Most active commenters
  • tptacek(4)

←back to thread

Please donate to keep Network Time Protocol up – Goal 1k

(www.ntp.org)
299 points gastonmorixe | 20 comments | 12 Nov 25 07:56 UTC | HN request time: 0s | source | bottom
Show context
mhovd ◴[12 Nov 25 10:53 UTC] No.45898645[source]
I am surprised that NTP project is not funded, fully or partially, by larger organizations or governments, given the criticality of the project.
replies(8): >>45898658 #>>45898731 #>>45898775 #>>45898921 #>>45899060 #>>45899179 #>>45899269 #>>45899540 #
1. nickelpro ◴[12 Nov 25 12:19 UTC] No.45899269[source]
The reference implementation, while historically important, has largely been displaced by more secure/performant implementations (ntpsec, chrony), or by in-house implementations (Amazon, Google).

Notably NTPd doesn't support leap-smear, which means those who absolutely must have monotonic time can't use it at all.

replies(3): >>45899310 #>>45899969 #>>45900271 #
2. mananaysiempre ◴[12 Nov 25 12:26 UTC] No.45899310[source]
> Those who absolutely must have monotonic time

... shouldn’t be using a Unix timestamp, or anything else that’s not a count of SI seconds elapsed since a fixed reference point, to begin with.

replies(1): >>45899476 #
3. bobmcnamara ◴[12 Nov 25 12:46 UTC] No.45899476[source]
Pitch: TAI
replies(1): >>45899675 #
4. mananaysiempre ◴[12 Nov 25 13:07 UTC] No.45899675{3}[source]
Kind of. If you “absolutely must” have monotonic time, though, and also care about NTP, then just pointing to TAI (in DJB’s naïve definition) or GPS time is not enough. You need to make decisions on whether you, for example, would prefer your imprecise seconds to be more even individually or for the aggregate count to be more accurate (NTP of course gets you the latter by default). Dear Sir[1], you have done metrology.

[1] https://people.csail.mit.edu/rachit/post/you-have-built-a-co..., https://news.ycombinator.com/item?id=29891428

5. tptacek ◴[12 Nov 25 13:36 UTC] No.45899969[source]
Who's running ntpsec?
replies(2): >>45900183 #>>45900286 #
6. exasperaited ◴[12 Nov 25 13:52 UTC] No.45900183[source]
At least in part, someone you really don't want to be running a fork of an important project: ESR.
replies(2): >>45900259 #>>45900470 #
7. tptacek ◴[12 Nov 25 13:59 UTC] No.45900259{3}[source]
Oh, no, I mean, I know who's actually behind the project, I'm just wondering if there are any major deployments of it.
8. throw0101d ◴[12 Nov 25 14:00 UTC] No.45900271[source]
> Notably NTPd doesn't support leap-smear, which means those who absolutely must have monotonic time can't use it at all.

It should be noted that there currently exists no standard, technical or statutory, for how to do leap smearing. If an event happens and you need to tie your timestamped event logs to the 'greater reality' in some legally binding way there's (AIUI) no way to do that.

A few years ago there was a draft on the idea:

* https://datatracker.ietf.org/doc/draft-stenn-ntp-leap-smear-...

And the currently-draft NTPv5 has something about:

* https://datatracker.ietf.org/doc/draft-ietf-ntp-ntpv5/

Though the flag simply says that the timescale is smeared and not (AFAICT) how it is being done.

See also perhaps RFC 8633 § 2.7.1:

    […]

    Operators who have legal obligations or other strong requirements to
    be synchronized with UTC or civil time SHOULD NOT use leap smearing
    because the distributed time cannot be guaranteed to be traceable to
    UTC during the smear interval.

