cebertIncident March 30th, 2026 – Accidental CDN Caching
https://blog.railway.com/p/incident-report-march-30-2026-accidental-cdn-caching
This write up doesn’t make sense. Authenticated users are the ones without a Set-Cookie? Surely the ones with the cookie set are the authenticated ones?
There are dozens of contradictions, like first they say:
“this may have resulted in potentially authenticated data being served to unauthenticated users”
and then just a few sentences later say
“potentially unauthenticated data is served to authenticated users”
which is the opposite. Which one is it?
Am I missing something, or is this article poorly reviewed?
Fixed the typo in that second paragraph and aligned the section on the Set-Cookie stuff. Anything else that can be made more clear?
The problem is that these visible errors make us wonder what other errors in the post are less visible. Fixing them doesn’t fix the process that led to them.
I'm pretty sure it's AI.
https://x.com/JustJake/status/2007730898192744751
I wouldn't be surprised if most of Railway's infra is running on Claude at this point.
Jake (@JustJake) on X
@martin_casado @williamevanl Today I handed Claude a document that I've been growing for...years on building an orchestrator/distributed runtime that I had only purely theorized possible. One we've been working towards. It would have taken me probably months to code by hand. Building on 5 years of work and
The CEO says it's not: https://x.com/JustJake/status/2038799619640250864
A lot of people are confident in enough in their ability to spot AI infra that they are willing to dismiss a firsthand source on this, and I admit I have no idea why. There isn't any upside to making this claim, and anyway, I assure you that people need no help at all from AI to make these kinds of mistakes.
It's fine they use AI, it's not fine they don't proofread things.