and that's bc SE education FAILED BADLY... almost nothing of what's useful is thought in schools and nothing of what's thought is useful

instead of FIXING education and theory, software engineering marched on forcefully without it

now we need to go back and properly fix education, because an intern should absolutely be required to have the "advanced" skills that we imagine in our deluded minds that only "10+ ys of industry experience" should confer, and that are absolutely required to be even a junior AI-augmented SE

SE/CS education should be rethought from scratch to distill, purify, and teach in 3ys max the concepts that used to be acquired through 10-30ys of experience - it 100% CAN be done, and we should wake tf up and DO IT instead of complaining about it - "advanced enterprise systems" architecture require nothing more than mid-highschool math and can be thought on symulated systems in sem 1 of year 1, it's just some of the "teachers" would have to actually put in the 80hrs-weeks of work to do it in due time

what if (a) I hate leading questions, (b) by default only smile when bad/tragic things happen (eg "train crash leaves 100 dead and maimed"), (c) I'm quite bad at listening bc if you don't say interesting things often/densely enough my mind adhd-s away, and (d) interrupting is second-nature to me?

...advice may be good, but for some of us it's like 99% of ourselves that we need to dial down in order to carry on a successful interaction - it works, but takes a hell lot of energy

anything deployed is hackable ofc, question is just the profit/risk ratio a business tolerates/prefers, and what backup plans exist to "reboot" after fatal incidents

nothing's perfect in the real world but most things are survivable

reducing all risk is the same as reducing all opportunity for profit - and in a much truer sense than it seems ...as you also reduce adversary's risk to profit form you, so essentially pursuing too low risk you head towards negative sum (as security has costs) games that on average we all loose from playing

sure, if the vibe-coded sloptopus does bank transfers and stuff, properly carving out these pieces out of it might require actual engineering work before containerizing it - but someone is willing to pay for it it can be done

some "toy" example: take a crappy app that stores llm keys in config files that the llm agents themselves can edit - after isolating it up, but an llm proxy in front of it and have those keys be short lived proxy-keys with aggressive rate limits and monitoring etc etc

isolation, injecting proper monitoring into code of apps, putting proxies between app and apis, and layers between app and infra it runs on or touches etc

and these things now can be mostly cookbook-ified / automated 90% of the way too

as long as you can shop things into little ppl and ensure short-lived and granular access to valuable data you can 100% run totally unsecure and buggy code reliably and get value from it

it's engineering and understanding security from first principles [and a culture arund it - that _is_ the HARD af bit though...] instead of just believing in "secure app best practices" from the "holy scriptures" - secure apps are hackable, and unsecure apps can be unhackable, heck even mil systems run on unpatched old software everywhere, they're just properly insulated, the components are insecure but the system as a whole can be perfectly secure

decades of WordPress have taught us that insecure apps can 100% be securely deployed

it's a bit of an art, most recently edicated devops/sre ppl suck at it, but it's doable

...aeons a go in a former life we ran production apps that got hacked weekly, and nobody batted an eye at it, backups servers recreated from secure ro-images were span up with last-clean-app version, occassionally we had fun disassembling whatever reverse shells and other mallware that got beached on our systems (but couldn't "swim" bc everything we ran was "too exotic" for them to figure out the next steps of a proper attack), development and business continued as usual with zero interruptions etc

- vLLM https://vllm.ai/ ?

- oMLX https://github.com/jundot/omlx ?

and ofc, non-CN too

...learn a thing or two from NVIDIA or gtfo

WHAT?! I find that exactly the nice sharp formatting are what makes it EASIER to get actionable insight from it...

(Plus the weird-but-cute unrequested analogies are nice to occassionally elicit a smile and keep you motivated :P)

...I'd be curious if anyone has went through _both_, unlikely as that may be, and could give some comparison :P

you either:

(a) want DEEP understanding of math and proofs behind algorithms etc.

(b) can get away with very high level understanding, and refer to documentation and/or use LLMs for implementation details help

there is no real world use case for a middle-ground (c) where you want someone with algo implementation details rote-memorized in their brain and without the very deep understanding that would make the rote-memorization unnecessary!

Now website code does typically run on your device, but I'd say that once you're a paid logged in user you clearly accepted to run it, under the conditions of it staying in its browser sandbox so... if you think it's "malware" then just stop being a customer. Otherwise software has a right to monitor its own operation.

...but yeah, maybe I missed the context a bit, a tracking pixel style tool will likely be used to track not customers but leads, so I do get your point, it gets trickier there and maybe privacy laws have a point there (as long as they stop there... hint: they usually don't!)