SoylentNews

Debian has released Bookworm (Debian 12). I noticed in the release notes that the reference ntp implementation has been changed to ntpsec. For anyone unfamiliar that's a fork ESR and other time keeping enthusiasts started several years ago. You should read the history and motivation on ntpsec's web site (I have biases on the topic), but my feeling of the context was that it followed public alarm about a couple of security issues in ntpd back then, followed by articles pointing out the problem of developers maintaining key infrastructure not being adequately supported.

ntpsec is a close fork of ntpd. They worked quite hard early on to remove code not seen as essential and that had them avoid a number of CVEs several years ago as I recall. I'll stop there to avoid giving the wrong impression. Should read their own words on their website.

But I'm uneasy about the situation now. When ntpsec was out there as an alternative, like chrony, that I felt fine about. As I understand it, no one at Debian is packaging the reference implementation from now on. That's understandable. Being the universal operating system implies universal resources. Who can complain who is not willing to themselves do the work. But this move I assume will flow through Ubuntu and influence other big distros, if they haven't already moved this way.

It seems not ideal. I feel like there are good people in both projects and wonder if the maintainer on the original ntpd may be hurt by this.

I like Debian but am thinking they have too much influence on an unfortunate consensus, and lack of package choice diversity, that tends to congeal in mainstream Linux distros. In some ways it seems like not such an alien situation to what happens when there are only for profit corporations involved.

Been trying to teach myself a bit about Apache and mod_perl. What kind of Perl programmer are you if you've never done web development? Using instructions from perldoc ModPerl::Registry (which isn't totally accurate but whatever) I ended up with the following script, meant to help my understanding:

#!/usr/bin/perl

use Cwd;
use FindBin qw/$Bin $Script/;
use warnings;
use v5.12;

BEGIN {
        our $compile_time = localtime;
        our $wd = getcwd;
}

#FindBin::again();
my $r = Apache2::RequestUtil->request;
say ref $r;
$r->content_type("text/html");
$r->print(<<EOF);
<html>
<head>
    <title>Test Perl Registry Script</title>
</head>
<body>
    <p>Compiled at $compile_time</p>
    <p>Working directory: $wd</p>
    <p>\$Bin: $Bin</p>
    <p>\$Script: $Script</p>
    <p>Script name: $0</p>
</body>
</html>
EOF

With the commented out FindBin::again call (this causes $Bin to be re-evaluated avoiding the issue of it only being evaled once in BEGIN by some other script run by the same perl process -- see perldoc FindBin) I get the following page:

Apache2::RequestRec
Compiled at Sat Jun 10 23:21:00 2023
Working directory: /usr/pkg/share/httpd/htdocs/perl
$Bin: /usr/pkg/sbin
$Script: httpd
Script name: /usr/pkg/share/httpd/htdocs/perl/test

But that line was uncommented not so long ago. If I bang on reload in my browser I'll cycle between the various apache sub-processes that have "compiled" this script at different times. Sometimes I get one that doesn't want to care that the file has changed. Note that docs for ModPerl::Registry say, "Each child process will compile the subroutine once and store it in memory. It will recompile it whenever the file (e.g. *test.pl* in our example) is updated on disk."

Sometimes I get this output instead...

Apache2::RequestRec
Compiled at Sat Jun 10 23:20:54 2023
Working directory: /usr/pkg/share/httpd/htdocs/perl
$Bin: /usr/pkg/share/httpd/htdocs/perl
$Script: test
Script name: /usr/pkg/share/httpd/htdocs/perl/test

Weird, eh? Maybe the time resolution isn't fine grained enough for this process to see the change...

# ls -l test
-rwxr-xr-x  1 root  wheel  507 Jun 10 23:20 test