P

Peter Cai

A random guy on the interwebs. Graduate student. Free software enthusiast. Posts may be in English (US), Chinese (Simplified) or Japanese.

Cryptocurrency Ramblings

I used to be a cryptocurrency enthusiast, though not of the type who became billionaires by mining bitcoins on a single CPU for 30 minutes in the early 2010s. The story began in 2016, the year when I graduated from high school and finally became an undergraduate student. Naturally, I had a bit more financial freedom than I did in high school, which led me thinking about, well, "investment". Around that time, Bitcoin and blockchain in general was gaining unprecedented popularity, with a lot of money pouring in and new exchanges being founded almost every single day. Mining farms were being build everywhere in China. There were a few close friends of mine who started playing with blockchain, some of whom invested a considerable amount into Bitcoin. As someone who loves new technologies, I could not resist the trend but to also set up my own Bitcoin wallet and start to play around in the Bitcoin market.

Lucky for me, there was a serious uproar in the Bitcoin market nearing the end of 2016, right after my first ever investment made in Bitcoin. I vividly remember it was in a Monday morning, when I was on my way to the university, that I saw the unbelievable exchange rate on my phone. My heart started pounding like crazy. Even though I had next to zero experience in any sort of trading before, I still knew that such a ridiculous sudden climb in prices will not, on itself, hold for very long. As the seconds passed, I stared at my phone screen, with my hands sweating uncontrollably, hovering over the "sell" button. As the price reached around CN¥8000 (~US$1500), I made up my mind and clicked on the button.

That was the first time I earned anything through investment. I was thrilled, and even more thrilled later after learning that the Bitcoin market crashed a while after that peak. I was relieved that I made the right call, and also quite a bit complacent for my "ability" to make the right call at the right point. However, I did not really make a lot more investment into Bitcoin after that, simply due to the fact that I was worried I ran out of luck and will be tremendously disappointed the next time. Despite that, the first-time earning definitely sparked my interest in the technology as a whole. Following that year, I started to learn a lot about blockchains, including Bitcoins and other cryptocurrencies. I started mining CPU-based coins using a server I have idling. A lot of other decentralized software, not limited to just blockchains, entered my field of view as well. Some notable ones include ZeroNet and IPFS, and a plethora of content distribution systems, based on blockchains or not.

Though I did not continue investing a lot in Bitcoin or other cryptocurrencies themselves, I was nevertheless a firm believer of the entire blockchain ecosystem. The fact that these systems can work without a central authority, at least not technically, fascinated the young me who just started my CS program. To me, this was the future -- the decentralized future, where all centers of power are dissolved and a censorship-less, privacy-first internet, and, beyond that, such a society, would arise -- a pretty naïve technological anarchist, I know, but that was what I believed in. Despite not making direct investments into any cryptocurrency out of fear of volatility, I held onto a small but significant amount of Monero from my mining machines. For a brief moment, I even attempted to run a full Monero node. I tried to use cryptos for payment of everything, including my VPS, my dedicated servers, and donations to various foundations.

All good and dandy until I eventually started to realize the countless downsides of blockchain. Aside from the obvious fact that proof-of-work is extremely wasteful (which I did not realize at that point), the inconvenience of Bitcoin-based payments definitely bugged me a lot during those years. I held on to Monero, but I still had to use Bitcoin for payment quite a bit due to its popularity. Every time I try to do so, I had to sit in front of a screen waiting eagerly for the transaction to go through. Five minutes, ten minutes, one hour, until a confirmed check mark is finally shown on the transaction. This is simply excruciatingly painful. Although this is quite specific to Bitcoin due to its popularity and, well, inefficiency as a first-comer, and they did make the effort to improve the situation, it is nevertheless way more annoying to use than everything else.

