S

Snowy Day with Peter

A place for posts too short for the blog and too long for social media, by Peter Cai. WARNING: May contain hot takes.

2022-05-17 初恋

多少人一生都怀念自己的初恋,认为初恋是最纯洁、最好的恋情,以至于无数漫画、电影都以初恋为主题。然而我一直不曾理解初恋究竟好在哪里 —— 也许是因为我没有经历过真正的、双向的初恋吧。

在我的印象里,作为一个男孩子,中学时代萌生的「喜欢」,无非是青春发育期的性欲罢了。说得难听点,这叫做「发情」,而不是「暗恋」。当然,原因可能是当时的我不甚受欢迎,导致我并没有和很多异性打过交道。我所「喜欢」的女孩子,往往不过是长得好看,或者说是刻板印象中的可爱的女孩子的长相;而我往往甚至完全没有跟我号称「喜欢」的人说过一句话,甚至连偶然的搭讪都完全没有过。我可以用一万个理由为自己的「社恐」开脱,但事实是,我并没有真的把对方当成恋爱对象的想法;最多只是当作妄想的对象而已。这样的所谓「初恋」,称得上「纯洁」「美好」吗?我能想到的只有相反方向的形容词。

一个例子是高中毕业上大学之后,我曾经尝试过认真地和当时(高中毕业之前)「喜欢」的女孩子打交道。结果并不乐观 —— 开始经常聊天以后才意识到,我们双方的三观的差距有多么的大,甚至连找一个共同的话题都是一件难事。我不想贬低别人的三观 —— 恰恰相反,我认为我自己当时的三观是幼稚、不成熟的 —— 但事实是我们的聊天次次都是「尬聊」。现在去翻当时的聊天的历史,我完全无法抑制住自己 cringe 的冲动。没有共同的话题,没有共同的价值观,连任何稍微深入一点点的闲聊都做不到,「喜欢」从何谈起?我当时经常在半夜思考这个问题。我以为我喜欢这位女孩子,实际上只是喜欢她的外观,喜欢她的长相,对她曾经有过这样那样的想法罢了。这在我的辞典里不是「喜欢」的定义。我不了解中学时期谈过恋爱的情侣的经历,但是就(我认识的)这类情侣大多数在毕业的那一刻分手来看,我也非常怀疑这类人之间真正的「喜欢」的成分有多少;虽然能成为确定关系的情侣至少意味着这类关系不单纯是青春期生理冲动的体现。当然,一切都可能可能只是我没有过真正的、双向的初恋,所以在这里吃不到葡萄说葡萄酸罢了。

直到大二的时候,我才第一次遇到一位真正让我有把对方当成恋爱对象的想法的异性。我无法否认她的长相是吸引到我的重要的理由之一;但真正让我萌生「喜欢」的想法的,是在与她经常交流过一段时间之后。我们并没有完全相同的爱好,毕竟我是一位非常刻板印象的理科生,而她则走上了设计和艺术的路;但我们互相都对对方所喜欢的东西抱着一定的兴趣。更重要的是,我们都愿意互相分享自己的生活琐事,倾听对方的开心的事情和不顺利的遭遇。我知道她并不会喜欢我,毕竟我也有自知之明,知道我这样的存在配不上那样优秀的对方;但与她的相遇让我意识到了什么叫「契合」,什么叫「喜欢」。

一段时间之后,我像漫画中标准的败犬一样,在半夜通过某 IM 向她表白。不出意料地,结果是我被拒绝。也许仅仅是出于好意,不想过于伤害我,也许是她也觉得我虽然不能作为恋人,但至少可以作为一个朋友,我们在那之后还保持着比较频繁的联系,直到毕业之后。到现在,我们还会每隔(较长的)一段时间互相 update 一次最近的生活。

她绝对不是我的初恋,但是我会一直清晰地记得的自己的第一段单恋只会是这一段,而不是我中学时代的所谓「初恋」。

2022-05-15 生きる理由

一年前のこの時期、僕のとある知り合いが病気でこの世に離れることになった。ネットだけの知り合いだが、僕みたいな引きこもりにとって大事な友達の一人だった。彼女は普段体が弱い人だと思われていたけど、いきなりこんなことになるって誰も思わなかった。平日話している同じ年の人がいきなりもう目覚められないなんて、僕にとってそれは初めてだった。

