| 1 Jun 2025 |
 flokli | I still think it'd be very worthwhile to tap into narinfo uploads, so we can continuously update our data on narinfos that doesn't involve scraping millions of text files. | 17:58:22 |
 edef | yes | 17:58:30 |
|  NixOS Moderation Bot unbanned  @mightyiam:matrix.org. | 22:58:05 |
| 2 Jun 2025 |
|  @deeok:matrix.org joined the room. | 08:18:33 |
 Jeremy Fleischman (jfly) | infinisil, I'm going to spend some time hacking on https://github.com/NixOS/infra/issues/700. I'll dump any progress onto this draft PR: https://github.com/NixOS/infra/pull/705 | 16:29:16 |
 infinisil | In reply to @jfly:matrix.org
infinisil, I'm going to spend some time hacking on https://github.com/NixOS/infra/issues/700. I'll dump any progress onto this draft PR: https://github.com/NixOS/infra/pull/705 Nice! Want some company? Otherwise I'm also available async :) | 16:35:44 |
| Jeremy Fleischman (jfly) | if you're available! https://meet.jit.si/freescoutingggggggg | 16:36:37 |
| infinisil | Redacted or Malformed Event | 19:42:45 |
| infinisil | Jeremy Fleischman (jfly): We might need to do some more: https://public.infinisil.com/2025-06-02_21-43.png | 19:44:52 |
| infinisil | (the bottommost error is probably just because there are no background jobs, though the error message sucks if so) | 19:47:01 |
| Jeremy Fleischman (jfly) | ok, good to know!
Nina predicted the modules permissions error in https://cyberchaos.dev/e1mo/freescout-nix-flake/-/issues/1. That's a good reminder that we should try out a module. | 19:58:29 |
| Jeremy Fleischman (jfly) | * ok, good to know!
Nina predicted the modules permissions error(s) in https://cyberchaos.dev/e1mo/freescout-nix-flake/-/issues/1. That's a good reminder that we should try out a module. | 19:59:03 |
| Jeremy Fleischman (jfly) | files https://cyberchaos.dev/e1mo/freescout-nix-flake/-/issues/2 for the public/storage issue | 20:03:59 |
| Jeremy Fleischman (jfly) | and https://cyberchaos.dev/e1mo/freescout-nix-flake/-/issues/3 for the .env perms issue | 20:05:59 |
 Arian | Some interesting things I noticed looking at Fastly dashboard:
We have 0 requests using TLS 1.3. They’re all using TLS 1.2. Is this some limitation in the nix codebase in how we setup openssl?
half of the requests are HTTP1.1 and the other half HTTP2. I would expect way more (maybe even all) to be HTTP2. Where is all that HTTP1.1 traffic coming from?
| 20:39:52 |
 hexa (signing key rotation when) | our config does not support tls1.3 | 20:48:04 |
| hexa (signing key rotation when) | it supports 1.1 and 1.2 and all clients use 1.2 | 20:48:11 |
| hexa (signing key rotation when) | at least the last time I checked, which was early januar | 20:48:29 |
| hexa (signing key rotation when) | * at least the last time I checked, which was early january | 20:48:30 |
| hexa (signing key rotation when) | interesting profiles would support h2/h3 with 0rtt, but the offered ones lack ipv6 | 20:49:02 |
| hexa (signing key rotation when) | see https://manage.fastly.com/network/subscriptions | 20:50:51 |
| Arian | having to choose between TLS1.3 and Ipv6 is wild | 20:51:18 |
| hexa (signing key rotation when) | hm, no … that's not it | 20:51:20 |
| hexa (signing key rotation when) | https://manage.fastly.com/network/tls-configurations | 20:51:31 |
| Arian | Okay that’s one mystery down. But why is half our traffic HTTP 1.1? | 20:51:39 |
| hexa (signing key rotation when) | that is surprising to me | 20:52:08 |
| Arian | https://manage.fastly.com/observability/dashboard/system/overview/details/Tb10gX/7mNUQGZO6YxAd2jpokgWxS?mode=historic&view=data | 20:53:15 |
| hexa (signing key rotation when) | oh, I confused h1/h2 with tls11/12 | 20:54:39 |
| hexa (signing key rotation when) | and while we offer tls11/12 all clients use tls12 | 20:54:50 |
| hexa (signing key rotation when) | * oh, I misremembered the numbers for tls11/12 as h1/h2 | 20:55:11 |