This was far from the major deal-breaker for me with blockchain-based cryptocurrency, though. That turning point came way later, when I realized how 90% of new cryptocurrencies were simply money grabs, or worse, pretty much frauds. This realization was from my participation in a (at that time) new cryptocurrency which shall not be named. It promised great returns on investment. It promised great earnings from mining -- which is why a few friends and I all thought about mining and trading some of it. What I could not help but notice though, is that even though they mentioned all of these great investment prospects, they failed to present any technical innovation, not even the tiniest bit. They just forked the code of Monero, changed the name and the genesis block, and started a campaign. Did they believe in decentralization, free software, or even privacy? I fear not, as if so, they would have at least mentioned it in their whitepaper and homepage. At the very least, someone who really cares would not, in my opinion, do something like this without any substance.

After that, I went and checked a bunch of newly-launched cryptocurrencies. To my surprise (but probably to nobody else's), most of them fell into the exact same category -- loads of buzzwords about financial gains, but little or no technical substance whatsoever. My later experience with a few professors in my university who work on blockchains certainly did no help in improving my plunging impression about them. One of them, who shall not be named, allegedly might have mined cryptocurrencies in the university. The course he taught, which is supposed to be about foundational operating system concepts, ended up being nothing about what you expect from an OS course. Instead, the coursework literally asked students to write papers about blockchains or other related areas. He even ran one of his own conference-style thing about cryptocurrency for these substance-less papers. Another one was better than the previous one by a million light years, and I thank him sincerely for his appreciation of my skills and help in my academic life while I was working in his lab, but this still did not give me a better impression on the entire cryptocurrency community. His work, and work I have done with him, definitely had some substance in them instead of being money-grabbing bullshit like the others, or at least I believe so. However, at the end of the day, I still had no idea what our work meant, if cryptocurrencies were to be the future of economy. Did I work on something that make them better? I often ask myself. And the answer, to me, is a no.

Do I hate my professors? Other than the first one, no, not at all. On the contrary, I am extremely grateful for all that they have done for me as an undergraduate student. But the experience doing research in the field simply makes me realize the cold fact about the area -- most people are too profit-driven and few are really working in the field for what Satoshi Nakamoto originally believed in. And I don't even blame them personally -- were there an easy opportunity to become a millionaire, I would do it as well. This does show, however, that true decentralization cannot work purely based on what Nakamoto laid out as the blockchain technology. It creates a self-fulfilling market and the entire community built around such a market. Whatever Nakamoto envisioned for his brave new world, the truth is that everyone is working not for decentralization, but re-playing what has already happened -- centralization of wealth -- just on a different medium.

Nowadays, the sentiment against blockchain-based coins / technology is growing like wild fire. I should be happy, right? Maybe not. For all my hatred towards people who claim to be enthusiasts of cryptocurrency while chasing only profit, I cannot say the same to the technology itself. Don't get me wrong, the blockchain technology as it is today can never be something I will actively advocate for due to its countless pitfalls and shortcomings, not to mention the extreme centralization of computing power and the privacy issues in current popular implementations. But it is not like the non-blockchain financial system is much better in any of these aspects -- centralization of power, tick; privacy issues, tick; the only advantage of it is the power consumption because it does not involve any proof-of-work. Blockchains currently do not solve these problems per-se, but it is so far the only one that looks promising in any capacity at all. At the very, very least, trying to "freeze" accounts or "block" / "reverse" transactions on blockchains with proof-of-work is way harder than in your traditional banks, who have made the headline multiple times in the past year.

I could argue for days why this exact property of blockchains is a good thing or a bad thing, but at the end of the day, just like many things in society, what we need is a balance. The existence of an alternative to traditional banking systems, to me, is not to replace everything, because that would be impractical. Of course, something better than proof-of-work may be able to finally push blockchains towards practicality in general, but at this point it just does not seem likely without another few Satoshi Nakamoto. We have potential ideas for improvement, but they are delayed and delayed and the date of deployment seems pretty far away, not to mention that these ideas generally trade some of the advantages of a PoW blockchain for better performance. Not to mention that the ability to block accounts or reverse transactions can be desirable sometimes. Rather, in my imagined future, these systems, when they (potentially) become mature enough, should act as a check on the old systems, such that abuse of power in the old ones carries an additional risk from people fleeing into the other system.

