It’s crazy that cloudflare of all people even had unwrap enabled. Whenever I use unwrap in some tiny little not important thing I always treat it as a temporary thing that I need to come back and fix before the software is actually ready for anyone to seriously use
How One Uncaught Rust Exception Took Out Cloudflare
Submitted 3 weeks ago by mesamunefire@piefed.social to technology@lemmy.world
https://hackaday.com/2025/11/20/how-one-uncaught-rust-exception-took-out-cloudflare/
Comments
turbowafflz@lemmy.world 3 weeks ago
grue@lemmy.world 3 weeks ago
There’s nothing more permanent than a “temporary” fix.
Mubelotix@jlai.lu 3 weeks ago
Yeah but man, they should have had a CI against this. And reviews! I have refused to merge PRs from friends on hobby projects for less than that
ripcord@lemmy.world 2 weeks ago
Other than permanent fixes
anyhow2503@lemmy.world 3 weeks ago
I swear some of these commenters will jerk each other off about how “Rust is bad, actually” even if the root cause of an issue was someone intentionally crashing their app. Where do you even get this kind of attitude from? I’ve been around when Rust was the popular topic in any programming-related discussions and while there was plenty of evangelism and CS-101 experts making wild claims, nothing warrants this kind of irrational hatred. I thought you need to go to the phoronix forums to find people who have such loud opinions with very little actual programming experience, but apparently I was wrong.
mostlikelyaperson@lemmy.world 3 weeks ago
Up until very recently, the cult of rust was going - very - strong on lemmy. Things have somewhat normalized by now, but for a long time, any programming related topic was full off, often ill informed, takes why “rust should have been used for this” and similar things. The Rust community has generally been extremely toxic as well, not helping its reputation. Now that we are a few years in and various major Rust projects have had numerous embarrassing bugs reality has sunk in, but as these things go, the backlash will last longer on the internet than the hype ever has.
anyhow2503@lemmy.world 3 weeks ago
The internet would be a much quieter place if people were forced to have a minimal amount of insight into the topic they’re posting about. I guess what really annoys me is when popular blogs like this one deliberately frame something they don’t like in a way that makes it look worse to people who don’t know any better. There are very few people calling this shit out, be it on lemmy or the comments of the article itself. They even lied about FL1 being “bullet-proof” and “unaffected” by this bug, when it clearly wasn’t, according to Cloudflare - the primary source of this shitstain of an article.
semperverus@lemmy.world 2 weeks ago
I think my biggest gripe with the Culture of Rust is that they keep trying to force it into the Linux kernel and utilities, but even worse than that, they keep trying to replace things WITH DIFFERENT LICENSES.
QueenMidna@lemmy.ca 3 weeks ago
As always, there’s a clippy rule for that.
Kissaki@feddit.org 2 weeks ago
It’s called clip because it stays. /s
ragingHungryPanda@lemmy.zip 3 weeks ago
I feel like I’ve seen an insane number of error messages in various apps and websites around the
unwrapmethod.But this is on a result type, right? I’d figure the point would be that you would match on it and that the unwrap itself, which if my assumptions are correct, is more like
get value or throw, should either not exist or take a default value. You shouldn’t be able to directly get the value of a monad.SethranKada@lemmy.ca 3 weeks ago
There is a function that does what you are asking for.
.unarap_or()
It either unwraps the value or uses a provided default. Personally, i think unwrap() should be renamed unwrap_or_panic() to follow existing conventions and prevent confusion for non-rust programmers.
Noja@sopuli.xyz 3 weeks ago
I don’t think non-rust programmers are programming in Rust, LLMs on the other hand…
cygnus@lemmy.ca 3 weeks ago
I feel like I’ve seen an insane number of error messages in various apps and websites around the unwrap method.
I suspect this is related to LLM usage somehow. We’ll probably see a lot more of this type of problem (sudden flareups of a particular bad code implementation)
ragingHungryPanda@lemmy.zip 3 weeks ago
I actually disagree, because I’ve both seen it everywhere and I also work mainly in dotnet, and when I’ve talked to people about option and result types, the first inclination is to have a
.Value, but that defeats the purpose. I’ve done quite a few code reviews where I was essentially saying “you know this will throw, right? Use .Match or .Map instead”.I think the imperative programming backgrounds encourage this line of thinking, since one of the first questions I’ve gotten is “how do I get the value out of an Option? I’m 100% sure it’s there.” And often, surprise, it wasn’t.
calcopiritus@lemmy.world 3 weeks ago
“unwrap should not exist” is true as long as you don’t want to ever use the language. If you actually want to use it, you need it. At least while developing.
