 |
Edinburgh Airport is also down, suspending all flights after an “IT issue with our air traffic control provider”. Not sure if this is coincidental, but the timing is rather suspicious! |
|
The old guard has left as they we too much of an expense in this cost-cutting age… without mentors, crap creeps in and now we are seeing what happens when people don’t know how things work, are in charge… |
|
Hence why I wrote a post on 18th of Nov (previous Cloudflare outage): https://huijzer.xyz/posts/123/do-not-put-your-site-behind-cl…. That blog post made it to the front page of HN and my site did not go down. Nor did any DDoS network take the site out even though I also challenged them last time by commenting that I would be okay with a DDoS. I would figure out a way around it. In general, marketing often works via fear, that’s why Cloudflare has those blog posts talking about “largest botnet ever”. Advertisement for medicine for example also works often via fear. “Take this or you die”, essentially. |
|
Cloudflare is widely used because it’s the easiest way to run a website for free or expose local services to internet. I think for most cloudflare users, the ddos protection is not the main reason they’re using it. |
|
Yes, marketing often works via fear. And decision making in organizations often works through blame shifting and diffusion of accountability. So organizations will just stick with centralization and Cloudfare, AWS, Microsoft et al regardless of technical concerns. |
|
> A change made to how Cloudflare’s Web Application Firewall parses requests caused Cloudflare’s network to be unavailable for several minutes this morning. This was not an attack; the change was deployed by our team to help mitigate the industry-wide vulnerability disclosed this week in React Server Components. We will share more information as we have it today. |
|
Listen to the sound of HN hawks erupting with joy when they realize they can blame JS, React, RSC, Rust, Cloudflare, and the cloud all for one outage. |
|
I always suspected RSC was actually a secret Facebook plan to sabotage the React ecosystem now that their competitors all use it to some degree. Now I’m convinced. |
|
They’re a global company that offshores with location based pay and utilizes H1Bs. I think that’s the first thing to look at. You get what you pay for. Stop trying to devalue labor. Not much sympathy when you’re obviously cutting corners. |
|
Just because someone is on an H1B visa doesn’t mean they know less. It’s a bit rich to blame this on foreign workers even though nothing is known about who or what caused this outage. |
|
They pretty much said this. All the big companies that had recent outages are companies that publicly embraced vibe coding. |
|
In the 80s, a “series” of fires broke out and destroyed many homes and businesses in England, all of which having a print of a painting known as ‘The Crying Boy’. The painting has ever since been rumoured to be haunted. Obviously, ‘The Crying Boy’ was not the cause of the fires, it was just that most homes in the 80s England had those prints, as it was a popular one, and people found a pattern where there wasn’t one. |
|
causality, causation, yadda yadda. They already explained that it was some react server component update. sure, could’ve also been done with some ai assist but we don’t know. These companies also don’t vibe code (which would involve just prompting without editing code yourself, at least that’s the most common definition). I really hope news like these won’t be followed by comments like these (not criticism of you personally) until the AI hype dies down a bit. It’s getting really tiresome to always read the same oversimplified takes every time there’s some outage involving centralized entities such as cloudflare instead of talking about the elephant in the room, which is their attempt of doing MITM on the majority of internet users. |
|
This ignores all the companies that publicly embraced vibe coding and did NOT have outages. Not a huge fan of vibe coding, but let’s keep the populism to minimum here. |
|
On top of that, humans are more than capable of causing high-impact outages as well. (It’s easier with massive unforced centralization, of course.) |
|
How are these clowns deploying stuff on a Friday, it is unbelievable to me. It is not even funny any more. It seems cloudflare is held together by marketing only. They should stop all of these stupid initiatives and keep their stack simple. And I’m 100% sure the management responsible for this is already fueling up the ferraris to drive to their beach house. All of us make them rich and they keep on enshittifying their product out of pure hubris. |
|
Instead of figuring out a novel way of distributing content a stateful way with security and redundancy in mind we have created the current centralised monstrosity that we call the modern web. ¯_(ツ)_/¯ |
|
Not sure if this is related, but has anyone seen their allowance used up unexpectedly fast? Had Claude Code Web showing service disruption warnings, and all of a sudden I’m at 92% usage. I’m on the pro plan, only using Sonnet and Haiku. I almost never hit the 5-hour limit, let alone in less than 2 hours. |
|
You’re absolutely right – Here is a list of current SOTA models that you can try! Would you want me to: – Create a list of all LLM models released in the past few months – Let you know why my existence means you can’t afford RAM anymore – Help you learn sustenance farming so that you can feed your family in the coming AI future? |
|
Another dozen or so of these and the self mutilation that teach companies have engaged in the last few years with mass lay-offs should finally end. Extrapolating at current rates I guess that means April 2026. |
|
Ok, at what point does “We use Cloudflare” going to be a supply-chain red marker? At what point does the cost outweigh the benefit? |
|
downdetectorsdowndetector.com does not load the results as part of the HTML, nor does it do any API requests to retrieve the status. Instead, the obfuscated javascript code contains a `generateMockStatus()` function that has parts like `responseTimeMs: randomInt(…)` and a hardcoded `status: up` / `httpStatus: 200`. I didn’t reverse-engineer the entire script, but based on it incorrectly showing downdetector.com as being up today, I’m pretty sure that downdetectorsdowndetector.com is just faking the results. downdetectorsdowndetectorsdowndetector.com and downdetectorsdowndetectorsdowndetectorsdowndetector.com seem like they might be legit. One has the results in the HTML, the other fetches some JSON from a backend (`status4.php`). |
|
If Crunchyroll is down for 30 minutes it’s nbd, because you know they’ll be back. If the pirate sites are down for any duration, it can be very stressful, because they can be gone for good. |
|
Appears to be fixed now. Just lost 30 minutes of working. If this is unwrap() again, we need to have a talk about Rust panic safety. |