new | ask | show | jobs
atty 6 hours ago  [ - ]

I do not work in the space at all, but it seems like Cloudflare has been having more network disruptions lately than they used to. To anyone who deals with this sort of thing, is that just recency bias?

Icathian 6 hours ago  [ - ]

It is not. They went about 5 years without one of these, and had a handful over the last 6 months. They're really going to need to figure out what's going wrong and clean up shop.

NinjaTrance 5 hours ago  [ - ]

Engineers have been vibe coding a lot recently...

jsheard 5 hours ago  [ - ]

The featured blog post where one of their senior engineering PMs presented an allegedly "production grade" Matrix implementation, in which authentication was stubbed out as a TODO, says it all really. I'm glad a quarter of the internet is in such responsible hands.

gtowey 4 hours ago  [ - ]

It's spreading and only going to get worse.

Management thinks AI tools should make everyone 10x as productive, so they're all trying to run lean teams and load up the remaining engineers with all the work. This will end about as well as the great offshoring of the early 2000s.

blibble 5 hours ago  [ - ]

there was also a post here where an engineer was parading around a vibe-coded oauth library he'd made as a demonstration of how great LLMs were

at which point the CVEs started to fly in

ranger_danger 2 hours ago  [ - ]

Matrix doesn't actually define how one should do authentication though... every homeserver software is free to implement it however they want.

Arathorn an hour ago  [ - ]

the main bit of auth which was left unimplemented on matrix-workers was the critical logic which authorizes traffic over federation: https://spec.matrix.org/latest/server-server-api/#authorizat...

Auth for clients is also specified in the spec - there is some scope for homeservers to freestyle, but nowadays they have to implement OIDC: https://spec.matrix.org/latest/client-server-api/#client-aut...

dana321 5 hours ago  [ - ]

Thats a classic claude move, even the new sonnet 4.6 still does this.

bonesss 5 hours ago  [ - ]

It’s almost as classic as just short circuiting tests in lightly obfuscated ways.

I could be quite the kernel developer if making the test green was the only criteria.

brutalc 5 hours ago  [ - ]

[dead]

dakiol 5 hours ago  [ - ]

No joke. In my company we "sabotaged" the AI initiative led by the CTO. We used LLMs to deliver features as requested by the CTO, but we introduced a couple of bugs here and there (intentionally). As a result, the quarter ended up with more time allocated to fix bugs and tons of customer claims. The CTO is now undoing his initiative. We all have now some time more to keep our jobs.

samrus 4 hours ago  [ - ]

Thats actively malicious. I understand not going out of your way to catch the LLMs' bugs so as to show the folly of the initiative, but actively sabotaging it is legitimately dangerous behavior. Its acting in bad faith. And i say this as someone who would mostly oppose such an initiative myself

I would go so far as to say that you shouldnt be employed in the industry. Malicious actors like you will contribute to an erosion of trust thatll make everything worse

sp00chy 4 hours ago  [ - ]

Might be but sometimes you don’t have another choice when employers are enforcing AIs which have no „feeling“ for context of all business processes involved created by human workers in the years before. Those who spent a lot of love and energy for them mostly. And who are now forced to work against an inferior but overpowered workforce.

Don’t stop sabotaging AI efforts.

samrus 9 minutes ago  [ - ]

Honestly i kinda like the aesthetic of cyberanarchism, but its not for me. It erodes trust

tovej 3 hours ago  [ - ]

Forcing developers to use unsafe LLM tools is also malicious. This is completely ethical to me. Not commenting on legality.

samrus 11 minutes ago  [ - ]

I dont like it either but its not malicious. The LLM isnt accessing your homeserver, its accessing corporate information. Your employer can order you to be reckless with their information, thats not malicious, its not your information. You should CYA and not do anything illegal even if your asked. But using LLMs isnt illegal. This is bad faith argument

renegade-otter 4 hours ago  [ - ]

I see someone is not familiar with the joys of the current job market.

hypeatei 4 hours ago  [ - ]

That's extremely unethical. You're being paid to do something and you deliberately broke it which not only cost your employer additional time and money, but it also cost your customers time and money. If I were you, I'd probably just quit and find another profession.

logicchains 5 hours ago  [ - ]

That's not "sabotaged", that's sabotaged, if you intentionally introduced the bugs. Be very careful admitting something like that publicly unless you're absolutely completely sure nobody could map your HN username to your real identity.

Ylpertnodi 5 hours ago  [ - ]

Typo: "shop", should have been with an 'el'.

