| 2 Jun 2025 |
 Jeremy Fleischman (jfly) | if you're available! https://meet.jit.si/freescoutingggggggg | 16:36:37 |
 infinisil | Redacted or Malformed Event | 19:42:45 |
| infinisil | Jeremy Fleischman (jfly): We might need to do some more: https://public.infinisil.com/2025-06-02_21-43.png | 19:44:52 |
| infinisil | (the bottommost error is probably just because there are no background jobs, though the error message sucks if so) | 19:47:01 |
| Jeremy Fleischman (jfly) | ok, good to know!
Nina predicted the modules permissions error in https://cyberchaos.dev/e1mo/freescout-nix-flake/-/issues/1. That's a good reminder that we should try out a module. | 19:58:29 |
| Jeremy Fleischman (jfly) | * ok, good to know!
Nina predicted the modules permissions error(s) in https://cyberchaos.dev/e1mo/freescout-nix-flake/-/issues/1. That's a good reminder that we should try out a module. | 19:59:03 |
| Jeremy Fleischman (jfly) | files https://cyberchaos.dev/e1mo/freescout-nix-flake/-/issues/2 for the public/storage issue | 20:03:59 |
| Jeremy Fleischman (jfly) | and https://cyberchaos.dev/e1mo/freescout-nix-flake/-/issues/3 for the .env perms issue | 20:05:59 |
 Arian | Some interesting things I noticed looking at Fastly dashboard:
We have 0 requests using TLS 1.3. They’re all using TLS 1.2. Is this some limitation in the nix codebase in how we setup openssl?
half of the requests are HTTP1.1 and the other half HTTP2. I would expect way more (maybe even all) to be HTTP2. Where is all that HTTP1.1 traffic coming from?
| 20:39:52 |
 hexa | our config does not support tls1.3 | 20:48:04 |
| hexa | it supports 1.1 and 1.2 and all clients use 1.2 | 20:48:11 |
| hexa | at least the last time I checked, which was early januar | 20:48:29 |
| hexa | * at least the last time I checked, which was early january | 20:48:30 |
| hexa | interesting profiles would support h2/h3 with 0rtt, but the offered ones lack ipv6 | 20:49:02 |
| hexa | see https://manage.fastly.com/network/subscriptions | 20:50:51 |
| Arian | having to choose between TLS1.3 and Ipv6 is wild | 20:51:18 |
| hexa | hm, no … that's not it | 20:51:20 |
| hexa | https://manage.fastly.com/network/tls-configurations | 20:51:31 |
| Arian | Okay that’s one mystery down. But why is half our traffic HTTP 1.1? | 20:51:39 |
| hexa | that is surprising to me | 20:52:08 |
| Arian | https://manage.fastly.com/observability/dashboard/system/overview/details/Tb10gX/7mNUQGZO6YxAd2jpokgWxS?mode=historic&view=data | 20:53:15 |
| hexa | oh, I confused h1/h2 with tls11/12 | 20:54:39 |
| hexa | and while we offer tls11/12 all clients use tls12 | 20:54:50 |
| hexa | * oh, I misremembered the numbers for tls11/12 as h1/h2 | 20:55:11 |
| hexa | so one thing we could add is a https record with alpn information | 20:55:34 |
| hexa | and see if that makes a dent, though I would be surprised if it did | 20:55:54 |
 emily | does Nix itself speak h2? | 20:58:23 |
| hexa | I would hope so, since it relies on curl | 20:58:43 |
| Arian | Yes. it has been speaking H2 for ages
https://github.com/NixOS/nix/blob/e72f19eb28189c9aaaa051423d3c35c93a591fad/src/libstore/filetransfer.cc#L353-L357
unless you disable it explicitly in the config
| 20:58:56 |
| Arian | but this would mean half our users opted out of using it? that seems odd to me | 20:59:18 |
