Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 11 submissions in the queue.
posted by janrinok on Friday October 07 2022, @09:22AM   Printer-friendly
from the a-bus-factor-of-one dept.

The New Yorker has a non-technical article, The Thorny Problem of Keeping the Internet's Time, about the Network Time Protocol (NTP) from both the software and protocol perspectives. It gives a surprisingly good summary of the background of both as well as the current situation and the issues holding back the next steps. If you have networked computers, especially servers, in any capacity then you are certainly familiar with the NTP or at least its supporting utilities. NTP was developed by David Mills, who by the late 1970s, after a *little*-bit-of-improvementer his PhD, eventually ended up at COMSAT where he started working on it for ARPANET. He still works on it despite failed eyesight.

In N.T.P., Mills built a system that allowed for endless tinkering, and he found joy in optimization. "The actual use of the time information was not of central interest," he recalled. The fledgling Internet had few clocks to synchronize. But during the nineteen-eighties the network grew quickly, and by the nineties the widespread adoption of personal computers required the Internet to incorpoa-*little*-bit-of-improvementrate millions more devices than its first designers had envisioned. Coders created versions of N.T.P. that worked on Unix and Windows machines. Others wrote "reference implementations" of N.T.P.—open-source codebases that exemplified how the protocol should be run, and which were freely available for users to adapt. Government agencies, including the National Institute of Standards and Technology (NIST) and the U.S. Naval Observatory, started distributing the time kept by their master clocks using N.T.P.

A loose community of people across the world set up their own servers to provide time through the protocol. In 2000, N.T.P. servers fielded eighteen billion time-synchronization requests from several million computers—and in the following few years, as broadband proliferated, requests to the busiest N.T.P. servers increased tenfold. The time servers had once been "well lit in the US and Europe but dark elsewhere in South America, Africa and the Pacific Rim," Mills wrote, in a 2003 paper. "Today, the Sun never sets or even gets close to the horizon on NTP." Programmers began to treat the protocol like an assumption—it seemed natural to them that synchronized time was dependably and easily available. Mills's little fief was everywhere.

NTP servers keep the world's computers' clocks in synchrony, but there has been negligible amount of money kicked upstream to the project or even to Mills. Poul-Henning Kamp (PHK) gave a talk in 2015 at FOSDEM, Ntimed, an NTPD replacement, about where he saw things heading back in 2015 and how refactoring NTPd would be neither time nor resource efficient.

Previously:
(2015) New Attacks on Network Time Protocol can Defeat HTTPS and Create Chaos
(2015) Finance, Workload Troubles for Developer of Reference NTP Implementation
(2015) OpenNTPD 5.7p1 Released
(2014) What Time Is It? Time for Multiple NTP Vulnerabilities!


Original Submission

Related Stories

What Time Is It? Time for Multiple NTP Vulnerabilities! 13 comments

NTP, the Network Time Protocol, has announced six serious vulnerabilities. Not surprising, I guess, for 192,870 lines of code dating back to the early 80s. For anyone else that's shocked by that bloat, OpenBSD's OpenNTPD manages to get the job done in under 5,000 lines. [Ed's Comment: To be fair, the linux implementation of ntp does achieve far more than the OpenBSD version. This is acknowledged in one of the links below.]

Note: Additionally, noted Danish FreeBSD developer extraordinaire Poul-Henning Kamp (PHK), operating under the influence of the Linux Foundation's cash hoard, has been working on an ntp replacement which is expected to preview this weekend.

OpenNTPD 5.7p1 Released 24 comments

A new, portable version of OpenNTPD has just been released! "OpenNTPD is a FREE, secure, and easy to use implementation of the Network Time Protocol. It provides the ability to sync the local clock to remote NTP servers and can act as an NTP server itself, redistributing the local clock." Hopefully, nobody is still using NTPD, which suffers from multiple vulnerabilities.

Finance, Workload Troubles for Developer of Reference NTP Implementation 9 comments

Information Week reports on the financial difficulties of Harlan Stenn, the primary developer of the NTP reference implementation. No specific financial information is provided, but apparently Stenn is only "scraping by" on "sporadic" consulting work.

