interesting, never heard of that one before - thanks for sharing.
And I agree, that a root cause analysis should be done. E.g. asking the 5 why's (as Eric Ries advocates), for behind every technical problem, there's a human problem.
It's only 'not that hard' if you know that the numbers are going to be there. Perhaps the Blippy folk have never seen or heard of a credit card company that puts the card number in the description field. I certainly haven't. Have you?
It seems like a ridiculous idea, and while it makes sense in some corner cases, I'm not surprised that they missed something that was only a problem for four users ever.
Perhaps what we should be doing here is asking why Google kept a cache of months-old HTML instead of updating their cache instead?
I agree with your first statement, which is one of the things the Black Swan theory is about (love the book, def. recommend reading it): that you don't know what you don't know.
To that I would say, one should be very very very paranoid about what you print, given that you know that you're printing things from people's credit card bill statement.
Blippy shouldn't have output'd the cc numbers, whether or not Google caches it or not is a secondary to this. Note that Google's cache wasn't explicitly out to get Blippy, they just happened to cache whatever Blippy was emitting.
> To that I would say, one should be very very very paranoid about what you print, given that you know that you're printing things from people's credit card bill statement.
...to a point.
What other 'bad information' might be in that description? Social Security # for a USA customer? Social Insurance # for a Canadian customer? Pretty soon you'll have a laundry list of 'bad numbers' that you have to try and filter out.