| 8 May 2026 |
 emily | but I mean if a present path is being hammered, how long does Fastly cache that before going back to S3? | 11:58:33 |
 Arian | 24h i think | 11:58:46 |
| emily | IIRC you said it was not that long? | 11:58:53 |
| emily | yeah | 11:58:57 |
| emily | so I wonder if just increasing that a ton would help? | 11:59:10 |
| emily | I don't know how much Fastly will cache before evicting things though. but at least there's definitely no reason to evict something just because it's been a day :) | 11:59:59 |
 hexa (signing key rotation when) | do you think we can get better caching than what fastly currently provides? | 13:13:50 |
| emily | (not sure if you're asking me but) if it expires every 24 hours then a bot that hits a bunch of store paths every 24 hours and then repeats causes costs every day vs. potentially getting cached indefinitely if we tell Fastly there's no need to expire known store paths right?
(but obviously it's just throwing things at the wall unless it's known what the access pattern looks like. still I imagine it's good in general for e.g. the latest stable installer ISO to not get redownloaded from S3 every day?)
| 13:17:15 |
| hexa (signing key rotation when) | 
Download | 13:19:25 |
| hexa (signing key rotation when) | 
Download | 13:20:08 |
| emily | but it's precisely that 5% that must be causing ^ right? 🤔 | 13:20:50 |
| hexa (signing key rotation when) | at the same time | 13:21:00 |
| hexa (signing key rotation when) | 
Download | 13:21:02 |
| hexa (signing key rotation when) | 
Download | 13:21:22 |
| emily | Nix probably counts as "other bots"? | 13:21:57 |
| emily | 0 DDoS requests mitigated is a fun figure | 13:22:14 |
| hexa (signing key rotation when) | I would imagine it does, since it doesn't advertise as a browser | 13:26:04 |
| 9 May 2026 |
| hexa (signing key rotation when) | Arian what's blocking https://github.com/NixOS/infra/pull/728 | 12:17:45 |
| Arian | ADHD mostly | 12:24:01 |
| Arian | I keep forgetting i was doing this | 12:24:09 |
| Arian | Only thing I'm a bit afraid of is that if we actually have people scraping old paths intelligent tiering might actually be more expensive because things get moved into more expensive tiers... But idk I think we should just apply and observe for a month. | 13:48:08 |
| Arian | Worst case is we revert | 13:48:13 |
| hexa (signing key rotation when) | yeah, we can't know without trying | 13:55:45 |
| hexa (signing key rotation when) | if things go to shit, what's next? gc? | 13:55:59 |
 lassulus | we do the cache exfil anyway? so maybe gc? or we get more free credits from aws. but there are multiple ideas floating around what happens if the egress costs eat up the free credits we get from amazon. would not worry too much about it for now | 13:58:00 |
| lassulus | I opushed https://github.com/NixOS/infra/pull/728 I would be happy to deploy it, but not sure if I have the right credentials :D | 13:58:29 |
| lassulus | maybe @hexa (signing key rotation when) can do that? | 13:58:33 |
| hexa (signing key rotation when) | I think we can apply that during an infra call | 14:00:02 |
| hexa (signing key rotation when) | the next one is on the 14th | 14:00:23 |
| lassulus | ok, we will try to be there | 14:02:15 |