Where does this put me now? I am not actively holding any number of cryptocurrencies at the moment, and I personally do not want to invest into them in the near future. Nor do I want to be involved in the current cryptocurrency community, academic or not, in any capacity. But I do hope that the technology will come to fruition one day, even though this day may be far, far in the future.

Writing Challenge

I have been thinking about taking the 100 days writing challenge for a while. Not just for a little while, but for at least a few years by now. Within these few years my blog have been destroyed and restored multiple times, I graduated and I moved -- basically, everything has changed. Yet I have never really made the decision to attempt to write every single day.

Not surprisingly, the main reason I have not done so is due to the big commitment I have to make in order to complete it. Writing everyday is not something very easy -- it's certainly not hard, but it still takes a non-negligible amount of time and energy out of every single day. Like any "beneficial" habit, it is simply hard to make up one's mind to make the initial commitment, just like many have not made up their minds to lose weight, or to try a different kind of diet.

To me, though, there is something more about this unwillingness to commit to writing as a habit. One of them is the idea that all writing has to present a well-supported argument with eloquent words and beautifully organized structure. If I am writing stories, then they have to at least be interesting to someone other than myself. They need to have an eye-grabbing beginning, a twisted plot, and a satisfying ending. Moreover, they have to try to show readers some takeaway through the story-telling. And of course, as English is my second language, I was basically trained to be extremely careful about grammatical errors by all the tests and exams I have been through. The result is simple -- every time I try to write, this pressing anxiety begins to creep into every single nerve of my brain, and, well, it makes writing, at least in English, a somewhat exhausting process. Every time I publish a blog article, I have to go through a time-consuming process of trying to organize the article in a bunch of different ways, figuring out what exactly to say in each paragraph or even each sentence, and so on. As you might be able to see, this means that I was really only willing to write about things I consider "important" for more people to know about, for example, technical challenges not solved by Google-fu.

I could simply not write in English, then, if the problems come from my training of English as a second language. Except I can't. First of all, the idea that writing has to be formal is not limited to just English. I did not get this from my English training, but rather, from the fact that all writing training I received is under an academic setting. Obviously, for something academic, one would want to be as formal and structured as possible, because you would not get too far in the academic world without some nice, cough, papers. Secondly, although my mother tongue is Mandarin, I, somehow, feel even more pressure when I try to write in Chinese. It might be from all the Chinese exams I had to take during my high school years, which forces me to come up with something nice for the writing task, taking up almost half of the total marks for those exams. What's the result of scratching my head over and over again for more than 3 years in high school? Every single Chinese exam, every single one of them, gave me just the passing mark for all my effort. I might write another blog post just about my current inability to write in my own native language. The takeaway here is that if I were to try the writing challenge in Chinese, it would be even harder.

I am trying to work my way out of this mindset, for both English and my native language Chinese. I need to stop thinking about what others would think of my writing. I of course write for others to read, but what I write needs to reflect me, not what I expect others to expect from me -- that, is too many levels of "indirection" to make sense. When I have something well-supported to argue about, fantastic, and I should definitely write a nice long article for it. But when I don't, it is no shame to simply admit that I am not sure. It is okay to not be that most knowledgeable guy. It is okay to make mistakes. Because these are all part of me -- and through writing, I'd like the readers to know me.

Will I ever take the 100 days writing challenge? I am not sure. Even if all the problems above are resolved, I might still not want to write publicly every single day. When you write that much, it is inevitable that aspects of your daily life will eventually be leaked into what you write, either directly through your own words when you have nothing else to write about, or through the patterns visible from your posts. I, coming from a background where everything can be used against you, probably will never be comfortable with such a possibility. I want to record my thoughts, and I want my readers to know me as a person, but not the entirety of me -- and I feel that taking on a challenge like that is the perfect opportunity not to do so.

