Please donate to keep Network Time Protocol up – Goal 1k

I am surprised that NTP project is not funded, fully or partially, by larger organizations or governments, given the criticality of the project.

I tried to donate, but apparently I am not human:

> 1 error prohibited this submission from being saved:

> Looks like you are not a human

Good to know.

It's sad that a project that literally every company in the world depends on is requiring donations to keep working.

Why is research into the protocol useful. Isn't it done?

Time is hard, time synchronization is arguably harder.

Why not just turn it off and say we need money to turn it in again?

I wish when accepting donations, websites would stop caching the total collected amount or give it a super short TTL. I like to see the little progress bar get closer to the goal thanks to my couple of bucks.

It's not really clear why they need this money either?

The project isn't about research it's about creating a reference implementation

> It's not really clear why they need this money either?

Really? The sentence at the top of the Donate page seems pretty clear to me:

> Your donation helps Network Time Foundation maintain the NTP website and provide resources and support to NTP developers.

Is it unclear to you?

The Network Time Foundation (which counts the NTP project among those it provides resources to) lists several corporate Members.

But yeah, critical infrastructure usually goes criminally underfunded.

Turn what off?

pool.ntp.org dns resolution and any servers that they control, presumably

Confusing. On https://www.nwtime.org/ they use $11,000 as “November 2025 goal“, with $4,675 as current level?

Are these goals monthly goals, with the counter being reset? The sites don’t make that clear.

Time itself maybe, I know I could use with a little bit of a pause.

The folks who run the public NTP pool really ought not to make it easier to pay them money to use it commercially.

I submitted a request for commercial use via their online form but never received a response.

It is kind of vague IMO. Especially since most of the actual NTP infrastructure is run by governments, universities, and companies.

https://gist.github.com/mutin-sa/eea1c396b1e610a2da1e5550d94...

But..it's $1k. This is basically pocket change on an institutional level. I've been part of some very scrappy and poorly funded community organizations and even they took in more than $1k every year. Even if you don't believe NTP maintainers should be paid anything for their work (an opinion I don't hold), it's trivial to spend this amount on modest everyday expenses like renting a venue a couple of times, buying insurance, and paying for hosting and technical resources.

EDIT: Here is their 2024 tax return

https://www.nwtime.org/about/documents/2024_NTF_IRS_990.pdf

It looks like they took in more than $200k and spent $100k on "contract services" (I can't tell what that means) and somewhat modest amounts on other things. Unfortunately I need to exit the rabbit hole now.

I'm not sure why they'd try so hard to keep bots from paying them anyway. If someone wants to write a bot that constantly pays me good money I'm fine with that. I might rate limit it if the stream of payments coming in can't cover the cost of keeping the server from being DoS'd, but that's not going to inconvenience a human trying to submit a payment one time.

[deleted]

Return to the basement now. No escape.

There are always money and resources in ad tech.

That might work, but the second order effect would probably be companies trying to do the work of time synchronisation themselves in case it happened again. That would lead to fragmentation and incompatibility.

Is there a problem with fraudsters donating to OSS projects?

Well fraudsters need to have their time in sync for their business right? Who are you to deny their donations?

Then when too many of the fradulent payments get charged back then your payment processor drops you

Money is money.

How do you know the cash you are using is not "blood money"? Come on.

> It is kind of vague IMO.

How much more clear can they reasonably be?

It seems a big waste of effort to maintain -say- a damnable Trello board with upcoming priorities and roadmaps <strike>and Kickstarter stretch goals</strike> when their bug tracker and mailing list are visible to the public. (Though, it seems that they've recently put the list behind some broken moderation software, so you have to go to -say- the IETF's archive of the thing to read it. "AI" crawlers ruin everything.)

EDIT: Do note that that tax return you found is for the Network Time Foundation, not the NTP Project. I don't know if the two are separate entities for tax purposes, but do note that the NTF supports several projects, of which the NTP Project is one. The NTP Project is just for NTP.

So we have NTP begging to raise a grand yet we have hundreds of billions being spent on AI data centers.

NTP might not be able to generate AI cat videos full of hallucinations but it is a vital part of web infrastructure. The same can't be said about today's mega projects.

Perhaps they don't have the funds to implement that feature.

If you have small payments that can be made by bots easily, then your service can be used by thieves as an oracle to determine which of their stolen credit card numbers still work. Then you get lots of chargebacks to deal with.

PTP is way better than NTP, but it might be possible that reference time is somehow taken from NTP anyway.

What I Mean:

Reference .gov atomic clock (not radium one) -> NTP -> ? -> ? -> satellite control station -> gps -> PTP

Hahaha

Sure, chargebacks cost money.

You know what else costs money? When someone wants to give you money, and you misidentify them as a bot and refuse their money.

Bots use sites like this to validate lists of stolen cards with low dollar donations to validate the cards before using them on the target site. Without some one of protection sites like these are quickly flooded with fraudulent transactions and then fined and shut down by Visa and Mastercard.

Large tech companies and free-riding critical internet commons, name a better duo.

PTP is more precise so it's much harder to synchronize over long distances. Even in data centers it benefits from hop-by-hop participation from the routers involved.

