| 22 May 2024 |
|  NixOS Moderation Botchanged room power levels. | 15:25:55 |
| NixOS Moderation Botchanged room power levels. | 15:28:10 |
| 23 May 2024 |
|  cblacktech joined the room. | 21:59:57 |
| 28 May 2024 |
|  Sandro 🐧 joined the room. | 08:25:34 |
| 29 May 2024 |
|  raitobezarius (DECT 2128) changed their display name from raitobezarius to raitobezarius (DECT: 7248). | 17:08:24 |
| 1 Jun 2024 |
 K900 ⚡️ | I feel like some recent change made the ACME test way more flaky | 16:58:33 |
| K900 ⚡️ | Somewhere in the past few days | 16:59:25 |
| 3 Jun 2024 |
|  Arian joined the room. | 08:07:27 |
| Arian | apparently we merged a change that changes the account dir hash and is causing mass renewals and account id renewal?https://github.com/NixOS/nixpkgs/issues/316608
Anybody any idea how we can fix this before it causes more damage? Should we backport some conditional that uses the old hashing scheme based on stateVersion? Need to come up with some pragmatic solution | 08:09:44 |
| Arian | TIL that toString null returns the string " " lol | 08:10:17 |
| Arian | Nix is a special language for sure | 08:10:32 |
| K900 ⚡️ | Uhh | 08:10:58 |
| K900 ⚡️ | That's a very stupid behavior in lego tbh | 08:11:03 |
| Arian | This is not Lego. this is us | 08:11:10 |
| Arian | I think? | 08:11:15 |
| K900 ⚡️ | Oh OK yeah it is us | 08:12:00 |
| K900 ⚡️ | https://github.com/SuperSandro2000/nixpkgs/blob/6e294f40db992635e4aa566789ac3560ed1f9b1a/nixos/modules/security/acme/default.nix#L16 | 08:12:00 |
| Arian | so acmeServer used to be null | 08:12:19 |
| Arian | and we change it to the letsencrypt uri | 08:12:35 |
| K900 ⚡️ | But how is it leaking into CAA records then | 08:13:01 |
| K900 ⚡️ | Is what I don't get | 08:13:03 |
| Arian | You can bind your CAA record to your account ID these days | 08:13:35 |
| K900 ⚡️ | Oh | 08:13:40 |
| Arian | it's a new extension to ACME protocol | 08:13:42 |
| Arian | to detect MITM attacks | 08:13:45 |
| K900 ⚡️ | Yeeeeeah | 08:13:58 |
| K900 ⚡️ | But then we can just migrate | 08:14:03 |
| K900 ⚡️ | Like | 08:14:11 |
| Arian | (and it's important. E.g. German government has been issueing LEtsEncrypt certificates for a lot of XMPP servers through MITM'ing through middleboxes at Hetzner datacenters and got caught redhanded multiple times last year) | 08:14:15 |
| K900 ⚡️ | Compute old hash and new hash | 08:14:32 |