    […]

    Any use of leap-smearing servers should be limited to within a
    single, well-controlled environment.  Leap smearing MUST NOT be used
    for public-facing NTP servers, as they will disagree with non-
    smearing servers (as well as UTC) during the leap smear interval, and
    there is no standardized way for a client to detect that a server is
    using leap smearing.  However, be aware that some public-facing
    servers may be configured this way in spite of this guidance.
* https://datatracker.ietf.org/doc/rfc8633/
replies(1): >>45901551 #
9. mlichvar ◴[12 Nov 25 14:01 UTC] No.45900286[source]
The major Linux distributions replaced ntp with ntpsec. A better question would be who is still running ntp. I know about FreeBSD and NetBSD.

ntpsec as a project seems to be doing ok. They are releasing new versions, fix reported issues, accept patches, and develop the code publicly. While ntp still has a huge list of acknowledged but unfixed CVEs.

replies(2): >>45900644 #>>45901155 #
10. chocalot ◴[12 Nov 25 14:16 UTC] No.45900470{3}[source]
I'm out of the loop. What's the issue with using a project that ESR contributes to?

I am vaguely aware he has some unpopular political beliefs (though exactly what I don't know). Is that it?

replies(2): >>45901318 #>>45901417 #
11. Palomides ◴[12 Nov 25 14:29 UTC] No.45900644{3}[source]
is that true? ubuntu and red hat for example use chrony or systemd-timesyncd
12. tptacek ◴[12 Nov 25 15:09 UTC] No.45901155{3}[source]
Which distributions use ntpsec?
replies(1): >>45901527 #
13. akerl_ ◴[12 Nov 25 15:23 UTC] No.45901318{4}[source]
Insofar as racism, homophobia, and sexism are unpopular political beliefs: yes.

Oh, also he doesn't really "contribute" to tech projects so much as "exists near/within them and writes long form ramblings".

replies(1): >>45904552 #
14. exasperaited ◴[12 Nov 25 15:31 UTC] No.45901417{4}[source]
It's not the issue of using the project, to my mind.

It is not even his beliefs, though many of them are — to my ears and hopefully to most — quite repugnant.

It is his attitude, approach, and at various times the kinds of people he attracts.

As it goes, I've seen him speak, back in the 90s, CatB era. He was genial enough but he seemed to have a coterie around him of rather less pleasant people. It could just have been a bad day but it has stuck in my mind ever since: it was the first time I understood that there's not really any sort of inclsive geek community.

replies(1): >>45902377 #
15. mlichvar ◴[12 Nov 25 15:41 UTC] No.45901527{4}[source]
Current Debian, Ubuntu, Fedora, RHEL/CentOS (EPEL) have an ntpsec package, but no ntp package. It's not used by default (that's chrony on most of the distributions), but the users can install it and use it.
replies(1): >>45902384 #
16. colechristensen ◴[12 Nov 25 15:43 UTC] No.45901551[source]
>If an event happens and you need to tie your timestamped event logs to the 'greater reality' in some legally binding way there's (AIUI) no way to do that.

TAI (Temps Atomique International), is UTC without leap seconds and is the source of truth for "what time is it"

I'm finding conflicting reports of being able to actually use TAI on linux but there are several claims of at least specialty setups existing. You would absolutely not want smearing or anything like that in your time synchronization software in this case.

17. WesolyKubeczek ◴[12 Nov 25 16:47 UTC] No.45902377{5}[source]
Less pleasant — in what way?
18. akerl_ ◴[12 Nov 25 16:47 UTC] No.45902384{5}[source]
Thats… not the same thing.
19. chocalot ◴[12 Nov 25 19:05 UTC] No.45904552{5}[source]
Ah, the person I responded to suggests he runs the project.

If he just "exists near", I see even less of a case why someone should avoid it.

But horses for courses, people can choose to avoid for whatever reason.

replies(1): >>45904987 #
20. tptacek ◴[12 Nov 25 19:27 UTC] No.45904987{6}[source]
No, there's a long story behind ntpsec and it's all pretty exhausting and none of it has anything to do with ESR's personal life.