You are thinking to much in emoji's and emdashes.

Yeah, I'm not a human either.

(Edited to add: that was from Safari. Chrome worked. YMMV.)

We keep coming up with new ways to use it: https://ntrs.nasa.gov/citations/20240011919

The project has been hungry for years.

There was a fork to clean up and secure the implementation: https://ntpsec.org and ideally they would combine forces.

Summarized here: https://lwn.net/Articles/713901

With donations being blocked you keep sitting at 0, with chargebacks you can actually go negative, in a potentially unbounded way.

We're talking about $1000. In context i would assume its their hosting bill.

I can't imagine its much more than that if we are talking about such a small sum.

Yeah, but one probably costs more money then the other, and it seems plausible its the chargebacks.

This sounds like a problem where cryptocurrency could actually be the solution. Next time I want to make a charitable donation I will ask for an XMR address to preserve my privacy and work around commercial payment processor issues.

This is true when all network delays between the synchronized device and the time reference are deterministic and accounted for in the configuration. The design of PTP assumes that this is the case. NTP, on the other hand, estimates the network delays to its time references.

Is there any reason to believe that PTP would be better in normal networks?

If they are only counting fully cleared funds, your payment might not be relevant yet. Some fraud checks are not synchronous, for instance.

Though they could fake it: take the current cleared total and add your amount for your display.

> The NTP Project conducts Research and Development in NTP, a protocol designed to synchronize the clocks of computers over a network to a common timebase.

Research is put front and centre in their pitch for funding.

a website doesn't need $1000

and $1000 seems at the same time to be quite a bit of money, but also too little to be for funding people long term.

The reference implementation, while historically important, has largely been displaced by more secure/performant implementations (ntpsec, chrony), or by in-house implementations (Amazon, Google).

Notably NTPd doesn't support leap-smear, which means those who absolutely must have monotonic time can't use it at all.

That seems very low for such a high profile site/project

I donated an amount but the bar didn't move and is at the same level($395) as before my donation

What's the distinction from NIST's internet time service?

If you follow the "Foundations work" link at the bottom, you're taken to another page that shows $4,675 of $11,000 November goal.

Looks like the first $1000 goal is specifically for maintaining to he NTP website and maybe developers? While the other is a broader goal for the foundation

> Those who absolutely must have monotonic time

... shouldn’t be using a Unix timestamp, or anything else that’s not a count of SI seconds elapsed since a fixed reference point, to begin with.

I really hope that the sole reason that michaelt concluded this is simply due on not having any experience how to manage credit card payments (on merchant's side).

For those who does not handle these things: I am not sure on what processor Network Time Foundation is using, but Stripe's $15 fee is actually on the low side of chargebacks (some processors even use the fixed fee + percentage model). Worse, this is unconditional: if you somehow won this, you won't get the chargeback fee.

The ntp pool is actually independently run and funded and has nothing to do with the NTPd implementation nor the NTP Foundation, other than them allowing the pool to use that DNS name.

It doesn't explain why they need the money "we need the money to continue doing what we are doing" means nothing unless they also explain what they are doing and why it matters.

Thankfully, that's also on the front page:

What they are doing:

> The NTP Project produces an open source Reference Implementation of the NTP standard, maintains the implementation Documentation, and develops the protocol and algorithmic standard that is used to communicate time between systems

And why it matters:

> NTP is what ensures the reliability of billions of devices around the world, under the sea, and even in space

Now, it doesn't explain why a reference implementation is a good thing, but I think that at this point, you have a good enough idea to decide if you want to donate or not.

Edit: However, $1000 seems too low to matter. It may not even pay for the expense of the fundraising itself. I think it is more of an awareness campaign: "look at the protocol we all use, you would think we are talking many millions of dollars, but the truth is, you are off by orders of magnitude"

I feel like a ~$10M/yr foundation to fund hundreds of the "Some Guy In Nebraska" people (https://xkcd.com/2347/) on a modest stipend would be easily worthwhile for any one of the tech giants, even understanding the free rider effect. Some of their thousands of engineers are being paid high six or seven figures, and every single minute of their time spent figuring out how some dependency has changed and broken compatibility adds up very quickly. Just paying them to sit on their hands and not let anything break by some kind of hostile takeover, like an intelligence agency quietly paying people to keep quiet.

They should just switch it off for a day or two, I don't think they'll have trouble getting funding after that.

That's because the bots will use such services to 'taste' cards to see if they work. Then if they do the criminals can resell them for a higher value than for which they bought them for.

This is probably research into protocol for time sync. Which works well for some scenarios, but not yet for others and can improve the reference implementation (I guess; I have no hard knowledge there).

And given that ntp.org runs servers that so many organizations use they should be near the top of the funding queue for any NTP research. My 2c.

Shoutouts to Nebraska

Absolutely shameful that this project - and many, many others that underpin trillion-dollar tech company valuations - aren’t fully funded already by the major consumers.

I’d like to see more projects do a breakdown of total yearly costs (including contributor compensation!), how much existing sponsorships from companies actually cover, and what number they’d need to operate properly (with full-time, paid contributors).

