Insomniac's Log

[Incomplete] On the Privacy of Apple Location Services & Analytics

Mon, 11 May 2026 00:00:00 +0000

Note: This was written late 2025 with the expectation that I will complete this research at some point. I now realize I'll probably never have the time to finish it, and am therefore releasing it now.

Skip technical stuff

Btw this is a sequel to some of my prior research on how the location services work. See https://github.com/acheong08/apple-corelocation-experiments/

Background

Contrary to popular belief, GPS is no longer the primary method mobile devices use to determine location.

Instead, companies like Google and Apple maintain massive databases of Wi-Fi hotspots and cell towers. Phones collect signals from these beacons, including strength and identifiers, and use them to triangulate their position, with the help of data provided by these vendors.

To build these databases, iOS and Android devices act as passive wardrivers: they continuously report nearby access points to Apple and Google. This data is then aggregated across countless devices to determine the locations of access points with high accuracy.

A recent paper, "Surveilling the Masses with Wi-Fi-Based Positioning Systems" (May 2024), explores how Apple’s location services can be weaponized to track movements worldwide, particularly in sensitive contexts like war zones and natural disasters.

I found the paper fascinating. On the same day it was published, I began reverse engineering the clls/wloc endpoint using definitions decompiled from CoreLocationProtobuf.framework. Over the following weeks, I uncovered additional endpoints, such as:

wifi_request_tile: retrieves BSSIDs in a given area via an obfuscated tile key
hcy/pbcwloc: uploads data about newly discovered endpoints

By combining the tile endpoint with an expanding search algorithm layered on top of wloc, I was able to reproduce the dataset described in the paper within a single day.

With the external dataset re-created, the next question was: how much data is actually being sent to Apple from devices in the first place?
I’m writing this from the University of Cambridge, where I’m spending three weeks on a research project exploring exactly that.

Reverse Engineering the Protocols

Apple relies on a custom RPC format known as ARPC. Unlike typical self-describing formats, ARPC does not embed enough information to fully decode requests and responses on its own.

A standard request has the following structure:

Field	Size	Type	Description
Version	2 bytes	uint16	Protocol version
Locale	variable	pascal string	Locale string
AppIdentifier	variable	pascal string	Application identifier string
OsVersion	variable	pascal string	OS version string
FunctionId	4 bytes	uint32	Function ID
Payload Length	4 bytes	uint32	Length of payload
Payload	variable	bytes	Payload data

Responses are trickier: they can contain an arbitrary number of fields of unknown sizes. To parse them, one can exploit the fact that the payload length encodes the number of bytes from its position to the end of the message. Practically, this means scanning the response with a sliding 4-byte window, checking if each candidate encodes a valid remaining length. If multiple candidates match, the largest valid body size and corresponding header size are chosen.

Working Out the Protobuf

The payload itself can contain any arbitrary bytes, including encrypted blobs - but in most observed cases it uses protobuf. The next challenge is discovering the protobuf definitions.

Tools like protodump can extract protobuf file descriptors from raw binaries, but they don’t work with Apple’s custom compiler, which converts protobuf definitions directly to Objective-C.

Most of the protobuf decoding logic isn’t located in the locationd, geod, or geoanalyticsd binaries themselves. Instead, it resides in private frameworks inside the dyld cache. To extract them, use dyld-shared-cache-extractor. To fetch the filesystem image for iOS, use ipsw:

ipsw download ipsw --version 18.6.2 --device iPhone15,2
ipsw extract --files --pattern ".*" iPhone15,2_18.6.2_22G100_Restore.ipsw

On macOS, the iOS Simulator runs its system binaries natively, which allows attaching lldb, but only with SIP (System Integrity Protection) disabled.

ps aux | grep simruntime | grep locationd   # Find the PID of locationd running within the simulator
sudo lldb -p <pid>                          # Attach to process (requires SIP disabled)
br set -n "-[NSURLSessionTask resume]"      # Set breakpoint on network requests
po [$x0 originalRequest]                    # Inspect request details (e.g. URL)

The next step is mapping addresses in Ghidra.

To find the base load address, run:

image list <binary name, e.g. geoanalyticsd>

Then, from the backtrace, take the top frame address that matches your binary. Subtract the base load address to get a file offset, then add 0x100000000 to obtain the virtual address expected by Ghidra.

Example:

p/x 0x1048ddda0, 0x1048d4000 = 0x9da0
p/x 0x100000000 + 0x9da0      = 0x100009da0

Finally, in Ghidra: Navigation > Go To → paste the calculated address.

Using the index numbers and associated symbols, the protobuf definition can then be manually reconstructed. With protobuf definitions in hand, we can now find exactly what data is getting sent off to Apple.

Privacy Settings and Observed Traffic

Long story short: under Privacy & Security > Location Services > System Services, it’s worth turning off at least the following options:

Routing & Traffic

Apple Pay Merchant Identification

Improve Maps

iPhone Analytics

So what is collected?

Lets start off with what Apple claims.

Routing & Traffic: While you are in transit (for example, walking or driving), your iPhone will periodically send GPS data, travel speed and direction, and barometric pressure information in an anonymous and encrypted form to Apple... Additionally, when you open an app near a point of interest (for example, a business or park) your iPhone will send location data in an anonymous and encrypted form...

Apple Pay Merchant Identification: Your iPhone will use your current location to help provide more accurate merchant names when you use your physical Apple Card.

Improve Maps: Apple will collect the GPS coordinates obtained through the Significant Locations feature on your device and correlate them with the street address associated with your Apple Account... Your iOS, iPadOS, or visionOS device will also periodically send locations of where and when you launched apps, including the name of the apps, in an anonymous and encrypted form to Apple in order to improve Maps and other Apple location-based products and services.

So in summary, GPS location, transaction information from NFC, your street address even if not present, and when & where apps were launched. While this isn't great, the fact that it is "anonymous", "encrypted", and periodic should hopefully make traffic impossible to tie to an identity.

Of course words mean nothing without data. Lets make use of the reverse engineering and decode what Apple is sending off.

Data Collection and Analysis

To analyze Apple's location service traffic, I intercepted HTTPS requests from an iPhone running IOS 18.6.2 with default settings over the course of 7 days using mitmproxy's WireGuard mode. The device was used as a normal daily driver (apps opened, routes walked, payments made).

mitmweb --web-host 100.64.0.7 --mode wireguard --set allow_hosts="mitm\.it|.*\.ls\.apple\.com|gs-loc\.apple\.com" --listen-host 167.99.85.207 -w apple.flow --set view_filter="mitm\.it|.*\.ls\.apple\.com|gs-loc\.apple\.com"

Efforts were made to ensure only traffic for location services were captured and to prevent decryption of irrelevant data.

