Comment by ampersandy
3 hours ago
My charitable read on this is that an individual vibe-coded both the post and repository and was able to publish to the Cloudflare blog without it actually being reviewed or vetted. They also are not an engineer and when the agent hallucinated “I have built and tested this and it is production grade,” they took it at face value.
You can tell since the code is in a public repository and not Cloudflare’s, which IMO is the big giveaway that this is a lesson for Cloudflare in having appropriate review processes for public comms and for the individual to avoid making claims they cannot substantiate or verify independently.
This person works for Cloudflare. What else are they "vibe coding?" How long until Cloudflare shuts off half the internet due to a "mistake" again? How much longer are we going to accept that these are mistakes?
> How much longer are we going to accept that these are mistakes?
How much longer are shareholders** going to accept that these are mistakes?
I've always found it interesting that these tech infra companies' stock tends to rise in the immediate aftermath of these outages. My best guess is that people see the effect of the outage and say "Hey, this company I've never heard of sure seems to have a lot of customers!"
To be fair I've benefited from that in the past; this is an observation of my own that doesn't represent the views of any of my current or former employers.
The problem is this analysis and the mindset of a shareholder are about as far apart as you can get. The market likes to pretend it is "sophisticated and knowledgeable." It's a slot machine and as long as the handle pullers smell money in the machine they're going to sit there and pull.
I have heard that Cloudflare leadership (CEO/CTO) review every single blog post personally.
I doubt they checked the code though
I agree, but it's probably not just about being "able to" do it, but about what the incentives and pressures are in that organization.
Cloudflare apparently considers blog posts to be a key deliverable for many roles. Not just marketing or devrel but engineering too. That sets up a lot of incentives for slop. And then all you need for a disaster is a high trust environment with insufficient controls, which they probably have since the process had worked for a decade without an insufficiently reviewed article blowing up in their face.
Going forward there will be just a little bit less trust, more controls, and more friction that will make it harder to get a post out in a timely manner. It's just the way all organizations evolve. You can see from the scar tissue where problems existed in the past.
What I can't believe is that they haven't retracted the whole post by now, but are allowing the author to make an even bigger mess trying to fix the initial problems.