I had similar trouble, back when I tried to donate to the Internet archive. Donation box would simply not let me donate. I even wrote them an e-mail and nothing changed half a year later, so I gave up.

Too bad that good projects mess their donations up by doing web BS.

Most NTP users use better implementations that NTPd (like chrony)

Pitch: TAI

The bar is still at $395. I am suspicious.

I’m confused—why such a small donation amount?

I figured they would be funded by NIST, but the way the US government has been pulling back funding for everything, it didn't surprise me that they need money. Much like Jimmy Wales, I bet if everyone donated 5 bucks they'd be in a much better spot.

I refuse to donate. Trillion dollar companies depend leech on it and yet refuse to spend money on it.

Let it fail and see what happens.

I think someone is manually updating the site to whatever the current donation amount is.

Rather than money one can donate NTP servers to the pool. [1] It can be a fun learning exercise in setting up a stable stratum-2 time server. One can create graphs from the optional logs.

Why bother? Many of the rabbit holes one could venture down in learning to set up a stable time server can also benefit application servers in terms of latency, responsiveness, learning how to get clients to share resources and so much more. Rather than trying to find cooperative stratum-1 servers, one can start by using each of the Google, Facebook and Apple public stratum-1 servers [2] to get started. They get beat up a lot but most of them are stable most of the time.

Ask your favorite LLM how to set up a public NTP server using NTPD or Chrony. For extra credit play with each of them.

[1] - https://www.ntppool.org/en/join.html

[2] - # grep -E "facebo|goog|appl" /etc/hosts

    17.253.16.253   time.apple.com
    129.134.28.123  time1.facebook.com
    129.134.29.123  time2.facebook.com
    129.134.25.123  time3.facebook.com
    129.134.26.123  time4.facebook.com
    129.134.27.123  time5.facebook.com
    216.239.35.0    time1.google.com
    216.239.35.4    time2.google.com
    216.239.35.8    time3.google.com
    216.239.35.12   time4.google.com

Kind of. If you “absolutely must” have monotonic time, though, and also care about NTP, then just pointing to TAI (in DJB’s naïve definition) or GPS time is not enough. You need to make decisions on whether you, for example, would prefer your imprecise seconds to be more even individually or for the aggregate count to be more accurate (NTP of course gets you the latter by default). Dear Sir[1], you have done metrology.

[1] https://people.csail.mit.edu/rachit/post/you-have-built-a-co..., https://news.ycombinator.com/item?id=29891428

Itchy and Scratchy

Harsh but true. Any of the FAANGs could cough up a million dollars and let the thing run for 1000 months.

I’m too poor to have too much revenue that I need to donate some away to pay fewer taxes. That’s a problem corporations have.

That would be easily solved by blocking from NTP any ip address belonging to a big tech corp that doesn't pony up.

The domain ntp.org is a very visible one, why not add a "Donors" page and say everyone who donates 250+ gets to show their company name as a sponsor on that page? This usually gets the attention of corporates and makes it easy to make the case internally as well, they all love to sponsor!

Doing that punishes people who donated.

> Let it fail and see what happens.

It will get replaced by a proprietary protocol/paid service from each Azure, Cloudflare, Google, AWS, ...

The rest of us will be S.O.L.

How is not donating punishing those who do? Does not compute.

Ideologically pure, but for all practical purposes miserly. Trillion dollar companies are very hard to move that way and very unlikely to take the first step. We need a "Foundational Software and Services" fund that says very nice things about each donor and spends 100$ on publicity for every 1$ to software to even get them to start looking, I bet.

Donate some time: Ask your boss if their company could chip?

Even a single highly paid employee of a FAANG, many of whom frequent this very forum, could pay for a year without breaking the bank.

Hey, somebody out there

Listen to my last prayer

Hi-ho-silver-o

Deliver me from nowhere

Yeah the ntpsec story, not great. I don't believe they're taken especially seriously. There are people close to Harlan Stenn who believe the project is essentially fraudulent.

Who's running ntpsec?

It is apparently "Grossly Overestimate The Reliance of Companies on Open Software and Systems Week" and nobody told me.

It's written clearly:

> Let it fail and see what happens.

It's telling that we can appropriate millions of dollars to transport a decommissioned shuttle from a museum in Virginia to Texas, but NASA can't pitch in the cost of one tank of diesel to the people maintaining what this article claims to be a mission-critical tool?

I agree with you in this, I donate to a few Open Source Projects, I really cannot afford to donate to one that multi-billon $ companies use for free.

For example, OpenSSH. Used everywhere yet IBM gives a big fat 0 to that project even though OpenSSH is even used in AIX. Even though I love to complain about Microsoft, M/S does donate a decent amount to OpenSSH via OpenBSD, so M/S gets my respect for doing that.

Time companies like IBM steps up and give, if not, we are back to playing with CMOS date/time. Which is how things were when I started programing at a large company decades ago.

It would be so much cheaper for the companies to support this than out their own solution

but then they wouldn't own it.

They'd each fork it. AWS NTP for $0.01/request.

I was thinking the same. Seems HN is now pro-bank and anti-cryptocurrency.

You're missing the bigger picture. Vendor lock in.

There's probably some stupid legal reason behind why they don't donate.