Routing & Traffic

The primary endpoints associated with this setting are:

https://gsp10-ssl.apple.com/pds/pd. Contains a large array of a structure containing GPS coordinates, timestamps, and other sensor measurements.
https://gsp10-ssl.apple.com/au. Contains a list of app bundle identifiers, GPS coordinates, and timestamps

Between 3 and 4 requests were observed per day varying from 1.5kb to 124kb in size, directly corresponding to the number of steps taken since the previous request
The GPS locations are highly accurate and not obfuscated with technology like differential privacy. I could spot the exact table I sat at events and the general room I stayed in.
Requests to the 2 endpoints are usually made within milliseconds of each other.

Data is collected, aggregated, and sent in batches, tying lots of unique data points together.

The map shows just a single request, really visualizing how densely the points are packed.

The requests also include device fingerprints (locale, OS version) and a unique UUID.

In terms of timing, requests tend to be sent while the phone is plugged in and idle. Oddly, requests also occur to be triggered when the alarm goes off.

TODO: Get a rooted phone and ripgrep through where that ID may be stored to be tied back to request

Apple Pay Merchant Information

The only associated endpoint is https://gsp-ssl.ls.apple.com/dispatcher.arpc

Decoded data from a collected request:

"6": {
  "card_type": "MasterCard",
  "currency": "EUR",
  "16": 1,
  "17": "8D0DDB68-0C2D-4A39-AD20-77454B02D876",
  "18": 0,
  "merchant": "2TL BRUSSEL, NOORD",
  "21": "",
  "timestamp": 4739811754110877696,
  "8": 0,
  "9": 1
}

Card provider
Currency
Transaction ID
Merchant name
Timestamp

Surprisingly, disabling the toggle only stops uploading the data, not collection. Data is stored locally until you re-enable the setting, at which point it’s uploaded. In this case, the timestamp (4739811754110877696 → Aug 30, 2025) is from a week before September 6th when this request was observed. All analytics settings were turned off at the time.

Improve Maps & iPhone Analytics

Endpoint: https://gsp64-ssl.ls.apple.com/hvr/v3/use

This endpoint doesn’t use protobuf, so decoding is limited to string analysis. Observed payloads include:

Subsets of open apps (Network extensions like WireGuard, Mullvad, Little Snitch were observed)
Addresses linked to the Apple account even if not currently nearby. For example, I observed multiple Cardiff addresses despite being in Cambridge. Searching through the phone reveals that they come from the Contacts app.
IPs and ports the device is connected to
BSSIDs

With settings disabled, requests are still sent, but reduced to just home location and timestamps.

Endpoint summary

Domain	Path(s)	Controlled by Setting	Data Sent	Notes
`gsp10-ssl.apple.com`	`/pds/pd`, `/au`	Routing & Traffic	GPS coordinates, travel speed, barometric pressure, app launches near POIs	Sent continuously; “anonymous” but easily linkable via app/device data
`gsp-ssl.ls.apple.com`	`/dispatcher.arpc`	Apple Pay Merchant Identification	Card provider, currency, transaction ID, merchant name, timestamp	Data still collected locally when disabled; uploaded once re-enabled
`gsp64-ssl.ls.apple.com`	`/hvr/v3/use`	Improve Maps & iPhone Analytics	Open apps (esp. network tools), Apple account–linked addresses, IPs and ports, BSSIDs, timestamps	Requests persist even when disabled, but with reduced detail
`gsp10-ssl.apple.com`	`/hcy/pbcwloc`	Improve Location Services	Nearby BSSIDs, cell provider, location, movement/activity	Passive Wi-Fi/cell scanning; builds Apple’s positioning database

When and where is location data collected?

Apple’s terms use vague phrases like “in transit” and “points of interest.” In practice, these cover nearly all daily activity:

Transit applies whenever your phone is moving, whether you’re walking, cycling, or driving.
Points of interest applies whenever you stop somewhere with a map label - your home, workplace, shops, restaurants, and so on.

The result is that your iPhone sends location data whether you’re moving or standing still, essentially all the time. During testing, I saw logs for every commute, every stop at a shop or restaurant, and every app I opened throughout the week.

Cross-request correlation and deanonymization

Apple’s traffic is highly susceptible to correlation across requests. Analytics data is usually sent in batches by background daemons, which means requests often share near-identical timestamps. For example, /pds/pd and /au are almost always transmitted within milliseconds of each other, and their GPS coordinates and timestamps can be matched to link app usage with a specific route.

Beyond timing, every request carries device fingerprints, locale, iOS version, user agent, and IP address. Combined with the set of installed apps (which Apple already knows for each account), these details form a unique device profile. Even if Apple labels traffic as “anonymous,” the mix of app usage, device metadata, and network identifiers makes it straightforward to connect requests back to an individual user.

Privacy implications and adversaries

Passive network observer (ISP, VPN provider, DNS resolver)

Can see frequency, timing, and size of requests, though the payload is encrypted.
Because requests are usually sent when the phone is plugged in and idle, an observer can infer certain device states from traffic patterns. Over time, this rhythm reveals aspects of the user’s daily habits.
Request size also correlates with movement: the more you travel, the larger the batch of location points, and thus the larger the encrypted request.

Overall, Apple’s choice to delay and batch uploads reduces what passive observers can infer in real time, but longer-term patterns still leak useful information.

Active network observer (e.g. corporate VPN with MITM)

An active network observer, such as a corporate VPN that performs MITM decryption, gains visibility comparable to Apple itself while also linking the traffic directly to employee identities.

The main risk lies in aggregation: routes and app launches recorded at home may not be uploaded immediately but instead transmitted hours later during work hours when the VPN is active. Combined across multiple employees, this delayed reporting can reveal private relationships, conversations, or off-record activities.

Governments and Apple

Consider a scenario: after an attack, investigators want to know who was present. They could compel Apple to provide all location-service requests from the area, along with the source IP addresses. With those, they can also obtain authenticated traffic sent from the same IPs, building a list of potential suspects.

That dataset would contain:

Device metadata from ARPC requests (locale, iOS version, etc.).
Routes taken, technically “anonymous,” but timestamped and precise.
Lists of apps opened at specific locations.

By aligning timing between (2) and (3), investigators can link routes to app usage. Then, by cross-referencing with the list of installed apps Apple already knows per user, they can map (1) to (3) and deanonymize individuals. The reconstructed routes can also point to private addresses, workplaces, or safehouses.

In the hands of an authoritarian state, the same process could be used to monitor everyone who attended a protest, then trace each person back to their home. Hence the often-heard advice: “Don’t bring your phone to demonstrations.”

TODO:

Cross service correlation: Other Apple system services, possibly authenticated, are sent from the same IP address and may contain information that could be matched to the "anonymous" data.

App uniqueness: Poll on app-install combinations to demonstrate how uniquely idenntifying they are within a given population or IP range.

