All-World ETFs for NISA

My go-to investment is the Vanguard Total World Stock ETF (VT) that includes stocks in close to all companies of the world, so as long as the world economy does well, it goes up. Being a US-based security the dividends are subject to a 10% tax withholding in the US (regardless of me not having to file US taxes). This is not an issue for regular investments, as Japan levies a 20% tax on dividends and due to the tax treaty with the US I can deduct the already paid 10% and only pay the other 10% in Japan (I’m using Interactive Brokers, so I’m doing this myself when filing my taxes).

However I also started doing NISA recently, which is tax-exempt, so I don’t need to pay taxes in Japan on neither the capital gains nor the dividends. But this does not affect the 10% dividend tax levied in the US. So I set out to find a comparable investment that is domiciled outside the US.

Shared bank account for non-married couples in Japan

The internet wisdom seems to agree that shared accounts (or joint accounts) are illegal and impossible in Japan. As a workaround some banks will issue a second card in the name of the spouse (e.g. SMBC), however that’s generally only available for married couples.

So if you live with a partner, but not married, you are out of luck? Not entirely.

Online party games for a multi-lingual family

My partner is Japanese, and speaks English, while my family is Hungarian and speak varying levels of English. This Christmas we had an online board game/party game session, and I got to pick the games.

snyk test docker --fail-on= workaround

I’m running Snyk to scan docker images and break the build if they have high or critical vulnerabilities:

snyk test --severity-threshold=high --docker $IMAGE_NAME

However sometimes the upstream image has high or critical vulnerabilities (e.g. at the times of writing this, debian), so there is very little action one can take (other than moving to a different base image, which is usually not easy). Thus I only want to break the build if there are high or critical vulnerabilities AND they can be fixed by ugrading the base image.

Multi-cluster multi-primary istio on AWS EKS

Recently I was working on setting up istio in a multi-cluster setup following the Install Multi-Primary on different networks guide on EKS clusters. Everything seemed to work (no errors in logs), until I reached the verification step, where requests didn’t go to the other mesh: in CLUSTER1 I always got a response from Hello version: v1, instance: helloworld-v1-86f77cd7bd-cpxhv, while in CLUSTER2 always from Hello version: v2, instance: helloworld-v2-758dd55874-6x4t8.