They would rather downvote you than giving away $100

> the project is essentially fraudulent

Even if it's not, ESR is involved so it's not serious.

Greed.

Not really. The biggest drain on resources historically has come from things like routers that have fixed NTP servers hardcoded in the firmware and every customer ends up using just that one without even knowing they're contributing to the problem. They also can't be blocked as the requests could come from anywhere.

Anyone know whether NTP already asks the biggest names for donations?

100% true, but they shouldn't have to. If FAANG is using it, they should fund it. I don't want to work in a culture where the employees pay for the corporations' tools.

Not only that, but the owners of big companies are actively lobbying to pay even less taxes. They are ideologically opposed to supporting public benefit projects.

At least in part, someone you really don't want to be running a fork of an important project: ESR.

As someone working on an NTP implementation (specifically ntpd-rs) I have to add some context to this: I do believe that donating to the Network Time Foundation is fine, but it is not required to keep the Network Time Protocol up in any way.

Firstly, the most important reason the ntp.org domain name is so well known is because of the NTP pool, which is an entirely separate project (the Network Time Foundation calls it an associated project), which was allowed to use the `pool.ntp.org` domain name, but does not directly receive significant funding from the Network Time Foundation as far as I understand (I do not know the details of the domain name arrangement). That pool project was developed independently of the Network Time Foundation and is run by a different group of volunteers, mostly being developed and maintained by Ask Bjørn Hansen and hosting servers entirely consisting of (sometimes professional) volunteer operators. This is what many NTP implementations, specifically many Linux distributions, use as their standard source of time. But it does not appear to depend much on the Network Time Foundation for continued existence.

Secondly, despite all the claims made on the Network Time Foundation site, the IETF took over development and maintenance of the NTP protocol for something like two decades now already under the NTP working group. This was all done with the Network Time Foundation fully agreeing this was the way forward. But for some reason they still consider themselves exempted from any process that the IETF uses and consider themselves as the true developers of the protocol. They constantly frustrate the processes that the IETF uses, claiming that they should receive special treatment as being the 'reference implementation'. Meanwhile, the IETF NTP WG does not have a concept of the reference implementation at all, instead considering all NTP implementations equal.

Aside from this frustrating stance, the Network Time Foundation also didn't do much work on trying to forward the standard at all, instead relying on the status quo from the late 90s and early 2000s. Meanwhile the IETF NTP WG worked on standardizing a way to secure NTP traffic (with regular NTP traffic being relatively easy to man in the middle, with older implementations even being so predictable that faking responses didn't even need reading the requests). That much more secure standard, NTS, was fully standardized in September of 2020, but the Network Time Foundation continues to not implement this standard. All of this has resulted in almost every Linux distribution that I know of replacing their ntpd implementation with NTPsec (with ntpd not even being available as an alternative anymore for installation).

Meanwhile people also started working on NTPv5, in order to remove some of the unsafe and badly defined parts of the standard, and in general bring the spec back up to date. As part of this process, it was decided some time ago that in contrast to the previous NTP standards, the algorithms specifying what a client should do in order to synchronize the time should be removed from the standard (the algorithms specified in the previous standards were not being used by any implementation, not even the ntpd implementation by the Network Time Foundation itself). NTPv5 instead focuses on the wire format of NTP packets and the simple interactions between parties. Yet despite there having been a consensus call on this, and despite no current implementation following the exact algorithm as specified in NTPv4, the Network Time Foundation continues to frustrate the process by claiming that these algorithms are an essential part of the standard.

All of this frustration was also a large part of why the PTP protocol was eventually developed at the IEEE. That is to say: even though the operating mode of PTP is often quite different to that of NTP these days, the information that needs to be transferred is essentially the same, and the packets could have trivially been defined to be the same as long as NTP had built in a little bit of additional flexibility a little bit earlier. This would have also helped NTP in the end (with for example hardware timestamping only being implemented for PTP right now, even though it could have been just as useful in NTP), and with PTP now also aiming to introduce a simpler client-server model via CSPTP that looks a whole lot like what NTP was trying to achieve all this time with its most used operating mode.

It is my belief that the Network Time Foundation continues to push themselves in a corner of more and more irrelevance even though that did not need to be. The historical significance of David Mills' ntpd implementation is definitely there, and we should applaud the initial efforts and their focus on keeping the protocol open and widely available. And I do believe that the current people at the Network Time Foundation could still provide more than enough valuable input in the standardization process, but they cannot claim anymore to be the sole developers of the NTP protocol. Times have changed, there are now multiple implementations with an equally valid claim. Especially with GNSS (specifically GPS) being under attack more and more these days, we need alternative ways of synchronizing computer clocks to a standard time in a secure way. NTP and NTS are perfectly positioned to take on that task and we need to make sure that we keep the standard up to date for our evolving world.

Edit: if you want something else to donate to, I would consider donating to the IETF, NTPsec, or maybe donating some time to the NTP pool. I would also link to donations for Chrony (one of the other major NTP server implementations) but they do not appear to offer anything. Linking to my own project's donation page does not seem fair considering the contents of this post.

Trillion dollar companies run their own NTP servers

but do you want it to be dependent on trillion dollar companies?