突然のことですが、当時の僕はカナダに留学する準備の色々で忙しいので、あんまり悲しさを感じていなかった。たぶん、悲しさを処理する脳力がなかったから、考えることを避けていただけ。ただ、僕の友人が一人減った事実に避けなくて、心の何処かで空っぽだった。一年後の今、カナダに落ち着く住んでいる僕は彼女を思い出し、ものすごく強い悲しさに襲われている。当時の感じなかった分の悲しさも今一気に来たみたいに。

もう一年か。そう思っている僕は、久しぶりに深く思考に沈んだ。もしかして明日、僕も彼女みたいに覚められなかったら、僕の友達や親族の間にどんなことになるんでしょう。僕も素晴らしい人と覚えられるのか、それとも嫌がる記憶ばっかり残るのか。そして一年後、これみたいな僕を追悼する文章を書く人もいるんですか、それとも一年間で忘れられるのか。

「僕はなんのために生きてるだろう」のようなベタな問題も考えた。理想とか夢とか、叶う前死んだら全部水の泡になる。それを生きる理由にしたら、一年前の旅立った彼女の人生も無駄でしょう。しかし、彼女の人生は決して無駄じゃないと信じている。彼女自身がいなくなっても、彼女がいるの日々はまだ僕たちの記憶に鮮明に生きている。彼女はみんなを笑わせたり、慰めたり、そして自信を立てたり、そんな思い出は数え切れないほど多いだった。僕は詳しくしれないですが、そんなに優しい彼女に救われた人もきっとあると思う。これは全部、彼女の生きる証でしょう。

「生きる証」っか。漫画みたいな言葉も僕は書いた。だが、僕の生きる証は何でしょうか。優しくないし、人を慰めることも下手だし、人を傷つく思い出が楽しい思い出より多いかもしれない。それより、どんな「生きる証」を残しても、消え去る日がいつか来るでしょう。彼女の生きる証は今僕たちの記憶に残っているけど、僕たちも不老不死ではないのでいつかこの世から旅立つ。その時、この世に残っている「生きる証」もだんだん消えるでしょう。それで、彼女の人生が無駄じゃないかどうかも僕たちの生きる限りですか。もちろん、有名人になったら、「生きる証」がこれより何倍も長く残れる。だが、書籍や文化でも滅ぼすことがある。そんな証も永遠ではないでしょう。

いろいろ考えた結果、全く結論ができなかった。どんな理想、夢、もしくは「生きる証」を追っても、きっといつか水の泡になる。生きることはそもそも自分の選択じゃないだから、本来は特に意味がないでしょう。生命に意味を付けるなんて、まるで人類の妄想だ。

どうせ死ぬことが怖いので、とりあえず生き続きましょうか。遅かれ早かれ彼女と再会する日が来るんでしょう。

2022-05-08 eSIM, and the Sad State of AOSP

The current state of AOSP (Android Open-Source Project) is sad. Or rather, sad from a user / third-party developer perspective. I'm sure this same opinion has been reiterated a million times across the Internet, but my recent endeavor with eSIM only proved this point even more.

For the longest time, I thought eSIM was a huge threat to user freedom on Android devices, because I believed all of them had proprietary interfaces that can only be operated through a proprietary vendor app, which often depends on Google services. On Pixel devices (and a few from other vendors), this is the EuiccGoogle app, which is part of the GMS stack. As a result, I became increasingly worried about the future of mobile devices, as carriers move to eSIM or even eSIM-only models, and I can't say I haven't put the blame on GSMA, the GSM Association, at least mentally.

Turns out, this worry is completely unnecessary, or at least not for the reason I started with. The GSMA publishes the complete standard for consumer profile eUICC (eSIM) chips, GSMA SGP.22, which includes full specification of the protocol to communicate with said chips and the protocol to download new eSIM profiles over the internet from carriers. At first, I did not believe that this standard is actually followed and I thought there must be some proprietary stuff on every single one of these chips preventing an open-source implementation of a eSIM management app. However, from my attempt to dig into the internals of the eSIM.me app, I discovered an open-source library from Truphone, which claims to implement the ES9+ and ES10x protocol to communicate with both eUICC chips and carriers' servers (RSP servers).

