| 4 Oct 2021 |
 Baughn | As in, guaranteed not to work | 20:00:22 |
| Baughn | We'll find out in a couple minutes. | 20:00:27 |
| Baughn | An ideal fix would be to have a JSON file on the website which points to the iso, and also contains the sha256 of that iso. That's cover the browser case, at least; for the console case, you could have a single directory that's a redirect to a latest-iso dir containing both files | 20:01:41 |
| Baughn | * An ideal fix would be to have a JSON file on the website which points to the iso, and also contains the sha256 of that iso. That'd cover the browser case, at least; for the console case, you could have a single directory that's a redirect to a latest-iso dir containing both files | 20:01:48 |
 Linux Hackerman | That's one option. Surely the CDN should have a way to invalidate caches though? | 20:02:11 |
| Baughn | Probably, but don't go that path. Cache invalidation is the hardest problem in computer science. | 20:02:56 |
| Baughn | Much, much better to use a construction that makes it unnecessary. | 20:03:05 |
| Linux Hackerman | True | 20:04:39 |
| Baughn | I'd be happy to supply the PRs to fix this, honestly... dunno where I should look, though! | 20:05:32 |
|  Sushi Dude joined the room. | 20:07:18 |
| Baughn | Found it~ | 20:18:25 |
| 5 Oct 2021 |
|  K900 joined the room. | 07:06:28 |
|  K900 left the room. | 07:15:53 |
| 6 Oct 2021 |
|  Rosario Pulella changed their display name from rosariopulella to Rosuavio. | 10:38:42 |
| Rosario Pulella changed their display name from Rosuavio to Rosario Pulella. | 10:45:05 |
|  vidister / fiona joined the room. | 21:26:35 |
| vidister / fiona | Hey, I don't know where to put this but it seems that there's a server with an expired TLS cert in the rotation for cache.nixos.org.
It's 195.201.36.118 | 21:27:16 |
| vidister / fiona | * Hey, I don't know where to put this but it seems that there's a server with an expired TLS cert in the rotation for cache.nixos.org.
It's 195.201.36.118 and 2a01:4f8:1c0c:5c96::1 | 21:28:32 |
 Vladimír Čunát | I assume that you correctly see cache.nixos.org. CNAMEd to dualstack.v2.shared.global.fastly.net. and it's some local problem with Fastly. (On my end I'm getting different IPs and cert seems accepted.) | 21:32:11 |
| Vladimír Čunát | $ openssl s_client -servername cache.nixos.org -connect 195.201.36.118:443
[...]
Certificate chain
0 s:CN = nextcloud.isardvdi.com
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
| 21:34:01 |
| Vladimír Čunát | That's not just expired but very wrong cert. | 21:34:11 |
| vidister / fiona | Yeah, I don't know why it resolved to that IP, I can't get it to resolve that again, but it's still in the cache on my computer. dafuq_ | 21:36:21 |
| vidister / fiona | * Yeah, I don't know why it resolved to that IP, I can't get it to resolve that again, but it's still in the cache on my computer. dafuq? | 21:36:25 |
| Vladimír Čunát | The IP belongs to Hetzner, according to whois. | 21:37:13 |
 Sandro | Restart systemd-resolved maybe? | 21:37:20 |
| Vladimír Čunát | It really sounds like some DNS problem near your end. | 21:38:13 |
| Sandro | In reply to @vcunat:matrix.org
The IP belongs to Hetzner, according to whois. The sources of this data are not always up to date and in the past I already got really bogus results. Like 3 results from 3 services about location, owner and so on | 21:38:34 |
| Vladimír Čunát | ... though theoretically it is possible to be some Fastly DNS problem. | 21:38:40 |
| vidister / fiona | I'm not running systemd-resolved and the machine is using 1.1.1.1/8.8.8.8. I don't know where that result came from | 21:39:11 |
| vidister / fiona | this is so weird | 21:39:14 |
