seconds?

It’s now denied. I have no idea what it was sending to Amazon, but it’s not happening any more. And it was the kernel. Weird. I hate closed-source OSes—it’s probably some Android tracking service. The BluetoothTest and VZWAVSService applications were displaying similar behavior, which is now blocked, with no apparent ill effect. The good news? They’d been operating over port 443. The bad news? Why.

This is why I want a fully-FOSS linux phone, where I can see exactly whatever nonsense the phone manufacturer is trying to pull.

Networking on Android