From the article:

For the last three-and-a-half years, Stenn said he's worked 100-plus hours a week answering emails, accepting patches, rewriting patches to work across multiple operating systems, piecing together new releases, and administering the NTP mailing list.

Stenn "has given himself a deadline: Garner more financial support by April, 'or look for regular work.'"

The story is reminiscent of those we've recently heard about OpenSSL and GPG: Widely deployed, critical code mostly maintained with volunteered time and a shoestring budgets.

New Attacks on Network Time Protocol can Defeat HTTPS and Create Chaos 19 comments

http://arstechnica.com/security/2015/10/new-attacks-on-network-time-protocol-can-defeat-https-and-create-chaos/

Ars Technica reports on a vulnerability where unencrypted Network Time Protocol (NTP) traffic can be exploited by man-in-the-middle attacks to arbitrarily set the times of computers to cause general chaos and/or carry out other attacks, such as exploiting expired HTTPS certificates.

While NTP clients have features to prevent drastic time changes, such as setting the date to ten years in the past, the paper on the attacks presents various methods for bypassing these protections.

There is a pdf of the report available.


Original Submission

This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 2) by PiMuNu on Friday October 07 2022, @10:47AM (3 children)

    by PiMuNu (3823) on Friday October 07 2022, @10:47AM (#1275399)

    It's a lovely article that raises the question:- what happens when dictators pass on? It's relevant for many projects, not just software even but also hardware projects.

    • (Score: 2) by JoeMerchant on Friday October 07 2022, @11:08AM

      by JoeMerchant (3937) on Friday October 07 2022, @11:08AM (#1275403)

      Truck termination of dick-tater: spuds mack ends he.

      In the late 1800s / early 1900s there was a worldwide religious sect with a handful of colorful leaders: Theosophy. A number of sources supply all kinds of colorful commentary on how the organization evolved through the passing of it's leaders. One particularly easy introduction to the topic is found here [fandom.com] in the special features background research, if you can lay your hands on a copy of the disc. Of course the real dirt is in Wikipedia.

      I find striking parallels in the leadership of modern open source projects: the combination of personal egos with overarching missions to improve life for all people.

      --
      🌻🌻 [google.com]
    • (Score: 5, Interesting) by canopic jug on Friday October 07 2022, @11:09AM (1 child)

      by canopic jug (3949) Subscriber Badge on Friday October 07 2022, @11:09AM (#1275404) Journal

      what happens when dictators pass on? It's relevant for many projects, not just software even but also hardware projects.

      I have often considered that the success of a project or organization is not how well it does under the founder(s) but how it does later after they have all moved on. In that, the test of a project leader is not just how well it does under his/her tenure but how well it does under the successor's tenure. That's built into some cultures, if I read correctly some of the First Nations consider their stewardship obligations several generations into the future. In computing though the only key project which seems to do that, and to have tested that by actually rotating leadership over time, seems to be the FreeBSD foundation. Maybe there are others, I would like to know, but it seems that most project follow an arc based on the fire the founders possess while they possess any fire.

      However, all too often, projects squeeze out the technical people and build up insulating layers of bureaucracy and then transition to a more corporate structure. That ends in financialization and the demise of any technical worth the project may have once had.

      --
      Money is not free speech. Elections should not be auctions.
      • (Score: 2, Interesting) by Anonymous Coward on Friday October 07 2022, @11:52AM

        by Anonymous Coward on Friday October 07 2022, @11:52AM (#1275409)

        > ...some of the First Nations consider their stewardship obligations several generations into the future

        Reminds me of the Rolls-Royce Owner's Club -- the members consider themselves the current caretakers of the grand old cars they own & maintain, making sure to pass the cars and the ethic on (sale or gift) to worthy conservators in the next generation.

  • (Score: 2) by JoeMerchant on Friday October 07 2022, @10:54AM (1 child)

    by JoeMerchant (3937) on Friday October 07 2022, @10:54AM (#1275401)

    When evaluating an open source library, a common metric people look at is how lively the development is, are people reporting bugs and fixing them with great frequency?