The GitHub sponsors page provides slightly more information than ntp.org and nwtime.org.

https://github.com/sponsors/nwtime

Oh, no, I mean, I know who's actually behind the project, I'm just wondering if there are any major deployments of it.

This raises a lot of questions. Did they actually ask for money to these big companies? Did they get rejected?

Another approach could be to move this under the umbrella of any of the other OSS foundations. I can imagine the Linux Foundation would be a good place. Well funded, already has most of the stakeholders involved, and this clearly falls in their scope of interest at least. It would not surprise me if that wasn't discussed at some point.

This smells a bit like something that might be more complicated than it looks.

> Notably NTPd doesn't support leap-smear, which means those who absolutely must have monotonic time can't use it at all.

It should be noted that there currently exists no standard, technical or statutory, for how to do leap smearing. If an event happens and you need to tie your timestamped event logs to the 'greater reality' in some legally binding way there's (AIUI) no way to do that.

A few years ago there was a draft on the idea:

* https://datatracker.ietf.org/doc/draft-stenn-ntp-leap-smear-...

And the currently-draft NTPv5 has something about:

* https://datatracker.ietf.org/doc/draft-ietf-ntp-ntpv5/

Though the flag simply says that the timescale is smeared and not (AFAICT) how it is being done.

See also perhaps RFC 8633 § 2.7.1:

    […]

    Operators who have legal obligations or other strong requirements to
    be synchronized with UTC or civil time SHOULD NOT use leap smearing
    because the distributed time cannot be guaranteed to be traceable to
    UTC during the smear interval.

    […]

    Any use of leap-smearing servers should be limited to within a
    single, well-controlled environment.  Leap smearing MUST NOT be used
    for public-facing NTP servers, as they will disagree with non-
    smearing servers (as well as UTC) during the leap smear interval, and
    there is no standardized way for a client to detect that a server is
    using leap smearing.  However, be aware that some public-facing
    servers may be configured this way in spite of this guidance.

* https://datatracker.ietf.org/doc/rfc8633/

> I don't want to work in a culture where the employees pay for the corporations' tools.

Agreed. They call that 'open source' work (derogative)

The major Linux distributions replaced ntp with ntpsec. A better question would be who is still running ntp. I know about FreeBSD and NetBSD.

ntpsec as a project seems to be doing ok. They are releasing new versions, fix reported issues, accept patches, and develop the code publicly. While ntp still has a huge list of acknowledged but unfixed CVEs.

$1 Trillion for AI but we the people have to keep this foundation of the internet running. This is all one big shit show.

Those trillion dollar companies are running a lot of public NTP server infrastructure. Here is a list of public NTP addresses from different big tech companies: https://gist.github.com/mutin-sa/eea1c396b1e610a2da1e5550d94...

> Trillion dollar companies depend leech on it

Are you confusing the NTP Foundation (the group asking for donations) with NTP the protocol or the NTP software itself?

This donation request isn’t even for the public NTP pool. Read the donation page carefully.

The big companies you’re angry at are neither dependent upon nor leeching from this group. They run their own NTP infrastructure, which in some cases has their own developments and adjustments.

Google’s, for example, uses time-smearing to handle leaps. This is different than the standard and therefore you shouldn’t mix Google’s leap-smearing NTP system with NTP servers that don’t leap smear.

> Let it fail and see what happens.

This is a real “cut off your nose to spite your face” moment, but worse: Those public companies don’t depend on any of this. They provide their own server pools and in some cases develop their own software with their own advancements. Cheering for the NTP Foundation to fail because you think it will hurt big companies is very uninformed.

Name one company that doesn't depend on NTP.

I'd happily donate to NTP if and only if AI companies are barred from using free software like this in the future via the sw license. I don't WANT to be part of this internet that's hostile and exploitative towards users anymore.

FYI the big companies provide their own NTP servers and pools. You can use them if you’d like.

They also don’t use the reference implementation (which is maintained by the group this donation is for). Your distros and software probably doesn’t use it either.

The commenter above who thinks shutting down the NTP Foundation will hurt FAANG because they “leech” off of NTP Foundation is completely uninformed.

I'm not so sure, becoming dependent on corporate funding means importing corporate policy. Is it really necessary for a DEI policy being required to appear on ntp.org, or perhaps the sudden advocacy of some proprietary protocol crapware pushed into public use from out of nowhere? That's pretty much what tends to happen

Of course the same thing happens in reverse (see recent python.org refusal to accept federal funding)

Say this louder for the managers in the back!

I’m sick of having to pay for my own tools to do my job at your company. Either find a way to build using free tools or fork up the license for that Visual Studio Ultimate or IntelliJ Idea Ultimate license. Pay for your database vendor. Your corporate IdP. Why not $300/yr for a high value output employee?

It's mostly run by one guy with very limited time. On their forum, I've seen one vendor repeatedly asking for the vendor prefix for three years, only getting the response once, and never actually receiving the prefix.

An ntpd-rs contributor elsewhere in the thread suggests ntpsec is used by many distributions, and suggests donating to ntpsec (amongst some other organisations).

https://news.ycombinator.com/item?id=45900184

This is one of those comment sections where it’s obvious that the angry comments aren’t coming from people who understand the topic.