(: phonetically, because 'l's are hard to read.

dazc 5 hours ago  [ - ]

Launching a new service every 5 minutes is obviously stretching their resources.

slophater 5 hours ago  [ - ]

been at cf for 7 yrs but thinking of gtfo soon. the ceo is a manchild, new cto is an idiot, rest of leadership was replaced by yes-men, and the push for AI-first is being a disaster. c levels pretend they care about reliability but pressure teams to constantly ship, cto vibe codes terraform changes without warning anyone, and it's overall a bigger and bigger mess

even the blog, that used to be a respected source of technical content, has morphed into a garbage fire of slop and vaporware announcements since jgc left.

sebmellen 2 hours ago  [ - ]

Do you feel that Matthew Prince is still technically active/informed? I've interacted with him in the past and he seemed relatively technically grounded, but that doesn't seem as true these days.

3rodents an hour ago  [ - ]

https://xcancel.com/eastdakota/status/2025215495142564177

https://xcancel.com/eastdakota/status/2025221270061580453

Rather than be driven by something rational like building a great product or making lots of money he is apparently driven by a desperate fear of being a dinosaur.

Regardless of how competent he is or isn’t as a technologist, a leader leading with fear is a recipe for disaster.

goalieca 4 hours ago  [ - ]

I’ve had a lot of problems lately. Basic things are failing and it’s like product isn’t involved at all in the dash. What’s worse? The support.. the chat is the buggiest thing I’ve ever seen.

slophater 3 hours ago  [ - ]

don't worry, if it gets much worse the ceo will just throw all of support under the bus again. it will surely get better.

goalieca an hour ago  [ - ]

How about accurate billing info. The ux can’t even figure out we’re annually not monthly. Maybe the AI slop will continue to miscount resources and cost you revenue or piss off a customer when the dashboards they been using don’t match the invoice

__turbobrew__ 4 hours ago  [ - ]

You know what they say, shit rolls downhill. I don't personally know the CEO, but the feeling I have got from their public fits on social media doesn't instill confidence.

If I was a CF customer I would be migrating off now.

a24446ff87 4 hours ago  [ - ]

GSD! GSD!! ship! ship! ship!

**everything breaks**

...

**everything breaks again**

oh fuck! Code Orange! I repeat, Code Orange! we need to rebuild trust(R)(TM)! we've let our customers down!

...

**everything breaks again**

Code Orangier! I repeat, Code Orangier!

slophater 3 hours ago  [ - ]

exactly. recently "if the cto is shipping more than you, you're doing something wrong"

cto can't even articulate a sentence without passing it through an LLM, and instead of doing his job he's posting the stupidest shit to his personal bootlicking chat channel. I cringe every time at the brown-nosers that inhabit that hovel.

no words for what the product org is becoming too. they should take their own advice a bit further and just replace all the leadership with an LLM, it would be cheaper and it's the same shit in practice

 3 hours ago  [ - ]
[deleted]
slophater 5 hours ago  [ - ]

amazing how my comment was flagged in 30 seconds... keep bootlicking

lysace 5 hours ago  [ - ]

It has been roughly speaking five and a half years since the IPO. The original CTO (John Graham-Cumming) left about a year ago.

jacquesm 5 hours ago  [ - ]

They coasted on momentum for half a year. I don't even think it says anything negative about the current CTO, but more of what an exception JGC is relative to what is normal. A CTO leaving would never show up the next day in the stats, the position is strategic after all. But you'd expect to see the effect after a while, 6 months is longer than I would have expected, but short enough that cause and effect are undeniable.

Even so, it is a strong reminder not to rely on any one vendor for critical stuff, in case that wasn't clear enough yet.

lysace an hour ago  [ - ]

You can coast for quite some time (5-10 years?) if you really lean into it (95% of the knowledge of maintaining and scaling the stack is there in the minds of hundreds of developers).

Seems like Matthew Prince didn't choose that route.

dazc 5 hours ago  [ - ]

I wondered what happened to him?

jgrahamc 4 hours ago  [ - ]

I am reading HN.

SoKamil 3 hours ago  [ - ]

What is your opinion on the recent Cloudflare outages?

brcmthrowaway 5 hours ago  [ - ]

He's on a yacht somewhere

tedd4u 5 hours ago  [ - ]

For real

 5 hours ago  [ - ]
[deleted]
Betelbuddy 5 hours ago  [ - ]

Cloudflare Outages are as predictable, as the Sun coming up tomorrow. Its their engineering culture.

https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...

candiddevmike 5 hours ago  [ - ]

Wait till you see the drama around their horrible terraform provider update/rewrite:

https://github.com/cloudflare/terraform-provider-cloudflare/...