Cloudflare outage on February 20, 2026

Original Article ↗ Hacker News Discussion ↗

Reliability, SLAs, and Transparency

  • Several commenters say Cloudflare’s recent outage pattern has exhausted earlier goodwill; for some, “those that can will move on.”
  • Others stress that detailed postmortems and honest status pages are still preferable to providers that hide incidents.
  • Debate over whether management actually reads incident reports: some say only CTO/technical leaders digest them and summarize impact; others describe formal supplier scorecards where repeated incidents clearly affect vendor risk.

Perceived Increase in Outages & Organizational Health

  • Multiple participants note a long stretch of stability followed by several outages in the last ~6 months, seen as a worrying trend rather than recency bias.
  • Comments portray internal culture as “ship at all costs,” with leadership allegedly focused on rapid feature launches (including AI-first initiatives) at the expense of reliability.
  • Some attribute declining reliability and blog quality to leadership changes at the CTO level and speculate about talent leaving; others warn against over-reliance on any single vendor.

Testing, API Design, and Root Cause Discussion

  • Many see the bug (treating an empty query param as “return all” and wiring that into a delete path) as evidence of inadequate integration testing and weak API contract design.
  • Criticism that basic scenarios weren’t tested (e.g., malformed/empty filters, mixed prefix states), and that a destructive workflow reused an endpoint that defaults to “return everything.”
  • Some find the blog’s initial explanation confusing or slightly inaccurate, especially around repeated revocations and partial impact; a few question whether parts were rushed or even AI-written.

AI/“Vibe Coding” Culture and Ethics

  • Strong concern that LLM-assisted “vibe coding” and management pressure for 10x productivity are eroding software quality across the industry.
  • Controversial anecdote of deliberately injecting bugs to discredit an internal AI initiative triggers ethical debate: some justify resistance to unsafe tooling; others call it outright malicious toward employer and customers.

Vendor Lock-in, Alternatives, and Mitigations

  • Smaller customers say Cloudflare is effectively the only pay‑as‑you‑go provider that can handle large L7 DDoS + global routing at that price point; alternatives (other CDNs/WAFs) are seen as weaker or more expensive.
  • Suggestions include multi-CDN setups with DNS-based health checks and failover, and contracts structured so more reliable CDNs get more traffic and revenue.