AWS already provides their own time service and it’s both public and free https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-ti...

Perhaps it is just my career experience, but I have never worked at a company that 1) cared about the time and 2) did not have its own clocks and 3) would touch ntpd with a 10-foot pole.

Not sure why this comment is being downvoted. The trillion dollar companies not only run their own NTP servers but provide free public access to their pools

https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-ti...

https://developers.google.com/time/

I'm out of the loop. What's the issue with using a project that ESR contributes to?

I am vaguely aware he has some unpopular political beliefs (though exactly what I don't know). Is that it?

The big companies have their own NTP pools and even implementations.

You can use the public Google or AWS pools if you want. Note that they have their own software, too, so be sure you understand the differences like leap smearing.

Blocking FAANG IPs from the NTP Foundation’s pools wouldn’t hurt FAANG at all. It would only hurt people who weren’t aware and used the NTP Foundation’s pool for things.

This donation is for the NTP Foundation for something specific like their website.

The big companies who use NTP have their own pools and either use versions of different ntp implantations or their own internal ones.

All of these comments assuming cloud providers are using the reference NTP implementation and the public pools have no idea what they’re talking about.

The cloud providers already use their own NTP infrastructure. Much of it is public and you can use it for free, too.

HN is anti-nonsense, anti-hype, anti-crime, so, yeah, pretty anti-cryptocurrency.

Honestly the XSLT mocking and bad faith arguments have convinced me as an individual I shouldn’t care about technologies so much. If NTP is so important, one of the billion dollar corpos can foot the bill since they know best about what is valuable.

is that true? ubuntu and red hat for example use chrony or systemd-timesyncd

You know, I always thought it odd when plumbers (etc. tradesmen) working full time for a company have to supply their own tools.

I always found it odd that so many shops let people use whichever tools they want!

My brother is a plumber and his company reimbursed him for every tool he has bought for the job. After 5 years, he started his own plumbing business and he supplies all the tools, trucks, benefits, contracts, and customer support for his employees in the field. For what it’s worth.

You can choose your tool, you’ll get it.

This was submitted with a title that doesn’t match the page and is not even accurste (Please donate to keep Network Time Protocol up) is not correct. This donation page is not for the public NTP pool. It’s for the NTP Project organization and their web page.

All of the angry comments from people who think NTP will stop working if the donation bar doesn’t get to $1000 are misinformed. Also note that the bar isn’t updating. It’s been stuck at $365 for myself and others despite donations coming in.

Don’t think you deserve these downvotes. That was my reaction too. Perhaps they’re coming from people who believe that the money is to support running of time servers (which, to be fair, “Please donate to keep the Network Time Protocol up” certainly implies…)

I too would be interested in knowing what the Network Time Foundation is researching, and I think conversation about that is appropriate here. NTP certainly _seems_ like it’s been ‘good enough’ for decades to an uninformed observer, and discussing if and why it’s not would be interesting (and perhaps motivate donations!)

Is there any endowment for such projects?

Something like money to the endowment from the big corp, then would be recipients petition the endowment for ongoing funding, some board decides based on a set of open protocols...

Because honestly I've seen this a bit recently - major infrastructure projects looking for effectively pocket change; a couple thousand.

They shouldn't ever have to beg for money, this is stupid.

We have a price for the total infrastructure spend per dev, and that includes things like AWS prices and all of the tooling like jira and github.

But you absolutely shouldn't have to pay for your own tools. (That said, blue collar people often have to, unlike us, and that's also awful.) But also, it's their productivity. If you are all laboring under the same constraints, it's their choice to make if they care about your productivity.

I think maybe the title of this topic post is the main source of misinformation.

It’s definitely the title. The title is a plain and simple lie.

This deserves to be somewhere other than at the bottom of the comments (where it is as I’m reading).

they'll buy leftovers and take the thing private.

You’re right, people are plainly commenting based on the title.

The goal has now mysteriously changed to a goal of $4000.

You don't need to be dependent on trillion dollar time companies to get an extremely accurate time source. Just get your own GPS receiver that supports timing output. You can get an GPS-based NTP server for pretty cheap.

Some of the comments here seem overly negative and critical.

They support billions of devices and are only asking for $4,000 in donations per year.

I see it at $2,130 fifteen minutes after your comment.

Wikimedia Foundation sort of does now. The result of that is that their spending has ballooned to hundreds of millions of dollars.

Not gonna lie, you had me going in the first sentence and then betrayed your position with:

> Is it really necessary for a DEI policy being required to appear…?

So ignoring the, well, ignorance of the remainder of your statement, it’s worth pointing out that these entities already publish mission statements, community/contributor guidelines, and a raft of other documentation that governs how they intend to operate as a way of greasing the wheels of operations. Policies are the norm, not the exception, because they dictate the rules of engagement.

So yeah, I’m all for groups making clear what they do and do not find acceptable. Transparency is a good thing, be it in code (open source), accounting, policy, or governance. And if more groups opened up their books and laid bare their operations, it’d be easier to tie their outcomes to industrial and governmental bad actors (like AWS, Google, Microsoft, Apple, etc) that fail to substantially support these technologies, or demand favors or policy changes in exchange for basic funding.

