| 4 Oct 2021 |
 Baughn | Mmyep. There's the bug. | 19:58:34 |
 Vladimír Čunát | I wonder if it's possible that these redirect pairs aren't guaranteed to be "cached atomically" by Fastly or something. | 19:59:41 |
|  Linux Hackerman joined the room. | 19:59:42 |
|  djacu joined the room. | 19:59:51 |
| Vladimír Čunát | * I wonder if it's possible that these redirect pairs aren't guaranteed to be "cached atomically" by Fastly or something. (well, I don't know this stuff) | 20:00:08 |
| Baughn | I'd call that virtually guaranteed | 20:00:12 |
| Baughn | As in, guaranteed not to work | 20:00:22 |
| Baughn | We'll find out in a couple minutes. | 20:00:27 |
| Baughn | An ideal fix would be to have a JSON file on the website which points to the iso, and also contains the sha256 of that iso. That's cover the browser case, at least; for the console case, you could have a single directory that's a redirect to a latest-iso dir containing both files | 20:01:41 |
| Baughn | * An ideal fix would be to have a JSON file on the website which points to the iso, and also contains the sha256 of that iso. That'd cover the browser case, at least; for the console case, you could have a single directory that's a redirect to a latest-iso dir containing both files | 20:01:48 |
| Linux Hackerman | That's one option. Surely the CDN should have a way to invalidate caches though? | 20:02:11 |
| Baughn | Probably, but don't go that path. Cache invalidation is the hardest problem in computer science. | 20:02:56 |
| Baughn | Much, much better to use a construction that makes it unnecessary. | 20:03:05 |
| Linux Hackerman | True | 20:04:39 |
| Baughn | I'd be happy to supply the PRs to fix this, honestly... dunno where I should look, though! | 20:05:32 |
|  Sushi Dude joined the room. | 20:07:18 |
| Baughn | Found it~ | 20:18:25 |
| 5 Oct 2021 |
|  K900 joined the room. | 07:06:28 |
|  K900 left the room. | 07:15:53 |
| 6 Oct 2021 |
|  Rosario Pulella changed their display name from rosariopulella to Rosuavio. | 10:38:42 |
| Rosario Pulella changed their display name from Rosuavio to Rosario Pulella. | 10:45:05 |
|  vidister / fiona joined the room. | 21:26:35 |
| vidister / fiona | Hey, I don't know where to put this but it seems that there's a server with an expired TLS cert in the rotation for cache.nixos.org.
It's 195.201.36.118 | 21:27:16 |
| vidister / fiona | * Hey, I don't know where to put this but it seems that there's a server with an expired TLS cert in the rotation for cache.nixos.org.
It's 195.201.36.118 and 2a01:4f8:1c0c:5c96::1 | 21:28:32 |
| Vladimír Čunát | I assume that you correctly see cache.nixos.org. CNAMEd to dualstack.v2.shared.global.fastly.net. and it's some local problem with Fastly. (On my end I'm getting different IPs and cert seems accepted.) | 21:32:11 |
| Vladimír Čunát | $ openssl s_client -servername cache.nixos.org -connect 195.201.36.118:443
[...]
Certificate chain
0 s:CN = nextcloud.isardvdi.com
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
| 21:34:01 |
| Vladimír Čunát | That's not just expired but very wrong cert. | 21:34:11 |
| vidister / fiona | Yeah, I don't know why it resolved to that IP, I can't get it to resolve that again, but it's still in the cache on my computer. dafuq_ | 21:36:21 |
| vidister / fiona | * Yeah, I don't know why it resolved to that IP, I can't get it to resolve that again, but it's still in the cache on my computer. dafuq? | 21:36:25 |
| Vladimír Čunát | The IP belongs to Hetzner, according to whois. | 21:37:13 |
