I agree; I'm calling "incorrect" on this for now, pending corroborating sources. I run a few sites that don't contain a robots.txt file, and they are showing on Google just fine. I see links to the home page and several interior pages; all good.
Ah, I think I recall the story you're referring to: reporter Josh Renaud of the St. Louis Post-Dispatch discovered that a public web site was exposing Social Security numbers of teachers in Missouri. He notified the site's administrators, and later published a story about the leak after it was fixed.
The governor of Missouri at the time, Mike Parson, called him a hacker and advocated prosecuting him. Fortunately the prosecutor's office declined to file charges though.
Can anyone elaborate on what they're referring to here?
> GPT‑5.2-Codex has stronger cybersecurity capabilities than any model we’ve released so far. These advances can help strengthen cybersecurity at scale, but they also raise new dual-use risks that require careful deployment.
"Please review this code for any security vulnerabilities" has two very different outcomes depending on if its the maintainer or threat actor prompting the model
“Dual-use” here usually isn’t about novel attack techniques, but about lowering the barrier to execution.
The same improvements that help defenders reason about exploit chains, misconfigurations, or detection logic can also help an attacker automate reconnaissance, payload adaptation, or post-exploitation analysis.
Historically, this shows up less as “new attacks” and more as speed and scale shifts. Things that required an experienced operator become accessible to a much wider audience.
That’s why deployment controls, logging, and use-case constraints matter as much as the raw capability itself.
I think I understand where he's at. If your web site has compatibility issues with smaller browsers like Firefox at 3%, Opera at 2% etc. then you could be losing out on 5% of your sales. If you were to approach any CEO and ask if they'd be interested in an initiative to increase sales by 5%, they would most likely express an interest.
I mean, I don't object in principle, I in general consider this to be "doing a good job" that we all strive for, but in this particular case it was a "line of business" app with like 500 users so I genuinely hadn't even considered it. We'll see if it comes up later!
> I had one client spending $12,000 per month on Google Ads
In Google Ads you can just turn off the option to run your ads on non-Google sites; I think it's called their Display Network. Just run your campaign only on Google's search pages.
I'm surprised the article doesn't mention this rather common solution.
Have you never dealt with customers reporting errors?
Something went wrong is what they will tell you and expect an answer. Doesn’t matter how fancy and detailed the error, you will get back, “it’s broken fix it.”
Back in the early days of my career and supporting end users, I used to constantly get people say:
“xxx doesn’t work. I just get an error”
They would never tell me what the error message actually was. And when I asked, the reply often was
“I don’t remember. I’ve closed it now”.
It used to wind me up rotten. I can forget non-technical people not understanding the error message. But common sense should have kicked in that the error message is important to share with the person trying to fix said error.
Maybe all errors should be presented with a simple, distinctive and memorable theme - e.g. show a pig photo in that one maybe they'll remember "I got the pig error"
> Maybe all errors should be presented with a simple, distinctive and memorable theme - e.g. show a pig photo in that one maybe they'll remember "I got the pig error"
This sounds like the thing that they do in parking garages where each level will have a color, an image, or sometimes even a musical theme. (Which is to say, it sounds like a good idea!)
I was thinking celebrities, but then people will misidentify them.
Each micro-service (in 2025?!?!) would have different pictures of a particular celebrity, for different errors.. so if the user says e.g. "I see Taylor Swift doing..." the support can say "Let me forward you to the S3 people!".
You can dunk on lay people all you want, personally I'm a lot more furious about fellow programmers who thinks it's OK to show an error that says "file not found" without any context like the filename.
What would you expect? IME these are mostly unforeseen 500 errors, logged internally, and not something a client can do anything about (or should know anything about, for security reasons).
reply