Ideally? Orgs that use open source tech in their products ought to chip in a fixed percentage to ongoing support of that project. If an entity like AWS chipped in, say, 0.01% of revenue from every service that used NTP, then the NTP organization almost certainly wouldn’t require additional funding.

It would hurt the big companies though because the employees of those big companies rely on Ntp. It may not directly impact them but it’s better than letting them continue to rake in billions and then never support the core foundational tech.

Maybe letting Ntp fail will wake up some of the employees of other companies to the absolute sad state of the software world.

until one's society started to collapse, one does not think crypto is good

It also gives them power over how things are run. He who pays the piper calls the tune.

I hate to say it, but a number that low means ads are the answer. Even a YouTube video showing how to set up NTP would cover this cost if you recommend it to all users. Asking for money isn't respectable at this low number.

One of the really nifty things about having a stratum-1 time server on-site (because... reasons) is those graphs. You can very readily see the subtle temperature-dependence of timing crystals. At the facility I was at there was a large cycle every day during the week and then smaller cycle on each weekend day. Our HVAC system didn't heat/cool the building as much on the weekend when no one was there so the temperature swing -> frequency swing was smaller.

Really drives home one of my favourite half-jokes: every sensor is a temperature sensor; some of them measure other things too.

We ran a public NTP server for many years. Then, details hazy, but I think there was a UDP amplification vulnerability that was exploited which upset our transit provider so we took it down. Might be fun to try again though.

Yes, it’s updating now. Ctrl-F this thread and search for ‘365’ and you’ll see that it was not changing for several hours despite donations rolling in.

> Maybe letting Ntp fail will wake up some of the employees of other companies to the absolute sad state of the software world.

Big companies run their own NTP servers (which you can use for free) and do not use the reference implantation.

There is nothing to “fail” in this project which would cause big companies to have infrastructure problems.

The saddest state of the software world is that some people here have convinced themselves to cheer for this project to fail because they don’t understand that big companies do not depend on this project that is asking for donations.

Which distributions use ntpsec?

From the previous comment.

> Google’s, for example, uses time-smearing to handle leaps. This is different than the standard and therefore you shouldn’t mix Google’s leap-smearing NTP system with NTP servers that don’t leap smear.

So we can use or not?

If we can then well good, then there will be no problem then if the funding fails.

I suspect someone is updating that bar by hand :V

> If we can then well good, then there will be no problem then if the funding fails

The funding is not for the NTP servers or pools. Please read the actual page and all of the comments trying to explain that the HN title is a lie. NTP will not “go down” if this project fails.

You can use Google or Amazon’s NTP servers if you’d like. Just be aware of how they represent leap seconds differently.

Probably yes, it's still at 2130

Because it is factually wrong, which would have taken seconds to discover.

Insofar as racism, homophobia, and sexism are unpopular political beliefs: yes.

Oh, also he doesn't really "contribute" to tech projects so much as "exists near/within them and writes long form ramblings".

Nothing will happen, so all of that is nonsense.

Every distribution I've seen is using chrony or systemd-timesyncd. Is there a distribution that's actually using ntpsec?

They need money because they aren’t important.

Except they aren’t critical infrastructure which is why no one supports them.

The claim is false.

They support no devices. Read more carefully.

It is sad that an unfounded comment like that can be posted so easily with no basis in fact.

It's not the issue of using the project, to my mind.

It is not even his beliefs, though many of them are — to my ears and hopefully to most — quite repugnant.

It is his attitude, approach, and at various times the kinds of people he attracts.

As it goes, I've seen him speak, back in the 90s, CatB era. He was genial enough but he seemed to have a coterie around him of rather less pleasant people. It could just have been a bad day but it has stuck in my mind ever since: it was the first time I understood that there's not really any sort of inclsive geek community.

Yeah, sure, but in many places (for example in my country) they do not work for a company. They are not even legally working for themselves. You call them, they do the job, then ask for money. That's it. I think this is illegal though, but happens a lot when it comes to anything handyman-ish.

When society collapses, will we still have reliable infrastructure (internet and electricity, to be specific) on which cryptocurrency depends?

I think we ought to buckle up because it only seems to be getting worse, quickly.

Current Debian, Ubuntu, Fedora, RHEL/CentOS (EPEL) have an ntpsec package, but no ntp package. It's not used by default (that's chrony on most of the distributions), but the users can install it and use it.

Except these are some (almost scammers) claiming to be a vital pillar but just pointing at the vital piece and saying they help with it.

I would be interesting in hearing more about this. There are legal reasons for a large company not donating to FOSS?

>If an event happens and you need to tie your timestamped event logs to the 'greater reality' in some legally binding way there's (AIUI) no way to do that.

TAI (Temps Atomique International), is UTC without leap seconds and is the source of truth for "what time is it"

I'm finding conflicting reports of being able to actually use TAI on linux but there are several claims of at least specialty setups existing. You would absolutely not want smearing or anything like that in your time synchronization software in this case.

This seems incredibly unlikely. They all want clients to have accurate time, because it underpins things like sessions and TLS certs. It would also almost certainly be trivial to proxy back to regular NTP.

