| 7 Jun 2025 |
 infinisil | hexa (signing key rotation when): Recently the foundation board got a request to "unban" somebody's IP, they also linked to a post of them about it: https://sharkey.ghodawalaaman.xyz/notes/a8bh6usmk8
Is this something the infra team can look into? I can PM you the IP address
| 21:59:57 |
 Sandro 🐧 | pinging 52.74.232.59 also results in 100% packet loss for me | 22:09:25 |
 hexa (signing key rotation when) | In reply to @infinisil:matrix.org
hexa (signing key rotation when): Recently the foundation board got a request to "unban" somebody's IP, they also linked to a post of them about it: https://sharkey.ghodawalaaman.xyz/notes/a8bh6usmk8
Is this something the infra team can look into? I can PM you the IP address
Thats hosted by netlify and I would be surprised if anyone was "banned" | 22:17:56 |
| hexa (signing key rotation when) | In reply to @sandro:supersandro.de
pinging 52.74.232.59 also results in 100% packet loss for me "Security" | 22:18:18 |
| infinisil | Oh and yeah I also get full packet loss for nixos.org pings | 22:18:24 |
| infinisil | I guess there's no reason for it to respond to pings | 22:18:32 |
 edef | it might just not answer pings | 22:18:38 |
| hexa (signing key rotation when) | Thats not a problem | 22:18:40 |
| edef | yeah | 22:18:41 |
| infinisil | Alright I'll answer with that. Can also tell them to join this room if there's other problems | 22:19:01 |
| infinisil | (although if they're actually blocked in some way they might not be able to :P) | 22:19:17 |
| edef | a lot of networking equipment also doesn't answer pings or punts them to low priority | 22:19:23 |
| edef | so ICMP pings are not inherently reliable tests of connectivity or latency | 22:19:47 |
| hexa (signing key rotation when) | In reply to @infinisil:matrix.org
(although if they're actually blocked in some way they might not be able to :P) Unlikely | 22:20:22 |
| edef | (and i can confirm that nixos.org indeed does not answer ICMP pings, but does answer HTTPS) | 22:20:44 |
| hexa (signing key rotation when) | Relevant would he a traceroute (UDP or TCP) and a curl log | 22:21:08 |
| hexa (signing key rotation when) | * | 22:21:16 |
| Sandro 🐧 | My providers routers drop exactly 50% of a normal mtr ping at hop 4 or 5 | 22:43:00 |
| Sandro 🐧 | not 49.5, not 51.3, exactly 50.0% | 22:43:13 |
| hexa (signing key rotation when) | its because icmp echo requests leave the fast path and go to the control plane | 22:43:24 |
| hexa (signing key rotation when) | the control plane is not equipped to handle a huge number of packages, so rate limiting kicks in | 22:43:47 |
| Sandro 🐧 | "sEcUrItY" aka make debugging hard for no reason :P
or maybe they run Windows Server where you can sometimes get RCE with IPv6 pings 😂 | 22:43:50 |
| hexa (signing key rotation when) | exactly | 22:43:55 |
| hexa (signing key rotation when) | * the control plane is not equipped to handle a huge number of packets, so rate limiting kicks in | 22:44:37 |
| Sandro 🐧 | luckily you cannot turn it off for IPv6 completely without breaking some things | 22:44:59 |
| hexa (signing key rotation when) | you absoutely can turn off icmpv6 echo requests | 22:45:17 |
