google took down the internet

0 views bro fell off

Iran possible done that.

... if you are the spouse of a rust developer, this gonna be your night!

Been saying internet is not immortal for years.

Someone ought to tell Google about defensive programming...

a pointer you never use this way you show !!!!!!
char *not_null="hello"; // problem is the adress for "hello" is not allocated; you make a real memory vioaltion; due the pointer
char *null=NULL;
null=not_null;
printf("%s%s ",null,not_null");


what you now have done is made a memory exploit;
first you have to allocate memory
to be clear a char is defealt how the compiler and you define;
char = 1 byte

void *not_nul(char &str[]);
char data[255];
void *ptr_data;
strcpy(data,"hello");

ptr_data=not_null(data);===>Here you give the adress off the value data
ptr_data=not_null(&data);===>Here you give the adress off the array data

void *not_nul(char &str[])
{
char *p1;
p1=str[0];
return p1;
}

printf("%s",data);
NEVER use a pointer in the output or input;
and in the int main() you must give a return
else you use void main()
but this is DANGEROUS what you do;
char *n=NULL;
n[0]='C';
n[1]=13
n[2]=&data,
n[0]=n[2];

print("%s",n);
%s is a string

"A null pointer exception. If you're a programmer, you've surely encountered this."
Odd. I can't remember the last null pointer exception I got while coding in Rust...

i do think the issue would be less likely because error handling is significantly more encouraged, i feel like if your writing critical code like that you are more likely to cover every case like you do in rust because it is so easy to cover every case

it's AI assistant code 💩 believe me

thanks. glad to find your channel

The Internet is GLOBAL, this was a mostly a North American problem because we didn't drop a single packet.

I dodged a bullet there as earlier in the day I had a final year project presentation where I used a project I developed on GCP...few hours later and my graduation from uni would've been jeopardized lol

Notified within 2minutes.. researched in 10.. pr pushed approved cdci deployed and all fully restarted in 3hrs.. can only happen in a flexible environment.. my company would create 3 emergency and after 6 weeks of blame game the issue would eventually get a „hotfix“.

Google was transparent and fast.. problem is to many saas companies rely on frameworks and services from 3rd parties

No, google did NOT take down the internet, just a lot of online services that all depend on them...
A lot of websites were just fine. That's a very big difference!

“I call it my billion-dollar mistake. It was the invention of the null reference in 1965. At that time, I was designing the first comprehensive type system for references in an object oriented language (ALGOL W). My goal was to ensure that all use of references should be absolutely safe, with checking performed automatically by the compiler. But I couldn't resist the temptation to put in a null reference, simply because it was so easy to implement. This has led to innumerable errors, vulnerabilities, and system crashes, which have probably caused a billion dollars of pain and damage in the last forty years.”

- Tony Hoare, null's creator,

They had to reset the wiretaps for j14

I happened to be chatting with a friend, while fooling around on my equipment, I knew the second it happened. My first thought was that something made DNS basically go away... Thankfully, my 'equipment; is all just self hosted crap, just for occasions like this. Kinda like having a generator when the power goes out.

Lol at "Breaking: the internet"

Decentralised my ass

Remember this country also have nukes. 😂

Thats why u need Rust

It’s a no brainer really

Rust dev enjoy the show

I blacked out for the whole Thursday and missed almost everything lmao

Since I don't use Google, I didn't notice.

Only idiots use google.

This is why I lovingly route each of my IP packets by hand.

They keep telling me that Rust is a fade, that it is not necessary, that only people who are bad programmers would need safety memory by default, that it is all skill issue.
And every other year another company takes the internet down because of a null pointer dereference. I think these people need to hire better programmers /s.

Just a note, Google was using Go for this based on how they described things. Go has null pointer handling where if you try to reference an null pointer, it will crash to protect against vulnerabilities. So I wouldn't say this was a vulnerability, because that would tell people it could have been used by hackers to cause the code to do something unintended.