Some values cannot have a default value. And some cases it’s preferable to panic even if it has a default value.
unwrap is not the problem. Cloudflare’s usage is.
anyhow2503@lemmy.world 3 weeks ago
There are good reasons to have unwrap or at least expect. There is no reason to use it in the case that Cloudflare used it in.
just_another_person@lemmy.world 3 weeks ago
RUST AGAIN.
Just throwing this out because I’ve been hammering this Rustholes up and down these threads who claim it’s precious and beyond compare 🤣
I will almost certainly link back to this comment in the future.
sugar_in_your_tea@sh.itjust.works 3 weeks ago
Ift is precious and beyond compare. It has tools that most other languages lack to prove certain classes of bugs are impossible.
You can still introduce bugs, especially when you use certain features that “standard” linter (clippy) catches by default and no team would silence globally.
.unwrap()is very controversial in Rust and should never be used without clear justification in production code. Even in my pet projects, it’s the first thing I clear out once basic functionality is there.This issue should’ve been caught at three separate stages:
- git pre-commit or pre-push should run the linter on the devs machine
- Static analysis checks should catch this both before getting reviews and when deploying the change
- Human code review
The fact that it made it past all three makes me very concerned about how they do development over there. We’re a much smaller company and we’re not even a software company (software dev is <1% of the total company), and we do this. We don’t even use Rust, we’re a Python shop, yet we have robust static analysis for every change. It’s standard, and any company doing anything more than a small in-house tool used by 3 people should have these standards in place.
lmmarsano@lemmynsfw.com 2 weeks ago
Programmer explicitly bypasses code safety with
unwrap.
Let’s blame it on their programming language!Cool hot take, brah.
pastermil@sh.itjust.works 3 weeks ago
RUST AGAIN.
You took this right out of my mouth.
HugeNerd@lemmy.ca 3 weeks ago
Rust starts with the same letters as Russia. I know what’s going on here.
HugeNerd@lemmy.ca 3 weeks ago
Mod me down all you want, I know these “outages” are all orchestrated by powerful state actors who are also weak and backwards. Blaming "Rus"t is as obvious as it gets, next they’ll tell us the guy’s name is "Rus"sell, and to t"rus"t them. I see you.
HugeNerd@lemmy.ca 2 weeks ago
Am I being modded down by all the Russia Russia Russia soap opera addicts who
thoughtknew (because everyone knows) Vladimir Putin himself cut the fibers with his personal favorite potato peeler?
anon5621@lemmy.ml 3 weeks ago
It not exactly unwrap fault even if it would wrote in other way it still not work cause of wrong SQL request which spamming with results longer than expected to rust here was protecting from memory leak actually
sugar_in_your_tea@sh.itjust.works 3 weeks ago
It is unwrap’s fault. If they did it properly, they would’ve had to explicitly deal with the problem, which could clarify exactly what the problem is. In this case, I’d probably use
expect()to add context. Also, when doing anything with strict size requirements, I would also explicitly check the size to make sure it’ll fit, again, for better error reporting.Proper error reporting could’ve made this a 5-min investigation.
Also, the problem in the first place should’ve been caught with unit tests and a test deploy. Our process here is:
- Any significant change to queries is tested with a copy of production data
- All changes are tested in a staging environment similar to production
- All hotfixes are tested with a copy of production data
And we’re not a massive software shop, we have a few dozen devs in a company of thousands of people. If I worked at Cloudflare, I’d have more rigorous standards given the global impact of a bug (we have a few hundred users, not billions like Cloudflare).
solrize@lemmy.ml 3 weeks ago
Rust has exceptions? Is that new?
NGram@piefed.ca 3 weeks ago
No, the article is just not very precise with its words. It was causing the program to panic.
dan@upvote.au 3 weeks ago
They’re probably trying to write it in a way that non-Rust-developers can understand.
calcopiritus@lemmy.world 3 weeks ago
Replace uncaught exception for unhanded error.
sugar_in_your_tea@sh.itjust.works 3 weeks ago
No, it’s a panic, so it’s more similar to a segfault.
Kissaki@feddit.org 2 weeks ago
unhanded error
underhanded error /s
vext01@lemmy.sdf.org 3 weeks ago
Well… catch_unwind, but i don’t think you can rely on it.
cy_narrator@discuss.tchncs.de 2 weeks ago
Remember kids, always use try catch
dhork@lemmy.world 3 weeks ago
Lol
SeductiveTortoise@piefed.social 3 weeks ago
But at least it wasn’t a memory leak!!! 😭😭😭
Noja@sopuli.xyz 3 weeks ago
Memory leaks are logic errors, Rust can’t really prevent you from leaking memory.
wizardbeard@lemmy.dbzer0.com 3 weeks ago
I swear, every time I start to think that I go overboard with this sort of shit in my scripts for work, I either find another ridiculous edge case or a story like this comes out.