Perspective of a network adversary: How much can an ISP glean from use the traffic patterns and sizes. Train a ML model. (DEAD! ML model doesn't work for motion activity due to batching and delays. Instead, we can tell how much a user has moved)

Match paths together based on start/end points for a multi-day movement report

[WIP] Update patterns of Apple's location database

Over the course of a week, I recorded 436,771 location changes and 10,301 unique BSSIDs across 10 evenly distributed groups of 5 tile keys.

Average distance change: 0.69 m
Minimum distance: 0.01 m
Maximum distance: 24.87 m
Standard deviation: 1.01 m

At first glance, the average distance and tight standard deviation seem artificial. Digging deeper, the update behavior looks even stranger:

Most changes involved oscillating between just a handful of unique coordinates (typically 1–6 based on the number of days of recorded data), even though some access points showed up to 93 separate “update” events. This strongly suggests that only one genuine update occurs per day, with locations oscillating during the update window rather than reflecting real movement.

Every day, there is a consistent 5-hour update window, from 05:00 to 09:00 UTC, during which database entries are refreshed. Each access point is guaranteed at least one update every 24 hours, though many are updated multiple times within the window. This clustering explains the bursts of short intervals seen in the update graphs.

Importantly, the update windows are not isolated to specific tiles. Instead, updates occur across large numbers of tiles simultaneously, implying that Apple maintains a centralized database rather than distributed, region-specific updates.

Wikimedia attack: 2026-03-05

Thu, 05 Mar 2026 00:00:00 +0000

Today, Wikipedia was in read-only mode for a couple of hours due to a security incident.

Post from WMF staff member on Discord:

Hey all - as some of you have seen, we (WMF) were doing a security review of the behavior of user scripts, and unintentionally activated one that turned out to be malicious. That is what caused the page deletions you saw on the Meta log, which are getting cleaned up. We have no reason to believe any third-party entity was actively attacking us today, or that any permanent damage occurred or any breach of personal information.

We were doing this security review as part of an effort to limit the risks of exactly this kind of attack. The irony of us triggering this script while doing so is not lost on us, and we are sorry about the disruption. But the risks in this system are real. We are going to continue working on security protections for user scripts – in close consultation with the community, of course – to make this sort of thing much harder to happen in the future.

You can read up on some sources here:

What the script did

Wow. This worm is fascinating. It seems to do the following:

Inject itself into the MediaWiki:Common.js page to persist globally, and into the User:Common.js page to do the same as a fallback

Uses jQuery to hide UI elements that would reveal the infection

Vandalizes 20 random articles with a 5000px wide image and another XSS script from basemetrika.ru

If an admin is infected, it will use the Special:Nuke page to delete 3 random articles from the global namespace, AND use the Special:Random with action=delete to delete another 20 random articles

EDIT! The Special:Nuke is really weird. It gets a default list of articles to nuke from the search field, which could be any group of articles, and rubber-stamps nuking them. It does this three times in a row.

Source: nhubbard on ycombinator

For some reason, basemetrika.ru was not a registered domain. I have now registered it and thus hopefully nobody else will be able to use it for malicious purposes.

This was not an active attack but simply a mistake by a wikimedia admin.

If the wikimedia foundation would like to take the domain off me, they can contact me at acheong@duti.dev.

I'm worried about the future of open-source

Wed, 04 Mar 2026 00:00:00 +0000

At first glance, this looks like the commit history of just another random vibe coded project. But no, it is in fact the recent commits to go-micro, a project with 22.7k stars that started all the way back in 2015. BcacheFS, a major filesystem, now has ProofOfConcept (a custom AI bot) as co-author on the majority of new commits. The Claude account on GitHub now has so many commits that its GitHub profile fails to even load.

This worries me.

When it's Claude code randomly creating 10GB VM bundles, we point and laugh. When Cline gets supply chain attacked because of a prompt injection, nobody cares because dependence on them is purely individual. Very few build on top of those shaky towers.

But now AI is coming for the foundations of what we build. I personally don't have much confidence in either the quality or security of what AI pumps out.

chardet recently got completely rewritten by AI as a means of license washing (getting rid of LGPL) while breaking various behavior and generally making the quality worse. Again, not a small package. It is a dependency of almost 1 million packages tracked by GitHub.

I don't even know what I want to say yet, other than that I do not like this new iteration of open-source and I believe this behavior will become more widespread over time. Barley anyone gets paid for it, and LLMs are an easy way out of spending the effort maintaining a library.

HackEurope 2026: A short rant on AI and hackathons

Mon, 23 Feb 2026 00:00:00 +0000

HackEurope is over. In many ways, it was a complete shitshow (vibe coded inaccessible UI for participants, lots of delays, miscommunications, and other issues too many to list). But now that the caffeine overdose and sleep deprivation is over, I can say that there were actually some important lessons.

TL;DR:

Front-end is almost everything. There is 0 burden of proof that your project is actually functional or that it has any practical application. As long as it looks cool, investors and non-technical people will eat that up.
Choose your track wisely. Make sure that the track sponsor IS ACTUALLY AT YOUR LOCATION. Most people were under the impression that tracks were per-country when in fact there was a single €1000 prize shared across the 3 countries and the sponsor wasn't actually operating in some.
Choose a problem that is easy to explain. There were 2 minutes to explain. It is a losing game whether or not you explain context. Non-technical people will tune out confused regardless. We were extremely lucky with 2/3 of the evaluators actually knowing about open-source supply chain attacks and being excited about our solution.
Follow the trends. All winners had "AI" as a significant part of their solution.

That being said, I personally wouldn't follow my own advice. I went in with the goal of building something that I would want to maintain long term. Not just AI slop (I fucking hate Lovable).

AI encourages conformity and kills creativity

A solid 90% of the projects there were just vibe coded slop. Even the ideas were AI. You can tell when multiple people implemented the exact same idea with the exact same title, description, and implementation.

While people call me a luddite, I do not particularly hate AI as a tool. My problem is that it has significantly lowered the bar for certain project types and therefore incentivize people who would have otherwise built something cool to instead fit into a mold constrained by the capabilities of AI.

A lot of cool ideas are out of distribution from the training data, and those rarely show up at hackathons anymore. The AI says they're "too hard" and people simply avoid these.

The grand winner was an idea to use LLMs for predicting wildfires caused by lightning strikes, and subsequently using LLMs to orchestrate drones to do cloud seeding and prevent wildfires. Cool UI and all, but there was (at least from observation), nothing actually behind it.

In a now edited post by Anthropic's head of Startup Sales, he mentioned that the winning team (LLM cloud seeding) had only 1 software engineer and 3 non-technicals. The accessibility is cool to see, but it is not expected at all for any of these projects to exist long-term. Just a marketing stunt to claim that code is now a commodity.

It feels like hackathons used to be a place where real startups are made or at least a proxy for the ability of individuals. Now, with everything being front-end only demos, there is no expectation at all for any follow up, and nothing is said of ability except for pitching and trend chasing.