What I will do, though, is to write more. Like, more than how much I did before. When I have blog ideas, I will try to force myself to get something out of them, even if the resulting product is not well-organized to my satisfaction. I am also going to start a private diary that I will, at least attempt to, update every day. It will not be public, but hopefully some great writing ideas can come out of it. It would also be a nice archive of who I am now and how I am changing over time, which is always nice to have. To be honest, I hope I have had a diary way earlier. When I was younger, I never thought that I could change so much one day, but here I am, almost a completely different person from who I was 10 years ago. It would be nice to be able to see how I changed, which could also serve as a guide for myself, or even others, in the future. Hopefully, this time, I will have such an archive.

The Past Self

While trying to rebuild this blog, I had to browse through an archive of my old articles and decide whether to import them to the new one. Reading articles written by myself in the past feels very strange -- I cannot say about others, but for me, thinking about my past self is one of the weirdest experiences to have. I clearly know that the person, either in my memory or in a written story, used to be me. Yet, all of the self-reflection is done as if it was in third-person. That me, or whoever it was, has a different personality, a different world view, different tastes in everything, and much more. It is almost a separate existence, while at the same time, obviously being me.

The feeling of disconnection from my past self sometimes freaks me out. Who am I if I am no longer the same person in my memory? Sure, I am still physically the same being, but if basically everything about me is different, what makes me the same me? If someone were to invent a time machine, and I had the chance to face my own past self, I would, not exaggeratedly, despise that person. There are just too many things I hate my past self about -- the unreasonable level of patriotism, the naïve admiration to Apple and (later) Google, the uncountably many stupid quibbles and unpleasant arguments I had with people around me, or all the friends I lost along the way. Heck, I was even once a shameless copycat who steals code and claims them to be my own. I could go down the memory lane for hours, but in summary, to me, the Peter from the past is just... plainly unacceptable, in all sorts of ways.

This bothered me for a very long time -- or rather, the past me -- because now I am looking back on this experience as well. Eventually, the realization came that I am simply unwilling to be associated with what I have done in the past. The past me seems awful because I judge my past from the point of view of me in the present. I learned from my experiences, and I changed according to what I think have done wrong. The experience of having done things I now recognize as "wrong", and the fact that I later realized these mistakes, turn them into something I am constantly on the look out for, not only on myself, but on everyone else, including the "me" now frozen as memory. This, of course, prevents me from doing the same thing ever again, but it also makes me extremely harsh, at least mentally, on anyone that does something I did in the past but stopped later. When I look back in my own memory, the realization that I was exactly someone like that causes me to try to distance myself from, well, myself.

What defines "me" is the constant journey from the past self, to the present self, and eventually, the future self. I am sure that in 10 years, or even just 2 to 3 years, many aspects of me will again change almost entirely. Looking back on what I do now, it will certainly feel stupid, embarrassing, or even repelling, again. But it does not mean that what I am doing now is not part of me in the future. Something cannot be "living" when it only exists in a single snapshot of time -- the very definition of "living" is dynamic. Just like we constantly ingest nutrients and replace the very building blocks of our body, we also rebuild our own personality, bit by bit and day by day, towards our own ideals at the moment. The only reason I am here right now, with all of my current beliefs and ideals, is that the past me tried to re-mold himself into something better. However despisable I was in the past, the person who I was had at least one thing good about him -- the willingness to change -- and I cannot be here without it. In this sense, I should be grateful to whoever I was in the past.

What this also means is that I should be kinder to others who I despise. I am not someone who tends to express despise via language or behavior, but my internal harshness towards people who behave like my past self might still be recognizable to others. Rather than someone who does something unacceptable to me, I should view them as someone who has still not "evolved" from a state I was in the past. What would I think if someone were so harsh about me in the past? Probably not too good. Just because someone is in a state right now does not mean they will not change in the future, just like how I did from my past self to my present. What is important is to try to help them accelerate the process -- like a lot of friends did for me -- rather than simply avoiding them. That does no help whatsoever. At the very least, I should not exacerbate the problem by not being kind to them.

