Around the same time, Cloudflare’s chief technology officer Dane Knecht explained that a latent bug was responsible in an apologetic X post.
“In short, a latent bug in a service underpinning our bot mitigation capability started to crash after a routine configuration change we made. That cascaded into a broad degradation to our network and other services. This was not an attack,” Knecht wrote, referring to a bug that went undetected in testing and has not caused a failure.
thanks for illustrating the corpo speak
I hope the bug is fine
Nobody ever asks if the bug is ok
Fun fact time:
That’s why they’re called computer bugs.
In 1947, the Harvard Mark II computer was malfunctioning. Engineers eventually found a dead moth wedged between two relay points, causing a short. Removing it fixed the problem. They saved the moth and it’s on display at a museum to this day.
The moth was not okay.
And to be fair, the word bug had been used to describe little problems and glitches before that incident, but this was the first case of a computer bug.
The moth was not okay.
They didn’t tell us this part when they taught it in school #RIP Bug, the OG bug who died to the OG pull request.
Poor guy :(
Nah, he was the first computer criminal.
If you want a technical breakdown that isn’t “lol AI bad”:
https://blog.cloudflare.com/18-november-2025-outage/
Basically, a permission change cause an automated query to return more data than was planned for. The query resulted in a configuration file with a large amount of duplicate entries which was pushed to production. The size of the file went over the prealloctaed memory limit for a downstream system which died due to an unhandled error state resulting from the large configuration file. This caused a thread panic leading to the 5xx errors.
It seems that Crowdstrike isn’t alone this year in the ‘A bad config file nearly kills the Internet’ club.
I wonder if all recent outages aren’t just crappy AI coding
Shitty code has been around far longer than AI. I should know, I wrote plenty of it.
They trained it on the work of people like you.
Shame on them. I mark my career by how long it takes me to regret the code I write. When I was a junior, it was often just a month or two. As I seasoned it became maybe as long as two years. Until finally i don’t regret my code, only the exigencies that prevented me from writing better.
The AI was the shitty code we wrote along the way
Now… I don’t like to brag…
I too have looked at my earliest repos in dispair
It’s always depressing when you ask the AI to explain your code and then you get banned from OpenAI
Who didn’t get hit by the fork bug the professor explicitly asked you to watch out for since it would (back then with windows systems being required to use the campus resources) require an admin with Linux access to eliminate.
It was kind of fun walking in to the tech support area and them asking your login name with no context knowing what the issue was. Must have been a common occurrence that week of the course.
It was kind of fun walking in to the tech support area and them asking your login name with no context knowing what the issue was.
I see this zip bomb was owned by user icpenis, someone track that guy down.
But, AI can do the work of 10 of you humans, so it can write 10 times the bugs and deploy them to production 10 times faster. Especially if pesky testers stay out the way instead of finding some of the bugs.
Humans are plenty capable of writing crappy code without needing to blame AI.
Absolutely, but it does feel like things have spiked a bit recently.
Train on shitty code, get shitty code. Garbage in. Garbage out.
AI coding, AI compiling, AI bug testing, AI users, etc.
Indirectly, this was. He said this was a bug in their recent tool that allows sites to block AI crawlers that caused the outages. It’s a relatively new tool released in the last few months, so it makes sense it might be buggy as the rush to stop the AI DoS attacks has been pertinent.
If your website or service was disrupted by the Cloudflare outage, then you only have yourself to blame.
The Crowdstrike incident from last year was a wakeup call to abandon centralized services like Cloudflare. If you missed that lesson, then it is on you.
Anyone using any technology can miss something and end up in the same spot. I think the real takeaway is that there is way too much consolidation of our technology.
Blame it on the massive tech sector layoffs
Evidence or speculation?
Obviousness? If you mass layoff your tech staff, you take the risk of more technical failures.
A smaller staff cannot do the same work as a larger one, and I guarantee you they’re being asked to progress at the same speed. So, the tradeoff is on the quality of the product and the testing, not on the speed of development.
deleted by creator
They’re laying off testers because they think AI can do it all now.
Why’s he saying it’s not an attack? Sounds like he’s protesting too much.
It’s not the first time Cloudflare has shot themselves in the foot.
There’s nothing to be gained from Cloudflare lying about this. It honestly makes them look worse if the outage was caused internally vs if it had been due to an attack
Unless it’s from a government they’re not allowed to criticize.
deleted by creator