I honestly ran into an issue like this in my own Go project, where I decided to change a timestamp to a pointer reference to allow a nullable time, and I forgot to check it if was null in one place. In my testing of the code path, I did not encounter any problems because my test had the timestamp set. However, someone else logged into the software where it was not set, and triggered a crash. I was watching the logs at the time, so I was able to resolve fairly quickly, however this is a thing in memory safe languages that can occur. Maybe Google will add checks to their gofmt program for possible null pointer references after encountering such a bug fault.

You cant beat good exception handling. I like that you mentioned APIs, in that you really should sanitise any data returned from an API, and definitely should not rely on the documentation or the API not changing. Always consider what's in your control, and what's out of your control - and given that one day you might not even be maintaining the code, lean towards everything being out of your control.

As much as everyone hates it, the answer really is just good programming techniques.

The possibility of a panic is a major design flaw in Rust (and Haskell and ...). I've considered writing RustNP which would not have the possibility of crashing when you don't enable "unsafe" options you need for certain low level manipulations. (It was possible for Haskell, and is probably possible for Rust.) Would anyone be interested in such a thing. (No crashes does not mean no bugs or no infinite loops or no deadlocks.)

Huh. Where was I? I didn't even notice... And I basically live on my pc/internet.

I bet this really affected the unemployed

Well actually it makes sense that it'd be a null pointer thing that takes down the Internet. Right? The Old Timey Internet is C coded turtles all the way down. (or at least that's what I heard)

Rust can prevent this, because rust uses safe reference, that is why microsoft azure stopped using c++ and completely use rust for low level azure stuff

No Rust developer in their right mind uses unwrap() in production code. I am more inclined to think Rust would have prevented this with a simple if let Some(x).

Saying that rust would not have fixed this is a little unfair I feel. Yes you unwrap it the None type, but for such a mission-critical piece of software they'd definitely enforce a no-unwrap lint rule and force the err handling

Rust would not have fixed this. You completely missed that this was the exact same problem as Crowdstrike last year. The problem wasn't "null pointer dereference", it was pushing untested unvalidated runtime configurations into the system without any testing and replicating that config globally without any sort of canary process.

There was the policy engine (Service Control), and the policy document (inserted into the Spanner table). The code changes to the policy engine are subject to reasonable testing, but apparently Google just directly one-shots policy document changes directly into spanner tables at runtime and globally replicates those policy documents within seconds.

The problem is again, just like with Cloudstrike, that these policy documents clearly should be validated and tested but that Google's policy is not to test them at all and apparently ("unintentional blank fields") not even to validate them.

This kind of culture develops where "the engine" portion of a system is placed under heavy scrutiny, be it because it requires a kernel extension or something else, and is appropriately tested, but the organization then just squirrels all the code that could potentially break the system into the "configuration" portion where the testing is less onerous. It's "code versus data" again and again, where code is treated with care but data is just one-shotted in without a second though. But this is irrational, we literally have von Neumann computers: there is no meaningful distinction between code and data, only an irrational cultural distinction. And the official story on this, the "null pointer dereference" only furthers this misguided and irrational culture of testing code but never testing configurations.

It would not be complicated, if Google had the right culture, to dry-run these policy documents through the policy engine code to make sure it doesn't blow up. Let alone make sure during replication that they don't replicate throughout the entire internet without any verification on even a single machine that they don't boot loop.

Weird. I didn't notice. Wonder what I was up to?

And that’s why we shouldn’t have all our eggs in one basket!

Basically rust has the Monad concept probably got from haskell.

total azure victory im afraid

People are assuming C or C++ based of the "null" deref error ( google is mainly C++, but also include other languages)

No they didn’t. I didn’t notice a thing. Maybe this teaches not to trust an American service provider when it comes to hosting. Just the sitting regimes ability to spy should be enough to make ppl back off if you ask me.

A good simple analogy of what a null pointer is: You go to a hotel, get the key, and the number on it is for a room that doesn't exist.