I have a 60L fish tank in my Tokyo apartment on around the 10th floor. It's sitting on stand that is not bolted to the wall. I have several friends with similar setups.
In the last 6 years there have been two or three earthquakes that caused enough water to slosh on to the floor.
Of those only the 2021 Fukushima earthquake caused any fish to slosh out - perhaps 10 medaka if I recall correctly. Luckily I was home and I was able to save all the fish, however there was one adult red cherry shrimp that didn't make it because I had trouble picking it up off the floor. I cleaned up the water with some paper towels and it didn't seem to cause any lasting damage.
I think if I had a 600 lb (270L?) tank or expensive fish though I would probably have a different perspective.
I also got a lot of value out of wanikani even without completing it.
I tried and failed several times to get started with Anki before having success with Wanikani. The key diffentiator for me was the learning step. Anki is great for remembering things you were taught or learned outside of it, but using Anki to learn new things is very much a learned skill that Wanikani holds your hand through.
I have N2 and am working on N1 now, and feel I still have a very long way to go before getting to CEFR C1. Now I only use Anki with the yomitan and takoboto integrations to quickly add any words I look up, which seems to be working well.
These tokens never expire, and there is no way for organization administrators to get them to expire (or revoke them, only the user can do that), and they are also excluded from some audit logs. This applies not just to gh cli, but also several other first party apps.
After discussing our concerns about these tokens with our account team, we concluded the only reasonable way to enforce session lengths we're comfortable with on GitHub cloud is to require an IP allowlist with access through a VPN we control that requires SSO.
I believe that some enterprise RAG solutions create a per user index to solve this problem when there are lots of complex ACLs involved. How vendors manage this problem is an important question to ask when analyzing RAG solutions.
At my current company at least we call this "権限混同" in Japanese - Literally "authorization confusion" which I think is a more fun name
Exactly. We often end up doing 'direct' retrieval (ex: DB query gen) to skip the time suck , costs , and insecurity of vector RAG, and per user indexing for the same. Agentic reasoning loops means this can be better quality and faster anyways.
Sometimes hard to avoid though, like our firehose analyzers :(
Now, I've done it by email! (although still using the convenience store for print/scan)
Unfortunately, https://www.sec.state.ma.us/ is geo-blocked for all of Japan (and several other countries AFAICT) "due to cybersecurity reasons", so I can no longer check/update my registration to vote without a VPN. I tried contacting different parts of the MA state government to get it unblocked several times over the past few years, but had no success. I have no idea what the other MA-voting residents of Japan do.
Last time I contacted the secretary of state's office via my state representative, they were kind enough to temporarily unblock my home IP address for one week though!
Indiana is also geo-blocked outside the US. I've tried contacting the secretary of state's office and they sent me a form reply with a link to the geo-blocked site.
I wonder how many other states have their voting portals geo-blocked.
Cat's Cradle is one of my favorite books, but to be honest, I've never found it that funny - at least not in the sense that it makes me laugh much. What do you find so funny about it?
Everything about it is funny. Humans are absurd, and Cat’s Cradle revels in the absurdity. It’s funny in the same way atom bombs are funny, that our species would hate itself so much as to make a weapon that could destroy us all, and like, we ignore it almost all of the time? Bokonon and the dictator becoming their roles is absurd, but aren’t people this absurd?
Also, there are a lot of chapters. Every single chapter break is there to let a punchline sink in. It’s a literary pause for laughter.
Sometimes it’s a whole scene, but sometimes the only reason for a new chapter is comic timing. Or to shove more jokes in the chapter titles, of course. So I wouldn’t say they were discrete, as a break could come in the middle of a scene.
Seeing Vonnegut use chapter breaks for all sorts of purposes — dramatic, comic timing, scene breaks, suspense, etc — really encouraged me to use shorter chapters in some of my own writing, along with some of the techniques. Just like metadata is data, chapter breaks, line breaks, and white space are text. Of course the more you use it for tricks, the more you see the fourth wall, which might not match your tone — like all techniques there’s always a trade-off. More tonally serious works that use short chapters tend to avoid chapter titles, for instance.
If you can access the classloader that's pretty bad, it's likely people will find other gadgets.
It's insane to me though that class.* isn't completely disallowed. What is the legitimate use case for deserializing allowing web requests to call setters in the reflection API?
Also, agree it is impressive to me how much bad information I've seen.
I believe accessing the `class` object here is a mistake. You can see my analysis here where I trace the POC https://news.ycombinator.com/item?id=30862953 but like you said, there are other problematic code paths for sure with this.
I've been able to vote abroad in state/presidential elections from my last address in the US. I do it by email.
My only major hiccup is that the MA secretary of state's website
www.sec.state.ma.us (which has the info about upcoming elections, the tool to check your registration, and the instructions for voting overseas) is blocked in Japan "for cybersecurity reasons". I've tried contacting the department of state and my state representative about this, but nothing's come of it.
The government of Cambridge on the other hand has been quite pleasant to deal with.
Now that I live in Japan, I've come to learn that for Japanese Windows users, seeing the ¥ symbol as a path separator is normal, it isn't a quirk or a bug. In fact, IIRC the copy machine in the closest convenience store shows a ¥ as the path separator when browsing a USB drive, even though I'm almost certain it's not running Windows.
A few years back, I wrote a CTF challenge around this quirk of SHIFT_JIS. It used a python MySQLdb connection set to SHIFT_JIS mode and a custom naïve mysql escape function. The trick was to use a yen symbol and have it get interpreted as an unescaped backslash, leading to a SQL injection. Also it was all over websockets just to be annoying.
But you can always just use a different layout for your keyboard. So eve with a keyboard with physical key engravings in Japanese you could just use a US layout.
In the last 6 years there have been two or three earthquakes that caused enough water to slosh on to the floor.
Of those only the 2021 Fukushima earthquake caused any fish to slosh out - perhaps 10 medaka if I recall correctly. Luckily I was home and I was able to save all the fish, however there was one adult red cherry shrimp that didn't make it because I had trouble picking it up off the floor. I cleaned up the water with some paper towels and it didn't seem to cause any lasting damage.
I think if I had a 600 lb (270L?) tank or expensive fish though I would probably have a different perspective.