This security researcher is just wrong. The version of apache running is likely in a ‘stable’ release where critical CVEs are fixed by back-porting patches to the same older version of software. Also, if I’m reading correctly, the vulnerability he cites is dependent on malicious behavior of apps hosted behind the vulnerable server. His would likely not meet this criteria, so the vulnerability does not affect his use case.

It is the blogger, IMO, who is participating in ‘theater’. A little knowledge is a dangerous thing.

Imagine that you have a random group of people waiting in line at your desk. You have each one read the prompt, and the response so far, and then add a word themself. Then they leave and the next person in line comes and does it.

This is why “why did you say ?” questions are nonsensical to AI. The code answering it is not the code that wrote it and there is no communication coordination or anything between the different word answerers.