I, of course, did not believe this would actually work for eUICC chips embedded in consumer devices. However, because I knew phhusson has an interest in SIMs, I pinged him anyway for this discovery, saying that if this is what eSIM.me used, it might work for other eUICC chips, but I wasn't too motivated to put a lot more time into it. He, though, was excited. The very same night, he seemed to have stayed up very late to play with this library, and told me that it worked on his Samsung devices to successfully provision new eSIM profiles. I saw his message the next day, and immediately became intrigued. I pulled out my dust-collecting Pixel 4a, and tested phhusson's proof-of-concept, and confirmed that the library was able to communicate with the eUICC chip on my Pixel as well.

What prevents me from just making an open-source version of EuiccGoogle, then? I thought. At that point, I already realized that it is totally possible to make an open-source eSIM Local Profile Assistant (LPA) app that replaces EuiccGoogle. As I had some free time that day, I figured there was no better time to start the OpenEUICC project. I was able to finish a basic UI that day, and was able to manage and provision eSIM profiles on my Pixel 4a from my open-source app. I later decided to make it a full LPA implementation by integrating with the system EuiccService API, which is still an ongoing effort.

Why does AOSP not include an eUICC management app, then, as it seems that there is nothing proprietary about the management API / protocol itself? I don't know. One of the reason could be the need for proprietary firmware updates, but that is not really different from any other hardware that needs firmware, and I don't think it is a valid reason to keep the entire app closed-source only. Not to mention that EuiccGoogle does not even handle firmware updates itself -- it is delegated to another device support app. The only reason I could think of is laziness and the lack of "importance" of the open-source Android community -- just look at the current state of AOSP in general. The AOSP Dialer, SMS, Calender, and Clock apps are all stuck in their Android 6-era style. It is no wonder that nobody wants to introduce an entire new open-source component given that they do not even want to update the existing ones.

I would also like to make it clear that I do not want to put the blame on Google, or anyone else in the Android community. I could go on for days to talk about this, but at the end of the day, no single person or even company is responsible for this situation. All I want to say is that the current state is sad for an operating system that boasted openness and geek-friendliness, and I hope that my project, OpenEUICC, can contribute its tiny bit of help in alleviating this sadness.

2022-05-01 Two-step Login Pages

Nothing annoys me more than websites that force a two-step login flow. Seriously. Typical examples include Google, Microsoft, or most Big Tech companies -- when logging into their service, you have to first enter your account ID, and then wait for a (fake) progress bar to load, only after which can you start to enter your password.

I don't know what is the principle behind such a design. Maybe it is for security, by which I mean maybe they can go through some heuristics in the backend after you only entered your account ID to decide whether to even let you try a password, reducing possible attack surface. But I seriously doubt how much information can you extract from just entering the account ID in the browser. Besides, a well-designed password authentication system should be resistant to brute-force attempts in the first place.

The reason I hate such a flow so much is that it breaks the flow of password manager usage. Normally, when a website allows you to enter both the account and password in the login page, there is just one click and maybe a master password prompt, and then you are done logging into that service. Not in this case. I have to bring up my password manager, find my account ID for said website, click next, wait, and then bring up the password manager again for the password. Under stricter security policies in the password manager, this would mean entering my master password or whatever credential twice for one login session. That is purely annoying.

I am fully aware that not everyone uses a password manager -- but more and more are adopting this arguably more secure option online, and it seems weird to me so many services are still hostile to such solutions. Some websites and apps even disallow pasting into / invoking password manager plugins on the password field. But again, maybe I am just ignorant about all the benefits of doing two-step login pages, or maybe using password managers is just a false sense of security. If any reader knows a deeper reason why, I'd be happy to have a more detailed discussion, which may result in an actual blog post :)

2022-04-27 Contemporary Google-fu

Google-fu has been important since the dawn of the modern internet. Except nowadays, simply knowing how to search for answers is in no way enough. It could even be dangerous sometimes -- this article shows an example of how Google search results are filled with questionable health advice produced by marketing teams -- and without the ability to filter them out in your brain, it is very hard to extract anything useful from such searches.

It is not limited to just health-related queries. Even when I try to enter programming-related search terms, a large part of the result would be websites that do nothing other than copying content from legitimate websites like GitHub and StackOverflow, and somehow they rank higher among the results than the real deals. What's worse is that one wrong answer would echo through all of these copycats (or "content farms") to generate pages upon pages of nonsense. Granted, a wrong programming answer will probably not kill anyone, at least not immediately, but others can, such as the aforementioned health-related case. Imagine how many people have been robbed of their life savings or even their lives due to questionable search results.

