I think they would due to massive financial incentive. On the other hand, a lot more developers might actually be getting compensated for their work, instead of putting their code on the internet for free and then complaining on social media that they feel exploited.
Yeah. I lived in Tokyo for 6 months as a digital nomad (so still working for an overseas employer.) As much as I love Japan, after hearing what the work culture is like I became pretty sure I didn't want to move there permanently. Not only is it an extremely unmeritocratic environment, the pay for software engs is rubbish. As a foreigner you'll more than likely be treated like dirt and passed up on for promotions.
I think it's a shame because Japan is going through a massive tourism boom at the moment. There's surely a huge number of incredibly smart and talented people who would like to bring their skills in and help lift Japan out of its economic slumber. But Japan is still very closed off and shows no signs of wanting to modernise.
I’ve heard people argue that Japan stays appealing because it is closed off and puts effort into maintaining their culture instead of modernizing into a generic western melting pot.
Moving to a different culture and adapting to it is a great way of shaking up your brain.
Moving between very different cultures is a challenge, but the rewards are accordingly nicer, but it really sucks when the new culture doesn’t welcome and integrate you into it.
Some mixing is unavoidable. For instance, here in Ireland, an increasing number of Irish natives are aware of a Brazilian delicacy called "pão de queijo", thanks to the massive number of Brazilian residents. The way student visas work here is that they allow part-time work, and lots of Brazilians go for food services, bringing some of our recipes with them.
Between Hungary and Turkey, something similar happened with the pogacza. I brough some cheese pogacza to the office and a Turkish colleague immediately recognized what it was. We couldn't really figure out which culture it comes from, but we agree it's delicious and dangerously addictive.
I think it's possible to open up without swinging the doors wide open like we have in the UK. There's also the argument that on Japan's current course, there won't be much culture left in a century due to population decline. Japan needs to very quickly correct course without completely submitting to cultural replacement.
It's worth living in Japan if you can control your work schedule, by working for a remote Western employer that may not know nor care that you're outside the West, or by having your own startup and product. Otherwise I'd agree.
Yes, those are the only circumstances I'd recommend for staying in Japan, but they're only short term (1 year or less.) Working holiday is also nice if you're young. I met a few people working in hostels doing it, obviously doesn't pay much but gives you a place to sleep and a means to stay in the country for a while.
Anecdotally at work (SME) we are pretty much all in on ARM. MacBooks with M-series, AWS Graviton instances, even our CI runners are now ARM to match local development.
Don't get too attached. We're witnessing capitalism in its most ruthless form. Any of these companies will discard their principles the moment it becomes existential.
Losing a contract with the Pentagon and potentially all Federal-interacting businesses sounds like a pretty severe monetary hit. One which is hard to recoup by a bunch of $20/month consumer subscriptions.
But this commit doesn't even have to belong to the preceding repository. You can reference a commit on a fork. Great way to sneak in an xz-utils style backdoor into critical CI workflows.
GitHub just doesn't care about security. Actions is a security disaster and has been for over a decade. They would rather spend years migrating to Azure for no reason and have multiple outages a week than do anything anybody cares about.
> But this commit doesn't even have to belong to the preceding repository. You can reference a commit on a fork. Great way to sneak in an xz-utils style backdoor into critical CI workflows.
Wow. Does the SHA need to belong to a fork of the repo? Or is GitHub just exposing all (public?) repo commits as a giant content-addressable store?
It appears that under their system all forks belong to same repo (I imagine they just make _fork/<forkname> ref under git when there is something forked off main repo) presumably to save on storage. And so accessing a single commit doesn't really care about origin(as finding to which branch(es) commit belongs would be a lot of work)
yikes.. there should be the cli equivalent of that warning banner at the very least. combine this with something like gitc0ffee and it's downright dangerous
A YAML linter for it, too. I was appreciating the cron input overlay in the current GitHub Actions VS Code extension. In ghost text beside a cron: 'something' input it gives you a human-readable description. Seems like it could also do a similar thing for actions commit refs, show a simple verification if it corresponds to a tag or not in that repo.
*for ordinary people. If you use AI to steal from rich and powerful people, expect the law to come down on you like a tonne of bricks. If you steal from authors, artists, and developers no worries.
Claude Code’s sandboxing is a complete joke. There should be no ‘off switch.’ Sandboxing should not be opt in. It should not have full read access over the file system by default.
I really want more security people to get involved in the LLM space because everyone seems to have just lost their minds.
If you look at this thing through a security lens it’s horrifying, which was a cause of frustration when Anthropic changed their TOS to ban use of alternative clients with a subscription. I don’t want to use that Swiss cheese.
The Claude sandbox is so antithetical to good security posture it almost seems intentional[0]. Having both "default read to the entire file system" and "the agent can and _will_ disable the sandbox, without even asking the user[1], in order to complete tasks" would not pass muster in a freshman level security course.
[0] assuming a human with security training was involved in the design/prompting of the sandbox development.
[1] Claude has well used mechanisms for asking the user before taking potentionally dangerous actions. Why it is not part of the "disable my own SANDBOX" branches of code is confusing.
reply