Newslurp

<< Stories

Cloudflare Outage ☁️, Software Estimates 📏, React Server Vulnerability 🥷

TLDR DevOps <dan@tldrnewsletter.com>

December 8, 12:30 pm

TLDR DevOps
Cloudflare experienced a network outage on December 5 that impacted approximately 28% of its HTTP traffic. It was caused by a configuration change ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

TLDR

Together With Tenable

TLDR DevOps 2025-12-08

Fix messy IaC in Terraform, Not at 2 am (Sponsor)

Don't wait for a runtime alert to fix a build-time mistake.

Finding a security hole in production triggers a fire drill. Finding it in your Terraform is a five-minute fix. 

Tenable Cloud Security scans your IaC – including Terraform, CloudFormation, and ARM – to catch identity sprawl and bad configs at the source. 

Connect build-time checks to runtime protection, so you can prevent drift, automate policy enforcement, and avoid the war room Zoom calls at ungodly hours.

Production is the wrong place to debug security.

Get full traceability across the SDLC

📱

News & Trends

Introducing AWS Lambda Managed Instances: Serverless simplicity with EC2 flexibility (5 minute read)

AWS Lambda Managed Instances let Lambda functions run on EC2 with full serverless simplicity while enabling specialized hardware, multiconcurrency, and EC2 pricing benefits. The feature reduces costs, removes infrastructure management, supports major runtimes, and allows easy migration for thread-safe workloads.
Build multi-step applications and AI workflows with AWS Lambda durable functions (3 minute read)

AWS Lambda durable functions let developers write sequential, long-running workflows with automatic checkpoints, retries, and year-long waits without paying for idle compute. Using an open source SDK, they simplify state management for complex processes like approvals while preserving the standard Lambda programming model.
Cloudflare outage on December 5, 2025 (6 minute read)

Cloudflare experienced a 25-minute network outage on December 5 that impacted approximately 28% of its HTTP traffic. It was caused by a configuration change designed to disable a WAF testing tool. This action inadvertently exposed a long-undetected bug in its FL1 proxy's rules module, leading to HTTP 500 errors. This marks the company's second major incident in weeks.
🚀

Opinions & Tutorials

Send OpenTelemetry traces and logs from Cloudflare Workers to Grafana Cloud (6 minute read)

Cloudflare Workers recently gained support for exporting OpenTelemetry logs and traces directly to Grafana Cloud. This new integration offers users pre-built dashboards to visualize critical metrics, including request counts, latency, and geographic data, without requiring agent installation.
Estimates – a necessary evil? (11 minute read)

Estimates are essential for product owners to prioritize and plan releases, but developers dislike them because they're inherently uncertain and often get misused as commitments or deadlines. The real problem isn't estimating itself — it's the unrealistic expectations and pressure created when tentative estimates are treated as promises.
🧑‍💻

Resources & Tools

Complimentary report for Forrester Wave DevOps Platforms, Q2 2025 (Sponsor)

Discover why Atlassian received 5/5 ratings across Forrester's Vision, Innovation, and Roadmap criteria. Hint: it's not simply great tooling. With Atlassian, Dev, business, and IT teams are empowered to respond to change on-the-fly, resolving incidents faster while managing risk. Read the report
data-peek (GitHub Repo)

data-peek is a minimal and fast SQL client desktop application that features AI-powered querying. It allows developers to quickly access data without bloat. data-peek supports PostgreSQL, MySQL, and Microsoft SQL Server.
VERT (GitHub Repo)

VERT is a new open-source file conversion utility that performs fully local conversions on-device using WebAssembly. It distinguishes itself from cloud-based alternatives by prioritizing user privacy.
🎁

Miscellaneous

Detecting React2Shell: The maximum-severity RCE Vulnerability affecting React Server Components and Next.js (3 minute read)

React2Shell (CVE-2025-55182) is a critical unauthenticated remote code execution (RCE) vulnerability with a CVSS score of 10.0 in React Server Components (RSCs) that also impacts Next.js. It allows malicious code execution via a single crafted HTTP request with 100% exploitation success against default configurations.
Use Python for Scripting! (6 minute read)

Python is a more portable, readable, and reliable choice than Bash for anything beyond simple scripting. It works consistently across systems and has a rich standard library. While Bash is fine for small tasks, Python avoids obscure syntax pitfalls and OS-specific behavior that often make shell scripts fragile and hard to maintain.

Quick Links

Codacy launched AI Reviewer to boost Dev Experience (Sponsor)

GenAI is rewriting your codebase faster than your devs can review it. Codacy's new AI Reviewer pairs deterministic static analysis with context-aware code reviews that catch issues missed by legacy scanners. See how it works
Amazon CloudWatch incident reports now support Five Whys analysis (2 minute read)

Amazon CloudWatch now offers AI-powered incident report generation that guides users through a chat-based Five Why's analysis to identify root causes.
Akamai Acquires Fermyon to Further Advance Wasm Adoption (3 minute read)

Akamai has acquired Fermyon to expand its serverless Wasm capabilities.
What's new in the Grafana Image Renderer: higher-quality results, security enhancements, and more (7 minute read)

The Grafana Image Renderer v5.0 release is a complete rewrite of the service that significantly enhances performance, reliability, and security.

Love TLDR? Tell your friends and get rewards!

Share your referral link below with friends to get free TLDR swag!
https://refer.tldr.tech/fc7198a6/10
Track your referrals here.

Want to advertise in TLDR? 📰

If your company is interested in reaching an audience of devops professionals and decision makers, you may want to advertise with us.

Want to work at TLDR? 💼

Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them!

If you have any comments or feedback, just respond to this email!

Thanks for reading,
Kunal Desai & Martin Hauskrecht


Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR DevOps isn't for you, please unsubscribe.