Hello, world

Hello, world again. It's been a long time since I last hosted anything on this domain.

There used to be a blog here, but as I grew frustrated by a certain part of the internet, I deleted the entire blog and left everyone with a bare 404 page. Many have asked what had happened, but none of that matters anymore, to me, or to anyone else. My life has changed completely since then. I moved to a new country, had new plans, and I am basically starting a new life.

As such, I figured it is probably a good idea to try to restart my blog-writing hobby again. There might be good ideas as well as meaningless ramblings, but probably still worth keeping. I might also re-post some articles from the old blogs just to keep them around. Looking back at things written by myself from years ago is embarrassing, but at the same time, inspiring. It is a written record of how much I have changed as a person.

So, here we go again.

Encryption is not Security

(this post was imported from my old blog)

We are not in a time short of products that claim to "encrypt" your personal data with "military standards" and thus keeping them safe from leakage or deliberate attacks. This can really work in convincing a lot of non-tech-savvy people and even some with rudimentary computer knowledge about how secure those products are -- until some leakage events happens out of nowhere and everybody gets screwed.

The problem here is that things involving encryption does not necessarily imply security of the particular data you are concerned about. Encryption is a broad term that can be applied to anything that includes some algorithm to prevent part of the population from accessing some data. Anything from simple dictionary-based cipher to modern cryptography all fall into this category, but I am not even talking about the vulnerabilities concerning different ciphers here. What I am talking about is the question of which part of the population exactly do you want to block from accessing, in other words, the threat model.

The word "secure" itself is vague unless the context specifies a well-defined threat model. What are you afraid of? Who should be able to see your data and who should not? How do we ensure you are you, not someone else faking your identity? Of course, encryption is a powerful tool to achieve any sort of security, but any implementation cannot be said to be secure under all threat models. You are using military-grade encryption right now to browse this post because my blog is using HTTPS protocol which encrypts all plain-text traffic, but to my server, to me, the content still needs to be decrypted, and nothing prevents me from publishing all your IP addresses in some log format. No matter whether you consider IP address privacy-sensitive, I think it is pretty obvious that in this case, if I were to claim my website being secure from such leakage, it would be bogus. The HTTPS protocol defends against people spying on your Internet connection, but does absolutely nothing about both ends of communication. It is secure under the threat model where nobody in the communication channel except both endpoints can be trusted, but nothing else. One cannot imply that such use of encryption is secure under any other circumstances.

It is how encryption is used in a product that matters, not whether it is used. My previous absurd example is laughable, but when such claims come from some more complex or even "commercial" software products, somehow, many of us forget what being secure actually means. And I know that it is a stretch to assume everybody can learn these basics, but frankly, in the age of Internet, one must have such knowledge to "survive" -- I mean, to keep private data safe. There are a lot of resources out there about introductory cryptography, and I am 100% sure every single one of them will talk about the definition of "secure" and threat models at the very beginning. To be fair, many of them are not intended for people without a technical background, so we definitely need some of such resources in simpler language. But what we also need is people that actually try to learn about how to ensure their own security.

Not surprisingly, it also lies upon developers and, in the case of commercial software, companies, to stop throwing buzzwords that are not even well-defined in the first place (trust me, even some open-source projects do this). Do not claim your product to be secure just because you, somehow, used some encryption, somewhere, without mentioning what you are defending against, and how all the buzzwords contribute to this. Do not ever try to imply your product being more secure just because of encryption -- explain what it is for, and what adversary it could prevent. And, of course, you should always know, for yourself, what you are defending against, because some developers really do not. It is not whether actually being secure that matters here -- after all, the word is not well-defined by itself -- but the false sense of security you might implant on your users. The feeling of "I'm secure" without knowing what the hell it even means is much, much more dangerous than any security vulnerability.