Some other funny ideas I saw:

Stopping AI prompt injecting by scanning every prompt with an LLM (there were multiple duplicates of this)
Using LLMs to control satellites and move them when a Russian satellite gets too close (winner)
"Palantir for tech teams". "A real-time security guardian sitting silently on every dev's machine, scanning their screen, code, and communications to proactively prevent vulnerabilities."

The temptation of LLMs as slop generators

Wed, 31 Dec 2025 00:00:00 +0000

I recently fell down this trap myself. I had an assignment i was rushing, and I suck at writing prose (just look at this post...). I decided to simply note down everything as bullet points. The thoughts were mine, and did research the luddite way of crawling through Google Scholar, Sci-Hub, and random blog posts. I liked the output very much - it conveyed all my arguments and had all the relevant facts. However, it was a bit disordered and probably didn't meet the mark scheme.

So why not put it into an LLM? Surely a language model would be good at language and simply transforming text from one form to another. At first glance, it all looked fine. I see the stats, I see my citations, and there are now full sentences.

But actually reading through the text from top to bottom, it was obvious how shit it was. Important points were missing, and unimportant points were emphasized. The style was disgusting, full of weird em-dash usage and corporate speak I'd never use myself. Every time I corrected it, another mistake would either pop up elsewhere, or it'd over correct to some hippy-speak. This was not a model-specific problem. No matter which model I used: Kimi K2, GPT-5.2, Claude Opus 4.5, Deekseek R2, Gemini 3 Flash, none of them could follow my specific preferences.

$10 and an unreasonable amount of time later, I finally gave up and started rewriting from scratch.

Nobody likes to read AI slop, so why do we keep making more of it?

It's not about the quality of the content, but the aesthetics of delivery.

Not everyone has English as their first language, and even for native speakers, it takes effort to construct prose in a way that flows well and sounds eloquent. In academics, despite linguistic skill not necessarily reflecting the quality of content, bias easily seeps in based on how things are worded.

For example:

Even in software engineering where our assignments are usually to write code, we are assessed on reflective reports and essays where snaky wording can allow a team member with 0 commits to still score a 1st.
In 2024, during a hackathon by Huawei, the team that placed first in the technical round completely fell out of the top 5 simply because English was their second language, whereas my team that scored 4th in the technical round got bumped up to 2nd due to presentation skills alone.

Especially when the substance is entirely beyond the ability of the assessor to comprehend, writing quality becomes the subject of judgment.

LLMs provide an easy way out... It is benchmaxxed on a very specific style reminiscent of how we were taught to do so in middle and high school English: Vary between sentence structures and lengths to avoid sounding repetitive, structure content with numbering to make it easy to keep track, and use bigger words to sound well educated.

However, using LLMs take the soul out of content. It has no understanding of what is important, what's tangential, and happily makes up details not specified. It does put intelligent sounding text though, and that's what the vast majority of non-technical people I've met actually prefer anyways. Instead of reading an email, business report, or anything of substantial length, managers, acquaintances, and even family I know would simply dump it into ChatGPT or Gemini and read their hallucination-ridden output instead.

Furthermore, using an LLM is like gambling. Maybe you'll one-shot it, but probably not. Maybe the next try will be the one where it gets everything right. The probabilistic nature of LLMs as well as the dopamine hit of feeling like you've been productive without actually doing anything. "Ah I've done what would usually take me the whole day to do. I can slack off now" is always at the back of my mind. It makes you feel an illusion of productivity and forget that most of the time spent writing is actually time spent thinking and refining.

Heck, put in "Write an essay on why LLM Slop writing is so tempting" to ChatGPT and it writes a better blog than I do with all my points and more.

2025 in a nutshell

Tue, 30 Dec 2025 00:00:00 +0000

Time flies. I can't believe the year is almost over. The fact that there's barely 6 months left before graduation scares me.

January to April

Mostly just coursework. I let myself slip a little and didn't do much work. Made a cool music player integrated with yt-dlp for Android. Unfortunately, I never managed to switch to Android and thus never bothered implementing all the features I wanted. Maybe next year...

May

Kubernetes. I regret this. It did solve my problem of wanting docker-compose but with storage replication and easily moving between nodes. However, the amount of time I've spent debugging various issues since would've been enough to DIY my own system less complex and thus more reliable for my specific needs. It's in a stable state now though, so hopefully I won't have to touch it much again.
I got into AI again. I tried out all of the popular agents such as Codex, Gemini CLI, Goose, and OpenCode. Codex sucked because OpenAI models are dumb. Gemini had my favorite degree of developer control, but I can't figure out how to pay Google. They keep declining my debit cards. Goose was buggy. OpenCode has good integration with all the providers but lacks control (all changes are auto-approved). Gave up and went back to CopilotChat.nvim.
Slacked off.

Late May to August

Internship at Huawei
Learned a ton about Time Travel Debugging, graphs, and eBPF.
Thought about supply chain security but was shut down for being too difficult to implement due to company politics.
After the internship, I traveled the Netherlands and Belgium

September

Internship at the University of Cambridge. Continued research on Apple's location services which I started working on all the way back in May 2024. GitHub
Also messed with iOS development for data collection, namely creating a Charles Proxy-like app to collect Apple analytics data locally without privacy concerns of an mitmproxy VPN.

October-December

More coursework. Learned React Server Components. Horrible stuff. 10.0 CVE dropped the day after submission.
Failed a bunch of job interviews.
Realized that I might end up unemployed after university.
Joked about having a startup idea (the thing that got rejected by Huawei)
You know what? There might actually be a higher chance of making a successful startup than getting a job.
Started doing market research and designing the product from the business perspective. Hey, if you're reading this and interested in stopping supply chain attacks like xz-utils or Shai-Hulud the NPM worm, email me and maybe we can have a chat.
But of course, I'd still rather be employed and work on my projects part-time & open source rather than being worried about monetization.

2026. The Plan

Uhh, pray.

Applied Software Engineering at Cardiff University actually has one major benefit: you get complete control over your final year project and dissertation. This means that I get to work on a startup without violating the terms of my student visa and graduate with an MVP in hand. From there, I need to run around the UK looking for pre-seed funding. I don't need much, just enough to afford basic rent, food, and internet for a year while I actually get customers and build revenue. I'd like to bootstrap but unfortunately all the money I've earned over the years has gone to university. $57k (£46k back in 2023) from security bounties + £14k from internships + £10k from freelancing while tuition cost £70k over the 3 years means I'll be graduating with around negative £16k in the bank from rent and living expenses.

So yeah, things are looking a bit grim.

