@stuartl why not?
Uncategorized
1
Posts
1
Posters
2
Views
-
@stuartl why not?
Feed RSS
Gli ultimi otto messaggi ricevuti dalla Federazione
-
“Idem con patate”
Vuole proprio dire ciò che sembra, nonostante la frase non sembri avere senso.
-
Slotkin Gets Security Detail After Trump’s Remarks. https://politicalwire.com/2025/11/20/slotkin-gets-security-detail-after-trumps-remarks/
-
今日から3泊4日で福岡旅行!これから仁川空港に向かいます。
-
@stuartl why not?
-
@maphew you can do followers only posts or private mentions, which aren't visible to search spiders. Otherwise, point well taken.
-
How One Uncaught Rust Exception Took Out Cloudflare
On November 18 of 2025 a large part of the Internet suddenly cried out and went silent, as Cloudflare’s infrastructure suffered the software equivalent of a cardiac arrest. After much panicked debugging and troubleshooting, engineers were able to coax things back to life again, setting the stage for the subsequent investigation. The results of said investigation show how a mangled input file caused an exception to be thrown in the Rust-based FL2 proxy which went uncaught, throwing up an HTTP 5xx error and thus for the proxy to stop proxying customer traffic. Customers who were on the old FL proxy did not see this error.
The input file in question was the features file that is generated dynamically depending on the customer’s settings related to e.g. bot traffic. A change here resulted in said feature file to contain duplicate rows, increasing the number of typical features from about 60 to over 200, which is a problem since the proxy pre-allocates memory to contain this feature data.
While in the FL proxy code this situation was apparently cleanly detected and handled, the new FL2 code happily chained the processing functions and ingested an error value that caused the exception. This cascaded unimpeded upwards until panic set in: thread fl2_worker_thread panicked: called Result::unwrap() on an Err value
The Rust code in question was the following:
The obvious problem here is that an error condition did not get handled, which is one of the most basic kind of errors. The other basic mistake seems to be that of input validation, as apparently the oversized feature file doesn’t cause an issue until it’s attempted to stuff it into the pre-allocated memory section.
As we have pointed out in the past, the biggest cause of CVEs and similar is input validation and error handling. Just because you’re writing in a shiny new language that never misses an opportunity to crow about how memory safe it is, doesn’t mean that you can skip due diligence on input validation, checking every return value and writing exception handlers for even the most unlikely of situations.
We hope that Cloudflare has rolled everyone back to the clearly bulletproof FL proxy and is having a deep rethink about doing a rewrite of code that clearly wasn’t broken.
-
@WorldTravelerAll7 that’s a mourning dove! So pretty. How cool you got them to eat out of your hands. How did you do it?
-
Greetings Programs!! We're back at it tonight working on @pidgin 3.0 Experimental 5!! Come on by!!
https://twitch.tv/rw_grim
https://youtube.com/@rw_grim
https://www.patreon.com/rw_grim/events/144053838
