Secret sauce that brings YouTube followers, views, likes
Kittens swimming Kittens cute Kittens and puppies Kittens playing Kittens meowing Kittens crying
Cats fighting Cats hissing Cats hate baths Cats jumping Cats scared Cats knocking
All Breeds Abyssinian Birman Bombay Burmese Exotic Himalayan Maine Coon Manx
Ocicat Oriental Persian Ragdoll Savannah Siamese Siberian Singapura Sphynx
Cat care Documentaries Compilations Cats vs Dogs With babies Attacks Fails Vines
Get Free YouTube Subscribers, Views and Likes

How One Line of Code Almost Blew Up the Internet

Follow
Kevin Fang

Sources:
https://blog.cloudflare.com/incident...
https://blog.cloudflare.com/quantifyi...
https://bugs.chromium.org/p/projectz...
https://asamborski.github.io/cs558_s1...
https://www.colm.net/opensource/ragel/
"[CloudFlare] A Day at the CloudFlare Office"    • [CloudFlare] A Day at the CloudFlare ...  

Assumptions:
The graph for "email obfuscation" vs. "bug occurrence" at 2:51. This was added to illustrate that the bug was being triggered by this feature. They did not have a convenient graph that told them when the bug was being triggered.
The "crossroads" mentioned at 3:55 probably did not happen. Just to add drama/plot.
Explanation of why fhold is called within the finishing action of script_consume_attr is my best guess 7:50
The history behind the empty last buffer was never explained. But I assume that some existing Module A would originally feed data to the Ragel parser. Module A still existed, and still continued to output this empty last buffer, but now cfhtml can stand between Module A and the existing Ragel parser. Here, cfhtml would consume Module A's data + the empty last buffer with no issues, but it's output would no longer include the dummy buffer. This output can then be taken in by the Ragel parser.
Whether or not Cloudflare modified the compiled C code is unknown/never mentioned. There must be a reason that Ragel chooses to use == for the buffer end check rather than ≥, and semantically, == makes more sense if it checks for the buffer end with every iteration, which should make buffer overrunning impossible.
Technically in the strictest sense this is a "buffer overread" as opposed to an "overflow" or "overrun" but the Wikipedia page for Cloudbleed says "overflow" so w/e
Whether or not this bug going unnoticed/discovered by hackers first would've "blown up the internet" is arguable

Error corrections:
13:13, the correct number is 0.06% (what is shown), but I say 0.6%
13:28, the bug was possible since September (what is shown)

Chapters:
0:00 Exposition/useless story building stuff
0:50 Explanation of Cloudflare and CDNs
1:44 Implications of the bug
2:40 Mitigation timeline
4:46 Root cause
10:43 Lessons learned
12:41 Resolution

Music by LEMMiNO:
Nocturnal    • LEMMiNO  Nocturnal (BGM)  
Encounters    • LEMMiNO  Encounters (BGM)  
Cipher    • LEMMiNO  Cipher (BGM)  

posted by itsdaangerouspt


How This SQL Command Blew Up a Billion Dollar Company
How This SQL Command Blew Up a Billion Dollar Company
How A Steam Bug Deleted Someone’s Entire PC
How A Steam Bug Deleted Someone’s Entire PC
ChatGPT Can Now Talk Like a Human [Latest Updates]
ChatGPT Can Now Talk Like a Human [Latest Updates]
The Worst Website Launch of All Time
The Worst Website Launch of All Time
I Hacked Flappy Bird for Fun
I Hacked Flappy Bird for Fun
I run untested, viewersubmitted code on my 500LED christmas tree.
I run untested, viewersubmitted code on my 500LED christmas tree.
Cloudflare Deploys Really Slow Code, Takes Down Entire Company
Cloudflare Deploys Really Slow Code, Takes Down Entire Company
Dev Deletes Entire Production Database, Chaos Ensues
Dev Deletes Entire Production Database, Chaos Ensues
How Bad Leap Day Math Took Down Microsoft
How Bad Leap Day Math Took Down Microsoft
How Quantum Computers Break The Internet... Starting Now
How Quantum Computers Break The Internet... Starting Now
Why 295,000 businesses are in this little building
Why 295,000 businesses are in this little building
GodTier Developer Roadmap
GodTier Developer Roadmap
How GitHub's Database SelfDestructed in 43 Seconds
How GitHub's Database SelfDestructed in 43 Seconds
Why You Shouldn't Nest Your Code
Why You Shouldn't Nest Your Code
The Company That Took Down The Internet
The Company That Took Down The Internet
Polish Amazon Offers Deal So Good Their Servers Implode
Polish Amazon Offers Deal So Good Their Servers Implode
computers suck at division (a painful discovery)
computers suck at division (a painful discovery)
The Man Who Broke The Internet By Deleting 11 Lines of Code
The Man Who Broke The Internet By Deleting 11 Lines of Code
Where People Go When They Want to Hack You
Where People Go When They Want to Hack You
Can ChatGPT solve the world's hardest puzzles?
Can ChatGPT solve the world's hardest puzzles?
Recommended
10+ Ways Cats Show They Love You
10+ Ways Cats Show They Love You
05:16
Why To Bathe A Cat
Why To Bathe A Cat
13:19
I I Follow You... As Soon As You Come Back!
I I Follow You... As Soon As You Come Back!
03:42
10 Questions That Have Always Bothered Cat Fans
10 Questions That Have Always Bothered Cat Fans
01:56
New Kitten - Best Reason To Be Happy!
New Kitten - Best Reason To Be Happy!
12:34
8 Steps To Making Your Cat's Love A Miracle
8 Steps To Making Your Cat's Love A Miracle
10:01
Fail Like A Cat, Fail Better Than A Cat!
Fail Like A Cat, Fail Better Than A Cat!
06:25
The Science Of Cats - Exciting Catology Lesson!
The Science Of Cats - Exciting Catology Lesson!
04:58
Abyssinian American Bobtail American Curl American Shorthair American Wirehair Balinese
Birman Bombay British Shorthair Burmese Burmilla Chartreux
Chinese Li Hua Colorpoint Shorthair Cornish Rex Devon Rex Egyptian Mau European Burmese
Exotic Havana Brown Japanese Bobtail Korat LaPerm Maine Coon Cat
Manx Norwegian Forest Ocicat Oriental Persian RagaMuffin
Ragdoll Russian Blue Scottish Fold Selkirk Rex Siamese Siberian
Singapura Somali Sphynx Tonkinese Turkish Angora Turkish Van
FunnyCat.TV © | 2014-2024
Best funny cats videos.
Powered by Google Map
Powered by Wikipedia API
Powered by YouTube API