Weird Network Reconnects on Arch

Tue, 30 Dec 2025 00:00:00 +0000

Dec 30 05:43:40 fishy NetworkManager[1364]: <info>  [1767073420.5523] device (duti): Activation: successful, device activated.
Dec 30 05:43:40 fishy NetworkManager[1364]: <info>  [1767073420.5683] device (wlan0): supplicant interface state: internal-starting -> disconnected
Dec 30 05:43:40 fishy NetworkManager[1364]: <info>  [1767073420.5684] Wi-Fi P2P device controlled by interface wlan0 created
Dec 30 05:43:40 fishy NetworkManager[1364]: <info>  [1767073420.5685] manager: (p2p-dev-wlan0): new 802.11 Wi-Fi P2P device (/org/freedesktop/NetworkManager/Devices/146)
Dec 30 05:43:40 fishy NetworkManager[1364]: <info>  [1767073420.5686] device (p2p-dev-wlan0): state change: unmanaged -> unavailable (reason 'managed', managed-type: 'external')
Dec 30 05:43:40 fishy NetworkManager[1364]: <warn>  [1767073420.5686] device (p2p-dev-wlan0): error setting IPv4 forwarding to '0': Success
Dec 30 05:43:40 fishy NetworkManager[1364]: <info>  [1767073420.5689] device (wlan0): state change: unavailable -> disconnected (reason 'supplicant-available', managed-type: 'full')
Dec 30 05:43:40 fishy NetworkManager[1364]: <info>  [1767073420.5692] device (p2p-dev-wlan0): state change: unavailable -> disconnected (reason 'none', managed-type: 'full')
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.0093] policy: auto-activating connection 'MyWifi' (134f6382-9241-46b4-90a0-7e052d168eda)
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.0100] device (wlan0): Activation: starting connection 'MyWifi' (134f6382-9241-46b4-90a0-7e052d168eda)
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.0100] device (wlan0): state change: disconnected -> prepare (reason 'none', managed-type: 'full')
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.0468] device (wlan0): set-hw-addr: reset MAC address to de:ad:ba:be:ca:fe (preserve)
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.0509] device (wlan0): state change: prepare -> config (reason 'none', managed-type: 'full')
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.0512] device (wlan0): Activation: (wifi) access point 'MyWifi' has security, but secrets are required.
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.0512] device (wlan0): state change: config -> need-auth (reason 'none', managed-type: 'full')
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.0517] device (wlan0): supplicant interface state: disconnected -> inactive
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.0517] device (p2p-dev-wlan0): supplicant management interface state: disconnected -> inactive
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.0528] device (wlan0): state change: need-auth -> prepare (reason 'none', managed-type: 'full')
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.0531] device (wlan0): state change: prepare -> config (reason 'none', managed-type: 'full')
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.0535] device (wlan0): Activation: (wifi) connection 'MyWifi' has security, and secrets exist.  No new secrets needed.
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.0541] Config: added 'ssid' value 'MyWifi'
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.0541] Config: added 'scan_ssid' value '1'
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.0542] Config: added 'bgscan' value 'simple:30:-70:86400'
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.0542] Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256 SAE'
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.0542] Config: added 'psk' value '<hidden>'
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.6283] device (wlan0): supplicant interface state: inactive -> authenticating
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.6283] device (p2p-dev-wlan0): supplicant management interface state: inactive -> authenticating
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.6830] device (wlan0): supplicant interface state: authenticating -> associating
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.6831] device (p2p-dev-wlan0): supplicant management interface state: authenticating -> associating
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.7385] device (wlan0): supplicant interface state: associating -> completed
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.7385] device (wlan0): Activation: (wifi) Stage 2 of 5 (Device Configure) successful. Connected to wireless network "MyWifi"
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.7385] device (p2p-dev-wlan0): supplicant management interface state: associating -> completed
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.7398] device (wlan0): state change: config -> ip-config (reason 'none', managed-type: 'full')
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.7401] dhcp4 (wlan0): activation: beginning transaction (timeout in 45 seconds)
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.7572] dhcp4 (wlan0): state changed new lease, address=192.168.1.104, acd pending
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.9267] dhcp4 (wlan0): state changed new lease, address=192.168.1.104
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.9425] device (wlan0): state change: ip-config -> ip-check (reason 'none', managed-type: 'full')
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.9442] device (wlan0): state change: ip-check -> secondaries (reason 'none', managed-type: 'full')
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.9444] device (wlan0): state change: secondaries -> activated (reason 'none', managed-type: 'full')
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.9457] device (wlan0): Activation: successful, device activated.
Dec 30 05:49:06 fishy NetworkManager[1364]: <info>  [1767073746.6061] audit: op="connection-update" uuid="bbc81535-f6e4-341f-92ef-7df37432204b" name="Wired connection 1" args="ipv6.addr-gen-mode,ipv6.method,connection.timestamp" pid=14084 uid=1000 result="success"
[ 2327.606933] wlan0: RX AssocResp from de:ad:ba:be:ca:fe (capab=0x1411 status=0 aid=4)
[ 2327.622592] wlan0: associated
[ 2327.706904] wlan0: Limiting TX power to 35 (35 - 0) dBm as advertised by de:ad:ba:be:ca:fe
[ 2331.429787] wlan0: deauthenticating from de:ad:ba:be:ca:fe by local choice (Reason: 3=DEAUTH_LEAVING)
[ 2333.786872] wlan0: authenticate with de:ad:ba:be:ca:fe (local address=de:ad:ba:be:ca:fe)
[ 2333.787662] wlan0: send auth to de:ad:ba:be:ca:fe (try 1/3)
[ 2333.821379] wlan0: authenticated
[ 2333.822532] wlan0: associate with de:ad:ba:be:ca:fe (try 1/3)
[ 2333.930474] wlan0: associate with de:ad:ba:be:ca:fe (try 2/3)
[ 2333.944659] wlan0: RX AssocResp from de:ad:ba:be:ca:fe (capab=0x1411 status=0 aid=1)
[ 2333.957576] wlan0: associated
[ 2333.957667] wlan0: Limiting TX power to 35 (35 - 0) dBm as advertised by de:ad:ba:be:ca:fe
[ 2338.461674] wlan0: deauthenticating from de:ad:ba:be:ca:fe by local choice (Reason: 3=DEAUTH_LEAVING)
