| 2 Jun 2025 |
 hexa (signing key rotation when) | see https://manage.fastly.com/network/subscriptions | 20:50:51 |
 Arian | having to choose between TLS1.3 and Ipv6 is wild | 20:51:18 |
| hexa (signing key rotation when) | hm, no … that's not it | 20:51:20 |
| hexa (signing key rotation when) | https://manage.fastly.com/network/tls-configurations | 20:51:31 |
| Arian | Okay that’s one mystery down. But why is half our traffic HTTP 1.1? | 20:51:39 |
| hexa (signing key rotation when) | that is surprising to me | 20:52:08 |
| Arian | https://manage.fastly.com/observability/dashboard/system/overview/details/Tb10gX/7mNUQGZO6YxAd2jpokgWxS?mode=historic&view=data | 20:53:15 |
| hexa (signing key rotation when) | oh, I confused h1/h2 with tls11/12 | 20:54:39 |
| hexa (signing key rotation when) | and while we offer tls11/12 all clients use tls12 | 20:54:50 |
| hexa (signing key rotation when) | * oh, I misremembered the numbers for tls11/12 as h1/h2 | 20:55:11 |
| hexa (signing key rotation when) | so one thing we could add is a https record with alpn information | 20:55:34 |
| hexa (signing key rotation when) | and see if that makes a dent, though I would be surprised if it did | 20:55:54 |
 emily | does Nix itself speak h2? | 20:58:23 |
| hexa (signing key rotation when) | I would hope so, since it relies on curl | 20:58:43 |
| Arian | Yes. it has been speaking H2 for ages
https://github.com/NixOS/nix/blob/e72f19eb28189c9aaaa051423d3c35c93a591fad/src/libstore/filetransfer.cc#L353-L357
unless you disable it explicitly in the config
| 20:58:56 |
| Arian | but this would mean half our users opted out of using it? that seems odd to me | 20:59:18 |
| hexa (signing key rotation when) | unlikely | 20:59:28 |
 K900 | There's also corporate proxies | 20:59:38 |
 edef | split it out by user agent | 20:59:39 |
| K900 | And DPI bullshit | 20:59:42 |
| edef | and maybe origin AS | 20:59:55 |
| hexa (signing key rotation when) | at least the dashboard does not seem to offer that granularity | 21:00:51 |
| hexa (signing key rotation when) | * at least their dashboard does not seem to offer that granularity | 21:00:58 |
| edef | okay, maybe after i've had coffee | 21:01:10 |
| edef | user agent should be in the dash i think | 21:01:16 |
| edef | AS i might have used my own tools for | 21:01:27 |
| hexa (signing key rotation when) | lots of observability features are on a trial period | 21:01:53 |
| edef | i suspect if you filter down to eyeball networks and split by user agent it's actually gonna be much more clear | 21:02:06 |
| Arian | aren’t we sending fastly logs to S3? | 21:04:57 |
| hexa (signing key rotation when) | wasn't that the bits that eelco tried to migrate from his workstation to infra? | 21:05:32 |
