this post was submitted on 06 Dec 2024
69 points (100.0% liked)

Technology

37794 readers
258 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
alyaza@beehaw.org
TheRtRevKaiser@beehaw.org
gyrfalcon@beehaw.org
rs5th@beehaw.org
coldredlight@beehaw.org
Los@beehaw.org
SemioticStandard@beehaw.org
TheRtRevKaiser@kbin.social
remington@beehaw.org
69
Cloudflare Logs Suffer Critical Failure, Losing 55% of User Data (securityonline.info)
submitted 1 week ago by Troy@beehaw.org to c/technology@beehaw.org
12 comments fedilink hide all child comments
 

Archived

It's not just Microsoft and Crowdstrike: Cloudflare, the internet infrastructure giant, experienced a major outage on November 14th, resulting in the irreversible loss of over half of its log data. The outage, which lasted for 3.5 hours, stemmed from a faulty software update that crippled the company’s log service, preventing it from delivering crucial data to customers.

Log services are essential for network operations, allowing businesses to analyze traffic patterns, troubleshoot issues, and detect malicious activity. Cloudflare’s log service, which processes massive volumes of data, relies on a tool called Logpush to package and deliver this information to customers.

However, an update to Logpush on November 14th contained a critical error. As Cloudflare explained in their incident report, the update failed to instruct auxiliary tools to forward the collected logs, leading to a situation where logs were gathered but never delivered. This data was subsequently erased from the cache, resulting in permanent loss.

“A misconfiguration in one part of the system caused a cascading overload in another part of the system, which was itself misconfigured. Had it been properly configured, it could have prevented the loss of logs,” Cloudflare stated in their report.

While engineers quickly identified the flaw and rolled back the update, this triggered a cascading failure. The system was flooded with an overwhelming influx of log data, including data from users who hadn’t even configured Logpush, further exacerbating the issue.

Cloudflare has issued an apology for the incident and the permanent loss of user data.

top 12 comments
sorted by: hot top controversial new old
[–] SnotFlickerman@lemmy.blahaj.zone 79 points 1 week ago* (last edited 1 week ago)

During the roughly 3.5 hours that these services were impacted, about 55% of the logs we normally send to customers were not sent and were lost.

Bullshit ass headline. They only lost 55% of logs generated during a three and a half hour stretch. The headline makes it read like they lost 55% of all their logs ever.

Still a big deal, a lot can happen in 3.5 hours, but not as big as a deal as the headline makes out.

[–] cygnus@lemmy.ca 28 points 1 week ago (1 children)

ChatGPT-ass article. Is all news going to be like this now?

[–] Troy@beehaw.org 24 points 1 week ago (1 children)
[–] TehPers@beehaw.org 18 points 1 week ago

This article is a lot more clearly written, as expected from Cloudflare. For example, the other article makes it sound like 55% of all user data was lost. Cloudflare says:

During the roughly 3.5 hours that these services were impacted, about 55% of the logs we normally send to customers were not sent and were lost.

55% of logs during a 3.5h window is a lot less of a big deal.

[–] jlh@lemmy.jlh.name 20 points 1 week ago (2 children)

Why compare a logging system outage to Cloudstrike?? Logging systems are important, but this article is just fluff.

[–] p03locke@lemmy.dbzer0.com 4 points 1 week ago

Because this is a shit article that is just trying to push clickbait.

[–] TehPers@beehaw.org 2 points 1 week ago (2 children)

Unless I'm missing what they're referring to, I don't see why MS even comes up related to Crowdstrike. A software dev that deploys to Windows making a royally bad mistake doesn't exactly make that MS's fault.

[–] Troy@beehaw.org 3 points 1 week ago (1 children)

If I use a third-party for delivering my service or product, you may assume that I am also responsible for the their mistake because it effects my own offering.

[–] TehPers@beehaw.org 1 points 1 week ago

Did MS deliver a product through Crowdstrike? Maybe that's what I'm missing here. I don't use Crowdstrike myself, so I'm not sure how it relates at all to MS except that it works on Windows.

[–] jlh@lemmy.jlh.name 1 points 1 week ago

Microsoft doesn't support secure ways of monitoring processes like Linux does

[–] thingsiplay@beehaw.org 6 points 1 week ago (1 children)

Clownstrike + Clownflare = Circus

[–] Troy@beehaw.org 5 points 1 week ago

Yeah, but Cloudlfare is also a MiTM.