gastonmorixe

Please donate to keep Network Time Protocol up – Goal 1k

https://www.ntp.org/

Welcome to the home of the Network Time Protocol (NTP) Project.

The NTP Project conducts Research and Development in NTP, a protocol designed to synchronize the clocks of computers over a network to a common timebase.

NTP: Network Time Protocol
Nov 12 at 7:56amWeb
Show threadmhovdNov 12
I am surprised that NTP project is not funded, fully or partially, by larger organizations or governments, given the criticality of the project.
Show threadnickelproNov 12

The reference implementation, while historically important, has largely been displaced by more secure/performant implementations (ntpsec, chrony), or by in-house implementations (Amazon, Google).

Notably NTPd doesn't support leap-smear, which means those who absolutely must have monotonic time can't use it at all.

Show threadtptacekNov 12
Who's running ntpsec?
Show threadexasperaitedNov 12
At least in part, someone you really don't want to be running a fork of an important project: ESR.
Show threadchocalotNov 12

I'm out of the loop. What's the issue with using a project that ESR contributes to?

I am vaguely aware he has some unpopular political beliefs (though exactly what I don't know). Is that it?

Show threadakerl_Nov 12

Insofar as racism, homophobia, and sexism are unpopular political beliefs: yes.

Oh, also he doesn't really "contribute" to tech projects so much as "exists near/within them and writes long form ramblings".

Show threadchocalotNov 12

Ah, the person I responded to suggests he runs the project.

If he just "exists near", I see even less of a case why someone should avoid it.

But horses for courses, people can choose to avoid for whatever reason.

Show threadtptacekNov 12
No, there's a long story behind ntpsec and it's all pretty exhausting and none of it has anything to do with ESR's personal life.
Show threadtptacekNov 12
Oh, no, I mean, I know who's actually behind the project, I'm just wondering if there are any major deployments of it.
Show threadmlichvarNov 12

The major Linux distributions replaced ntp with ntpsec. A better question would be who is still running ntp. I know about FreeBSD and NetBSD.

ntpsec as a project seems to be doing ok. They are releasing new versions, fix reported issues, accept patches, and develop the code publicly. While ntp still has a huge list of acknowledged but unfixed CVEs.

Show threadtptacekNov 12
Which distributions use ntpsec?
Show threadimglorpNov 12

The project has been hungry for years.

There was a fork to clean up and secure the implementation: https://ntpsec.org and ideally they would combine forces.

Summarized here: https://lwn.net/Articles/713901

Welcome to NTPsec

Show threadtptacekNov 12
Yeah the ntpsec story, not great. I don't believe they're taken especially seriously. There are people close to Harlan Stenn who believe the project is essentially fraudulent.