[ 2340.751310] wlan0: authenticate with de:ad:ba:be:ca:fe (local address=de:ad:ba:be:ca:fe)
[ 2340.752571] wlan0: send auth to de:ad:ba:be:ca:fe (try 1/3)
[ 2340.786019] wlan0: authenticated
[ 2340.786568] wlan0: associate with de:ad:ba:be:ca:fe (try 1/3)
[ 2340.800918] wlan0: RX AssocResp from de:ad:ba:be:ca:fe (capab=0x1411 status=0 aid=1)
[ 2340.838602] wlan0: associated
[ 2340.838679] wlan0: Limiting TX power to 35 (35 - 0) dBm as advertised by de:ad:ba:be:ca:fe
[ 2344.497748] wlan0: deauthenticating from de:ad:ba:be:ca:fe by local choice (Reason: 3=DEAUTH_LEAVING)
[ 2346.767408] wlan0: authenticate with de:ad:ba:be:ca:fe (local address=de:ad:ba:be:ca:fe)
[ 2346.768118] wlan0: send auth to de:ad:ba:be:ca:fe (try 1/3)
[ 2346.801876] wlan0: authenticated
[ 2346.802617] wlan0: associate with de:ad:ba:be:ca:fe (try 1/3)
[ 2346.813667] wlan0: RX AssocResp from de:ad:ba:be:ca:fe (capab=0x1411 status=0 aid=1)
[ 2346.825683] wlan0: associated
[ 2346.855327] wlan0: Limiting TX power to 35 (35 - 0) dBm as advertised by de:ad:ba:be:ca:fe
[ 2351.528729] wlan0: deauthenticating from de:ad:ba:be:ca:fe by local choice (Reason: 3=DEAUTH_LEAVING)
[ 2357.303297] wlan0: authenticate with de:ad:ba:be:ca:fe (local address=de:ad:ba:be:ca:fe)
[ 2357.304282] wlan0: send auth to de:ad:ba:be:ca:fe (try 1/3)
[ 2357.335522] wlan0: authenticated
[ 2357.336873] wlan0: associate with de:ad:ba:be:ca:fe (try 1/3)
[ 2357.344912] wlan0: RX AssocResp from de:ad:ba:be:ca:fe (capab=0x1011 status=0 aid=1)
[ 2357.358139] wlan0: associated
[ 2357.412622] wlan0: Limiting TX power to 35 (35 - 0) dBm as advertised by de:ad:ba:be:ca:fe
Dec 30 05:43:45 fishy NetworkManager[1364]: <info>  [1767073425.9457] device (wlan0): Activation: successful, device activated.
Dec 30 05:43:49 fishy systemd-networkd[1206]: wlan0: DHCPv4 address 192.168.1.104/24, gateway 192.168.1.1 acquired from 192.168.1.1
Dec 30 05:43:50 fishy tailscaled[1477]: LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=enp0s20f0u1c4i2 ifs={duti:[10.8.0.7/24] enp0s20f0u1c4i2:[172.20.10.2/28 240e:430:2a11:c5dd:5af6:e64a:6c3d:e896/64 240e:430:2a11:c5dd:b890:47ff:fe0a:8ca8/64 llu6] tailscale0:[100.64.0.8/32 fd7a:115c:a1e0::8/128 llu6] wlan0:[192.168.1.104/24]} v4=true v6=true}
Dec 30 05:43:50 fishy tailscaled[1477]: LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=enp0s20f0u1c4i2 ifs={duti:[10.8.0.7/24] enp0s20f0u1c4i2:[172.20.10.2/28 172.20.10.5/28 240e:430:2a11:c5dd:5af6:e64a:6c3d:e896/64 240e:430:2a11:c5dd:b890:47ff:fe0a:8ca8/64 llu6] tailscale0:[100.64.0.8/32 fd7a:115c:a1e0::8/128 llu6] wlan0:[192.168.1.104/24]} v4=true v6=true}
Dec 30 05:45:11 fishy tailscaled[1477]: LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=enp0s20f0u1c4i2 ifs={duti:[10.8.0.7/24] enp0s20f0u1c4i2:[172.20.10.2/28 240e:430:2a11:c5dd:5af6:e64a:6c3d:e896/64 240e:430:2a11:c5dd:b890:47ff:fe0a:8ca8/64 llu6] tailscale0:[100.64.0.8/32 fd7a:115c:a1e0::8/128 llu6] wlan0:[192.168.1.104/24]} v4=true v6=true}
Dec 30 05:45:11 fishy tailscaled[1477]: LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=enp0s20f0u1c4i2 ifs={duti:[10.8.0.7/24] enp0s20f0u1c4i2:[172.20.10.2/28 172.20.10.5/28 240e:430:2a11:c5dd:5af6:e64a:6c3d:e896/64 240e:430:2a11:c5dd:b890:47ff:fe0a:8ca8/64 llu6] tailscale0:[100.64.0.8/32 fd7a:115c:a1e0::8/128 llu6] wlan0:[192.168.1.104/24]} v4=true v6=true}
Dec 30 05:47:10 fishy tailscaled[1477]: LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=enp0s20f0u1c4i2 ifs={duti:[10.8.0.7/24] enp0s20f0u1c4i2:[172.20.10.2/28 240e:430:2a11:c5dd:5af6:e64a:6c3d:e896/64 240e:430:2a11:c5dd:b890:47ff:fe0a:8ca8/64 llu6] tailscale0:[100.64.0.8/32 fd7a:115c:a1e0::8/128 llu6] wlan0:[192.168.1.104/24]} v4=true v6=true}
Dec 30 05:47:10 fishy tailscaled[1477]: LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=enp0s20f0u1c4i2 ifs={duti:[10.8.0.7/24] enp0s20f0u1c4i2:[172.20.10.2/28 172.20.10.5/28 240e:430:2a11:c5dd:5af6:e64a:6c3d:e896/64 240e:430:2a11:c5dd:b890:47ff:fe0a:8ca8/64 llu6] tailscale0:[100.64.0.8/32 fd7a:115c:a1e0::8/128 llu6] wlan0:[192.168.1.104/24]} v4=true v6=true}
Dec 30 05:48:32 fishy tailscaled[1477]: LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=enp0s20f0u1c4i2 ifs={duti:[10.8.0.7/24] enp0s20f0u1c4i2:[172.20.10.2/28 240e:430:2a11:c5dd:5af6:e64a:6c3d:e896/64 240e:430:2a11:c5dd:b890:47ff:fe0a:8ca8/64 llu6] tailscale0:[100.64.0.8/32 fd7a:115c:a1e0::8/128 llu6] wlan0:[192.168.1.104/24]} v4=true v6=true}
Dec 30 05:48:32 fishy tailscaled[1477]: LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=enp0s20f0u1c4i2 ifs={duti:[10.8.0.7/24] enp0s20f0u1c4i2:[172.20.10.2/28 172.20.10.5/28 240e:430:2a11:c5dd:5af6:e64a:6c3d:e896/64 240e:430:2a11:c5dd:b890:47ff:fe0a:8ca8/64 llu6] tailscale0:[100.64.0.8/32 fd7a:115c:a1e0::8/128 llu6] wlan0:[192.168.1.104/24]} v4=true v6=true}
Dec 30 05:49:06 fishy tailscaled[1477]: LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=enp0s20f0u1c4i2 ifs={duti:[10.8.0.7/24] enp0s20f0u1c4i2:[172.20.10.2/28 240e:430:2a11:c5dd:5af6:e64a:6c3d:e896/64 240e:430:2a11:c5dd:b890:47ff:fe0a:8ca8/64 llu6] tailscale0:[100.64.0.8/32 fd7a:115c:a1e0::8/128 llu6] wlan0:[192.168.1.104/24]} v4=true v6=true}
Dec 30 05:49:06 fishy tailscaled[1477]: LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=enp0s20f0u1c4i2 ifs={duti:[10.8.0.7/24] enp0s20f0u1c4i2:[172.20.10.2/28 172.20.10.5/28 240e:430:2a11:c5dd:5af6:e64a:6c3d:e896/64 240e:430:2a11:c5dd:b890:47ff:fe0a:8ca8/64 llu6] tailscale0:[100.64.0.8/32 fd7a:115c:a1e0::8/128 llu6] wlan0:[192.168.1.104/24]} v4=true v6=true}
Dec 30 05:51:05 fishy tailscaled[1477]: LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=enp0s20f0u1c4i2 ifs={duti:[10.8.0.7/24] enp0s20f0u1c4i2:[172.20.10.2/28 240e:430:2a11:c5dd:5af6:e64a:6c3d:e896/64 240e:430:2a11:c5dd:b890:47ff:fe0a:8ca8/64 llu6] tailscale0:[100.64.0.8/32 fd7a:115c:a1e0::8/128 llu6] wlan0:[192.168.1.104/24]} v4=true v6=true}
Dec 30 05:51:05 fishy tailscaled[1477]: LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=enp0s20f0u1c4i2 ifs={duti:[10.8.0.7/24] enp0s20f0u1c4i2:[172.20.10.2/28 172.20.10.5/28 240e:430:2a11:c5dd:5af6:e64a:6c3d:e896/64 240e:430:2a11:c5dd:b890:47ff:fe0a:8ca8/64 llu6] tailscale0:[100.64.0.8/32 fd7a:115c:a1e0::8/128 llu6] wlan0:[192.168.1.104/24]} v4=true v6=true}
Dec 30 05:52:33 fishy tailscaled[1477]: LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=enp0s20f0u1c4i2 ifs={duti:[10.8.0.7/24] enp0s20f0u1c4i2:[172.20.10.2/28 240e:430:2a11:c5dd:5af6:e64a:6c3d:e896/64 240e:430:2a11:c5dd:b890:47ff:fe0a:8ca8/64 llu6] tailscale0:[100.64.0.8/32 fd7a:115c:a1e0::8/128 llu6] wlan0:[192.168.1.104/24]} v4=true v6=true}
Dec 30 05:52:33 fishy tailscaled[1477]: LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=enp0s20f0u1c4i2 ifs={duti:[10.8.0.7/24] enp0s20f0u1c4i2:[172.20.10.2/28 172.20.10.5/28 240e:430:2a11:c5dd:5af6:e64a:6c3d:e896/64 240e:430:2a11:c5dd:b890:47ff:fe0a:8ca8/64 llu6] tailscale0:[100.64.0.8/32 fd7a:115c:a1e0::8/128 llu6] wlan0:[192.168.1.104/24]} v4=true v6=true}

