security out of thin air

I feel so much pity – and sometimes anger – when an exploit is found on some software and you can feel the smugness of security professionals while the poor developer have to scramble and get out a fix as soon as possible.

The security professional’s job is all fun and pretty easy. They just run automated scripts, compile a report, send it to the client and – poof – money out of thin air*. They only report (much of them false positives), they don’t have to fix. I’m willing to bet that the vast majority of security professionals wouldn’t be able to fix it themselves and that if they did, it would still have security issues. Maybe not now, but eventually.

It’s because writing code securely is incredibly hard – even for a security professional. If a developer had to handle all the exploitable cases, they wouldn’t be able to ship any kind of feature.

So to the security professionals that feel all high and mighty because there’s an exploit, just remember, you owe your livelihood to the developer that you label “stupid” or “idiot”. Developers come up of things out of thin air, you’re lucky you get to profit off of it.

Nothing is secure; only nothing is secure.

*The Mission Impossible-esque heist? Yeah, happens once in a while but far from their bread and butter.

How, What, Why

This resonated with me.

Nowadays, I don’t get excited anymore about the mechanics of things. “How” to do something has decidedly become boring; or perhaps it’s that “What” to do and “Why” do it is just more interesting for me now. The “how” takes care of itself.

Sure, I like Ruby on Rails and ReactJS and they’ll still be my goto tools for things that I need to do implement fast and really well UX-wise, respectively. But the end user doesn’t actually care, as long as it works. Sure, coding standards are important, but it should always go hand in hand with shipping something that works.

Kuala Lumpur 2018

November 10 to 16

Highways and Traffic

Almost all their major roads are smoother than SLEX. Traffic looks bearable because cars actually respect lanes. Motorcycles, however, are still pedestrians on engines. This just made me feel frustrated about Manila.

Vortex at KLCC

The unit itself was pretty nice. I guess having a local IKEA does wonders. We had a washing machine. I should’ve brought half the clothes that I did. There’s a pool and sauna that I got to use a bit. The place is right in the middle of the metro, and close to all transpo options.

Free Bus and Aircon Walkways

I wonder who funds it? What if we had that in Manila? How much would it cost? How much would we get out of it? I have a feeling that the benefits would far outweigh the cost.

Pavilion at Bukit Bintang

This place is just awe-inspiring. I get that it’s a high-end mall but, man, the sheer size of the place is just insane.


You’re an adult when you get excited going around IKEA. I saw like 3573839393 things I wanted to buy but couldn’t because 1) money and 2) baggage allowance. Sad life. JJ was exactly the same.

Also, I missed that berry jam on brown sauce for the meatballs. I think I should try going back to Norway one of these years.


I wonder how much those original Mont Blanc bags cost?

Grab to airport

His hood went up twice while we were at the expressway. The first time was really scary because we were going around 120km/h at the fast/overtake lane right next to a truck.

I felt bad for him because the airport was 40 minutes away from the city proper. I wonder how he’s going to have his car fixed.

Waiting for Boarding

Someone hit me up for conversation while waiting – Danny from Muñoz that came from New Zealand on his way home for an emergency with tickets he bought the day before for 1800 NZD. He gets paid 22 NZD per hour.

Intelimina Plans

We actually went there to plan. I felt it was productive and it was nice seeing everyone join in coming up of what we should be working on as a team on one of our products. We didn’t cover the other products, and we totally should, but that’s mostly on me for now.

Back in Manila

It’s hot and traffic is as slow as always. Wrote this at the back of my Grab, going to BGC. I’m back.

On Becoming Who You Are

As it turns out, to “become who you are” is not about finding a “who” you have always been looking for. It is not about separating “you” off from everything else. And it is not about existing as you truly “are” for all time. The self does not lie passively in wait for us to discover it. Selfhood is made in the active, ongoing process, in the German verb werden, “to become.” The enduring nature of being human is to turn into something else, which should not be confused with going somewhere else. This may come as a great disappointment to one who goes in search of the self. What one is, essentially, is this active transformation, nothing more, nothing less. This is not a grand wisdom quest or a hero’s journey, and it doesn’t require one to escape to the mountains. No mountain is high enough.

Just found this passage from one of the few mailing lists I subscribe to. I think that’s by John Kaag as he ruminates on Nietzsche’s philosophy. This is the book. I haven’t read it yet, maybe one of these days.

Love, Like, Dislike, Hate – Meditations on Gifts Part 1

I tried to make this a 5x5x5x5 but I’m taking so much time on the dislike/hate part.

  1. I enjoy learning new skills by applying them. I learn best when under external pressure (I have billed the client already).
  2. I enjoy explaining things to people because it reassures me the level of knowledge that I have – or don’t have – and it forces me to compose my understanding to something that can be communicated.
  3. I enjoy seeing problems get solved with constructs of my design.
  4. I enjoy creating things as part of the process of learning new skills.
  5. I enjoy seeing my progress in mastery of the skill.
  1. I like considering new point of views, trying to view something based on another level’s perspective. I ponder a lot; chewing upon thoughts like chewing gum.
  2. I like talking with other people if we’re talking about concepts or their informed opinions on things and how they’ve come to that opinion.
  3. I like experiencing new things and learning something about myself in the process.
  4. I like helping other people by giving them opportunities.
  5. I like planning out my day, my finances, my food – even though I need to work on the actual following the plan thing.
  1. I dislike talking about mundane things. Can we just skip the small talk and get on with discussing deep stuff?
  2. I dislike social media because it’s distracting and it is a huge time and attention sink, not just for me, but also for other people.
  1. I hate the feeling of lack of resources.
  2. I hate the feeling of rejection.
  3. I hate traveling.
  4. I hate not being able to keep my promises.
special mentions

I have a love-hate relationship with gaming. I like games because they’re mentally engaging. It triggers my min-max persona a lot. Anyone who’ve played with me will be able to tell you how much I get into games.

But games also triggers a sense of losing control on my part. That I just can’t stop myself. It’s an addiction.

There’s also a sense of waste when I play. I’ve invested so much time and effort into playing and I have nothing to show for my investment.


Deploying NextJS to Heroku

This took me quite sometime to figure out, so I hope this helps:

  1. Follow Heroku’s instructions on Getting Started on Node.js up until “Deploy the app”
  2. At this point, visiting your site via heroku open will only show an error
  3. Modify your package.json to include the following scripts:
  4. "scripts": {
      // ...
      "heroku-postbuild": "next build",
      "start": "next start -p $PORT"
  5. Push to Heroku again, and voila, it should now work.

Retention Hypothesis: Trust and Responsibility

For a company in the service business, especially one as small as us, as cliché as it sounds, our people are our greatest asset.

Retaining talent is very important for us to execute at the level that we do.

My hypothesis are the following:

  • Trust your employees to do what’s right for the company
  • Reduce the impact of mistakes

In a fundamental level, the basis of our retention hypothesis is trust. We provide the vision, the direction and the goals but we trust the employees on the implementation details. This is incredibly hard to do, especially if you’re as big as a control freak as I am.

But trust is a two-way street. Once the trust has been broken, it will be an incredibly long process to get it back.

More details in a future post.

Happy Labor Day!