Here's one for the #langsec crowd. CloudFlare used a parser generator named Ragel, they didn't parse manually.
Bug was in generated code.
-
-
Replying to @andreasdotorg
.
@andreasdotorg Ragel's use of "==" is arguably bad, but the bug is in Cloudflare's use of its weird action language (missing "fhold").1 reply 0 retweets 1 like -
Replying to @paskow
This isn't about who's fault this is. It's about defense in depth.
1 reply 0 retweets 0 likes -
Replying to @andreasdotorg
wasn't assigning blame, but pointing out that a central issue is using Ragel's extra features to do fancy things.
2 replies 0 retweets 1 like
Replying to @paskow
This actually is an issue on top of another issue. No question.
9:27 AM - 24 Feb 2017
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.