security out of thin air

I feel so much pity – and sometimes anger – when an exploit is found on some software and you can feel the smugness of security professionals while the poor developer have to scramble and get out a fix as soon as possible.

The security professional’s job is all fun and pretty easy. They just run automated scripts, compile a report, send it to the client and – poof – money out of thin air*. They only report (much of them false positives), they don’t have to fix. I’m willing to bet that the vast majority of security professionals wouldn’t be able to fix it themselves and that if they did, it would still have security issues. Maybe not now, but eventually.

It’s because writing code securely is incredibly hard – even for a security professional. If a developer had to handle all the exploitable cases, they wouldn’t be able to ship any kind of feature.

So to the security professionals that feel all high and mighty because there’s an exploit, just remember, you owe your livelihood to the developer that you label “stupid” or “idiot”. Developers come up of things out of thin air, you’re lucky you get to profit off of it.

Nothing is secure; only nothing is secure.

*The Mission Impossible-esque heist? Yeah, happens once in a while but far from their bread and butter.

How, What, Why

This resonated with me.

Nowadays, I don’t get excited anymore about the mechanics of things. “How” to do something has decidedly become boring; or perhaps it’s that “What” to do and “Why” do it is just more interesting for me now. The “how” takes care of itself.

Sure, I like Ruby on Rails and ReactJS and they’ll still be my goto tools for things that I need to do implement fast and really well UX-wise, respectively. But the end user doesn’t actually care, as long as it works. Sure, coding standards are important, but it should always go hand in hand with shipping something that works.

Kuala Lumpur 2018

November 10 to 16

Highways and Traffic

Almost all their major roads are smoother than SLEX. Traffic looks bearable because cars actually respect lanes. Motorcycles, however, are still pedestrians on engines. This just made me feel frustrated about Manila.

Vortex at KLCC

The unit itself was pretty nice. I guess having a local IKEA does wonders. We had a washing machine. I should’ve brought half the clothes that I did. There’s a pool and sauna that I got to use a bit. The place is right in the middle of the metro, and close to all transpo options.

Free Bus and Aircon Walkways

I wonder who funds it? What if we had that in Manila? How much would it cost? How much would we get out of it? I have a feeling that the benefits would far outweigh the cost.

Pavilion at Bukit Bintang

This place is just awe-inspiring. I get that it’s a high-end mall but, man, the sheer size of the place is just insane.


You’re an adult when you get excited going around IKEA. I saw like 3573839393 things I wanted to buy but couldn’t because 1) money and 2) baggage allowance. Sad life. JJ was exactly the same.

Also, I missed that berry jam on brown sauce for the meatballs. I think I should try going back to Norway one of these years.


I wonder how much those original Mont Blanc bags cost?

Grab to airport

His hood went up twice while we were at the expressway. The first time was really scary because we were going around 120km/h at the fast/overtake lane right next to a truck.

I felt bad for him because the airport was 40 minutes away from the city proper. I wonder how he’s going to have his car fixed.

Waiting for Boarding

Someone hit me up for conversation while waiting – Danny from Muñoz that came from New Zealand on his way home for an emergency with tickets he bought the day before for 1800 NZD. He gets paid 22 NZD per hour.

Intelimina Plans

We actually went there to plan. I felt it was productive and it was nice seeing everyone join in coming up of what we should be working on as a team on one of our products. We didn’t cover the other products, and we totally should, but that’s mostly on me for now.

Back in Manila

It’s hot and traffic is as slow as always. Wrote this at the back of my Grab, going to BGC. I’m back.