What's the most infuriating for me is that Google made an attempt to make retrieving useful information from the atrocious search results easier by showing a "People also ask" for answers to related questions commonly asked, which sounds great as it saves a lot of manual filtering... But of course SEO people found their way again. From my anecdotal experience, most of the time, answers in this section do not even actually answer the given question at all, but rather they are filled with nothing but vague marketing speech -- just like the rest of the results.

I, of course, understand that all of this is due to SEO -- the only way for companies to gain visibility on search engines among millions of search results. But if useless and harmful information end up benefiting the most from the algorithms, I would argue that the algorithms used in modern search engines are fundamentally flawed. When a metric becomes the target of optimization, it ceases being a good metric, and the search engines are no exception to this rule. I could talk shit on people who fall for these SEO-oriented content farms for days, but at the end of the day, I think it's just sad that we need to learn how SEO works to discern SEO content from "real" content. But again, I have no idea on how to design an algorithm that cannot be exploited this way. As long as the algorithm has any slight trace of stability, someone somewhere will eventually start to exploit it for their own benefit. Maybe this is the price we have to pay to live in the information age, or maybe there is a way -- it's just that we are too busy with our own benefits to find out.

2022-04-26 Introduction

I have had multiple blogs at different points in time, but every time they seem to end up being neglected, torn down and rebuilt eventually, just to repeat the same cycle again. One of the reason is that a "proper" blog post takes so much effort to write -- from coming up with the idea, to deciding what type of article to write, to laying out the post, to writing and proof-reading. Even though I slowly relaxed my standards of writing in order to make better use of my blogs, it still feels kind of "wrong" to write haphazardly on my main blog. I still want my actual blog posts to be laid out properly and free of stupid errors, at the very least.

Although, in a lot of cases, I am simply not motivated enough to turn an idea into an actual blog post due to time constraints or a lack of "too much" interest in one topic. These ideas may never see the light of day on my blog, which is sad because a lot of topics deserve being talked about more. I could post them on my social media accounts, but sometimes the character limit is just too low to say anything of substance. On Mastodon, I can technically post however many words I want, but the reading experience of social media platforms is simply not designed for anything beyond around 100 words in length. Even if I don't want to spend too much time on one topic, 100 words is still too little for anything.

And, my friends, that is where this "short blog" format comes in. From now on, whenever I feel that I do not want to devote too much effort into a blog idea, but I would still like to say something about it, the post will likely end up here. Because this blog has a much lower "standard" than my main blog, there might be hot takes and stupid mistakes. Some of them may eventually turn into an actual blog post if healthy discussion happened and resulted in a change worth talking about in my original blog idea. But in any case, I expect this blog to be posted to way more often than the main blog.

The name, snowy.day, is sort of a complaint of the snowy Canadian winter. In such a winter, everything I could do as a wheelchair-bound person is to stay inside as much as possible. With the warmth of indoor heating and a blizzard outside, it sometimes makes just the right mood to write something down, like a friendly chit-chat across a dancing campfire while taking shelter from an ongoing storm. I do not necessarily love snow storms, but I do like writing and talking, and I will try to make this blog the best place for that when I do not cough have a real-life friend to talk to.

2022-04-25 Twitter

Woke up from a nap, and suddenly everyone is talking about Elon's acquisition of Twitter. And suddenly everyone is scrambling to migrate to the Fediverse (Mastodon, Misskey, Pleroma, etc.). I'm certainly not against the idea that more people should be using free and federated social platforms, but the reason they suddenly migrate seems not well-supported at best.

What I mean here is that Twitter was not, in any way, a better platform before this deal. I'm not even talking about what Elon Musk wants to do with Twitter here. I simply do not care -- what is the difference between one group of extremely wealthy individuals controlling a platform for public speech and another group / individual doing the same thing? Sure, the current moderation policy or whatever may agree with your specific political ideals more, but keep in mind that what they care about is not anything about you. They care about their returns on their investment. This equally applies to Elon Musk, as well. However much you believe he is going to "destroy" the platform, or, on the opposite side, "free" you from "woke" politics, remember that he does not care about you, or "open-sourcing" the algorithm, or even his proclaimed "freedom of speech".

The saddest thing to me is that for some reason, the online speech of the entire world is dependent upon one single company. To different groups of people, a change in the leadership of this company means the difference between night and day. This is not what the internet should be. However Elon Musk or any of the previous owners says about this deal, remember that all of them are trying to absorb everyone's content under the control of a single entity. This is what we should fight against, not the specific design, moderation policy, or political ideals of one single company that controls everything.