Even if the NTP pool somehow died, all it takes to make your own Stratum 1 NTP service is a GPS chip. An old phone probably makes a great small-scale NTP server, or an ESP32 with a GPS chip attached. 20 years ago it would have required exotic parts, but they're mundane, cheap and omnipresent these days.

nothing could be LESS mysterious

soon enough you'll start charging people for source code and distribution.

Maybe building the world on open source software was not good idea

Ok Musk, Bezos, Gates, etc. ... reach into those deeeeeeeep pockets of yours and fund something that I KNOW you use.

it must be fake if it wanted 1k and now 4k. dont donate

I've had an inexpensive GPS antenna "puck" on my roof attached to a 2nd or 3rd gen raspberry pi inside, providing accurate time to my home for over a decade. This is a sub-$100 project and very fun.

leap seconds are deprecated

Yep, I encourage everyone to do this (though don't ask an LLM, actually put effort into learning). It's easy and cheap to do. I have been running a server in the NTP pool on a Digital Ocean droplet for years now, costs me only $6 a month.

Likely the $3000 was needed to stand up a network that can handle the request load from hacker news.

The deprecation isn't effective until 2035, leap seconds will still be inserted until then.

A fully-patched NTP server should be fine. A lot of tier-2 ISPs were treating their NTP servers as abandonware that never got updates, so they ended up being ripe for UDP amplification attacks, but that was a vulnerability in ancient software, not the protocol.

Wow. I mean, I imagine that this would be a hard thing for trillion dollar companies to somehow enshittify;

and still, I'd never put it past them to figure out something that I haven't.

I reflexively donate a little to things like this and I think everyone else should to.

Here's his donation page for those curious: https://github.com/sponsors/pendulum-project

Meh. NTP is just an awkward less accurate frontend for GPS these days.

It's so easy to run your own NTP server. You can set up a pretty decent one using GPS PPS for like $200. My home ntp server is good for +/- 1us if you believe its ntpq stats...

This isn't like DNS. Everyone can run their own local NTP and that's fine. The only true shared infrastructure is the GPS constellation.

Did I trigger you by picking DEI as an example? You can find a million alternatives from e.g. the Firefox<->Google relationship. No need to start name calling or whatnot

Less pleasant — in what way?

Thats… not the same thing.

> The big companies who use NTP have their own pools

And which NTP servers are those pools synchronized to?

Care to elaborate, or do you prefer to just say "nah fam thats cap" in a pretentious manner?

We've allocated $60,000 to NTP from FLOSS/fund [1]. It happened in May, but the disbursal is pending owing to paperwork [2]. We hope it'll go through in the next couple of months.

[1] https://floss.fund/projects/2025/

[2] https://floss.fund/blog/second-tranche-2025-anniversary/#wha...

The combination of the moving goalposts for donations (they changed it from $1000 goal to $4000 after hitting their goal[0]) and the fact that they have have a large donation like this pending but simply haven't completed the paperwork kind of rubs me the wrong way a little bit.

[0]: https://web.archive.org/web/20251112110436/https://www.ntp.o...

Now it's $8,000

>$4,560 of $8,000 raised

Never mind, they keep upping the max every time they reach it. Now it's an $11,000 goal...

Now it's $4560 on the way to a goal of $8000.

Great look, guys. You're fooling... somebody, apparently.

This organisation doesn't run the NTP pool.

The delay is on our side while we wait for regulatory approvals (India) for cross-border disbursements, I must clarify. The issues are described in the post I linked [2].

It's almost certain NTP is what's synchronizing time on your system right now.

And yes, they're separate from the NTP Pool Project, which runs the actual servers, but the Network Time Foundation supports the software that billions of devices run on.

They have their own Stratum 0 source clocks.

"Please donate so we can automate near-realtime display of our donations bar" doesn't have the same ring to it.

These large trillion dollar companies run their own NTP servers rather than depending on this one.

It went from 1k -> 2k -> 4k to 8k, so I guess the next will be 16k and then 32k..

> You can choose your tool, you’ll get it.

That's actually decent. Too often you're stuck with whatever gear your shop uses - Bosch, Hilti, Makita are the most common power tools here in Germany. It makes sense for the penny pinchers who purchase on volume and get discounts, but chances are high it ends up pissing off the employees rather sooner than later.

You’re just validating my reasons to not donate which is what this discussion is about. It’s not about the way Ntp specifically works or what the money will go to. My reasons for not donating are that bad acting corpos have destroyed any reason or trust to support these smaller outfits whether directly impactful or not.

Accurate timekeeping is critical infrastructure. So much so, that the US government operates many radio stations whose sole purpose is to provide current time announcements, reference clocks, and other timekeeping-related information. See [0].

Relatedly: surely you're not of the opinion that the various GPS constellations are not critical infrastructure?

[0] <https://www.nist.gov/pml/time-and-frequency-division/time-se...>

Oops, s/interesting/interested.

Not sure what happened here—the submitter is a good contributor, so most likely it was a simple misunderstanding—but yeah, the title shouldn't have been editorialized (https://news.ycombinator.com/newsguidelines.html).