My internet kept disconnecting and reconnecting in a loop. Only seemed to happen on one specific network in China.

What ended up being the problem was having both NetworkManager and systemd-networkd active at the same time. I don't know why that was the case but never had problems before. Probably due to this specific network being unstable and thus leading to the race condition.

Solution was to simply

sudo systemctl disable --now systemd-networkd.service
sudo systemctl disable --now systemd-resolved.service
sudo systemctl mask systemd-networkd.service
sudo systemctl mask systemd-networkd-varlink.socket
sudo systemctl mask systemd-networkd.socket

Posting here so the next person that searches these strings from their logs can find it.

Sometimes, iwd and wpa_supplicant are also both active. Just disable iwd

sudo pacman -Rcns iwd

You may need to reboot your laptop and later edit connections using nm-connection-editor to use wlp0s20f3 instead of wlan0

Failing a Java interview by NOT CONFIGURING NEOVIM CORRECTLY

Tue, 30 Dec 2025 00:00:00 +0000

So I'm not really a Java programmer, but I can write Java since all university coursework pretty much mandates it. But since I haven't written it in a while, I didn't properly set it up when I rewrote my Neovim config.

Q: Why are you applying to a Java position if you're not a Java programmer?

A: Those are the only jobs around...

Before the interview, I set up nvim-java as usual and tested that it worked with a simple Java file, not thinking much of it. Definitions, errors, formatting, all working.

Then, during the interview, I decided it was probably a good idea to set up a proper gradle project with testing and whatnot. But then everything fell apart. jdtls gave me the most random errors such as 1. String cannot be resolved to a type [16777218] and 1. System cannot be resolved [570425394].

I didn't know how much time it'd take to solve the issue, and obviously spending the entire interview debugging a neovim config was a bad idea. The interviewer was already annoyed at that point: "You know when you start working a real job, you'd need a real IDE.". I had already uninstalled IntelliJ a couple months back after my last Java coursework, and for such a large package, it was gonna take forever to download.

So VSCode it was.

However, the combination of Java, VSCode, and Google Meet caused my CPU to run at 100% and crashed my laptop. For the entire rest of the interview, I was thermal throttled with a couple seconds latency between a key press and text showing up on screen. I ultimately ran out of time by ~5 seconds which infuriates me since that is significantly less than the time wasted by performance issues.

After the interview, I solved the problem in barely 5 minutes. Shorter than the amount of time it took to recover from all the crashes.

The reason appears to be that nvim-java defaults to Java 17 found at ~/.local/share/nvim/nvim-java/packages/openjdk/17/ while Gradle was using Java 25. Some weird combination of the configuration made the JDK fail to load.

The solution here was really simple:

vim.lsp.config("jdtls", {
  settings = {
    java = {
      configuration = {
        runtimes = {
          {
            name = "JavaSE-25",
            path = "$HOME/.sdkman/candidates/java/current",
            default = true,
          },
        },
      },
    },
  },
})

The correct solution might actually be to just get a better laptop, but unfortunately I'm broke. So Neovim it is.

Visiting China: Some thoughts and observations

Wed, 17 Dec 2025 00:00:00 +0000

Context

I lived in China between approximately 2008-2012 in Beijing and 2018-2023 in Chongqing where my father works as an engineer. My point of reference will mostly be comparing to Malaysia, my home country, and the UK, where I am currently studying for my bachelor's degree.

Pollution

This was the first thing I noticed as the plane landed in Chongqing. I could barely see beyond a hundred meters. Perhaps that is why the country feels so dystopian, with everything being the same shade of gray. The problem was meant to have been fixed years ago when more than half the cars on the road became electric and factories were moved to other provinces. Perhaps it was just that week when the wind blew from the wrong direction. I remember it being somewhat clearer back in 2023, though of course nothing like the UK or Malaysia. The sun in China never felt warm. I doubt its possible to get sunburns when most of the UV gets absorbed by dust.