(This article was partly motivated by some Magisk module here in China that saves your payment password and auto-fills upon fingerprint authentication to some payment apps. It claimed to be somehow more secure due to its use of encryption, but it actually just encrypts the keys with ANDROID_ID, which, though is not the same across all applications anymore, is still not intended for security purposes and can be predicted, given that the adversary can read the data files. It defends against no extra adversaries compared to not encrypting in the first place, but somehow people do believe its claims, and maybe the developer also does really think so.)

The Zygon War Speech from The Doctor

(this post was imported from my old blog)

(From "The Zygon Inversion", in 9th series of Doctor Who)

...

"It's not fair."

"Oh it's not fair. Oh I didn't realize that -- it's not fair. You know what, my TARDIS doesn't work properly, and I don't have my personal tailor."

"These things don't equate."

"These things have happened. They are facts. You, just want cruelty to beget cruelty. You are not superior to people who are cruel to you. You are just a whole bunch of new cruel people. A whole bunch of ... you cruel people, being cruel to some other people, who end up being cruel to you. The only way that anyone can live in peace, is if they are prepared to forgive. Why don't you break the cycle?"

"Why should we?"

"... What is it that you actually want?"

"War."

"Ah, right. And when this war is over, when you have a homeland, free from humans, what do you think it's gonna be like? Do you know? Have you thought about it? Have you given it any consideration? Because you are very close to getting what you want. What's it gonna be like? Paint me a picture. Are you going to live in houses? Do all people go to work? Will there be holidays? Oh, will there be music? Do you think people will be allowed to play violins? Who's gonna make the violins? Well, ..., oh, you don't actually know, do you? Because, like every other tantruming child in history, Bonnie, you don't actually know what you want. So, let me ask you a question about this brave new world of yours. When you've killed all the bad guys, and when it's all perfect, and just, and fair, when you have finally got it, exactly the way you wanted, what are you going to do with people like you? The troublemakers. How are you going to protect your glorious revolution, from the next one?"

"We'll win."

"Oh, will you? Well, maybe. Maybe you will win. But nobody wins for long. The wheel just keeps turning. So come on, break the cycle."

"Why are you still talking?"

"Because I want to get you to see... and I'm almost there."

"Do you know what I see, Doctor? A box, a box with everything I need. A fifty percent chance -- for us two."

"Everyone fingers on buzzers! Are you feeling lucky? Are you ready to play the game? Who's gonna be quick and who's gonna be luckiest?"

"This is not a game."

"No, it's not a game sweetheart and I mean that most sincerely."

"And why are you doing this? ... You set this (the truth and consequences buttons) up, why?"

"Because it's not a game. This is a scaled model of war. Every war ever fought, right there in front of you. Because it's always the same. When you fire that first shot, no matter how right you feel, you have no idea who's going to die. You don't know who's children are going to scream and burn. How many hearts will be broken. How many lives shattered. How much blood will spill until everybody does what they were always going to have to do from the very beginning. SIT DOWN AND TALK. (Sighs) Listen to me, listen -- but I just, I just want you to think."

"I will not change my mind."

"Then you would die stupid. Alternatively, you could step away from that box. You could walk right out that door, and you can stand your revolution down."

"I'm not stopping this, Doctor. I started it, I will not stop it. You think they will let me go after what I have done?"

"You're all the same you screaming kids, you know that? Look at me, I'm unforgiveable. Well here's the unforseeable, I forgive you. After all you've done. I forgive you."

"You don't understand. You will never understand."

"I don't understand? Are you kidding me? Of course I understand. And you're calling this a war, this funny little thing? This is not a war. I fought in a bigger war than you will ever know, and it's the worst thing you could ever imagine. And when I close my eyes... I hear more screams than anyone could ever be able to count. And you know what you do with all that pain? Shall I tell you where you put it? You hold it tight, that burns your hand. And you say this: no one else will ever have to live like this. No one else will have to feel this pain. Not on my watch."

...

"It's empty, isn't it? Both boxes, there's nothing in them. Just buttons."

"Of course. You know how you know that? Because you've started to think. Like me. ... No one should have to think like that. And no one will. Not on my watch. ...Gotcha."