    Of course, no such activity for a long time can imply that the project has been abandoned and nobody is using or supporting it.

    Once in a rare while, it can otherwise indicate that nobody has any trouble using the library and support simply isn't needed. For complex and confusing software this is unlikely: newbie questions will be re-asked no matter how clearly they are already answered in the documentation, but if the package is simple enough to use...

    --
    🌻🌻 [google.com]
    • (Score: 0) by Anonymous Coward on Friday October 07 2022, @06:11PM

      by Anonymous Coward on Friday October 07 2022, @06:11PM (#1275449)
      That only works because most people write code that's full of bugs. That's not the case for all stuff.

      For stuff like NTP they should be able to make it a lot less buggy.
  • (Score: 2) by Snospar on Friday October 07 2022, @11:05AM (4 children)

    by Snospar (5366) Subscriber Badge on Friday October 07 2022, @11:05AM (#1275402)

    I'm interested to see PTP mentioned in the Ntimed slides but I presume most people don't need that level of accuracy. Case in point, my wife was streaming live news this morning and noticed the time on screen was lagging behind our "clock". The "clock" was on an internet connected radio (using NTP) and was spot on accurate... the streaming was being buffered for almost 2 minutes. Close enough :)

    --
    Huge thanks to all the Soylent volunteers without whom this community (and this post) would not be possible.
    • (Score: 2) by JoeMerchant on Friday October 07 2022, @11:12AM

      by JoeMerchant (3937) on Friday October 07 2022, @11:12AM (#1275405)

      I would love to see PTP integrated/deployed and simplified until it is as easy to use as NTP. Even though it is vast overkill for _most_ applications, it doesn't hurt to have the accuracy, and when you are in a marginal case (as we often are with our projects) the higher accuracy is very nice to have.

      --
      🌻🌻 [google.com]
    • (Score: 4, Interesting) by TheGratefulNet on Friday October 07 2022, @02:27PM (2 children)

      by TheGratefulNet (659) on Friday October 07 2022, @02:27PM (#1275430)

      p2p or ieee1588 is going to be really important in car networking. TSN (time sensitive networking) is a big thing and getting bigger as companies understand and implement it, more.

      I have some good stratum1 ntp raspi servers at home and I'm going to look into what it takes to get home ptp going. its good experience to have if you are planning to work in the embedded space for anything autonomous.

      you need special nics for ptp (timestamping) and you do need each hop along the way (switches, routers, hosts) to also have that. but most modern intel nics are in the OK list and you can also run 'sw ptp' if you really have to (probably still better than ntp's best accuracy)

      --
      "It is now safe to switch off your computer."
      • (Score: 2) by TheGratefulNet on Friday October 07 2022, @02:43PM

        by TheGratefulNet (659) on Friday October 07 2022, @02:43PM (#1275433)

        ptp (not p2p) ;)

        --
        "It is now safe to switch off your computer."
      • (Score: 1, Interesting) by Anonymous Coward on Friday October 07 2022, @09:55PM

        by Anonymous Coward on Friday October 07 2022, @09:55PM (#1275470)

        Can't say I understand any of the details, but I was just involved in preliminary design of a large mechanical test system (multi-megawatt / thousand+_horsepower motors). The motor controls & PLC's from a couple of different suppliers that we looked at both offered PTP, along with the high end data-acquisition system chosen. But this will all be in one lab, not spread across the internet...

  • (Score: 4, Informative) by deimtee on Friday October 07 2022, @12:22PM (5 children)

    by deimtee (3272) on Friday October 07 2022, @12:22PM (#1275411) Journal

    Time is easy. It is always now.

    --
    If you cough while drinking cheap red wine it really cleans out your sinuses.
    • (Score: 2) by PiMuNu on Friday October 07 2022, @12:28PM (2 children)

      by PiMuNu (3823) on Friday October 07 2022, @12:28PM (#1275413)

      Only in your light cone.

