zlacker

[parent] [thread] 4 comments
1. ifwint+(OP)[view] [source] 2025-12-06 07:57:57
It's weird reading these reports because they don't seem to test anything at all (or at least there's very little mention of testing).

Canary deployment, testing environments, unit tests, integration tests, anything really?

It sounds like they test by merging directly to production but surely they don't

replies(2): >>Dumble+M6 >>chippi+9Z
2. Dumble+M6[view] [source] 2025-12-06 09:29:19
>>ifwint+(OP)
In the post they described that they observed errors happening in their testing env, but decided to ignore because they were rolling out a security fix. I am sure there is more nuance to this, but I don’t know whether that makes it better or worse
replies(1): >>misswa+Mu
◧◩
3. misswa+Mu[view] [source] [discussion] 2025-12-06 13:58:38
>>Dumble+M6
> but decided to ignore because they were rolling out a security fix.

A key part of secure systems is availability...

It really looks like vibe-coding.

4. chippi+9Z[view] [source] 2025-12-06 18:10:15
>>ifwint+(OP)
The problem is that Cloudflare do incremental rollouts and loads of testing for _code_. But they don't do the same thing for configuration - they globally push out changes because they want rapid response.

It's still a bit silly though, their claimed reasoning probably doesn't really stack up for most of their config changes - I don't see it to be that likely that a 0.1->1->10->100 rollout over the period of 10 minutes would be a catastrophically bad idea for them for _most_ changes.

And to their credit, it does seem they want to change that.

replies(1): >>ifwint+nx1
◧◩
5. ifwint+nx1[view] [source] [discussion] 2025-12-06 23:06:29
>>chippi+9Z
Yeah to me it doesn't make any sense - configuration changes are just as likely to break stuff (as they've discovered the hard way) and both of these issues could have been found in a testing environment before being deployed to production
[go to top]