zlacker

[parent] [thread] 6 comments
1. flamin+(OP)[view] [source] 2025-12-05 16:44:42
To clarify, I'm not trying to imply that I definitely wouldn't have made the same decision, or that cowboy decisions aren't ever the right call.

However, this preliminary report doesn't really justify the decision to use the same deployment system responsible for the 11/18 outage. Deployment safety should have been the focus of this report, not the technical details. My question that I want answered isn't "are there bugs in Cloudflare's systems" it's "has Cloudflare learned from it's recent mistakes to respond appropriately to events"

replies(2): >>vlovic+Ud >>dkyc+iO
2. vlovic+Ud[view] [source] 2025-12-05 17:45:03
>>flamin+(OP)
> doesn't really justify the decision to use the same deployment system responsible for the 11/18 outage

There’s no other deployment system available. There’s a single system for config deployment and it’s all that was available as they haven’t yet done the progressive roll out implementation yet.

replies(3): >>edoceo+Tk >>lockni+Ey >>flamin+ag2
◧◩
3. edoceo+Tk[view] [source] [discussion] 2025-12-05 18:16:48
>>vlovic+Ud
Ok. Sure But shouldn't they have some beta/staging/test area they could deploy to, run tests for an hour then do the global blast?
replies(1): >>vlovic+hv
◧◩◪
4. vlovic+hv[view] [source] [discussion] 2025-12-05 18:59:59
>>edoceo+Tk
Config changes are distinctly more difficult to have that set up for and as the blog says they’re working on it. They just don’t have it ready yet and are pausing any more config changes until it’s set up. They just did this one in response to try to mitigate an ongoing security vulnerability and missed the mark.

I’m happy to see they’re changing their systems to fail open which is one of the things I mentioned in the conversation about their last outage.

◧◩
5. lockni+Ey[view] [source] [discussion] 2025-12-05 19:13:58
>>vlovic+Ud
> There’s no other deployment system available.

Hindsight is always 20/20, but I don't know how that sort of oversight could happen in an organization whose business model rides on reliability. Small shops understand the importance of safeguards such as progressive deployments or one-box-style deployments with a baking period, so why not the likes of Cloudflare? Don't they have anyone on their payroll who warns about the risks of global deployments without safeguards?

6. dkyc+iO[view] [source] 2025-12-05 20:33:22
>>flamin+(OP)
The 11/18 outage was 2.5 weeks ago. Any learning & changes they made as a result for that probably didn't make its way yet to production.

Particularly if we're asking them to be careful & deliberate about deployments, hard to ask them fast-track this.

◧◩
7. flamin+ag2[view] [source] [discussion] 2025-12-06 11:18:43
>>vlovic+Ud
There was another deployment system available. The progressive one used to roll out the initial change, which presumably rolls back sanely too.
[go to top]