Jordan @jrose@belkadan.com
Public

Everybody is memeing on a Rust unwrap/panic/abort being the (a) cause of the https://blog.cloudflare.com/18-november-2025-outage/, and, sure, that code was not sufficiently defensive. So what would that same not-sufficiently defensive code done in other languages? Assuming a similar thought process went in about “we should preallocate this” but not “technically this data comes from elsewhere”, and using data structures matching the idioms in the standard library:

• Java, JavaScript, C#, Lisp: threw some kind of OutOfBounds error, most likely uncaught because it’s not a “checked exception” type; process still aborts in practice
• C: If you’re lucky, a returned error code with a good chance of being ignored here (“should never happen”); who knows what configuration it’s in after that. If you’re unlucky, silent buffer overflow, which could be worse than crashing (imagine if it let someone replace files on Cloudflare’s CDNs, for example).
• Haskell: if you’re very good at proving things about types, you’ll be in the Rust case if you’re lucky and silently truncating if you’re not.
• C++: one of the above, but probably the C case in practice.
• Swift: the Java case but with worse logging on the way out, probably :-/
• Erlang: the Java case, but you’ll probably leave better logs on the way out.

This wasn’t a “Rust bug”. This was an “input sanitization” bug. At least in Rust the choice to ignore bad data was written explicitly.

Cloudflare outage on November 18, 2025

Cloudflare suffered a service outage on November 18, 2025. The outage was triggered by a bug in generation logic for a Bot Management feature file causing many Cloudflare services to be affected.

blog.cloudflare.com · The Cloudflare Blog

0
13
0

If you have a fediverse account, you can quote this note from your own instance. Search https://social.belkadan.com/users/jrose/statuses/01KADF3MT63YV3Y3MF8MV5QTNQ on your instance and quote it. (Note that quoting is not supported in Mastodon.)