      • (Score: 0) by Anonymous Coward on Friday October 07 2022, @01:50PM

        by Anonymous Coward on Friday October 07 2022, @01:50PM (#1275416)

        Have you ever left your light cone?

      • (Score: 4, Funny) by TheGratefulNet on Friday October 07 2022, @02:39PM

        by TheGratefulNet (659) on Friday October 07 2022, @02:39PM (#1275432)

        my light cone is frozen.

        (I think its chocolate, but not sure since its too dark to see)

        --
        "It is now safe to switch off your computer."
    • (Score: 2, Insightful) by pTamok on Friday October 07 2022, @03:34PM

      by pTamok (3042) on Friday October 07 2022, @03:34PM (#1275438)

      Time is easy. It is always now.

      Yes, but your 'now' and my 'now' are different.

      Determining if two events are simultaneous is surprisingly difficult [wikipedia.org].

    • (Score: 0) by Anonymous Coward on Friday October 07 2022, @04:37PM

      by Anonymous Coward on Friday October 07 2022, @04:37PM (#1275440)

      And wherever you go, there you are.

  • (Score: 3, Insightful) by PinkyGigglebrain on Friday October 07 2022, @05:19PM

    by PinkyGigglebrain (4458) on Friday October 07 2022, @05:19PM (#1275445)
    --
    "Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
  • (Score: 2, Interesting) by Opyros on Friday October 07 2022, @05:28PM (1 child)

    by Opyros (17611) on Friday October 07 2022, @05:28PM (#1275446)

    This part of the summary could use proofreading.

    • (Score: 3, Funny) by KritonK on Saturday October 08 2022, @12:37PM

      by KritonK (465) on Saturday October 08 2022, @12:37PM (#1275538)

      It most a *little*-bit-of-improvementcertainly could.

  • (Score: -1, Spam) by aristarchus 2 on Saturday October 08 2022, @03:23AM

    by aristarchus 2 (18687) on Saturday October 08 2022, @03:23AM (#1275503)

    It is official; Netcraft now confirms: SN is dying

    One more crippling bombshell hit the already beleaguered SN community when IDC confirmed that SN posting has dropped yet again, now down to less than a fraction of 1 percent of Slashdot. Coming close on the heels of a recent Netcraft survey which plainly states that SN has lost more users, this news serves to reinforce what we've known all along. SN is collapsing in complete disarray, as fittingly exemplified by failing dead last in a recent survey of news aggregators.

    You don't need to be a Kreskin to predict SN's future. The hand writing is on the wall: SN faces a bleak future. In fact there won't be any future at all for SN because SN is dying. Things are looking very bad for SN. As many of us are already aware, SN continues to lose users and subscribers. Red ink flows like a river of blood.

    SN is the most endangered of them all, having lost 93% of its users. The sudden and unpleasant departures of long time SN admins c0lo and The Mighty Buzzard only serve to underscore the point more clearly. There can no longer be any doubt: SN is dying.

    Let's keep to the facts and look at the numbers.

    Slashdot leader whipslash states that there are 7000 users of Slashdot. How many users of Pipedot are there? Let's see. The number of Slashdot versus Pipedot posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 Pipedot users. SN posts on Usenet are about one hundredth of the volume of Pipedot posts. Therefore there are about 14 users of SN. A recent article put Hacker News at about 80 percent of the news aggregator market. Therefore there are (7000+1400)*4 = 33600 Hacker News users. This is consistent with the number of Hacker News Usenet posts.

    Due to the troubles of NCommander, abysmal management and so on, SN was taken over by martyb who is another troubled admin. Now martyb is also gone, and SN's corpse was turned over to Janrinok the Censor.

    All major surveys show that SN has steadily declined in users and comments. SN is very sick and its long term survival prospects are very dim. If SN is to survive at all it will be among gun nuts like Runaway and khallow. SN continues to decay. Nothing short of a cockeyed miracle could save SN from its fate at this point in time. For all practical purposes, SN is dead.

    Fact: SN is dying

(1)