Then I fly to Beijing. The skies are a clear blue, a stark contrast to when I was last there in 2012. Apparently they planted a whole bunch of trees near the Gobi Desert to stop the sandstorms. The buildings were all still the same tall communist blocks with no sense of style. Much different to Chongqing's cyberpunk theme.

Hyper-capitalism

Attention economy

Streamers are the new big thing in China. They promote products on TikTok (Douyin) and take a commission. I heard some of them have deals with manufacturers to sell branded products that fail QA at a discount. It honestly scares me how this has become almost the primary medium for purchasing certain products like clothing. Everywhere I go: on public transport, at restaurants, I can always hear someone watching a streamer without headphones.

Unsustainable competition

Everything seems to be dirt cheap. Maybe the UK has just had too much inflation but I refuse to believe these prices are sustainable. ¥30 (~£3) for a winter jacket, ¥16 (£1.7) for a bowl of ramen with beef, and various cheap toys for ¥5. How is anyone making a profit? Apparently the Chinese government has even stepped in to stop EV prices from dropping even further such that companies must compete on quality instead. Surely resources can be better allocated (e.g. Fixing their undrinkable tap water) rather than burnt on a bunch of low cost, low quality products.

Gambling and loot boxes

Usually I associate this problem with western game companies, but somehow China has made it worse. While trying to buy a train ticket the other day, rather than simply letting me pay, it became a sort of lottery system where you can pay or send an affiliate link to friends to boost your chances of actually getting the ticket. This sort of dark pattern shows up everywhere. When calling for a taxi via WeChat, various pop ups show up that lead you to gamble for discounts. As someone that barely knows Chinese, I keep misclicking on the wrong options to close the pop-up. If it really is a government for the people, why haven't they made any European-style regulations on this? China is feeling more and more similar to the US.

Low wages

Saw a job posting at a restaurant I was eating at yesterday. ¥25-¥35 per hour for a waiter and janitor. I suppose that is survivable based on the low cost of living but it really is so much lower than minimum wage. Mind you, this is in Beijing, not some rural village.

Overall, I don't like the direction China is moving in. There is nothing communist about it & if you have a dictatorship that favors companies over people, might as well just become an oligarchic democracy like the US.

Demographic changes in international schools

Ever since the trade war with the US, many international companies have moved to Vietnam and Malaysia. Korean companies have downsized and now hire more locally. It used to be that international schools would consist of rougly ~70% Koreans, 20% Chinese, and 10% other. Now, Chinese students make up more than 80%. This is weird when you consider that Chinese nationals are banned from attending international schools. Apparently many of them pay millions to get a citizenship or green card in European countries.

A change in behavior among 富二代

"富不过三代" was a common saying back in the day in reference to how lazy the children of the newly rich were. Those kids blew their parent's money on lavish parties and luxury goods while never getting good grades in class. They didn't have to. They could always just live off their parent's hoard.

This seems to have changed recently. Rich kids here are now getting pushed into multiple tutoring sessions a day, often with expensive teachers from abroad. Beyond academics, they also do violin, ballet, art, all at once. Why this change, I have no idea. There were some rare cases of this before, but now it has somehow become the norm.

Internet censorship

Well, not much has changed here. Everything is still blocked. GitHub loads painfully slow, and I can't even download anything off PyPi. Thankfully VPNs still work. Even Wireguard which makes no effort to conceal its handshake protocol is easily accessible and let through by the firewall. Cardiff University's firewall is more strict than this. I swear there is some corruption somewhere within Cardiff. Mullvad's website is blocked while their official documentation recommends NordVPN. Who is taking the commission, I want to know... (I've gone off topic)

Anyways, everyone I know here uses VPNs. Even non-technical boomer parents are bound to have friends that know. It feels relatively safe to ignore whatever government policy exists.

In contrast, the UK's new proposals to require age verification for VPN use scares me. In China, if they want to go after you, they must first go after a large segment of their own population. In the UK, barely anyone uses VPNs, and so there would be significantly less backlash if they started arresting a few random tech people.

On the topic of backlash, the UK government can seemingly ignore any dissent from the general public without repercussion. The population is docile. Rather than risking anything in protesting, we'd rather wait till the next election to once again vote in the lesser of two evils. Unlike Southeast Asia where governments are constantly in fear of simply being overthrown, the UK has a bunch of elitist snobs that think "populism" = bad. Off topic again...

So yeah, I don't actually mind the censorship too much if the law is only there on a surface level.

TODO

Add photos
I'll add more random thoughts later. I'm still in China.

Update: I lost my phone along with all my photos. There will be no update...

Snippet: GitHub workflow to sync downstream forks

Sat, 06 Dec 2025 00:00:00 +0000

Had enough of going through the all the personal forks I have of projects where I containerize them and make personal preference changes that will never make it into upstream. Here's a dead simple workflow for rebase and force push.

name: Sync Fork with Upstream (Force Push)

on:
  schedule:
    - cron: '0 1 * * *'
  workflow_dispatch:

# ============================================
# CONFIGURATION - Edit these for your fork
# ============================================
env:
  UPSTREAM_REPO: 'https://github.com/iv-org/invidious-companion.git'
  UPSTREAM_BRANCH: 'master'
  FORK_BRANCH: 'master'
# ============================================

jobs:
  sync:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          ref: ${{ env.FORK_BRANCH }}
          fetch-depth: 0

      - name: Configure Git identity
        run: |
          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git config user.name "github-actions[bot]"

      - name: Add upstream and fetch
        run: |
          git remote add upstream ${{ env.UPSTREAM_REPO }}
          git fetch upstream

      - name: Rebase fork onto upstream
        id: rebase
        run: |
          git checkout ${{ env.FORK_BRANCH }}

          # Attempt rebase
          if git rebase upstream/${{ env.UPSTREAM_BRANCH }}; then
            echo "result=clean" >> $GITHUB_OUTPUT
          else
            echo "result=conflict" >> $GITHUB_OUTPUT
            git rebase --abort || true
          fi

      - name: Force push if clean
        if: steps.rebase.outputs.result == 'clean'
        run: |
          git push --force-with-lease origin HEAD:refs/heads/${{ env.FORK_BRANCH }}
          echo "Rebase clean — ${{ env.FORK_BRANCH }} updated from upstream/${{ env.UPSTREAM_BRANCH }}."

      - name: Create or update conflict issue
        if: steps.rebase.outputs.result == 'conflict'
        uses: peter-evans/create-issue-from-file@v5
        with:
          title: 'Upstream Sync Conflict'
          content-filepath: .github/conflict-notice.md
          labels: upstream-sync, conflict

You need to create a .github/conflict-notice.md file with just some text/instructions in case rebase fails. It'll open an issue informing you about it.