Taggart Nov 19

Buried in this nicely-detailed RCA is a pretty damning fact:

Cloudflare left .unwrap() in mission-critical Rust code.

For non-Rustaceans, .unwrap() handles a type called Result that can either be Ok with a value, or an Err with an Error. The whole point is to gracefully handle errors and not let panics make it to production code. But unwrap() assumes there's a value to extract without safeguards.

I use .unwrap() sometimes! Usually when there's a logical guarantee that the result can never be an error. But I make sure to purge it from critical processes for exactly this reason.

https://blog.cloudflare.com/18-november-2025-outage/

Show threadThe Duke of Fall Nov 19

@mttaggart One of the first impressions I got while digging into Rust was that *some* unwrapping was useful but LOTS of unwrapping was a code smell.

Encouraged to see that understanding appears to track.

Show threadTed Mielczarek
@valthonis @mttaggart my policy is to always avoid it in production code.
Nov 19 at 4:01amMastodon for Android
Show threadMattias Eriksson 🦀🚵‍♂️⛵Nov 20
@tedmielczarek @valthonis @mttaggart
I avoid it in production code. I still think I have 1 or two, where it is clear it cannot panic due to a close by check (and other ways to handle it would just add extra complexity). But, even in those cases, I always leave a comment next to it saying //This is safe since... for the next person editing this.