| 4 Jun 2025 |
 hexa | we are using dex for alerts.nixos.org | 20:23:32 |
| hexa | * we are using dex for alerts.nixos.org to bridge that gap | 20:24:45 |
| hexa | with more services that we deploy we should probably run our own idm | 20:45:44 |
| 5 Jun 2025 |
 Mic92 | hexa (signing key rotation when): I still see dangling terraform resources for netlify domains in terraform. Should I remove those? | 11:23:40 |
| Mic92 | I mean removing the state otherwise, terraform apply will remove all our records | 11:24:10 |
| hexa | yeah, feel free | 12:37:15 |
| Mic92 | hexa (signing key rotation when): finished my second fastly pr, in case you want to have a look | 13:00:07 |
| Mic92 | https://github.com/NixOS/infra/pull/718 | 13:00:10 |
| 6 Jun 2025 |
|  arcayr changed their profile picture. | 01:11:38 |
| 7 Jun 2025 |
 infinisil | hexa (signing key rotation when): Recently the foundation board got a request to "unban" somebody's IP, they also linked to a post of them about it: https://sharkey.ghodawalaaman.xyz/notes/a8bh6usmk8
Is this something the infra team can look into? I can PM you the IP address
| 21:59:57 |
 Sandro | pinging 52.74.232.59 also results in 100% packet loss for me | 22:09:25 |
| hexa | In reply to @infinisil:matrix.org
hexa (signing key rotation when): Recently the foundation board got a request to "unban" somebody's IP, they also linked to a post of them about it: https://sharkey.ghodawalaaman.xyz/notes/a8bh6usmk8
Is this something the infra team can look into? I can PM you the IP address
Thats hosted by netlify and I would be surprised if anyone was "banned" | 22:17:56 |
| hexa | In reply to @sandro:supersandro.de
pinging 52.74.232.59 also results in 100% packet loss for me "Security" | 22:18:18 |
| infinisil | Oh and yeah I also get full packet loss for nixos.org pings | 22:18:24 |
| infinisil | I guess there's no reason for it to respond to pings | 22:18:32 |
 edef | it might just not answer pings | 22:18:38 |
| hexa | Thats not a problem | 22:18:40 |
| edef | yeah | 22:18:41 |
| infinisil | Alright I'll answer with that. Can also tell them to join this room if there's other problems | 22:19:01 |
| infinisil | (although if they're actually blocked in some way they might not be able to :P) | 22:19:17 |
| edef | a lot of networking equipment also doesn't answer pings or punts them to low priority | 22:19:23 |
| edef | so ICMP pings are not inherently reliable tests of connectivity or latency | 22:19:47 |
| hexa | In reply to @infinisil:matrix.org
(although if they're actually blocked in some way they might not be able to :P) Unlikely | 22:20:22 |
| edef | (and i can confirm that nixos.org indeed does not answer ICMP pings, but does answer HTTPS) | 22:20:44 |
| hexa | Relevant would he a traceroute (UDP or TCP) and a curl log | 22:21:08 |
| hexa | * | 22:21:16 |
| Sandro | My providers routers drop exactly 50% of a normal mtr ping at hop 4 or 5 | 22:43:00 |
| Sandro | not 49.5, not 51.3, exactly 50.0% | 22:43:13 |
| hexa | its because icmp echo requests leave the fast path and go to the control plane | 22:43:24 |
| hexa | the control plane is not equipped to handle a huge number of packages, so rate limiting kicks in | 22:43:47 |
